Procurement teams across the world have a common fear: RISKS. I used to scour my supply chains trying to figure out what risks I may face throughout my years in Defence, Aerospace, and FinTech.
Why?
Because when these risk events emerge, they can severely disrupt your organisation’s operations. For me, risks should be on every CEO's, CFO's, and Ops leader’s agenda every day, especially when it comes to your vendors (and even their vendors).
In this article, I will go over some of the risks that I think you should be aware of and how a Vendor and Lifecycle Management (VCLM) approach should be utilised to combat them.
What is VCLM, you ask?
VCLM brings together vendor lifecycle management (VLM), contract lifecycle management (CLM), and third-party risk management (TPRM) in a digital platform. We’re going to use VCLM to manage procurement risks better than ever."
Procurement Risks You Should Be Aware Of
1. Credit risks
Credit risks in procurement refer to the potential for financial loss if a vendor cannot fulfil its contractual obligations due to financial reasons.
This could occur if a vendor has a low financial credit score, indicating potential instability, or if it requests expedited payment terms, which could hint at cash flow issues.
The credit information can be captured as you analyse your potential vendors during your RFx and the vendor onboarding phase.
At Gatekeeper, utilising our VCLM platform, we have a feature called the Market IQ Suite. Within this, you can access all of the financial data regarding your vendor. This is perfect for a Finance and Procurement collaboration as you look to reduce risks in your vendor base."
Procurement departments need to monitor vendors' financial health and consider these risks when making decisions. But this shouldn’t be a moment-in-time snapshot.
Automation is critical here.
You’ll need to monitor the financial health of your vendors continuously and you can do this with Market IQ Finance. If there are any relevant vendor changes, any affected vendor will be pulled into a risk mitigation workflow so that you can address the issue internally.
-min.jpg?width=2460&height=1580&name=image-png-Sep-01-2023-09-28-16-1823-AM%20(2)-min.jpg)
2. Cyber risks
These risks can arise if vendors have inadequate cybersecurity measures, making them susceptible to cyber attacks that could expose sensitive data, cause financial losses, or damage reputation.
Regular vendor cyber checks, which assess a vendor's cybersecurity practices and protocols, are crucial in identifying these risks.
Mapping your vendor base is an essential step in preventing cyber risks, as it allows for the identification of vendors with access to sensitive data or systems and the enforcement of security requirements.
MarketIQ Cyber can assess vendors' cybersecurity and assign a score, aiding in prioritising risk mitigation efforts. Much like the financial health point we’ve raised, you’ll need to continuously monitor the cyber health of your vendor.
If the cyber health of any vendor changes, the affected vendor will be pulled into a risk mitigation workflow so that you can address the issue internally and collaborate with the vendor.
3. Politically Exposed Person (PEP) risks
PEP risks in vendor management refer to the potential legal and reputational risks associated with doing business with a vendor that's owned or controlled by a Politically Exposed Person.
These risks can include corruption, bribery, money laundering, and other forms of financial crime. Proper due diligence and continuous monitoring of vendors are crucial to identifying and mitigating these risks.
You can see how Gatekeeper tackles this in our MarketIQ webinar below.
4. Performance Risks (Obligations)
Vendor performance risks refer to the potential issues that may arise if a vendor fails to meet its contractual obligations.
This could include not delivering goods or services on time, not meeting quality expectations, or failing to comply with other specific deliverables outlined in the contract.
These risks can impact your business outcomes, causing operational disruptions and potential financial loss. Continuous monitoring and proactive management are key to mitigating these risks.
5. Regulatory Risk
Regulatory risks in vendor management focus on ensuring vendors' compliance with relevant laws and regulations, such as data protection and The Economic Crime and Corporate Transparency Act.
In the context of data protection, it involves ensuring that vendors are correctly handling and securing data to avoid breaches and comply with laws like the GDPR. Non-compliance can lead to legal penalties and damage to reputation.
