Tag Archives: SIG

C’mon Procurement Pros – Pucker Up And Get Your Tech Dollars Now

NOW is the time to start a robust process to select, fund and implement a new technology system. 


Your CFO needs some love right now – supply chain isn’t something they’ve had to worry about much before…because you had it all covered!!  For the first time in their careers they’ve had to get into the details of how you keep it all going.  Your poor pandemic-battle-scarred CFO is now looking for some new ways to mitigate future business continuity risks.

Procurement and supply chain leaders around the world have the answers to future potential business disruption woes – what’s needed is some serious investment in technology!

COVID-19 has placed the risk of future global supply chain disruptions at the top of the C-suite’s agenda. Not wanting to be caught out again, company leaders are desperate for a better, faster way to recover the next time a crisis strikes.

Their eyes are firmly fixed on supply chain.

So, it’s time to wipe the dust of all those technology business cases – and get on Zoom, pucker up to the c-level and ask for the cash.

It’s the right time

The pandemic caught us out. It stripped away the luxury of time, revealing the real supply chain risks that we knew had been lurking just below the water line for years.

The tide went out and our weaknesses were exposed – a lack of visibility into our multi-layered supply chains, an overdependence on single geographies and single supply source and a lack of agility to pivot and close the supply gaps.

As we move forward, supplier risk, supplier collaboration, value analysis, cost reduction, quality, and compliance will be more important than ever. 

NOW is the time to start a robust process to select, fund and implement a new technology system. 

How to pucker up

But how can you make sure you select the right system and construct a convincing business case, especially when budgets are being slashed across the board?

Here’s your guide to technology selection and adoption, pulled together from years of experience.

Step One – make sure you meet the business needs

It starts with understanding needs. As procurement and supply chain pros, we all know how to run a solid needs analysis….so I don’t need to labour this point.

To decide what works for your company and suppliers, remember the 80/20 rule.  For example, if 80% of your spend is on contingent labour, you are better off looking at a system that specialises in that functionality. 

What system is best?

Once you know your company needs, it’s time to narrow down the provider playing field.

This can get confusing, because you might pick your top three and accidentally end up comparing apples to oranges. One system could be a full end-to-end suite, and you’re comparing it to a contract management point solution and a sourcing tool!

It’s easy to get overwhelmed; there are literally hundreds of e-procurement technology suppliers in the marketplace right now.

About 10 years ago we saw a big push towards ‘best of breed’ solutions. There were very few fully-integrated suites that were intuitive and easy to use. Plus, a lot of companies had budget limitations, so they looked to point solutions for contracts, P2P, sourcing, supplier management, analytics, etc. 

That worked for a while, but then it became a nightmare to maintain all those integrations and the systems lacked true interoperability.  

Then came the race for fully integrated suites, which led to the likes of SAP Ariba, Coupa, Ivalua and Jaggaer who emerged to lead the pack today.

Will the strong preference for the fully integrated suites continue? That remains to be seen. One thing is for sure, we will see a thinning out of the market as some of the best of breed start-ups struggle for cash.

But only you will know what’s right for your company.

Finding the love…and the cash

Once you’ve chosen your tech system, it’s time to get senior-level buy-in. How can you make your case convincing?

It comes down to giving a clear, compelling ‘why’. Why now? Why this system? What will it mean for the company?

Some great messaging that would resonate with the c-suite right now would be:

  • Systems give transparency
  • Systems give control
  • Systems give confidence

As well as these overarching messages, you should tailor specific business case messaging and justification for investment in your system for different members of the c-suite.  For example:

Chief Executive Officer – mitigate business continuity risk and future profitability

Chief Financial Officer – cost control and visibility

Chief Marketing Officer – reputation risk, protecting brands and fostering innovation

Head of Operations – efficiency and continuity

Financial Controller – well, it’s obviously about control!

Another tip for developing your business case messaging is to reach out to your online peer community and look through social media, to find stories that support your reasons for investing in tech.

