In the Economist Impact report, titled “” and sponsored by 麻豆原创, surveyed executives share increased confidence in procurement to deliver against risk-mitigation objectives. Particularly when it comes to internal risk, which involves stakeholder management and strategic alignment, confidence levels rose to 83% this year, from 64% last year. This illustrates that procurement is becoming more aligned with key stakeholders across the organization.

However, a “state of permanent crisis” has shaken executives鈥� confidence in procurement鈥檚 ability to manage external risks such as geopolitical shifts, supplier threats, and liquidity risks.

Procurement鈥檚 role in business strategies is ever-growing, but it is imperative to maintain agility.

Heightened Attention to Risk Management

Ongoing inflation, global conflicts, and fluctuating commodity prices have placed risk management at the center of business strategies. Procurement plays a pivotal role in this effort by identifying high-quality alternative products and services while limiting costs.

Yet, respondents noted concerns over procurement鈥檚 ability to manage external risk factors, as only 41% of respondents said they are highly confident in its ability to control vulnerabilities. Comparatively, in 2023, 62% of business leaders expressed assurance in procurement鈥檚 handling of these factors, like supplier shortages, market fluctuations, and supply chain disruptions. Several drivers are pushing this trend, as the report notes that organizations experience four supply chain disruptions every day. Also, inflation continues to influence organizational decision-making, as monetary uncertainty was listed as the top organizational risk priority for procurement. Additional key external factors impacting organizational strategy over the next 12 to 18 months are macroeconomic (71%) and legal and regulatory risks (70%).

Diversifying Supplier Relationships

Businesses have looked to ease fears of shortages by moving away from sole sourcing suppliers. According to the survey, 40% of executives aim to prioritize supply chain diversification to build trusted and long-lasting relationships. In fact, three of the top five strategies listed in the survey are focused on mitigating risk, including reshoring/nearshoring and multi-sourcing.

Visibility has also been listed as one of the highest two priorities for a second consecutive year, proof that it is an urgent need for organizations to invest in technology that increases access to supply chain metrics, develops connections with suppliers, and identifies alternative sellers. Platforms that utilize automation, AI, and advanced analytics are another way to enable procurement teams to make data-driven decisions that improve efficiency and reduce risk.

Sustainability: Procurement鈥檚 Green Thumb

ESG ranked second on the list of priorities for the next 12 to 18 months, an increase from fifth in 2023.

鈥淧rocurement鈥檚 work at the convergence between the business and wider supply-chain ecosystem thus offers it a unique strategic opportunity to lead the sustainability agenda,鈥� the report states. By engaging with sourcing and suppliers, two critical stakeholders in achieving sustainability KPIs, procurement can use its role to translate companies鈥� green ambitions into tangible results.

New regulations such as the (ESRS) and (CSRD) have driven companies to enhance their sustainability practices. 听According to the Economist Impact report, procurement has capitalized on this opportunity to gain the confidence of executives across the C-suite, with 68% of business leaders expressing belief in procurement鈥檚 abilities to deliver against ESG objectives. This is an increase from 49% in 2023, signaling that procurement鈥檚 remit has expanded beyond cost management.

Sustainability has also become a critical risk category, as 39% of respondents listed compliance as a driver to becoming greener. A failure to conform to governmental policy can lead to penalties and fines that limit growth.

to discuss strategies that leading companies are using to develop sustainable supply. The discussion also includes insights into how procurement can add value to ESG initiatives beyond compliance and reporting.

Leveraging Technology for Sustainable Sourcing

Procurement鈥檚 role in engaging buyers and suppliers to drive sustainability is pivotal. CPOs can set standards for sustainable sourcing and supplier practices, reducing carbon footprints and helping reach ESG benchmarks.

The increasing alignment of procurement with C-suite priorities is seen through the increased focus on sustainability and risk management. The shift in reporting lines toward COOs and the greater involvement in strategic discussions highlight the growing influence of procurement in organizational decision-making.

The expanded role of procurement has placed it at an inflection point, with heightened expectations to deliver results beyond cost mitigation. How will procurement leaders meet these new demands? Investing in technology offers a solution for uncovering valuable insights that to demonstrate procurement鈥檚 value. Coupled with developing people and processes, this approach allows procurement leaders to successfully fulfill their increasing remit.

