Category Archives: Risk Management

Can’t Get Your Contracts In Your Sights? Maybe You Need a Birdseye.

Birdseye(.digital) was created by With, a Strategic Consultancy founded to enable strategic sourcing and contract management excellence, to solve the most critical problems their clients had in value realization from strategic sourcing: post-signature execution. This, as we identified yesterday in our post on why aren’t you realizing the full value of your sourcing efforts, is one of the primary reasons that up to 40% of value identified during a sourcing project never materializes — as value realization requires proper Procurement (and a proper system), proper logistics (and a proper system), and proper contract execution management (and a system to support that).

Birdseye(.digital) was created for the

  • Procurement Managers,
  • Contract Managers
  • Risk and Compliance Managers, and
  • Legal Counsels and Advisors

who are responsible for managing the organization’s contracts, allowing them to get a 360 view of each contract as well as all contracts that fall under their purview and/or relate to a compliance requirement, risk, or obligation that they are responsible for.

So what is Birdseye(.digital)? It’s fundamentally a contract governance solution that allows you to define:

  • the responsibilities (obligations) of the organization as tasks and action items
  • the risks that need to be tracked and managed
  • the supplier management and (re)qualification activities
  • the stakeholder engagement and surveys

The primary components that allow this are:

  • workflows
  • risk matrices
  • forms
  • review/governance templates (scenarios)
  • calendars
  • dashboards

Workflows

When an obligation or action item is defined and assigned, the platform will track it, notify the appropriate stakeholders when it is coming due, kick off associated activities when a task is done or a status changes, and monitor those as well.

Risk Matrices

A user can associate all risks relevant to each (sub) contract, track their levels, track changes over time (during [regular] review schedules), define notifications on change, and associate mitigations. It can also define a custom risk matrix that derives a color-coded risk level from a combination of the risk probability and the impact of the risk occurrence for easy visual display and classification. This allows users to quickly see if there are any high or critical risks associated with a contract, whether or not mitigations have been defined, and compute an overall risk level of the contract, which can be monitored over time during regular reviews.

Forms

Just like modern RFP solutions, a user can build their own custom review/survey forms with ease and associate them with scenario templates, activities, or one-off projects. They can also attach files as needed.

Contract (Review/Governance) Templates (Scenarios)

The system allows administrators to define scenario templates that define, for a contract of a given type, what obligations and activities should be tracked, what reviews and surveys should be done, how often they should be done, and who should do them (by role). This means that governance for a contract is easily setup simply by selecting a scenario template when a contract is signed or input into the system post signature. Selecting a predefined scenario template from a single dropdown can setup all of the default management activity required over the contract lifecycle with a single click. An organization that takes the time to classify its contracts and management processes can manage contracts with utmost ease.

Dashboards

Of course Birdseye comes with a full suite of dashboards to get complete 360 insight into the contracts, with filter capability down to any subset, individual contract, or subcontract of interest. This allows all of its users to understand how a contract, supplier management effort, compliance initiative, or other activity is going. Since the platform can also be linked to a P2P or ERP system (Oracle, SAP, and any platform with an Open API that allows an invoice to be linked to a contract ID), it can also give you an update on total spend impacted by a contract, category, or initiative.

There are out-of-the-box activity dashboards for projects, contracts, relations (third parties which can be suppliers, consultants, etc.), and catalogues (of products or services that contracts can be linked to), as well as a customizeable activity dashboard for each user that can overview their contracts, projects, relations, reviews, action items, stakeholder contributions, etc. through drillable widgets that can be filtered on every dimension down to the raw data records, which can be popped up or exported as needed. These dashboards, in addition to standard metric/spend dashboards can also be of the Red/Amber/Green Traffic dashboard variety as well.

Calendars

Just like any good (project) management solution, a user can also get a calendar view of an activity, contract, or all of their tasks to easily determine what they have to do and when. The system was designed with management efficiency in mind, because the developers know that any system that is too unwieldy doesn’t get used, and, thus, the only way to extract all of the value out of a contract is to create a system that makes a user’s tasks as easy to identify, and do, as possible. The user can add tasks and activities as needed and customize their calendar to their liking.

