Improving Insights Into Third-party Risk (Series 1 of 4)

by | Sep 12, 2022 | Compliance & Validation, Contract Management, Supplier Performance


Introduction to SIM & CLM: Why supplier risk isn’t just a Fortune 100 company issue.

The responsibility for managing suppliers and supplier contracts has taken on a heightened level of interest and concern in recent years.

Highly regulated industries including finance, healthcare and food services, are forced to re-evaluate how supplier information is collected and how contracts are managed.

With fines that can be in the millions, the potential of being audited and penalized due to non-compliance is real.

  • SIM: Supplier Information Management
  • CLM: Contract Lifecycle Management

In a new world of social media and hyper-mobility, organizations today are also more aware of how their suppliers behave with their customers, other businesses and the market at large.

They  are increasingly keen on keeping closer tabs on their suppliers in the effort to avoid the risks stemming from social, political or geographical factors.

Of course, understanding how engaged suppliers are in an organization is dependent on their  importance to the organization.

For instance, a newly onboarded non-strategic supplier will not, or should not, get the same level of attention as the strategic one that has been in place for years.

However, regardless of the level of supplier engagement, the need to centralize processes and information for understanding potential supplier risks and their contractual obligations has become universal.

Given that organizations can have hundreds, if not thousands, of suppliers, the related pieces of supplier contracts and information can multiply exponentially.

Keeping track of it all and the related tasks can seem to require a herculean effort, especially if the ability to connect the dots between the suppliers and contract(s) that bind the relationship can not be easily established.

Third-party Risk

Based on our experience in working with clients and partners at Sourcing Force, the challenge can indeed be daunting.

For example:

  • Understanding the level of risk and exposure to third-party risks— this is often unknown and talked about in terms of “Third-Party Risk” rather than just a supplier risk issue
  • Duplication of efforts, increased costs and potential damage to the corporate brand is not measurable
  • Managing “obligations” post-contract is most often unknown or underestimated
  • With any third-party entity, it is not unusual to have 1500 pieces of data associated with that party
  • With supplier information, it is not unusual to have five different systems
  • Supplier rationalization strategies have not yielded benefits due to a lack of a “holistic” visibility into the relationship

How organizations are managing these efforts is built directly into the process of how supplier documentation, including contracts, certifications and third-party information, is collected and managed.

While many large organizations have already invested millions into developing these processes through a variety of Enterprise Risk Management frameworks (ERM), Governance Risk and Compliance (GRC) and/or centralized vendor management programs, most small to mid-tier organizations remain ill-equipped to manage these efforts for a handful of reasons, including:

  • The level of risk compliance is often too difficult to track since many requirements are buried deep in custom documents relying on key employees and inefficient manual processes to monitor.
  • Typically, supplier/third-party risk falls between different “chairs” or department responsibilities. It is often not “owned” in a mid- to small-sized enterprise
  • The costs of deploying massive consulting and technology efforts within different parts of the organization have been prohibitive and out of reach
  • There are no existing systems to manage these efforts since in the past the issue had  not been considered


  • The issue has been addressed with stand-alone point solutions unable to connect the dots between suppliers and contracts

Moreover, for mid-size to small organizations with limited resources ($500M – $10B in revenue), the ability to easily establish the connection between the supplier relationship and the contractual obligations that bind them is essential.

The goal is to mitigate supplier risk related to  procurement and manage the wider sense of risk in the context of corporate GRC initiatives.

Achieving that goal requires the ability to have process and technology

  • Consolidates all the data in one source between CLM and SIM—Managing one system instead of several increases productivity to allow IT to focus on other activities
  • Has one unified single business process across divisions and business functions for both CLM and SIM, simple to maintain from a CTO perspective—Improving compliance and visibility and reducing management time on this issue
  • Shares data in one tool resulting in significant reduction in duplication of efforts across functions for legal and supplier management—Increasing productivity

From our experience, given the current business environment and the need to act quickly and efficiently, improving supplier information management in conjunction with contract lifecycle management issues is a best practice approach that simplifies the very complex problem of third-party risk management.

Third party Risk

Success Story:

Car & Truck Repair and Sourcing Force Collaborate on a Continuous Improvement Initiative.

“What do you think of the implementation of a continuous improvement process and what triggered it at Car & Truck Repair?”

Car & Truck Repair: It seems to me that this is a first in the administration and finance department at Car & Truck Repair.

We have other ERP systems, but they are not SaaS.

Updates to these tools are rare.

In fact, our end users, whom we consider as our customers, are quite unhappy with these other tools, which have not evolved at the same pace in the cloud to meet their needs.

Thanks to the continuous improvement approach in working with Sourcing Force as a true cloud platform, it is different; during the various meetings with the employees in our centers, I am able to show these same end users the improvements that are in the test phase, and I can also explain to them the improvements that can and cannot be implemented to better set their expectations.”

