Category Archives: Market Intelligence

GDPR and Procurement Spend (GDPR Part II)

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at tony.bridger@data-trainingworx.co.uk.

It’s interesting that the more companies you speak to, the less certain you become about whether organizations have truly readied themselves for GDPR.

There are statistics around how companies in general are prepared for GDPR. The focus in most organizations is on the most obvious areas of a business – marketing and customer data. The Regulation is very specific around what is meant by personal data:

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Well, spend doesn’t contain personal data … does it?

Be afraid, very afraid — spend data can be packed with personal data.

The Regulation states that in-scope data is:

Personal data that is processed wholly or partly by automated means. – Personal data that is part of a filing system or intended to be.

The only exclusions are things like immigration checks, police investigation, personal activity and personal data generated by an activity outside of EU Law.

So, should sourcing and procurement be worried? I would say yes.

In most company data sets within the EU there may be:

  • Staff reimbursement data – many companies still pay staff by setting them up as vendors;
  • Purchasing or corporate card data – many companies use an expense manager. Each card will have a name associated with it;
  • Many invoices will have line descriptions with components like consultant names, “James Smith, managing consultant”;
  • Temporary labour – the name of the person, rate and other details may be included in the invoice text.

There may be a lot more personal data across e-procurement and other data sources. Data inventory analysis is designed to identify those elements … assuming that someone has realized that spend data may contain personal information.

However, does it matter? We would say yes. A name in this type of data identifies a person very quickly. We even know who James Smith, our consultant, works for. Vendor name of course.

If you are not moving the data outside of your own environment (within the EU), the risk is reduced – but there are several elements to consider. However, if you have a spend analysis provider outside of the EU then the problems are suddenly more acute. Our guess is that many of the larger analytics providers will have scrutinized the Regulation and accommodated the required changes already.

For many smaller providers that service European clients from outside of the EU, recognition of the legislation complexities may not have even started.

The Regulation goes live in under a month. The question is – do European clients and analytics providers both inside and external to Europe have the right level of compliance – and understanding of the obligations? They aren’t optional either.

Perhaps it’s time you asked your provider if you are an EU company.

In the next article we will look at some of the complexities of spend data that sits in the GDPR domain. Part of the reason the GDPR legislation has been introduced is to fundamentally change how personal data is managed.

This isn’t a “nodding dog” legislative change – of that there is little or no doubt.

Thanks, Tony.

GDPR – who cares?

Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at tony.bridger@data-trainingworx.co.uk.

The countdown has begun!

On the 25th May 2018, the European Union GDPR (General Data Protection Regulation) goes live. However, it is unlikely to be introduced with fireworks or an Olympic sized ceremony.

All 27 European members will have a GDPR supervisory body implementing on that day. As it’s an EU Regulation it has zero capacity for change in member countries. For those hoping that Brexit may dilute the Regulation – think again. This is one Regulation that governments are unlikely to attempt to repeal or amend in the short term.

Elizabeth Denham, Commissioner of the UK based Information Commissioners Office (ICO), said in a speech in 2017: “There’s a lot in the GDPR you’ll recognise from the current law, but make no mistake, this one’s a game changer for everyone”.

Like many legal changes of this size, GDPR has spawned a whole new range of enterprises and commercial activity to help organisations manage the change within the EU. However, will it have much impact on day to business? – and is anyone doing much about the impending change? UK Government:

Figures from the end of 2017 showed that more than 44% of employers were not aware of the GDPR, while a government study in January 2018 revealed that only 25% of businesses which had heard of the regulation had made any changes to their operations. (Source: Business Matters)

The ICO in the United Kingdom is certainly preparing for the implementation of the Regulations. A cursory glance on the job boards reveals a constant stream of recruiting advertisements for staff.

Clearly, they are being resourced for the change – and see work to be done. The UK ICO is clearly committed to ensuring compliance.

However, what is more alarming about the statistics on UK preparation, is that many suppliers outside of the EU are going to be directly impacted by the legislation. It is likely that many suppliers will have little or no cognizance of the impact of this change.

