New Survey — Bridging the Gap Between Finance and Procurement

My colleague Bernie Donachie wrote earlier this week about high-performance procurement, focusing on some top performer characteristics that emerged from our procurement survey prior to its release. The full report is now out, and, top performers notwithstanding, it shows that there are divergent perspectives across stakeholders when it comes to the value generated by the procurement function.

The key takeaway from the results of Protiviti’s 2017 Procurement Survey is clear: Procurement functions need to focus on how they drive value and how they quantify and communicate their performance. In what is arguably the most notable finding in the survey, close to half of finance leaders say 20 percent or less of procurement savings drop to the bottom line. Just one in five finance leaders say their procurement functions effectively manage both direct and indirect costs. Overall, only a small percentage of bottom lines actually realize the savings that procurement functions have achieved. These and other issues identified in the study need to change.


In our report, we share key findings from the survey, examine the perceptual gap between finance and procurement regarding procurement’s objectives and value, identify traits commonly displayed by leading procurement functions, and present some action items for procurement and finance leaders to consider as they seek to get on the same page while increasing the value that the procurement function delivers to the bottom line.

Visit, where you can download a complimentary copy of our report.


Data-Rich Manufacturing Demands Cybersecurity of the Supply Chain, Too

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader

and Tony Abel, Managing Director
Supply Chain


Few manufacturers would disagree with the view that the Internet of Things, big data integration and other advances in technology are boosting productivity, streamlining supply and distribution channels, and improving product support. But the WannaCry ransomware attack unleashed on businesses, governments and hospitals across the globe last month and the most recent attack this week delivered a sobering reminder that those digital-driven innovations carry very real risk.

That’s especially true for supply chains. Competition and efficiency demands increasingly compel manufacturers to enlist third-party vendors to produce components for an end product, meaning proprietary information and specification data is sent digitally across the globe, ready for cybercriminals to steal and exploit. One recent survey of 1,400+ supply chain professionals found that data security/IT incidents ranked as the most critical risk to supply chains.

Cyber attacks are likely to grow in frequency and severity, according to our recent Flash Report discussing the WannaCry ransomware event. In the report, we highlighted the need for companies to not only adopt a cyber defense, but also to continuously evaluate and improve it to protect against evolving threats. We noted, again, that many organizations continue to ignore cybersecurity – or at best are inadequately addressing it.

Opaque Supply Chains

It makes sense that businesses that are underprepared in their own cyber defenses have even less insight into the cybersecurity of their suppliers. But clearly they should. According to a 2016 presentation given by cyber supply chain risk management specialist Jon Boyens, a program manager with the National Institute of Science and Technology (NIST), 80 percent of all information breaches occur within the supply chain, and almost 60 percent of companies do not have processes for assessing the cyber security of their vendors. Similarly, more than seven out of 10 organizations lack full visibility into their supply chains.

Even more alarming, NIST anticipated that cyber attacks and data breaches would cause nearly half of the manufacturing supply chain disruptions in the next couple of years. Such incidents are costly. NIST estimated that 55 percent of the disruptions incur more than $25 million in damages per incident. In addition, supply chain breaches that steal or alter data could result in substandard products, the loss of intellectual property, and backdoor access into the manufacturer’s systems, all of which could further tarnish an organization’s brand and diminish its value.

Samsung’s recent bout with the flawed batteries that sparked fires in its Galaxy Note 7 phones illustrates the potential damage to a company’s reputation and bottom line. Samsung ultimately identified specifications provided to its suppliers as the culprit, but not before the company took a $5.3 billion hit to earnings and lost consumer trust. How much worse would it have been if a cyber criminal altered the specifications intentionally?

Supplier Checklist

The good news is that manufacturers can mitigate supply chain risks by ensuring that their third-party vendors are pursuing similar cybersecurity efforts as their own. Here are a few fundamental questions that we recommend focusing on when assessing supply chain IT risk:

  • Does the supplier’s culture promote cybersecurity and ransomware awareness throughout the organization? What kind of training are its employees receiving to recognize and address threats?
  • What cyber defenses are in place, and are they sufficient to counter the latest malware threats? Is the supplier up to date on indicators of compromise for recent attacks?
  • How frequently does the supplier conduct cyber risk assessments? Is the regimen sufficient to keep up with the rapidly evolving threats, and does it include defenses to block operational disruptions? Does the supplier consider the risks in its own supply chain (e.g., Tier 2 and Tier 3 suppliers)?
  • Does the supplier have an effective response plan? How often is it updated, and how often does the organization conduct threat simulations as part of its cybersecurity training?