“Do you have an example of that?”

Car & Truck Repair: Take Sourcing Force’s attribute management feature as an example.

For end users, it provides easy access to custom item attributes in the shopping cart.

This more precisely describes the characteristics of the services or items they need, like a supplier’s language capabilities, years of experience, or product attributes like color or size.

End users in the past realized that this was not possible in France because of the unique item references they often requested.

Through these meetings, I shared my tests on the Sourcing Force Cloud Platform, and end users saw that their remarks could now be taken into account and tracked over time.

“What have been the different stages of this continuous improvement process?”

Car & Truck Repair: At the end of a meeting at one of the Car & Truck Repair centers near London, the Sourcing Force team showed us the new features and new UI/UX, and provided us with a test platform that was a copy of the production platform where the features that we found interesting were activated.

Then, several discussions took place to improve certain features and refine the settings.

Now we are at a point where, among all the features presented, we selected those that presented a real added value for us and that will soon be pushed into our production environment.

“What stood out for you in this approach?”

Car & Truck Repair: I found this approach to be very good.

First of all, the testing is done in a development sandbox environment; there is no modification on their live production environment.

Moreover, when a user’s request is unsuccessful, we know why.

That allows us to better explain it to them because we have tested it, and that is very important.

Finally, it also allows us to project ourselves into the future.

For example, with the deployment of phase two (batch two) – the addition of the invoicing module – the new products tested allow us to anticipate future processes as much as possible.

In terms of organization, an annual meeting in person to spend half a day discussing all subjects concerning the platform with Sourcing Force is very constructive.

We see which projects they are working on and their future orientation and technology roadmap.

In exchange, we share our feedback and the way in which our company is changing.

It’s collaborative, and that’s how we like to work at Car & Truck Repair.

“What are your impressions following the Version 3 of Sourcing Force?”

Car & Truck Repair: I had a lot of questions following the product changes and needed support implementing Punch-Out and the Electronic Data Interchange (EDI).

Sourcing Force’s team was there, and it helped resolve some challenges with certain suppliers.

When I get stuck on specific points and can’t make myself understood, it’s there.

It is a good relay between the Sourcing Force team and us.

“During our visit, users were able to give their opinion of the tool. What feedback did you get?”

Car & Truck Repair: Users appreciate being involved in this type of meeting because they can express their thoughts.

I often talk to them on the phone, but when I take part in business synergy meetings like these, it allows me to discuss the problems encountered, how they are followed-up, and solutions to get around them if they exist.

The users really appreciate this effort.

“What changes do you see in Car & Truck Repair in how you use the tool?”

Car & Truck Repair: Beyond breathing life into the platform by managing catalogs and suppliers, my role will tend to evolve after implementing phase two on Invoice Management.

At Car & Truck Repair, we have a team that handles accounting who will take control of the tool, so I will no longer be the only one administering it.

We are also thinking of using Contract Management, which I will take over soon.

The fact that we are not deploying all the modules at the same time allows us to gain the perspective needed on how the tool operates as a whole.

So, as soon as the Contract Management solution is in place, we will know how to manage it.

“As the sole administrator of the Sourcing Force platform today, what can you tell us about it?”

Car & Truck Repair: Today it is pretty easy to administer.

The import/export of Excel files is easily done – it does not take much time.

At first I was afraid of spending my time referencing the catalogs, and that is not the case, so I am satisfied.

Administering the tool is really easy to learn.

“What do you think of the flexibility of the Sourcing Force Cloud Platform? Of its ability to manage complex business processes?”

Car & Truck Repair: At Car & Truck Repair, we are not in favor of custom developments, so SaaS allows us a great flexibility.

This is a real asset.

The platform is not frozen at a specific point in time; it evolves, and we can activate new features according to the evolution of our business needs.

“Could you give us an example of this “flexibility”?”

Car & Truck Repair: We have few rules of assignment at Car & Truck Repair.

The user sends the majority of requests directly as orders without approval.

The Sourcing Force Cloud Platform is designed to allow users to create approval rules on requests, orders and other things.

We have discovered by creating rules specific to our business needs, the tool easily adapts to our way of working.

In three clicks the user can place an order.

This is the tool’s real advantage: the ability to easily create business rules that adapt to our processes.

Another example is multi-catalog management.

When deploying the tool internally, based on our business we needed two different catalogs with two different price grids.

After discussing with Sourcing Force and highlighting these constraints, we were pleased to see that they knew how to manage these constraints by activating the multi-catalog feature, which I have been able to test easily.

Contract Management

Our latest articles

Par Jérémy Ferrer, le 12/09/2022

Legal mentions

Share This