From Siloed Supplier Data to a Single Source of Information for Risk, Compliance and Visibility
Table of Contents
Supplier risk management is only as strong as the data and processes behind it. For large organisations, building that foundation consistently across business units, geographies and risk categories is one of procurement’s most complex challenges.
In this webinar, Andrew Comfort, Senior Director of Professional Services at HICX speaks with Nils Holm Andersson, Director of Digital Procurement & Development, and Ingrid Solli-Sæther, Senior Analyst from Orkla. They share how this large Nordic consumer goods group replaced a fragmented patchwork of siloed supplier risk data with a single, unified approach, and what others can learn from it.
Supplier data everywhere, trusted nowhere
For procurement and finance leaders, the frustration is a familiar one. “We have supplier data everywhere. We just can’t trust it.” It is something the team at HICX hears on a weekly, if not daily, basis.
The issue is rarely a lack of data. Most organisations are not starting from zero. They have multiple ERPs, procurement platforms, risk tools, compliance workflows, often several of each. The problem is that supplier data lives in too many places, managed by different teams, entered inconsistently, and shaped by different assumptions about what “correct” even means.
From fragmented processes to a unified supplier portal
As Orkla began decentralising, the team took a hard look at how supplier risk was being managed across the group. What they found was a collection of siloed processes: one for vendor master data, a separate one for compliance risk, another for financial risk, a security process that was not fully embedded, and sustainability risk that needed significant development.
The trigger for change was twofold. Legacy systems needed replacing, and increasing legislative pressure on supply chain due diligence, sustainability, and compliance made it clear that the existing approach would not scale. Rather than investing in multiple separate tools, Orkla chose a unified approach: one solution to orchestrate and manage the risk process end to end.
In 2022, Orkla launched what it calls the Orkla Supplier Portal, built on the HICX platform. It brought together processes for all core supplier risks in a single solution, with external data sources integrated and visualisation tools connected to provide a coherent picture of supplier performance and risk. This reflects the kind of supplier process orchestration that allows organisations to consolidate previously fragmented workflows into a single, governed system.
“It’s easier for users to ensure compliance when they don’t have to think: is this a high compliance risk supplier, so I need to go into one system‚ or is it a high sustainability risk, so I need a different one?” Nils says. “We created a more streamlined and intuitive approach by having one solution.”
How Orkla organises risk approval across a decentralised business
One of the more nuanced aspects of Orkla’s journey is how it has structured supplier risk management as the organisation has evolved. Ingrid and Nils walk through three distinct models currently in use across the group, and a fourth under consideration.
Centralised: A single central approver acts on behalf of the entire business. This delivers the strongest consistency and control, but can create bottlenecks and sits furthest from the supplier context. Historically, this was Orkla’s default model.
Delegated: One approver within a portfolio company approves on behalf of others. This preserves a degree of consistency while bringing the decision closer to the business.
Local: The lead buying business unit has its own approver, responsible for all suppliers within their remit. This offers maximum speed and local ownership, but requires real competence in each business unit and can introduce variation across the group.
Central assessor, local approver (under consideration): A hybrid model in which a central assessor ensures methodological consistency, while the actual approval decision rests with the business unit that owns the supplier relationship.
The key message, as Nils puts it: “There is no single right way to organise risk approval. The model has to fit the organisation and the maturity of the business.”
When asked whether there had been pushback from local teams as Orkla moved towards more consistent frameworks, Nils was candid. Change always brings some resistance. In Orkla’s case, the bigger shift was the decentralisation of technology and decision-making itself – local teams had a genuine desire for greater autonomy, and the change programme had to account for that. “The right model is the one that the organisation can actually follow,” he says.
What good looks like at scale
Nils and Ingrid share three areas of achievement that represent the most significant shifts for Orkla.
One common supplier entry point. Every supplier now comes through the same process, following the same steps. This is the foundation of effective supplier onboarding and at Orkla, it has removed significant friction, local interpretation and uncertainty. Equally important, the platform has not been a static deployment: it has been built on, extended and integrated as Orkla’s needs have evolved.
Risk-based automation at scale. Orkla is now managing approximately 45,000 legal entities through the supplier portal. Handling that volume manually would be completely unrealistic. Instead, most suppliers flow through automated processes, and human attention is directed only where the risk genuinely justifies it. “The shift from treating everything the same to focusing where it matters has been fundamental,” Nils notes. The result: better compliance, higher efficiency and improved data quality.
A reliable data foundation. For the first time, Orkla has a consistent approach to applying policies, reduced manual workload through supplier self-service, and a supplier information management foundation that supports meaningful analytics.
Three key transformation lessons learned
One: standardisation and simplification are key to adoption. The more flexible and complex a system becomes, the faster users find ways around it. Keeping processes as simple as possible is not a compromise, it is a prerequisite for the system to be used at all.
Two: change is the only constant. Regulations, business needs and expectations keep moving. A supplier risk management setup has to be designed to evolve, not just to go live. Building in the capacity for continuous iteration from the start is essential.
Three: clear ownership and disciplined follow-up with KPIs. This is, in Ingrid’s view, the most important lesson of all. Tools enable progress, but ownership and measurement are what actually create outcomes.
In practice, Orkla sends a quarterly status report to each portfolio company’s management team, covering compliance, procurement, sustainability and quality. The report tracks how compliant each business unit is with the process and the system, compares onboarded suppliers against ERP records, and measures whether high-risk suppliers have received the appropriate due diligence. This approach to ongoing governance reflects the kind of strategic supplier management that moves beyond initial implementation to create lasting, measurable outcomes.
Quarterly review meetings follow, bringing together procurement, compliance and quality to go through the KPIs together. “We didn’t have this in the beginning,” Nils reflects. “But having that joint picture of where each company stands on managing risk has created new dynamics – it has brought procurement and compliance closer together in ways we didn’t necessarily anticipate.”
What is the one thing to get right before anything else?
Nils and Ingrid are in agreement: clean data. When Orkla began, the organisation had 80 ERP systems, each with its own vendor master. Consolidating that into a coherent supplier data foundation was an uphill battle. “If you should spend real time on one thing beforehand, it is getting the data right, or at least having a clear plan for how you will get it right during the process,” Nils says.
Change management runs a close second. Underestimating what it takes to bring everyone on board, to ensure they understand what the process is and why it matters, is a common mistake that should be planned for from the outset.
What was the biggest barrier to standardising across Orkla’s portfolio?
Decentralisation itself created the primary challenge. As portfolio companies became more independent, each naturally developed its own perspective on risk and on what standardisation should look like. Compounding this: Orkla operates across approximately 100 business units, ranging from 3,000 employees down to seven or eight, across different geographies, operating models and risk appetites.
Getting consistent traction across that diversity requires sustained effort and clear prioritisation. For organisations facing similar complexity, the HICX whitepaper on supplier risk and regulatory readiness explores these challenges in further depth.
Meet the speakers:
Nils Holm Andersson
Director of Digital Procurement & Development at Orkla Procurement AS
Ingrid Solli-Sæther
Senior Analyst at Orkla
Andrew Comfort
Senior Director of Professional Services at HICX
About Orkla:
Orkla is the leading branded consumer goods company in the Nordic and Baltic regions, with approximately 300 local brands holding strong market positions. The company operates across foods, confectionery, snacks, home and personal care, and food ingredients. With around 23,000 employees and revenues of approximately NOK 70 billion, Orkla manages a complex supply chain spanning 25,000+ direct suppliers across 77 countries. Headquartered in Oslo, Norway. Learn more at www.orkla.com.
