Category Archives: Compliance

Can You Solve the Compliance Challenge?

Regulatory compliance is usually defined by an organization’s adherence to laws, regulations, guidelines and specifications relevant to its business.

There are two primary categories:

  • Internal compliance that focusses on the policies and procedures of the organization (which must be followed to insure SOX compliance) and is focussed on personnel and procurement
  • External compliance that focusses on the (government) legislation and agreements that govern the operation of the organization and falls into the categories of:
    • financial/operational
    • import/export
    • environmental
    • private data / worker’s rights
    • insurance / liability

Non-compliance can be a very costly situation for an organization to find itself in as it can cost an organization hundreds of millions of dollars in some cases. Consider the following costs of external non-compliance:

Financial

  • SOX violations can cost up to 5M per violation; even Deloitte, known for its audits, had to pay 2 Million for a SOX violation
  • Anti-bribery violations have no ceiling; Aon paying £ 5.25 M in 2009, Wills Limited paying £ 6.9 M in 2011, and Macmillan Publishers paying £ 11.26 M in 2011
  • FCPA violations don’t have a ceiling either; Weatherford International paid $152.6 M in 2013, Alcoa paid $384 M in 2014, and Siemens paid $800 M in 2008

Import/Export

Meggitt paid 25 M in 2013 to settle charges of AECA & ITAR violations, Standard Chartered Bank paid 132 M in 2012 to settle charges of OFAC sanction violations, and ING Bank N.V. recently paid 619 M to settle charges of several OFAC sanction violations

Insurance

In 2012, Wal-Mart paid $8M to settle a workers’ compensation class action settlement, and in 2010 a jury awarded $82.5 in a workplace death lawsuit

Lack of compliance costs. Dearly. Why is there a lack of compliance in most organizations? Lack of knowledge, policy, visibility, analysis, and procurement technology. Knowledge can be addressed with training. Policy can be fixed with planning. But visibility, analysis, and procurement fixes require technology.

What kind of technology?

Supply Chain Visibility, Spend Analytics, and a Procurement Marketplace that captures, tracks, and maintains an audit trail of all of the relevant data to insure SOX and FCPA are not violated, import and export restrictions and requirements are adhered to, and that suppliers comply with insurance and regulatory compliance.

To find out how a Procurement Marketplace helps your organization solve the compliance challenge, reduce maverick spending, and enable organizational growth, download Sourcing Innovation’s latest white-paper on The Procurement Marketplace and The Power of Compliance (registration required), sponsored by Vinimaya.

It’s Illegal to Burn Money, But Yet Your Organization Does It Every Day! (So Find Out How to Do Something About It!)

Title 18, Section 33 of the United States Code says you shall not mutilate, cut, disfigure, perforate, unite or cement together, or do any other thing to any bank bill, draft, note, or other evidence of debt issued by any national banking association, Federal Reserve Bank, or Federal Reserve System, with intent to render such item(s) unfit to be reissued and if you do, you can be fined or imprisoned for up to 6 months. But yet, every day, organizations everywhere collectively flush billions of dollars down the drain, overpaying suppliers, including foreign suppliers, millions of dollars that can not be recovered and reissued by the organization for other business purposes.

If it wasn’t for the fact that the vast majority of these organizations don’t intend to overpay and waste money, since this money (and evidence of debt) flows through the American banking system, I would otherwise be inclined to argue that, technically, this gross incompetence in management of corporate funds is criminal.

For proof that the average organization wastes money, we simply have to look to the audit recovery industry which recovers, on average 1% to 1.5% of annual spend. And, typically, this is just what they can find with a quick, mostly manual, review of the top n suppliers that account for 2/3rds (66%) to 3/4ths (75%) of external organizational spend using a very loose interpretation of the 80/20 rule. And that’s just overspend. What about spend that should never of happened in the first place (because it was off-contract and 15% higher than contracted rates)? Or unrecoverable losses due to a key supplier not having mandatory insurance policies in place? Or gross violations of the T&E (Travel & Expense) policy (that border on criminal malfeasance) where the VP of Sales decides that a dinner costing 2K / head at the local strip club is a valid use of the organization’s P-Card?

But most of these situations are easily preventable by a Procurement system that is designed to not only enforce compliance, but make it easy. To find out how, check out Sourcing Innovation’s New White Paper on The Procurement Marketplace and the Power of Compliance (registration), sponsored by Vinimaya.

Procurement Trend #24: Better Governance Model

Twenty-one dreary, and weary, trends still need to be discussed, so let’s keep the fire burning. The sooner we get through these, the sooner we can expose these charlatans once and for all.

So why do so many historians keep pegging this as a future trend, and keep poor LOLCat regressed in his past life? There are a number of reasons, but among the top three today are:

  • models may be few but most organizations don’t use the right one

    and even those organizations that have selected the right model don’t always apply it properly

  • compliance regulations make governance critical

    since SOX can put you in the Box with Fox!

  • investors want a return
    and they know a lack of governance won’t give them one

So What Does This Mean to You?

Governance Model

De-Centralized, Center-Led, Centralized, or Control Tower — which is right for your organization? The answer is all of them, depending on the situation.  For example, snow-clearing services should probably be de-centralized as it makes no sense to run them out of Houston, Texas or San Jose, California. IT Support should be center-led, as regional providers will probably give you the best price. Global contracts for your core product production should be centralized, as you need the volume for leverage and you need good supplier management. And it’s likely that a Control Tower model will be needed to manage the proper application of each model to each category it is suited to.

