The Three Procurement Risks You Can’t Afford to Ignore in 2021
Procurement teams should mitigate against these three key risks to save their companies from financial and reputational damage.
2020 was brutal. We battled against a pandemic, trade wars, recessions, natural disasters…the list goes on.
Yet according to Shakespeare, “Sweet are the uses of adversity.” We now have the opportunity to use these experiences to make our supply chains stronger.
How? Anticipate and mitigate risks. While we obviously can’t predict the future, we can prepare for it, says Dawn Tiura, President and CEO of Sourcing Industry Group.
“For all of last year, we endeavoured to shore up the resiliency in our supply chains due to the gaping holes discovered through Covid,” says Dawn, who was recently featured by Procurious for building the largest sourcing network in the United States.
“Now in 2021, we are already seeing that resiliency is considered ‘table stakes’ and we are returning to focus on all the other risks we were already facing and addressing pre-Covid,” Dawn added.
And you can expect those risks to look much more like 2019 than 2020.
Top of that list? Cybersecurity, closely followed by sustainability and supply chain transparency, Dawn says. Here’s what you need to know about protecting your company in 2021:
Cybersecurity
What are the risks?
Theft and exposure of private company information, system compromise, lost or corrupted data.
How to protect your company:
Your company (and suppliers) are basically guaranteed to experience a cyber-attack at some point. With one attack happening every 39 seconds, it’s only a matter of time until you’re hit.
“Most cyber-attacks happen because of human behaviour; whether it is reusing passwords, leaving laptops unlocked, sending and storing personal data through and in email, clicking on dangerous links, or visiting “those” websites,” Kadhim says.
In fact, more than half of data breaches are caused by employees using IT resources inappropriately, according to security firm Kaspersky.
It’s your IT team’s responsibility to put system-wide technology in place to defend against attacks. But it’s your responsibility to educate yourself and your team about the risks, and how to avoid them. And similarly, you should ask your suppliers what steps they are taking to protect your data.
Sustainability
What are the risks?
Poor environmental impact, negative reputation
How to protect your company:
Learn what goes into making the products you use, says Clare Hobby, Director of Purchase Engagement at TCO Development and presenter at Big Ideas London 2021 (add link to on demand page).
For example, Clare says 80% of a computer’s lifetime greenhouse gas emissions happen during the manufacturing phase. So instead of buying new computer equipment all the time, you might consider how you can safely extend the life of what you already have.
“Procurement is one of the strongest influences on sustainable product ecosystems, including what happens in the production phase,” Clare says. “Design your sustainable procurement programme to include both environmental and supply chain responsibility and signal these priorities to your suppliers – early and often.”
Supply chain transparency
What are the risks?
Disruptions, reputation risks, human trafficking.
How to protect your company:
To prevent slave labour in your supply chain, you need to ask questions. “It’s critical for procurement to demand accountability on working conditions from their vendors,” Clare says. “Rigorous criteria coupled with independent verification are important in the procurement toolbox.”
That’s especially important as labour practices and human rights risks were up 69% on the previous year, according to riskmethods.
Dawn agrees we all need to accept responsibility for understanding human trafficking and modern slavery. “We need to expect more from our suppliers regarding transparency,” Dawn says.
But that can’t happen until you know your suppliers’ suppliers, and beyond.
For example, look at the Target credit card security breach that Dawn highlighted during her 2019 Big Ideas Summit presentation. Criminals accessed customer information by hacking into one of Target’s third party heating and cooling suppliers.
“How many of you know your third, fourth, fifth parties?” Dawn asked. “If we don’t spend the time to look at our tail, we don’t know what we don’t know.”
Risk is a team sport
With such varied risks, how can you know if you’re doing enough? “If you are able to identify risks, then mitigation can be measured and shared within the company,” Dawn says.
But you’re unlikely to get a full picture of how well you’re doing, and how your efforts compare to similar organisations, without an outside opinion, she adds.
“Third party risk is a team sport. And it’s a sport that must be actively played to be successful. Consider using a third party risk management company to help you identify, reduce, and mitigate risks.”
No matter how advanced you are in mitigating supply chain risks, there’s always more you can do. Stay proactive to protect your company from financial and reputational damage.
Want even more? Join renowned expert Dawn Tiura from Sourcing Industry Group on 24 June 2021 to learn how to protect your company from the top threats to your supply chain. This risk masterclass is exclusively for Faculty Roundtable members. Learn more and register here.