Every year, the World Procurement Congress brings together leaders from across our field, giving us a unique insight into the challenges teams are facing, how they’re responding, and what the future of procurement will look like for us all.
After reflecting on everything I heard and saw at this year’s event, one major theme stood out to me. Over the last couple of decades, there’s been a clear evolution in how procurement leaders think about third-party and supply chain risks.
Following the period of intense disruption that we’ve all been through – and many of us are still experiencing – it’s easy to understand why third-party and supply chain risks have rapidly ascended to the top of corporate agendas. But the evolution that’s taking place is much more than just a response to today’s turbulent supply chain environment.
To better understand how approaches to third-party risk management are changing, and how fresh thinking about risk management could shape the future of procurement, I want to break this evolution down – examining where we’ve been, where leaders are today, and where we’re headed next.
Where we were: Risk management as a cost centre
Historically, third-party risk management has been seen as a cost centre. Many teams approached it as a “box ticking” exercise – doing the bare minimum to ensure due diligence, but never dedicating more time or resources to it than were essential. The aim of the game was to avoid disaster, while designing supply chains and supplier portfolios to meet operational goals. The focus was purely on credit risk rating checks to ensure suppliers will not go bankrupt anytime soon.
Where we are: Risk management as a compliance centre
As regulations around corporate governance and corporate social responsibility grew, that mindset began to shift somewhat. Suddenly, managing risk wasn’t just a matter of avoiding a supplier crisis – it was also essential to ensuring compliance with regulations, business code of conduct, and industry standards.
The real change began when organisations recognised that to tick all of those boxes consistently, they had to put policies and controls in place that made third-party risk management a core part of the procurement team’s responsibilities.
However, all this did was add extra boxes that needed to be ticked.
What’s right ahead: Risk management as a resilience centre
Today, there’s a deep appreciation for the irrevocable link between third-party and supply chain risks and business resilience. One of the biggest reasons for that is that we’ve all had ample opportunity to see the negative impact that over-optimising supply chains can have on business continuity.
Approaches like Just-in-Time inventory management have slowly fallen out of favour as organisations began to appreciate how they can put supply chains on a knife edge. With just a single local disruption, the entire supply chain – and business operations – can grind to a halt.
It is widely acknowledged today that you can’t engineer supply chains for efficiency alone. Buffers and contingencies must be built in at every stage to keep supply chains flexible and resilient to disruption. That means building more diverse supplier portfolios, diving into risk in greater detail, and modelling the impacts of potential supply chain disruption scenarios. All of which demand an integrated, holistic mix of supplier, category, and macro-level intelligence.
That’s helped give rise to a new kind of intelligence-driven procurement team. While policies and controls guide behaviours and ensure risk-aware decision-making, it’s timely and contextual intelligence that actually enables teams to make decisions that create business value without negatively impacting resilience.
By giving third-party risk management the full attention it deserves, leaders had the opportunity to significantly improve the resilience of their business and start taking a proactive approach to avoiding supply chain and regulatory disruptions.
What’s next: Risk management as a value centre
Now, a small handful of businesses are starting to realise just how significantly the right approach to risk intelligence and insight delivery can transform how they think about supply chain risk.
The core purpose of risk intelligence is to help procurement teams select and partner with suppliers that will be able to reliably meet their needs at the right cost. Within that, it grants visibility of what suppliers are doing, what they offer over their competitors, and how prepared they are for the future.
When risk intelligence is contextualised by specialists to meet your business goals, what you get isn’t just a view of risk – it becomes a view of opportunities. It enables the procurement function, for example, to do things like engage with suppliers who have unique offerings that are ahead of shifts in the market, or suppliers who have effective emissions reduction programs that can lower the carbon footprint across the entire supply chain. By partnering with these suppliers, procurement teams don’t just mitigate risk and increase resilience – they create business value.
Looking ahead, I expect that this shift will gradually see third-party risk management evolving as a value centre for millions of businesses. Empowered with timely and contextual insights, teams will be able to create measurable business value through the decisions they make.
Crucially, this value won’t come at the expense of risk exposure and supply chain resilience. The same decisions that drive one will drive them all. And that’s something for enterprises of all levels to get very excited about.
Gain deep supplier insights and evolve your risk mindset with The Smart Cube
To learn how The Smart Cube supports procurement and supply chain teams with the reliable and timely insights they need to make balanced, risk-aware decisions that ensure resilience and create value, visit here.