It's clear that traditional methods of managing risk are no longer sufficient.
A more innovative approach is required to avoid, absorb, and recover from disruptive events.

Introduction

Incidents involving suppliers can have a critical impact on a company’s finances, operations and reputation. But proactively managing that risk requires data to be collected and managed at an unimaginable scale, supported by near real-time analysis and consistent decision-making.

EY’s 2023 Global Third-Party Risk Management Survey found that “many organizations are still using spreadsheets and time-consuming manual processes to track third parties”. Even among professional risk managers, 42% still use spreadsheets and slides for risk analysis and assessments (FERMA).

Our conversations with some of the world’s largest companies reflect this. In many cases, Vendor Master Files are (very large) spreadsheets. Risk information is collected over email via questionnaires – if at all.

That same EY survey revealed that 92% of organizations take more than 30 days to perform control assessments of third-parties. That timescale, and the resources required, means accessing up-to-date information to make risk-aware decisions is impossible.

Despite the gap between existing capabilities and future potential, the benefits of implementing a best-in-class supplier risk management solution can be significant.

Understanding the potential of supplier risk management

Supplier risk management programs can be aligned to directly support the goals of the business. When implemented effectively; every data point collected, decision made, action taken and report generated will directly support an organizational objective.

Best-of-breed solutions turn supplier information to a competitive advantage, utilizing emerging technologies to avoid, absorb and recover from disruptive events.

This will not be achieved through data and dashboards alone. A screen full of graphs and an inbox full of notifications should not be the goal. They can, however, be utilized in stakeholders’ workflows to support risk-aware decisions at every touchpoint.

Technology, such as apexanalytix, allows AI-powered automation of the risk resolution process. It collects relevant data from the most reliable source, makes informed calculations and takes mitigating action. Not once at vendor registration – but in an ongoing, consistent manner.

To unlock the potential of supplier risk management, align your program with corporate goals.
Take the next step and get personalized advice from a specialist who can help you do so.

Align Risk Management with your corporate goals

Sourcing, Purchasing and Supply Chain functions are core to the success of global companies.

Aligning a supplier risk management program with the needs of the business is about translating the abstract “risk” into concrete business priorities. Here are a few examples where alignment makes sense, each of which has already been implemented by Fortune 1000 companies using apexanalytix.

This alignment means you can collect the most relevant information from the most appropriate sources for each supplier.

You might gather credit ratings from Equifax and automatically source vendors’ published DEI policies while asking them to enter remittance details into our Portal.

Our solution seeks to verify vendor-provided information where possible. This includes bank account validation in many countries as well as verification and monitoring of insurance policies.

We provide built-in monitoring for all 7 key risk factors highlighted in Gartner’s Market Guide for Supplier Risk Management Solutions. If your business prioritizes other areas of risk, we can connect additional data sources. Your risk management and reporting remains centralized regardless of the source of information.

Embrace automation to manage supplier risk

The rise of AI, most visibly chatbots, has caused excited discussions about automated risk management. But for maximum effectiveness, think beyond humans following AI-generated instructions.

Actionable scale requires the technology to complete necessary actions on your teams’ behalf – then enable decision-makers with contextual awareness when an resolution requires their input.

Supplier risk management can be divided into three phases of activity. Vendor registration, risk monitoring and risk resolution.

Vendor registration

At the core of any Supplier Information Management strategy is the gathering and maintenance of data. apexanalytix streamlines vendor registration – including risk data – through an AI-enabled portal.

  1. When your team triggers an onboarding event; Portal cross-references your policies to categorize the supplier’s risk profile, industry and location. Using this, it identifies the information you need to collect – including compliance risk by jurisdiction.
  2. Much of this knowledge is gathered automatically from our database of over 100m company records supplemented by over 1,000 external data feeds.
  3. Your supplier is invited to provide additional information through a self-service portal.
  4. Their input is assessed; including bank account and insurance validation, prohibited entity checks and more. Their responses to regulatory questions are assessed to measure compliance.

To maintain consistency, supplier information is distributed via API to the relevant tools and data stores within your business. This could include ERP systems and your centralized data warehouse.

Automating vendor registration workflows helps you collect and verify the necessary data for each supplier. Through integrations with internal tools and workflows, this supports risk-aware decision-making at every touchpoint.


 

Risk monitoring

Risks evolve quickly but awareness often doesn’t. This means organizations can find themselves on the back foot when incidents occur; battling to restore operations rather than safeguard them.

By their nature, annual vendor questionnaires do not provide up-to-date awareness of emerging concerns. Through over 1,000 sources of external risk data, Portal ensures that your reporting stays up to date.

Examples of continuous risk monitoring within Portal include:

  • Fraud checks against every invoice from each supplier
  • Insurance monitoring to ensure that coverage remains in place and adequate
  • Credit monitoring for emerging signs of financial distress
  • Dark web monitoring to detect data breaches or ransomware attacks
  • News monitoring for reports of potentially harmful incidents
  • + many more, each weighted to reflect your policies and risk tolerance

 

Risk resolution

When a vendor’s risk level exceeds your tolerance, it must be resolved. This could be as simple as collecting documents to comply with a regulation or a more complex incident response workflow. Acceptable tolerances will vary by vendor and are automatically accounted for within the apexanalytix solution.

Many ‘solutions’ to vendor risk management rely on a stream of notifications instructing internal stakeholders to take action. Often, this approach results in no activity at all; either through a lack of internal bandwidth or as a result of too many false positives.

The apexanalytix solution mitigates this by only relying on human input when absolutely necessary – either because the mitigation can’t be automated or because policies say that a manual decision is required.

When human input is needed, the most relevant stakeholder is notified in the most appropriate way; ideally within their standard workflows (rather than email notifications). They’re quickly provided situational awareness, with AI-generated descriptions of the context and the action required of them.

Within your policies, there may be scenarios where concerns cannot be resolved with existing suppliers. In this case, sourcing events can be automatically triggered.

All resolution activity is trackable in our case-management system and within your reporting.

Empowering stakeholders with the right information is crucial to resolving risk.
Discover how the right solutions can help you make informed decisions.

Empower stakeholders through contextual awareness

AI-enabled automation may be the key to scale. But cross-functional visibility is still crucial to a successful vendor risk management program. When stakeholders are empowered by data, the business gains tangible benefits:

For each of these use-cases (and more) to be effective, visibility must extend beyond ‘traditional’ dashboards and into the day-to-day workflows of stakeholders. The apexanalytix supplier risk management solution empowers this with integrations and built-in workflow management.

Dashboards are a powerful tool to support the business’s goals through supplier risk management.

Within the apexanalytix solution, they can be configured to show relevant information across multiple levels. ‘Views’ range from broad visibility of risk across every category and each supplier right through to detailed breakdowns of specific risk factors for an individual vendor.

A visual example of the risk solution