Supply chain risks - brand damage & financial lossSep 23, 2019
This post originally detailed how contingent resourcing and SEO could damage brands.
It has since been expanded, with the update first, followed by the original post.
Update: 24 Sep 2019
If you are listed as a client on a supplier's website, does it create risk?
What about listing your suppliers on your website?
Let's consider this:
Fake invoices and changes to banking details
No, this is not a new topic, so it must be boring, huh?
You would think.
But there seems to be no end to others' attempts to be fraudulent; some thankfully foiled, others unfortunately successful.
Here are a few:
|1||Succeeded||reported June 2019||News Article outlining AUD60m.|
|2||Foiled||reported Mar 2018||Fraudsters targeted a Municipality / Council|
|3||Succeeded||reported May 2016||Fake CEO email scam €42m.|
What does this have to do with client/supplier visibility on public websites?
In many cases, the scammers found out about the relationship from published information.
To manage the risk, here are some guidelines:
- Start with understanding the controls already in place.
- for changes to banking details, the advice here: Scam Alert.
- for "fake CxO invoices", the advice here: Business email compromise.
- Where responsibility for detecting and preventing this risk lies.
- Internal Audit should not normally be responsible.
- If you are in Internal Audit, escalate issues when you find them.
- Or you could end up facing the axe, like what happened to this auditor in 2016.
- We won't comment on the appropriateness of that dismissal.
- Now ask:
- Are our controls strong enough?
- If not, should we limit visibility of our supplier relationships?
How do you manage the impact of supply chain risks?
Original: 27 Feb 2019
Supply chains have evolved over the past few years, and the evolution is set to continue.
Apart from traditional goods and services, your supply chain also includes newer services that didn't previously exist, and older services through newer channels or models.
Two of these have grown quickly and are now integral:
Contingent resourcing - independent consultants, freelancers and contractors.
Search engine optimisation (SEO) - advertisements.
They bring opportunities for better quality service, revenue growth and cost savings.
They also come loaded with risk.
You will have explored many of those risks, but are you managing the association risk, such as dodgy characters or inappropriate subject matter?
What are some of the brand association risks? And what do you need to do about them?
1. Contingent resourcing
The rise of "gig economy" portals means that you don't need to use traditional hiring or contracting sources as you can now find expertise via a range of platforms (e.g. Upwork, Freelancer.com, Catalant, Expert360).*
PROS - Easier to find quality contractors, at lower cost, with broader reach.
CON - Some don't conduct background checks (we've seen well-known organisations hiring consultants without knowledge of their criminal backgrounds).
Do you know who you are dealing with? What would your customer think if they found out that you were engaging dodgy characters to help provide services to them?
Conduct the background check. Avoid embarrassment. Protect your brand.
With customers looking for you online, SEO provides the nudge to help them find you.
PROS - Help customers find you, attract new customers and promote your brand.
CON - Can expose your brand to unwanted association (e.g., in Feb 2019, a news site published a disturbing account of how a well-known video site was potentially being used** to host child exploitation material. That video site was a search partner for a well-known provider of SEO services).
If your SEO strategy involves search expansion (e.g., using search partners or audience expansion), your business ads could feature next to undesirable content.
- What could this mean for you? Some prominent brands have already been affected.
- What would your customers think - consciously or subconsciously?
- This is not a trivial risk. You don't want to diminish your brand value.
Evaluate your ad placements. Protect the vulnerable. Protect your brand.
How do you manage the impact of emerging supply chain risks on your brand?
* We aren't suggesting that these platforms are risky; they are merely examples of platforms. They generally offer potential for value, but the risks need to be understood and managed.
** We haven't verified the facts in this story; this is merely an example of a risk that could materialise.