It’s quite alarming how many large and even very large organisations that, despite performing adequate or even thorough risk assessments of their vendors at the outset of a contract, do not carry out on-going risk assessments of their supplier base. It is all too often seen as just another job that needs to be done that distracts from the day job and lip service only is paid to risk assessment in many cases.
But at a time when the economy is fragile this is a high risk approach. At a time when smaller suppliers are conducting risk assessments on their larger customers, it’s not a time to sit idly back and hope for the best. (To quote one supplier to a large bank in 2008: “We don’t worry too much about late payment – after all, they’re a bank. We know we’ll get paid eventually” – not a sentiment you’d hear expressed in 2010). In some industries like the banking industry – increased profile of corporate compliance is an increasingly important driver. The use of the old boy network to source big ticket professional services contracts is questionable to say the least and would be seen as totally unacceptable by some of the new government shareholders in the financial services industry. A highly visible approach to compliance is required – including to detailed risk assessments before and after contracts are signed.