When I think about what the next frontier for procurement looks like, I always come back to the function’s role in managing risk – whether that be financial, technical, functional or operational. Although it is something that feels quite familiar in terms of our daily activities, I don’t think we have invested as much time as we should have in measuring the metes and bounds of risk and mapping it so that we are better able to quantify threats and think about risk across disciplines.
Procurement has always had to manage and mitigate risks of all kinds to ensure a reliable supply of goods and services throughout a financially sound supplier network without becoming overly entangled with any single company.
Failure to manage risk can lead to cost exposure, squeeze margins and result in potential failure if a tightly integrated arrangement with a single supplier were to fail – especially in industries such as manufacturing.
Yet beyond the big events of cost spikes and the failure of key suppliers, the risk landscape becomes a dense thicket of alternative views based on an individual’s industry experience and sensitivities.
Risk suffuses the network of relationships across suppliers, internal stakeholders and functions, as well as the broader matrix of forces in the marketplace. We are aware of risks when we have to be because – usually – something went phenomenally wrong, then for some time after we are hypersensitive to that risk until the next thing blows up.
On the one hand, we are used to risk in our jobs. Yet, on the other, few of us press into that ecosystem of interconnectedness to refine our approach to understand how, when, and where we are exposed – we do it deeply, not broadly.
Most importantly, articulating and refining these frameworks to understand risk and its components will unlock deep insights to how our function can contribute to the success of our endeavours and the value our firms generate – both for shareholders and society.
Look to technology but don’t rely on it
Technology can help here, but I don’t think this is a technical fix whereby applying artificial intelligence or some clever mathematical algorithm alone will make risk a completely known entity.
Regarding individual suppliers, we analyse request for x submissions and scrutinise contracts so we have a clear view of what triggers a breach and termination for cause under service level agreements so we know the impact to operations in terms of time, cost, and quality should we need to shift away from a specific supplier. Yet, do we do this reliably for all suppliers or categories? Not consistently. We like to advert to third-party indicia of risk, but many of these are lagging indicators derived from data or insights that are themselves dated: I recall that before the 2008 global financial crisis, most of our suppliers were deemed to be in rude health. Then, within six months, it seemed there were no suppliers out there.
In short, we’re already here swimming in risk. The challenge we ought to set ourselves is, how do we clarify our understanding of how they interrelate to arrive at actionable outcomes?