The fines for a breach can be staggering. For companies outside of the EU, their geographical location may mean little in litigation evasion terms. It may also exert direct pressure on supplier contracts if they seek to provide goods or services in to the EU that involve privacy data. Elizabeth Denham’s quote implies everyone.

It may also change the competitive landscape as those suppliers outside of the EU who provision for the GDPR may be perceived as a risk reduced implementation option.
What do we think will happen? May be something, may be nothing. If we could predict with any accuracy – we would become wealthy overnight.

Over a series of simple posts, we will look at some of the core building blocks of the Regulation and perhaps point out where sourcing professionals need to do stop and think about their own operations. We would also suggest that no one wants to become the precedent case for a breach.

Like many elements of business, we aren’t a legal firm – our advice is that if you think you are going to be impacted by GDPR – we strongly recommend that you seek appropriate legal advice.

Thanks, Tony.

If you can scroll through 10 pages of worthless headlines …

… sometimes you can find a gem. A costume jewelry gem, but still …

Procurement and audit … the missing link?

According to the article, while businesses spend a lot of time on the contracts and agreements, they spend little on price verification and contract compliance when all is said and done.

And that can be fixed with auditing, especially when contract compliance and audit work side-by-side.

Unfortunately it didn’t say how, or why, but presumably you’re supposed to contact the author’s chartered accounting firm (who are experts in ) for that information.

Well, fortunately for you, SI can fill in some of the gaps!

First of all, you need to audit key invoices beyond m-way match.

You all know about m-way match, where an invoice doesn’t get paid unless it has an associated PO or contract with valid pricing for valid products or services, that have been verified as delivered by a goods receipt or an accepted timesheet, but that’s just one way to prevent money from being wasted.

The next step is to ensure that the invoice is not duplicate, going to a verified supplier’s bank account or address, and complete. (Every processed invoiced, and payment, has a cost.)

And this is where most invoice processing platforms end. But there are still overspend prevention opportunities.

Were all the products undamaged and likely useable / re-saleable? And we’re they (immediately) rejected or returned? If so, a credit has to be captured and applied against the invoice immediately. It can’t go on a to-be processed list where it will sit there until the contract expires and the chance of collection is low.

Also, how many returns to the supplier since the last invoice? Were they under warranty/within the window and for the same products? If so, the organization should capture the credit right away.

And with modern electronic payment systems, it’s easy to send remittance notices that indicate what payment the invoice is for, what adjustments were made, why, and what contract the adjustments relate to (to justify them).

But this isn’t the full value of an audit.

A good audit can dive in and compare the units shipped against the estimates. The hours worked against the estimates. The expenses billed against averages. And so on. It can detect anomalies early, and detect new trends that may need to be investigated before they take over. Auditors find things other people miss. Sometimes they can find things even overworked Procurement people miss — and that’s why audit processes can help.

Any Procurement Function That Thinks Drones Have a Central Role …

Clearly doesn’t understand the goals of their function!

the doctor keeps an eye on Procurement news, even though it always

  • depresses him
    as every day it seems there is a new public scandal
  • tires him
    as many publications push the same non-innovative agenda that seems to come out of a Big 6 2007/2008 play-book

and at this time of year

  • causes major eye rolling
    because it’s conference season and it seems all the big S2P suites have to hold their shows at the same time, go head to head, and see who can come out on top in the classic Bugs and Daffy duck-season rabbit-season argument

And then, once in a while, he sees a headline so ridiculous that he has to wonder just what brand of pharmaceuticals the writers are on. As he writes this, after doing a search for “Procurement” and having the top headline be about how drones are going to be central to tomorrow’s role, he can’t decide if he should shake his head and cry or scream at the idiocy at the top of his lungs until somebody listens.

As a Procurement Professional, you have one primary goal:

  • Save Money

and two secondary goals

  • ensure availability
  • reduce spend through reduce demand

and a plethora of tertiary goals (that the C-Suite spew lots of rhetoric on, but never measure you on)

  • lean process (time) reduction
  • unit cost reduction through product redesign to use less costly / more renewable materials
  • faster acquisition time
  • proactive risk mitigation

How does a drone?