Crossing the Ts

As for the basics, you can have as much metadata as you want associated with a contract, and add new metadata fields anytime you need to. In addition to easily being associated with a scenario template of choice, it can have as many tags as you like, be associated with a projected value, be associated with any parent or subcontracts, and have as many attachments (with versions) as required. In addition to the action items, risks, and obligations discussed, it can also have associated issues, rights, catalogues, invoices, reviews, stakeholders, and connected projects (such as reviewing all contracts with a generic force majeure clause). There are also checklists that can be associated with contracts and projects to help a user ensure they’ve dotted all the i’s and crossed all the t’s in the execution of the contract.

If the contract (template) is not created in the platform, when a user uploads an agreement, they use AI to identify all of the meta-data that is associated with a contract of the given type (using Google Gemini today, but future releases will allow users to choose between Google Gemini or Anthropic Claude, where they found the latter works better for organizations that contract in multiple languages), and not only allow the user to override anything it extracts (as it’s not perfect) but show the user its confidence ranking. The user can filter by confidence and only needs to review/validate low confidence options to have extremely high confidence in the auto-extracted metadata.

System Administration and Configuration

As we have hinted above when we noted that the user can add and track any metadata fields that they like, the system is very configurable and the administrator also has full control over:

  • business unit hierarchy which can define visibility rights
  • users who can be assigned very broad, or very narrow, roles
  • tags that can be defined and modified as needed
  • reviews and the processes and timelines they follows
  • tasks and the basic templates and workflows
  • email templates that are used for notifications
  • currencies and mappings that are used if invoices are pulled in for spend tracking
  • usage monitoring and define how to track who is, and is NOT, using the system
  • folders and structure for contracts and attachments
  • deleted record management as even deleted records are preserved for audit trails until a user with authority determines they can be permanently deleted

It’s a well thought out, usable, and fairly complete contract execution management system that goes well beyond just creation, storage, and signing … which we know is where many older generation contract lifecycle management solutions stop. The most important point to make is that they’ve found that their customers who fully embrace the solution see a 30% value increase from using the solution. Now, this shouldn’t be taken to mean that it can singlehandedly prevent the loss of the 30% to 40% of identified savings that is traditionally not realized after a sourcing event, but that it prevents about a third of that loss and, if combined with a good e-Procurement system and good logistics management, you might actually be one of the first organizations to realize almost all of the savings you negotiate (since a good e-Procurement systems typically increases savings capture by a third as well, and proper logistics paired with proper warehouse and inventory management saves a bundle as well). The 2X process efficiency alone that its clients see more than pays for the system, so imagine the results if you realize another 30% value on the identified savings of every sourcing project. (Combined with the 50% reduction in audit findings its clients also see, which increase drastically for any customer with an integrated P2P that ties invoices to contracts as they can check full payment compliance as often as they need to.) So if you are missing a birds-eye view into your contracts, maybe you should check out Birdseye(.digital).

2025 Is Just Another Year … But Is It All Doom and Gloom? Part 5 (Risk Reduction)

It’s just another year, unless you look beyond the hype, identify true talent, give them real solutions, and then truly tackle the threats … with strategies for success.

Supplier (Plant) Shut Down

In reality, typically only three things shut down a supplier:

  • Bankruptcy
  • Disasters
  • Governments

With respect to each of these:

  • you can typically predict bankruptcy from financial monitoring, which is easily available for public companies, semi-available for private companies that survive off of international trade (just monitor the public trade data), and highly correlated with a noticeable decrease in quality or performance (which can be predicted off of your data)
  • you can’t predict disasters, but based on geo-location, you can predict type and likelihood, and subscribe to news-based event monitoring services to identify when one happens that likely impacts your supplier (and then verify) so you know the minute a disruption occurs, and not three months later when the order doesn’t materialize
  • governments will generally only shut down a company if it is a fraudulent enterprise or when they are taking something over that was private; your category expert consultant can let you know whether or not the country the supplier/plant is in has a history of forced public acquisition or is eyeing restrictions on the industry (and otherwise, the risk is pretty much non-existent)

