Category Archives: Risk Management

Source-to-Pay+ Part 10: Over 55 Supply Chain Risk Vendors to Check Out

Last quarter, we ran a 9-part series that served as An Introduction to Supply Chain Risk where we introduced you to the risk elements not covered by traditional supplier management platforms (which we covered in our 39 Steps … err … 30 Clues … err … 39 Part Series on Source to Pay where we listed over 90 supply management companies of which over 1/3 claimed to have some degree of “risk”, which we dub supplier “Uncertainty”, management).

In our series, we focussed heavily on corporate risk, third party risk (which included ESG, Human Rights, Regulatory Compliance), supply chain risk (including transparency, traceability, and multi-tier tracking), transport risk, cyber risk, and analytics. We also noted that our next instalment would provide a starting list of vendors that you could check out to meet (some of) your supply chain risk needs.

This is that instalment. Hopefully this starting list will be useful to you. In the months that come, the hope is that some of these will be covered

Legend

3P	3rd Party / TPRM
S/V	supplier risk / verification
SCT	supply chain transparency
T/L	transport / logistics
MT	multi-tier
C	cyber
ESG	Environmental, Social, Governance
HR	Human Rights
RC	Regulatory Compliance
BoM	Bill of Materials (Direct)
DX	Discovery
TX	Traceability

Vendor

LI/#Emps

S/V

SCT

T/L

ESG

BoM

411

117

681

166

200

Darkbeam (Apex Analytix)

765

165

275

254

102

NQC

104

Overhaul

312

Prevalent

161

Prewave

150

ProcessUnity (w/CyberGRX)

143

166

299

371

801

116

435

180

442

127

125

Supply Risk Solutions

116

ThirdPartyTrust (Bitsight)

947

Darkbeam: Shining a Light on your Supply Base Cyber Risk

In part 9 of our Source-to-Pay+ series, we talked about the need for cyber risk monitoring and prevention because, in today’s hyper-connected SaaS world, nearly half of an organization’s data breaches originate in the cloud. These risks don’t just come from cyber criminals. Some come from less-than-scrupulous employees and others come from suppliers, even well meaning ones. After all, who cares if the front door is locked when the back door is wide open.

Why do you care about your supplier’s back door? What do cyber-criminals want?

money
valuable intellectual property
exploitable personal data

Where can they get this?

account hacking, which is hard, or payment redirection, which is a lot easier
your ultra-secure server which is locked down tighter than Fort Knox with everything on it encrypted in 256-bit AES encryption, or the relatively unprotected Google Drive your supplier stores it on (as the file will be open to anyone who can compromise the account)
your double encrypted HR database stored in a secure AWS instance or the plain-text Microsoft word documents stored on the supplier’s sales rep laptop with its unencrypted hard drive and an utter lack of virus protection and internet security software

In other words, if your supplier has:

a lot of your money coming its way
your intellectual property
your executives’ personal data

and their cybersecurity is not as good as yours, you can be sure the cybercriminals are going to be going to, and through, them to get to you.

So you need to know which of your suppliers are at risk, so you can reach out to them and work with them to close the holes and eliminate the risks to them, and you. And for suppliers that you do significant business with (and regularly send million dollar payments), who hold your patented IP (for custom manufactured electronics, etc.), or store your employees and/or customers HR data, you need to not only assess their vulnerabilities but continuously monitor for threats.

You need a supplier vulnerability assessment and monitoring solution that can identify vulnerabilities, help you communicate those to your supplier, detect improvements, and, most importantly, identify new threats as they emerge that could cost you, or your supplier, significantly.

Darkbeam is one of these solutions. The Darkbeam solution offers both of these capabilities, continuous vulnerability monitoring across your entire supply base (at a very affordable price point that starts at a mere £25,000 a year, which is low-end for any cybersecurity solution) and continuous threat monitoring, and assessment, of critical suppliers in your supply base (which you can add for an incremental cost that can be as low as £10,000 a year for your ten most critical suppliers).

The vulnerability assessment solution monitors:

Connections: SSL certificates and associated validations (hosts, IP, TLS, etc.)
Privacy: e-mail and cloud servers and configurations and breaches (esp. email addresses)
HTTPS: web site configuration, cookies, and port security
DNS: DNS record completeness, security, and recent changes
Blacklist: domain and email blacklist monitoring
Exposure: shared host identification, domain permutation monitoring, favicon, exposed subdomain monitoring, etc.

