Dean Alms: 0:03

When price was the only driver, that's when we saw, unethical practices seep in such as the use of human slavery. When, price was the only driver, that's when the environment suffered because people didn't pay attention to waste management, water management, forestry and things of that nature. But if the big buyers are making their decision on business practices as much as price, that will have an impactful change

Tom Raftery: 0:28

Good morning, good afternoon, or good evening, wherever you are in the world. This is the Digital Supply Chain podcast, the number one podcast focusing on the digitization of supply chain, and I'm your host, Tom Raftery. Hi everyone. Welcome to the Digital Supply Chain Podcast. My name is Tom Raftery, and with me on the show today I have my special guest, Dean. Dean, welcome to the podcast. Would you like to introduce yourself?

Dean Alms: 0:55

Yes, thanks Tom. It's great to be here. Dean Alms. I am Chief Product Officer for Aravo, and we are a third party, risk management company. I have been in enterprise software now for over 25 years. Uh, predominantly, uh, working with employee facing solutions and certainly, um, employee facing solutions that have had its fair share of risk. Now I've moved over to, Aravo where I'm really looking at risk from a supply chain perspective.

Tom Raftery: 1:23

Okay. And what kind of risk are we talking about Dean?

Dean Alms: 1:26

In the supply chain, we are talking about risk, everything from anti-bribery and corruption to InfoSec to, um, data privacy as well as a whole new, um, array of risk around ESG, environmental, social, and governance, which is the big topic of the day and, and many companies are worried about that.

Tom Raftery: 1:47

Okay. Before we get into that, tell me a little bit more about Aravo., how long has Aravo been around? Who are typical customers? That kind of thing. What kind of problems are you solving for them?

Dean Alms: 1:57

Sure. Aravo has been around for over 20 years actually. And when they first started out, um, it was a company focused on supplier information management. And so if you think about what CRM is to customers, that's what Aravo was to, to suppliers. And basically they were capturing information and helping companies understand who their supplier base was and what products and services they bought from them. That evolved in, you know, in the last 12 years or so into not only managing that information but managing the various risks that have, uh, that have surfaced and have become important for them to take care of. And so that's when we started moving into ABAC and InfoSec and things of that nature. So 20 year history and about a 12 year history of managing risk within the supply chain.

Tom Raftery: 2:48

Okay. And when you say you're managing risk, do you, you know, produce 300 page PDF documents and hand it off to them and go, that's all your risks there or how's it done?

Dean Alms: 2:59

Yeah, no, great question. So, um, you know, part of what we do is process automation. The companies that we work with today often have a thousand, 10,000, even a hundred thousand plus suppliers in their supply chain. And in order to process all of that to understand, where they fit in terms of a risk profile. We go out there and we survey those customers and capture data from them. We also integrate data from, risk intelligence providers like EcoVadis and like Black Kite and many others Dun And Bradstreet. All of those, uh, companies have information already on, on the supply chain. What we do is bring it in and make it relevant to the individual buyers, working with those suppliers out there today. So once we capture that information, um, we then have an algorithm where we score it and so we can score it on individual risks, so how are they doing on ABAC or anti-bribery corruption. And then we can look at each one of those risks, and then we can have a composite score as well. So we can see on a scale of one to 10, is this company an eight, meaning in a high risk zone, red zone, if you will, or is it at a level, you know, two or three, meaning we're in good shape. We've got the risk under control for them. Once we understand where they are, we then kick off a series of workflows that will help mitigate those risks. So if in the red zone, there may have to be some drastic actions taken to either suspend service with them. Or whatever the case may be, to get them, you know, out of the red zone, into yellow and eventually into green. So there's a lot of processes that get kicked off as a result of what we do. Many, many companies, uh, still manage this on spreadsheets and emails, and that's why they come to us and say, this is becoming overwhelming, especially with the number of risks that we have to manage now and, you know, the volume of suppliers that we're dealing with. So we are an automated, processing, uh, company to help manage all the risks that companies deal with.

