The Value of Supplier Information Management for Compliance
Supplier Compliance Processes: What are the challenges
Although there are various aspects and factors to consider, the value of Supplier Information Management (SIM) for supplier compliance management has shared values across several different functions, as it is usually not specific to a role.
Compliance requirements are pervasive across the board, and often dictated at very specific points during a supplier workflow process, such as onboarding, performance, and risk management. To implement an effective supplier compliance management process, businesses must create a consistent process for ensuring requirements remain monitored, executed and followed across all the business units.
This piece will focus on and discuss the following areas:
- The requirements for a successful supplier compliance management process
- Why the traditional approach is outdated
- Case study: XYZ Company, its external and internal supplier compliance approach
- How Supplier Information Management adds value in terms of saving time as well as costs and risk avoidance, and the role of Supplier Experience Management (SXM)
Supplier Compliance Requirements: What is needed for a successful compliance management process
Sharing the responsibility of compliance requires visibility across functions from internal stakeholders such as sourcing, procurement and supply chain, through to suppliers, auditors, and external stakeholders. As a result, businesses must be able to quickly adapt their supplier compliance approaches.
Navigating the supplier compliance landscape can be a time-consuming and arduous task, however, it is necessary in order to have complete oversight and report accurately. To be successful, it must be able to:
- Involve internal, external, and third parties within compliance initiatives
- Ensure all proper processes and approvals are followed
- Receive regular updates on program compliance
- Report on all supplier compliance aspects in a timely manner, such as gathered information, scoring metrics, program success, and/or audit control
- Support compliance programs during and after changes within corporate activities, such as mergers and acquisitions or divestitures
The traditional supplier compliance approach is outdated
Despite its disadvantages, most organizations today continue to use traditional, yet inadequate approaches for supplier information management (SIM). For example, business processes traditionally managed by several software systems include:
- Regulatory reporting
- Order entry
- Stores and point-of-sale (POS)
One of the fundamental challenges organizations face is the fact that ERP and similar systems are not designed to offer the level of flexibility required, which can cost companies millions per year in lost opportunities, according to IDC Group.
As Costas Xyloyiannis, CEO, HCX, explains, this creates not only an internal data issue, but it also means that data quality is further detrimentally impacted as there are, “lots of systems owned by many different functions which don’t talk to each other, and you have suppliers having to interact with all of these things.” This creates a poor experience for suppliers, which means less supplier engagement and, as a result, less accurate data, as the supplier is not as inclined to update information as often as otherwise would be the case. This is how supplier information management (the centralized storage and maintenance of data) and supplier experience (in this case the way in which information is collected from suppliers) are interlinked – and both are especially important for managing supplier compliance.
Due to the ever-changing needs in information and data for both internal and external supplier compliance efforts, organizations that are unable to streamline their data storage, data collection and associated workflows and processes through supplier information and experience management (SIM/SXM) cannot manage their supplier compliance efforts efficiently. As a result, companies are left with:
- Duplicate data
- Data corruption
- The need for increased training
- Complicated relationships with suppliers
- The need for greater IT support
- Software incompatibilities
Furthermore, ineffective and incorrect collection of supplier information yields both hard and soft dollar costs, such as:
- Extra time required to roll out new supplier compliance procedures and programs
- Extra time required to implement processes and surveys with new requirements
- Inability to monitor and report on the effectiveness of compliance programs
- Final costs incurred from penalties and/or fines due to noncompliance
The questions which then arise are: What is it truly costing businesses to manage supplier compliance initiatives? And how much value is there in adopting a supplier information management system to improve those initiatives? XYZ Company is used below as an example of how answers to these questions could be approached.
As a continuous effort for improving supplier information management, members of the XYZ Company have looked at inefficiencies regarding their current compliance efforts and realized certain misaligned areas both in terms of internal and external compliance.
- As part of onboarding procedures, XYZ asks for standard information for Non-Disclosure Agreements (NDAs), as on average is the Company onboards approximately 1,000 new suppliers per year. With 5 FTE (full-time equivalent) resources from various departments involved in monitoring that NDAs are in place, and at an average cost of $75,000 per fully burdened employee, it costs XYZ $37,500 annually in time spent on NDA collection.
- In the case of a potential or existing supplier not having an NDA in place, the Company has increased concerns over loss and/or theft of confidential information. Based on past experience and research, the cost of non-compliance and loss of proprietary information is estimated at $350,000 per incident, averaging four incidents in a year. XYZ estimates that with their current efforts, the probability of an incident is 9%.
- Corporate Social Responsibility (CSR) initiatives have become an important part of the Company’s supplier management process, due to the increase in public scrutiny of the labor and sustainability concerns of their suppliers, especially in developing countries. With 5 FTE resources from various departments working on CSR documentation and collection efforts, at an average cost of $75,000 per fully burdened employee, it costs XYZ $37,500 annually in time spent on CSR data collection.