Cyber-weakness in each of these areas is highly relevant because it could allow hackers and cyber-criminals to exploit your supplier, and you, in ways that include, but are not limited to, the following:

an expired SSL certificate could allow a cybercriminal to register a fake certificate that validates a fraudulent facsimile of the actual site
exposed email accounts could allow a cybercriminal to masquerade as a supplier representative and change banking details for payment
an insecure site configuration could provide a backdoor into your entire network
incomplete DNS records could be completed by a cybercriminal and redirect traffic to a fraudulent site
if a domain shows up on a blacklist it could prevent email/traffic to/from the domain; and if emails show up on a blacklist, it could indicate compromised emails and/or emails not being received by their intended recipients
if a supplier’s website is on a shared host that is used by a lot of other sites (that are insecure), a number of (one-character-off) permutations of the supplier’s domain have been registered, favicons are being replicated, etc. then that is a strong sign the supplier is being targeted by cyber criminals (that could be coming for you, or your customers, through them)

Based on their assessment, they will compute a cyber-risk score (out of 999), the lower the better, and the higher the more concerned you should be (and the sooner you should reach out to your [potential] supplier to have a conversation about what they are doing to increase their cybersecurity, especially if they have, or will have, your IP or personnel data).

The threat monitoring and assessment solution is a service-based solution where the Darkbeam cyber-intelligence team continuously monitors the web and dark web for potential threats, investigates those threats when they are detected, and if the threats are relevant, they send you a report on which you can take immediate action which can include, but not be limited to, involving the proper authorities, that they have experience working with in multiple countries.

They literally monitor dozens of legit security and threat-intelligence sites (where general cyber security firms release warnings of cloud or software insecurity along with known breaches) as well as dozens of dark-web sites where shady characters like to sell, or at least indicate the presence of, IT, Trade and Finance secrets they should not have. On many occasions, they have detected breaches and data theft even before the supplier’s IT team knew about it (and definitely well before you did, if you were ever told).

If an incident or threat is detected, the threat report you receive will outline the issue (e.g. data exposure / breach), the root cause (e.g. system breach, ransomware, etc.), when it was detected, how it was confirmed, and what is currently being done / monitored. It will then outline the perceived severity (e.g. medium due to potential IP leakage, high due to personal data likely being stolen) as well as any potential follow on risks (i.e. personal logins that can compromise other systems). It will summarize the currently known information uncovered by the analysts and the current status (which could be ongoing). And it will provide current recommendations, such as reaching out to the supplier, changing logins and/or locking down your systems, reaching out to various agencies, etc.

All in all, Darkbeam is a great Supply Chain Cybersecurity solution and should be on your consideration list if you don’t have such a solution already. Cyber attacks are coming, and it’s best to be ahead of the issue, then behind it.

COUPA: Centralized Optimization Underlies Procurement Adoption …

… or at least that’s what it SHOULD stand for. Why? Well, besides the fact that optimization is only one of two advanced sourcing & procurement technologies that have proven to deliver year-over-year cost avoidance (“savings”) of 10% or more (which becomes critical in an inflationary economy because while there are no more savings, negating the need for a 10% increase still allows your organization to maintain costs and outperform your competitors), it’s the only technology that can meet today’s sourcing needs!

COVID finally proved what the doctor and a select few other leading analysts and visionaries have been telling you for over a decade — that your supply chain was overextended and fraught with unnecessary risk and cost (and carbon), and that you needed to start near-sourcing/home-sourcing as soon as possible in order to mitigate risk. Plus, it’s also extremely difficult to comply with human rights acts (which mandate no forced or slave labour in the supply chain), such as the UK Modern Slavery Act, California Supply Chains Act, and the German Supply Chain Act if your supply chain is spread globally and has too many (unnecessary) tiers. (And, to top it off, now you have to track and manage your scope 1, 2, and 3 carbon in a supply chain you can barely manage.)

