Confronting the code of conduct gap
Guy Harrison, General Manager, Dow Jones Risk & Compliance, discusses the company's recent research into third-party risk management.
Third-party risk management systems and processes are in need of significant upgrades as supply chains become more global
Dow Jones Risk & Compliance, recently examined the third-party risk management practices of U.K. companies with a particular focus on the vetting of suppliers in lengthening supply chains.
In August, its team surveyed 250 U.K.-based procurement professionals across five sectors: engineering and construction, oil and gas, IT and technology, media and telecoms and manufacturing.
The survey uncovered that the policies designed to vet suppliers and vendors against indicators of bribery and corruption risk are poorly understood and inconsistently applied.
The findings were concerning—but perhaps not altogether surprising. Especially not when one considers the operational constraints faced by the teams responsible for supplier onboarding and vetting through the supply chain, be that in procurement or other business units.
The results paint a clear picture of an industry facing an enormous task.
Half of the U.K.-based procurement professionals believe ‘corners are cut’ in order to vet and onboard suppliers more quickly. As you can see in the graph below, this sentiment varies across sectors. Generally speaking, however, it appears that the need to meet business demands often trumps the need for rigorous third-party vetting.
Nearly half of respondents are not wholly confident that all of their existing suppliers have been vetted properly and believe one-third of new supplier onboarding in the last 12 months is likely to have been executed improperly.
While more than 60 % of procurement professionals believe that their organization’s code of conduct with regard to third-party risk management is consistently applied when necessary, one-third believe their colleagues do not understand supply chain risks. Only 22% are “very confident” that employees would be able to identify a breach.
A third of procurement professionals say their organizations do not extend their vetting to fourth-party vendors and therefore have no visibility of their supply chain beyond immediate suppliers.
Less than half (45%) have regular training and certification programmes to ensure the code of conduct for third-party risk management is fully understood and applied.
Finally, more than two-fifths (43%) of procurement professionals recognize the need to make changes and overhaul their approaches but many are likely hindered by resource constraints. 52% expect their third-party vendor management budgets to stay the same or face cutbacks and 24% plan for reduced budgets.
These results are especially worrying given that the pressure on third-party risk management systems is only going to increase as supply chains become more global.
In fact, the professionals surveyed expect the number of third-party suppliers that they rely on to increase by 40% age points over the next three years. That’s a significant increase and one that businesses need to prepare for.
Businesses that cannot clearly articulate their risk appetite—and that do not share that information effectively with their workforce—may be set to face tough questions from regulators, damaging financial penalties and discredited reputations.
Is there an upside to all this? Dow Jones Risk & Compliance believes there is.
The ‘code of conduct gap’ research identified it can be addressed with proper technology, tools and a commitment to training across the business.
Employees are going to become even more important as the first line of defence. All organisations, whether dependent on in-country or expansive global supply chains, must embrace the need to empower their people to understand, implement and actively maintain policies and processes around third-party risk management. To that end, it is vital that employees are provided with the right level of training and ongoing support.
Technology is another key factor. Businesses do not always have the resources to establish adequate checks and balances in their due diligence processes. In fact, Dow Jones Risk & Compliance has seen many instances of global businesses relying on spreadsheets and emails to keep track of their vetting and onboarding.
Solutions based on high-quality data and integrated workflows can help automate and streamline these processes, while ensuring compliance with regulatory requirements for documented decision-making and audit trails. The right technology can drive a risk-based approach that helps surface the parties within your supply chain—based on considerations such as jurisdictions or type of business relationship—that carry the highest level of risk.
A risk-based, technology-driven and employee-tested approach ensures you are protecting your supply chain in all the right places, and therefore are better protected overall.
For more information on all topics for Procurement, Supply Chain & Logistics - please take a look at the latest edition of Supply Chain Digital magazine.
Accenture Acquires SCM Software Firm Blue Horseshoe
Accenture has announced its acquisition of Blue Horseshoe, a US-based supply chain management software provider and consultancy firm.
Upon completion, Blue Horseshoe’s 349 professionals will join Accenture’s Supply Chain & Operations group, expanding the professional services group’s capabilities to create more interconnected and resilient supply chains for clients.
“To be competitive, companies need to transform their supply chains to deliver the innovative and hyper-personalised products, services and experiences that are in high demand—and fulfilment is core to that transformation,” said Renato Scaff, Accenture’s Supply Chain & Operations North America lead. “Blue Horseshoe’s deep fulfilment consulting experience and methodologies support Accenture’s vision for building customer-centric, resilient and responsible supply chains that benefit people, society and the planet.”
Who are Blue Horseshoe?
- Founded: 2001
- CEO: Chris Cason
- Employees: 349
- Offices: 4 in USA, 1 in Amsterdam, 1 in Estonia
- Key customers: Lids, Pabst Brewing Co., Half Price Books, Britax, Major Brands
Founded in 2001 in Indiana, USA, Blue Horseshoe now operates from six offices across the US and Europe. The company provides cloud-based solutions for supply chain management, ERP, warehouse management and transportation management systems, including its own Supply Chain Cloud platform, as well as Oracle NetSuite and Microsoft Dynamics 365 Supply Chain Management as a Microsoft Inner Circle Partner.
Blue Horseshoe specialises in fulfilment and distribution solutions, with expertise in the food and beverage, consumer packaged goods, and retail distribution industries. Over the past 20 years, the company has improved around 700 supply chains, including those of leading companies such as fashion retailer Lids, cosmetics company Regis Corporation, Pabst Brewing Co., and family-owned bookstore chain Half Price Books.
“For two decades, we’ve worked with clients to build connectedness, efficiency and automation across their enterprise and supply chain operations,” said Chris Cason, CEO, Blue Horseshoe. “As part of Accenture, we will bring increased scale and combined expertise to help clients put in place next generation supply chain and fulfillment strategies that meet customer expectations and support business growth.”
Accenture's acquisition of Blue Horseshoe is subject to customary closing conditions.