Skip to content

Do You Have A Risk Policy?

December 13, 2010

This week, the head of Corporate Governance at one of the major international audit firms told me that he was amazed by how many companies still cannot produce or describe a formal process for managing supply chain risk.

Of course, almost everyone uses one of the assessment agencies, such as Dun and Bradstreet, to assess financial risk. But when it comes to areas of business conduct risk – the sort of things that damage reputation and cause regulatory breaches – very few have a formal and comprehensive approach.

I spoke with one company this week that has attempted to build more rigorous risk assessment into their bid and contract process; the consequence has apparently been that cycle times have extended by several weeks. That doesn’t sound much like a sustainable approach; and of course it simply means one set of risks has been replaced by another (delayed revenues, loss of competitiveness, increased risk of internal process avoidance etc.).

So is there a better answer? In my opinion, yes. There are definitely ways that we can start to tackle these risk assessment challenges and I interviewed the CEO of one such solution today.

Richard Cellini is an attorney by background, but has spent many years in the field of corporate governance and compliance. His new company – Briefcase Analytics – offers a fast, practical and low cost solution to checking the integrity and performance of suppliers and customers. As the interview revealed, it is important that we undertake such checks not only at the outset of a relationship, but on an on-going basis. Indeed, regulatory requirements increasingly demand evidence of a robust and continuing evaluation process. Richard’s examples included some fascinating illustrations where major corporations have failed to act, even after there have been highly publicized cases involving key suppliers.

Briefcase Analytics is just one of a growing number of organizations using web-based data to provide creative new corporate services. In their case, they focus on seven major areas of business conduct:

•  Product Liability
•  Injury & Harm
•  Bankruptcy
•  Breach of Contract
•  Unfair Competition
•  Information & Privacy
•  Labor & Employment
•  Environmental

Their services are global, so if you are Chinese and want to check out your potential US trading partners, or a North American company doing business in India, you can access the data.

I see so many organizations struggling with how to manage risk. But increasingly the answers to their problems are readily accessible, if only they would look beyond their traditional approaches. Far from managing risk, we seem far too often to create risk though an unwillingness to explore new ideas.

A recording of the webinar with Richard Cellini, which includes insights to the ‘most risky’ industries and some of the best and worst performing companies, is available in the IACCM member library – or send a note to for a copy.

One Comment
  1. Tim –I too am surprised at how many companies don’t have a formal process for managing supply chain risk. This is such a hot topic. And, it goes beyond risk in the supply chain.

    60% of respondents to a recent ISM – Emptoris survey told us that Procurement Key Performance Indicators (KPIs) are not tracked by the C-Suite. Only a third claim supply base intelligence is used to make decisions that impact their company’s performance. This shocks me because risk mitigation is such an important strategy today, and supply base intelligence is critical to drive it.

    I write more on the survey results on my blog:

    Kevin Potts
    VP of Product Management and Marketing
    Emptoris, Inc.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: