Procurement 4.0: Delivering value for all our customers!

How many customers do you “look after” to “look after” your customer?

Chief Information Officers need to know the technical, business and operational aspects of their jobs but the pace to technical change is happening so fast they need to be fortune tellers, pilots, air traffic controllers and many other professions too. CIOs provide services to a wide range of internal and external customers with a Severity One failure leading disgruntled customers to share their outrage on social media which sometimes makes headline news. Behind every major outage a team of critical thinkers, communicators, trouble-shooters and highly capable individuals collaborate to fix the problem. Do we ever get to meet the crew who transform a “gremlin in the system” to a magical Disney Service Experience?

It is similar in Procurement where we have diverse group of stakeholders. We must have a deep understanding of the complex needs of multiple customers in order to “look after” and deliver a superior service experience to key stakeholders.

We have all probably watched migrating birds flying in a V-shape formation. Why do they do this? Because it serves too important purposes. First, it conserves energy with each bird flying slightly above the one in front, resulting in a reduction of wind resistance. The birds taking turns being in front, falling back when they get tired enabling the flock to fly a long time before they need to stop and rest. Second, it is easier to keep track of every bird, and flying in formation may assist with communication and coordination. Through understanding the specific and unique needs of one customer we collaborate to meets the needs of all our customers creating a Procurement V-Shape.

Who are some of the customers we deliver services to?

The Regulator

In Australia, banks and financial institutions are only able to accept deposits from the public if they are Authorised Deposit-taking Institutions (ADIs). ADI’s authority is granted by the Australian Prudential Regulatory Authority (APRA) under the Banking Act 1959 (Cth). Banks must comply with all APRA standards. These standards make perfect sense for example pursuant to CPS231 “all outsourcing arrangement involving material business activities… be subject to due diligence, approval and ongoing monitoring”. The Board or Head of group is responsible for overseeing and ensuring the APRA standards are met.  

My role in Procurement includes understanding the requirements of the standard, considering the risks and implications, and developing a sourcing strategy ensuring compliance with the standard. I will probably need to engage an internal government affairs team who work with the office of the regulator.

The Board

The Institute of Directors describes the Board’s key purpose “is to ensure the company’s prosperity by collectively directing the company’s affairs, while meeting the appropriate interests of its shareholders and relevant stakeholders”. Procurement teams help the Board meet the commercial needs of the organisation through streamlining processes, reducing costs and driving value in the supply chain.

I need to be sufficiently knowledgeable of the prudential obligations and responsibilities of the Board. I must be fully versed in the responsibilities set out in the Delegations of authority defined by the Board attesting that a contract is suitable for execution. I may need to work with an internal audit or assurance team to verify that suppliers are delivering services in accordance with the standards defined by a regulator.

Chief Risk Officer

In December 2017 investopia.com defined a Chief Risk Officer as “an executive responsible for identifying, analysing and mitigating internal and external events that could threaten a company. The CRO ensures companies are compliant with legislation such as Sarbanes-Oxley with the adoption of new technology and digitisation requiring the introduction of new Laws. The Privacy Amendment (Notifiable Data Breaches) Bill 2016, established a mandatory data breach notification scheme in Australia. The EU General Data Protection Regulations (GDPR) became enforceable in May 2018 and infringement can result in administrative fines of up to 4% of annual turnover.

Managing risk is a fundamental part of procurement, particularly for large scale or complex sourcing activities. I need to consider the major regulatory, legal and commercial risks and contribute to the risk assessment when sourcing technology. For example, what are the Anti Money Laundering and Counter Terrorism Financing risks for an e-commerce platform? Effective risk management is contemplated in all aspects of the Procurement lifecycle and to make a greater impact I must develop and cultivate a highly collaborative relationship with the CRO and risk team.

Chief Information Security Officer

Some of the greatest risks are managed and mitigated by the Chief Information Security Officer a role described by Technopedia as “controlling information security issues in an organisation and is responsible for securing anything related to digital information”. APRA recently released Prudential Standard CPS234 Information Security requiring ADIs to take “measures resilient against information security incidents”.

When I am sourcing technology, I work extensively with the Information Security Team mapping out the security risks, identifying security requirements when procuring products or outsourced services. I must ensure suppliers have a deep understanding of the cyber security obligations and are able to deliver services meeting ever increasing standards. For ADIs, Procurement teams must ensure suppliers delivering outsourced services comply with APRA Standards CPS231 and 234.

In my experience, when customers realise Procurement is committed to listening, embracing and delivering their precise requirements, the more they want us to be involved. By understanding the needs of one stakeholder I able to deliver strategic value and advice to multiple customers effortlessly finding a way achieve business outcomes. My customers are expecting this from me.