Building trust in the vendor risk management ecosystem

Organisations’ procurement cycles are prone to fraud. Nearly a third of the respondents of the Deloitte India Corporate Fraud Perception Survey (Edition III, 2018), believe that procurement remains the most vulnerable to fraud risks. These risks, if not managed well, can have a disastrous impact on organisations’ reputation and financials. An increasing number of organisations use suppliers from various geographies with different complexities. This increases the likelihood of fraud and corruption in the procurement cycle and makes detection difficult.

Vendor Risk Management

Business Intelligence: Services Identifying what’s beneath the surface 

How can you build trust in your vendor risk management ecosystem?

Organisations have three opportunities to build trust in the ecosystem mentioned below:

Building trust at a policy development level

Most organisations have policies related to vendors. However, these policies usually do not specify expected ethical behaviours or trust building measures. Except large organisations, many do not extend their ethics and compliance programmes to vendors. Therefore, expecting vendors to comply with these expected policies would be unrealistic.

Trust building at a control monitoring level

The majority of respondents to the Deloitte India Corporate Fraud Perception Survey, Edition III, 2018, indicated that they used a variety of technologies to mitigate fraud by monitoring transactions. These include mature technologies such as control based reports generated by ERP systems, traditional statistical analysis and data mining tools, as well as emerging technologies such as voice search and analysis, link analysis, social network analysis, sentiment analysis, data visualisation, and interactive dashboards. While transaction monitoring is primarily on organisational data, the outcomes of monitoring also tend to be limited to internal stakeholders. This means that vendors often hear from organisations only at the time of non-compliance (or in relation to payments), and not throughout the monitoring journey, in effect fostering a culture of uncertainty.

Trust building at a professional relationship management level

Knowing whether a potential third party is operating in compliance with applicable laws and regulations can be critical to the success of organisations. The process of selecting and then contracting with the vendor raises questions on how to best structure the professional relationship so that compliance standards are maintained within the vendor’s processes in a way that satisfies the organisation’s compliance standards. Ultimately, the vendor is acting as an extension of the client, so how can the client gain trust over the vendor’s operations?