Tom Raftery: 5:00

Nice. And who would be typical customers?

Dean Alms: 5:04

Most of our customers are actually in the, I'll say the Fortune 2000, so very large companies, um, that have very significant supply chains. We have, we have one of our customers that have over a million suppliers in their network. We have, uh, an an additional handful that have over 500,000 suppliers and then many others that have a hundred thousand. But we do go all the way down to 10,000, 1000 suppliers. So while we do have a, a significant percentage of, uh, fortune 2000 companies, we also have, a, a fair number of companies that have a thousand or 3000 or whatever the case may be. So it, it's really the combination of how many, um, suppliers you have, as well as how many risk are you, uh, attempting to manage with all of those suppliers.

Tom Raftery: 5:51

Okay. And who are you typically, typically dealing with this, is it the chief Supply chain officer, chief risk Officer? Chief Finance Officer, a combination?

Dean Alms: 6:02

Yeah. And, and that's one of the unique things about this space is there is no one buyer. Like if I was selling HR solutions, I know I'm gonna be talking to the VP of hr. If I'm selling finance, I'm gonna be selling to them. But, uh, with risk management, some companies, it's driven by the, Uh, the sustainability organization. And so they built a, an organization around sustainability, and that's usually a cross-functional type of play, but it is driven by sustainability. Others, especially in finance and pharmaceuticals, it's driven by a chief compliance officer. Why? Because the fines there are significanct, the regulations are s you know, intense. And so the compliance officer generally runs that. And then other organizations, it's procurement, uh, especially in high volume situations. What do they bring to bear? Their mindset is efficiency and dealing with the high volumes. And so one of the first things that we need to do when we engage with customers is understand which of the organizations is driving this cause, that will indicate to us what are the key levers that they're pulling for. Is it about building, uh, stronger brands because the sustainability organization really wants to build a brand that has a strong reputation for sustainability and ethical practices. Or is it compliance because they need to manage cost in a significant way, um, and manage compliance issues? Or is it a procurement because of the operational aspects of things? So it really varies based on the company we're talking to, the industry they're in, where the overall risk management resides.

Tom Raftery: 7:33

Okay. And I mean, you've mentioned sustainability a couple of times now. There's been a big uptick in interest in sustainability. I wanna think, how is that impacting you guys?

Dean Alms: 7:45

Yes, the um, I mean, , the, the various components of ESG, environmental, social, and governance have, have been in play for quite some times. You know, like I said, we've been managing risk for, uh, over a decade now. And certainly we have been managing, risk associated with human slavery, uh, around, uh, sustainable, uh, practices in the environment and things of that nature. ESG has brought that together and i t has created kind of momentum around these particular issues. Um, what's really happening now to give ESG teeth is you have, uh, laws coming out like the German Supply Chain Act, and there's others from various countries that are saying, if you're a company of 3000 employees or more, you have to step up to this. And if you don't, We can fine you up to 2% of your annual revenue and we will cut, uh, all government contracts from, from you for the next three years. So it's really getting teeth now and companies have to pay attention to it like never before. For us, that means we need to, you know, expand the portfolio of risks that we manage. So we've gone the ABACs and the InfoSec and the data privacy, and now we have an additional, uh, I believe 16 different risks that fall under the category of ESG.

Tom Raftery: 9:04

Wow. And how do you measure those?

Dean Alms: 9:06

In very similar way. We, we basically have a combination of internal data that we capture from enterprise systems as well as external surveys that we do with the, the suppliers themselves to capture information about what they're doing as it relates to the environmental issues or as it relates to, the social issues around human labor and health and safety and things of that nature. And then increasingly, We can rely on risk intelligence providers that capture that information automatically and we can feed all three of those sources of information and then once again, we score that risk. On a scale of one to 10, where does that company reside across these various risk domains?

