Published

Building a Bridge Between Compliance and Supply Chain Management

Originally published in NAVEX Global's Top 10 Risk & Compliance Trends for 2021 eBook. You can download the full eBook here


One of the most critical takeaways from the events of 2020 was the fragility of the supply chain for many businesses as well as the national emergency response. Almost every industry and business struggled with at least one of the following scenarios:

  • The inability to obtain the raw materials needed to create products
  • The inability to purchase or import products needed to support an emergency response
  • A decrease in demand for products, which resulted in slow movement and capital being tied up in inventory

Whether it’s relying on suppliers in countries with political instability or sanctions; grappling with pandemic-disrupted logistics; ensuring that downstream suppliers are not creating environmental, social, and governance (ESG) risk to the organization; or addressing risk arising from new regulations impacting third-party data security, an organization’s supply chain is subject to, and creating risk – dare we say, now more than ever.

In 2021, compliance professionals have an unparalleled opportunity to contribute their expertise to the overarching supplier risk management strategy and build a bridge to the supply chain team.

Risk to and from supply chains is underestimated, and our approach to managing these risks has been siloed between Compliance and Supply Chain teams. Compliance teams have often primarily focused on the risk of bribery and corruption in the supply chain and less so on the stability of it or the damage that a supplier could do to the organization’s reputation. The events of 2020 demonstrated that these issues are interconnected and the risks need to be addressed holistically.

In 2021, compliance professionals have an unparalleled opportunity to contribute their expertise to the overarching supplier risk management strategy and build a bridge to the supply chain team. These four steps can help organizations proactively identify a potential supply chain interruption and enable proactive decision-making.

Steps Organizations Can Take

1. Build a Bridge Between Compliance and Supply Chain Management

  • Learn to speak the language of supply chain – logistics, redundancy, and business continuity.
  • Understanding supply chain management priorities.
  • Look for areas of overlap of third-party oversight responsibilities between functions.
  • Ensure that third-party risk-management technology can view and prioritize all risk areas, including compliance, ESG, geopolitical, and supply chain disruption risk.

2. Assess Opportunities for Disruption and Points of Failure

  • Segment and risk-rank your supplier base by considering key factors, including contributed revenue, country, and product line. Address compliance and reputational risks, including ESG risks in the segmentation and ranking.
  • Identify those suppliers that are affected by volume changes - both increases and decreases.
  • Develop risk mitigation plans and actions for working with high-risk suppliers.

3. Strategize Supply-Chain Options

  • Understand any potential impacts on high-risk products, including supplier overlaps, the supplier’s financial viability, and country or political risk.
  • Define key risk performance measures to monitor for suppliers that are high risk or critical.
  • Determine which key contract and service-level agreements might be affected by changes in volume and demand.
  • Identify necessary action items during a disruption, making sure to consider different types and categories of disruptions.
  • Understand if technology could support risk monitoring and what supplier data is needed to implement that technology.
  • Implement the right technology to support risk monitoring.

4. Execute and Manage Change

  • Encourage organizational support of plans and needed changes. Support from leadership, as well as each department, is necessary to execute across the organization.
  • Drive the “heavy lifting” while managing unintended impacts. Although challenges might surface along the way, make sure they don’t derail the overall goal.
  • Implement processes with metrics to sustain benefits. The more it can be proved that the processes are working, the better the chance that the organization will continue to implement changes.
  • Deploy proactive processes for resiliency and visibility. It’s not enough to react to events; organizations need to go on the offensive and make sure they are prepared for any future disruptions. Organizations must know their downstream supply chain and where they are vulnerable.

5. Optimize for Future Supply-Chain Disruption

  • Plan for future improvement, including identifying resources and developing strategies.
  • Monitor and develop change management activities and procedures – updating them regularly based on current circumstances and past outcomes.
  • Use supplier changes to develop or update a business continuity management plan.
  • Provide visibility to the plan and consider the impact throughout the organization’s global supply chain.

Most organizations never could have predicted the scope of disruptions and speed of impact experienced during 2020. These events highlighted the importance of cross-functional relationships to ensure that organizations are identifying and holistically mitigating the most critical risks. Compliance should feel empowered to build a bridge with the supply chain team to better serve our organizations and most effectively use our limited resources in managing and overseeing our critical third parties. 

Download the Top 10 Risk & Compliance Trends for 2021


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


Watch Out for Hoax Reports to Your Hotline
ESG Ownership: Compliance, Convergence and Opportunity

A Salute to Internal Auditors

May is Internal Audit Awareness Month - a time to acknowledge the benefit internal auditors have amid the dramatic rise in cyber risks, data breaches, and high-profile incidents of corporate wrongdoing. Here's to internal auditors, risk management's critical third line of defense.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

US Conflict Minerals Management: Is Your Supply Chain at Risk?

The May 31 deadline to submit Form-SD is quickly approaching. Here’s what you should know about current US conflict minerals initiatives and steps companies take to account for ESG-factor driven risks in their supply chains.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.