Common Gaps in Procurement Processes

Joe (new to supply chain): "Sarah, why isn't procurement a bigger priority at my company [manufacturer]? I just don't get it." Me: "How much time do you have?" Joe: "17 minutes. I better stop responding to supplier emails and pay attention." Me: "I've spoken to thousands of supply chain peeps throughout my career. Issues I continue to see: 1. Not giving procurement a seat the table Manufacturers continue to view procurement as an isolated function, responsible for executing whatever the customer and manufacturing teams need. Procurement needs to be involved in customer service, product design and manufacturing. Every step of fulfilling the customer needs involves a material and supplier which procurement is responsible for. If procurement was involved, you'd create different products, you'd have happier customers and you'd hold less inventory. 2. Isolating customer service and procurement Customer facing teams need to have seamless collaboration with procurement. Most manufacturers start with a small order with a new supplier. Depending on the performance and customer service, they will then increase the order quickly. Being proactive in communicating with customers is such as easy way to differentiate and grow accounts. That starts with proactiveness on raw materials procurement. 3. Collaboration silos Finance teams need to pay suppliers. Planning needs visibility and accurate delivery dates. Management teams need to approve certain POs. Customer service needs visibility. Yet this is done on email chains, with everyone pestering procurement 'where's my order', 'where is my document', 'when will this order arrive'. The knock on effects of weak collaboration leads to systemic inefficiency, poor performance & competitiveness. You need better tools to collaborate internally & w/ the supply chain. 4. Not prioritizing procurement capabilities 40-60% of revenue is spent on procurement. And most have zero capabilities to manage that spend & ensure effective execution of the spend. Procurement teams are expected to handle it with no additional support. 5. Cost vs risk trade off That cheaper supplier will increase risk. When the risk does materialize, the cost will be 5x more than if you went with a more expensive, closer supplier with a better reputation. There are trade offs. Don't expect miracles with cheaper suppliers. 6. No smart approach to risk Procurement is your greatest source of operational risk and most have a weekly risk registrar on excel. You need better tools. These risks always show up on the P&L and balance sheets. But there's a time lag and its not direct so most don't realize the cost of the risk. If executive teams understood the costs, they would prioritize it immediately. Manufacturers need a sourcing strategy to minimize the risk before placing orders." ************* What have I missed? 🤔

Procurement does not get the same respect as other departments. It's clear why they don't. Did you know that 43% of procurement teams do not actively use market intelligence tools to monitor supply markets, leading to missed savings opportunities? 55% of organizations still rely on outdated tools like emails and spreadsheets for RFPs, slowing down decision-making and supplier selection. 67% of companies report that without real-time market research, they struggle to adjust procurement strategies during market shifts. 49% of procurement departments lack visibility into supplier risks across all tiers, reducing their ability to manage disruptions effectively. Many teams lack subject matter experts (SMEs), leaving them without the insights needed to negotiate competitive contracts for all categories. 🚧 These gaps show that without robust market intelligence, procurement teams risk inefficiencies, non-compliance, and value leakage. Why aren't more procurement departments investing in market research to drive better sourcing decisions and stay competitive? #marketintelligence #strategicprocurement #supplychain

Market research is central to procurement—understanding what things exist, how much they cost, what’s good. For perfectly legitimate—but regrettable—reasons, proper market research is uncommon, with contracting officers replacing it with a request for information (RFI). This makes bad things happen. Imagine your refrigerator is dying. You have to replace it soon. So you research. You look at Consumer Reports’ list of the best brands, see what your local store has in stock, inspect floor models, watch for upcoming sales, narrow down your options, and start reading reviews of models. You make decisions about ice makers and door styles and colors. You develop opinions about compressors and ice shapes and UV sterilization. You balance price, features, and availability, buying from the place with the best value. This is how procurement should work. But procurement staff doesn't know anything about refrigerators, so they publish an RFI saying “hey, appliance makers—tell us about fridges.” They wait for responses. Sub-Zero, Hotpoint, and Hisense are the only respondents, providing wildly varying recommendations. But they all agree that different types of drawers exist, ice dispensers exist, and that power use & dimensions are important. So the procurement staff tells the program and IT staff “we need a list of requirements about features, power use, and dimensions.” The program staff says “we want a fruit drawer, a fish drawer, a cheese drawer, an ice dispenser, and we want it in blue stainless steel.” IT staff says “we want it to be a height of 67"–70", a width of 36", and a depth of 20", and it should draw not more than 150 watts." These become the RFP requirements. But...fish drawers are not a thing. Blue stainless steel refrigerators, not a thing. 150 watts is a tiny power draw. A depth of 20 inches is unheard-of at that width and height. This RFP demands a nonexistent fridge. The bidders will be liars and people pitching custom refrigerators. A $700 fridge became a $5000 fridge. The fix is for staff to actually learn about refrigerators. But procurement staff don't have permission to take days to learn about fridges, or, more to the point, 1–2 months to learn about CCWISes, MMISes, or UI systems. For overworked staff, it's understandable that this practice has become standard. But some have come to believe that an RFI *is* market research. "Good" looks like cross-functional teams of procurement, program, and IT staff working together for weeks or months to learn about the market. They'd spend time reviewing vendors’ websites, watching videos, talking to other agencies, testing out software, getting candid assessments of vendors’ work—stuff any reasonable person would do when buying a refrigerator, but for a $10 million software project. Agencies need give their teams the space to work like this. It will pay for itself many times over. Don’t spend millions of dollars without doing at least as much research as you’d do to buy a fridge.

