A Case Study: Risk assessment, controls, business continuity, and internal audit | CPO INNOVATION

CPO Innovation - Risk assessment
CPO Innovation – Risk assessment: source: cpoinnovation

Pain Point Focus Area: Risk assessment, controls, business continuity, and internal audit

Current Situation

Purchasing professionals scramble before internal audits, trying to hide everything they might find, and also trying to fix everything that can be fixed. It’s a crazy model, no different than cramming a year’s worth of flossing before an annual dentist visit. Internal auditors with lots of audit experience and zero purchasing experience come around and present a number of findings. Then they force your department into coming up with systemic solutions to problems that often times don’t need fixing, or don’t make sense to fix for the business, or worst of all, take away from the purchasing department’s ability to be agile and nimble. In the end, it’s never a good experience, and while it may be a good outcome from a risk and controls perspective, it’s rarely a good outcome from the perspective of enabling purchasing to best be able to achieve lowest TCO.

Desired Situation

When this is working well, purchasing and internal audit are in perfect synch. Purchasing is not getting surprise audit findings and internal audit is not trying to find their way in a business environment that they don’t really understand. Both groups are aligned on what specific risks and controls are being audited for and how they will be measured. Because purchasing’s risk and control documentation is so precise and well understood, internal audit comes around far less frequently to the purchasing organization, because they are no longer considered an area of medium or high risk. Purchasing professionals don’t scramble before internal audits because, once again, the audit criteria were developed by purchasing, and the processes therein are baked into the fabric of how purchasing runs their business – there’s nothing to scramble about. In the end, an internal audit becomes a short time allocation effort and they happen infrequently. When they do happen, there are no surprise findings and both parties are in lockstep on what to measure and how. Both parties can run their business efficiently and with a good partnership model in place.

Gap Closing Actions

In this model, purchasing gets trained on a best in class methodology for doing risk assessments. Risks are identified and categorized in terms of their levels of impact and probability of manifestation. From there, corresponding controls are assessed and classified by whether they are preventative, detective, manual, or automated. The  right controls are ensured to be in place for the right risks, and this is done in a way to ensure the organization has the right level of risk exposure, while still staying agile and nimble. Having received this training, purchasing then does their own risk assessment and defines gaps between desired and existing controls, and then closes those gaps and makes this a part of their standard operating procedures. This document is then showed to internal audit for inputs. They like this. They like it because risk assessments are something they understand. Now you are talking their language. You are also saving them, because they don’t have any training in purchasing. They don’t like trying to discover findings in a business they don’t understand. Now every time they come knocking, internal audit will dust off the risk assessment document and audit purchasing to their own defined set of controls. No surprises for purchasing!

Proof Point/Use Case

Organizations implementing this model typically start experiencing 100% pass results in internal audits, starting with their first audit! Additionally, most report that their frequency of audits is at least reduced by 50% thereafter. Finally, the time allocation preparing for audits is reduced by close to 90% in most cases, because there are no loops to go and close when this model is followed right. The end result is a huge time savings for purchasing, and in addition, the risk of excursions is dramatically reduced – which is of great importance to the company’s senior management team.

Want to know more about CPO’s work around the globe, supply chain campaigns, and other efforts to improve supply chains around the world? Sign up for our email brief for hand-picked articles, news, and more copy this link: https://cpoinnovation.com/subscribe/