10 Great Questions to Pre-Qualify a Vendor Before Onboarding for a Deep Dive, Courtesy of Certa

A recent article in the SCMR by Jag Lamba, the CEO of Certa, a Third Party Risk Management (TPRM) vendor headquartered in California and focussed on compliance, risk, and ESG had some very good questions to ask before engaging with a US vendor, but some of them were very US-centric and others took a platform based approach. (You certainly need a platform, but certain areas, like security, go beyond the platform.)

But if we generalize these questions, they are relevant for everyone, and make it clear why you need a Third Party Risk Management (TPRM) platform that goes just beyond key suppliers/vendors, and beyond product and service needs. (And if you’re wondering what you need a TPRM, check out Part 4A and Part 4B of our new Source-to-Pay+ series where we are currently focussing on Risk Management.) They’re also industry independent and can allow you to short circuit a time-consuming industry (product/service) specific diligence because if the third party fails any of these questions, why would you bother going deeper? Just move on to the next contender!

  1. Does the vendor meet the needs of its customer base?: Any major negative news headlines? Any drops in financial performance? Any grumblings on Glass Door? Any of your counterparts in local groups or associations using them and bad mouthing them?
  2. Does the vendor have the operational capability AND capacity to serve you?: If you need a modern machining process or a vendor who can produce a minimum of a million units, don’t bother with any vendors that don’t have the process or can’t produce a million units.
  3. What financial and sustainability reporting process are they subject to? : The best way to ascertain their ability to stay compliant with financial and other regulatory (like ESG) requirements is to review the government reports. (They may [white] lie in their marketing, and then claim you misinterpreted, but they’re not as likely to lie to the government who could fine them, criminally charge them [in some countries], or shut them down.)
  4. How do they approach security?: Not just cyber security, but facility security, personnel security, and information security. Over half the attacks come from the cloud because it’s easy when you leave a security hole, hackers don’t have to leave their basement, they can attack you half a world away, and face no repercussions because there are no extradition treaties and the local authorities just don’t give a f*ck if they aren’t doing any criminal activity in their country. But when that fails, their local counterparts try to break into the facilities — if the vendor stores unsecured physical copies of critical IP, local backups of sensitive IP on unsecured USB/Zip/Thumb drives, or a lot of money on site — all someone has to do is walk in with a workman’s uniform, enter the backroom to check the wiring when no one’s in it, stuff something in their workbag or pocket, and, buh-bye. If your personnel are not trained to detect social engineering attempts, then someone’s going to have a little chat with them, something like “Hi, what do you do? Oh, is that your doggie in the picture, what’s your doggie’s name? My doggie’s name was Scooter. You know it’s my birthday tomorrow. I’m a Scorpio. What about you? So you were born in 1979 and you’re a goat like me in the Chinese zodiac? Cool! Hey, you know that I was just reading that most people use their birthday and pet’s name as a password. I thought it was only me. What, you do too? Aww, so cute. Well, nice meeting you.” Network access granted! And then if you’re not ensuring all personal, confidential, or sensitive IP is clearly marked, only stored in locked filing cabinets, always encrypted, and those files only on secure, encrypted, network drives, hackers are going to easily find those files accessible from limited access accounts with weak-passwords accessible by brute force.
  5. Do they do business with any entities sanctioned in your country?: If so, they are probably a no-go. You don’t want to be only one degree of separation removed from a sanctioned entity. (And, of course, they shouldn’t be sanctioned — because you shouldn’t be considering them at all if they are!)
  6. Would you have a backup plan if their suppliers or partners they relied on got sanctioned?: i.e. if you need to locate a complete production line in one geography, and there is only supplier of a key raw material or part in that geography, maybe you’re looking in the wrong geography
  7. What is their viewpoint on diversity?: great suppliers encourage diversity and look for good people that represent the entire cross-section of humanity in the area in which they operate; they don’t have arbitrary goals or the one Token black in the C-suite to check a box; they hire all races, cultures, religions, ages, etc., train them all, and then promote the best (and, over time, they build a diverse management team)
  8. Are their objectives aligned with your objectives?: If your objective is quality and distinction for the wealthy, and their objective is cut costs no matter what, they are probably not the supplier for you.
  9. Do they have a sustainability program. And is it sensible?: In some jurisdictions, they not only have to report down to “Scope 3”, but stay within a limit for overall emissions, or get in (financial) trouble (with fines, etc.). And if you have to report as well for doing business with them, or to satisfy the regulatory requirements of a region you operate in, and they can’t report to you, that’s not good. Not good at all.
  10. What level of risk will they add to your business?: If you’re happy with the answers to the first 9 questions, before you dive deep into certifying their products and services, their production lines and capacities, etc., ask this first. If the risk is too great in general, it might be a no-go before you start. And this is why you need a comprehensive TPRM platform to do a preliminary assessment.

