The unfortunate truth is that every day, well meaning companies make contracts with and pay invoices to fictitious suppliers. Governance, Risk and Compliance (GRC) are the controls that provide the right steps to prevent fraudulent supplier contracts from slipping past the nose of your controller.
Compliance to GRC standards should be engrained within your daily business practices and become corporate culture. These ethical standards and expectations are set in motion collaboratively by the top officers and executives of the company, hence the term the “Tone at the Top.”
Ethical best practices in the procure to pay process are governed by GRC principles. GRC is comprised of three central concepts: Governance, Enterprise Risk Management, and Corporate Compliance.
Governance is directed by the senior officials and board executives who oversee the controls of the entire organization. It’s a top-down way of guiding all activities to follow established protocols through decision making and informed management strategy. It’s making sure all activities within an organization follow the guiding principles set by management boards and government regulations.
If governance is the “all-seeing eye” of GRC, then risk management is the telescope through which it views risk.
Through risk management channels, management identifies weaknesses or threats to overall business objectives. These threats look like technology vulnerabilities, data security, compliance violations, bad investments, or external legal issues.
Organizations should know what kinds of compliance issues present the biggest threat to the business and perform a risk assessment to identify those.
Part of the desired outcome is identifying the areas in dire need of compliance oversight—and prioritize those—specifically as it regards supplier management.
Compliance is ultimately conforming to a set of predefined rules. Governmental bodies, laws, regulations, and policies affecting your industry are all influencers on your business' compliance requirements.
Sometimes, there are costs of non-compliance that outweigh the benefits of adjusting to accommodate for specific regulations. However, failure to meet regulatory compliance should be weighed carefully, as a misstep could cause significant impact upon operating entities.
Now we arrive at how the integration of governance, risk management, and compliance affects supplier management processes. Use the steps below to see how integrating GRC can tighten supply chain controls and enforce compliance within your organization.
An effective supplier management program as outlined will protect a company against the risk of non-compliance fines and internal controls issues. Ongoing internal auditing using these principles is key to maintaining secure relationships in procurement and beyond, ultimately avoiding any potential crisis stemming from fictitious suppliers.