And, guess what, you can’t solve these problems just with:

supplier onboarding tools — you can’t just say “no China suppliers” when you’ve never used suppliers outside of China, the suppliers you have vetted can’t be counted on to deliver 100% of the inventory you need, or they are all clustered in the same province/state in one country
third party risk management — and just eliminate any supplier which has a risk score above a threshold, because sometimes that will eliminate all, or all but one, supplier
third party carbon calculators — because they are usually based on third party carbon emission data provided by research institutions that simply produce averages for a region / category of products (and might over estimate or under estimate the carbon produced by the entire supply base)
or even all three … because you will have to migrate out of China slowly, accept some risk, and work on reducing carbon over time

You can only solve these problems if you can balance all forms of risk vs cost vs carbon. And there’s only one tool that can do this. Strategic Sourcing Decision Optimization (SSDO), and when it comes to this, Coupa has the most powerful platform. Built on TESS 6 — Trade Extensions Strategic Sourcing — that Coupa acquired in 2017, the Coupa Sourcing Optimization (CSO) platform is one of the few platforms in the world that can do this. Plus, it can be pre-configured out-of-the-box for your sourcing professionals with all of the required capabilities and data already integrated^*. And it may be alone from this perspective (as the other leading optimization solutions are either integrated with smaller platforms or platforms with less partners). (^*The purchase of additional services from Coupa or Partners may be required.)

So why is it one of the few platforms that can do this? We’ll get to that, but first we have to cover what the platform does, and more specifically, what’s new since our last major coverage in 2016 on SI (and in 2018 and 2019 on Spend Matters, where the doctor was part of the entire SM Analyst team that created the 3-part in-depth Coupa review, but, as previously noted, the site migration dropped co-authors for many articles).

As per previous articles over the past fifteen years, you already know that:

it’s an optimization-based negotiation platform for RFX & Auctions (2008)
it’s easy to use with OLAP reporting and integrated data classification (2009)
regardless of if you’re public or private, it generates fantastic results (2010)
it also offers constraint templates by category and true ROLAP (not just OLAP) (2010)
industry first fact sheets for optimization data definition of any kind of data (2011)
one of the first examples of response dependent RFIs / data collection in a modern sourcing platform (2011)
powerful optimization-backed e-Auctions (i.e. real time optimization) (2013)
extended scenario definitions, a plethora of constraint categories, and advanced feedback mechanisms (2013)
auto-formula extraction from enhanced fact sheets, a formula analyzer, and enhanced visualizations (2013)
a UI with a focus on UX and composable workflows long before “configurable workflows” and “orchestration” became the big thing (2016)
an analytics rule language that supports the construction of advanced formulas and rules for optimization using an advanced formula language (2016)
automated reasoning and guided rule construction engine (2016)
integrated support for complexity; powerful analytics to be used in sourcing as well as powerful optimization (2018; Spend Matters)
buyer centricity and integrated risk data (2018; Spend Matters)
extremely competitive as its capable of analyzing global billion dollar spend categories in a single scenario with hundreds of item requirements, thousands of potential products, thousands of suppliers and carriers and tens of thousands of lanes (2018: Spend Matters)
with industry leading connectivity & analytics encapsulation (2019: Spend Matters)

So now all we have to focus on are the recent improvements around:

“smart scenarios” that can be templated and cross-linked from integrated scenario-aware help-guides
“Plain English” constraint creation (that allows average buyers & executives to create advanced scenarios)
fact-sheet auto-generation from spreadsheets, API calls, and other third-party data sources;
including data identification, formula derivation and auto-validation pre-import
bid insights
risk-aware functionality

“Smart Events”

Optimization events can be created from event templates that can themselves be created from completed events. A template can be populated with as little, or as much as the user wants … all the way from simply defining an RFX Survey, factsheet, and a baseline scenario to a complete copy of the event with “last bid” pricing and definitions of every single scenario created by the buyer. Also, templates can be edited at any time and can define specific baseline pricing, last price paid by procurement, last price in a pre-defined fact-sheet that can sit above the event, and so on. Fixed supplier lists, all qualified suppliers that supply a product, all qualified suppliers in an area, no suppliers (and the user pulls from recommended) and so on. In addition to predefining a suite of scenarios that can be run once all the data is populated, the buyer can also define a suite of default reports to be run, and even emailed out, upon scenario completion. This is in addition to workflow automation that can step the buyer through the RFX, auto-respond to suppliers when responses are incomplete or not acceptable, spreadsheets or documents uploaded with hacked/cracked security, and so on. The Coupa philosophy is that optimization-backed events should be as easy as any other event in the system, and the system can be configured so they literally are.