Sound Agreements Needed

Manufacturers and suppliers seeking to reduce supply chain risk also should review contracts to ensure compliance. Items for each party to consider include:

  • Are the supplier’s cybersecurity obligations spelled out clearly in the contract, and does the language extend to the supplier’s subcontractors?
  • Does the contract include assurances that the supplier has the infrastructure to uphold its end of the contract?
  • Who are the executives or managers executing the contract for the supplier? Are they the most appropriate personnel in regards to understanding cybersecurity threats and the supplier’s ability to meet its obligations?

As cyber threats continue to escalate, it is important for manufacturers to gain visibility into their supply chains in order to assess their overall risk-mitigation and response capabilities. The ideas outlined here represent basic but critical actions organizations should be implementing as they strive to secure the increasing amount of sensitive data shared in the production and sourcing processes.

Proving Procurement’s Value to Stakeholders: Show Them the Money

By Tony Abel, Managing Director
Supply Chain




There is no doubt that procurement organizations deliver value, through strategic sourcing, category management and other means. What distinguishes procurement organizations perceived as top performers from the rest is how well they quantify the value they deliver to the company.

Recently, I had the opportunity to moderate a panel discussion about the challenges of demonstrating procurement’s real value to the rest of the organization. I was joined by Kathi Cox, Senior Director of System Integration and Innovation with Texas Health Resources; Richard Waugh, Vice President, Corporate Development with Zycus; and Rene Urbina, Vice President, Finance Shared Services with Curtiss-Wright. Below, I want to share some of the key takeaways from our discussion that attendees found helpful.

Develop governance structure upfront
By creating a governance structure early on, procurement organizations can obtain buy-in from the main players by having them at the planning table rather than trying to gain their support after the fact. Procurement, finance and business unit stakeholders should form a cross-functional team and collaborate to create a cohesive procurement process that leverages the right tools and expertise. By developing the governance structure in this manner, procurement can demonstrate its real value upfront, rather than having to prove it later.

Use the right tools
Once the organization has designed and implemented an effective savings methodology, it’s important to solidify and retain the benefits of the deployed solution. There are procurement technology solutions that support end-to-end, source-to-pay functionality, including capabilities that support the management of an effective savings methodology. The right technology can demonstrate procurement’s value by increasing visibility (though automated access) and allowing everybody involved to be on the same page.

Have ongoing tracking and reporting
While transparency and collaboration throughout the procurement process are both extremely important, tracking and reporting are most critical to its continuing success. If the benefits generated by procurement, or even a particular sourcing event, are not tracked and documented on an ongoing basis, questions will be raised, such as:

  • Were the estimated savings ever realized?
  • Why is my budget being reduced, when the reductions in cost are not visible to me?
  • And ultimately, why do I need to work with procurement on this?

The discussion doesn’t end here. In addition to the takeways above, during the webinar both Kathi Cox and Rene Urbina shared their first-hand experiences with developing a savings methodology and a governance structure, and how that helped realize benefits for their respective companies. You can access the free recorded version here. For even more insights, download our white paper, The Dollars and Sense of Procurement’s Real Value.

“Stay Nimble”: The Mantra for Manufacturing and Distribution Companies in 2017

Sharon LindstromBy Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader




For manufacturing and distribution (M&D) companies, which are already well-conditioned to operating in an uncertain global environment, 2017 promises to continue to keep them on their toes. At the very least, it is likely to present a mixed bag of new challenges and opportunities, and executives will need to ensure that their organizations are nimble enough to pivot quickly when faced with disruptive change.

Among the challenges that M&D companies may face this year are the potential negative impacts on trade stemming from the “hard Brexit” course that British Prime Minister Theresa May has set for the United Kingdom. Meanwhile, the new Trump administration’s approach to trade is already proving to be a source of consternation for longtime trade partners like China, Canada and Mexico. President Trump has already pulled the United States out of the Trans-Pacific Partnership (TPP) negotiations and is expected to sign an executive order to renegotiate the North American Free Trade Agreement (NAFTA). With the volume of cross-border imports and exports, the impact on M&D companies could be significant.

On the other hand, possible opportunities for M&D companies include easing and/or elimination of certain environmental regulations in the United States. President Trump told auto industry leaders at a recent roundtable that in the U.S. “environmental regulations are out of control.” Less than a week later, he signed an executive order to reduce regulation and control regulatory costs. The order requires that agencies eliminate two regulations for every one they propose. The Environmental Protection Agency is, of course, one of those agencies.

Also among the flurry of executive orders newly inked by Trump is the “Presidential Memorandum Streamlining Permitting and Reducing Regulatory Burdens for Domestic Manufacturing,” which “directs executive departments and agencies … to support the expansion of manufacturing in the United States through expedited reviews of and approvals for proposals to construct or expand manufacturing facilities and through reductions in regulatory burdens affecting domestic manufacturing.” This order is welcome news to manufacturers, especially those that already believed economic conditions under the Trump administration would be favorable to support their new facility or facility expansion plans. Furthermore, this order does not cover the corporate tax reform that is expected in 2017.

