Category Archives: Risk Management

Brooklyn Solutions: An Answer to Your Third Party Compliance Management Challenges!

In our last article, we introduced you to the oft-overlooked area of Third Party Compliance Management which is not adequately addressed in the majority of Third Party Risk Management solutions, despite beliefs to the contrary. And those of you who pay attention probably realized that in addition to telling you about the challenge, we were also going to tell you about one potential solution (and give you a starting point in your research).

One starting point is Brooklyn Solutions, founded in 2018 to automate and scale vendor management for compliance standpoint across the enterprise. In order to ensure compliance, they offer not one, but four core modules to address all the relevant areas — third party risk management, third party relationship management, and third party contract management in addition to third party compliance management (as they all feed into the compliance pie) — as well as two auxiliary modules for ESG (which is an area all its own) and Digital Assessment Frameworks (for automated digital assessments in the supply chain tail). They already have global customers with over 1,000 users across multiple industry sectors which they support with offices in the US, UK, and South America.

Note that their holistic approach to compliance management (by tracking the vendors the organizations interacts with, the contracts that govern key relationships, and risks they are subject to in order to collect the necessary information to ensure compliance) is not just because of the criticality of compliance (as lack thereof can result in massive fines and even criminal charges to executives in some countries), but because a lack of compliance with organizational policies and contracts can lead to an average overspend of 9% to 15% in contract value in an average organization as per Gartner, Deloitte, PWC, McKinsey & Company, Bain & Company, CIPS, and the WorldCC. In this economic climate, that’s not something any company can afford!

Considering how many CLM solutions are on the market, you’re probably wondering how so much value leaks, especially since the classic cause of lavish leakage was due to lack of good e-Procurement systems that could m-way match the invoice to the PO, the pricing to the contract pricing, the line items to the goods (and services marked) received, and so on to make sure what was paid was what was agreed to. That’s because most CLM systems that claim to “govern” a contract are actually just glorified electronic filing cabinets that track the metadata and alert you when it’s expiring. And even if they allow you to break out obligations, most don’t track the extent to which they are mapped, monitor the risks that can lead to disruptions that can lead to a significant loss, assess the downstream parties that can put you in non-compliance, ensure performance is at agreed upon levels, and so on. Furthermore, even though the more advanced systems will support negotiation, all that does is allow you to identify value (not capture it), or perform (process) analytics, and that’s just helping you get efficient in the partial process the system supports, not efficient in capturing the value. That’s why Brooklyn Solutions focuses on ongoing contract and risk management from a compliance viewpoint AFTER the contract is signed rather than focussing on all of the pre-contract-signing and onboarding activities that the majority of traditional S2P, CLM, and TPRM vendors are focussed on.

It does this by allowing the organization to define as many workflows and actions as it needs to define in order to ensure all processes necessary for compliance are met. The workflows can be tailored to precisely what the organization needs. We’re not going to go too deep into workflow construction, as you’re probably familiar with how it will work if you have a supplier / third party onboarding platform that also allows you to configure the process, but point out one key difference between workflow construction in Brooklyn Solutions vs. many other platforms. The one key difference we are going to point out is that the logic is not only conditional and fine grained but can trigger other processes based upon the responses which can themselves trigger other processes and allow for as much branching as needed to get the information an organization needs to manage the risk, maintain the relationship, fulfill the contract, and ensure compliance — and these (sub) workflows can even branch back into the right point of the main process when the time is right.

These workflows can also punch out to third-party systems and automatically pull in risk and compliance data into the platform, data which can trigger new risk and compliance workflows if the data that comes back is too risky or potentially non-compliant. The configuration capability is extremely flexible. Essentially, Brooklyn Solutions is an orchestration platform built for managing third parties, contracts, risks, and compliance in a cohesive whole.

Contract Management Overview

Since the contract management solution is focussed on obligations, SLAs & KPIs, issues and workflows and was designed to help the organization ensure that the negotiated terms are adhered to, and value achieved, it’s functionally a meta-data driven application and the entry point is an analytics dashboard that gives you deep contract analytics on obligations, reviews, documents, SLAs, (open) risks, and (current) actions. It’s easy to dive into any aspect and see detailed status; this includes diving into obligations and getting an overview of how many are pending, overdue, and non-compliant; into (open) risks and see those where there are actions and the status of associated actions; into documents and how they breakdown by active vs inactive contracts, addendums, etc.; and so on.

