Speaking Of Managing Supplier Risk, Renewed Focus Is Required For IT Services Vendors

My colleague, Lutz Peichert, recently wrote a blog about the need for continuous risk management as it relates to your IT supplier base. While his focus was more on monitoring software and hardware vendor risk, I want to step up and remind IT services buyers the same thing.  As I look at what’s happening in the steaming hot global IT services market and at the increased responsibility and access IT service providers are being given today (see Maintaining Vendor Management Vigilance In The Overheated Global Sourcing Market), I can’t help but worry that a single outage or bankruptcy or fraud or bad acquisition could spell disaster for a client. SVM executives have to continuously assess their IT services vendors’ viability and ensure that they have alternate options in case of vendor failure.

Publicly traded companies are obviously much easier to monitor due to their financial transparency; however there is still potential for fraud (as we saw with Satyam and Longtop Group) or M&A activity that may not be reported in standard sources, but that may leave customers in an unfavorable position. So, for “critical” suppliers in your portfolio, due diligence should include research outside of normal channels – social media, job websites, financial analysts (who have a pulse on M&A activity and the health of the suppliers’ revenues and profit margins).

Monitoring vendor viability for privately held companies is much more difficult and time-consuming. Our studies have shown that there is limited reliable financial and risk data available on privately held companies (see graphic below), especially those headquartered outside of the US or Western Europe (see “Enterprise Social Networking Can Help Crack the Code on Supplier Risk Management”). Thus, most of the financial and risk data has to come from the vendor itself and should be viewed with suspicion. Some tips for monitoring the viability of privately held IT services suppliers include:

  • Make sure you’re taking the risk for a reason. If the service supplied is that critical, you may want to rethink who your supplier is.
  • Have your accountants perform their own financial audits to ensure the veracity of vendor provided financials.
  • Check out the ownership structure and debt-holders. Where is the company incorporated? Is it incorporated? Who owns the company and where is the company registered?
  • Check out LexisNexis for evidence of legal problems or lawsuits. Corporate counsel can and should assist with this activity and information can be updated in your supplier management system on a regular basis.
  • Watch for excessive account management attrition. If your onsite account managers, client partners, or sales folks are turning over too much, this suggests that the company is a risky place even from an employee perspective. And, red flags should be vigorously waving if account management and sales staff are actually being laid off. In this healthy market, stable vendors are adding to their client partner and account management ranks, not firing them.
  • Monitor employment websites to find evidence of attrition outside of your account. Interview former employees or current employees who are on the job market.
  • Use your social media connections. Facebook, LinkedIn, and many others contain information that is useful for evaluating specific vendor viability.

This week I did a webinar for a supplier risk and performance management (SRPM) vendor called Aravo (See FAQs About Supplier Risk And Performance Management Software). SRPM software is for automating the risk management activity discussed above. While there is no silver bullet, SRPM tools help SVM executives optimize their monitoring and risk mitigation efforts. SVM executives should check out Aravo as well as some of its competitors, including: Achilles Group Limited, Axentis, Citicus, CVM Solutions, Dun & Bradstreet Credibility Corp., GXS RollStream, Hiperos, iCiX, Lavante, and MetricStream.


Excellent insights!

Hi Stephanie,

These are excellent insights on the importance of constantly Monitoring Risks arising due to Services Outsourcing. Monitoring, Predicting and Managing various risks in the services supply chain (captive centers and outsourced services such as ITO, BPO, KPO etc) across Countries, Cities and Suppliers, in real-time is not just an option for anymore for global organizations, but IS A MANDATE in today's changing dynamics. Do check out www.GlobalSupplyRiskMonitor.com for additional insights on the topic.

Warm Regards,
Sudeep Misra