Tom Raftery: 9:47

Okay. I gotta think particularly with the, the likes of ESG. The sands are shifting there bigtime, all the time. How do you keep up with that and how do your customers keep up with that?

Dean Alms: 10:04

Yeah, you, you hit on a great point there, which is, you know, the need to build a platform that can be agile and accommodate all of these laws that are coming into play. And, and that's, you know, one Aravo's strengths is that we do have a platform approach to this. And the way we think about it is, um, the best way to think about it is think big, start small and then expand quickly or grow quickly from there. And, and that's the way we talk to our customers about how best to think about this. Too many customers out of the gate think they have to implement, you know, a broad, base of, of risk domains where that can get them in trouble. It becomes too difficult to implement. So we say, start small. Know who your suppliers are and know what you know you're buying from them, and you know the categories that your, uh, uh, products and services that you're buying from them. Once you have that in place, start adding the most critical risks that are important to you. So for us, we see customers approaching this in many different ways. Some customers will start with InfoSec, especially in the financial services industry. Other companies will start with anti bribery and corruption. Other companies may start with some environmental or human, social type of issue. So everybody's path to getting to that destination of managing a comprehensive set of risk is very different. And so we say, think big, start small and grow fast and prioritize, you know, which risk domains that you want to take on. And we provide a platform to do that. So as you add risk, you continue to get more and more visibility across those. And as new laws come into play, you know you need to provide reporting and you need to quarterly reporting and things of that nature. So we feed those reporting systems so that your finance department can push that out just like they push out financial records on a quarterly basis. Increasingly, they're gonna have to push out this ESG type of information. That's what the German Supply Act, demands, which is basically I need on a quarterly basis to report on how I'm doing against all these various risks. And, what's really important is that you don't neglect because one company could be fine, because maybe there is a, uh, uh, one of their suppliers breaks down and, and doesn't, um, live up to environmental needs, whether it's water management or waste management or climate reporting, or whatever the case may be. And as long as they're doing due diligence and they're actively managing that, then they're gonna be fine at one level. If you totally ignore it, your fines can, you know, quadruple in, in numbers. So instead of paying a million dollars, you may end up paying five or $6 million. That's why it's so important to put these programs in place and demonstrate that you are actively, you know, managing your risk in the environment today.

Tom Raftery: 12:53

Okay. And when you say start small and work up from there, how do companies prioritize where to start? Because what if you start on an InfoSec program and suddenly you get caught by the, German Due Diligence Act because you've, you know, something in your supply chain, you weren't aware of.

Dean Alms: 13:12

Sure. Yeah. And, and, and that's why, you know, the priority piece is, is important and, and none of these, laws are, are, should be a surprise to companies if they're paying attention at all to their risk domain. They give them time to to, to accommodate it. So, For 2023, you have to have 3000 or more employees to be impacted by the laws and start reporting and managing that risk. If you have, um, over a thousand employees, that will kick in in 2024. So there is time, you know, granted to these, and as long as the government and the agencies see that you're taking proactive steps to manage this, this risk. They're gonna be understanding and, you know, this is a long-term play and, and companies need to move in this direction and, you know, and, and it's all for the, the right reasons, right? They're using the buying power of these large companies to impact how environmental and social issues are being, um, uh, addressed. And, and it'll have its impact. We're already seeing the impact.

Tom Raftery: 14:45

Okay. And you mentioned on the intro call a framework, that business leaders should follow to ensure their ESG journey is a, a success. Do you wanna talk a little bit about that framework?

