Supply Chain

Supplier Audits Rise to the Fore — At Least, They Should

Supply chain audits are supposed to uncover vulnerabilities in operations, but they may not go far enough.
David McCannNovember 23, 2015

As a company’s supply chain grows, so does its exposure to risk. Experts recommend that companies periodically audit their supply chains to identify vulnerable links, but the value that such audits actually deliver is up for debate, for a variety of reasons.

For one thing, an expanding list of risks means there are more things to audit. Inevitably, at large companies a lot of stuff falls through the cracks — that is, if those companies bother doing meaningful audits at all.

4 Powerful Communication Strategies for Your Next Board Meeting

4 Powerful Communication Strategies for Your Next Board Meeting

This whitepaper outlines four powerful strategies to amplify board meeting conversations during a time of economic volatility. 

For another, new kinds of risks are cropping up that may escape auditors’ notice. Traditional supply-chain risks include demand and supply variability, limits on capacity, and quality issues. But those have been joined in recent years by such considerations as greater customer expectations; ever-increasing global competition; longer and more complex supply chains; increased product variety with shorter lifecycles; and security, political, and currency risks, notes Paul Myerson, professor of practice in supply chain management at Lehigh University.

One evolving area of risk is proving particularly vexing: the sourcing (inadvertent or not) of objectionable products or materials, such as those containing ingredients that have been targeted as hazardous to health, mined or produced with the use of slave labor, or sold to finance violent conflicts. In the last few years, particularly since 2013, a wave of jurisdictions both domestic and global have enacted laws and established regulations aimed at preventing the distribution of such products and materials. The newest major one is the United Kingdom’s Modern Slavery Act 2015. Even some individual U.S. states and, in the state of New York, three counties are now regulating the ingredients in consumer products.

Companies are still catching up to the realities of those requirements. “Most U.S. companies do not know who their first-tier, direct suppliers are getting their raw materials from,” says Maureen Gorsen, an environmental attorney with Alston & Bird who has a specialty in helping corporate clients with supply chain audits. “Something could be in what they’re buying that’s not allowed, and without [sufficient auditing] you could wind up with a damaged reputation and lost sales because of boycotts.”

Floored by Formaldehyde
A recent reputational hit via supply chain was suffered by Lumber Liquidators, a billion-dollar flooring retailer. On March 1, CBS’s news program “60 Minutes” outed the company for allegedly selling Chinese-made laminate flooring that contained levels of formaldehyde that were 20 times over the safety standard in California. The company’s stock, which had closed at $51.86 on Friday, February 27, opened the following Monday at $38.26 after tanking in pre-opening trading. By November 10, the stock had fallen to just under $16. Lumber Liquidators also has potential legal troubles, although the extent of those was not yet known at press time.

WarehouseInventory_325x253Other potential consequences of such lapses can be devastating as well. In addition to government enforcement actions that can lead to monetary penalties, they include getting dumped by retailers, being shamed on the Internet (with nongovernmental organizations highlighting the noncompliance in their reports, for example), and becoming a target of plaintiffs trolling for unfair business practices.

For the most part, such risks are greater for large companies with highly recognizable brand names. Apple, McDonald’s, Nike, Sears, and Walmart are among those that have suffered business setbacks resulting from noncompliance within the supply chain.

But while large or midsize companies that do have exposure to supply chain risk may comply with laws and regulations, many are not very enthusiastic about putting much extra effort into audits. Like so many aspects of corporate strategy, it’s a cost-benefit question: How much money can we justify spending to audit the supply chain beyond what we have to do to be compliant, and what are we going to get for that?

Companies are likely to spend for audits of risks whose potential financial impact they can quantify, and otherwise do as little as possible, according to Gorsen.

“As a lawyer, I try to sell prevention services,” she says. “But not many companies want to buy them. They’re expensive. It’s like when a plumber tells you your pipes are getting old and you might want to replace them. You say no, but then they burst and you’re in hot water. People will not usually [spend much on audits] until they have a catastrophic failure, or in some cases one of their competitors does.”