Fox in the Box

SOX can put your CEO and CFO in the box with fox if your company doesn’t make an acceptable effort to comply with the Sarbanes-Oxley Act of 2002. But this isn’t the only regulation that can get your company in hot-water. Labour regulations, environment regulations, etc. can all put your company at risk with unlimited (legal) liability in some cases. So companies have to make sure that the governance model takes into account compliance and supports the collection of all necessary data to insure that the organization doesn’t go foul of SOX or other regulations that could get it in hot, hot water.

Greedy Investors

They want a return and won’t be satisfied until they get one. And unless you can convince them that you have things well in hand, you’ll have a group of very clingy monkeys on your back, weighing you down. So you want to make sure that you have good, documented, governance procedures that will keep them happy and keep hundreds of pounds of monkeys off of your back.

The Procurement Marketplace and the Power of Compliance

When it comes to Procurement, compliance is very important.

  • Non-Compliance with contracts is the biggest reason that 30% to 40% of negotiated savings never materializes.
  • Non-Compliance with standards and regulations often results in poor product quality, unusable inventory, or, even worse, seizure of goods by customs.
  • Non-Compliance with insurance and financial regulations could leave you on the hook for million dollar lawsuits and your CEO and CFO on the hook for criminal charges.

Compliance is also very hard to enforce in the average organization because your resources, time, and visibility is limited and it’s easy for anyone and everyone to fly under the radar whenever and however they want to.

But there is something you can do about it.

The Power of Compliance To find out, join Sourcing Innovation and Vinimaya at 13:30 PDT / 16:30 EDT / 20:30 BST this Thursday, October 16 for our webinar on The Procurement Marketplace and the Power of Compliance, hosted by Don Carrington and the doctor, where we will fill you in on how you can go about improving your organizational compliance.

Attendees will be the first to receive Sourcing Innovation’s New White Paper on The Procurement Marketplace and the Power of Compliance. Register now for The Procurement Marketplace and the Power of Compliance and get a leg up on your competition!

HICX Solutions Wants To Buy You A Shiny New Pair of Shoes! Part III

In Part II of this series we not only noted that HICX, which stands for Harmonize, Integrate, Control, and eXchange, is a relatively new SIM offering on the market (even though it has been in development since 2004), addresses the classic SIM sweet-spots, but also hits a few new ones. Not only does it include on-boarding and an integrated supplier portal like classic SIM, and more than adequately address Performance and Compliance Management — mainstays of current SIM platforms, but also goes beyond to offer a complete Master Data Management (MDM) solution for your Supply Management operation.

But that isn’t the only trick it offers. As hinted at in Part I, it not only allows a user to define, and redefine, data models as necessary but define, and redefine, workflows as necessary to allow an organization to not only accommodate new product demands but adapt to new technologies and new business requirements as they arise. These new tricks are not to be underestimated. While a number of platforms allow you to extend and augment the data model, most do not allow the data model to be extended after the fact, and those that do require all existing elements to have the new property defined, or at least defaulted (to a default or a value that represents a not-yet-defined value).

In contrast, the HICX platform allows the data model for any element to be updated at any time by any user with authority, and since the HICX platform supports versioning with all data elements of the data model, no existing elements are impacted or need to be updated since the data (element) model is loaded with each data element and each data element is validated against the (element) model it was created with. (Once the data element is loaded, the user can add any additional elements required to update the associated data model, if desired.)

But that’s not the best trick that the HICX platform has to offer. The best trick is that the platform allows the workflow to be updated at any time by any user with the authority to do so, even if the workflow is being used in an initiative currently in progress — such as an on-boarding, compliance, or performance improvement initiative. This is because the platform not only versions data models, but workflows that drive the product and initiatives. If, during an event, the event administrator notices that that the workflow is causing problems for the suppliers and can be simplified, or notices that the information being collected is not what was expected, the administrator can simplify the workflow or add additional, mandatory, data requests. Suppliers who have already started the workflow will be able to finish the current workflow, and can then be sent a request for additional information by the administrator (who can limit the request to suppliers on the older version of the workflow) but suppliers who did not begin the initiative before the update will start on the new workflow.

But the real power of the workflow management capability is the ability to change registration, data collection, and performance measurement workflows (and associated data element models) when suppliers change, products change, and evaluation methods change. Traditional SIM platforms decline in usage because they can’t keep up with changing business requirements and user needs. But with the ability to update workflows to match the business needs at any time, using an integrated visual workflow designer, the HICX platform insures that SIM is always relevant and current. It’s the new trick that most SIM platforms have been missing.

Other tricks include:

  • Dynamic Dashboards

    like any good SIM product, the HICX platform supports user dashboards, but doesn’t stop at one dashboard per user — the user can create as many dashboards as he or she wants and customize them to specific purposes — compliance, performance improvement, on-boarding, insurance, etc.; the tool includes a sophisticated dashboard designer that allows a knowledgeable user to design a dashboard that is actually relevant to the initiative at hand (which can be focussed on non-compliance, non-performance etc. — since we all know that dashboards that report success are dangerous and dysfunctional)

  • Advanced Search

    that allows the user to search for any data element using any fields, and filter using any set of fixed values (lists) and related elements; these searches can be used to define supplier sets for initiatives, using as many dimensions as necessary to get it right

  • User Defined Escalations

    that allow the user to define multiple levels of automated escalation during initiatives, where each escalation can occur at a different interval and be targeted to a different group or individual

These aren’t all the tricks the platform has to offer, but they are most of the tricks of note that serve to distinguish the HICX platform from the other SIM products on the market. If you’re on the market for a SIM solution, you should definitely take a look. The name and website might be a bit non-descriptive, but the tool certainly isn’t.