Dean Alms: 14:56

Yeah, that'd be great. So what we've created is what we call the Strategic Alignment Framework. And the Strategic Alignment Framework is a document with six chapters that goes through, the steps companies need to think about as they build out their program, so they're ready to take on more and more risks and, and be able to, report to the various agencies on, on what they, what their risk program is addressing. And so the first chapter of that is around the scope and objectives and that scope and objectives should, you know, have that five year view, if you will. So, what are the suppliers that we need to address? The direct, the indirect suppliers, the IT vendors, the business services, all of these, uh, various supplier types are out there. And in some companies they come from multiple systems. So Coupa could be a source for some of them. And you know, SAP or Oracle B could be a source for others. So being able to identify where all of those suppliers are gonna come from and what they buy from you, that's a part of the scope and objectives. The objectives piece is really understanding. You know, what you're trying to get out of this overall program. Is it to reduce the amount of time that you need to bring on a new supplier and get 'em through these various, uh, risk assessments. Is it to lower the cost? Because today with spreadsheets and emails, it's taken you a lot of people in a lot of time and probably a lot of errors are being, uh, created through a very manually intensive process. So understanding all those objectives are important. So, you know, scope and objectives is chapter one. Chapter two is the org model. You and I already talked about this, which is where in the organization is this being driven from? Procurement, compliance, sustainability, who is on point to coordinate all of this? The third chapter is all about the roadmap. What do you wanna start with first? What do you wanna do second, third, and fourth and fifth, right on down the line until you achieve that overall vision. And then from there, After that we have blueprints that describe, okay, here's what this risk domain looks like. And oh, by the way, we are gonna pull in risk intelligence data from an EcoVadis, for example, if it's an ESG initiative or we're gonna pull in, you know, other data like black from BlackKite, if it's an InfoSec and there's many, many others. We have 30 connectors that we are have already pre-built out to make integration to these risk intelligence providers that much more, available and quick to implement. And then from the blueprint we go into, what we call the maturity model. Where are you on a maturity scale from one to five? And you know, it's goes from fragment, highly fragmented and not well defined. Probably very manually intensive, all the way up to extremely agile. So those five levels. We help companies not only with software, but migrate their maturity model through their maturity model as well. And then the last chapter is success factors. So in the beginning we talk about, so scope and objectives. We bookend it with, but talking about what are the key success metrics that will drive this. And we can help companies monitor that through our customer success program through quarterly business reviews of how this program is evolving. So, , that's our Strategic Alignment Framework. Once again, we take the time to kind of build that out for customers and help them basically migrate through, um, their maturity model and build out their program to meet the various risk domains that they're, being forced to address.

Tom Raftery: 18:19

And is there a version of that available online for people to take a look at?

Dean Alms: 18:24

Uh, there will be soon. This is, uh, a relatively new program. But yeah, if they, if they would like to, uh, find out more, certainly they can contact me at D elms at aravo.com. But, uh, yeah, we can provide access to that information in time. That, that'll probably roll out at the end of March, at the end of q1, um, for more visibility there. But this is a, an important program that many of our customers are excited to participate in.

Tom Raftery: 18:50

Okay, cool. Do you have any customer success stories you can talk to?

Dean Alms: 18:56

Customer success stories. I mean, a lot of companies don't like to bring up their name when it comes to managing risk, so I can talk about it anonymously. But yeah, we have, you know, uh, customers in the, you know, consumer product goods arena that, uh, really have focused on, uh, a sustainability approach to this. So working with farmers, working with their manufacturing to make sure that they're living up to all of the business practices associated with, you know, environmental sustainability, as well as on the social side, making sure that the human factors of, safety in the workplace, providing, the right level of, uh, Occupational health and safety, parameters, if you will, in, in addition to, uh, making sure there's no human slavery in involved in the supply chain. So the consumer packaged goods companies, I would say, are leading the charge on those types of deals and, and once again, we started small with them. We took on one of those issues even before ESG became a term, and then we started adding additional, uh, risk domains as, as they progressed. And now it's expanded for some companies to 5, 6, 10 different risk domains that we'll be be managing on their behalf. In the pharmaceutical space where we have, you know, well over a dozen companies that work with us in the pharmaceutical space, that once again is very compliance driven. And so you see a lot more with anti-bribery and corruption. You also see the InfoSec, you see the data privacy, all of those compliance issue, regulatory issues. We help them as well. We have both packaged applications, which companies can implement out of the box for a particular risk domain, and we have the ability, we provide an application framework for some industries where their regulations are very specific to them. They can take our framework and build out risk domains specifically for their needs as well. And the combination of 'em, we can give visibility whether or not they built them themselves or whether they deployed package solution, we can give them common visibility across the board.