Supplier Becomes Unreachable

This usually happens as a result of three things:

  • sanctions
  • border closings
  • customs / port shutdowns due to strikes

With respect to each of these:

  • sanctions are typically politically driven and hard to predict, but a sanction list monitoring service can inform you within 24 hours if a supplier or connected party has been sanctioned
  • border closings usually result from trade wars or real wars, and news monitoring can indicate potential that can be monitored, and once the threat gets too high, you can proactively identify new / switch suppliers
  • customs / port contracts with unions in terms of validity dates are typically public knowledge, and you can monitor when they end, and whether there is any news that negotiations have started once you get close (say 3 months) to expiry … as well as monitor statements put out by both sides during negotiations that could indicate a strike (vote) (and look at the history to see how often a strike [vote] results in a strike, how long it usually lasts, etc.)

Supplier Loses Access to Raw Materials

With respect to a supplier losing supply, they have the same risks you do with respect to supply lines, plus two more major ones and one more minor one:

  • sanctions, border closings, and strikes
  • mine collapse / crop destruction from a natural disaster
  • government reclamations or limitations on natural resource extractions
  • mine / well runs dry!

With respect to each of these risks, if you map your supplier’s critical supply chain:

  • you can monitor sanction lists for sub-tier suppliers and news sources for events that would lead to border closings and strikes as you do for your suppliers
  • you can monitor news sources for events that indicate a natural disaster that would threaten or destroy raw material supply
  • you can research past history and monitor news sources for indications a government might restrict access to or reclaim natural resources from the private supplier in your supply chain
  • you can contact environmental experts to determine when a given source a sub-tier supplier depends on might run out!

Logistic Route Cut-Off

This is pretty straightforward to enumerate. In addition to port closures above, you have:

  • major carrier strikes and failures (as only public postal services can run deficits ad infinitum)
  • natural disasters that take down major roads, bridges, and ports
  • intermediate border closings on current routes

And the way you handle each of these is to:

  • monitor the financial scores from the financial monitoring services and the union contract expiry dates to know when you need to look for negotiations and negotiation status to try and predict if you will need to lock in new carrier contracts before competitor quotes go through the proverbial roof in response to your carrier striking
  • monitor news sources for natural disaster events along your major supply routes
  • monitor geopolitical situations across countries on your routes

Procurement risk management doesn’t have to be hard to not only be good enough, but considerably better than your peers. Dwell on that.

2025 Is Just Another Year … But Is It All Doom and Gloom? Part 4 (Risk Redux)

It’s just another year, unless you look beyond the hype, identify true talent, give them real solutions, and then truly tackle the threats.

Risk Management IS Easy

And so is getting started with risk management as long as you approach it correctly! The key is not to try and identify every conceivable risk that might impact your business (there are literally too many to enumerate now and trying will drive you mad — but if you really want to try, we suggest starting with the 101 Damnations that SI chronicled for you back in 2015), but to identify what impacts would seriously hurt your business and work backwards to risks from there.

For example, if your primary revenue stream is products, what are your major product lines where a disruption would significantly hurt (and possibly even end) your business? Analyze the Bills of Material and identify what are the key components that can’t be easily sourced from a different vendor because they are proprietary and/or need a specialized manufacturing process. It doesn’t matter how much you spend on them or with the supplier, it matters how hard it would be to replace the component if it suddenly became unavailable.

Once you identify those critical components, look at

  • the supplier,
  • where the supplier is located,
  • what critical material inputs the supplier needs to make the component, and
  • how it gets the component to you.