And yes, Certa is one platform that might be able to help you, and one you should add to your RFP invite list if you don’t have a TPRM. We will note that they’re not the only one (and this could be relevant if you are in the EU and need a local provider), and that we’ll list others in Part 10 of our Source-to-Pay+ series, but close by stating that you should not overlook Certa. They’ve been around for a decade, have raised over 50M, likely integrate into whatever you’re already using in your Source-to-Pay process (with integrations to 100+ platforms and data feeds), have pre-built solutions for Compliance / Risk / ESG, and have a number of Fortune 500 clients.

Grading The Prophet on His Supply Chain Predictions …

Hopefully you’ve been paying attention over on LinkedIn as The Prophet has been sharing his predictions for the Procurement and Supply Chain space for the coming year as the vast majority are right on the money.

When the series is done, the doctor will discuss each prediction in more detail, but for now, he’ll just direct you to the articles so you can catch up before The Prophet completes the series and you miss possibly the best intelligence on what is coming your way in 2024 (and what you need to consider if you are going to be anywhere near prepared for it):

Current Grade: A!

It Was Nice to See Procurement Get a USA Today Headline, But …

… it would be nicer still if the article made any sense!

Last month, the USA Today ran an article on How to Optimize the Procurement Lifecycle of Your Business that gave the doctor hope that maybe Procurement would get a sliver of the just desert it deserves. But, alas, the article was yet another example of how the big publications don’t care, don’t actually verify the content, and allow whatever big company gets their attention to push their agenda.

Because SEO has no place in any article on “How to Optimize the Procurement Lifecycle of Your Business”. Sales cycle, maybe. But Procurement cycle? Not a chance!

Let’s back up.

The article starts off by noting that understanding the procurement process is vital to improving cost efficiency, ensuring quality procurement solutions, and staying compliant with regulations, which is all true, and all critical to any business (among other things, but you can’t overwhelm the average reader who’s likely not a Procurement expert). It also notes that the procurement process is fraught with complexities and challenges which is also true, and also critically important for a non-Procurement person to understand.

Then it says that optimizing the procurement process entails the use of modern technologies, insights, and strategies, which gave the doctor hope that maybe it would help an average user understand what kind of technologies the organization needed, what insights the technologies should provide, and what types of procurement strategies the organization might want to consider.

But instead of actually providing these key insights it goes on to say that inefficiencies in procurement management can lead to increased costs, delayed deliveries, and compromised quality, which, while also true, is not that helpful at this point (and should have been listed as examples of the complexities and challenges highlighted above). It used this as a lead in to how modern point-of-sale (POS) systems are instrumental in dealing with inefficiencies, WHAT THE HELL?, which is used as a lead in to a whole section on digital transformation: incorporating SEO for Procurement Optimization, WHAT THE FUCK?

A POS solution is NOT a Procurement solution, and it’s certainly NOT instrumental in dealing with inefficiencies in Procurement management. Procurement is about acquiring the product an organization needs when — and where — it needs it. While a modern POS system can push roll up data into the inventory management system which, in turn, can generate forecasts to feed Procurement, a modern POS system is not necessary because all Procurement needs is sales projections, and if the delivery timeline from the source in Bangladesh or Shanghai is 45 to 60 days, it only needs 60 days of granularity, not sales data by the hour! Logistics will need that granularity to do finer forecasts to push stock where it is needed before it is needed, but NOT Procurement.

But the cardinal sin of this article is claiming that incorporating SEO techniques into the digital transformation strategy of the business can add another dimension to procurement optimization. No NO NO NO NO! The article claims that with SEO techniques, businesses can reach out to a wider pool of global suppliers, which is completely false because THAT’S NOT HOW SEO WORKS! SEO helps people doing searches find sites that match certain keyword searches, and, thus, would only work if the potential supplier has a sales person who is actively using the internet looking for new customers, who is using the keywords that the site has been SEO’d for, and who is searching in the organization’s language and in the organization’s geography (as most search engines prioritize same language results in the region). In other words, the chances of a supplier you might actually consider finding your SEO-optimized site and reaching out to the right person at your organization is only slightly better than you winning the grand prize in a mega-millions lottery.

The proper solution for finding new suppliers is a supplier discovery / network solution like
Apex Analytix,
Graphite Connect,
MFG,
Onventis,
Promena,
ScoutBee,
Supplhi,
supplier.io, and
Tealbook.

NOT SEO!!!

So, even though Procurement is the life blood of the business, when it comes to mainstream coverage, Procurement Don’t Get No Regard, No Regard At All!

