Calculated Risk: Procurement as the New Front Lines of Business Security


One way for businesses to minimize procurement risks is to develop a data-driven mindset to identify potential hotspots in their supply chains.

In late 2022, a former Apple employee admitted that while acting as a buyer for the company’s Global Service Supply Chain, he “took kickbacks, inflated invoices, stole parts, and caused Apple to pay for items and services never received.” Over a ten-year period, it was estimated that the company was bilked out of more than $17 million.

Conspiracy, theft, fraud – normally the stuff of mobsters, today’s procurement industry is ripe with the potential for corruption. Hundreds of millions of dollars flow through the world’s biggest companies as they acquire goods and services for their organizations. Negotiating prices and dealing with multiple vendors isn’t always the most alluring or highest-profile job, which can make it that much easier for bad actors to fly under the radar. In a study from the Association of Certified Fraud Examiners (ACFE), it was estimated that businesses lose around 5% of spend per year to procurement fraud, amounting to trillions of dollars.

In an industry already beleaguered by pandemic pressures and ongoing inflation concerns, today’s Chief Procurement Officers (CPOs) are also becoming increasingly aware and proactive about the tremendous risks presented by the global supply chain, especially as the war in Ukraine continues to disrupt trade routes. And when you mix in worker strikes, staffing challenges, and the impending holiday season, it’s no wonder why 62% of CEOs said that creating resiliency in the supply chain is their top priority.

See also: 10 Risk Mitigation Strategies You Need to Know

Sunlight is the Best Disinfectant

With a seemingly endless punch list of problems and an unpredictable macroeconomic environment, it’s virtually impossible to totally secure a company’s procurement operations – but you can make it safer. As McKinsey notes, “Procurement can play a critical role in solving today’s most pressing business problems, but it cannot do so on its own. Winning now requires an entirely new level of resilience improvement and value creation built through a coordinated enterprise-wide effort. CEOs should consider positioning their procurement leaders at the center of the company’s response to the current context, tasked with a clear mandate to protect margins.”

Tasking procurement leaders with a broader operational strategy is a relatively new development, and companies should expect growing pains as managers take on more oversight. Here are three things to remember as CPOs have their moment.

See also: How Can Digital Audit and Risk Monitoring Tools Improve Financial Services?

1. Know Your Vendor…and Your Vendor’s Vendor

Companies may have a clear understanding of how direct suppliers are expected to handle things like data security, but the challenge is knowing how these direct suppliers are managing their own suppliers. In other words, the friend of your friend is not necessarily your friend. Or, as Deloitte puts it, third-party risk is quickly becoming a first-priority challenge.

Third-party vendors are frequently relied on by procurement teams, even more so during the past few years when teams have struggled to source critical supplies. But bad things happen when you move too fast, and improperly vetted third parties can have a devastating impact on a company’s finances and reputation, from providing faulty materials to hacking operational software. Given these serious threats, it’s critical that companies conduct a thorough risk audit on all tangential vendor relationships and prioritize strong governance across all levels of the operation, not just procurement. By developing a standardized process and not just playing whack-a-mole with problems as they arise, teams can be more confident in their decision-making.

2. Build Contingencies into Your Network

All the planning and due diligence in the world can’t prevent supply chain bottlenecks or material monopolies. Pre-pandemic research showed that, on average, companies experience a disruption of one to two months in duration every 3.7 years. For this reason, top CPOs understand that it’s not wise to put all of their eggs in one basket, and by diversifying their vendors, they can help distribute some of this inevitable risk.

One way to do this is by developing a data-driven mindset to identify potential “hotspots” in your supply chain. For example, if one of your suppliers is located in a country that experiences seasonal weather disruptions, you might label them riskier during certain times of the year and make necessary adjustments by having a second-tier supplier on stand-by. This concept of creating tiered networks of suppliers is gaining in popularity among procurement teams, and nowadays, it’s always smart to have a backup for your backup.

3. Understand Your Weaknesses and Foster a Culture of Vigilance

Data is the ultimate source of truth about your organization, and knowledge is power. To truly understand strength, you first must identify weaknesses, and that starts by getting a complete picture of all executive functions and how they interact with each other – from risk and finance to legal and procurement. Take a hard look at your team and use data about vendors and suppliers to stress test where the gaps are. That’s usually where bad actors creep in.

Once you have a better idea about your internal operations, it’s time to monitor for contractual risk from vendors. Who is holding your partners accountable for their obligations? While some companies have created special vendor risk management (VRM) teams, the fact is that security must be a shared responsibility. Companies that embrace open communication, actively monitor performance, and foster a culture of vigilance will benefit from fewer surprises and greater peace of mind.

The CPO of the Future

Despite all the challenges facing the modern CPO, now is their opportunity to take a more active role as a leader of the company, not just a portion of it. It’s a mindset shift that will take time, but many of these changes are foundational and will ultimately create safer, more resilient supply chains.

Anders Lillevik

About Anders Lillevik

Anders Lillevik is CEO and founder of Focal Point. He brings 20+ years of experience in building and turning around large, complex procurement organizations to be best in class. Anders has an extensive background in rolling out new procurement infrastructure and optimizing legacy technology investments. With this experience, Anders founded Focal Point to help organizations maximize the value of their procurement spend.

Leave a Reply

Your email address will not be published. Required fields are marked *