There’s nothing the c-level likes more than to do better (or avoid the same mistakes) than the competition. Your stories and examples on how peers are handling problems will be a powerful tool for motivating your senior leadership team to invest in your recommended technology. 

Keep a c-suite huddle

It’s critical to ensure you have a wide base of support across the senior leadership team so that your project has strong foundations.

Stay close to the c-suite throughout the project.  Don’t ever assume the support you secure today will endure. Keep them regularly updated to ensure your technology project stays top of mind (and the corporate strategic priority list!).

Also, beware the trophy-seeking sponsor who could be using your supply chain technology project as a pawn in their political power play. It is always difficult to pick these people, but the wrong choice could threaten your project’s success. You don’t want everything to go down the drain when your board sponsor’s career bets don’t pay off. 

Ensure change management isn’t funded out of small change

Business cases for tech have always focussed on headcount reductions (hard numbers based on FTEs taken out of Accounts Payable, administration etc) and efficiencies (more of a soft number) on the value side, and licensing and implementation on the cost side for investment in technology. Don’t forget to also factor in the total cost of ownership. Customisation costs, implementation, and productivity losses and gains are all important financial considerations.

All of these cost and other benefits are important, but you must ensure you include a significant budget for change management, training, user implementation.

As a profession, we have not had enough focus on how to implement technology; that’s our weak point. It’s difficult to ensure the organisation is gaining the full benefit of the system they have invested in – and for the most part, we do a pretty lousy job of it.

That’s because these are change management projects, not technology projects. It’s so little about systems and so much about the people who use them.

Too often, the implementation budget is the first thing to go when CFOs want a quick financial win. Don’t fall prey to their argument that people will work it out, or that it’s all straightforward. That logic is precisely how and why many technology projects fail.

Fiercely guard your change management budget, and make sure you have a dedicated project team to make it a success.

You can do this

This is your chance to step up and lead, showing your potential for a more senior role.

Given the high failure rate of these systems right now, it may be a high-risk strategy to take on the leadership of a procurement or supply chain technology implementation. But with risk comes reward; your successful project will be a great asset to your career progression and increase your visibility.

More importantly, it will prove that you understand the business and know how to solve complex issues.

As we work our way through this latest supply chain disruption, we are (sadly) capturing the real costs of this pandemic and will have much stronger financial proof points for investment in technology.

If this kind of disruption happens again, we know the magnitude of what it is going to cost. So we must put systems in place that will respond much faster to mitigate these potential losses.

Now is the time to step up and put forward your argument for investment. We may never have such a fertile and receptive audience as we do right now.

Act now, while the spotlight is on supply chain.  Don’t waste a crisis.

This blog is an excerpt from a talk given by Procurious founder Tania Seary, as part of the SIG Procurement Technology Summit. Want even more expert advice on choosing and implementing a new procurement technology system? Register for Matt Stewart’s podcast series

We are Living in Exponential Times

We are living in exponential times. While that fact makes it exceedingly exciting to be alive right now, it also comes with a lot of procurement related issues. Let’s examine a few facts, and see if you can realise where I am going with this:

  1. In 1984, there were 1,000 internet capable devices.
  2. By 1992, there were 1,000,000.
  3. In 2008, there were 1,000,000,000.
  4. Today it is estimated at 30,000,000,000.
  5. Last year, 4 exabytes (4.0 x 10^18) of unique information was generated, which is more than the previous 5,000 years in total!
  6. It is estimated that there will be 70 billion connected devices by 2025.
  7. NTT Japan has successfully tested a fiber optic cable that pushes 14 trillion bits per second down a single strand of fiber
  8. Technical obsolescence is accelerated with technologies becoming obsolesced in as little as 3 years!

The Exponential Risk in Your Tail Spend

Let’s talk about third-party risk management. In procurement we need to focus on getting the correct supplier/provider/adviser at the best total cost, delivering the right level of quality and service levels.

