Risk & Insurance: Vendors May be Weak Link

Originally Published in Risk & Insurance | July 25, 2014 | By John Otrompke

Companies prioritize operational risk management, but many do not believe their vendors are doing the same.

Vendor risk management is often too overlooked by Fortune 1000 companies.

Three-quarters of supply chain executives said operational risk management is important for dealing with unpredictable events such as disasters, geopolitical risk, and demand volatility, according to “Don’t Play it Safe When it Comes to Supply Chain Risk Management,” a survey of more than 1,000 companies conducted by Accenture.

At the same time, 65 percent of executives at Fortune 1000 companies do not believe vendors are doing enough to minimize risk, according to another recently-released survey from the Consero Group, which focused on shared services.

The findings are indicative of one of the most volatile business environments seen in the last 15 to 20 years, as reflected by indices such as the Chicago Stock Exchange index, according to Mark Pearson, managing director of Accenture’s operations strategy consulting practice, and an author of the study.

“But this phenomenon is not just about the downside, because it has an upside as well, in that there is an opportunity to take market share if a company has the right tools in place to manage that risk,” he explained.

Business trends in recent decades have increased the importance of supply chain risk, Pearson said.

“We’ve spend the last 25 years globalizing supply chains, and applying concepts like just-in-time manufacturing, making our supply chains pretty lean, but also fragile,” he said.

To address the vulnerability, companies have developed strategies to respond to interruptions in the supply chain, with planning, analytics, and better visibility, Pearson said. Such strategies have included the creation of supply chain control towers.

According to Capgemini Consulting, a supply chain control tower is a central hub that captures and uses supply chain data to enhance visibility for short and long term decision-making that aligns with strategic objectives.

“These control towers,” Pearson said, “are fairly physical, and the concept is becoming very popular, due in part to some very good and well developed examples, coming out of the high-tech industry, such as Dell, for example.”

However, such control towers normally involve significant investments that run into the millions of dollars spent on technology and personnel, he said.

Executives also recognize the importance of vendor risk in shared services centers, which have increased in importance to organizations: 72 percent of leaders have increased their budgets over last the year, while 66 percent increased staff size, according to the Consero 2014 Shared Services & Outsourcing Data Survey.

Shared services executives rely on a host of vendors, ranging from law and accounting firms to software and other products.

“If vendors are unable to deliver the products or tools required, it creates difficulties,” said Paul Mandell, founder and CEO of Consero Group, based in Bethesda, Md.

“In addition, all kinds of legal risk exists when you have vendors handling data, if they’re not attuned to appropriate data security protocols. Another area of legal risk is rule violations by vendors, if they are making bribes across international lines,” Mandell said.

“Some commercial carriers offer insurance to cover supply chain risk, and compliance risk, but that will often only go so far when it comes to intentional violations of law. There may be financial compensation of some kind, but the damage to your relationship is hard to quantify,” Mandell said.

“Insurance companies are starting to build supply chain insurance products,” agreed Pearson, “but they don’t have a lot of experience. Whether it’s a soft or hard market, it’s a new market,” he said.