You Can Expect What You Inspect
I’ve always found the teachings and philosophies of W. Edwards Deming fascinating. Through emphasizing the importance of measuring and testing to predict results, Deming effectively demonstrated that inspecting “inputs” and “process” provides statistically reliable insight into the “output”.
Whether risk exposure is internally-controlled (e.g., separation of duties, OFAC/debarment checks, tax form compliance, etc.), or externally-influenced (e.g., bribery, use of hazardous materials, poor quality, etc.), the need for a structured, systematic audit program is paramount in avoiding damaging consequences, from increased supply chain costs, to unavoidable regulatory fines, and through loss of revenue.
Without question, auditing trading partners is one of the best ways to ensure they are following set and agreed-upon processes and procedures, as well as identifying potential issues before they affect your organization. Though many only consider audits as “supplier facing”, this should not be the case, as your relationship is not two-dimensional but often multi-dimensional – and, in this posting, I will attempt to provide, at a high level, some best practices to consider within your supplier relationship strategy.
- Data Quality
The reality is that, given today’s technologies, there should not be an excuse for poor data quality. The ability to easily collect information straight from the source(s), workflow capabilities, open systems, and a growing adoption of Master Data Management governance should absolutely ensure that what information needs to be collected is; however, this isn’t always the case, as people will naturally find ways to work “outside of the system”.
Monitoring the accuracy and completeness of information, for example, Tax ID coverage or NDA collection, provides timely insight into areas where processes may require refinement. The automation of certain items, such as collecting and verifying TINs, need no human intervention. Other items, such as verifying an NDA is in fact signed, necessitate either a strategy where all NDAs are verified prior to enrollment, or that an audit team is engaged for spot checking.
Further, without accurate data, how does one know who, or what, to audit? In fact, a business continuity manager recently told me that they had triggered a full supplier audit, from financials to factory audit and process verification, but… they had stopped using that particular supplier almost a year earlier.
Proper Supplier Information Management ensures accurate and complete data, which becomes the foundation to build upon.
Not all supplier engagements are equal – and, certainly, some pose higher risk to your organization than others. Granted, some processes need to be followed across all, or at lease most, suppliers, such as: separation of duties, tax verification, debarment checks, etc. “One size fits all”, however, ends there.
Leveraging accurate data, systems can automatically segment trading partners and apply the appropriate governance policies – and there is no limit to the possibilities:
- By type (e.g., strategic, tactical, transactional, etc.)
- By commodity/service (e.g., microchip, office supplies, etc.)
- By country/region (e.g., European-based, China, etc.)
- By difficulty of replacement / “switching out”
- By business unit / operating unit
- Other (e.g., score-based across a mix of dimensions, etc.)
Without question, the level of transparency and aligning vision is different, and requires different governance, for a strategic supplier, than one that is tactical or transactional. Further the cost-benefit value to conduct a factory audit with a tactical supplier, where their failure, though not necessarily irreparable to your organization, creates significant operational stress, versus conducting a factory audit on a transactional supplier, such as your office supply provider.
Not only does “one size fits all” not apply for trading partners, it also doesn’t apply to audit plans. Ensuring suppliers that provide specific services (e.g., transportation) carry all the necessary insurances may be applied across the board. In other scenarios, it may make more sense to conduct spot audits.
Further, as mentioned above, one most likely wouldn’t trigger a factory audit on an office supply provider, or necessarily have the same frequency for those that do require on-site verification.
Notwithstanding all the variables above, the audit process, to ensure effectiveness, should be consistent. The who’s, how’s, why’s, and what’s vary, but the process can be driven in a systematic fashion.
In addition to ensuring data quality and segmenting suppliers, capable Supplier Information Management systems assist with, and enable, audit processes:
- Scheduling the audit between the auditor, the trading partner, and the buyer.
- Providing details on the audit plan (e.g., objectives, process, requirements, information captured, etc.).
- Enabling 3rd-party auditor portal access in order to gather information, as well as provide findings.
- Managing the communication, including discussion forums, surveys, etc.
- Reporting on progress, results, and non-conformities.
- Triggering automated follow-on activity, such as: notifications, corrective action plans, etc.
Deming understood that inspecting what we expect is a fundamental requirement in ensuring the integrity of the supply chain. The pace, though, that supply chains are evolving is mind-boggling – and the only way to maintain control of the “outputs”, in this day and age, is to utilize those Supplier Information Management systems that can: ensure high-quality data; segment suppliers to ensure resources are appropriately applied; determine appropriate processes; drive an effective audit; and, ensure follow-up reporting and processes are appropriately acted upon.