In order to optimise their vendor ecosystems, companies consider various types of vendor-related information to determine which vendors are best suited for their supply chains. Companies typically limit this to information linked directly to quality, performance and price KPIs.
However, an often neglected and very important element in the optimisation “equation” is vendor-company risk. Incorporating data on a vendor company’s state of compliance, and their sustainability and integrity as an external entity provides critical insight into fundamentals of the company. These can affect a vendor’s capability to provide a service optimally, or the likelihood of it damaging the business’s brand through corruption or incompetence.
In order to include this element in the assessment of a vendor’s suitability the necessary vendor-company data needs to be collected, verified and analysed at various stages in the vendor’s engagement lifecycle. This requires two important components:
1. The ability to receive and maintain the relevant vendor data at various stages of the engagement lifecycle in the most proactive way possible.
2. A source of vendor data, vendor-data verification, and importantly, vendor data analysis.
This immediately raises the question of in- versus out-sourcing.
Many businesses, primarily for cost-saving reasons, choose to start by sourcing basic vendor data via in-house processes. In South Africa this would typically include giving someone the responsibility to head up efforts to source CIPC and B-BBEE data, both as part of the vendor application (i.e. on-boarding) process as well as on a continuous basis after the vendor has been on-boarded. And most companies are quite successful at doing so – even though they are building non-core processes into the procurement function. If a business keeps to these two (or only a few) data elements alone, it is probably the most feasible way to go about managing this aspect of vendor selection or rationalisation.
On the other hand, the outsourcing option becomes more feasible when companies choose to expand their view of vendor data and thereby vendor risk - which on the African continent is most definitely not a bad idea…and from a corporate governance perspective, a must.
If a company chooses to expand the data they source, verify and maintain on their vendors, companies typically look at information that speaks to probity and sustainability risks. Information that provides insight into political exposure, adverse media, financial issues and customer references comes to mind. Considering that companies would want this information at the vendor on-boarding (or earlier) step and monitor it for the entire vendor-engagement lifecycle, the function of managing this process becomes more complex.
The function now requires expertise around database management, document management, data interpretation and analysis, potentially a specialist call centre as well as access to various databases or tools – since this information hardly ever sits with one source.
Maintaining such an infrastructure successfully while providing assurance around data quality requires years of experience in terms of sourcing and managing commercial data as well as a specialised technological and data infrastructure. There is also the question around streamlining this service to business, which is an interface to the relevant processes that require vendor information.
Especially companies with forward thinking governance and compliance approaches, high exposure to African markets, and sizeable vendor eco-systems are coming to the conclusion that vendor-data management should be left to companies that specialise in commercial data sourcing and management.
What then remains is of course how this data is to be interpreted within the context of the vendor risk management approach of the specific company. Some companies already have a very good idea of how to digest the data, what data points indicate which risks, and where their thresholds lie. But many procurement officers and even risk related personnel are new to the concept of vendor risks in Africa. The good news here is that there is a suite of specialised service providers emerging in this field that can assist with setting up frameworks, analytics and workflows for those that want to shorten their learning curve.
So in short, the view on vendors and vendor risk is being expanded to look beyond pure SLA delivery and pricing. Especially in Africa the task of sourcing, maintaining and interpreting the necessary data for these assessments at scale is not trivial. Fortunately there are service providers emerging that can help companies excel in Africa whilst allowing them to focus on excellence in their core business.