The obligation tracking is exceptional. You can fully define what the obligation is, who is involved, what workflow is required to complete it, whether or not it’s a critical path obligation for a contractual, risk, or compliance requirement, the relevant financials, and the frameworks being used as well as track activities and associated action items, associated documents, and status. The obligations can also be linked to related parties in the supply chain and tracked down to the source supplier or supplier that need to adhere to them easily using Sankey Diagrams.

Relationship Management Overview

Relationship management in Brooklyn Solutions isn’t the touch-feely relationship building that Procurement sells as a way to become a “customer of choice” and “reduce costs”, nor is it the activity definition and tracking capability of a traditional old-school SRM application (where the “R” stands for Relationship, and not Risk). It’s a data and metric tracking application focussed on SLAs and KPIs, performance scorecards and monitoring, and regular policy and governance reviews to ensure everything stays on the up and up.

It’s also one of the perfect solutions to plug into the Customer-Supplier-Management gap left by P2P/S2P systems between the PO and the Invoice as it allows you to

  • onboard suppliers and ensure core data requirements are collected and fulfilled
  • quickly get complete, 360-degree, supplier profiles
  • define and assign actions and issues and track the status
  • collaborate with the third party at any time
  • kick of governance reviews as needed

Supplier profiles not only consist of basic organization and contact information, but all associated contracts and documents, obligations, risk profiles and data, performance data and scorecards, associated actions (in all states), and interactions including meeting minutes and upcoming meetings. They also allow you to drill into the relationship hierarchy UP and DOWN the chain.

Risk Management Overview

The risk management application is all about tracking organizational risk ratings (as well as what a supplier can do to reduce their risk rating), risk indicators and monitoring risk levels and allowing the organization to quickly find out, for any supplier contract, obligation or compliance requirement what the currently assessed risk is. They are colour coded in a matrix that allows a buyer to quickly dive into the high or moderately high risks that could pose a critical compliance risk, dive in, and address them.

It’s also very easy to get an overview of the entire portfolio of risks tracked in the system, the risks with the worst scores or least/no controls, the suppliers with the most concentration of risk, the individuals who own the most risk (either through suppliers, contracts, relationships, etc.), and so on. You can quickly identify the high risks, which ones can be reduced, what can be done, and how the effort can be initiated, and kick it off.

All risks are scored on a 1 to 25 scale that is meant to gauge the impact vs. probability which is mapped against the organizational typical risk tolerance to quickly identify those risks that are too high with respect to organizational tolerance (red), slightly higher than tolerance (yellow), and well below (green), with orange between yellow and red and dark green between yellow and light green.

Compliance Management Overview

The fourth, and most important of the four primary modules, is compliance management which, unlike prior generation compliance and GRC (Governance, Risk, and Compliance) solutions that were built to help you collect compliance data for reporting, was designed to ensure the organization was digitally fit for audit. And yes, there’s a difference. When a platform collects data simply for the purpose of completing a report, it’s a static piece of data in one place that can be queried individually or spit out as part of a pre-coded data dump for report creation. It technically solves the reporting problem, but it doesn’t solve for audit.

When your organization undergoes an audit, it’s more about the data that goes in an annual report. Where did it come from? When? Who verified it? Why was it deemed acceptable? Did you explore all of the necessary elements in making the determination?

For example, if you’re undergoing a GDPR compliance audit because someone complained that you don’t protect personal data and you hand over a report that says all the personal data you have is encrypted, and that you have annually tested processes in place to verify that all personal data you aren’t legally required to keep by law on an individual can be quickly deleted, it still doesn’t satisfy a compliance audit if you use third-party data services (“processors”) to store and process some of that data.
If you haven’t a) fully verified they are fully compliant with the regulations and can do the same purges in your tests and b) fully verified any third parties they use can do the same, you can’t claim to be fully compliant. For example, a cloud service might use a third party for managing its database and another cloud service to identify personal data that might not be appropriately tagged. If those third parties used by your cloud service aren’t fully compliant, then your cloud service isn’t fully compliant and you aren’t fully compliant. And that’s trouble that you would not identify in a compliance solution built for reporting and not for audit.

Since Brooklyn Solutions was built for audit, you can drill into the supplier profile, see their connected parties, and, in particular, the third parties that manage their systems and data and whether they have completed their audits, have the appropriate certifications, and run (and report) the proper tests annually. If not, you can reach out to them directly, send them the surveys, collect the reports, and do your own compliance analysis if you need to. And then, when the auditor comes in and asks you to prove you did the necessary exercises to ensure compliance, you can go into the system, show them all the parties you directly deal with that may have access to your customers personal data, drill into them, show that you know all their suppliers, show that you ensured that each of them were compliant, and so on down to the last service provider in the chain that may, even indirectly, have access to your customer’s personal data. Since it can handle the GDPR example above, which is one of the toughest audits you could get, you know it can handle any other supply chain audit as well.

