Challenging the Integrity of your Supply Chain: The Weak Links of Hidden Risks (Katzscan Profile)

Posted on September 3, 2008


“In the fall of 2004, the Committee of Sponsoring Organizations of the Treadway Commission, known as COSO, released their Enterprise Risk Management – Integrated Framework, which was authored by PricewaterhouseCoopers.  This principles-based framework provides direction and criteria for improving an organization’s ability to manage risk.  Moreover, the enterprise risk management framework is fully aligned with the PWC authored COSO Internal Control – Integrated Framework, which is now used by most organizations as the basis for their reporting under section 404 of Sarbanes Oxley.  This enables organizations to build on their investment in internal control as they make improvements in risk management.”

From “How does COSO’s new enterprise risk management framework relate to Sarbanes-Oxley reporting?” (Refer to Web Resources for URL Link)


I cannot of course speak for anyone else, but when I think of Sarbanes-Oxley invariably the name of Kenesaw Mountain Landis (or Judge Landis) comes to mind.

As baseball’s first commissioner, his appointment was predicated on the public’s belief that as a result of the 1919 Black Sox scandal (Eight Men Out is an excellent book . . . and movie), the game was fixed.  (Does anyone else note the irony of the “SOX” moniker for Sarbanes-Oxley?)

Reeling from the paying customer’s perception that the game was crooked, and wanting to avert the risk of the sport’s creditability being irreparably damaged, the baseball owners collectively approached the Federal Judge to become part of a “non-baseball” commission whose mandate was to both restore and protect the intergity of the game.

Landis however thew the owners his own version of a curveball, by insisting that he be appointed as the sole commissioner of baseball, with unlimited (and uncontested) authority.  He also insisted that the term of his appointment be for life, as he reasoned that anything less might influence a man’s decision based on the fear that an unpopular decision might result in his getting fired at the end of a defined term contract.

The similarity with Sarbanes-Oxley is that its introduction was predicated by a series of scandals in “the sport of business.”  Specifically the Enron, Tyco, MCI Worldcom and of course Conrad Black’s Hollinger International escapades.

Besides a general acknowledgement of SOX’s importance, why is this pertinent to the supply chain professional?  And more to the point, and in terms of this particular article, what does it have to do with Norman Katz’s Katzscan organization?

The Elements of Risk Management?

As defined by COSO, the Internal Control – Integrated Framework is much “broader than an internal control framework,” in that it focuses on three critical elements of risk identification and management.  Specifically, an organization’s level of risk relative to its strategy setting activities, the methodology of assessing its tolerance or appetite for risk, and finally the management of said risk through a non-siloed mechanism that takes a holistic view of the organization.

Within this framework, Katzscan’s Supply Chain Integrity service focuses on “closing the operational gaps via fraud reduction, business process changes, and the implementation of available technologies.”

No doubt you have been following my recent posts surrounding the effectiveness (and transparency) of the RFP or electronic tendering process.  “Using the COSO framework for Sarbanes-Oxley (SOX) compliance” as the foundation for evaluating the integrity of your organization’s current supply chain practice, Katzscan enables you to view these risks through an entirely different lens.  A lens I might add that may better align the purchasing department’s objectives with those of the finance department’s.  An important consideration given the results of a 2007 CFO survey which amongst other things, questioned the purchasing department’s contribution to the well being of the enterprise as a whole.

The elements of the supply chain that are included in this “veracity assessment” are detailed in the following outline from the Katzscan web site:

Supply Chain Fraud – Fraud can exist anywhere in the internal and external supply chain, and the ramifications can cause extensive financial losses.  Fraud is a risk that must be addressed by companies complying with Sarbanes-Oxley.  (Note: I recently read an interesting post on Michael Lamoureux’s Blog titled “Protecting Your Brand From Counterfeiting” – refer to the link in the Web Resources section at the conclusion of this post, or Michael’s Blog (Sourcing Innovation) in the Domestic and International Blogs section of the PI site.  What was particularly interesting was his reference to a recent article that indicated that “fraud in the supply chain has increased five-fold in the last six years.”  Without sounding as if I am promoting Katzscan, if this is in fact true, then the case for a detailed review would certainly seem justified.) 

Supply Chain Governance – Sarbanes-Oxley compliance is not just about the end result of timely and accurate financial statements; it’s also about how you get there.  The COSO SOX compliance framework can be extended beyond accounting and finance to general operations.  (Note: this represents yet again, another opportunity for supply chain professionals to bridge the chasm of misunderstanding with the finance department, and better position themselves as a key stakeholder and contributor in terms of developing the organization’s collective strategy.  Refer to the link to my August 2007 post titled “Procurement’s expanding role and the executive of the future” to gain further insight into the importance of looking beyond the traditional definition  of the purchasing profressional’s role in an organization.)

Vendor Compliance – The failure to comply with your customer mandates can greatly reduce or eliminate profits due to chargebacks, which can adversely affect financial statements and anticipated revenues, including the complete loss of a customer or product line to a customer.  How can seemingly different requirements all be handled efficiently?  How can a company enable their own supply chain successfully?  (Note: while there are so many points of context with which to demonstrate both the cause and resolution relating to vendor compliance, I will refer to Part 2 of the 7 Part Dangerous Supply Chain Myths Series as a good place to start.)    

Turnaround Help – Companies in crisis need quick control of chaos with high-ROI solutions and determine the root causes of operational and perceived software problems.  Lack of due dilligence in financial reports and data analysis can result in more trouble.  (Note: Refer to Part 4 of the Dangerous Supply Chain Myths Series, in which the absence of an effective collaboration mechanism involving both internal as well as external stakeholders was cited as one of the main reasons for the high rate of initiative failures – approximately 85% of all programs fail to achieve the expected results.)

Identifying and understanding these risks individually equips the supply chain professional with the ability to quantify their collective impact on the enterprise as a whole.

Unfortunately, this aspect of the business has been largely overlooked by the majority of associations and their corresponding accreditation programs.  In many instances this has resulted in the supply chain professional being viewed as a one dimensional player, and has undoubtedly contributed to senior executive belief that an organization’s purchasing department is best run by someone who does not have a purchasing background.

For this reason alone, and in an effort to reverse this misconception of limited capability, the engagement of the services offered by firms such as Katzscan would certainly make a great deal of sense. 

Why Katzscan?

Once again, and keeping in mind my ongoing commitment to objectivity, I will leave it in your more than capable hands to assess the viability of the Katzscan value proposition.  In this regard, I will direct you to the Links To Our Sponsors section of the PI Blog to learn more about their services.

However, and looking beyond the realm of personal as well as professional development, the value of examining your organization’s supply chain practice from the persepctive of COSO SOX compliance is sound on so many different levels.

And while some may have individual points of contention relative to the adherence requirements of the COSO and SOX standards, it is not a reach to believe that as the appointment of Judge Landis made baseball better, the corporate world, as well as society in general has similarly benefitted by the sharpening of governance standards and the introduction of better methods for assessing enterprise risk.


Web Resources:

How does COSO’s new enterprise risk management framework relate to Sarbanes-Oxley reporting?:  

Protecting Your Brand From Counterfeiting (Sourcing Innovation Blog):

Procurements expanding role and the executive of the future:

Dangerous Supply Chain Myths (Part 2) – Supplier Development and Management:

Dangerous Supply Chain Myths (Part 4) –  Internal and External Collaboration:


Use the following link to learn more about our Sponsorship Program;

The Procurement Insights Blog reaches 300,000 syndicated subscribers each month worldwide, and is currently available in English, Chinese, Portugues and Russian with new language versions being added in the near future.

Posted in: Sponsor Profile