When Governance Breaks Before the Platform Goes Live
On our third appearance on the Road to the ProcureTech Cup, Joël Collin-Demers of Pure Procurement sat down with Gary Storr, Chief Sales and Marketing Officer at Trust Your Supplier, to tackle one of the most overlooked challenges in procurement technology: governance.
Not the technology. Not the features. The organizational decisions that determine whether an SRM implementation succeeds or quietly fails six months after go-live.
Here's what the conversation covered.
Governance Isn't a Technology Problem
Gary opened with a framing that set the tone for the whole conversation. Governance challenges in supplier management predate technology by centuries. He pointed to the East India Company, one of the most powerful organizations in history, as an example of what tight governance makes possible, long before software existed.
The point: technology doesn't create governance. It reveals whether you had it.
Most organizations arrive at an SRM implementation in one of two states. Either everyone wants to own the supplier relationship because it carries visibility and influence, so no one actually does. Or no one wants to own it because it's difficult and politically fraught, so again, no one does. Either way, the result is what Gary called accidental governance, people creating their own processes in the gaps, spreadsheets appearing where standards should be, workarounds that serve one team but break the whole.
Then a platform arrives. And as Joël put it, it doesn't fix that. It magnifies it.
"If you're doing something wrong and you automate it, you're going to take that problem and expand it by an order of magnitude." — Gary Storr, CSMO, Trust Your Supplier
The Stakeholders You Can't Afford to Skip
Gary walked through the stakeholders who need to be at the table before any SRM implementation begins.
Compliance carries a hammer. If they're not involved in shaping the governance model, they will show up later with an auditor and ask you to redo what you've already done.
Finance is often underestimated. Organizations don't run without paying vendors and collecting revenue. Any process that touches either of those things needs finance at the table from day one.
IT and data owners are increasingly distinct. Data is becoming more valuable as a resource in its own right, especially in the context of AI, where data quality directly determines the reliability of AI outputs. Someone has to own data governance specifically, not just system access.
Internal requesters are the people who say "I need a new supplier", are the most overlooked stakeholders. If the intake process isn't designed with them in mind, they route around it. Shadow procurement is a governance design problem, not a people problem.
Joël offered a useful frame for the ownership question: think of procurement as the hub in a hub-and-spoke model. Every other function is a spoke. The hub doesn't own all the data, but it connects all the spokes and ensures they're working from a shared foundation. If procurement doesn't claim that role, no other function will naturally assume it.
This connects directly to a challenge we explored in an earlier post: the same supplier looks different to Finance, Compliance, ESG, and Procurement. Four valid perspectives, four partial pictures. Governance is what makes those perspectives work together rather than conflict.
After Go-Live Is Where Governance Actually Starts
One of the sharpest observations in the conversation came when Gary described what most organizations do after implementation: everyone goes back to their jobs, and nobody talks.
The governance model carefully designed during the project becomes a slide deck in a file cabinet.
What's needed instead is a steering committee. Not a project committee, but an ongoing one. Gary and Joël settled on a useful distinction: this committee isn't about the technology. It's about the supplier data object. What data do we capture? Who owns which parts of it? What happens when a business change (a new regulation, a market shift, a tariff) requires a policy update? Who decides?
The show's visual of the SRM Sausage Machine captured this well. Start small with qualification and transactional data, the minimum viable governance model, and grow it deliberately, adding compliance, risk, ESG, and quality data as the steering committee matures and the process earns trust.
Gary returned to a nurturing metaphor more than once: "You have to nurture it, like a tree. Otherwise, it's going to die."
AI Doesn't Simplify Governance. It Raises the Stakes.
The final section of the show turned to AI, and Gary's take was direct: AI creates governance questions that didn't exist before.
When an SRM platform surfaces AI-generated risk findings and recommended actions, not because a human ran a report, but because the system assessed the situation and produced a recommendation, new questions emerge.
Who can activate or deactivate AI features? Who reviews AI outputs before action is taken? How do you audit AI over time? And when the AI is wrong (because it will be), who is accountable?
Gary made an analogy worth keeping: organizations give employees performance reviews. AI engines need them too. Nobody is currently tracking AI accuracy objectively over time, but as AI takes on more of the co-worker role in supplier management, that accountability gap has to close.
The generational dimension matters here, too. An entry-level analyst who trusts an AI risk flag immediately and acts on it is not wrong. A seasoned category manager who wants to audit every recommendation before acting is not wrong either. Both are reasonable. But a governance model that doesn't account for both creates inconsistent decision-making inside the same platform and inconsistency is what governance is supposed to prevent.
The closing slide from the show said it plainly:
"Technology doesn't create governance. It reveals whether you had it. And increasingly it creates new governance questions you didn't know you needed to answer."
Five Traps Worth Naming
Gary closed with five practical traps he sees organizations fall into. Worth reviewing before your next implementation.
The Phantom Owner. Everyone assumes someone else owns the supplier relationship. Nobody does. Define ownership in writing before go-live — not in a RACI nobody references, but in the actual workflow.
The Big Bang. Trying to onboard all suppliers with a new governance model at once. Crawl, walk, run. Start with the highest-risk or highest-spend tier and learn before you scale.
The Governance Deck in the File Cabinet. A carefully documented policy that nobody looks at after the project closes. Governance has to live in the system's workflows, not in a slide deck.
Ignoring the Supplier Experience. Governance designed entirely from the buyer's perspective. If suppliers can't navigate the intake process, they'll find another way — and you'll be back to managing compliance by email.
Treating Go-Live as the Finish Line. Implementation is where the project ends. Governance is where it begins.
Watch the full episode on LinkedIn. And if this conversation surfaced questions about how your team is structured around supplier data, this post on the cross-functional supplier data problem is a useful next read.