Last year’s factory collapse in Bangladesh put supply chain risk on the front page and brought a new awareness of ethical business to light. But for those who work in fields related to governance, risk and compliance, this issue was nothing new. It was just a horrific example of what can go wrong when businesses don’t scrutinize past the first tier in the supply chain.
Tone from the Top
Like so many ethics- and compliance-related aspects of doing business, effective supply chain risk management starts with the tone from the top. “If there isn’t a mandate, a tone, support and resources for the people who are involved all along the supply chain, then we can have risks that are not properly predicted and not properly dealt with,” says Andrea Bonime-Blanc, CEO and founder of GEC Risk Advisory, and a global strategic governance, risk and reputation advisor.
But the tone from the top can only trickle down effectively if you know who it needs to affect. “One of the most important things is that you have to understand who your supply chain is. And frequently, as we’ve seen in the headlines in recent years, people don’t look beyond their first tier supply chain third parties,” says Bonime-Blanc. “Sometimes even with the first line of suppliers you don’t always vet them properly and do the proper due diligence and so you end up with mediocre or bad actors who don’t really enforce the four corners of the contract where you’ve asked them to live up to certain standards.”
FREE Investigation Report Template
Prepare thorough, consistent investigation reports with our free report template.Download Template
Before entering into a contract with first tier suppliers, Bonime-Blanc advises that you ensure they have a good reputation, a good track record and that they don’t have a highly litigious profile. “And then you also want to hold them accountable for their subcontractors and their supply chain,” she says. “One of the big issues that is hard to answer is how deeply you go into the supply chain.” A large corporation with a long or complicated supply chain has a mammoth task to understand who their subcontractors, and the subcontractors of their subcontractors are.
The solution looks something like delegation. “Companies really need to vet their first tier and hold their first tier accountable for the next tier or two,” says Bonime-Blanc. “So that would be the first step. But don’t just do it once. Do it periodically.” And periodically can mean different things in different companies. It all depends on risk.
“No-one can check everything all the time. You want to have an audit plan that identifies your high risk areas in the supply chain, and have your audit team check from time to time, depending on your industry,” she says. In a high-risk industry, such as the garment industry, where the supply chain can be long, complicated and international, extra attention should be paid to checking suppliers.
Risk and Collaboration
Risk assessments should be carried out periodically to look at supply chain issues, says Bonime-Blanc. And this should involve interviewing people on the front lines. “Have a good relationship with procurement,” she says, because not only are they involved in third party due diligence, but they are the closest to the supply chain.
Bonime-Blanc stresses the importance of collaboration across different functions and communication with people on the front lines. “The more we can speak their language and help them with their risk management, the better we can embed some of the ethics and compliance pieces that we want to embed – whether it’s training, a helpline, or anything else that raises awareness. Like everything else with ethics and compliance, you want to have people aware that when there’s a supply chain issue on the shop floor, a health issue or a safety issue, they should speak up,” she says.
Buy-In from the Board
The Board of Directors and Executive Team need to understand the risks, says Bonime-Blanc. “It’s incumbent on the ethics & compliance officer, the general counsel, the chief auditor, or a combination of these people to really define what the supply chain risk is, bring it to the attention of the c-suite and explain how it fits into the pantheon of risks, and what’s being done,” she says. “Getting the right resources from the top, getting the right third party software or services – these things are critically important. Companies who aren’t thinking about these things are going to have one of these catastrophic supply chain things happen to them. Even when you are fully prepared it can happen, but at least you won’t be caught unawares, unable to deal with it. The crisis management part becomes easier.”