To most people, this means that we are living in exponential times. But to a procurement person it means “oh no, I need to look at all of my supplier relationships because of the possible threat of risk.” The issue with this logic is we don’t know what we don’t know. And that means we have probably done little to no research/cyber security/risk assessment on our tail spend, let alone on every supplier in our critical spend.

Most companies have entered into multi-year agreements with their critical spend suppliers. This is in an effort to secure the best total cost of ownership and allow ample time for their suppliers to retool, ramp up and to get to know them in order to meet their service and quality requirements.

Therefore, despite quarterly business reviews (QBRs), it can possibly be as long as one to 10 years since that contract and relationship has been assessed (if ever) for real third-party risks.

Getting to Grips with your Supply Chain

I speak with CPOs on a daily basis and every one of them admits that they do not have a perfect grasp of their third parties, let alone their fourth-, fifth- or sixth-level parties. When was the last time you asked a supplier (especially in the tail) if they ever subcontract? Or whether their third parties, or fourth, have been reviewed for cyber risk? Or any risk at all for that matter?

Do you know whether your fourth parties are using human slavery? If every device is updated for the latest virus check? Whether employees are charging their phones through their devices, or if they are permitted to insert USBs into their computers from an unknown source?

How do we know if our fourth-level parties have a proof of mining to avoid conflict minerals? When was the last time we even checked our own staff for complying with strong cybersecurity norms?

The Cyber Risks Within Your Organisation

Just recently at a convention for hackers, cables that looked like Lightning cables were modified with extra hardware that gave hackers remote access to devices. Here’s how they work:

“O.MG cables are indistinguishable from the real thing, and they even come with the iconic adhesive binding rings you’ll find wrapped around new Apple cables. The [modified] cables act normally, too, letting you charge your devices via USB or transfer files from your iOS devices.

Neither your PC nor your connected devices will ever notice that anything is amiss. Short of dissecting the cable to look for the extra hardware, the only way to detect that you’re using an O.MG cable is when you realize, after the fact, that your device was exploited.

And even if you happen to catch an attacker running a terminal window on your PC remotely, O.MG cables include a kill switch that disables the implanted hardware, thus destroying any possibility to track down the attack’s origins.”

‘These Dummy iOS Lightning Cables Let Hackers Remotely Access Your Devices’, Lifehacker, August 2019

Secure Apps?

Apple would have you believe that your iPhone is very secure, until you add your first app. For example, when traveling recently I downloaded an app to play Dominoes (the game, not the pizza). This is seemingly innocent, but since I was on a long flight, I actually read the privacy information.

Check out some of the following extracts from the Terms & Conditions and Privacy Information:

  • FM GAMES App is a gaming application that may utilise your personal data. You also consent to FM GAMES’s cookie policies, as described herein.
  • Types Of Data We Collect: We collect personal data and non-personal data about you.
  • Location and Distance Information: When you use the FM GAMES App, we will collect your location to determine your distance from other users (“Distance Information”) through the GPS, Wi-Fi, and/or cellular technology in your Device. Your last known location may be stored for the purpose of calculating Distance Information between you and other users.
  • Messages: When you send a message we may retain the message for archival purposes or as otherwise allowed by law.
  • Purchases: We collect information necessary to complete purchases. This may include, among other things, your name, credit card information, billing information, address, telephone number, and email address.
  • Third Party Tracking Companies: We may share your hashed Device ID, Profile Information, Distance Information, and demographic information with our advertising and analytics partners. These third parties may also collect information directly from you as described in this Privacy Policy.
  • Third Party Service Providers: We may share your Personal Data with third party service providers

When I tried to turn off location services, this was not allowed, so I discarded the app. If this is the case with a gaming app for my phone, can you imagine the angst my home screen caused our IT folks?

Would you know if you had been hacked?