Utilizing 麻豆原创 Business Network for Strategic Priorities

Business leaders should look for a platform to bridge the gap between companies and buyers and suppliers, enhancing visibility, collaboration, efficiency, and compliance. By leveraging such a comprehensive solution, companies can streamline their procurement processes, reduce silos, mitigate risk, and achieve substantial time and cost savings.

can align these benefits with the strategic priorities of risk management and sustainability. The technology has facilitated 780 million B2B transactions and $5.8 trillion in annual commerce, highlighting its vast influence across 190 countries. There has also been a 13% growth in transacting relationships and a 7.3% increase in B2B transactions over the past 12 months, a testament to our growing global community.

Embracing the Future of Procurement

With growing confidence from executives and risk-focused strategies, procurement is well-positioned to lead organizations through today鈥檚 complex business environment. The Economist Impact report underscores this belief, but procurement teams must aim to ensure long-term success by leveraging digital transformation.

Through in-depth interviews and targeted research, the Economist Impact report provides a broad analysis of the state of procurement.

View the and download the .

Gordon Donovan is global vice president of Research, Procurement & External Workforce at 麻豆原创.

The strategic alliance between Datricks and 麻豆原创 Signavio leverages the strengths of both to deliver unparalleled value to customers, revolutionizing proactive risk management to help accelerate business process transformation. Together, Datricks and 麻豆原创 Signavio aim to provide a seamless and integrated solution for financial business risk mining and process management that supports both internal controls and business transformation. This collaboration underscores a shared commitment to innovation and excellence, driving forward the capabilities of risk management in the financial sector.

Datricks鈥� cutting-edge, AI-driven technology, combined with 麻豆原创 Signavio鈥檚 leading expertise in business process transformation, helps deliver a comprehensive solution that can streamline operations and empower organizations to proactively identify and mitigate risks before they escalate into major disruptions. The solution can tackle the gap between business processes and compliance and can reduce long and expensive auditing cycles, allowing our customers to maximize efficiency and reduce costs. Risks and controls are identified by Datricks and then integrated into 麻豆原创 Signavio solutions to access control and process effectiveness, fostering proactive risk management.

Our end-to-end solution enables customers to:

• Uncover hidden risks: Datricks’ AI-powered risk mining solution continuously analyzes 100% of customers’ financial data, exposing unseen anomalies and potential threats to financial integrity.
• Prevent financial and reputational damage: Mitigate risks proactively before they escalate, safeguarding your company’s financial health and reputation.
• Streamline audits and controls: Eliminate error-prone manual work and enhance existing controls with automated and reliable processes.
• Gain real-time insights: Receive immediate answers to audit-related questions, identify the root cause of risks, and make informed decisions with confidence.

Datricks for Risk Mining helps automate risk detection and mitigation, ushering in the era of autonomous finance. It seamlessly integrates with 麻豆原创 Signavio solutions, offering a holistic view of risk and process management. Together, we provide an end-to-end solution for financial business risk mining and process management, supporting both internal controls and process transformations.

Mani Pirouz is chief business officer for 麻豆原创 Business Transformation Management.

“麻豆原创鈥檚 category-leading position in our iGRC quadrants reflects its strong set of solutions across most of the major GRC categories,” said Sid Dash, chief research at Chartis. “Moreover, it combines these with a strong element of integration, as well as links with corporate operations and infrastructure management.”

Governance, risk, and compliance (GRC) has evolved from its historical roots in the scope of audit and organizational control, progressing to incorporate a broader set of concepts and procedures.

In the latest release, 麻豆原创 is featured in six categories: GRC analytics, internal audit, third-party risk, conduct risk and control, EGRC, and operational risks. These categories are evaluated based on two key offering dimensions: offering completeness and market potential.

GRC Analytics

GRC analytics involves not only the overarching qualification of risk, but also the specific methods, models, and techniques than can be used to analyze risk, including dynamic and ad hoc visualization and statistical methods. In this category, 麻豆原创 is recognized for its industry-leading capabilities in the tool鈥檚 offering completeness, as well as advanced features in coverage, mapping and transformation, data management, and visualization.

Internal Audit

When discussing audit management, automation and data-driven activity come into play. As various tools that enable the industrialization of internal audit become more accessible, 麻豆原创 possesses industry-leading capabilities, specifically in audit content and workflow automation. In addition, capabilities in data management, case management support, and dashboard and control are rated as advanced.

Third-Party Risk

Following several years of disruptions in the supply chain, third-party risk is now being scrutinized more closely from a regulatory perspective. Value chains and third parties are growing more complex and harder to analyze, so a constant IT and cyber risk monitoring process with multiple profiles is becoming an increasingly crucial element of any system. 麻豆原创 provides industry-leading capabilities in coverage, risk analytics, and process management in this category.

