Webmail
Explore Rice

5/15/2007

Research@Rice

Current congressional debate on the Sarbanes-Oxley Act may change whether companies remain liable not only for keeping their own houses clean, but also for overseeing third-party suppliers such as accountants and ad agencies. Third-party risk tops the list of concerns for chief auditors still wondering how a company can really be responsible for risks that may be unknown and books it may not be able to access.

The debate is on in Congress and in boardrooms. Is Sarbanes-Oxley too great a burden on American business, with the cost of regulation too high and the liability too broad? Or is the new level of transparency good for capital markets, with investors feeling better informed about the potential risk and return on their investments? While the debate rages, chief auditors struggle with their primary concern -- how do you identify and mitigate risks stemming from your third-party suppliers? In recent research funded by a grant from the Institute of Internal Auditors, Shannon Anderson, an associate professor at Rice University’s Jesse H. Jones Graduate School of Management, and co-authors Karen Sedatole, an assistant professor at Michigan State University, and Margaret Christ, a doctoral student at the University of Texas, examined the challenges of being responsible for third-party risks. We spoke with Anderson about their research.
 
What surprised you the most?

That this is such fertile ground for development. Firms are still at the early stages of identifying the risks that their supply and vendor chains expose them to -- and once they identify those risks, they’re still struggling to identify and implement appropriate responses.
 
Why are companies having such a hard time?

You could sit all day spinning out possible risks, but which ones should you really invest the energy and money to devise plans around? Just consider how paralyzed you would be as an individual if someone said, "Think about every bad thing that can possibly happen to you and then prepare for it." You think about risks that are likely and costly enough to do something about. But there’s a whole host of risks that you never prepare for. So what are the right responses to the risks we don’t think about? Companies have to figure that out up and down their supply chains, and different kinds of strategic alliances expose them to different kinds of risks.
 
Such as?

Upstream alliances, where someone else supplies components that are embedded in your product, could pose risks like Firestone tires causing rollovers in Ford Explorers or exploding batteries causing laptops to catch on fire. Upstream concerns are also tied to production capacity. For instance, your supplier calls and says, "I know we were going to give you 3,000 of these, but our factory just shut down so we’re not going to be able to give you your product." In each case, you get a domino effect on your quality, delivery, revenue stream and reputation.

In downstream alliances, your partner stands between you and your customers.

If you produce consumer goods and UPS or FedEx could not deliver your product on time right before the Christmas rush, your company might suffer a major decline in revenue as well as loss of market share that might be difficult to recover if sales go to competitors instead.

With marketing alliances, including co-branding, there are inherent risks when you need each other to move the product along -- what if your partner drops the ball? You can also experience unexpected risks when you link your company to a celebrity spokesperson. Think Martha Stewart and K-Mart, and Britney Spears and Elizabeth Arden perfume. Their damaged reputations can definitely affect both your costs and revenues.

Finally, in R&D alliances, you have partners who do research to co-develop and then sell under a common brand name. Neither partner has all the intellectual capital to do the job, so they really need each other. The major risk is coordination -- who owns specific assets, the timing of each party’s contributions and the determination of how to divide returns, including positive and negative surprises.
 
What do you see ahead?

Although contracting and risk assessment continue to be major areas for development, an aspect of alliance management that is getting equal attention is trust and mechanisms that promote trust. Trust mechanisms can provide a lower-cost alternative or a complement to contracts. Moreover, trusting, long-lived relationships can be a great platform for discovering new products that may not even have been envisioned in the original plans for the strategic alliance.

In short, even if the scope of Sarbanes-Oxley is scaled back dramatically, I don’t think we’ll turn back the hands of time. Auditors may have a diminished role in attesting to the management controls of their suppliers, but we’re far enough down the path now that I don’t think too many companies will just stick their head in the sand and pretend the risks aren’t there or will never happen.  

For more information, contact Shannon Anderson  or Laura Hubbard of the Jesse H. Jones Graduate School of Management.
 
Community Faculty/Researchers Undergraduates Grad Students Staff Alumni News & Media
6100 Main, Houston, Texas 77005
Mailing Address: P.O. Box 1892, Houston, Texas 77251-1892		 © Copyright 2006 Rice University
Maintained by: Public Affairs - About this site