No matter what question the auditor asks about a report you submit, with a few pieces of information and a few clicks, you can drill in to not only show exactly what answered, but where the data came from, why, what processes you used in collecting it, and how confident you were. You can also show all of the historical actions, reviews, in-platform conversations, documents, etc. It’s a full fact-based history, not a partial viewpoint based on the memory of the best organizational expert.

Also the holistic TreeMap overviews of compliance areas or risk areas (based on financial risk impact or some other indicator) makes it quite clear to an organization just how well they are doing, or not doing (and quickly dive into the areas where the compliance is the least or the risk the highest).

The only real shortcoming is that, while it can be configured to ensure compliance for any global regulation you can think of, as of now, only four compliance requirements are fully supported out of the box: the German Supply Chain Act, the EU EBA/EIOPA guidelines, the UK PRA Outsourcing regulations, and GDPR. This is because they’ve spent the last five years building all of the core capabilities required for holistic third-party compliance management (and started in the Financial Services sector, coding for those regulations first).

However, now that they’ve built and fleshed out all the core capabilities, and natively integrated it all into one consistent view (for every module you purchase), which is backed up by powerful AWS QuickSight dashboards that can be drilled, filtered, and searched on any data dimension, they plan to start adding more out-of-the-box support for global regulations over the next few years. Whether it will be by area (of ESG, CSR, etc.) or industry has yet to be determined, but with all of the necessary capability built into the platform, it won’t be hard for them to add more acts in a relatively short time frame. It’s just regulatory expertise, obligation data element identification, and workflow coding at this point.

Roadmap

With respect to Brooklyn Solutions‘ near-term roadmap, they will soon be releasing a number of “Gen AI” capabilities built on appropriately trained next-generation large language models (LLMs) for natural language processing (NLP) that use human curated data sets relevant to the problem at hand. These new capabilities, which are designed to increase user efficiency, could make some users three times as efficient (or more) in their jobs as they are now. (Right now, power users in the platform have been measured to be 200% more efficient in their responsibilities than before when they were working without the help of Brooklyn Solutions.) The new “Gen AI” capabilities are being deployed to power the following new capabilities:

Meeting Agenda Generation
Identify the supplier or action team, and the platform will scan all associated actions, flows, contracts, risks, and compliance requirements and create an agenda based on open / incomplete items and changes since the last meeting (which can be quickly edited or adjusted based on the desires of the meeting organizer)
Executive Meeting Summary
Attach a transcript of the meeting meetings (which can be auto generated using the transcription capability of most modern video conferencing platforms) and any supporting documents and it will generate an executive summary
Report Generator
Similarly, select a supplier or contract and time-period, and items of interest (events, contracts, risks, compliance requirements, etc.) and the solution will generate a written summary of the items of interest, highlighting those that are (scored) high or low, fully formatted and exportable to docX, xlsX, and pptX
Automated Survey Creation
Identify the risk, capability, and/or compliance requirement you are concerned with, where you are concerned with it, how concerned you are with it, and how intrusive / work intensive you want it to be for your suppliers (by way of a max question count) and the platform will use its built-in knowledge of the risk, capability, and/or compliance requirements and its library of surveys/templates to auto-generate a survey and send it to all suppliers in, or dependent on, the region in question
Contract Clause Explainer
Highlight any clause in the contract and the solution will translate that clause into everyday layperson English (or for those clients in the UK, the King’s English on special request, as that requires a special configuration), and provide one or more examples of where that clause would come into effect and/or how it may be used
Contract Search by Topic
For example, if you want to identify all clauses in a contract that might relate to or satisfy GDPR, the solution will automatically identify the key requirements of GDPR, determine the most likely terminology that would appear in the contract, search for that, contextually analyze the clauses, and return those most likely to relate to GDPR with an everyday language definition of each. The same can be applied to any “contract clause” you can define, such as termination, audit right, price increase, and sub-contractor to name but a few.

Summary

In a nutshell, Brooklyn Solutions is one of the most complete Third Party Compliance Management solutions the doctor has ever seen. If compliance is an issue for your organization, be sure to add them to your shortlist.