Conduct Risk and Control

The vendor community providing conduct and controls is highly diverse. Many leading consulting companies have extensive content control libraries and have established large sets of control tools that integrate with their core platforms. In this assessment, 麻豆原创 has achieved the best-in-class capability in control library coverage.

Enterprise GRC

Enterprise GRC (EGRC) amalgamates elements of workflow management, case management, and intelligent automation. The technology available to address EGRC have experienced significant advancements 鈥� a revolution 鈥� that improve how these processes are managed and automated. 麻豆原创 leads in prepackaged content, followed by advanced workflow and automation, data management, and content management.

Operational Risk

As a subset of GRC analytics field, operational risk focuses on regulatory support and dynamics. It also emphasizes purer operational risk, which makes a broader collection of operational analytics increasingly relevant. In this case, 麻豆原创 advances in data management, tools, and visualization.

Vishal Verma is global vice president and head of GRC Product Marketing at 麻豆原创.

Data privacy, risk management, and cybersecurity remain key priorities for businesses in 2023 to ensure continuous high performance and to catapult to new heights. In a recent , 43% of survey respondents said that they plan to upgrade IT and data security to reduce corporate risks. That includes security and data protection measures to keep their data safe. This becomes even more important when moving to and operating in a cloud enterprise resource planning (ERP) environment to drive continuous innovation. In the same CIO survey, 12% of the respondents said that they are planning to accelerate the move to the cloud as a service.

Adopt a Zero Trust Security Approach for the Cloud

To secure data and operations in a hybrid work environment, companies have been adopting a zero trust approach. defines zero trust as an 鈥渋nformation security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy, informed by continuous, contextual, risk-based verification across users and their associated devices.鈥�

According to 2022 global survey data published by , 39% of companies have already begun to roll out a zero trust solution and 41% of companies have plans to adopt a zero trust strategy and are in the early phases of doing so.

My principle in life is to trust people and systems until I am provided a reason not to. The zero trust principle is the exact opposite of this.

The zero trust approach has three key principles: all entities and users are untrusted by default until authorized, the least privilege access is enforced, and extensive security monitoring is in place. In short, no connections to corporate networks and systems should be trusted at sight. All users, devices, and systems need to be authenticated, reverified, and continuously monitored when accessing networks, systems, and data.

Adopting this approach to cloud transformation has become the leading industry standard to keep operations and data safe across the entire virtual and physical network infrastructure.

Here are some best practices for putting an enterprise security plan in place that utilizes zero trust concepts to run operations safely and securely in the cloud.

Define Clear Security Roles and Responsibilities

First and foremost, ensuring security is always a shared responsibility between companies and their cloud transformation partners. It is a common goal and commitment that is independent of the type of cloud path companies take.

Like with any shared responsibility, the best way to approach it is by defining the roles and responsibilities up front. This process starts by asking these key questions: who is managing the cloud, how will everyone work together to secure the cloud, who is responsible for which part, and where are dependencies?

This will ensure that there is a clear strategy and plan to monitor and implement security policies and measures.

Keep an Eye on Users, Devices, Network, Applications, and Monitoring

Based on our experience at 麻豆原创 Enterprise Cloud Services, another best practice is to focus the zero trust security approach on five pillars: users, devices, networks, applications, and monitoring.

Eighty-seven percent of organizations consider the application layer as being the front door for data breaches. Most data breaches through cyberattacks happen because users fail to keep their credentials safe or fall prey to false identities. In addition, the number of remote users with their own devices has significantly increased in enterprise networks as well as the number of cloud-based assets that are not located within an enterprise-owned network boundary.

By regulating and monitoring user access to devices, networks, and applications, companies can protect all their resources, including assets, services, workflows, and network accounts. For example, identity management systems can manage privileged user authentication and access at a very granular level. This includes keeping administrative accounts separate from corporate accounts and applying encryption to several layers in the IT environment. Data classification makes it possible to associate the security levels with specific types of data, regardless of where that data resides 鈥� in the cloud, at endpoints, or in owned data centers.

