Procurement risk and where to find it
David Mooney talks to Stephen Rees, Director of R&S Compliance Consultancy, about how a risk-based approach to supply chain management can help prevent damaging scandals.
Recent high-profile cases – and in some cases, the associated audit failings – have underlined the importance of knowing what’s happening in your supply chain.
Take the furore over procurement failings at South African Airways and the failure by auditors to identify them. Or Rolls-Royce agreeing to pay £671 million to settle corruption cases with UK and US authorities last year, after failing to prevent bribery in China, India and elsewhere.
Procurement professionals need to consider a wide and complex range of issues when working with suppliers.
Stephen Rees, Director of R&S Compliance Consultancy, says these include health and safety standards, human rights abuses, bribery and corruption, and now, data security. Under the EU General Data Protection Regulations (GDPR), organizations could face huge fines if a cyber-breach in their supply chain exposes their data. Fines could total €20 million or 4% of annual global turnover – whichever is higher.
The challenge lies in identifying which of these concerns are most relevant to which suppliers and contracts. It’s vital that procurement teams know not only who their supplier is, but also who they may be outsourcing the work to further down the supply chain.
A deep-dive on every single supplier or potential supplier won’t be possible, so Rees recommends taking a risk-based approach.
“The first thing is to understand what the risks are with a particular contract,” he says.
“Ask yourself what the value is, but also what that contract is going to do. If it means dealing with logistics, immigration and customs, and government officials, then the risk immediately escalates to high.”
Bribery and corruption
The introduction of the UK Bribery Act means procurement professionals must be even more aware of the risks inherent in their supply chains. Rees describes the law as “probably the most onerous anti-bribery legislation in the world”.
The act makes it an offence for an organization to fail to prevent bribery by an employee or supplier – unless it can prove it has taken all reasonable steps to stop it. Moreover, directors can be held personally and criminally liable for such failures.
As such, organizations must have clear policies and controls in place or risk being caught up in supplier-related scandals. According to Rees, due diligence on suppliers should be carried out before contracts are awarded.
“Firms need to ask: does the contractor have the resources, financially and in terms of people?” says Rees. “Do they have an anti-bribery and corruption program, and the processes to manage human rights issues, particularly in developing countries? Here they may be dealing with indigenous populations or land acquisition, or policies to prevent the use of underage labor.”
Contracts judged high risk will require meticulous probing. This includes finding out who owns the supplier, checking media coverage, and ensuring that the business, or its owners are not subject to sanctions or registered on international watchlists.
Procurement professionals need to know what compliance programs suppliers have as part of the due diligence process. These then need to be tested.
“It’s more than a tick-box exercise,” Rees warns. “Insist on being given the correct documents so you know who you’re dealing with and how they apply them in practice.
If suppliers are found wanting, include contractual clauses requiring improvements within a clear timeframe. Failing that, steer clear of them altogether.
“If suppliers are found wanting, include contractual clauses requiring improvements within a clear timeframe. Failing that, steer clear of them altogether.”
Businesses need to be particularly vigilant when dealing with suppliers in certain parts of the world. Rees highlights the global corruption perceptions index produced each year by Transparency International. Contracts with companies in countries scoring 50 or below should be subject to extra scrutiny.
“I’m constantly surprised by people thinking it’s just the local staff who might be corrupt,” says Rees. “Expatriates in positions of responsibility can be susceptible too.”
Rules and regulations
Businesses also need to ensure they develop a culture where there are clear rules around awarding contracts and engaging with suppliers.
This should start at the top of the tree. “Management needs to be committed to an anti-bribery and corruption program,” says Rees. “I’ve seen cases where signing a document is seen as a commitment; it has to be much more than that.”
Clear policies are required when dealing with public officials, giving or accepting gifts and hospitality, and declaring conflicts of interest. As well as receiving training and communication, employees should feel able to report concerns confidentially and without fear of retaliation.
From a procurement perspective, the bidding processes must be regulated. “If it’s a competitive tendering process, sealed bids should be delivered by a particular day and opened in the company of witnesses,” says Rees.
“It’s also a good idea to have a tender committee so that the decision to award a contract isn’t just made by one person.”
High-risk suppliers should be audited, either by the business itself or by an external, independent expert (particularly after significant events such as a change in ownership).
Having a clear set of supply chain and compliance policies will not just prevent expensive lawsuits, it can also improve a company’s broader reputation.
“People don’t generally want to work for corrupt companies,” says Rees. “It makes sense to invest in policies and training upfront rather than hoping that nobody does anything they shouldn’t – or gets caught doing so.”