There is a Price of Relocating to “Friendly Countries”, but There Are also Corresponding Cost Reductions

A recent article in El Pais on the price of relocating factories to ‘friendly countries’ noted that according to the European Central Bank (ECB), 42% of the large companies in the Old Continent that it has recently surveyed have resolved to produce in allied countries as a means of reducing risks. However, this relocation carries economic consequences, and international institutions — such as the IMF and the ECB — warn of its impact on growth and soaring prices.

The article is right. Some prices will go up as countries move out of countries in, or likely to engage in conflict, both of the physical (war) and the economic (closed borders, significant tariff increases, rolling lockdowns, etc.) variety, and move to more “friendly” countries. (As far as SI is concerned, it shouldn’t just be “friendly” countries, it should be “friendly countries close to home”. At least companies are realizing that China and/or the lowest cost country is not always the answer when that answer comes with risks that, when they materialize, could lead to skyrocketing costs and losses that dwarf five years of “savings”.

Furthermore, even though 60% of those contacted said that changes in the location of production and/or cross-border sourcing of supplies had push up their average prices over the past five years, this hasn’t been true across the board, it doesn’t have to be true, and some of those could still see savings as they optimize their new processes, methodologies, and supply chain network. (Changes don’t reach full efficiency overnight, and sometimes it is two or three years before you can optimize a supply chain network due to existing contracts, infrastructure, etc.)

Why are costs (initially) going up for many companies?

  • wages: many of the “friendly” countries are more economically mature, or advantaged, with a higher standard of living buffered up by higher wages / better social systems
  • utility charges: in “friendly” countries that are using newer, cleaner, sources of energy or limiting energy production from burning (coal, oil, natural gas) have energy costs that are often higher as the initial infrastructure investment has not been amortized, water costs could be higher if more processing inbound or outbound is required, and so on
  • production overhead: chances are that the factories are newer, required a large investment that isn’t anywhere close to being paid off yet by the owner, and you’re paying a portion of the large interest payment to the investors/banks as part of the overhead

However, it’s important to note that:

  • productivity: will go up when you move to a locale where the workforce is more educated and skilled and is better able to employ automation and modern practices, and thus gets more efficient over time, countering the initial wage increase
  • energy costs: will reduce over time as a solar farm or wind farm can produce renewable energy for decades, with the initial investment often being paid back within one third to one quarter of that time; as a result, energy prices should remain flat(ter) over time than in the locales where they are still burning dwindling fossil fuels (which rise every year in cost) and have not yet invested in renewables
  • overhead: will decrease once the investments are paid back (and the interest payments are gone), which means it can stay flat as other production related costs rise (compared to older plants which will eventually reach a point where the revitalization investment becomes significant on a regular basis)

In addition to:

  • logistics costs: will reduce when you choose a friendly country closer to your target markets (since most freight is ocean freight on fossil fuel burning cargo ships)
  • disruption costs: will reduce as less risk translates into less (costly) disruptions over time

So while costs may go up a bit at first, at least relatively speaking, they will go down over time, especially as network and process optimizations are introduced and obtained from experience with the new network, suppliers, and technologies.

Sourcing Success in these Turbulent Times Require Long Term Planning and Cost Concessions

In a McKinsey article a few months back on How medium-size enterprises can better manage sources, McKinsey said that small and medium-size enterprises often struggle to find Procurement cost savings. Yet there are ways to do it while still pursing growth and providing a superior customer experience. The article, which concluded with an action plan for procurement cost savings, recommended:

  • establishing CoE teams
  • improving forecasting
  • expanding (the) use of digital procurement tools
  • gaining greater market intelligence
  • establishing a culture of — and process for — continuous cost improvement
  • incorporating supplier-driven product improvements

which, of course, are all great suggestions, and mostly address four of the five reasons that McKinsey give that prevent companies from reining in spending, which included

  • a lack of spending transparency (which would have to be corrected to improve forecasting)
  • talent gaps (which can be minimized with the right tools, market intelligence, and CoE teams)
  • underused digital tools and automation (which is directly addressed by using more of them)
  • exclusion of procurement and supply chain in business decision (which would hopefully be a byproduct of a corporate culture for continuous cost improvement that only happens when procurement and supply chain is not involved higher up)

but the fifth is largely unaddressed — the myopic focus on the short term which McKinsey claims could be addressed by putting more effort into planning and forecasting. But that doesn’t solve the problem.

Better forecasting will allow for longer contracts to be signed for higher volumes, which can lead to long term strategic supplier relationships, and better planning can allow this to happen, but this does not completely address the need for long term planning.

Supply Chains today are not the supply chains of the last ten to twenty years.