Also, as indicated above, the help guides are smart. When you select a help article on how to do something, it takes you to the right place on the right screen while keeping you in the event. Some products have help guides that are pretty dumb and just take you to the main screen, not to the right field on the right sub-screen, if they even link into the product at all!

“Plain English” Constraint Creation

Even though the vast majority of constraints, mathematically, fall into three/four primary categories — capacity/allocation, risk mitigation, and qualitative — that isn’t obvious to the average buyer without an optimization, analytical, or mathematical background. So Coupa has spent a lot of time working with buyers asking them what they want, listening to their answers and the terminology they use, and created over 100 “plain english” constraint templates that break down into 10 primary categories (allocation, costs, discount, incumbent, numeric limitations, post-processing, redefinition, reject, scenario reference, and collection sheets) as well as a subset of most commonly used constraints gathered into a a “common constraints” collection. For example, the Allocation Category allows for definition “by selection sheet”, “volume”, “alternative cost”, “bid priority”, “fixed divisions”, “favoured/penalized bids”, “incumbent allocations maintained”, etc. Then, when a buyer selects a constraint type, such as “divide allocations”, it will be asked to define the method (%, fixed amount), the division by (supplier, group, geography), and any other conditions (low risk suppliers if by geography). The definition forms are also smart and respond to each, sequential, choice appropriately.

Fantastic Fact Sheets

Fact Sheets can be auto-generated from uploaded spreadsheets (as their platform will automatically detect the data elements (columns), types (text, math, fixed response set, calculation), mappings to internal system / RFX elements), and records — as well as detecting when rows / values are invalid and allow the user to determine what to do when invalid rows/values are detected. Also, if the match is not high certainty, the fact-sheet processor will indicate the user needs to manually define and the user can, of course, override all of the default mappings — and even choose to load only part of the data. These spreadsheets can live in an event or live above the event and be used by multiple events (so that company defined currency conversions, freight quotes for the month, standard warehouse costs, etc. can be used across events).

But even better, Fact Sheets can be configured to automatically pull data in from other modules in the Coupa suite and from APIs the customer has access to, which will pull in up to date information every time they are instantiated.

Bid Insights

Coupa is a big company with a lot of customers and a lot of data. A LOT of data! Not only in terms of prices its customers are paying in their procurement of products and services, but in terms of what suppliers are bidding. This provides huge insight into current marketing pricing in commonly sourced categories, including, and especially, Freight! Starting with freight, Coupa is rolling out a new bid pricing insights for freight where a user can select the source, the destination, the type (frozen/wet/dry/etc), and size (e.g. for ocean freight, the source and destination country, which defaults to container, and the container size/type combo and get the quote range over the past month/quarter/year).

Risk Aware Functionality

The Coupa approach to risk is that you should be risk-aware (to the extent the platform can make you risk aware) with every step you take, so risk data is available across the platform — and all of that risk data can be integrated into an optimization project and scenarios to reject, limit, or balance any risk of interest in the award recommendations.

And when you combine the new capabilities for

“smart” events
API-enabled fact sheets
risk-aware functionality

that’s how Coupa is the first platform that literally can, with some configuration and API integration, allow you to balance third party risk, carbon, and cost simultaneously in your sourcing events — which is where you HAVE to mange risk, carbon, and cost if you want to have any impact at all on your indirect risk, carbon, and cost.

It’s not just 80% of cost that is locked in during design, it’s 80% of risk and carbon as well! And in indirect, you can’t do much about that. You can only do something about the next 20% of cost, risk and carbon that is locked in when you cut the contract. (And then, if you’re sourcing direct, before you finalize a design, you can run some optimization scenarios across design alternatives to gauge relative cost, carbon, and risk, and then select the best design for future sourcing.) So by allowing you to bring in all of the relevant data, you can finally get a grip on the risk and carbon associated with a potential award and balance appropriately.

