Globalization and supply chain risks

We've discussed globalization a bit in the context of compliance. More people are waking up to risk at many levels, including vendor risks. As more companies outsource bits and pieces of their production processes, the risks have multiplied.  

"This goes well beyond just outsourcing, and would include other areas such as; suppliers, service vendors, consultants and external auditors and even your supply chain's supply chain," says Brett Curran, Vice President of GRC and Regulatory Practices at Axentis. Every time a company expands its supply chain, it gives up a little more control. Or so it seems. Consider this: The typical company that earns $1 billion has more than 1,000 third-parties working with it. So "it's often difficult for companies to identify all of the vendors they do business with, let alone track and manage their potential risks, as well," Curran says.

So is this a Sarbanes-Oxley issue? Sure. Auditors ask clients to provide details about their third-party risk monitoring practices to ensure that the company is fully aware of who their vendors are and each vendor's potential impact on the bottom line. Often financial reporting is involved.  

So this may be something to address. The GRC guide Red Book from the OCEG addresses this. It suggests that companies assess and manage third-party risk as if the third party was a part of their own company--daunting indeed. You can bet more GRC vendors, including Axentis, will be adding functionality in this areas. - Jim