  • rare earths are even rarer
  • many critical raw materials are in increasingly limited or short supply
  • transportation can be unpredictable in availability and cost; even though most of the world declared COVID over in mid-2022, China still had mandatory lockdowns, ocean carriers scrapped many of their ships for insurance (and in some cases, post-panamax ships that had never made a single voyage), airlines furloughed too many pilots who found other jobs or just flat out retired, and the long-haul trucking in North America (the UK, and many first-world countries) has been on a steady decline for over a deacde
  • ESG/GHG/Carbon Requirements are escalating around the globe and you need to be in compliance (both in terms of reporting 1/2/3 and ensuring you don’t exceed any caps)
  • human/labour rights are escalating and you have to be able to trace compliance down to the source in some jurisdictions; you need suppliers who insist on the same visibility that you do
  • diversity is important not just to meet arbitrary requirements for government programs or arbitrary internal goals, but to ensure you have the right insight and expertise to solve all types of problems that might arise

And you can’t effectively address any of these problems unless you think long term AND accept that some of the solutions will cost more up front.

  • In mid November, the trading price for Neodymium (a rare-earth that is critical for the creation of strong permanent magnets, which makes it possible to miniaturize many electronic devices, including the [smart]phone you might be reading this on) was over $87,000 USD/mt. In comparison, hot roll steel was around $850 USD/mt. In other words, Neodymium was 100 times more expensive than steel. And while you can still buy steel for about the same price you could 10 years ago (it was around $900 USD/mt), Neodynmium is almost $20,000 more (as it was around $69,000 USD/mt in November 2013). It’s not the only rare earth to increase about 26% in 10 years, with further increases on the horizon. You need to have a strategy to minimize your need (which could include product redesigns that use more sustainable alternatives or recycling strategies that use recovered materials from older phone models). And when it comes to recycled materials, due to a historical lack of recycling efforts, or research into technologies to make recycling efficient and cost effective, recycled materials are almost always more expensive at first. Always. But as adoption increases, plants, technologies, and processes get more efficient, and the cost goes down (while, at the same time, raw material prices for materials in limited supply continue to go up). In other words, if you want to mitigate the ever-increasing costs for rare earths and other materials that are in limited supply, you have to incorporate the use of recycled materials, and maybe even invest in your own plants (and recycle your own phones you buy back because it’s cheaper just to buy them back and extract the rare earths yourself than buy the recycled rare earths from someone else).
  • Global trade is costly and unpredictable. Supply assurance is finally dictating near-sourcing and home-sourcing (which SI has been advocating for almost fifteen years, as inevitable disaster was the logical conclusion of outsourcing everything to China as eventually a pandemic, global spat, natural disaster, or other event would send shockwaves through the world when it severely disrupted the trade routes [because even though the chances of a pandemic, natural disaster on the scale of Krakatoa or the Valdivia earthquake, or another catastrophic event is minimal in any given year, over the course of a century, it becomes very likely]), and that is going to require re-investing in those Mexican factories (that worked just fine, by the way) you shut down twenty years ago, training appropriately skilled workers in low cost North American (or Eastern Europe) locales, and paying a bit more per unit (and even transportation until the carriers rebuild those routes). But in the long term, as global transportation costs continue to rise, and the local-ish resources get much more efficient (using the best technology we have to offer), your costs, and transportation risks, will go down while your competitor costs continue to go up.
  • if you don’t insist, and ensure, up front that your suppliers can report the data you need, how will you get it; chances are those suppliers need help and modern systems, which temporarily increase their operational costs as they install, integrate, and learn the systems; not more than a few cents here and there per unit, but a noticeable blip on the overall costs none-the-less
  • if you want suppliers that monitor their supply chain and insist on no slave/forced/child labour, appropriately treated and well paid labour, and, better yet, a community focus throughout the supply chain (so that the humans who mine the materials, harvest the food stuffs, weave the silk, or otherwise do the foundational work have a reasonable quality of life, health, and safety), you’re going to have to put the effort in to find them and the extra money to support them in their humanitarian efforts; since most of these workers in remote low-cost locales are paid pennies on your dollar, it’s another blip on the total cost to ensure they are paid every penny they deserve, but it’s still a blip; but you can’t afford not to do it if your jurisdiction has laws making you responsible for slave labour that later gets discovered in your supply chain
  • and while diversity shouldn’t cost more, since it’s the same number of employees, the reality is that the supply base embracing it could be a minority, and if these minority suppliers suddenly become in demand, market dynamics may kick in and they may charge a premium that your competitor will pay; but, as new challenges continue to arise, you will need the diversity to solve them; so, another blip in the cost you need to absorb

In other words, you need the long term focus to guarantee success, and you need to understand that, up front, it may cost a bit more. However, done right, your costs will decrease over time while your competitors’ costs skyrocket. So if you truly want success, in any high dollar, strategic, or emerging category, plan for the long term. And you will truly succeed.