Rethinking Supplier Risk in the Era of Diversity and Inclusion
While everyone around the globe has become aware of the focus on diversity and inclusion, not everyone has embraced or welcomed it. Some are deliberate and vocal about expressing dislike of these necessities at work, school and in our communities. Others are quietly against it but raging inside, rallying against diversity and inclusion, both consciously and subconsciously.
Having worked in the procurement, sourcing, vendor management, and risk functions over my career, I have observed how conscious and subconscious biases have played themselves out; in some cases very visibly, but many covertly affect the enterprise.
I thought sharing some observations may bring awareness for reconsideration of selecting suppliers and redetermining their risk posture. Since the cause and effect of decisions made a long time ago are the foundation of conscious, unconscious and open biases, they have been the driving force for what has been deemed as risks in enterprises that may hinder abilities to improve diversity, both within organizations and when it comes to suppliers.
As aptly pointed out in a recent Gartner study, the procurement function, the stewards of enterprise supplier risk, is at the bottom of the barrel along with sales when it comes to diversity. The study findings should be a cause for concern for organizations. If there is a lack of diversity in the procurement functions and its leadership, the value of diversity and inclusion lacks decision-making by those operating in the function.
Unfortunately, the supplier-side sales functions have also been complicit enablers of this vicious cycle. If the supplier wants to win business from an enterprise client, they place client-facing sales teams that fit the mindset of the enterprise procurement or business buyer holding the checkbook, but they also bring biases in their award decision-making or selection process. Both procurement and sales diversity and inclusion will need to evolve; they carry a more significant reputational risk for both enterprises and suppliers.
Unfortunately, deeply rooted unconscious biases often became the catalyst for decision-making, even by those who were part of the underrepresented populations. I can recall countless instances when biases were on full display by those responsible for determining risk for an organization.
I am hopeful that sharing my observations may help organizations become aware and revisit their procurement and risk functional views by seeking to understand what is a genuine risk to the enterprise and how to manage it.
When it comes to suppliers, reputational risk is an interesting one, but it closely follows the same lens as hiring employees. However, like peeling the layers of an onion, many things can trigger a reputational risk for suppliers, so it's not necessarily a "one-size-fits-all approach." Yet, many organizations have long adopted this notion of reputational risk regarding suppliers.
The organization and its leaders must be willing to look at the many layers of this risk category and determine which ones are true to their organization's reputation, and then target those specific areas. Many products and tools have incorporated the faulty notion of reputational risk in its decision-making of what is deemed as a risk. So, if we are intentional about improving diversity and inclusion, we need to be willing to peel back the layers and seek to understand.
An example of this layer is understanding the history of how enterprises' reliance on risk software or processes for determining supplier risk was born out of the financial industry having an underlying cause and effect. One of the elements of this reputational risk is the "background check" to determine an individual reputation, particularly executive team members' criminal record, which comes from the employee hiring practices in financial institutions.
Of course, this notion of a background check and criminality makes sense for banking and financial institutions dealing with money, resulting in it being an important consideration. However, when the banking or financial executives went to other companies or industries, they carried their view of "reputational risk" in employee and supplier considerations. So, this lens became the new norm even when it was around supplier selection considerations.
Another striking aspect of it is that when other industries were looking to implement risk practices, knowing that the financial industry already had them in place, they quickly deemed these processes as best practices and adopted them as their own, without either a consideration of whether it applied to their company or industry, or likely due to conscious or unconscious biases. Such group think resulted in most companies choosing not to hire an individual as an employee if they had been in trouble with the law, without regard to understanding what the actual issue might have been and why, or if they were the victim of a systematic conscious or unconscious bias.
Some forward-thinking organizational HR and business leaders have started to understand this issue. They are no longer considering this aspect when hiring employees except in few roles where it could be applicable. However, the procurement or risk departments have not done the same; thus, relying on the deep rooted and established way of considering supplier risk still being the norm.
