Driving additional value from your supplier relationships

Supplier Extended Enterprise Risk Management

Your spend with suppliers is a significant proportion of your cost base. Identifying just 1% of errors or over-payments could contribute significantly to your bottom line.

“Do you know for certain that you have not paid more for goods and services than you agreed to with your suppliers? Our experience is that the answer to this may be no, and this may present a significant opportunity for you to recover costs.”

Deloitte approach

Our experience is that despite traditional purchase to pay controls and invoice approval processes, errors in suppliers’ charges for services and goods are often undetected resulting in unnecessary and wasted expenditure.

This can occur through:

  • Application of rates outside of the contractual agreements.
  • Miscalculation or failure to apply discounts or volume rebates.
  • Duplication of charges or invoices.
  • Erroneous application of management fees or margins.
  • Inappropriate or overstated third party costs passed on.
  • Service credits not flown through to invoices.


Can you be sure that you are not overpaying for goods or services? Whilst most organisations have processes and controls governing the approval of payments, overpayments can and do frequently occur.

These overpayments typically arise due to factors such as:

  • Lack of visibility of transaction volumes and reliance on self reporting by the supplier.
  • Complex pricing models.
  • Large quantities of invoices.
  • Changes in contract management personnel.
  • Lack of capability or capacity to undertake detailed analyses.
  • Poor understanding or visibility of the contractual agreement.

Failure to identify these errors can result in significant unnecessary expenditure which could be identified and recovered through a supplier compliance programme. During a recent supplier compliance projects for a major financial services organisation, we helped the business identify a significant amount of overpayments resulting from misallocation of management fees, inappropriate charging of travel and expense costs and incorrect application of volume discounts.

The Deloitte approach to assessing supplier compliance has been proven to deliver cash to the bottom line, to improve processes for the long term and to protect relationships. We deliver projects that are efficient, data driven and focused on facts – all critical elements in the success of supplier compliance activities.

Supplier Extended Enterprise Risk Management

Bottom line

There is proven value in undertaking systematic reviews of key suppliers’ compliance with their contractual obligations to provide comfort over your cost base, identify direct cost recovery opportunities and drive future cost reduction by locating and quantifying errors

The extent of the value delivered from such a programme is, however, dependent on taking a robust, systematic and risk-driven approach. Failure to focus on the right areas, or to use appropriate techniques can lead to the value being eroded, investing time in the wrong areas or undertaking analyses in an inefficient or error-prone manner.

Identifying the opportunities

To help clients identify the most economic value as quickly as possible, we have developed an approach that is structured, efficient and draws on all the available information for a supplier relationship, contract or area of spend.

Our approach utilises our Contract Risk Assessment Methodology (CRAM) (see figure 1). Phases I and II look at past transactions, whilst Phase III looks to identify specific improvement opportunities going forward.

Phase I – Analysis

Identifying the major opportunities as quickly and efficiently as possible through a systematic analysis of your spend with suppliers. Different types of supply and billing arrangements give rise to different risks and therefore recovery opportunities.

Our analysis stage quickly highlights self-reporting, variable rates, rebates and discounts, dispersed services, and multiple billing points – all areas of increased compliance risk and recovery opportunity.

Phase II – Compliance

The output of Phase I provides a clear and consistent view of the population of supplier contracts and the risks and opportunities. Phase II delivers the compliance opportunities from the contracts that are selected for review.

Level 1 – Internal

This initial analysis is conducted internally and seeks to identify expenditure where invoices have not been in line with contractually agreed arrangements. Instances where any overcharging and duplicate payments have gone undetected through pre-existing invoice approval and vendor management processes are identified.

Level 2 – External

When proof of delivery is in doubt and there is insufficient information available, either internally or from suppliers to support invoices, external activities can often deliver greater results. This enables an additional level of comfort and facilitates the identification of errors in reported costs.

Phase III – Improvement opportunities

The data and insights gained during the prior phases can be used to try and prevent reoccurrence through:

  • Enhanced processes and controls: We will provide you with the detail you need to improve your processes and procedures. If required, we will work with you to implement change in the business. Our observations will enable you to update your contracting and vendor management processes. Valuable insights can be fed back to the business in relation to improving supplier take on, selection and validation.
  • Enhanced contracts: Compliance findings may result from ambiguous and operationally impractical contract terms and billing metrics. Where this is the case, we will work with contract writers and legal to inform them of the operational challenges at suppliers.

The results of supplier compliance activities can be used by the organisation in considering further opportunities to enhance the bottom line. These activities can include reviews of sourcing particular categories of spend or renegotiating contracts.

Extended Enterprise Risk Management

Our Extended Enterprise Risk Management (EERM) team works with many leading organisations to enhance the value from their third-party relationships. In undertaking third-party reviews, we have developed a three-stage approach which is data-driven, risk and cost-focused and has delivered significant returns for our clients.

Our EERM team can help drive the success of your supplier compliance programme through our experience and knowledge of where the key risks and typical issues arise. Many organisations seek, as part of such a programme, to develop their internal capability to perform such activities on an ongoing basis. As such, we frequently work with clients to not only deliver results, but also transfer knowledge and embed the skills and expertise necessary to achieve similar levels of success on a repeatable basis.

Extended Enterprise Risk Management

open in new window Learn more

The Deloitte approach to assessing supplier compliance has been proven to deliver cash to the bottom line, to improve processes for the long term and to protect relationships. We deliver projects that are efficient, data driven and focused on facts – all critical elements in the success of supplier compliance activities.

Get in Touch

Jan Corstens

Jan Corstens

Technology Sector Leader

Jan is a partner in the Deloitte North South Europe Risk Advisory practice. As Deloitte’s global Extended Enterprise Risk Management (EERM) leader, Jan has over 21 years of experience advising clients... More

Bart Van Oosterhout

Bart Van Oosterhout

Director, Risk Advisory

Bart is a director in the Deloitte North South Europe Risk Advisory department with over 15 years of experience in Extended Enterprise Risk Management services. As a Certified Third Party Risk Profess... More