A Look at

A Look at "Tone at the Top" Supplier Management and GRC Standards

The unfortunate truth is that every day, well meaning companies make contracts with and pay invoices to fictitious suppliers. Governance, Risk and Compliance (GRC) are the controls that provide the right steps to prevent fraudulent supplier contracts from slipping past the nose of your controller.

“Tone at the Top” supplier management and GRC standards

Compliance to GRC standards should be engrained within your daily business practices and become corporate culture. These ethical standards and expectations are set in motion collaboratively by the top officers and executives of the company, hence the term the “Tone at the Top.”

What does Governance, Risk Management, and Compliance (GRC) mean to your organization?

Ethical best practices in the procure to pay process are governed by GRC principles. GRC is comprised of three central concepts: Governance, Enterprise Risk Management, and Corporate Compliance.


Governance is directed by the senior officials and board executives who oversee the controls of the entire organization. It’s a top-down way of guiding all activities to follow established protocols through decision making and informed management strategy. It’s making sure all activities within an organization follow the guiding principles set by management boards and government regulations.

Risk management

If governance is the “all-seeing eye” of GRC, then risk management is the telescope through which it views risk.

Through risk management channels, management identifies weaknesses or threats to overall business objectives. These threats look like technology vulnerabilities, data security, compliance violations, bad investments, or external legal issues.

Organizations should know what kinds of compliance issues present the biggest threat to the business and perform a risk assessment to identify those.

Part of the desired outcome is identifying the areas in dire need of compliance oversight—and prioritize those—specifically as it regards supplier management.


Compliance is ultimately conforming to a set of predefined rules. Governmental bodies, laws, regulations, and policies affecting your industry are all influencers on your business' compliance requirements.

Sometimes, there are costs of non-compliance that outweigh the benefits of adjusting to accommodate for specific regulations. However, failure to meet regulatory compliance should be weighed carefully, as a misstep could cause significant impact upon operating entities.

Applying GRC to the Supplier Management Process

Now we arrive at how the integration of governance, risk management, and compliance affects supplier management processes. Use the steps below to see how integrating GRC can tighten supply chain controls and enforce compliance within your organization.

  1. Supplier Qualification Process: Ensures that services provided by suppliers fit your company’s needs.
  2. Supplier Sourcing: Gather the appropriate documents necessary to understanding a supplier’s service. This includes request for proposals (RFP).
  3. Onboarding: This is the phase when applying GRC principles is the most crucial. During the early stages of reviewing a supplier’s contract, contractual compliance is of the utmost importance. Compliance screenings (OFAC, OIG, BS, PEP, AML) for accurate supplier information are helpful in this phase.
  4. Supplier Compliance Screenings and Managing Performance: Once the supplier is validated, performing ongoing compliance screenings can prevent a fictitious supplier from slipping through the cracks of your organization. Service Level Agreements (SLA) can also be examined at this step.
  5. Supplier Probation or Establishing an Exit Strategy: A prepared exit strategy that identifies a supplier’s non-compliance or contract breaches helps provide a smooth transition for the supplier and your organization.

An effective supplier management program as outlined will protect a company against the risk of non-compliance fines and internal controls issues. Ongoing internal auditing using these principles is key to maintaining secure relationships in procurement and beyond, ultimately avoiding any potential crisis stemming from fictitious suppliers.

  • Previous Article
    6 Technology Trends that Will Revolutionize Accounting
    6 Technology Trends that Will Revolutionize Accounting
  • Next Article
    Weekly Ledger 25: Top Stories in Accounting and Finance
    Weekly Ledger 25: Top Stories in Accounting and Finance

Most Recent Articles