The New Way to Manage Supplier Risk: Big Data and Fast Action
Back in May, Coupa acquired a startup called Riskopy, builders of a product called Risk Aware. After working with early access customers to integrate the product to their Coupa instances, we announced the general availability of Risk Aware at Inspire EMEA in October.
We’ve also integrated Riskopy co-founder Ahmad Sadeddin as senior economist at Coupa. Ahmad comes from a family of entrepreneurs who have been, among other things, tea traders, for four generations. Besides Riskopy, Ahmad also founded an online chocolatier catering to the Jordanian market, and a mobile image processing company for shoe and prosthesis sizing. We caught up with Ahmad to learn more about how Riskopy came to be, why Riskopy and Coupa went together like peanut butter and chocolate, and what this new confection means for the future of supplier risk management.
Coupa: Tell us the story behind Riskopy.
Ahmad: I did my master’s in insurance risk management and I worked in insurance as a consultant on marine underwriting in Paris for a bit, and then out of the Middle East with my dad in a health insurance management company he had started. I felt like I was very well-positioned in the risk management space, and a couple of years ago I ventured out on my own with a couple of co-founders to form Riskopy.
I thought there was a lot of value that could be created in risk management. The field really accelerated after the 2008 financial crisis, both from regulator pressure and from boards and management requiring companies to do a better job at it. But, everywhere I went, I saw companies using antiquated processes. Even though everyone had point solutions, a lot of the work was largely done in Excel, and we wanted to change that.
What Riskopy ultimately became was inspired by my dad. He was on a mission to buy software for his company. He got a great deal from a vendor, but he said, “Listen, I want to understand how your software works before I buy it. Can I do a trial?” They said, “No. You buy it and we’ll give you a refund if you don’t like it.”
He thought that was a little sketchy, so he got a credit report on them and found out they had zero cash in the bank. So, the promise of a refund was not very credible. That’s when I realized that there’s a lot of risk in dealing with your partners, both as a buyer and as a supplier. We started on a mission to help de-risk business relationships using data.
Coupa: What’s wrong with doing this in Excel?
Ahmad: Data silos. Risk management is a three-legged stool. There’s probability, severity and decision-making. The way it has been done up until now is that companies buy data from a bunch of different vendors, and they bring it from those Excel sheets into their risk management system, which will tell them the probability of a supplier going bankrupt, or experiencing whatever other eventualities they may be at risk for. Bringing all these disparate data sources about financial ratings, lawsuits that are happening, news and views sentiment, and weather-related risks into one system was our first challenge.
To solve it, we became very good at entity resolution, because many companies have similar sounding names, or they have holding companies and parent companies with different names. For example, say you’re looking for “Amazon lawsuits.” You might find lawsuits against a lot of different companies with Amazon in the name. Our job was to say, okay, they’re really looking for Amazon.com, Incorporated. Then, using a lot of cheeky tricks and artificial intelligence, we were able to connect all these disparate data points and aggregate all the lawsuits, news, and financials of Amazon.com, Incorporated into one report.
We built partnerships with a lot of data providers, credit agencies, API providers and so on, so we could fulfill all these requests in real time, versus having a risk analyst going out and collecting all the information from different sources. It took our subscribers seconds to find the latest information about a particular company.
Our second challenge was to be able to make actionable recommendations based on those risk factors. But, while external data might tell you the probability of an event coming to pass, the severity of the risk is found in a different data set--your internal transactional data, which puts a particular risk in the context of your company. As in, if we use this supplier, and they go bankrupt, how much will it hurt our business?
Without understanding both the probability and severity of the risk, you can’t make a good recommendation. What we wanted to do is bring the data and decision-making together. What we were missing was the transactional spend data, and that’s why joining with Coupa made so much sense.
What we’re doing now with Risk Aware is applying the probability and decision-making capabilities we built to the external data, company spend data, and community intelligence about suppliers that is in Coupa, so customers can make better-informed decisions about the way they do business with their suppliers.
Coupa: What was your experience working with the early access customers?
Ahmad: Very exciting. One early access customer immediately found a high-risk supplier that was mission critical, and was having financial difficulties—right in the middle of the mission. They got on the phone with them to discuss the situation. The vendor felt like the risk was being overblown, and our customer ultimately decided they would keep working with them and support them financially if need be. When the renewal comes up, they can revisit the issue and maybe add new clauses to the contract or look for an alternative supplier. The great thing is, the time from discovering the risk to communicating with the vendor and making a decision was just two weeks.
This is an area where speed really matters. We talked with another customer that was taking three months to analyze 1,000 suppliers, and another three months to start implementing identified actions around them. Well, in six months, a lot can change. There could be a merger or acquisition. Their finances could change. A hurricane could happen. With Risk Aware they can accomplish the same thing in about a month.
Coupa: Whose job does Risk Aware change, and how does it change it?
Ahmad: For midmarket customers, it mainly changes the procurement department. In most midmarket companies, their largest challenge is starting a risk management function in the first place. It’s a daunting task, and they don’t have the technical expertise to do it, so they’re not doing anything.
We can help them get up and running a with a vendor risk management strategy for the very first time, without adding a risk management group. They can add the CFO or other executives as approvers, creating an ad hoc risk group.
At the enterprise level, where companies have a governance, risk and compliance department, now they can get their arms around vendor risk, which they usually don’t have. They have these complex systems, but they’re not sophisticated systems. They’re doing all of this manually. We’re helping them automate that entire process, and democratize it by spreading the data and the decision making across many different groups.
The focus moves away from gathering and aggregating all this information. It puts the data right in the hands of the procurement department and gives GRC oversight to make sure that they’re managing their risks appropriately.
For example, let’s say there’s a very high ticket item, and the supplier’s flagged as high risk. The procurement department can say, “Okay, we want to approve this. This is a critical supplier for us, and we can’t source this from anywhere else.” That’s the procurement department’s expertise, and they’re able to say that confidently.
But they’re not able to say whether the company should take that risk. So, they can add an approver. Now the risk management department can look at it and decide to approve or reject it based on all the information that’s available. There’s now a collaborative effort.
Every customer that we’ve provided Risk Aware for has said, “I want more people in my company to see the data.” We were just blown away by that. One company told us, “Everybody here has to be able to see the risk profile of a particular supplier, because that will create a risk management culture throughout the entire organization.”
That’s a lot different from the way people look at risk management today. It’s seen as limitation function, with a bias for analysis. Now risk management becomes an enabler, with a bias for action.