Effective governance and controls can give suppliers a competitive edge


MorokePhajane.pngThird-party risk management is currently an important topic for most corporate entities. In order to minimise their risk exposure, corporate entities are carefully scrutinising their third-party suppliers. Moroke Phajane, an admitted attorney and expert in third-party risk management, unpacks how third-party risk management can create a competitive edge, in this month's SmartProcurement.

As a result of the current economic climate, corporate entities are also exploring innovative ways of saving costs, without compromising the quality of services required from third party suppliers. This simply means that service providers and suppliers with effective governance, controls, suitably qualified personnel, and a flexible fee structure, will be most attractive to corporate entities.

This definitely creates an opportunity for suppliers using an operating model that makes it possible for them to negotiate alternative fee arrangements with their clients. This fee model - coupled with effective governance, controls and suitably qualified personnel - enhances the supplier's stature, brand and reputation.

Most corporate entities have a 'Procurement of Goods and Services Policy', which requires that a formal, transparent process is followed when selecting suppliers. The supplier selection involves a process in which suppliers are invited to bid to provide the required services.

In most cases, an independent cross-functional sourcing team is selected to assess the bids submitted by the various suppliers. The team uses specific criteria to select the most suitable supplier. The following criteria are generally used to assess-, and select suppliers:

• Preferential procurement (the supplier's Black Economic Empowerment (BEE) status)
• Operational and technical capability
• Assessment of suppliers' liquidity and solvency
• Commercial assessment (charge out rates, pricing structures and cost benefit analysis)
• Risk and compliance management controls (information security, business continuity and compliance with laws)

Preferential procurement
Most corporate entities are rigorously examining how supplier engagements impact their BEE scorecard. One of the key elements that is measured on the BEE scorecard for preferential procurement, is ownership.

Operational and technical capability
Suppliers have to provide evidence of their technical and operational capability. This can be achieved by demonstrating expertise in a specific area of specialisation, as well as the qualifications-, experience- and capacity of the resources employed to provide the services. This may include personnel and technology used to provide the resources.

The supplier's track record - or success rate - is also an important factor in determining the supplier's competency and capability. The supplier is also required to demonstrate its case management capabilities - which include providing clients with the necessary reports, updates and alerts for deliverables.

Assessing supplier's liquidity and solvency
The assessment of supplier's liquidity and solvency includes the evaluation of the supplier's audited financial statements to verify that the supplier is financially stable, and that its financial position will not hamper its ability to continue providing its services.

Information security
It is advisable that a supplier should - at a minimum - demonstrate that it has the following policies, processes and controls in place for the safe, and fair management of information processed on behalf of a corporate entity:

• Information protection and privacy policy: Internal mandatory statements that define the minimum requirements for fair and secure information handling practices
• Information security policy: Internal mandatory statements that define the minimum requirements for information security - including, strong password standards, data classification, data retention storage, data destruction and data loss prevention security standards (such as patch management, application firewalls, anti-virus tools and anti-malware tools)
• Access management policy: Sets out the procedures and requirements for applying for-, granting-, managing- and revoking user access to systems, data and physical premises. This includes controls to ensure that only authorised individuals enter the company premises - including a visitor sign in process, secure remote access procedures and encryption technology
• Acceptable use policy: Contains explicit rules for individuals (employees and contractors) about the appropriate use of the firm's information assets - including networks, devices and good practice to secure such assets
• Risk management framework and policy: The defined risk management framework as it pertains to people, data, financial risk and the mitigation thereof
• Compliance policy: The defined compliance management approach - or framework - to deal with regulatory compliance as it pertains to the organisation. This includes operational-, security- and human resources compliance requirements
• Business continuity framework or plan: A process which manages and tests the organisation's business continuity, and disaster recovery capability. This includes the availability of business continuity plans, disaster recovery plans and robust backup procedures
• Security management alignment to ISO2700X, Cobit and King III
• Incident management processes
• Compliance with relevant laws: It is important for the firm to understand the corporate entity's legislative universe, which comprises legislation applicable to the entity, and the industry in which the entity operates. This will enable the supplier to include measures and controls in their operations that will ensure that - while providing the services to a corporate entity - the supplier does not cause the corporate entity to contravene applicable legislation or regulations.