In other words, this is the year for Optimization to take center stage in Coupa, and power the entire Source-to-Contract process. No other solution can balance these competing objectives. Thus, after 25 years, the time for sourcing optimization, which is still the best kept secret (and most powerful technology in S2P), has finally come! (And, it just might be the reason that more users in an organization adopt Coupa.)

Mercanis: Men with a Mission to bring Modern Volkswagen Efficiency with BMW Style to Source-to-Contract! Part 2

As discussed in Part I, Mercanis is a new Source-to-Contract mini-suite provider based in Berlin, Germany that is bringing a powerful, affordable, and easy to use solution to the mid-market that not only has core capabilities in sourcing, supplier management, analytics, and contract management, but also has core capabilities around risk assessment AND intake, which is not something we have traditionally seen in mid-market Source-to-Contract, and even enterprise Source-to-Contract and Source-to-Pay suites.

Logging into Mercanis takes the end user, who could be a buyer, an AP clerk, or an average employee who needs to go out to market for a product or service to do their job, to their customized dashboard (according to their role) where they can see an overview of their events/requests, contracts, suppliers (including individual supplier overviews) they manage or have access to, organizational spend they oversee, and other relevant information depending on the selected widgets.

Yesterday we overviewed Sourcing, Supplier Management, and Risk. Today we are going to overview Contracts, Spend Analysis, and Platform Administration.

CONTRACTS

Contract Management in Mercanis is straightforward contract document management with a sprinkle of contract creation capability. It stores all of the contracts and associated metadata, including the supplier, active term, value, type, and status (which is draft, pending, active, inactive, and archived by default). It’s easy to search, filter, retrieve, and view a contract at any time. Viewing takes the buyer to the summary screen, from which the user can drill into more detailed screens on payment, linked documents and contracts, stakeholders, relevant clauses, and other (custom) information screens as appropriate to the contract type. The system also supports the definition of tags and contracts can be tagged to categories or conditions of interest, such as sensitive of personal data, auto-renewing, special initiatives, and so on.

Uploading a contract in the Mercanis platform is easy. You drag and drop the document and it auto-extracts most of the key meta data elements that are described in the platform using OCR and advanced NLP. It’s not perfect (no system is, no matter how much fancy AI the systems claim), but it’s easy for the user to override any extract data that is not quite what they want, or not found, and index into the relevant part of the contract.

Finally, contract queries can be search and filter on metadata or Natural Language chat, which will learn from repeated use and adapt to the user’s natural language queries over time.

SPEND ANALYSIS

Basic Spend Analysis is integrated into the core and allows the user to select filterable widgets and dashboards that show spend by category, cost center, supplier, and other major identifier in the system (contract, sourcing event, etc.). It is instantiated with AP data on system implementation, which the system auto-maps to your pre-defined category taxonomy using (auto-generated) mapping rules consisting of suppliers and keywords/phrases/abbreviations/tags in the line item descriptions (identified by AI and curated by humans) and provides sourcing professionals insights from the date of go-live.

As with every other modern platform, it’s easy to drill into the categories (and sub-categories), suppliers, cost centers/business units, and contracts and see the associated transactions. Filters will also allow limiting to date ranges or other record values of interest. And it’s very easy to pop-up a supplier profile from a spend analytics widget or screen or a contract as the analytics, while basic compared to best-of-breed spend analysis tools, are fully integrated.

ADMIN

When it comes to platform administration, it is highly configurable by the organizational administrators. This administration includes the ability to configure approval paths, role groups, individual users, and workspaces (which roles can be limited to) as well as the company information your suppliers see about you. (It’s such a simple concept, but even many SRM platforms don’t make it easy for a supplier to access the customer information about you that they need as a supplier.) There can be different approval paths for every workflow including, but not limited to, supplier onboarding, sourcing (intake) request approval, sourcing awards, and contract approvals, including conditional/branching approvals based on arbitrary fields (such as amounts over or under 50K, product/service category, etc.). These flows can be built using a visual approval workflow builder that can support all standard Boolean logic and if/then/case conditionals.

