Embed Size (px)
Citation preview
JONATHAN SWANSONAetna
DARREN McCUBBINRoyal Bank of Canada
JOHN HEUERIceberg
MARSHALL TOBURENDell-RSA
KEY QUESTIONS
Why is supplier risk management so critical to success?What’s driving the need for greater maturity?Where do we start?What are the key challenges?What’s next?
TODAY’S PANELISTS
JOHN HEUERIceberg
MARSHALL TOBURENDell-RSA
JONATHAN SWANSONAetna
DARREN McCUBBINRoyal Bank of Canada
MODERATORGLEN GOWER, Iceberg
GOVERNANCE, RISK & COMPLIANCE (GRC)
GovernanceHow an organization is
structured and managed to achieve strategic goals
Risk ManagementPredicting and managing risks that affect the achievement of
objectives
ComplianceFollowing policies, procedures,
laws, and regulations.
GRC: Maximize the efficiency and effectiveness of an organization and understand risk in a business context.
GOVERNANCE, RISK & COMPLIANCE (GRC)
Gartner: Seven primary markets of “integrated risk management… recognizing the interconnected nature of operational risk across an enterprise.”• Operational Risk Management (ORM)• IT Risk Management (ITRM)• IT Vendor Risk Management (VRM)• Business Continuity Management Planning (BCMP)• Audit Management (AM)• Corporate Compliance (CCO)• Enterprise Legal Management (ELM)
RISK INTELLIGENCE
Risk DataTrusted
Aggregated, Transparent
DecisionsInformedConfidentEffective
Business LeadersBoard
ExecutivesManagement
“Trusted, aggregated and transparent risk data for business leaders,enabling organizations to make informed, confident and effective decisions.”
TOP OF MIND
42%of companies now describe
themselves as highly vulnerable to vendor, supplier, or
procurement fraud Kroll Global Fraud Survey
85%of companies reported suffering
at least one supply chain disruption
Zurich Financial Survey
90%of all FCPA cases involved third-
party intermediaries Corporate Executive Board
76%of data breaches resulted from a
third-party which introduced security deficiencies that were
ultimately exploitedTrustwave Global Security Report
AREAS OF SUPPLIER RISK
Financial Wherewithal Concentration Risk Strategic Risk Credit/Liquidity Operational
Regulatory Compliance Information Security Business Resiliency Errors & Fraud Privacy
Non-performance / Poor Quality Reputation Risk Inadequate Supply
Chain Governance “Nth” party risk Legal
JOHN HEUERIceberg
MARSHALL TOBURENDell-RSA
JONATHAN SWANSONAetna
DARREN McCUBBINRoyal Bank of Canada
MODERATOR:GLEN GOWER, Iceberg
COMMON ARCHER USE CASES
Centralize supplier inventory and processes across the enterpriseEnsure that ownership, roles, and responsibilities are clearly defined, and develop efficient, repeatable processesMonitor and assess new/potential vendors, and ongoing monitoring of existing suppliersEnable “ask once, use many” approach to gathering dataReporting on risk posture to management & business unit owners
COMPLEX SUPPLIER ECOSYSTEM
FinancialCounterparties
Consultants
MaintenanceCompanies
Raw MaterialSuppliers
Software Providers
Couriers
LawFirms
HardwareProviders
Landlords / Lessors
PartsSuppliers
Insurers
EmploymentAgencies
ISPs
SaaSProviders
CreditBureaus
Utility & TelecomCompanies
MarketingCompanies
SecurityGuards
Accountants
MedicalBusiness Associates
PropertyManagers
Partners/VenturesIntegrators
Third-Party Sellers
Identity ProtectionProviders
Source: Shifting Toward Maturity, EY, June 2016
Less than 10,000 10,000-29,999 30,000-49,999
73%
21%6%
How many third party suppliers are in your organization’s inventory population?
WHO OWNS SUPPLIER RISK?
Source: Shifting Toward Maturity, EY, June 2016
45%
41%
14%
Centralized(enterprise-wide 3rd party risk management office)
Hybrid(3rd party risk management offices located within the business areas and centrally at the enterprise level)
Decentralized(embeds 3rd party risk offices within each business area)
41%
38%
14%
7%
“How is your 3rd party risk management program structured?”
“What area has primary ownership of the 3rd party risk management function?”
Procurement
Operational & Enterprise Risk
Information security
Tech and operations
WHERE DO WE START?
Stakeholder Alignment “Weigh-In = Buy-In”Establish Clear Vision & GoalsExecutive SupportCMO/FMO – how do we do it today, and how can we do it better?Start Small, Build Momentum
ACHIEVING VALUE
Source: The Deloitte Global CPO Survey 2016: Procurement: At a Digital Tipping Point?
Consolidating spend
Increasing level of supplier collaboration
Increasing competition
Restructuring existing relationships
Reducing total lifecycle/ownership costs
Specification improvement
Restructuring the supply base
Reducing transaction costs
43%
39%
32%
31%
30%
29%
25%
21% Where are CPOs focused on generating value in the next 12 months?
ASSESSMENT OVERLOAD?
<50 51-100 101-250 251-500 >500
8%
21%
33%27%
10%
“How many questions are within your organization’s full-length control self-assessment questionnaires that are used to assess the highest-risk third parties?”
Source: Shifting Toward Maturity, EY, June 2016
# of questions
JOHN HEUERIceberg
MARSHALL TOBURENDell-RSA
JONATHAN SWANSONAetna
DARREN McCUBBINRoyal Bank of Canada
MODERATOR:GLEN GOWER, Iceberg