The critical risks, that you have to monitor for, mitigate, and manage if they arise are precisely those risks that would

  • shut down the supplier
  • cut the supplier off from you
  • cut the raw material supply to the supplier
  • cut off the logistics routes you depend on

That’s it. Yes, there are more risks. Yes, they could occur. Yes, they could have a big impact on your brand and your business. But chances are that as long as you keep getting product in, selling that product, and moving it out, i.e. as long as you have assurance of supply, everything else will eventually blow over or be forgotten. Even if there is a temporary disruption in profit, it will return and the business will continue. Sensationalist media can’t keep people’s attention if it tries to sell them the same story everyday, so unless your product actually kills people, you don’t really need to worry about brand damage (unless it’s due to a lack of quality control, but you should already be ensuring that on every contract signature and critical shipment). (Plus, preventing brand damage for something out of your control is PR’s job anyway!)

If you analyze these four risks, and cross-correlate with the World Economic Forum’s Global Risk Report, you’ll see that most of the time there’s not that many risks with a reasonably significant chance of occurrence that you really need to worry about. (Except Pandemics! There’s going to be more of those as the world still isn’t ready for them and wont’ make the investment to get ready for them.)

Focus on identifying the risks around supplier and supply, and you’ll be leagues ahead of your peers.

Myth-busting 2025 2015 Procurement Predictions and Trends! Part 7

Introduction

In our first instalment, we noted that the ambitious started pumping out 2025 prediction and trend articles in late November / early December, wanting to be ahead of the pack, even though there is rarely much value in these articles. First of all, and we say this with 25 years of experience in this space, the more they proclaim things will change … Secondly, the predictions all revolve around the same topics we’ve been talking about for almost two decades. In fact, if you dug up a Procurement predictions article for 2015, there’s a good chance 9 of the top 10 topic areas would be the same. (And see the links in our first article for two “future” series with about 3 dozen trends that are more or less as relevant now as they were then.)

In our last instalment, we continued our review of the 10 core predictions (and variants) that came out of our initial review of 71 “predictions” and “trends” across the first eight articles we found, in an effort to demonstrate that most of these aren’t ground-shattering, new, or, if they actually are, not going to happen because the more they proclaim things will change …

In this instalment, we’re again continuing to work our way up the list from the bottom to the top and continuing with “Risk & Compliance”.

Risk and Compliance

There were 10 predictions across the eight articles which basically revolved around “risk management strategies” with some sideline focus on the need for “resilience”, “cybersecurity”, and “compliance”. As with almost every “prediction” and “trend” in this series, this is yet another prediction that makes headlines every year, no more important this year than the last, and no more likely to get any more attention until a major event happens that significantly disrupts the organization, a disruption that could have been prevented with better risk management systems and processes. Before we discuss further, as is our custom, we will list the ten predictions.

  • Blockchain
  • Cybersecurity and Data Privacy
  • Cybersecurity in Procurement
  • Compliance
  • Enhanced Risk Management Strategies
  • Expansion of Risk Management Strategies
  • Geopolitical Instability Shapes Risk Management
  • Resilient Supply Chains
  • Risk Management and Resilience will continue to be a Priority
  • Risk Management

Risk has been increasing year over year for over two decades. It should be front and center in every organization, especially given the facts that very few organizations that have been around for any length of time haven’t been impact to some degree by a disruption event and the chance of an organization of any size not experiencing a disruption in the next year is close to zero. And it does make the top of the charts in the board room, but, unfortunately, it’s still not making the top of the charts in the priorities when it comes to new solution acquisition and new process introduction. In most organizations, it’s just being pushed down to the tactical personnel who execute daily tasks. Personnel who may not have enough of a big picture understanding to manage risk properly in their decisions.

However, given the need for resilience in the age of constant supply chain uncertainty and disruption (due to epidemics and pandemics; border closings and sanctions; strikes and port shutdowns; reduced cargo capacity from perfectly good transport ships being junked during COVID, Houthis in the Red Sea, and Panamanian droughts, trade wars, reduced/cut-off rare-earth/raw material supply etc.), risk should be even more prominent and more actively addressed. Leading organizations will double down on resilience and supply assurance strategy and survive the disruptions relatively unscathed, and those who don’t double down on resilience and supply assurance won’t. It’s that simple.

