Vendor Base Rationalisation: The Missing Link

selecting-a-talent-management-system-qa.png

One of the primary components of any procurement function’s strategy is, or should be, to ensure that the company has an optimised vendor base. This is aimed at achieving a more cost effective and high-quality supply chain.

Most companies therefore go through a vendor rationalisation process at some stage and continuously review vendor categories to ensure that the selected set of vendors still fit the business best for the respective services or products they deliver.

But are they missing something…?

Optimising the vendor base is normally done by assessing various elements such as pricing, service delivery, contractual terms, internal stakeholder sentiment etc., which are, of course, all very important elements to consider. In our experience however, we find that the important elements most often overlooked are the non-contextual ones. In other words, what does a vendor’s business look like outside of how they are meeting Service Level Agreements (SLAs) and engaging with your business? 

Most risks to SLA compliance are often driven by other company related factors such as the vendor’s business strategy, reputation, operational structure, cashflow management etc. It is therefore critical to understand these vendor companies in isolation from your business. Even though this might seem obvious, most companies rationalise their vendor base without considering much of the aforementioned factors - especially for non-strategic vendors.

So, what is it that we need to consider on this front and is it possible to do so across the entire vendor base?

In our opinion it starts with finding a methodology that allows for applying vendor-company risk factors across the entire vendor base in a cost-effective manner. Ultimately, organisations cannot justify spending thousands of Rands understanding vendor company risks with vendors that they don’t spend tens of thousands of Rands with.

Since not all vendors are of equal importance to the business, basic segmentation or categorisation principles such as vendor spend and vendor importance, in terms of the organisation’s supply chain, can be used. Based on the outcome of the categorisation process, the extent of the risk information required for rationalisation purposes can be determined. For example, a full vendor assessment including an analysis of the following risk areas can be conducted on the organisation’s highest spend and most important vendors:

·        Governance and Leadership

·        Company Strategy and Structure

·        Financial Performance

·        Operations

·        Compliance, Sustainability and Reputation

·        Demand Market

·        Supplier Market and

·        Competitive Landscape

Such a risk analysis will be costlier and more time consuming but, compared to the large amount that the business spends (or intends to spend) with these vendors as well as their importance to the organisation’s supply chain, it is well justified.

For the organisation’s less important and/or smaller vendors, lower costing rudimentary risk assessments can be conducted by looking at, for example, basic compliance, integrity and sustainability related factors. This is probably most effectively done using a specialised service provider who has the ability to overlay the relevant risk data or risk scores with more traditional rationalisation criteria. This not only improves the outcome of the rationalisation process but also ensures that the vendor companies selected are the best, based on how they provide a service to your business as well as the potential sustainability and reputational risks they bring into the organisation’s supply chain.

In the end it comes down to ensuring the procurement function adds value to the organisation by maintaining a cost-effective vendor base of high integrity. This cannot be done without considering non-contextual risk factors which ultimately impact the quality of service delivery and the integrity of your organisation’s supply chain.

Vendor Data and Risk Management: The next big question in the digitisation of procurement processes

rotten-apple blog pic.jpg

In order to optimise their vendor ecosystems, companies consider various types of vendor-related information to determine which vendors are best suited for their supply chains. Companies typically limit this to information linked directly to quality, performance and price KPIs.

However, an often neglected and very important element in the optimisation “equation” is vendor-company risk. Incorporating data on a vendor company’s state of compliance, and their sustainability and integrity as an external entity provides critical insight into fundamentals of the company. These can affect a vendor’s capability to provide a service optimally, or the likelihood of it damaging the business’s brand through corruption or incompetence.  

In order to include this element in the assessment of a vendor’s suitability the necessary vendor-company data needs to be collected, verified and analysed at various stages in the vendor’s engagement lifecycle. This requires two important components:

1.      The ability to receive and maintain the relevant vendor data at various stages of the engagement lifecycle in the most proactive way possible.

2.      A source of vendor data, vendor-data verification, and importantly, vendor data analysis.

This immediately raises the question of in- versus out-sourcing.

Many businesses, primarily for cost-saving reasons, choose to start by sourcing basic vendor data via in-house processes. In South Africa this would typically include giving someone the responsibility to head up efforts to source CIPC and B-BBEE data, both as part of the vendor application (i.e. on-boarding) process as well as on a continuous basis after the vendor has been on-boarded. And most companies are quite successful at doing so – even though they are building non-core processes into the procurement function. If a business keeps to these two (or only a few) data elements alone, it is probably the most feasible way to go about managing this aspect of vendor selection or rationalisation.

On the other hand, the outsourcing option becomes more feasible when companies choose to expand their view of vendor data and thereby vendor risk - which on the African continent is most definitely not a bad idea…and from a corporate governance perspective, a must.

If a company chooses to expand the data they source, verify and maintain on their vendors, companies typically look at information that speaks to probity and sustainability risks. Information that provides insight into political exposure, adverse media, financial issues and customer references comes to mind. Considering that companies would want this information at the vendor on-boarding (or earlier) step and monitor it for the entire vendor-engagement lifecycle, the function of managing this process becomes more complex.

