The RFQ Exclusive: Risk mitigation with Greg Tennyson

May 26, 2020

Kelly McStay: Hi, I'm Kelly, I'm the Head of Product here at Fairmarkit and today I'm super excited to get to speak with one of our favorite people, Greg Tennyson of VSP Global for our RFQ Exclusive. Hi Greg.

Greg Tennyson: Hi Kelly. Good to talk again.

Kelly McStay: Definitely. So I have just a few questions, so hopefully this will be pretty casual. We're not going to talk about work from home strategies during this experience, but I'm sure it may come up. So first question for you, Greg, risk is a big part of your focus as a procurement leader. So curious if you could speak a little bit about one thing that you think every procurement professional can do to mitigate risk during specifically an M&A event at their company.

Greg Tennyson: Yeah, good question. Risk can be tricky by the very nature of it. So what type of risks are you trying to get in front of, quantify, identify? So is it financial liability, is it information security, is it reputational risk? Understanding the type of risks that you're trying to get in front of is most important. And then I would start with understanding your company's risk profile. So some companies are more risk-averse than others just based on the industry or based on their corporate culture. So really develop an understanding what type of risk, what are you looking to get in front of quantify, identify, vet that out. Understand your own company's risk profile and then that of the target. So when you're looking at an M&A opportunity, what is their risk profile? What industries are they operating within? And then develop gaps between their risk profile, your risk profile, really to suss out kind of what the opportunity is.

Greg Tennyson: I would also add chief information security officer, the CISO, really understand kind of their profile, what's their tolerance for risk at your company as well the target. Also understand the attestation process, so companies go through various security reviews. So are they SOX-2 qualified? There's levels of qualifications to understand that attestation process, what type of certifications they have and normally, when those reports are run, there's generally findings, remediation funds. Develop an appreciation for what their remediation plans, the findings were, and where they are at solving for them. And then specific to procurement. When you're looking at your third party contracts, your supplier contracts, what's the process to vet a contract? Are you partnering with legal from a legal terms perspective with your CISO around information security? What are the policies and standards of which your company, the target operate? What reviews, sign offs, approval process, how are the deviations handled, escalations, approvals are important. So really go deep and understand their operating model versus a guide of your company and develop a cap strategy and how to overcome it.

Kelly McStay: It all sounds great advice. Understanding kind of both sides and then having a plan for addressing each of those strengths and weaknesses. Those sound like great suggestions. Thinking a little bit more about risk and compliance, these are often sticking points between procurement teams and business stakeholders, so wondering if you have some techniques that you could suggest to folks for working with those stakeholders to help them understand the importance of risk mitigation for their business.

Greg Tennyson: It is interesting to really understand your operating model and the company's core values and when I say operating model, I've operated in a command and control environment. I've operated in a very entrepreneurial, agile environment, so kind of both ends of the spectrum and really understanding those operating models and expectations that come with it. Your company's core values, your vision, mission statement will help define, your risk profile, and how to engage your internal stakeholders. I would also suggest, and we've been very good about partnering with Gartner CEB and doing surveys and then not only surveying our stakeholders on what's important to them, how well we're doing, but also getting feedback on how well those results compared to industry, to other members. So doing surveys gives you a benchmark from which to compare yourself and develop an action plan. Also, I touched on that operating model, what's your company's policy around risk, compliance, that will help dictate kind of the position that you take.

Greg Tennyson: It's interesting, when I joined VSP Global, six years ago now, we had what is called purchasing methods. We describe to the business how they can buy things. We didn't have a policy per se, so we launched this initiative and improving our brand or value proposition back to the business and with that over time, revised the purchasing methods to become a policy and really didn't add accountabilities around the policy until much later. So I would suggest anyone that is entering a space, spinning up a new procurement organization really take a measured, balanced approach around policy. Don't lead with policy, don't lead with compliance. But again that's dictated by the company's operating model, its vision, its values in which you're expected to operate. But me personally, I wouldn't lead with that. I would be more focused on bringing value back to the business my internal business partner's stakeholder and through that conversation, delivery of bringing value over time.

Greg Tennyson: Also, there's this concept of a RACI, responsible, accountable, consulted, informed, roles, and responsibilities. I would encourage you to, and you don't have to announce it on day one, but I would start to formulate what your RACI is around roles, responsibilities. What's the procurement responsibility, what's the business responsibility, etcetera? And then at some point, do what we call roadshows. Where you get out in front of the business? And you're talking about your value proposition, you're talking about roles, responsibilities, you're eventually talking about policy. You're eventually talking about accountability and consequence. But don't lead with compliance, accountabilities, consequence because it'll become a disincentive for the business to partner with this. So just being mindful of what they need from procurement, what they value as important, and then assess, evaluate how well you're doing those activities today. So you can develop an action plan to then playback over time as you improve your skillset, your technology, your process, whatever it might be, you can playback to them and demonstrate out that baseline the improvements that you've made to the organization.

Greg Tennyson: So communicate, communicate, communicate expectations. I'm a big proponent of brand management. So also communicate your results. Get in front of issues. And concerns own them and have a plan to remediate. And again, make sure it aligns with your company's culture because again, tech culture will and the company's values will dictate how you proceed, how you progress.

Kelly McStay: Those are great suggestions and I think a lot of it speaks to having some self-awareness about how your company operates. I really like in both of those things that you mentioned, both questions really starting with understanding how your company operates and then using that to actually deliver and communicate value. So it makes a lot of sense. Those are great suggestions. Final question. So we're going to do today's climate question. So in today's environment we have a spotlight on procurement and supply chain professionals. So wondering if you could speak a little bit about how these departments should balance the really important needs to move quickly with some of those compliance and risk management practices.

Greg Tennyson: You know, it's interesting with COVID, the impacts that it's brought, not only on the economy, the uncertainty in the economy, and we're hearing about, furloughs, job layoffs and the disruption it's bringing. Those same impacts have had on companies, so it has required procurement to be more adaptable to its environment and quick to respond. I'm not saying we put compliance policy aside, but I am proposing, suggesting that we'd be very adaptable to that environment and we look at the needs of the organization and we adapt, we evolve to meet those needs.

Greg Tennyson: We've been chasing personal protective equipment, PPE shortage of staff for about five weeks. And through that activity, our brand at VSP, the procurement brand, could not be stronger. We've won a lot of kudos because what it comes down, we're saving lives by providing the PPE to the team, to doctors, opticians, to the associates, to the lab personnel and now even employees who are coming on campus. So really procurement, being able to adapt and not stuck in its ways and understanding what is needed for the organization, needed by the employees needed by suppliers themselves I think is the most important trait that we can focus on and deliver at this time. And then as an extension of that, it's the value proposition, it's brand management. It's understanding the needs of the organization, meeting those needs, and excelling and with that your brand will be approved.

Kelly McStay: That makes a lot of sense and I think again goes back to your points about understanding your organization, your structure, the kinds of things that your company values, and then how you can act on that to make sure that procurement is delivering that same value even in a really challenging time. And this is particularly challenging for procurement and supply chain, but I think a lot of the things that you've mentioned are exactly the types of things that you need to be able to do regardless of sort of the context of the challenge. Awesome. Greg, thank you. Thank you so much for taking the time. We really appreciate it and hope that you and the VSP team are staying safe and we'll talk to you soon.

Greg Tennyson: Thank you. You guys as well at Fairmarkit. Stay safe.

Kelly McStay: Thanks.

Expert procurement and supply-chain tips sent straight to your inbox.