Most organizations spend between 30 and 70 percent of their revenues procuring third-party goods and services. This level of expenditure can present significant opportunities to drive operational performance, value and innovation if managed effectively – or it can pose a significant risk if left unmanaged. To realize the former, contracts that govern these transactions and the management of these contracts – and the supplier relationship as a whole – must be viewed as an end-to-end, dynamic process, with risk considerations at the center of it.
I recently spoke about this at a webinar Protiviti co-presented with Determine, Inc. and the International Association for Contract and Commercial Management (IACCM) titled “Improving Business Outcomes by Managing the Link Between Suppliers and Contract Management.” Without summarizing the entire discussion here, I want to call out below the aspects of contract and supplier risk management I consider the most important, along with advice on how to avoid common mistakes.
Sourcing and Supplier Selection
Selecting the right supplier is all about striking the right balance between time, cost and quality – and most importantly, risk. The likelihood and impact of various risks – operational, legal, reputational, compliance, etc. – stemming from a particular supplier need to be understood and addressed before or at the time the contract I signed. In an end-to-end process, it also means that the company needs to consider the four factors of time, cost, quality and risk past the sourcing process and into the drafting of the contract, as well as throughout the lifespan of the contract and the ongoing management of the risk and performance of the supplier.
Often, companies spend countless hours and resources drafting an extensive contract only to end with no clear hand-off and no clear accountability as to who is managing the contract. In an end-to-end process, the hand-offs at each point are clearly defined, taking advantage of workflow and master data to connect contracting process activities and provide validation, or linkage between the supplier profile and the resulting contract. A contract performance plan (CPP) can help summarize the key terms of the contract, including which elements need to be monitored and measured, against what criteria and by whom.
Supplier Performance and Risk Management
The deal is done, now what? Now, whoever is responsible for managing the contract has to track the supplier’s performance and ongoing risk exposure. Performance is easier to manage as long as the contract is well-written and clearly defines scope, objectives and deliverables. Risk, on the other hand, is dynamic and needs to be monitored and managed continuously.
To manage supplier risk effectively, it helps to differentiate between contract owner and supplier relationship owner, each of whom owns the risks respective to the particular contract or the relationship overall. When it comes to managing risk, the contract itself is not enough to rely on, as the risk environment on the day the contract gets signed is not necessarily the same as the risk environment several weeks or months later. For this reason, it is important to have ongoing visibility into the supplier and contract. All facets of contract and supplier risk and performance need to be accessible by the business. An effective way to manage supplier risk is through exception management – with alerts and thresholds when action is needed, as well as with dynamic workflows, based on either event- or milestone-driven activities.
As with many other areas, the effectiveness and value derived from supplier relationships hinges on the successful intersection of people, processes and technology. The processes and organizational structure outlined above must be fully enabled by technology that allows for robust and scalable contract and supplier management processes. Technology was covered in detail during the webinar, so I recommend listening to the entire discussion online.