Vendors should have sufficient security measures and incident response plans in place. Regular reviews of vendor management policies are necessary to ensure they address these risks.
6. Contract Risks
Contract risks in vendor management involve potential issues arising from the contractual agreement with the vendor.
These risks include the vendor not meeting their contractual obligations, such as failing to deliver goods or services on time, not providing the agreed quality, or not complying with other specific deliverables in the contract.
These risks can lead to financial loss, operational disruptions, and damage to reputation. It's essential to have clear contractual terms, perform regular reviews, and take proactive measures to manage these risks.
7. Spend Risks (Missed Renewals)
Spend risks associated with vendors include potential financial losses if a contract is automatically renewed without reassessing its value or necessity.
These risks can be mitigated by clearly viewing all spending across all entities and formalising a new master agreement across all contracts, potentially securing significant cost reductions.
It's also recommended to have a Contract Renewal Strategy that ensures all renewals are managed promptly, without renewals occurring outside of the pre-approved budget.
Using a Vendor and Contract Lifecycle Management solution can automate the start of your renewals, providing notifications and capturing all requests, negotiations, and new contract data in one place.
8. Concentration Risks
Vendor concentration risks refer to potential issues arising when a company relies heavily on a single vendor for its services or products. This could lead to significant disruptions from vendor failure, such as insolvency, poor performance, or cybersecurity vulnerabilities.
Managing these risks involves identifying and tracking them throughout the vendor relationship, from the onboarding phase through the contract period.
These include having a clear view of total third-party expenditure, assessing key suppliers by their risk level, and pre-qualifying new suppliers by establishing minimum requirements for compliance. It's also essential to have contingency plans in place for sole-source suppliers.
9. Capacity Risks
Vendor capacity risks refer to the possibility that a vendor may not have the operational capacity or scalability to meet your needs significantly if your requirements increase suddenly.
This can affect their performance and potentially disrupt your operations. To manage these risks, consider diversifying your vendor base or having contingency plans.
With a VCLM platform, you can store all of this information or create vendor relationships to show all the vendors you use for one programme of work or a particular service or goods offering.
10. Knowledge Management Risks
Knowledge management risks in vendor management involve potential issues arising from a lack of proper information sharing and management between your company and its vendors.
This could lead to communication gaps, misunderstandings, or loss of critical knowledge, impacting vendor performance and your company's operations.
Mitigation strategies can include implementing standardised knowledge-sharing processes, using technology platforms for better data management, and proactive risk monitoring.
11. Maverick Spend Risk
Maverick Spend is when a business requester uses a vendor without going through the agreed procurement process.
This rogue action often results in procurement having to clean up the mess, potentially incurring extra costs and time. It can be a symptom of a rigid and clunky procurement process or a disjointed way of working.
A slick digital procurement process is recommended to prevent maverick spending, including self-service intake forms and automated workflows.
12. Audit Risks
Audit risks in vendor management refer to the potential issues that could arise during an audit due to inadequate vendor compliance or poor record-keeping. Inadequate vendor cybersecurity practices, for example, can lead to audit risks.
If your vendor contracts are not in good shape or records are missing, auditors may highlight these issues, affecting your company's compliance status.
It's essential to have clear vendor contracts, perform regular reviews, and ensure vendors maintain certifications to mitigate these risks.
13. Environmental, Social, and Governance (ESG) Risks
ESG (Environmental, Social, and Governance) risks in vendor management refer to potential issues arising from a vendor's environmental impact, social responsibilities, and governance practices.
They can include environmental concerns such as poor waste disposal methods or high carbon emissions, social issues like unfair labour practices or lack of diversity, and governance risks such as lack of transparency or poor internal controls.
It's crucial to incorporate ESG factors into vendor assessments, contracts, and continuous monitoring to mitigate these risks.
Wrap up
There are multiple procurement risks that you need to monitor when selecting, onboarding and working with your vendors. With so much to think about, we've made it easier for you to complete your assessments.
Download our vendor risk management checklist to get started.
%20(1).png)