Supplier risk control management
New solution for Supplier risk managers to effectively manage their various risk domains
Context
SAP Ariba's application to manage supplier's risk in different risk domains is a very powerful tool that provides insights into the Regulatory and legal, Environmental and social, Operational, and Financial risks of suppliers. As a result of various customer research and discovery sessions, our product team identified an opportunity to address a need that could potentially help the product growth as it was addressing the core users of this application Risk managers.
Research and discovery
Being new to this area, I started out by interviewing the core users, Supplier Risk managers to understand how they are managing the risk. After 7 interviews and affinity mapping, I created a journey map that gave us a better understanding of their risk evaluation process.
A Risk Manager helps the business function team identify the potential risks of a supplier and create assessment plans to mitigate the risk.
1. Procurement team initiates the need for vetting potential suppliers and reaches out to the Risk assessment team to do further detailed evaluations. Risk managers vet their potential suppliers by comparing their risks and impacts before doing business with them
2. Risk managers are responsible for maintaining risk guidelines of the company (which are Risk controls) and raise red flags that may disrupt the business.
Key insights
Top 4 issues
1. Access issue
I am an Information security risk manager for my company and my job is to make sure our suppliers are adhering to the risk controls required for our business, but currently, the SAP risk application doesn't let me quickly identify which suppliers I need to review for the risk domains I am responsible for.
2. Not easy to review responses
The assessment responses that come back from the suppliers are on a different system, which made it cumbersome to go back and forth between 2 systems to review the responses.
3. Can't extend a review
Risk controls, which are driven by various organizational changes as well as regulatory changes. Users needed a way to extend the pre-set expiration on these controls to continue some of the reviews for a longer time.
4. No collaboration
I usually share my review work with my team and assign them the review tasks, there is no assignment ability in the current product, because of that, I have to share my account information with my team.
Emma
Supplier risk manager
Goals: The Risk manager helps the business function team identify the potential risks of a supplier and creates assessment plans to mitigate the risk.
Business impact
This was a topmost ask from all our SAP CEI workshops (Customer engagement initiatives workshops) with our power users from financial and health industries. By meeting the needs of the Risk managers, who are our core users for this product, we had a great opportunity to improve the product offerings and have a competitive advantage. We validated these problems with over 50% of customers who were really excited about this product direction.
Key expected outcomes
-
Reduced number of outstanding risk control reviews
-
Increase number of completed reviews of suppliers
Prioritization
We (PM, Lead developer, Designers) spent over ~ 3 days prioritizing some of the knowns issues, and we proceeded with ideating solutions for those.
Top ideas
1. Create quicker access for the Risk managers to get to a list of controls that shows more details about the controls that they can prioritize and review based on relevant factors (Number of suppliers, closing expiration, etc.)
2. Give users the ability to resend the assessment so that they can re-evaluate if needed.
3. Ability to edit expiration date.
4. Show the difference between the 2 recent responses to easily differentiate between them.
Ideating and Rapid prototyping
After brainstorming with the team to tackle these problems, we ideated and came up with solutions that we could build in the next 2 quarters. I did some RITE testing to iterate on some initial ideas that didn't go very well with the expectations of the users. Finally, the version that passed the user's expectations and was also agreed on within the team was them moved to the next phase of reviews and design iterations.
Old UI
New UI
.png)
Dashboard entry
Providing quick access from the dashboard to get to all the controls for their organization
List of controls
Redesigned the data table to clearly communicate the statuses of each control review for each supplier under their associated controls. Better readability by only and easier prioritization of their review tasks by expiration dates
Control review page
Control review page is now showing the status of the assessments which will help users navigate through this page focus on their main task which is to review the responses. It also has the ability to extend the expiration date and reopen the controls reviews from the action menu.
Supplier response
Cleaner UI for better readability that is more cohesive and consistent with the SAP design system UI patterns.
Issue page
Control reviewers can create issues to mitigate any potential risks that are unresolved or need closer investigation.
Re-assign and review task popups
Risk managers can re-assign the task to another member of their team. They provide a decision on the effectiveness of the control and mark it as complete.
Prototype
Increased adoption
After the release of this feature at the end of 2020, 25% of our large customer deals were renewed which helped tremendously in the growth of the product.
Next steps
-
Improve collaboration functionalities for the users
-
Enhance the experience further by adding better document management abilities