Category Archives: Risk Management

Oversight for more than just your Travel & Expense budget management

Oversight is an Atlanta-based software (as a service) company founded back in 2003 to help organizations monitor spending in an effort to identify errors, waste, misuse, and fraud in the grey area of enterprise spend. As every recovery firm will tell you, the average organization will overspend by 1% to 3% as a result of over billings, duplicate billings, unnecessary spend on superfluous demand, maverick spend, and even fraud. (And they make their living recovering a portion of that, typically a third, and then charging you 33% of the recovery as their fee. Sounds small, but 1/3 of 1/3 of 3% of spend is 0.33% of spend, and if the organization spends 100 Million, they get 330,000 for an effort that can be largely automated and, even worse, be avoided with proper up-front spend monitoring.)

For example, if all invoices are compared to invoices and goods receipts before payments are authorized, this can prevent overpayments. Duplicate billings can be identified in the same way (and duplicate payments prevented). Potential fraud can be identified by forcing all invoices from unknown suppliers, for unknown products, or for unexpected amounts to be manually reviewed. (This can’t prevent in-house fraud, where a buyer pays a fake invoice to a fake company controlled by a relative, or a co-conspirator, but it can prevent external fraud.) Unnecessary spend on superfluous demand will require up front requisition control, as will maverick spend, but at least there will be no overspend or duplicate spend that can be unrecoverable once the contract with the supplier expires.

Oversight is unique in that it is not so much a software platform but an insights platform. Employing a team of data scientists focussed on identifying new algorithms and techniques for fraud detection, Oversight uses their in-depth knowledge of fraud to build solutions that will help the clients identify potential cases of fraud that they could never hope to identify on their own. The best most companies can do is sample based audits and spot checks which are unlikely to identify much fraud as these will generally only be on a few percentage of invoices or transactions, and most employees who have been getting away with fraud for a while will not be doing anything obvious, and the fraud will not be detected without correlations across documents and systems. That’s where Oversight comes in.

The Oversight solution is a web-based software solution for automatic spend analysis and identification of high-risk or potentially fraudulent transactions that comprehensively analyzes T&E, purchase card, and accounts payable spend using a suite of statistical, clustering, data mining, break point, rule-based, evidentiary reasoning, and machine learning algorithms that look for discrepancies, suspicious patterns, known fraud, and risk indicators to identify those transactions that need to be manually reviewed. The dashboard-driven, or work-bench driven, interface allows an analyst to drill into suspicious transactions by country, organizational unit, risk level, or exception type and can be configured to show the analyst only those exceptions assigned to her, or her team, or every unresolved exception in the system.

When a user drills in by exception type, she sees an overview of the overall risks by country and can drill into suppliers to see the specific exceptions. When a user drills in by country, she can see the overall risk by supplier and then by exception. In other words, she can drill into at-risk transactions using country, organizational unit, supplier, and at-risk type in any manner they please.

Or, they can look for exceptions by process. Right now, Oversight supports the identification of at-risk transactions in the travel & expense, procure to pay, and purchase card processes and has recently added support for FCPA, Anti-Bribery, and Corruption Risk — including the identification of known politically exposed parties.

Plus, the platform not only integrates with all of the big supplier and financial data providers — such as Dunn & Bradstreet, Bureau van Dijk, and CreditSafe — but also integrates with providers of risk indicator data such as Ecovadis and Sedex Global. Plus, they maintain their own databases of known politically connected parties, gentlemen’s clubs, denied parties, and other parties that an organization typically should not be allocating funds to. This last capability is quite important … just ask American Express which once received a 241K strip club bill authorized by the CEO. (Source)

Since fraud attempts differ by country, and collusion is hard to detect with a standard m-way match invoice processing platform, Oversight brings a powerful offering to the expense management space. It’s a platform worth checking out. For a deeper dive into the platform, check out the recent coverage by the doctor and the prophet over on Spend Matters Pro [membership required]. (Part I is up with Parts II and III coming within a week.)

Twenty-Two Years Ago Today …

The PlayStation was released in Japan. Even though Sony was late to the scene, as the PlayStation was released with the fifth generation of video game consoles, it was the first “computer entertainment platform” to ship 100 million units and set the gold bar for computer entertainment platforms at the time.

But this is not the only reason it is significant. It’s also significant because it also set the need for a gold bar in supply chain management as Sony lost $150 Million in sales and product reformulation when Dutch authorities halted a shipment of 1.3 Million PlayStations back in 2001 due to illegally high cadmium levels.

What do you think, LOLCat?

All PlayStations are great to sleep on!

