Presentation deck from an Iceberg-RSA webinar. "A panel discussion on Supplier Governance and Risk Management"
More info at http://icebergnetworks.com/srm/
2. KEY QUESTIONS
Why is supplier risk management so critical to success?
What’s driving the need for greater maturity?
Where do we start?
What are the key challenges?
What’s next?
4. GOVERNANCE, RISK & COMPLIANCE (GRC)
Governance
How an organization is
structured and managed to
achieve strategic goals
Risk Management
Predicting and managing risks
that affect the achievement of
objectives
Compliance
Following policies, procedures,
laws, and regulations.
GRC: Maximize the efficiency and effectiveness of an organization
and understand risk in a business context.
5. GOVERNANCE, RISK & COMPLIANCE (GRC)
Gartner: Seven primary markets of “integrated risk
management… recognizing the interconnected nature of
operational risk across an enterprise.”
• Operational Risk Management (ORM)
• IT Risk Management (ITRM)
• IT Vendor Risk Management (VRM)
• Business Continuity Management Planning (BCMP)
• Audit Management (AM)
• Corporate Compliance (CCO)
• Enterprise Legal Management (ELM)
7. TOP OF MIND
42%
of companies now describe
themselves as highly vulnerable
to vendor, supplier, or
procurement fraud
Kroll Global Fraud Survey
85%
of companies reported suffering
at least one supply chain
disruption
Zurich Financial Survey
90%
of all FCPA cases involved third-
party intermediaries
Corporate Executive Board
76%
of data breaches resulted from a
third-party which introduced
security deficiencies that were
ultimately exploited
Trustwave Global Security Report
8. AREAS OF SUPPLIER RISK
Financial
Wherewithal
Concentration Risk Strategic Risk Credit/Liquidity Operational
Regulatory
Compliance
Information Security Business Resiliency Errors & Fraud Privacy
Non-performance /
Poor Quality
Reputation Risk
Inadequate Supply
Chain Governance
“Nth” party risk Legal
10. COMMON ARCHER USE CASES
Centralize supplier inventory and
processes across the enterprise
Ensure that ownership, roles, and
responsibilities are clearly defined, and
develop efficient, repeatable processes
Monitor and assess new/potential
vendors, and ongoing monitoring of
existing suppliers
Enable “ask once, use many” approach
to gathering data
Reporting on risk posture to
management & business unit owners
11. COMPLEX SUPPLIER ECOSYSTEM
Financial
Counterparties
Consultants
Maintenance
Companies
Raw Material
Suppliers
Software Providers
Couriers
Law
Firms
Hardware
Providers
Landlords
/ Lessors
Parts
Suppliers
Insurers
Employment
Agencies
ISPs
SaaS
Providers
Credit
Bureaus
Utility & Telecom
Companies
Marketing
Companies
Security
Guards
Accountants
Medical
Business Associates
Property
Managers
Partners/Ventures
Integrators
Third-Party Sellers
Identity Protection
Providers
Source: Shifting Toward Maturity, EY, June 2016
73%
21%
6%
Less than 10,000 10,000-29,999 30,000-49,999
How many third party
suppliers are in your
organization’s inventory
population?
12. WHO OWNS SUPPLIER RISK?
Source: Shifting Toward Maturity, EY, June 2016
45%
41%
14%
Centralized
(enterprise-wide 3rd party
risk management office)
Hybrid
(3rd party risk management
offices located within the
business areas and centrally
at the enterprise level)
Decentralized
(embeds 3rd party risk offices
within each business area)
41%
38%
14%
7%
“How is your 3rd party risk
management program structured?”
“What area has primary ownership of the 3rd
party risk management function?”
Procurement
Operational &
Enterprise Risk
Information
security
Tech and
operations
13. WHERE DO WE START?
Stakeholder Alignment “Weigh-In = Buy-In”
Establish Clear Vision & Goals
Executive Support
CMO/FMO – how do we do it today, and how can we do it better?
Start Small, Build Momentum
14. ACHIEVING VALUE
Source: The Deloitte Global CPO Survey 2016: Procurement: At a Digital Tipping Point?
43%
39%
32%
31%
30%
29%
25%
21%
Consolidating spend
Increasing level of supplier collaboration
Increasing competition
Restructuring existing relationships
Reducing total lifecycle/ownership costs
Specification improvement
Restructuring the supply base
Reducing transaction costs Where are CPOs
focused on
generating value in
the next 12 months?
15. ASSESSMENT OVERLOAD?
8%
21%
33%
27%
10%
<50 51-100 101-250 251-500 >500
“How many questions are within your organization’s full-length control self-
assessment questionnaires that are used to assess the highest-risk third parties?”
Source: Shifting Toward Maturity, EY, June 2016
# of questions