Scaling Security Needs Faster with the Cloud

While managing the complexity of security needs for cloud transformations can be daunting, here is an added merit: companies can scale their security needs much faster in the cloud, according to research. Benefits include better automation capabilities as well as higher storage and data capacity in the cloud. Companies can push infrastructure as code and fix a security problem in real time when operating in the cloud. Automation also helps in increasing the maturity of identity management and security management systems. recommends embracing cybersecurity as a differentiator to promote greater stakeholder trust and better use of cloud-native solutions that take advantage of the cloud鈥檚 full potential.

In other words, you can shine like a diamond on your cloud platform of choice with a zero trust security approach for the cloud.

For more information, visit the site and read this chief security officer for 麻豆原创 Enterprise Cloud Services.

Peter Pluim is president of 麻豆原创 Enterprise Cloud Services and 麻豆原创 Sovereign Cloud Services.

This is why 麻豆原创 is releasing 麻豆原创 Enterprise Threat Detection, a real-time cloud-based tailored for 麻豆原创 applications and delivered as a 100% managed service by 麻豆原创 on 麻豆原创 Business Technology Platform. This cloud offering uniquely combines leading software with 24/7 麻豆原创 managed security services by 麻豆原创 experts.

The solution and service aim to support companies in detecting cyber-attacks in real time by continuously collecting, correlating, and analyzing anomalous and suspicious events across the 麻豆原创 system landscape before serious damage occurs.听

Why Is 麻豆原创 Releasing This Service for Customers Now?

Many companies are currently switching to the cloud or to 麻豆原创 S/4HANA. This transformation is an opportunity to enhance companies鈥� security measures and to protect such investments. Security is no longer a trivial subject and therefore cannot be neglected. Failing to make it a top priority means taking high risks and possibly facing hefty consequences when audited.

Cyber-attacks against businesses are in the news weekly. However, little technical detail is shared about the layers of the IT landscape being attacked. Since 麻豆原创 applications often contain the most valuable data and run the most critical business processes across the enterprise, they are increasingly becoming a target for external and internal fraudsters.

Attacks can have serious consequences, such as loss of trust and intellectual property, huge fines, business interruption, revenue leakage, misstatement of financial records, among many other damages.

While general security teams guard the walls, perpetrators 鈥� internals or externals 鈥� are making their way to the companies鈥� crown jewels through the application layer鈥檚 backdoors.

What Is the Objective of the Cloud Edition of 麻豆原创 Enterprise Threat Detection?

The logic and the structure of enterprise resource planning (ERP) systems are very different from the ones on the network or operating system layer. 麻豆原创 applications have been developed to support end-to-end processes, so there is a huge amount of controls that must be managed and monitored.

Imagine the ERP system as an office building in a city (the internet) with thousands of criminals. All windows and doors are locked and bolted. Are we 100% sure that we are safe? Unfortunately not, because:

• Thieves and perpetrators always find new ways to break in and this is not going to stop. It is a continuous act of offense and defense from the attacker and the defender improving their methods and strategies to succeed.
• The best lock is futile if (internal) attackers are already in the house. More so, an alarm system will not necessarily protect your home if it fails to activate. Hence, there is a high exposure to risk.

In both scenarios, the objective is to detect such cases in real time to raise alerts faster with 麻豆原创 customers, leveraging the managed service of 麻豆原创 Enterprise Threat Detection, cloud edition.

24/7 Monitoring as a Managed Service

The managed service for 麻豆原创 Enterprise Threat Detection includes monitoring of customers鈥� entire ERP landscape 24/7 by 麻豆原创 experts, and risk-based, prioritized alerting. In addition, a monthly report is issued summarizing all suspicious activities detected as well as the details of how they were carried out.

While this offers effective protection that covers most auditors’ requirements, some companies may want additional support and flexibility. The extended version provides companies the option for extended services and enhanced service level agreements, such as prompt reaction to abnormalities and/or forensic analysis over a specified number of months, and more flexibility in creating and updating detection rules.

鈥淪ecurity is a top priority for 麻豆原创. We know some of our customers don鈥檛 have in-house security operations centers to monitor and protect their mission-critical applications from ever-growing cybersecurity threats鈥�, said Thomas Ruhl, head of Product Management for Customer Innovation and Maintenance at 麻豆原创. 鈥淭hat鈥檚 why we released 麻豆原创 Enterprise Threat Detection, cloud edition: a solution that bundles powerful software and a managed service by 麻豆原创 security experts to defend against cyber-attacks and safeguard their business.鈥�

Customers interested in learning more can contact their 麻豆原创 Account Executive to organize a session to better understand the complete offering or email CIM_Communications@sap.com.