Given that almost 3/4 organizations were hit with a cyberattack in 2023, which was an all time high and which was only projected to increase in 2024, cybersecurity concerns should also be at an all time high, but given that most organizations relegate that to IT, we know it’s not going to get much better in Procurement. It needs to, considering how much organizational finance flows through Procurement, but it won’t change much.

Finally, organizations know they need to comply with regulation, so compliance is always at the edge of the Procurement mindset, but beyond minimal requirements, it never gets much attention, regardless of how much a few analyst firms or vendors try to push it.

What Should Happen? (But Won’t!)

Organizations need to prioritize the acquisition of a Risk360 solution, or the closest thing it can find, implement it, and monitor it regularly to make sure they detect risks that can impact their supply chain or operation as soon as such a risk occurs. Not after the supply has been cut, not after the organization has been locked out of all their organizational systems, not after key customers have failed and orders evaporated, not after signing a contract with a sanctioned party, and so on. Today, every decision made has to be made risk aware. And without a centralized risk management system, that will not happen.

Six down, four to go!

Resilience is About to Take on a Whole New Meaning!

In Procurement and Supply Chain, resilience (which is defined as the capacity to withstand or recover quickly from toughness) typically refers to supply resilience and the ability to adapt when a supply line gets cut off (due to a supplier bankruptcy or plant shutdown; port strike; logistics delay or loss; etc.). That’s because it used to be the biggest threats to a business’ operation was a supply disruption. Now, it’s only one threat among many that can devastate a modern business. Today’s enterprises have to deal with, among other emerging threats:

  • Natural Disasters: which can now occur close to home even if they never did before (and thanks to global warming they will soon be 10X what they were five decades ago!)
  • Rapid Cost Increases: as a result of tariffs, sanctions, embargoes, and trade wars (as per our article last week on why cost reduction ain’t happenin’, for example)
  • Cyber Attacks: which can hold part or all of their business ransom, unless they have a complete back up less than 24 hours old and are willing to take take their entire business offline, restore and build manually, and keep the business offline until the holes that were exploited by the hackers are identified and plugged
  • Business Operating System Failure: today’s enterprises run on SaaS solutions, and in today’s economic environment, some of these vendors could fail with very little notice and all of a sudden you’re unable to efficiently execute parts of your business until you find a replacement system (and if you didn’t ensure your contract contained the right to download all of your data and configuration settings at any time, and test that you could the minute the system was fully installed and populated with your data, and you can’t do so before the system goes offline, you could be in serious jeopardy — complete data access is way more important than code escrow, especially if you have no clue how to maintain and operate the system, so make sure it is in every contract you sign (and if it’s not, don’t sign)!)
  • Lack of Talent: many reasons for this:
    • Layoffs/Early Retirement: When times got tough, you happily let the boomers walk out the door, enticed Gen-X to do early retirement, and laid off the senior Gen Y talent — most of the top talent is now gone and the rest, that should have been retained, never got proper training or experience
    • Gen-AI: you fell for the bullcr@p that it would allow you to reduce your workforce and solve all your problems and not only did you not bring needed talent in, but you let more walk out the door
    • Tough Competition: smart companies are realizing that while the right tech in the right hands applied to the right problem can make employees super human, without the right talent with the right Human Intelligence (HI!), the AI tools are useless and are seeking out the talent that remains who can use tech with more audacity and resolve than ever before; and if your top talent isn’t well paid and happy, you could lose them without warning (FYI: you will if you mandate unnecessary office returns — remember, it’s about productivity, not being at a certain place at a certain time)

In other words, possible business ending events are going to arise and engulf all areas of the business and a business that can’t quickly identify, assess, mitigate, and monitor will not be a business that survives.

Resilience is going to take on a whole new meaning, so make sure your Procurement and Supply Chain departments are up to the task! You might have thought the worst was behind you now that the COVID-19 Pandemic is over, but that was just the trial run!