Tom Raftery: 21:01

Okay. And where to next for Aravo? What's your plans for the next 5, 10, 50 years?

Dean Alms: 21:08

Well, if, the, uh, current, uh, winds are any indication, uh, the regulatory agencies are gonna keep us busy with more and more regulatory demands and things of that nature. I believe, uh, you know, we are at 1,250 and counting regulatory agencies that are producing various types of laws and, principles that companies need to live up to. And so staying on top of that and making sure companies, depending on where they operate in the world can comply with those laws are, are very important. But really, you know, part of Aravo's future is, is really just managing that extended enterprise. And it's not just risk, but it's performance. Are they living up to their contracts? Um, these various suppliers out there. And there's other extended enterprise, uh, issues such as contracts management, companies that, you know, you may buy multiple products from. So the complexity of managing an extended enterprise will continue to increase. So we will stay busy for a long time ourselves helping companies manage their extended enterprise with risk management being, you know, the primary drivers today.

Tom Raftery: 22:19

Cool. And, uh, we're coming, I guess now, Dean, towards the end of the podcast. Is there any question that I haven't asked that you wish I had or any aspect of this we haven't covered that you think it's important for people to be aware of?

Dean Alms: 22:33

Yeah. I think, you know, one of the things that, um, You know, we like to talk about is in this world where, for the longest time now when procurement operated, they looked at product meaning goods or services and price. And that's how they made a decision on what to buy. Now we are inserting the third P in the procurement equation, which is practices. And so before I can even look at price, I have to look at whether that product I'm buying is living up to sustainable and ethical business practices before I even entertain the price. And that is a, a monumental shift in the way we have to think about things. Some companies have already done that in the past just because that is what they wanted to do. That is becoming more mandatory to look at that less subjective and more mandatory that I look at the business practices of the people I buy from. And that is going to change in many ways, the way suppliers step up to, and deliver goods and services. When price was the only driver, that's when we saw, unethical practices seep in such as the use of human slavery. When, price was the only driver, that's when the environment suffered because people didn't pay attention to waste management, water management, forestry and things of that nature. But if the big buyers are making their decision on business practices as much as price, that will have an impactful change. And we're excited to be a part of that. Right. It's, you know, for us it's not only about managing risk, it is promoting integrity, promoting integrity throughout the supply chain. And that's only, that can only be good for all of.. Tom Raftery: Absolutely, absolutely. Dean, if people would like to know more about yourself or any of the things we discussed in the podcast today, where would you have me direct them? Sure. Um, aravo.com is where you can find more information about the company, Aravo. If you go out to LinkedIn, you can find me on LinkedIn if you want to, uh, engage with me and, and talk about some of these aspects that I've mentioned, whether it's the the whole idea around think big, start small and grow fast, and the Strategic Alignment Framework that supports that mentality um, certainly I'd be happy to entertain and engage in.

Tom Raftery: 24:49

Fantastic, great Dean, that's been really interesting. Thanks a million for coming on the podcast today.

Dean Alms: 24:54

Thank you. Okay, we've come to the end of the show. Thanks everyone for listening. If you'd like to know more about digital supply chains, simply drop me an email to TomRaftery@outlook.com If you like the show, please don't forget to click Follow on it in your podcast application of choice to be sure to get new episodes as soon as they're published Also, please don't forget to rate and review the podcast. It really does help new people to find a show. Thanks, catch you all next time.