An Introduction to TPCM: Third Party Compliance Management

TPRM: Third Party Risk Management is Big. Really Big. In fact, as evidenced by recent investments over the past year (Spectrum’s 200M investment in RapidRatings in 2022, Vista Partners acquisition of Resilinc, and now the 1.2B acquisition of Exiger by Carlyle and Insight), it’s HUGE. Actually HUGE! (Not Trump huge. In fact, the exact opposite. 😉 )

Why? The pandemic finally caused the space to wake up and realize not only how significant long-term disruptions are, but how much risk has been embedded in over-extended global supply chains over the last thirty-plus years (thanks to the global sourcing craze started by McKinsey and their ilk in the 90s as a method of “cost savings”, which really just resulted in “spend transference” to big consultancy pockets and the buildup of risk, and risk related debts, in the supply chain that, just like technical debt, always comes due someday). Big corporations have finally realized they need to manage that risk, or at least maintain constant visibility into it, if they want to get the supply they need to just stay in business. (At the end of the day, “cost savings” don’t matter if you don’t actually stay in business, which is what happens when you don’t receive any products to sell. So you need to assure supply first, and then avoid unnecessary cost second — especially since there is no real “savings”, just cost avoidance with improved processes, designs, networks, management, etc.)

As a result, these companies, who were mostly clueless about the risks (sometimes by choice), needed solutions now to at least get insight into the risks so they could plan mitigations, or at least take action when something happened. Since their traditional enterprise / manufacturing resource management, supply chain, source-to-pay, or back-office systems didn’t give them the insight they needed, they finally started to turn to TPRM (and in some case, broader SCRM – Supply Chain Risk Management) systems in a big way.

And that’s great. Until it isn’t. As a result of all of the supply chain failures and the impending disasters they created across supply chains, not just health and defense, governments have started taking action and introducing a lot more regulatory compliance into the mix. This is at the same time they are waking up to the wild west of technology and introducing a lot more regulation into the mix around personal data and use of AI. And with fraud and money laundering seemingly increasing without end, there’s a lot more regulation around partner due diligence. And then there is the reality that the world is heating up (whether you believe in climate change or not), that this heating up is contributing to an extremely substantial increase in natural disasters, that temperature is correlated with carbon and greenhouse gasses (GHG) in the atmosphere, that we are currently producing a lot of carbon and GHG as a species, and while we may not have been entirely responsible for getting here (as there are other factors that cause temperature to naturally rise and fall on a planetary scale — although the changes we’ve seen in the last few decades have historically taken centuries or millennia looking at the geological record), we need to do everything we can to not make it worse (or risk natural disasters on a scale that have not been seen for millennia, and that have sometimes even led to extinction level events in the past). In response to this, countries are making commitments to the Conference of the Parties of the UNFCCC and instituting legislation limiting the carbon you can create (without fines or fees to offset that, presumably fines or fees that will be invested in greener energy options, but we have to admit many governments haven’t thought that far ahead) and the amount of other pollutants you can pump out.

In other words, not only do companies have to worry about more risks than they are aware of, they also have to deal with more regulations than they can easily keep track of (and, when they’re not on the ball, they don’t find out about them until they get a fine) — as well as dedicate way more time than they should gathering the required information for, and filling out, the appropriate reports and filings.

Moreover, and this shouldn’t surprise you, the vast majority of TPRM (and even SCRM-TPRM) systems don’t help with this at all. While they can be configured to detect issues that may represent potential violations, they generally don’t collect the reporting data that is required and typically don’t provide the detailed trickle-down visibility that is needed to verify that key requirements — such as personal data protection, no forced labour, etc. — are truly adhered to throughout the chain.

That’s why many big multi-national organizations, especially those that collect and process personal data, do a lot of global importing or exporting, or deal with extended supply chains and have to comply with extensive privacy regulations AND data protection laws in the finance sector, have to comply with hundreds of sanctions and denied party lists globally (as well as ensure there are no connected beneficial entities on those lists), and/or need visibility down to the source on human rights needs a solution that understands the regulations they are subject to, encodes the data they need to collect and the violations (special types of risk) they need to monitor for, and helps them produce the reports and regulatory filings they need to make.

And the only system that can do this is a Third Party Compliance Management solution, which has some commonality with a Third Party Risk Management solution, but also a lot of differentiation as well. Most organizations won’t know they need such a solution, as they won’t even know that such a solution exists (as there’s not many solutions and not much buzz about them … yet). Hopefully this post will change all that. Even though the solutions are two sides of the same coin, the sides haven’t met yet, and until they do, which could be years (and years and years) away (because no one has really thought about the hard center yet), for many companies, what they really need is a TPCM solution.