  • Save Money? It doesn’t. It costs money, can’t deliver large products, has little security, etc.
  • Ensure Availability? It doesn’t. Radio interference and your product goes off course. A small EMP and your product ends up in pieces.
  • Reduce Spend? It doesn’t. No explanation should be needed.
  • Lean Process Time? It doesn’t. They don’t go that fast. Require careful planning. And so on.
  • Reduce Unit Cost? It doesn’t. No explanation should be needed.
  • Speed up Acquisition? Unless you’re trying to get a product to the 100th floor when the elevator is broken, it doesn’t.
  • Reduce Risk? Considering another unmanned piece of hardware adds risk, it obviously doesn’t.

You use drones when you need to get products where a human shouldn’t go. And in what part of your Procurement operation are you sitting a desk somewhere humans shouldn’t be. Seriously!

Now get your drone off my lawn!

Why A True Supply Management Professional Still Will Not Be Replaced by Technology

Algorithms still don’t sense, still can’t read the majority of non-verbal cues (as even the best mood detection algorithms can barely differentiate between “happy”, “indifferent”, and “sad” … even when the people it is analyzing have big smiles, flat lips, and big frowns), take calculated risks that go outside the programmed parameters, or form common bonds. They don’t feel, and they are not intelligent. And while their predictive capabilities are now getting scary in some respects, they are not infallible, and as we discussed in our last post, when they fail, they fail in a big, big way.

As first noted in our original post five years on Why a True Supply Management Professional will Never be Replaced by Technology, not only do algorithms not feel, but they are als incapable of accurately predicting how a person will respond to a suggestion that has any emotional impact whatsoever. Especially in today’s individualistic society where the message is what is interpreted by the recipient and only someone with a shared understanding will be able to comprehend what that is and react accordingly. As a result, an algorithm cannot negotiate (unless it is negotiating with another algorithm — but that’s not the best of ideas. When two algorithms negotiate, they develop their own undecipherable shorthand [as evidenced in multiple studies and real world occurrences, which includes two creepy Facebook bots talking to each other in a secret language], and we won’t be able to figure out what they did or why. (Was it to optimize the best win-win situation or was it to advance the plans for building SkyNet. We don’t know.)]

Secondly, as pointed out in our previous posts, successful negotiation depends on more than a first party transmitting a message to a second party that the second party can accept, but understanding all of the possible messages which might be accepted, their likelihood, and which are the most preferable to each organization and selecting the best one for the situation at hand. And while an algorithm can compute which options are likely given certain assumptions, and which of these options are the least distance from optimal according to some metric, it cannot determine what assumptions to make. Only a person who can feel, and feel what the other party is feeling, can be the judge of what good assumptions are. And, secondly, algorithms cannot sense. They don’t feel, and they don’t have instinct —- because that requires real intelligence!

Thirdly, as described above, they can’t accurately read non-verbal cues. Even if someone is stating that they may be agreeable to an offer, the reality might be that they may have no intention of ever accepting the offer, and are only indicating the contrary either because it’s the culturally polite thing to do or they want to stall for more time while they figure out their position. It’s often the case that such a person is not as good at masking their demeanor as they are at masking their words. It might be the case that their non-verbal cues give more away than they would like, but only a trained negotiator with years of experience and instinct could be an accurate judge of this.

But, even more importantly, they still typically can’t detect patterns in unrelated data, as it’s typically the case they can only process specified data in a specified set of ways. And a fixed data pool never tells the whole story. A fixed algorithm might not know that a fire today will impact resource availability in six months, that your main competitor is likely to go out of business due to a massive loss in a patent infringement lawsuit, or that a new technology is going to make the current technology obsolete in 18 months, with prices and demand starting to plummet in six months. As a result, in each of these instances, the algorithm would buy (today) (at a much) higher (price) than it needs to.

In short, the proper application of good, assistive intelligence, technology will make you two, ten, and maybe even one hundred times more productive (depending on the metric), but it cannot replace you. No matter what a vendor may claim. So don’t be scared of new technology for your supply chain —- embrace it. But don’t trust it blindly. Verify. Then you’ll have the best of both worlds — efficiency, with reliability — provided not by the system, but by your intelligent brain.