The Determine


Vision. Insight. Control.

August 24, 2016

Improving Insights Into Third-Party Risk (Series 1 of 4)

Introduction to SIM & CLM:
Why supplier risk isn’t just a Fortune 100
company issue.

The responsibility for managing suppliers and supplier contracts has taken on a heightened level of interest and concern in recent years. Highly regulated industries including finance, healthcare and food services, are forced to re-evaluate how supplier information is collected and how contracts are managed. With fines that can be in the millions, the potential of being audited and penalized due to non-compliance is real.

In a new world of social media and hyper-mobility, organizations today are also more aware of how their suppliers behave with their customers, other businesses and the market at large. They  are increasingly keen on keeping closer tabs on their suppliers in the effort to avoid the risks stemming from social, political or geographical factors.

Of course, understanding how engaged suppliers are in an organization is dependent on their  importance to the organization. For instance, a newly onboarded non-strategic supplier will not, or should not, get the same level of attention as the strategic one that has been in place for years. However, regardless of the level of supplier engagement, the need to centralize processes and information for understanding potential supplier risks and their contractual obligations has become universal.

Given that organizations can have hundreds, if not thousands, of suppliers, the related pieces of supplier contracts and information can multiply exponentially. Keeping track of it all and the related tasks can seem to require a herculean effort, especially if the ability to connect the dots between the suppliers and contract(s) that bind the relationship can not be easily established.

Based on our experience in working with clients and partners at Determine, the challenge can indeed be daunting. For example:

  • Understanding the level of risk and exposure to third-party risks—this is often unknown and talked about in terms of “Third-Party Risk” rather than just a supplier risk issue
  • Duplication of efforts, increased costs and potential damage to the corporate brand is not measurable
  • Managing “obligations” post-contract is most often unknown or underestimated
  • With any third-party entity, it is not unusual to have 1500 pieces of data associated with that party
  • With supplier information, it is not unusual to have five different systems
  • Supplier rationalization strategies have not yielded benefits due to a lack of a “holistic” visibility into the relationship

How organizations are managing these efforts is built directly into the process of how supplier documentation, including contracts, certifications and third-party information, is collected and managed.

While many large organizations have already invested millions into developing these processes through a variety of Enterprise Risk Management frameworks (ERM), Governance Risk and Compliance (GRC) and/or centralized vendor management programs, most small- to mid-tier organizations remain ill-equipped to manage these efforts for a handful of reasons, including:

  • The level of risk compliance is often too difficult to track since many requirements are buried deep in custom documents relying on key employees and inefficient manual processes to monitor
  • Typically, supplier/third-party risk falls between different “chairs” or department responsibilities. It is often not “owned” in a mid- to small-sized enterprise
  • The costs of deploying massive consulting and technology efforts within different parts of the organization have been prohibitive and out of reach
  • There are no existing systems to manage these efforts since in the past the issue had  not been considered


  • The issue has been addressed with stand-alone point solutions unable to connect the dots between suppliers and contracts

Moreover, for mid-size to small organizations with limited resources ($500M – $10B in revenue), the ability to easily establish the connection between the supplier relationship and the contractual obligations that bind them is essential. The goal is to mitigate supplier risk related to  procurement and manage the wider sense of risk in the context of corporate GRC initiatives.

Achieving that goal requires the ability to have process and technology that—

  • Consolidates all the data in one source between CLM and SIM—Managing one system instead of several increases productivity to allow IT to focus on other activities
  • Has one unified single business process across divisions and business functions for both CLM and SIM, simple to maintain from a CTO perspective—Improving compliance and visibility and reducing management time on this issue
  • Shares data in one tool resulting in significant reduction in duplication of efforts across functions for legal and supplier management—Increasing productivity

From our experience, given the current business environment and the need to act quickly and efficiently, improving supplier information management in conjunction with contract lifecycle management issues is a best practice approach that simplifies the very complex problem of third-party risk management.

At Determine, we recognize that many organizations have taken the wrong approach or have avoided the challenge until now. Learn more about how we can help you meet the challenge of third-party risk by downloading this whitepaper or request a demo.

* Take the first step by reading Collaborative Contract Management – Procurement’s Role in Enhancing Compliance and Mitigating Risk