Spend Matters welcomes this guest post from Jag Lamba, Founder & CEO of GetCerta.com, a provider of a SaaS platform for supplier management and contract lifecycle management.
At many large enterprises, it can take 3-6 months to onboard a new supplier. This is because, as each new supplier adds multiple layers of risk (operational, reputational, data security and privacy, compliance, regulatory), several internal functions (e.g., procurement, legal, infosec, compliance) need to get involved to mitigate those risks. One prospective client told me recently, after a particularly painful supplier onboarding experience, that upon looking through her emails retroactively she realized she had interacted with 20 people, created eight separate artifacts and touched 15 unique systems to onboard a single supplier. Obviously, things can and must improve.
Across clients, I have found that the following aspects of onboarding take the most time:
Faster supplier onboarding doesn’t have to come at the expense of strong risk controls. In fact, the only way to move faster is with better risk controls.
Here are my top 12 strategies for onboarding suppliers faster while lowering risk.
PROBLEM A: MULTIPLE SEQUENTIAL APPROVALS
1. Concurrent approval flow
Sometimes IT Security has to approve an engagement because client data is involved, and then Privacy has to sign off on it. Sometimes Compliance has to approve because there is OFAC, FCPA or AML high-risk activities proposed. And what if legal refuses to support the supplier’s strict indemnity clause?
There is nothing more frustrating than to jump through all the necessary hoops for a high-return engagement only for the final group consulted to stonewall you. If different groups have the ability to concurrently review, less time is wasted between review and signing — and the sooner you can redirect your efforts if someone says no.
2. Risk-based due diligence with nuanced auto-approvals
I know this one is quite obvious. Not all suppliers need to be put through the same level of vetting. With the right system, auto-approvals can lead to near instant onboarding, significantly lowering your average time to onboard.
Example: The onboarding process for a mid- to large-size enterprise can have automated approvals for the following vendor profile/rules with the system being able to support it:
If you think no software platform can do this today, I have news for you.
3. Workflows and task queues at group or person level
Getting the workflows organized is often the hardest piece of the puzzle. What needs to be done first and by whom? What will cause a firestorm if it doesn’t get resolved by the end of the week? What if you need to delegate that task to another person?
Emails can get lost, but a strong all-in-one system can help keep your teams on track with customizable reminders, alerts, assignments and escalations. Each group should get their own task queue where managers are able to assign specific tasks to their team members.
4. In-app/in-context collaboration or messaging
Business rules can only get you so far. Sometimes you have a question about a contract clause, a security addendum or the specifics of an SLA that needs to be addressed before the process can move on.
When that happens, your system should be able to allow you to comment and tag other departments or users. They may be notified by email that they’ve been pinged — and in some cases may even respond by email — but the system will enable and record the full discussion, giving you an efficient medium for communication. And, as a bonus, it offers a simple and easily accessible audit trail.
5. Establish SLAs for functional teams like legal, IT Security, etc. and create & track bottleneck charts
Want to know what’s taking the onboarding so long? There should be a report for that!
In addition to helping pinpoint issues in a unique prospective engagement, quarterly or annual reviews can help your organization identify structural bottlenecks and make better decisions. Is Privacy taking a month to review when every other team is done in two weeks? When highlighted, inefficiencies can be corrected, or at least be better understood.
It can also be helpful for the business requestor to look at the pending suppliers and say, “Oh, it looks like that one is still with IT Security. I’ll give them a call and find out how it’s going.”
PROBLEM B: LENGTHY CONTRACT NEGOTIATIONS
6. Send key terms upfront in the evaluation phase
… especially the clauses that may be contentious (e.g., limitation of liability, indemnity).
Your negotiating power is often highest in the evaluation phase, and laying out the non-negotiables upfront could help weed out vendors who cannot meet your standards.
As a SaaS vendor, I hate to tell you, but the initial phase is the point where I have the least leverage in negotiation. At least if I know where your hard stops are early on, I can focus on opportunities that provide the best risk-reward ratio.
You should limit these to the most important terms — you don’t want the best vendor to lose interest or raise their prices to meet obligations. But this saves negotiation time down the road, and sets you off from a stronger position.
7. Send draft contract on your paper
Let suppliers know that sending the draft contract on your paper is your standard practice, and that if they want to use their own paper, the process may take additional time.
As a default option, business requesters can send out your company’s standard template as well as any other applicable clauses to the supplier at the start of the process. This can be the first item on your standard onboarding checklist.
Because by including your document draft in the beginning, the bar for the supplier to say “Actually, can we use mine?” has been raised.
PROBLEM C: MULTIPLE SYSTEMS
8. Integrated TPRM and CLM
Onboarding, risk mitigation and contracting are all part of the same business process. There is no reason to manage these tasks in separate systems.
It is critical that these systems are closely linked, not just for ease of use and adoption, but also for effective risk mitigation (e.g., so that legal can contractually cover residual risks identified by other functions.)
9. Your system should be able to expand to add other use cases as your business grows
Having your users log into separate systems is a huge time killer. If you need to screen for anti-bribery risk, collect documentation for supplier diversity or measure environmental impact across suppliers, one system should handle them all.
Your employees — and your suppliers — will thank you.
10. Centralize risk management
Even if purchasing in your organization is decentralized, risk management, and all areas of risk, should be handled in one place.
You absolutely do not want different TPRM systems for each region. In this global world, your TPRM system must be multilingual and understand tax and banking validations in every location your vendors are based.
Moreover, the system should be smart enough to integrate different risk scores and factors for multifaceted risk, giving you a full picture of what risk exists for each vendor/engagement.
PROBLEM D: MULTIPLE DATA SOURCES FOR DUE DILIGENCE
11. Instant due diligence
Your due diligence and restricted party screening (OFAC) solution should be fully integrated into your onboarding system. It is 2020, and there should be no need to manually copy and paste information provided by suppliers, business users and data sources like D&B into a separate system.
Moreover, your software should not only proactively pull in data from all available and relevant sources, but it should also be able to run your business rules on the data pulled to drive the output.
Example: Per your business rules, suppliers with access to client data in California are sent automatically for intermediate due diligence, and screened against an increased number of media sources, watchlists or restricted lists, and potentially even for active litigation. If “red flags” pop up, the supplier record is recommended to an analyst for further checks and evaluation by a more senior business leader.
12. Engagement-level risk management
There is no need to re-vet the supplier for each engagement, but you can’t ignore the vetting completely as the new engagement may require additional access than the original one.
Your system should allow you to capture and auto-flag any “escalations,” beyond what the vendor has been approved for. Moreover, the category manager may choose to periodically review escalations, either for engagement-level risk or across the board.
BONUS: The ultimate hack
The ultimate hack is to increase leverage from existing suppliers. Not only will this reduce your risk, but it will also:
I was recently talking to a friend, a GM at a Big 5 tech firm, and he told me that he knows more about his lunch place where he spends $10 than some of his vendors where he spends north of $1 million. Wouldn’t it be awesome if your TPRM solution enabled you to capture structured (quarterly/annual) reviews and ad-hoc “Yelp-like” feedback from your managers?
Wouldn’t it be useful if your TPRM system encouraged your users to search existing suppliers, enabled logging feedback and performance monitoring, and had an industry-leading CLM? If all this seems like a pipe dream, dig deeper.
The future is already here — it’s just not very evenly distributed.
Thanks to Mark Arrigotti, global head of Procure to Pay at Uber; Marc Goldberg, Chief Procurement Officer at Dun & Bradstreet; and Linda Chuan, Chief Procurement Officer at Box, for the many insightful discussions that shaped these ideas.
This content was originally published here.