Results from 1990 gaps on third party risk management programs is this: 𝗕𝗢𝗧𝗧𝗢𝗠 𝗟𝗜𝗡𝗘: People struggle making third party risk programs efficient and meaningful to their business. 𝗕𝗔𝗖𝗞𝗚𝗥𝗢𝗨𝗡𝗗: We have done more than 2000 assessments at risk3sixty. Of those assessments we have identified 1990 gaps. By far one of our most common gaps. 𝗙𝗜𝗡𝗗𝗜𝗡𝗚𝗦: Here's where the gaps are concentrated: 𝟭. 𝗣𝗼𝗹𝗶𝗰𝗶𝗲𝘀 𝗮𝗻𝗱 𝗣𝗿𝗼𝗰𝗲𝗱𝘂𝗿𝗲𝘀 𝗙𝗮𝗶𝗹 𝘁𝗼 𝗠𝗮𝘁𝗰𝗵 𝗥𝗲𝗮𝗹𝗶𝘁𝘆 𝗼𝗻 𝘁𝗵𝗲 𝗚𝗿𝗼𝘂𝗻𝗱: Policies are written, but often do not reflect the reality of what companies need to produce meaningful results. For example, they typically do not reflect realistic processes or provide meaningful guidance on how to risk rank vendors. And most importantly, they don't provide any guidenace or "teeth" on how to disqualify a vendor if they exceed a risk threshold. As a result, vendor management often becomes a check-the-box administrative task to get through procurement. 𝟮. 𝗧𝗵𝗶𝗿𝗱 𝗣𝗮𝗿𝘁𝘆 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗗𝗲𝗴𝗿𝗮𝗱𝗲𝘀 𝗜𝗻𝘁𝗼 𝗮 𝗧𝗲𝗱𝗶𝗼𝘂𝘀 𝗔𝗱𝗺𝗶𝗻𝗶𝘀𝘁𝗿𝗮𝘁𝗶𝘃𝗲 𝗧𝗮𝘀𝗸 The volume of vendors and the manual nature of assessment work means that true risk management takes a back seat to checking-the-box. Third party risk management is often an additional duty for already busy GRC professionals or it is delegated to teams without authority to make vendor disqualification decisions. More common than not, the people doing the assessment work do not have the context to make educated decisions about vendors or to ask smart questions. This is thankless work and can lead to burnout quickly. 𝟯. 𝗧𝗼𝗼𝗹𝘀 𝗔𝗿𝗲𝗻'𝘁 𝗮 𝗖𝘂𝗿𝗲 𝗔𝗹𝗹 Tools range from glorified excel spreadsheet replacements, workflow engines that route questionnaires, or (my favorite!) tools that scrape website and assign risk scores based on website security scores (taking into no consideration the actual service rendered). Further, the industry suffers from under implemented and under adopted tools that fail to live up to the promised results. 𝗪𝗛𝗔𝗧 𝗧𝗢 𝗗𝗢: Here's some practical steps to consider: 1. Draft policies and procedures that reflect the reality of the process. That includes realistic risk scores, decision criteria for disqualifying vendors, and establishing a bar for which vendors need true analysis vs. which do not. DO NOT over engineer it. 2. Spend outsized effort on high risk vendors. And allow for it in policy. 3. Consider outsourcing vendor management in part or fully. If you use a good third party you can probably increase the quality and get some of the worst work off of your full time employees. They will thank you for it. --- What am I missing? #cybersecurity #thirdpartyrisk #vendormanagement