Let’s dive into workspace configuration, as this is one of the most unique capabilities. The platform supports the definition of as many workspaces as you want, where each workspace can have its own dashboard, its own subset of modules, restricted/no admin access, approval workflows, and templates. Most importantly, a role can be associated with a workspace and when a user is associated with role, that is the workspace, and the only workspace, they will see when they log in. If necessary, the platform can support hyper-personalization natively.

In addition to the platform administration capabilities outlined above, the organization can define business units, manage its category tree (for sourcing and the built in spend analysis), define it’s default meta data requirements by contract type, visually manage all platform workflows (across all modules), manage its currency exchange rates, define its (supplier/RFQ) ratings, and define and manage the data collection templates for every module in the system including supplier data collection forms, pricing sheets, RFP questionnaires, and contract/document templates.

When it comes to workflows, just like the platform can support as many workspaces as you like, it can support as many workflows as you like for each process supported by the module. For example, you can not only have a different sourcing workflow for each category, but you can have multiple workflows based on expected spend. You can have different supplier onboarding workflows depending on category, geography, or a combination thereof (for example), different contract / document creation and management workflows (in addition to approval), and so on. And each can be linked to the associated module in the associated workspace. Highly configurable.

Workflow definition is enabled by the rule builder which is very flexible, and just like approval workflows, is completely visual, supports all Boolean logic, and allows rules to be easily defined in a rule chain that defines the category/ies, role group(s), workspace(s), discriminator (such as budget amount), and action (which can itself kick off another workflow).

The pricing sheets are very flexible and essentially act as mini-spreadsheets embedded in the sourcing tool. Allows for detailed cost break downs and calculations in both sourcing events, and analytic comparisons. The templates can have any number of elements and support all standard HTML components.

IMPLEMENTATION

The system can be implemented and configured for go-live in as little as two weeks, as long as the relevant supplier dataset and spend history can be provided day one and is complete enough that their processes can sufficiently classify the AP data on the first pass to the point that they can complete the processing with manual intervention within the timeframe. Note that the buying organization can choose to load all suppliers, all suppliers used within the last x months or years, or just currently active suppliers that will be used in sourcing events.

Mercanis is a great new entry to the mid-market Source-to-Contract space, especially considering all of the acquisitions and roll-ups of the last 5 years or so that took a lot of companies out of the mid-market and into the enterprise suite game. If you’re looking for a new S2C solution, and especially if you are based in Europe, Mercanis will make a great addition to your shortlist. It’s come a long way in a short time and the doctor has no reason to believe that they won’t continue to make significant progress, and add significant value, over the next few years while maintaining a price-point the mid-market can afford.

Mercanis: Men with a Mission to bring Modern Volkswagen Efficiency with BMW Style to Source-to-Contract! Part 1

Mercanis a new Source-to-Contract mini-suite provider based in Berlin, Germany that is bringing a powerful, affordable, and easy to use solution to the mid-market that not only has core capabilities in sourcing, supplier management, analytics, and contract management, but also has core capabilities around risk assessment AND intake, which is not something we have traditionally seen in mid-market Source-to-Contract, and even enterprise Source-to-Contract and Source-to-Pay suites.

Today we’re going to discuss Sourcing, Supplier Management, and Risk.

SOURCING

Creating a sourcing event in Mercanis for new or previously sourced articles can be accomplished in just a few minutes as the platform was designed for high efficiency. With integrated intake, the system will either guide an organizational user to a self-serve sourcing event for articles (products/components/fixed services) in acceptable categories under a certain amount or funnel to the appropriate sourcing team, as appropriate.

When an organizational user wants something, they define their event name, a unique departmental project reference, category, budget, RFX due date, relevant organizational tags, affected business unit[s], preferred NDA (from those associated with the category), and then the system will either notify the requester that this needs to be a (strategic) sourcing event and direct it to the sourcing team or take the buyer to their (selected) workspace where they can set it up on their own.

In either situation, the next step is to select suppliers. Suppliers are auto-suggested by the system and it’s one click to select them (and the user can search for other known suppliers or even invite a new supplier for onboarding if they want to). After that, they select an appropriate pricing sheet (from those associated) which is automatically pulled in, and then they select appropriate RFP surveys that they want filled out (which are also auto-suggested based on the article). They can then launch the event immediately, or specify a later date, and at any time they can (come back and) add stakeholders.