I recall more than one instance over my career where a white-collar crime or otherwise for a supplier employee showed up on the risk tool, usually leading to the consideration of the supplier being too risky. Supplier exclusions are automatically triggered based on the software implemented by someone in a leadership position who hadn't required a reasonability test to determine how risky the supplier is for their use, stemming from this long-adapted over-reliance on software tools for our decision-making.
Mind you, no considerations are given to understand the circumstances. The organization may never encounter the supplier or its personnel, while this supplier might be a leader in the industry, or they are doing a large book of business with your peers or other large enterprises. Typically, none of these are considered or open for discussion. So, the decisions are consistently being made similarly across many enterprises to eliminate such suppliers from consideration because we still rely on the old way of determining risk.
Since no one wants to fight the decision-maker on their rationale, exception processes get put into place to be invoked for any team in the enterprise wanting to use a flagged supplier, creating bureaucratic layers simply because of biases of one person who could only see the risk lens based on a financial institution and not their own, in which such circumstances would never come to fruition.
Supplier Risks in the Age of AI
My recommendation is for organizations to look at how supplier risk has been considered and empower their people to apply a diversity of thought to the applicability of the risk to the organization. Organizations should attempt to understand if their supplier risk processes are over reliant on software tools and, if so, how those software tools determine risks. It is essential to understand if the software tool's risk lens would have the same applicability as your own. Since supplier risk tools originated from the financial industry, those parameters have been lost or forgotten over time. Hence, it's worth revisiting to determine the applicability to your organization and industry.
For example, when we look at the financial risk of a supplier, there are only a handful of tools in the market. None truly addresses the global nature of supplier financial risk, but because they have the market share, their lens has become the decision-making view determining suppliers' financial risk. The question to explore would be this: Why are we looking through a financial lens of a supplier organization based on just one or a few software companies' points of view, given that they all originated to support the financial industry?
The Many Faces of Supplier Risk
Supplier risk has many legs and each has variance tied to the industry: what you are doing with the supplier, why and how should all map to your organizational risk appetite with the software tools in use. The invoked processes should reflect your organizational risk posture and not that of the supplier risk software alone.
Enterprises should also be willing to consider more of a supplier intelligence versus a supplier risk program approach. The supplier intelligence view highlights many areas that an enterprise should evolve to understand a comprehensive and holistic view of the supplier, specific to your industry and your organizational risk appetite. Today, supplier risk tools are disparate and don't provide a holistic view across the multiple dimensions of risk and intelligence important to your organization.
Start exploring supplier intelligence tools and their approaches and pressure test to ensure that their foundational view of what and how we consider supplier risk is evolving. It will be necessary for the software players operating in the space deemed supplier risk or supplier intelligence to bring a holistic view of the supplier that matters to your organization and not what they believe should matter to you. I am encouraged by some of the supplier intelligence elements coming together on some of the newer software tools. However, they still have a lot of work in evolving and personalizing the various dimensions important to each organization.
Changing the Face of Supplier Risk in the Age of AI
As we head into the AI-led processes, it’s important to understand and root out decision-making by a few with conscious or unconscious bias. This is where the AI will learn from what it deems as a risk and what it does not. Many new software players have popped up over the past couple of years that are starting to apply the variation of the lens but, more importantly, starting to show the "why" through the explainability feature when using Machine Learning methods. It benefits us to understand it a bit more by applying critical thinking to determine if the risk identified by the machine in a supplier risk consideration is valid or not.
If we believe that people and situations cannot change, we would certainly be hard-pressed to accept that those who didn't practice diversity and inclusion are now acting differently. Being the optimist that I am and seeing the positive in people, I believe that people and situations can change, so we need to be adaptable and mindful of giving safe spaces for people to become self-aware and self-reflect. Continuous learning is required to improve diversity and inclusion in our organizations and how we consider supplier risk in the future.
Suppose we don't reconsider our risk posture in the AI-enabled future. In that case, our organizations will experience losses if we continue to operate from the original foundation of supplier risk processes based on historical decision-making methods. Our future organizational sustainability requires us to think and act differently. Organizations and leaders with intentionality that step up to the plate will thrive in the AI-led fourth industrial revolution, and those that do not will struggle to survive.