Digital Procurement for Supplier Compliance Risk Evaluation

Written by Desmond Goh Choong Leoong, ADPSM

Digital technologies for procurement are advancing by leaps and bounds in the age of digitalisation. Cognitive computing, Cyber tracking, Block chain, Sensors, Wearables, Augmented Reality (AR) and Virtual Reality (VR) to name a few, are no longer unfamiliar terminologies for those who are in the procurement field. As a result of globalisation, companies have a pool of suppliers that are present in different geographical areas across the world.

With limited or little knowledge of these suppliers and the different environments that they operate in, managing supplier risk and compliance is an uphill struggle for the procurement teams, and this has led to increased risks in global business or supply chains.  

Image taken from

The world’s largest trade pact, Regional Comprehensive Economic Partnership (RCEP), which covers almost one-third of the world’s population was signed on 15th Nov 2020. This represented a significant milestone and more work to bring about greater transparency among the member countries in terms of laws, rules and regulations and measures eg Standards of Intellectual Property (IP) protection and enforcement need to be done. With evolution of digital solutions in procurement, the data inputs such as contracts, specifications, movement of goods etc have offered better visibility or insights, which will navigate the procurement teams towards better decision making, greater efficiency and effectiveness. As a result, supplier compliance risks can be managed and mitigated accordingly.

Characteristics of Digital Procurement

Digital procurement enables businesses to buy smarter, with real time exchange of updates and documents, which will mitigate supply chain risks. There are three distinctive characteristics of digital procurement namely Sourcing to Contract(S2C) has become predictive, Procure to Pay(P2P) has become automated and Supplier Risk Management (SRM) has become proactive.

  • Predictive Source to Contract(S2C)

With high visibility of the supply bases, prices and costs, transparent agreements with best value suppliers can be achieved. Disruptive technologies eg cognitive computing can help to predict future demand, sources of supply and contracts renewals.

  • Automated Procure to Pay(P2P)

An automated, centralised database P2P will simplify both purchasing data management and streamline all procurement processes from sourcing to invoice processing and payment interface. Based on the Accenture research in 2018, Robotic Process Automation (RPA) can help to reduce invoice processing time by 72% and produce accurate three-way match (Purchase Order, Goods Received Note, and Invoice).

  • Proactive Supplier Relationship Management (SRM)

With the help of digital technologies, Supplier Risk Management is becoming more pre-emptive or proactive. For instance, procurement professionals can now conduct supplier site visits through the deployment of Augmented Reality (AR) and monitor supplier risks in real time via advanced visualisation of third-party data.

Banking Sector
Image taken from SIPMM:

Defining Supplier Compliance

Supplier compliance means adhering to a rule such as standards, laws, specifications, and policy. Many companies have expanded their supplier compliance coverage or requirements over the years, not only conforming to the relevant laws but also taking a more proactive approach to be perceived as socially responsible “Global Corporate Citizen”.Sustainability is one of the key measurements when it comes to supplier compliance in recent years. According to Shelton group’s report in 2016, “Sustainability” is receiving 49,500 searches per month on average in the United States. The top three key attributes of sustainability that have gained popularity amongst companies include Ethics and Business conduct, Health and Safety and Environment. Hence, both sustainability and supplier compliance are mutually inclusive, and this equates to ethical procurement practices.

Compliance Management in Practice
Image taken from

Importance of Supplier Compliance Programme

The supplier compliance considerations for procurement should take into account the other side of the equation which is “What happens if supplier compliance programme is not implemented, not just for the individuals, but for the whole company and country?” Petrobras suffered an estimated loss of USD 21 billion in 2015 due to a corruption scandal. The impact of this corruption scandal is still unfolding, and this has resulted in significant damage to Petrobras’s brand as well as Brazil’s image as a destination for investment.

Hierarchy of Suppliers Segmentation and its compliance focus

Supplier segmentation will help companies to better allocate their resources efficiently so that supplier compliance can be managed more effectively. Procurement teams can apply a customised strategic approach for each relationship based on its level of criticality to the business.

  • Transactional Suppliers

Refers to one-off or short-term business relationship and there could be thousands of them in the company’s list. Usually, they belong to “Non-Critical” to the business. The focus is only on the contract compliance and basically there is no risk scorecard at all.

  • Critical Suppliers

Refers to frequent dealings or short to midterm business relationship. This group of suppliers may have direct impact on time, quality, money, and reputation of the company. Hence, Risk Management must be conducted, and their performance will be measured based on risk scorecard. 

  • Strategic Suppliers

Belong to the highest rated category of suppliers which have close or long-term relationship with the company and there is some level of integration into each other’s commercial success or joint value. This group of suppliers are usually selected from the “Critical Suppliers” list after going through the rationalisation and alignment phases. There will be strategic Quarterly Business Reviews (QBRs) and joint approach to performance improvements.

Suppliers Compliance Risk Evaluation

Risk evaluation is crucial for “Critical Service” supplier onboarding decisions. Performing Risk Evaluation on “Critical Suppliers” helps contracting companies understand the potential impact of the services offered by this segment of suppliers.