In short, there has been no shortage of dramatic change already in the new year. Interestingly, executives at M&D companies sensed months ago that 2017 would likely be another year of economic uncertainty for their industry – though they may not have known the exact kind or level of uncertainty it would bring.

When Protiviti and North Carolina State University’s ERM Initiative embarked on their research for the latest Executive Perspectives on Top Risks Survey, the Brexit vote had not yet taken place, and the major parties in the U.S. presidential election had not yet nominated their candidates. Nevertheless, executives cited the following as the number one and number two top risks for their industry:

  1. Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organization, and
  2. Anticipated volatility in global financial markets and currencies may create significantly challenging issues for our organization to address.

Both of these macroeconomic risks held the same top positions in the previous year’s survey. This, in my opinion, reflects the ongoing challenges that M&D companies face in a global economy. These challenges are driven not only by political uncertainty and trade agreement considerations, but also by supply chain and sourcing vulnerabilities and currency devaluations.

All this underscores why “Stay Nimble” should continue to be the mantra for M&D companies this year. The rapid-fire changes we have seen so far should not lead to paralysis and/or stagnation. The old adage, “When one door closes, another one opens” has never been more true. The events that have unfolded in the first few weeks of 2017 suggest that businesses in this industry group should be prepared to adapt and innovate swiftly to take advantage of the doors that open.

Navigating Risk and Complexity by Integrating Contract and Supplier Management

chris-monk-croppedBy Christopher Monk, Managing Director
Supply Chain




Most organizations spend between 30 and 70 percent of their revenues procuring third-party goods and services. This level of expenditure can present significant opportunities to drive operational performance, value and innovation if managed effectively – or it can pose a significant risk if left unmanaged. To realize the former, contracts that govern these transactions and the management of these contracts – and the supplier relationship as a whole – must be viewed as an end-to-end, dynamic process, with risk considerations at the center of it.

I recently spoke about this at a webinar Protiviti co-presented with Determine, Inc. and the International Association for Contract and Commercial Management (IACCM) titled “Improving Business Outcomes by Managing the Link Between Suppliers and Contract Management.” Without summarizing the entire discussion here, I want to call out below the aspects of contract and supplier risk management I consider the most important, along with advice on how to avoid common mistakes.

Sourcing and Supplier Selection

Selecting the right supplier is all about striking the right balance between time, cost and quality – and most importantly, risk. The likelihood and impact of various risks – operational, legal, reputational, compliance, etc. – stemming from a particular supplier need to be understood and addressed before or at the time the contract I signed. In an end-to-end process, it also means that the company needs to consider the four factors of time, cost, quality and risk past the sourcing process and into the drafting of the contract, as well as throughout the lifespan of the contract and the ongoing management of the risk and performance of the supplier.

Contract Management

Often, companies spend countless hours and resources drafting an extensive contract only to end with no clear hand-off and no clear accountability as to who is managing the contract. In an end-to-end process, the hand-offs at each point are clearly defined, taking advantage of workflow and master data to connect contracting process activities and provide validation, or linkage between the supplier profile and the resulting contract. A contract performance plan (CPP) can help summarize the key terms of the contract, including which elements need to be monitored and measured, against what criteria and by whom.

Supplier Performance and Risk Management

The deal is done, now what? Now, whoever is responsible for managing the contract has to track the supplier’s performance and ongoing risk exposure. Performance is easier to manage as long as the contract is well-written and clearly defines scope, objectives and deliverables. Risk, on the other hand, is dynamic and needs to be monitored and managed continuously.

To manage supplier risk effectively, it helps to differentiate between contract owner and supplier relationship owner, each of whom owns the risks respective to the particular contract or the relationship overall. When it comes to managing risk, the contract itself is not enough to rely on, as the risk environment on the day the contract gets signed is not necessarily the same as the risk environment several weeks or months later. For this reason, it is important to have ongoing visibility into the supplier and contract. All facets of contract and supplier risk and performance need to be accessible by the business. An effective way to manage supplier risk is through exception management – with alerts and thresholds when action is needed, as well as with dynamic workflows, based on either event- or milestone-driven activities.

As with many other areas, the effectiveness and value derived from supplier relationships hinges on the successful intersection of people, processes and technology. The processes and organizational structure outlined above must be fully enabled by technology that allows for robust and scalable contract and supplier management processes. Technology was covered in detail during the webinar, so I recommend listening to the entire discussion online.

The Company You Keep: A Case for Supplier Codes of Conduct

Bernie DonachieBy Bernie Donachie
Managing Director, Supply Chain Practice




Las Vegas tourism promoters used to promise, “What happens in Vegas, stays in Vegas.” It’s much harder to make such a claim these days, when even the most benign shenanigans are only a smartphone video away from global critique. Corporations are being held accountable, as well – not only by regulators, but by citizen journalists, activists, whistleblowers and customers, empowered by social media and the internet.