If I charge my phone through my computer, imagine what I am opening up for hackers to get to? How many of you reading this are using public Wi-Fi? What about Starbucks, or at the airport? Many of us will pass through at least one on the way to the Procurious Big Ideas event.

Did you connect to the seemingly innocent Wi-Fi? Would you know if you were hacked? If you haven’t heard about the reporter whose email was hacked on an airplane while using the airline app while working on a story about the FBI and Apple, take the time to do so.

The hacker read nearly everyone’s email on the plane. They then pulled the reporter aside when they landed to discuss the security, or lack thereof, of his phone while using public Wi-Fi, even if was at 35,000 feet.

The Fallability of Passwords

If this isn’t enough, consider what anyone can do with your passwords. Take for example my login for Amazon. If you were able to see my screen while I was logging in, this is what you could do.

Then, if in Chrome, right click and click on Inspect.

By merely highlighting the password and writing the word “text,” you will see my password. It is that easy if someone is “looking at your email” as you are logged in.

So, there you go. This is my Amazon password and I have now changed it since I wrote this post (but don’t tell my kids). This is the most basic level of cyber protection you can get, but even at a personal level with my own “research,” we are so out of our league, especially when dealing with technology obsolescence.

In the era of BYOD (bring your own device) who knows what your staff is exposing your company to. If we take this one level further to our third parties, who out there is doing the exact same thing and exposing their company to the same risks I just showed you?

So, while we are going to discuss third-party risk management in my session at The Big Ideas Summit, this is just the icing on the cake. If I am just one of the hundreds of contractors, imagine what damage I could be doing to your risk profile.

The Art of Third-Party Risk Management

So, the long and short of it, we are living in exponential times and it is time we paid clear attention to all of our third-party relationships (and their third parties, etc.) along our supply chains or we are destined to be in for a large risk event. It isn’t a matter of if, but when it will happen. If technology obsolescence is happening faster all the time, then we need to stay educated and alert, not paranoid.

To overcome these obstacles, we need to have an effective third-party relationship management and framework. Successful third-party management programs should focus on the four cornerstones approach: contract and performance management, risk management, financial management and communication management. The risk aspect of the relationship framework needs to be addressed for both critical and non-vendor relationships, along with non-critical vendors.

I recently took SIG University’s Third Party Risk Management Certification Program and was amazed to learn how much risk we are exposed to within our contracts and the need for a strong third-party relationship framework with a focus on risk. For a framework to be successful, it must have strong governance and approved by senior management.

As a result of the 2008 financial crisis, there has been a renewed focus on the role of board of directors, the composition of the board, capabilities, accountabilities, and responsibilities for prudent acceptance and management of risk. This renewed focus has made it much easier to focus on third-party risk and to get strong governance in place to mitigate risks.

The most important lesson to leave you with is that third-party risk management is an art, not a perfect science. Having a framework in place to address and mitigate risk, escalate issues and seek resolution is the key to making strategic procurement decisions.

Learn more about procurement’s role in managing third-party risk by attending Dawn’s session at the Procurious Big Ideas Summit Chicago 2019 on Wednesday, September 18. If you can’t be in the room, there’s still time to register as a Digital Delegate. Find out more and sign up today!

About the Author

Dawn Tiura is the CEO and President of SIG, SIG University and Future of Sourcing and has over 26 years’ leadership experience, with the past 22 years focused on the sourcing and outsourcing industry.

In 2007, Dawn joined SIG as CEO, but has been active in SIG as a speaker and trusted advisor since 1999, bringing the latest developments in sourcing and outsourcing to SIG members. Prior to joining SIG, Dawn held leadership positions as CEO of Denali Group and before that as a partner in a CPA firm. Dawn is actively involved on a number of boards promoting civic, health and children’s issues in the Jacksonville, Florida area. 

She is a licensed CPA and has a BA from the University of Michigan and an MS in taxation from Golden Gate University. Dawn brings to SIG a culture of brainstorming and internal innovation.