What Impact Will Power Politics Have on the Sustainable Acquisition of Raw Materials?

the doctor doesn’t know, but it’s a question we need to ask, and answer, before politicians run away with an agenda that maximizes their bank account while simultaneously maximizing economic and environmental damage.

In September, JPMorgan Chase CEO Jamie Dimon stated that geopolitics is the world’s biggest risk and, more specifically, that we have dealt with inflation before, we dealt with deficits before, we have dealt with recessions before, and we haven’t really seen something like this pretty much since World War II. And while he didn’t mention power politics in particular, we’ve seen a lot of first world countries elect leaders with protectionist/centrist viewpoints, a directorial demeanor, and anti- free-trade stances.

Due to a loss of jobs, a loss of manufacturing, and a lack of reliability of supply, we’ve seen a lot of pushback on China (which is a major global source of many raw materials, and rare-earths in particular) while India is gaining ground in the BRICS (thanks to the anti-Russian Sentiment among those Pro-Ukraine and the instability of the Brazilian economy along with the China pushback), the United States implementing Buy American policies, the EU taxing anything they are sanctioning or trying to enforce “Buy EU” policies on, and the UK making decisions since (and including) Brexit that no one understands.

Now, we should all be buying local to the extent possible (which might be the local farm, the state farm, or the farm one country south if ours is too cold to grow the produce we need; and, similarly, a factory in the country or a neighbouring one), when it comes to certain raw materials, especially rare earths and metals for which we do not have (more sustainable) alternatives, one doesn’t always have a choice. And the reality is that, for a given country, only one country will have the most sustainable source of rare earth and/or metal supply when you take into account the mining operation, the processing operation, and global shipping. And if protectionist/centrist/trade policies prevent purchasing from that country, and the next two or three most sustainable (and/or most economical if your company is in/selling primarily to a developing country and you can only afford so many sources), the alternatives are not good.

So while it’s hard to quantify what the current era or power politics will have on the sustainable acquisition of raw materials and (precious) metals, it’s a question your organization needs to answer if you rely on such, and take steps to inform your local lobbying organizations to make sure that critical, sustainable, sources of supply are not blocked until alternatives are developed (especially if your organization needs to hit carbon [reduction] targets).

And if you don’t think this is an important topic, then why did Dr. Naoise McDonagh, a Lecturer at Edith Cowan University and a former Board Member of the Australian Institute of International Affairs, recently publish an article in the interpreter (published by the Lowy Institute) on why Australia must play the geoeconomics game, or risk being side-lined.

Dr. McDonagh believes that acts such as the US’ IRA (Inflation Reduction Act) or the EU’s Critical Raw Materials Regulation, designed to drive growth in a particular industry (and, in particular, North American or EU-based EV supply chains) will act as a vast black hole sucking global capital from other destinations operating on purely comparative advantage terms which includes Australia.

Dr. McDonagh argues that these acts, and similar measures being implemented globally, are part of a geopolitical transition that is creating a two-level world economy: a standard economy with normal market access and a de-risked economy with restricted access for actors of concern. And since the types of restricted access we are seeing typically revolve around rare earths and metals, this means that we need to ask the question we asked in the title: What Impact Will Power Politics Have on the Sustainable Acquisition of Raw Materials?

the doctor doesn’t think the answer is obvious, and definitely doesn’t agree that Dr. McDonagh’s insistence that the answer for Austrailia is the 10-year Australian Renewable Industry Package because the doctor believes the question is more nuanced than anyone currently understands. However, the doctor does agree with Dr. McDonagh’s reading of the situation and that power politics is quickly becoming one of the most significant risks to your supply chain, which is even more unpredictable than strikes and natural disasters.

If you have a partial answer, comment on LinkedIn. We need them before bad decisions are made for us.

Source-to-Pay+: An Introduction to Supply Chain Risk

If you missed the risk series, you might want to catch up. Risk doesn’t just stem from your immediate inbound tier 1 suppliers, it stems from your entire inbound supply chain. Your Supplier “Risk” Management solution only gives you a partial picture at best. Find out what you need to get the rest!

