A Better Way to Monitor Supplier Risk

Donna Wilczek
Donna Wilczek
Senior Vice President, Strategy and Innovation, Coupa Software

She is an executive sponsor of the Coupa Executive Advisory Board and an inventor with multiple software patents.

Read time: 9 mins
A better way to monitor supplier risk

Let’s say someone has stolen my personal information—an increasingly common problem in today’s world. Now who knows how many people out there have my data, and what they might be doing with it?

To protect myself, I would probably sign up for an identity theft monitoring service. This type of service will actively monitor my credit report to see if anyone is applying for new credit cards or loans in my name. It will monitor my credit card and bank accounts and flag me if there’s any unusual activity. It will monitor my social security number to make sure no one is using it without my knowledge. It may even monitor my driver’s license number, and flag me about any address changes to make sure they were authorized.

But, what if this monitoring service only covered activity with big banks and major retailers? That would leave me exposed to a lot of risk, and not be much of a service at all. It’s ridiculous to think about a credit monitoring service that would only offer partial monitoring. Who in their right mind would sign up for it unless that was the only choice? Yet this is essentially the way businesses have historically monitored supply chain risk.

Building a better solution
There is more information about suppliers available than ever--credit scores, legal filings, government data, news alerts, social sentiment, customer reviews and even weather information. However, because existing technologies require so much manual input to bring together all this information and keep it up to date, businesses are faced with a decision: How much time and effort are they going to invest into supply chain planning and monitoring their supply chain risk?

Most supplier risk management experts and category managers will identify their strategic suppliers and focus on monitoring just those. Given their resource limitations, and the limitations of the tools they’ve had at their disposal, that’s the most pragmatic approach. But without a better approach to vendor risk management, it leaves the organization wide open to a lot of risk.

Businesses need better solutions, so we set out to build one. Our strategy was to make a service similar to a consumer identity theft monitoring service providing active monitoring across the board.

A three-pronged problem
The problem is three pronged: First, you have to be able to pull all the different data sources together in one place and normalize the supplier names so that the data attaches to right entities. Second, you have to put the information about the supplier into the context of your company spending so you can evaluate not just the probability, but the severity of the risk. Third, you have to be able to deliver alerts in a transactional context from the digital supply chain, so that you can see the information when you are doing business with a particular supplier.

If you haven’t done business with a supplier in a year or eight months, what data is really relevant? Should you drop everything and go see what it is? But if you’re going to run a sourcing event, sign a new contract, or approve an invoice for payment, those are times you should be aware there’s an alert.

On top of all that, you have to be able to automate this process for as many suppliers as you possibly can. Supply chain scandals regularly make headlines, and the news can spread like wildfire on social media. Even a small supplier can do damage to your brand. For example, what if it turned out you had done a little project with Cambridge Analytica, which recently folded following a Facebook data misuse scandal, and you hadn’t even been monitoring them?

With active monitoring, let’s say a purchase request comes in for Cambridge Analytica. Yesterday there was nothing going on, and now suddenly their name is splashed all over the news. That would pop up an alert, and automatically route the purchase request for additional approval so a person at the company could review it and determine whether there’s a risk in doing business with that supplier. It’s a holistic approach to monitoring many data sources in the context of spending that’s actually flowing through to the supplier.

Continual updates
All of these data sources are continually updated, most of them daily, with the exception of business credit scores, which are updated monthly or quarterly. We also have a unique data source—supplier behavior and performance across the Coupa platform. Today, we can draw community intelligence from data about four million suppliers and over 745 billion in spending transactions, and that data set is growing at an exponential rate.

Active supplier monitoring capability has been ten years in the making. From the beginning, we had a very clear strategy of compiling the data from a cloud-native, multi-tenant platform, and now we’re finally at the tip of the spear of being able to deliver insights from that data. We’re going to keep developing this capability, adding more and more data points so that companies can get closer and closer to monitoring all of their suppliers and implementing effective supplier scenario planning with very little effort.

No more will companies have to take calculated risks about which risks they think they can afford to ignore. They can get a much wider view, ending unmonitored risk without breaking the bank.