Introduction

In our first instalment, we noted that the ambitious started pumping out 2025 prediction and trend articles in late November / early December, wanting to be ahead of the pack, even though there is rarely much value in these articles. First of all, and we say this with 25 years of experience in this space, the more they proclaim things will change … Secondly, the predictions all revolve around the same topics we’ve been talking about for almost two decades. In fact, if you dug up a Procurement predictions article for 2015, there’s a good chance 9 of the top 10 topic areas would be the same. (And see the links in our first article for two “future” series with about 3 dozen trends that are more or less as relevant now as they were then.)

In our last instalment, we continued our review of the 10 core predictions (and variants) that came out of our initial review of 71 “predictions” and “trends” across the first eight articles we found, in an effort to demonstrate that most of these aren’t ground-shattering, new, or, if they actually are, not going to happen because the more they proclaim things will change …

In this instalment, we’re again continuing to work our way up the list from the bottom to the top and continuing with “Risk & Compliance”.

Risk and Compliance

There were 10 predictions across the eight articles which basically revolved around “risk management strategies” with some sideline focus on the need for “resilience”, “cybersecurity”, and “compliance”. As with almost every “prediction” and “trend” in this series, this is yet another prediction that makes headlines every year, no more important this year than the last, and no more likely to get any more attention until a major event happens that significantly disrupts the organization, a disruption that could have been prevented with better risk management systems and processes. Before we discuss further, as is our custom, we will list the ten predictions.

• Blockchain
• Cybersecurity and Data Privacy
• Cybersecurity in Procurement
• Compliance
• Enhanced Risk Management Strategies
• Expansion of Risk Management Strategies
• Geopolitical Instability Shapes Risk Management
• Resilient Supply Chains
• Risk Management and Resilience will continue to be a Priority
• Risk Management

Risk has been increasing year over year for over two decades. It should be front and center in every organization, especially given the facts that very few organizations that have been around for any length of time haven’t been impact to some degree by a disruption event and the chance of an organization of any size not experiencing a disruption in the next year is close to zero. And it does make the top of the charts in the board room, but, unfortunately, it’s still not making the top of the charts in the priorities when it comes to new solution acquisition and new process introduction. In most organizations, it’s just being pushed down to the tactical personnel who execute daily tasks. Personnel who may not have enough of a big picture understanding to manage risk properly in their decisions.

However, given the need for resilience in the age of constant supply chain uncertainty and disruption (due to epidemics and pandemics; border closings and sanctions; strikes and port shutdowns; reduced cargo capacity from perfectly good transport ships being junked during COVID, Houthis in the Red Sea, and Panamanian droughts, trade wars, reduced/cut-off rare-earth/raw material supply etc.), risk should be even more prominent and more actively addressed. Leading organizations will double down on resilience and supply assurance strategy and survive the disruptions relatively unscathed, and those who don’t double down on resilience and supply assurance won’t. It’s that simple.

Given that almost ³/₄ organizations were hit with a cyberattack in 2023, which was an all time high and which was only projected to increase in 2024, cybersecurity concerns should also be at an all time high, but given that most organizations relegate that to IT, we know it’s not going to get much better in Procurement. It needs to, considering how much organizational finance flows through Procurement, but it won’t change much.

Finally, organizations know they need to comply with regulation, so compliance is always at the edge of the Procurement mindset, but beyond minimal requirements, it never gets much attention, regardless of how much a few analyst firms or vendors try to push it.

What Should Happen? (But Won’t!)

Organizations need to prioritize the acquisition of a Risk360 solution, or the closest thing it can find, implement it, and monitor it regularly to make sure they detect risks that can impact their supply chain or operation as soon as such a risk occurs. Not after the supply has been cut, not after the organization has been locked out of all their organizational systems, not after key customers have failed and orders evaporated, not after signing a contract with a sanctioned party, and so on. Today, every decision made has to be made risk aware. And without a centralized risk management system, that will not happen.

Six down, four to go!