That’s part of the reason why the term “supply chain audit” (some practitioners prefer “risk assessment” or “risk management”) can be defined so many ways. Simply sending a letter to first-tier suppliers asking questions about their compliance activities could be considered an audit. At the other end of the spectrum would be making regular, unannounced inspections at all relevant supplier locations, like factories and distribution centers. That full-blown scenario is extremely rare, though, says Gorsen.

Imperfect Fulfillment
One particular trend that’s ramping up the need for audits of overseas distribution centers is the rapid growth of online shopping. At a brick-and-mortar store, a customer shopping for, say, a University of Michigan jersey can see and touch the actual item. If the customer goes online and the order goes through a distribution channel that may include a facility in Asia, there’s a chance that a Michigan State University jersey will be erroneously shipped.

What companies need to do a better job of monitoring is the quality of the supplier’s system for matching the correct bar code to what’s in the box. “Understanding the capabilities of suppliers in high-churn bases on foreign soils can be quite difficult,” says Glen Goldbach, a principal in the supply chain practice at PricewaterhouseCoopers. “We’re seeing more and more of these order fulfillment problems. The supply chain must become more precise because of customer choices being made virtually.”

PwC measures actual performance by comparing it with what it calls “perfect fulfillment,” meaning the customer got the shipment on time and according to all applicable requirements, like having the right number of units. The firm is seeing a 1% to 2% performance degradation between what suppliers commit to and what they deliver, most of it due to incorrect product-barcode matching. “It’s a regular issue across a number of industries,” says Rodger Howell, a principal at Strategy&, the management consulting firm (formerly Booz & Co.) that PwC acquired last year.

Another set of trends, including an increase in geopolitical risk and the growing frequency of natural disasters, is making business-continuity plans—for companies and their suppliers alike—more important than ever. But to say that there’s room for more vigilant audits of suppliers regarding this issue would be an understatement.

“We’ve done a lot of research on this, and the number of companies that know whether their tier-one and tier-two suppliers have continuity plans in place is incredibly low, in the single-digit percentages,” says Goldbach. Companies should have a program in place that sets forth their standards for business continuity plans, he says, which should be well known and understood throughout the supply chain.

Supplier KRIs
The biggest current CFO trend in the supply-chain arena is finance chiefs becoming more involved in up-front due diligence on the financial viability of key suppliers, says Christopher Monk, a managing director at Protiviti and a member of the firm’s global leadership team for supply chain solutions.

Because of CFOs’ involvement, some of the modeling being used is getting much more robust, mostly at mature, best-in-class companies, Monk says. “It used to be that you ran a liquidity ratio, took a quick look at the P&L, and you were good to go. Now you see a lot more advanced analytics around things like Z score, which is a bankruptcy indicator.”

Predictive analytics using key risk indicators (KRIs) can help tip off a company to looming financial troubles at suppliers. Say you’re supposed to receive 1,000 pounds of dirt at a dock at a specific time every month. If the shipments begin arriving late or being less than 1,000 pounds, it can be an indicator of troubles ahead. “Sometimes these KRIs may show up quarters in advance of the issue being so catastrophic that the supplier tells you about it,” Monk says. “They allow you to initiate conversation and look at other strategies, like qualifying a new supplier or investing in the existing one to keep it afloat.”

But smart supply chain decisions are not always based on quantitative analysis. Sometimes they’re based on the opposite: gut instinct.

Chris Good, managing director of consulting firm Conway Mackenzie, recalls an incident during his former post as a purchasing executive at a large automaker. “We were looking at buying some drive shaft tubes out of Israel,” Good says. “It was great technology. But we decided not to do it,” because of the constant threat of terrorism, he says. “We didn’t need drive-shaft tubes from Israel that desperately. It wasn’t the most exhaustive analysis ever done.”

Photo: Wikipedia, uploaded by Axisadman, CC BY-SA 3.0. No changes were made from the original.