1: The Beginning
2: End-to-End
3: Corporate Risk
4a: Third Party Risk, Part 1
4b: Third Party Risk, Part 2
5: Supply Chain Risk, Generic
6: In-Transport Risk
7: Multi-Tier Supply Chain Risk
8: Analytics / Control Center
9: Cyber Risk

If You Need to Bring The Hammer Down, Make Sure You Have An Anvil (Analytical)!

On New Year’s Day, 2022, Anvil Analytical (Anvil) was spun out of 4C Associates to bring a stand-alone spend-analysis technology solution to the market, based on the solution that 4C had developed over the course of a decade or so. (4C was founded back in 2000 to help companies with their Supply Chain and Procurement operations, and that required a deep understanding of the supply base and spend, and that required the ability to dig deep into the organizational spend.)

However, while the solution revolves around their service-oriented spend analytics solution (which can include a contract-focussed spend analytics module), Anvil Analytical also offers a Scope-3 Carbon Tracking, a country-based Risk Intelligence, a Market & Inflation Intelligence solution, and a Project Management (Savings Tracking) module.

When we say service-oriented spend analytics solution, we mean it’s a hybrid service/DIY solution. Anvil handles the data loads and refreshes, the validations, the mappings to your chosen taxonomy (which also maps to their internal taxonomy, more on this later), the initial implementation of the system, new report (dashboard) creation and customization (a certain number of hours for this are included in the annual subscription), and monthly/quarterly check-ins and advisory. (Depending on the client’s typical refresh interval and assessment cadence.) The client does regular monitoring, analysis, project identification and creation, savings tracking, and what-if analysis on market/inflation/project trends to identify new projects that the client wants to undertake. It’s designed for a Procurement department that is sophisticated enough to understand the power of spend analytics and use a modern tool to extract the insights it needs, but doesn’t have the manpower to do a lot of deep analysis work and/or any real data analysts on staff and wants help with the heavy lifting.

Implementation

Depending on the organization size and maturity, the initial implementation and setup will take anywhere from 2 weeks to 4 months from the kick-off meeting. The first step is for the client to provide the Anvil team with data exports for the previous years [they need at least 2 years, or the year-on-year analysis won’t work, for example] from all relevant systems (ERP/AP/I2P). Anvil then manually processes subsets of these to create training sets and verification sets for its traditional AI-classification engine, trains the models, runs the verification sets, corrects the model, repeats until high accuracy, and then runs the full data set. At this point, the client is engaged, remaining errors corrected, the model retrained, and then the system is delivered. Simultaneous to the training process, they work with the client to identify any special reports or customizations the client wants to the primary reports and dashboards and build them simultaneously. Once the system is rolled out, they do an initial training session, review the primary analysis and identify initial areas for analysis, set up the support processes and methodology for the regular (incremental) data updates, and determine the goals of the monthly/quarterly cadence meetings and future training sessions. Every cadence meeting will review the results of the last update(s), identify new suppliers, and identify new analysis of interest.

With respect to validation and cleansing, they will establish data standards and formats and ensure all data adhere to them, normalize and identify suppliers against their database (or a third party database if you have a subscription to one where they have, or can develop, an API) which has almost a million suppliers, validate key pieces of supplier information (such as tax and registration ids), and fill in key missing data elements if they have it (or identify missing data that needs to be collected).

Spend Analytics

Spend analytics revolves around Materiality, Growth, Fragmentation, and Churn. Materiality, defined as a measure of both the scale of your spend and how easy it may be to access, is all about understanding the category spend breakdown, where the most spend, and possibly the most opportunity, is. Growth identifies which categories are the fastest growing (or fastest shrinking) in terms of your spend, and helps you identify where you may need more contracts, monitoring, control, or even (key) supplier development to reduce spend. Fragmentation, which measures how fragmented your spend is in each category compared to the average fragmentation that has been identified through thousand of engagements undertaken by 4C and Anvil Analytical, helps you identify [with color coding that show 50%, 75%, and 90% thresholds] where there is likely significant opportunity through consolidation (or significant opportunity to reduce risk if fragmentation is too low). Churn measures how much spend is being gobbled up by new suppliers in a category and helps you identify where you may need to introduce competition or innovation to keep costs down. This is summarized on one of the primary dashboards included in spend analysis – Deep Dives. Each of these area can be drilled into. For example, drilling into a materiality category from the main deep dive dashboard will give you your overall category spend, supplier count, high materiality supplier count, medium materiality supplier count, spend per business unit, spend per country, supplier spend per business unit, and so on. (And from here you can dive into just the higher materiality suppliers, or just one, and get the relevant insight.)