Supply Chain Ads
  • Risk Assessment

It is a process of evaluating the risk(s) due to a hazard(s) or impact(s), considering the adequacy of any existing controls, and deciding whether or not the risk(s) is acceptable to the contracting company or business. Risk assessment requires an evaluation of two principal factors namely Likelihood (Frequency of using the service and previous use or performance) and Severity or Impact (The scale of the consequences of the occurrence eg potential risk to human health and safety, inability to fulfill contractual requirements including breach of regulatory or common laws, company reputation etc). Each component is given a score from 1 (lowest risk) to 5 (highest risk).

  • Risk Factor

Risk Factor is calculated by multiplying the Likelihood by the Severity rating. It represents the level of risk involved in working with the supplier, with minimum score of 1 and maximum score of 25(based on the 5 by 5 matrix). Assessing business risks is a proactive approach in minimising problems in the supply chain. Hence, it is important that the calculated risk factor is considered during the evaluation and onboarding process.For instance, if the Likelihood is “Seldom”, its rating will be 2, while Severity is “Major”, its rating will be 4. Hence the Risk Factor will be 2 multiply by 4, which equals to 8 and its risk level will be classified as “Moderate” as indicated in the chart below:

Risk Management Guidance
Image taken from GAC Group Risk Management Guidance
  • Determining the Needs for Controls

Having completed a Risk Assessment and after taking into account of the existing controls, the company should be able to determine whether the risk level posed by the supplier is acceptable and whether the existing controls within the company are adequate or need improving. The end in mind here is to bring the risk level to As Low As Reasonably Practicable (ALARP) especially for those critical suppliers which fall under the “Moderate” and “High” risk level. If risk reduction is not possible, the company should not work with the relevant suppliers, and alternatives should be sourced instead. 

  • Hierarchy of Risk controls

In the event that new or improved controls are required, the selection of risk controls should be determined by the principle of the hierarchy of controls e.g. the elimination of hazards where reasonable and practicable should be prioritised, followed by risk reduction (either by reducing the likelihood of occurrence or potential severity), with the adoption of Personal Protective Equipment (PPE) as a last resort.To address the risks more effectively, the company should also consider the need for a combination of risk controls from the hierarchy (e. g. engineering and administrative controls). 

  1. Elimination – Can the risks be removed completely? This is the most effective method e.g. Refrain from working with those suppliers which introduce high risks to the company. 
  2. Risk Reduction – Can the risk be reduced at source? Are there alternative sources of suppliers with the same capabilities? Example include choosing a supplier who shares similar values or meets the company requirements.  Companies should conduct ongoing monitoring to ensure the adequacy of controls is maintained.
Nioshs controls
Image taken from
  • Re-evaluation of the Risk and Ongoing Review

Once the improved or new controls have been identified, a re-evaluation of the risk is required, by taking into consideration the new or improved controls.Both hazard identification and risk assessment should be ongoing. This requires the companies to consider the timing and frequency of such reviews, which could be affected by issues such as emerging occupational health concerns, advances in control technologies, changes in legislation etc. Periodic reviews can also help where conditions have changed and/or better risk management technologies have become available. Improvements should be made, where necessary.


Supplier risk and compliance management is one of the critical segments when it comes to procurement as well as corporate branding, not only locally but also in a global setting. It’s about finding an acceptable balance between risks and benefits after conducting due diligence.  Compliance requirements have grown exponentially over the years and there is little sign of reversal, as public awareness and concern over environmental issues (human ecosystem) becomes more pronounced especially during and after the COVID 19 pandemic. With the support of digital technologies, supplier compliance and its associated risks can be effectively evaluated and addressed in a much more scalable, thorough, rapid, and sustainable manner.


Accenture. (2018). “Procurement’s next frontier: How intelligent automation dramatically reduces cost and transforms the growth agenda”. Retrieved from, accessed on 02/12/2020.

Bill McBeath, ChainLink Research (2012). “Supplier Risk and Compliance Management in Practice”. Retrieved from, accessed on 02/12/2020.

Constantin Draghici (2020). “GAC Group Risk Management Guidance Rev. 3”. Accessed on 02/12/2020. 

Deloitte. (2017). “Digital Procurement”. Retrieved from, accessed on 02/12/2020.

Eliza Huang, GDPM. (2019). “Digital Procurement for the Banking Sector”. Retrieved from SIPMM: , accessed on 02/12/2020.

Elsa Zhang Chunhao, DPSM. (2019). “Mitigating the Risks of Global Sourcing”. Retrieved from SIPMM:, accessed on 02/12/2020.

Institute for Supply Management (ISM) (2019). “A Supply Management View of Sustainability”. Retrieved from, accessed on 02/12/2020.

Miguel Cassio, Gartner (2018). “Optimize Resources and Achieve Better Results with an Effective Supplier Segmentation Strategy”. Retrieved from, accessed on 02/12/2020.

Shelton Group (2016). “Green buzzwords: the online search edition”. Retrieved from, accessed on 02/12/2020.

About the Author: Desmond Goh Choong Leoong has extensive experiences in multiple industries, assuming managerial roles in project management, strategic procurement, and QHSSE. He holds a degree from NHL Stenden University of Applied Sciences in The Netherlands, a Diploma in Marine Engineering from Singapore Polytechnic, as well as a Specialist Diploma in Workplace Safety and Health from Ngee Ann Polytechnic. He is a member of the Singapore Institute of Purchasing and Materials Management (SIPMM). Desmond completed the Advanced Diploma in Procurement and Supply Management (ADPSM) on January 2021 at SIPMM Institute.