The function now requires expertise around database management, document management, data interpretation and analysis, potentially a specialist call centre as well as access to various databases or tools – since this information hardly ever sits with one source.

Maintaining such an infrastructure successfully while providing assurance around data quality requires years of experience in terms of sourcing and managing commercial data as well as a specialised technological and data infrastructure. There is also the question around streamlining this service to business, which is an interface to the relevant processes that require vendor information.

Especially companies with forward thinking governance and compliance approaches, high exposure to African markets, and sizeable vendor eco-systems are coming to the conclusion that vendor-data management should be left to companies that specialise in commercial data sourcing and management.

What then remains is of course how this data is to be interpreted within the context of the vendor risk management approach of the specific company. Some companies already have a very good idea of how to digest the data, what data points indicate which risks, and where their thresholds lie. But many procurement officers and even risk related personnel are new to the concept of vendor risks in Africa. The good news here is that there is a suite of specialised service providers emerging in this field that can assist with setting up frameworks, analytics and workflows for those that want to shorten their learning curve.

So in short, the view on vendors and vendor risk is being expanded to look beyond pure SLA delivery and pricing. Especially in Africa the task of sourcing, maintaining and interpreting the necessary data for these assessments at scale is not trivial. Fortunately there are service providers emerging that can help companies excel in Africa whilst allowing them to focus on excellence in their core business.

 

 

B-BBEE fraud, the unintended result of accelerated economic transformation

BEE-Affirmative-Action-black-businessman-3.png

Intro

The B-BBEE regulations as they stand since 24 October 2014 have raised the bar from previous versions in terms of transformation and are forcing companies to seriously re-consider their B-BBEE-strategies. This message is not new, but as companies settle for new strategies, it becomes clearer where companies are exploiting grey areas or even where new patterns of fraud emerge.

Areas of concern

Two areas that contribute significantly to a company’s B-BBEE rating are Ownership (25 points) and Enterprise and Supplier Development (30-40 points).

Since Enterprise and Supplier Development (ESD) is not an applicable area for smaller companies (EME) and is not as significant for medium-sized companies (QSE) these entities are mostly focusing on ownership structures – and this is where things are getting interesting…

The “courtesy” that has been extended to EME’s and QSE’s allows them to capture and present their B-BBEE statuses using only an affidavit. This has essentially made B-BBEE compliance an honesty system. The fact that PwC’s Economic Crime Survey for 2018 has once again awarded South Africa the questionable honor of the “champion” of economic crime points to the risks inherent in this approach. Until recently at least questions of integrity extended all the way to the very top of the country’s leadership…at the same time companies are desperate for business in an economy that is still struggling to live up to growth expectations and the pressures of socio-demographic dynamics.

In this light, a system based to a certain degree on self-policing and self-reporting bears significant risk – especially considering the penalties for any breaches even for customers of fraudulent entities. So any counterparties to EME’s and QSE suppliers should be cautious of telltale signs of fraud.

 4 relevant “schemes”

The following list of fraud patterns is by no means exhaustive, but they definitely feature heavily in investigations conducted by data collection and verification service providers like Inoxico:

1.      Misrepresenting Information

Let’s start with the most basic (and desperate) form of BEE fraud: falsification of data or certificates. Here, two main modus operandi stand out:

A.      Manipulating details on a certificate that was issued under the previous codes in order to extend its validity period. Picking this up typically requires detailed knowledge of the layout and various elements of the certificates, good relationships with the verification agencies and access to historical data and certificates.

B.      Misrepresentation as a QSE or EME, when based on the company’s revenue it qualifies instead as a Generic. Getting to a high B-BBEE rating is in most cases much easier for EMEs and QSEs. In terms of spotting misrepresentation, it is sometimes as easy as triangulating different types of information on vendor companies, e.g. comparing customer contracts with B-BBEE information.

2.      Promoting Straw Men

Promoting employees to directors without the proper rights and remuneration is nothing new, but definitely still relevant. Companies take advantage of certain employees’ ignorance in terms of what it means to be a director of a business. They “promote” black employees to director/shareholder level without them taking on the duties of a director/shareholder or aligning their remuneration schemes with these titles. This improves their management/ownership credentials in terms of BEE, but the relevant employees are “chewed up and spat out” in the sense that this title is taken away as soon as the business has made an alternative plan – and this is certainly not in the spirit of the act.

Examples date back to 2015:  Zevoli Industrial Supplies Fronting Case

3.      Impermissible Flow through

The current B-BBEE codes allow for something referred to as the modified flow-through principle, which entails the use of a Special Purpose Vehicle (SPV) as part of the company’s ownership structure. It provides for an easier means to improve a company’s black-ownership credentials by using a >51% black-owned SPV as a 100% black-owned shareholder.