A Financial Health Check Should Be a Pre-Qualification of Every Supplier Qualification

And every organization should review a financial health or risk report, comprised of, or augmented with, third party data, and, unless they are (or have in-house) financial experts, this should preferably be done by a third party. The reality is that in today’s data driven world, no organization should be surprised by a bankruptcy of a mid-size or larger supplier that has been in business for at least three years. The probability of the vast majority of these bankruptcies are now predictable by financial analysts and while they may get a few wrong (as some companies may shape up just in time and others may fail faster than expected for a non-financial reason), they get a lot right.

And it’s not like financial ratings are hard to get anymore. While they are not as insightful, as they work exclusively on credit data and stock data compared to released financial statements (which is where the early warning indicators hide), most of the big data / credit services track enough data to come up with a reasonable financial risk score that at least lets you know whether, from a financial perspective, the supplier could be reasonably safe or is currently very risky — and needs a detailed analysis. Moreover, a financial health-focused offering by RapidRatings, and their FHR (Financial Health Rating) Report (which has been around for almost a decade), with an open example here, provides not only deep insight into potential risk, but the magnitude of the risk and the hard data for the risk — as well as the insights — and can detect risks from early warning signs that have not yet manifested in observable behavior (such as late payments).  In addition, RapidRatings’ new Financial Dialogue offering, which works in conjunction with the FHR, identifies the most important questions you should be asking your suppliers based on their health rating.  (An when you look at just the FHR report, you wonder why every organization is not doing at least this detailed level of supplier financial health analysis before committing a large or strategic spend to a supplier when all the data they need can be summarized in an easy to understand fashion.)

Now, you might say that because only one vendor, today, offers this depth of a report, which wasn’t previously available, and because the organization has done just fine without it for almost a decade, that you don’t need it, but SI would like to disagree. With global sourcing constituting so much of your supply chain, you don’t really know that much about your suppliers, their health, or the conditions in which they operate. And if they are supplying a custom made component, a raw material in limited supply, or a specialized service, the cost of recovery could be much greater than the initial cost of supply. These reports are becoming a necessity as part of your risk management.

SI is not saying you have to use RapidRatings or subscribe to their FHR reports (although they should be on your shortlist), but that you should at least do deep financial analysis on all of your strategic suppliers and use a platform to do it.  And while SI expects that other vendors with the same degree of analytic capability, financial know-how, and supplier insight — specifically Resilinc, FusionOps, and Simfoni — will soon attempt to release similar offerings, with their own unique spin, SI doubts that these other providers will be able to match the depth provided by RapidRatings for quite some time, as they are, respectively, focused on supply chain resilience, big data insights, and analytics on the go.  (However, if you are  currently using any of these vendors, you should work with them on their new analytic offerings as they can still offer other insights into the suitability of the supplier for your operation, assuming the supplier is financially viable enough to work with in the first place.)

While financial risk or financial health is only one KPI that should be used to analyze suppliers before qualifying them for inclusion in an event, it is an important one — the organization needs a supplier that will stay in business. Another KPI that should be included is a comprehensive CSR (Corporate Social Responsibility) assessment, as you want responsible and sustainable suppliers, and this can be obtained as well from vendors such as Sedex Global and Ecovadis. Finally, once the supplier has been deemed financially stable and sufficiently responsible, an overall supply chain risk rating should be computed (based on geography, risk of natural disaster, political interference, etc.). This will require either a risk management vendor (such as Resilinc, Risk Methods, etc.) or an analytics vendor that pulls in feeds from one of these vendors.

It’s a lot, but if you can be sure in your supplier, that’s one less worry in your overly complex supply chain.

7 Secrets to Creating Supply Risk Management Leverage – and 3 More You Might Need

A recent pro-piece on 7 Secrets to Creating Supply Management Leverage over on Spend Matters Pro [membership required] by the prophet and the maverick highlighted 7 strategies that an organization can be successful in risk management in the light of recent events that include, but are not limited to: the Hanjin Shipping bankruptcy, the Zika Virus, and the East Coast Oil disruptions.

The first three are a must.

1) You must aggregate your data.

No performance improvement, in or out of risk management, can happen without data and the process and performance visibility it brings. For more insight, and tips, into this, see the pro piece.

2) You must standardize your processes through collaborative means.

You can’t take a mish-mash random approach to risk identification and management — it must be coherent, cohesive, and collaborative. Otherwise, for every risk you prevent, two will slip past undetected.

3) Tuning — and minimizing — false positives and false negatives.