- XYZ has struggled with keeping their suppliers fully aware of their CSR requirements and the role they plan in upholding those standards. Based on past CSR incidents which cost the Company XYZ $5M, they have estimated that, with current efforts, the probability of an incident is 0.2%.
- As XYZ works with hazardous materials, they are required to be involved in RoHS (Restriction of Hazardous Substances) and REACH (Registration, Evaluation, Authorization and Restriction of Chemicals) compliance. In recent years, more and more suppliers have provided a full disclosure on material declaration data related to their components in their Bill of Materials (BOM). However, the time is takes to collect this information through the supply chain is tiresome without a common supplier platform. XYZ estimates that managing this compliance is costing them $90,000 per year.
- Based on previous experiences and research, the cost of non-compliance for RoHS/REACH is estimated to be $150,000, with an average of 60 incidents. The incident probability estimate is 5%.
- Increased bribery exposure in developing countries where they are expanding has put more pressure on getting better compliance mechanisms in place for tracking activities and preventing prohibited payments to foreign officials in these places. With 1 FTE resource from legal involved in monitoring Foreign Corrupt Practices Act (FCPA) compliance, at an average cost of $125,000 per fully burdened employee, it costs XYZ $37,500 annually in time spent on FCPA management.
- Fines associated with FCPA are estimated at $3.5M. XYZ’s competitors have paid up to that amount as a result of fines from the US Securities and Exchange Commission (SEC) and Department of Justice (DOJ). Due to current efforts, incident probability is 1%.
Savings associated with using a SIM platform
When evaluating a return on investment from the deployment of a Supplier Information Management (SIM) platform, these statistics help in formulating the initial business case for both SIM, and further to that, Supplier Experience Management (SXM). Savings can be segmented into two categories, time savings and cost and risk avoidance.
If XYZ were to use a SIM platform, the Company would have a central repository of supplier information, in one complete supplier profile. By also adopting good supplier experience practices, robust data would be able to flow from various ERP and external systems, while relevant information on all suppliers will now be easily found on a centralized dashboard shared across multiple stakeholders. Assuming that XYZ has adopted a platform, it is now possible to calculate time savings in terms of compliance under this new scenario.
As this directly impacts compliance procedures, workflows for contacting suppliers have been automated providing triggers based on expirations or other “data look ups” that may trigger an initiative in the system to reach out to a supplier. This can be based on a risk score or an event (e.g., financial results, supply chain disruptions, etc.)
- Those in charge of NDA collection have a better overview of the process. Upon nearing expiration, suppliers are prompted to execute a current version. The estimate of 70% in time savings on collecting NDAs saves approximately $26,250 per year.
- For those in charge of CSR initiatives, the SIM/SXM solution provides triggers letting XYZ know when new data on suppliers should be collected from newly on-boarded suppliers, as well as those suppliers considered to be high risk. The time saved is nearly 80%, which translates to $30,000 per year.
- Management of RoHS/REACH has increased visibility into supplier BOMs through automated collection of Full Disclosure Material Declarations. The ability to more easily share this information with other stakeholders is expected to provide 50% time savings, or $46,740 annually.
- More stakeholders are now able to provide assistance to the legal department in managing FCPA. As the information is now shared centrally, increased visibility saves 55% of the time, or $20,625 per year.
Cost & Risk Avoidance
Due to increased visibility, oversight and automation of the overall processes, the efficiency has greatly improved, as well as the probability of incidents as a result reduced. The estimate for ‘risk avoidance’ is difficult to measure, however, XYZ has calculated a reduction of 30%-60%. To put it into perspective, in a worst-case scenario, savings could now be $10,000,000+ in cost avoidance. Based on probability, this number would be adjusted.
- For NDAs, incident probability for loss of confidential information was 10%, or $140,000. With a SIM/SXM solution, this is reduced by 60%, or $84,000 in savings.
- For CSR, incident probability for lack of compliance was 0.2%, or $10,000. With a SIM/SXM solution, this is reduced by 60%, or $6,000 in savings.
- For RoHS/REACH, incident probability for exposure was 5%, or $7,500. With a SIM/SXM solution, this is reduced by 30%, or $2,250 in savings.
- For FCPA, incident probability was 1%, or $35,000. With a SIM/SXM solution, this is reduced by 60%, or $21,000 in savings.
Due to adopting a Supplier Experience Management SXM framework and a Supplier Information Management solution which have greatly reduced risk, XYZ is able to directly translate potential avoided costs into:
- Lower insurance premiums which would have to be paid to ensure such related incidents
- Legal fees for managing these processes
- Payments and fees as a result of litigation or due to non-compliance
Our recent webinars, What value does Supplier Information Management unlock? (End-to-End SIM Strategy) and Putting the Supplier Experience at the Forefront of Strategic Procurement, provide more information and opinion from experts in the field with first-hand experience in the roll-out of SIM and SXM projects.
Article updated September 2021