For a single article, since everything is auto-suggested, they can literally select the core suppliers, price sheet, and surveys with a few clicks and launch a small event in a minute. Most events on an article or category can be reasonably defined in five to fifteen minutes (vs. the 15 hours for some first, and even second, generation suites).

In the Sourcing projects can be multi-round if necessary. Once the results come back, the buyer can kick off another event based off of that project and link it to the existing one to create a multi-round event.

Also, once response come in, as many stakeholders as desired can score it, the scores can be weighted, and once an award is decided upon, it can be sent to the contract module. Survey responses for each survey can be compared side-by-side for easy comparison against peers. And when the individual responses are scored, the buyer can see the assessment criteria scores graphically in spider graphs, including a calculated score based on total relative pricing. When it comes to price sheets, which can include embedded formulas, the buyer can select the prices of interest for side-by-side comparison as well. And to make the comparisons pop, the buyer can even shift to dark mode. While not always the best for data entry, it does make certain visual comparisons pop.

The entry point to sourcing is the dashboard which will summarize the requests, events by category, upcoming, and current sourcing events that need to be reviewed, managed, or awarded.

An organizational buyer can also two-click a new sourcing event by going to the article summary screen, locating the article of interest, clicking on it, defining an event name, selecting one of the associated sourcing workflows (defaulted if just one), selecting one of the associated pricing sheets (defaulted if just one), and confirming the event creation.

SUPPLIER MANAGEMENT

The Supplier Management module revolves around the Supplier Repository which organizes all supplier related information in the system with each supplier maintained by the system. It’s easy to search suppliers by name, category, location, associated transaction cost centers, and other information. Upon implementation, Mercanis can import all of your suppliers from your ERP, just a subset you mark as active, or only those suppliers used in the past x years.

On implementation, they will pull in as much information as they have, fill in gaps with any information they have in their system, and augment with a 360-degree profile they auto-generate using their AI tools that scrapes supplier websites and pulls in data from third party sites, Compliance Catalyst, Dun & Bradstreet and/or other third party supplier data providers you have a subscription to. This profile will include a short description, any known (reference) customers, categories the supplier (can) supply in your taxonomy, any known contacts, owners, known business units, primary / head office location, website and Linkedin URLs, and even known similar suppliers in your database. It will also contain direct links to any third party profiles you have access to, and can even pull all of that information into the platform for you.

This is in addition to the basic corporate information (and contacts) maintained by the system (which includes legal identifiers, basic accounting information, and location data), supplier states (which can be buyer organization defined), tiers (as the organization can track tier 2 suppliers or suppliers typically used by your suppliers, third party ratings (from the ERP or a data partner) and data that can be pulled in (which can be visually displayed in spider graphs), specific information collected during onboarding, and appropriate risk data (including cached data from any third party data feeds you have a license too). Note that suppliers can also be evaluated using organizational surveys that can be associated with them, and multiple evaluators can be associated with these surveys.

The SRM system also centralizes and maintains a record of all system activity, including sourcing events, contracts, risk profiles, and associated supplier analytics. It also tracks all associated tasks from across the system in one location, all associated (onboarding/sourcing/contract) requests, and any notes the buying organization wants to add.

New supplier creation is easy. It can be as easy as defining a name and email to kick-off the onboarding process, which will send a request to the buyer to provide the requested information. (Note that if you provide an appropriate legal identifier or URL and the supplier is in the Mercanis database, base information will automatically be populated to simplify the onboarding process for the supplier.)

Search can be customized to work on any given supplier identifier.

RISK

The risk module, primarily used in supplier pre-qualification, tracks country and industry risk across the globe and can instantly associate the relevant country and industry risks with an existing, or new, supplier based on its address and NAICS code. The platform uses over 40 different data sources to analyze country and industry risk in accordance with the German Supply Chain Act and computes a score for every country-industry risk correlation.

In addition, it can integrate with third party data from providers like IntegrityNext and Ecovadis and, for any supplier, pull in all the relevant data if the customer has the data feed licenses and automatically compute advanced risk measures using their data (from public sources) and third party data.

Come back tomorrow for Contracts, Spend Analysis, and Administration.

Sourcing Innovation

Next Generation Supply Management Defined