Like every other spend analysis tool, the entry point is the Summary Dashboard that summarizes your spend, on contract (if you have the contract [sub] module), supplier count, on PO, invoice count, average payment time, consolidation percentage, on-time payment, spend by L1 (top level of the) category (hierarchy), by business unit, by country, overall spend growth summary, and top X suppliers. Each of these can be drilled into for more detail. There’s also an insights dashboard that will give you, for a category, the materiality rating, growth rating, fragmentation rating, churn rating, and opportunity rating. Key insights and observations across each area (based on insights from Anvil’s market-intelligence modules, anonymized recent 4C project results or recent 4C insights, or market partners) are also included, as well as a breakdown by country, the likely chance of success against the main procurement levers (compete, consolidate, demand, or collaborate), and a Pareto analysis. It also highlights the top 5 opportunities based on spend and likely savings potential (based on market intelligence and/or a variance analysis), supplier growth by threshold, inflation impact, and index sensitivity. Finally, you can drill down to line level transactions if needed, or search for, and bring up, summary reports on any supplier in the system.

Contract Analytics

We’ll cover contract analytics next as it builds on spend analytics. In the Anvil platform, contract analytics is another set of dashboards that works off of contract metadata, which would be loaded during implementation and then updated in the regular refreshes. (Note that if you happen to be using one of their partner contract management solutions, they already have pre-built APIs and the loading of this data will take minutes. If your CLM has an API for metadata, they can build an extraction facility to extract that data as a service, and if not, they can work with flat-files as they do with spend.)

Contract Analytics is essentially another (set of) dashboard(s) and reports but focussed on breaking down spend by contract. The main dashboard will breakdown spend by on-contract vs. off contract, % category spend > XK (default 250K) on contract, suppliers on contract, expiring in the short term (3 to 9 months, for e.g.), contracts by business unit, and suppliers with > xK (default 250K) spend with no contract. Other relevant measures can be easily defined on implementation and, of course, all summaries can be drilled down to the line level. Since it’s essentially just another dimension of spend, we’ll conclude our high-level summary of it here.

Carbon Management

The Anvil Carbon Management platform was designed to help a company assess the scope 3 emissions of the goods and services they buy, segment the supply base as needed to support the different engagement approaches needed to maximize reach and results, support decisions when scores for tenders are carbon-adjusted, and determine B-corp accreditation based on carbon-based market ability.

The main entry point to the Carbon Management module is the Carbon Baseline Dashboard that allows you to drill into the spend carbon baseline, quantity carbon baseline, carbon insights, and carbon project tracker. The spend carbon baseline will give you your spend-based carbon footprint, your supplier count, and invoice count. It will break it down by Level 1 Category, Level 2 Category, and Level 3 Category. It will give it to you by supplier, by country, by business unit, and display the monthly totals relative to the supplier count. The supplier spend vs. carbon footprint breakdown can be particularly insightful when you find out that your top supplier with 5% of your spend only contributes 1% of your carbon footprint while your 11th place supplier (not included in the Top 10 report) that only accounts for 1% of your spend contributes 15% of your carbon footprint. It can happen, since carbon production is directly tied to the product/service — certain extraction and manufacturing activities are way more carbon intensive than others, and, even worse, depending on the technology being used, there can often be a 5X to 10X difference between traditional approaches and new techniques that only a few extractors/manufactures use. For example, in the EV industry, the production of a battery can produce anywhere between 2,000 and 16,000 kg of CO2. That means a poor process using materials from dirty raw material extractors can produce 8X the amount of carbon that needs to be produced. Now, it’s likely that in the automotive industry a battery supplier would be a top 10 supplier, but it might not be as obvious just how much carbon is in that Scope 3 battery supply chain vs. the steel supply chain or the electronics supply chain for the control system.

The quantity carbon baseline allows an organization to focus in on new carbon emissions between two points in time, scope 1 vs scope 2 vs scope 3, the measured % (vs estimated from third party sources), and the breakdown by business unit, country, supplier, and combination thereof.

The carbon insight dashboard allows you to drill into a summary of your carbon (project) pipeline and expected carbon savings, vs. carbon savings realized in categories in which you have undertaken improvement activities and marked such in the system (with a start date). You can drill into the forecast, the projects by status, and (potential) by business unit. The corresponding carbon savings dashboard allows you to see the carbon savings you’ve realized over time as a results of projects that have already started delivering results.