Companies are aware of this, and 92 percent have adopted formal codes of conduct for their organizations, according to a 2015 survey by Protiviti and the Economic Crime and Justice Studies Department at Utica College. According to that same survey, however, only a small fraction of those companies hold their vendors to the same standard, or even conduct reasonable due diligence on business practices – and that’s a problem.

In today’s collaborative economy, regulators (and consumers) recognize that companies are outsourcing everything from labor to IT infrastructure, and are holding the companies accountable for their vendors’ behavior. Witness the massive fines levied against global conglomerates under the Foreign Corrupt Practices Act. Consider recent personal data breaches attributable to third-party security lapses. In every instance, the corporation, and not only the vendor, was held accountable – especially in the court of public opinion.

Clearly, there is a case to be made for adopting – and enforcing – a supply chain “code of conduct,” establishing clear and communicated expectations for how suppliers will conduct their business – especially vendors authorized to act as agents on behalf of the organization. After all, it’s the company’s reputation and brand image that is at stake.

Codes of conduct are designed to prohibit any number of ethical lapses, including conflicts of interest, self-dealing, bribery and other inappropriate actions. They can be brief, although most are fairly detailed. A code of conduct is characteristically very concrete, delineating specific required and prohibited behaviors and practices. It differs from a code of ethics, which tends to deal more with principles and values and is difficult to enforce – although a code of ethics is often specified as a requirement of the code of conduct.

A code of conduct would typically address things like:

  • Human rights – requiring vendors to treat their workers with dignity and respect and provide proof of a penalty-free reporting mechanism for employees to report violations. This provision typically includes anti-discrimination, anti-harassment, compensation and hours, as well as prohibitions against forced labor and child labor.
  • Health and safety – including workplace temperatures, noise levels, ventilation, lighting, toilet facilities, safe working facilities and drinkable water.
  • Environment – setting standards for environmental sustainability.
  • Ethics – promoting fair trade and prohibiting corruption, unfair competition and conflicts of interest.
  • Other critical items, including financial integrity, confidentiality, regulatory compliance and social responsibility.

In the increasingly connected global economy, it is critical for organizations to look beyond fiscal imperatives and hold suppliers to the same ethical conduct expected of employees, management and directors. Of course, a code of conduct is only going to be as good as the intentions of the vendors who sign on to it. That’s where third-party audit comes in. And that’s a topic for another day.

Procurement Power-up: Building an Internal “Brand”

Tony AbelBy Tony Abel, Managing Director
Protiviti’s Supply Chain Practice




Procurement functions proclaim their value in “millions of dollars saved,” but it’s no secret that such savings are often questioned by internal critics who counter that actual savings were less than advertised, or came at the expense of quality.

There’s no doubt that a good procurement team can generate genuine savings throughout the enterprise without sacrificing quality. The self-evident value of such efforts, however, should not be taken for granted.

A new Protiviti white paper, The Dollars and Sense of Procurement’s Real Value, explores best practices in procurement brand building. I want to highlight a couple of points from that paper.

First and foremost: Show your work. You can be the best negotiator in the world, but that’s not going to build your brand unless you and your internal customers can agree on what’s required in terms of procured goods and services and what constitutes a successful outcome.

Procurement should be knowledgeable about, and formally aligned with, the business stakeholders it supports. By working collaboratively with business partners, procurement can establish a consistent, enterprisewide view of spending and value among the stakeholders. Accurate measurements of cost reduction and the value that procurement delivers are crucial to providing your stakeholders transparency into your effectiveness.

Metrics should be agreed to upfront, in a project charter – a formal document delineating goals and desired outcomes. Value claims should be documented, auditable and aligned with a budget – a process that should include operational stakeholders, procurement and finance.

Additionally, treat suppliers as partners. Few leading procurement functions these days view their primary role as hammering suppliers on cost. While costs must be managed to generate the greatest value to the organization, top procurement functions work with suppliers to find solutions that create sustainable value on both sides of the transaction.

For example, suppliers will often offer a discount to buyers who promise to pay in ten days or less. Such trade terms can offer substantial savings over the outdated strategy of stretching out payments to earn more interest on the float, especially in today’s low interest-rate environment.

By now, you should be seeing a pattern. Relationship-building, accountability and collaboration are the hallmarks of a procurement powerhouse. By taking the time to cultivate relationships – both inside the company and with suppliers, getting straight on stakeholder expectations and success metrics, and documenting actual savings and savings, as well as cost avoidance, you’ll see your the value of your procurement brand soar.

Do you have a procurement success story? I’d love to hear about it. Feel free to reach out or share it in the comment section below.