A Look at "Tone at the Top" Supplier Management and GRC Standards

December 21, 2016 Chris Doxey

The unfortunate truth is that every day, well meaning companies make contracts with and pay invoices to fictitious suppliers. Governance, Risk and Compliance (GRC) are the controls that provide the right steps to prevent fraudulent supplier contracts from slipping past the nose of your controller.

desktop with tools to manage GRC in your supplier data management

“Tone at the Top” supplier management and GRC standards

Compliance to GRC standards should be engrained within your daily business practices and become corporate culture. These ethical standards and expectations are set in motion collaboratively by the top officers and executives of the company, hence the term the “Tone at the Top.”

What does Governance, Risk Management, and Compliance (GRC) mean to your organization?

Ethical best practices in the procure to pay process are governed by GRC principles. GRC is comprised of three central concepts: Governance, Enterprise Risk Management, and Corporate Compliance.

Governance

Governance is directed by the senior officials and board executives who oversee the controls of the entire organization. It’s a top-down way of guiding all activities to follow established protocols through decision making and informed management strategy. It’s making sure all activities within an organization follow the guiding principles set by management boards and government regulations.

Risk management

If governance is the “all-seeing eye” of GRC, then risk management is the telescope through which it views risk.

Through risk management channels, management identifies weaknesses or threats to overall business objectives. These threats look like technology vulnerabilities, data security, compliance violations, bad investments, or external legal issues.

Organizations should know what kinds of compliance issues present the biggest threat to the business and perform a risk assessment to identify those.

Part of the desired outcome is identifying the areas in dire need of compliance oversight—and prioritize those—specifically as it regards supplier management.

Compliance

Compliance is ultimately conforming to a set of predefined rules. Governmental bodies, laws, regulations, and policies affecting your industry are all influencers on your business' compliance requirements.

Sometimes, there are costs of non-compliance that outweigh the benefits of adjusting to accommodate for specific regulations. However, failure to meet regulatory compliance should be weighed carefully, as a misstep could cause significant impact upon operating entities.

Applying GRC to the Supplier Management Process

Now we arrive at how the integration of governance, risk management, and compliance affects supplier management processes. Use the steps below to see how integrating GRC can tighten supply chain controls and enforce compliance within your organization.

  1. Supplier Qualification Process: Ensures that services provided by suppliers fit your company’s needs.
  2. Supplier Sourcing: Gather the appropriate documents necessary to understanding a supplier’s service. This includes request for proposals (RFP).
  3. Onboarding: This is the phase when applying GRC principles is the most crucial. During the early stages of reviewing a supplier’s contract, contractual compliance is of the utmost importance. Compliance screenings (OFAC, OIG, BS, PEP, AML) for accurate supplier information are helpful in this phase.
  4. Supplier Compliance Screenings and Managing Performance: Once the supplier is validated, performing ongoing compliance screenings can prevent a fictitious supplier from slipping through the cracks of your organization. Service Level Agreements (SLA) can also be examined at this step.
  5. Supplier Probation or Establishing an Exit Strategy: A prepared exit strategy that identifies a supplier’s non-compliance or contract breaches helps provide a smooth transition for the supplier and your organization.

An effective supplier management program as outlined will protect a company against the risk of non-compliance fines and internal controls issues. Ongoing internal auditing using these principles is key to maintaining secure relationships in procurement and beyond, ultimately avoiding any potential crisis stemming from fictitious suppliers.

About the Author

Chris Doxey

Chris Doxey, CAPP, CCSA, CICA is an independent management consultant providing Internal Controls and Business Process Best Practice Solutions. She has extensive experience in procurement, accounts payable, internal auditing, internal controls, Sarbanes-Oxley compliance, payroll, logistics, financial systems strategy, and financial integration at Digital, Compaq, Hewlett Packard, MCI, APEX Analytix, and Business Strategy, Inc. She was recruited to assist MCI (formally WorldCom) recover from their internal control challenges. She has a bachelor's degree in English, a bachelor's in accounting, a master's in business administration, and a graduate certificate in project management. Chris has written numerous articles and published two handbooks: AP Leadership Skills and Implementing a Controls Self Assessment Program for Your Accounts Payable Department.

Follow on Linkedin Visit Website More Content by Chris Doxey
Previous Article
Your Supplier Onboarding Roadmap
Your Supplier Onboarding Roadmap

Supplier portals are a means to submit, track, and expedite payments. Learn how a supplier onboarding platf...

Next Article
How to Convince Suppliers to Accept Epayments
How to Convince Suppliers to Accept Epayments

Supplier enablement is one of the biggest hurdles preventing enterprises from adopting an electronic paymen...

×

AP & Finance Professionals:
Sign up for
our weekly newsletter

First Name
Last Name
!
Thank you for subscribing!
Error - something went wrong!