MANAGING SUPPLIER RISK: IT EVOLUTION IS INCREASING YOUR RISK

A number of factors, such as cost efficiency and rapidly evolving technologies, have resulted in many companies migrating from internally managed on-prem systems to externally hosted (cloud-based) solutions managed by your suppliers, but have you considered what that means for your organization?

Several cloud-based solutions offer core business functions and some are customer-centric, intended to be directly accessible by your customer base. In addition, many of your key internal back-office business and operating systems are also now residing in the cloud, such as your ERP (Finance, HR and Payroll) and CRM (Customer Relationship Management) and Data Analytics solutions.

To support your company’s objectives, the suppliers of these systems must maintain a high degree of availability, particularly during high-volume usage business hours. Also, the supplier’s support teams need to respond rapidly to your customers and/or internal teams regarding any operating issues, and then to analyze their root cause(s) to enable corrective action on any system issues that may arise. The reliable performance of those systems is critical to your company’s overall success, as we’ll discuss later this summer when we talk about Performance Management.

When your company selects cloud technology solutions, your team should be mindful of the need to contract technology with a customer-focused lens so that your customers can not only access the solution with ease, but they also must be relatively simple for your customers to use. Just as your company has come to rely heavily on cloud technology solutions, many companies are now also migrating core “Infrastructure” operations to the cloud, including disaster recovery backup support. And, again, in most cases these supplier offerings are residing in “multi-tenant” environments, where the supplier is supporting numerous customers under the supplier’s “standardized” sets of rules and service-level commitments.

The challenge, however, is that those supplier practices often do not align with your company’s specific needs, particularly regarding the protection of your company’s confidential proprietary data, as well as any protected personal data of your customers. This is particularly true regarding the rapid adoption of evolving AI technologies, as we’ll introduce next week.

With the need to ensure all such confidential data and information are appropriately secured and protected, the need to minimize your company’s risk from potential loss due to any unauthorized access or misuse of such data housed in a supplier-managed environment has increased dramatically, which cannot be minimized solely by way of contractual protections.

In addition to contractual protections, a robust and proactive Risk Management effort has now become an absolutely mandatory requirement and a primary focus of any Supplier Governance Operating Model. This means there is an escalating need for an enhanced level of Supplier Risk Management vetting before contracting with any key Supplier, and then an ongoing risk review process supported by your integrated Supplier Governance Risk Management protocols and supporting systems (e.g., specifically, Governance, Risk and Compliance, “GRC”, tools), all supported by the proactive executive-level engagement by your company’s executive management.  

With such increasing reliance on your Suppliers, the management of risk has become a Supplier Governance imperative. We hope you will find our articles regarding Risk Management thought-provoking and helpful as your company copes with the rising risk of your increasing reliance on your Suppliers.

Please join us next week as the 2025 Seprio Summer Series begins its review of many of the substantial risks associated with your company’s rapidly evolving use of AI technology.

Please let us know in the form below what you think about this blog post, other content on this website, or ask any other questions you might have. Don’t be shy.