Business continuity
The supplier needs to demonstrate that it has measures and controls in place, which enables it to provide services to the corporate entity, without any disruption caused by factors such as key man dependencies, technology downtime and lack of back up procedures.

The current economic climate has contributed to businesses and individuals minimising, or at least prioritising, their procurement initiatives, as corporate entities are embarking on various initiatives to save costs. Managed- and outsourced services will definitely be on the list of services earmarked for minimal procurement, as companies are beginning to scrutinise the necessity of outsourcing services to external suppliers.

Innovative firms, which address business needs at a reasonable and lower cost - compared to existing suppliers - stand to benefit from this. This practice will certainly provide suppliers offering sound business solutions, adequate risk- and compliance controls, in addition to an established track record, the competitive edge.

Leave a comment



Career opportunites

Tutor and Coordinator

  • Gauteng Operations, Planning & Inventory Permanent Procurement Management Supplier / Business Development
Purpose of the job: To plan, coach, advise

Commodity Manager

  • <500 000 Commodities Gauteng Procurement Management
Are you a Commodity Manager looking for the

Supply Chain Professional

  • <500 000 Gauteng Procurement Management Supply Chain
I specialize in placing professionals in the Supply

Supply Planning

  • <500 000 Gauteng Operations, Planning & Inventory Supply Chain
Seeking dynamic candidates to take to the market

Industrial Engineer

  • <500 000 Gauteng Industrial Engineer Procurement Consultant
Are you an Industrial Engineer looking to make

Logistics Manager

  • >500 000 Gauteng Logistics & Warehousing Supply Chain
Seeking vibrant industry specific individuals seeking new opportunities

Operations Manager

  • <500 000 Gauteng Operations, Planning & Inventory Procurement Management
Looking for an Operations Manager to take into

Supply Chain Systems Administrator

  • >500 000 Gauteng Procurement Management Strategic Sourcing Supply Chain
One of South Africa's leading, mining companies is

Logistics Manager

  • <500 000 Gauteng Logistics & Warehousing Procurement Management
Are you an experienced Logistics Manager looking for

Continuous Improvement Manager

  • >500 000 Gauteng Procurement Management Supply Chain
I specialize in placing professionals in the Supply

Warehouse Assistant

  • <500 000 Gauteng Logistics & Warehousing Operations, Planning & Inventory
I am currently looking for ambitious Demand Planner,

Internal Procurement Officer

  • <500 000 Gauteng Permanent Procurement Officer / Specialist Strategic Sourcing
Position Available: Internal Procurement Officer Status : New ...More

Supply Chain Officer

  • <500 000 Gauteng Procurement Officer / Specialist Supply Chain
Seeking dynamic candidates to take to the market

Supply Chain Planner

  • <500 000 Free State Operations, Planning & Inventory Supply Chain
Seeking dynamic candidates to take to the market

Senior Buyer

  • >500 000 Buyer Gauteng Procurement Management
Tech-Pro specialises in placing professionals in the Supply

Industrial Engineer

  • <500 000 Gauteng Industrial Engineer
Tech-Pro specialises in placing professionals in the Supply

Warehouse Manager

  • >500 000 Gauteng Logistics & Warehousing Operations, Planning & Inventory Supply Chain
Seeking hands on individuals that come from an

Manufacturing Purchasing Specialist

  • >500 000 Procurement Officer / Specialist Supply Chain Western Cape
A leading auto manufacture company based in Cape

Procurement Sourcing Specialist

  • <500 000 Gauteng Procurement Consultant Strategic Sourcing
A Leader in the Supply Chain industry is

Planning Manager

  • >500 000 Gauteng Operations, Planning & Inventory Procurement Management
Looking for Planning Managers to take into the