False positives are common, and the real risk is the false negatives, right? Wrong. False negatives pose a big risk, but for many companies, false negatives pose a bigger risk because, in order to minimize the possibility of false negatives, the organization will tune the system to let as many weak possibilities slip through in order to make sure no significant risks escape. However, in doing so, what will inevitably happen is that the number of false positives will increase significantly. You might be thinking, so what? Quick review eliminates them. Well, it does, but, over time, the risk reviewers become numb to, and tired of, the false positives and slowly, but surely, turn up the thresholds. Eventually they are raised so high that the false negatives increase and big risks slip in.

The next 4 are important, and most organizations will need to do at least 2 of them, and you can read the prophet and the maverick‘s piece on 7 Secrets to Creating Supply Management Leverage for more details, but here are a few you might also need.

8) Payment and Receipt Monitoring

Supply disruption in critical parts and goods is one of the worst supply chain disasters an organization can experience because an inability to sell the primary product line will result in a significant drop in revenue. Supply disruptions happen for a number of reasons, some of which are preventable (like not ordering from a supplier about to go bankrupt), some of which are not (like a natural disaster).

The best way to detect an issue is in delivery and invoicing monitoring. A supplier that is on hard financial times will submit invoices extremely promptly, follow-up quickly, re-submit on or before the deadline, and often take less than desireable early payment discounts. If they are at the point where they can’t even afford to get the credit to buy the goods and labour they need to make and ship your products, shipments will start to be late. Or maybe quality levels will drop and reject rates will rise. All of this can be detected early on with good internal data monitoring.

9) Impact Event Definition and Real-Time News Monitoring

Once your data is aggregated, and your supply chain mapped, you not only know your sole source suppliers (that need to be duplicated), but you also know your choke-points (where any number of events could impact your supply chain) and primary supply regions. (Just because you’re buying American doesn’t mean 80% of the raw materials aren’t coming from China!) You can easily define these regions, and the most likely supply chain impacts (port strikes, natural disasters, etc.) and then set up news and event monitoring to alert you to any event that could potentially impact your supply (including events that would impact two levels down the supply chain, which would cause a ripple event up). Now, its true that these are only so accurate and you might get a lot of false positives, but its better to quickly eliminate a few dozen false positives and get real time visibility into a critical component supply shortage in three months then find out there is no available supply left when a delivery date is missed.

X) Supplier Development

Let’s face it, the 7 steps in the prophet and the maverick‘s pro piece and the 2 steps above are good, but the best risk management you can do is instill the same commitment to risk monitoring, management, and prevention into your supply base (who will also do their best to push it down). A+ risk management can only do so much if your suppliers are C+ students at best.

One Key Question to Ask When Selecting a Multi-Criteria Supplier Sustainability Monitoring Solution

In our last post on Key Questions When Selecting a Multi-Criteria Supplier Sustainability Monitoring Solution, we noted that not only can supply risk management not be siloed, but in order for it to be successful, it must be centralized through a CoE that puts together policies and procedures that not only ensure that

  • every supplier is covered
  • on all relevant dimensions
  • but not on irrelevant dimensions
  • without any duplication of effort

but also ensure that

    • there are no false positives in the risk assessment and
    • there are no false negatives

In order to effectively implement this holistic approach, an organization will require a good multi-criteria supplier and sustainability risk monitoring solution that can proactively monitor, assess, and re-asses supplier sustainability and risk using data from dozens, if not hundreds, of disparate sources that paint a comprehensive picture of supplier sustainability.

But not every platform will make the cut. Definitely not all will meet the integration requirements, which is one key requirement of a good platform. More specifically, ethics, corporate social responsibility, and sustainability information is vital information that can and should be used in many different supply management platforms such as e-Sourcing, e-Procurement, CLM, SRM and other platforms that support a wide variety of supply management processes and workflows. As such, this integration should be trivial and for major supply management platforms, almost “out-of-the-box”. Moreover, in some organizations, this information also needs to be available to other departments that, and no surprise here, are reliant on different platforms and responsible for smaller or indirect spends not (fully) under the control of Procurement. As such, the platform needs a well defined, and easy to use, API that can allow the data to be pulled out for any platform that needs it, and that allows any proprietary or limited access data the organization has access to on the supplier’s sustainability and risk profile to be pushed into the system. Why?

For more complete details on this requirement, as well as key questions to ask when evaluating a multi-criteria supplier sustainability monitoring solution, check out Sourcing Innovation’s latest white paper on 5 Essential Criteria for Selecting a Supplier Sustainability & Risk Monitoring Solution, sponsored by Ecovadis, that will help you understand just what a good sustainability and risk monitoring solution needs to do.