For the Carbon Management module to be a success, the organization needs to have data for each level 3 / level 4 product or service purchased. Most organizations won’t have this, and nor will their suppliers, but Anvil will work with you to produce the figures using average carbon production for the industry, category, and region using the appropriate carbon data source which may include, but is not limited to, the ONS (UK), Carnegie Mellon (USA), Project Carbon (France), and other sources they, or you, have access to that may be more accurate. This data will be updated on regular intervals when more accurate estimates and/or actual emissions tracking becomes available for a supplier, methods change as a result of development projects, or suppliers make extraction or production improvements on their own.

Note that use of this module could require significantly more services than the other modules as spend and contract analytics are more-or-less cookie-cutter, risk management is based on standard measures, and the market inflation & analytics offering is also based on market data, 4C & Anvil Analytical project results, and anonymized data from their e-Sourcing partners (which include Market Dojo and Unit4 Scan Market).

Risk Management

Once you have a grip on your carbon/GHG, you can get a grip on your risk. The risk management module tracks location based risks by country and allows you to determine the location-based risks of a supplier based on the country they are in and the risks associated with transport based on the route(s) available between an origin, intermediate, and destination country and the transport method chosen (as the risks are different for truck, rail, air, and water). When you select a country, or a set of countries that would represent a transport route, it will give you, for a slew of major risk factors, a risk score, origin rank, and total rank. These risk factors include factors such as:

  • carbon factor
  • economic quality
  • education
  • electric grid emissions
  • enterprise conditions
  • global slavery
  • governance

The idea is to provide you with a foundation on which to identify which Environmental, Social Responsibility, and Governance factors may be the most relevant to consider for a supplier, based on their location and the trade routes available to you from their location to your consumer market. This could allow you to short circuit an analysis (as you can quickly identify the most likely high risk factors that might eliminate the supplier from consideration). The data comes from 1500+ different open/publicly available sources that include the corruption perception index and transparency.org.

In addition, with the risk management module you will also get a set of risk-based spend management dashboards which profile an organization’s spend and show the likely types of risk associated with these areas.

Market Inflation & Analytics

The market inflation & analytics module provides category specific inflation projections with geographic variances to allow an organization to identify the categories where their costs are likely to rise, determine the projected spend uplift, dive into the sensitivity of each category (against a single inflation point), and, most importantly, counter supplier price increases when there is no data to support the increase.

The platform tracks over 1,000 commodity prices using indices from markets, banks, national bodies, and commodity markets and contains detailed forecasts for almost 100 commodities. The buyer can also drill into CPI Data, PPI data, SPPI power, ONS data, FRED data, Bureau of Labor Statistics data, IMF data, and Worldbank data.

The most interesting parts of the offering are the Market Insights and Buyer Power. The Market Insights integrate category risk weightings, weightings by subject matter (such as human & labour rights, business conflicts, health & safety, service performance, diversity, environment, etc.), and deep dices into constraints, drivers, opportunities and challenges from a demand/risk perspective and trends from a low, medium, high perspective which provide interesting insight into growth, models, inflation, or other factors. You can drill into a regional market and see its size, portion of global market, regional growth rate, global growth rate, average supplier maturity, average buyer maturity, and a Porter’s Five Forces analysis.

Buyer Power allows you to drill into the relevant data around buyer power vs. supplier power, which supports the Procurement levers widget in the summary dashboard (if you have the market inflation module). This insight is unique as it is based on the results of recent, anonymized, sourcing events from the client base of Anvil and its Sourcing Partners and allows you to see the expected results vs. (forecasted) inflation in the category.

Project Management

Project Management is one of the newest modules and accompanies the suite-wide UX update that is being released in December, 2023. It is standard GANTT-based project management for savings and carbon project management that integrates with the analytics and carbon modules so that an organization can also track savings/reductions over time. When we say standard capabilities, we mean that you can allocate resources, manage approvals, define tasks and milestones, track progress, get real-time updates and reports, drill into the project data, and customize it to your organizational processes. There’s nothing unusual, unexpected, or uncharacteristic, but that’s typically what you want for a project management tool.

Services

While Sourcing Innovation is focussed on products, we will note that Anvil also provides sourcing & savings project management on demand, and will manage its partner companies who execute the event for you as well as extract all of the relevant event data and push it into your systems as appropriate.

So if the hammer must fall, consider bringing it down with the Anvil’s support. It’s a solid service-oriented spend-analytics solution that can start you off with the carbon, risk, and market insights you need as well as provide a baseline of services to help your Procurement team mature in their analytics skills and get going quickly.