In addition to the above and as already mentioned, in an effort to lower the cost of compliance for small businesses, the Act allows EMEs and QSEs to formalise their B-BBEE rating by simply completing an affidavit under oath.

Combining these two principles, however, is deemed to be against the spirit of the act and a misrepresentation of B-BBEE credentials, as per the B-BBEE Commission’s Practice Guide 01 of 2017. QSE’s and EME’s cannot claim to be >51% black-owned if the relevant shareholder is an SPV, using the modified flow-through model. This is essentially seen as taking advantage of the “courtesy” extended to small owner-run businesses for the purposes of improving the ratings of larger, more complex, ownership structures.

Similar to the previous “scheme” it is important that purchasers obtain a decent understanding of their vendors and cross reference other vendor information with their B-BBEE information in order to spot contraventions of the above. Although not against the law as things stand, ultimately it will probably be written into the next revision of the Act.

4.      “Fake” employee-ownership schemes

Employee-ownership schemes are well known and used for many reasons – one being the improvement of B-BEE ratings. Basically, black employees are given shares in the business to improve the company’s black-ownership percentage.

One version of the above is based on extending equity to black employees through company loans. Conceptually these loans are then paid back by the employees using their shareholder proceeds, e.g. dividends. However, this “system” can easily be manipulated to ensure the relevant employees never really become shareholders.

For example, should the board of directors own the property the company rents, they could easily increase rent to reduce profits and thereby dividend payouts. Which means the short-term shareholder proceeds for these employees would virtually be zero and therefore their ability to pay back the related loans none. One can probably come up with many examples of how profits can be manipulated to the disadvantage of employee-ownership schemes if the business is not well governed – which is often the case for smaller businesses.

What are the implications of being involved or unaware?

As for many other cases of vendor related fraud there are serious implications for perpetrators and stakeholders involved (e.g. procurement officers).

1.       The B-BBEE act (section 13O (2)) states that a verification professional, procurement officer or any official of an organ of state or public entity who becomes aware of the commission of, or attempt to commit, any offence referred to under section 13O (1) and fails to report it, is guilty of an offence. Plus, if an entity is found to have violated the Act, an entity could be fined up to 10% of its annual turnover, and individuals involved could be imprisoned for up to 10 years, and or fined. Specifically, an offence under section 13O (2) could lead to imprisonment of up to 12 months, or a fine, or both.

 

2.       It is important to remember that the SA Companies Act (via the OECD regulations), the UK Bribery Act and the FCPA all require companies to put adequate measures in place to prevent fraud and corruption, and some speak specifically to 3rd party related fraud. Should directors and those accountable not do so, they can be held personally liable.

How to address the problem

On-Boarding and Monitoring

As part of a well-constructed Supply Chain Governance function, vendor B-BBEE statuses should be assessed and validated during the vendor on-boarding process and at regular intervals thereafter (typically when statuses are renewed). This should be done in conjunction with assessing other vendor-company data in order to gain a proper understanding of risk.  

Deep Dives

Any suspicion of B-BBEE fraud should be substantiated by specific B-BBEE fraud related assessments. These range from basic risk assessments using on-file (or vendor-provided) data to in-depth assessments which include ultimate beneficial ownership analysis through site visits.

Risk Mitigation

These processes should also cater for the mitigation of these risks through appropriate interactions with vendors and B-BBEE authorities (e.g. the B-BBEE commissioner) once a risk has been identified.

By having a reasonable and credible process in place that includes the above-mentioned elements, companies operating in SA can operate in full compliance and in the spirit of the act – and effectively contribute to an uplifting social dynamic in the economy.

PROCUREMENT FRAUD AND ITS EFFECTS ON SUPPLY CHAIN GOVERNANCE IN AFRICA

PROCUREMENT FRAUD AND ITS EFFECTS ON SUPPLY CHAIN GOVERNANCE IN AFRICA

Even before the current economic slowdown, corporate investigations and risk consulting firm Kroll, reported in late 2015 that 22% of companies operating in Africa were falling prey to vendor, supplier or procurement fraud. And in 2014, when the African economic growth story was still strong, professional services firm PWC found that procurement fraud was the single biggest type of crime among the 69% of companies affected by economic crimes in South Africa.

Now, with the decline in growth rates we are likely to see contraction across many sectors with the result that investments will be curtailed, budgets slashed and projects put on hold. The result being that companies and individuals will feel increased pressure to stay profitable. It is in exactly this kind of context that procurement fraud can thrive.

GAINING A COMPETITIVE EDGE THROUGH SUPPLY CHAIN GOVERNANCE

GAINING A COMPETITIVE EDGE THROUGH SUPPLY CHAIN GOVERNANCE

With the increasing complexities of the global business environment, procurement managers face enormous challenges in streamlining their supply chains. This is particularly true for companies with a footprint in developing world regions, where networks and relationships are less formalised and transparent. While traditional supply chain management is an effective model in a well regulated environment it has its shortcomings in emerging markets where the risk of fraud and abuse is far higher.