Who certifies the certifiers: what happens when your data validation fails?

Article by Achilles

Supply chains rely on the confidence produced by external assurance and vetting. But, the effects on a company’s performance and reputation from data validation that isn’t thoroughly implemented can be significant.

Badger Sportswear, for example, are one largest suppliers of athletic attire providers in the US. In 2019, the company announced it was dropping one of its key suppliers due to claims its products were being produced by a type of modern slavery in Chinese detention facilities. Badger had been using Worldwide Responsible Accredited Production (WRAP), an independent, non-profit compliance organisation, to certify their suppliers had been following their ethical code of conduct. However, the documentation the Chinese supplier had provided WRAP wasn’t accurate and wasn’t independently checked.

Badger Sportswear thought they had ticked all the right boxes, but still ended up dealing with supply chain disruption and damaging publicity. So, what can buyers do to make sure the assurance they depend on is up to the task, and what should they do it find themselves in a situation like Badger’s?

Getting the assurance you need
The situation that Badger found itself in highlights a key business risk: sometimes companies willing to enter into a contract are not as open and transparent as they should be. This is why second party audits are so important.

Second party audits are an important way for companies to evaluate their supply chains against their requirements and make sure every supplier is operating to the standards they say they do. The data from these audits allows buyers to improve their business processes, increase efficiencies, reduce risk and make sure they are not party to things like modern slavery in supply chains.

But choosing a second party assurance partner is difficult. There are a range of companies out there, all with their own individual controls and disciplines, and no formal mechanisms existing to approve them. Buyers have to make sure they do their due diligence, as the consequences of having data validation fail can be severe.

Here are some of the most important factors that need to be considered:

Their approach to data
Providing assurance on supply chains involves the generation, analysis and storage of a huge amount of data. Managing this data is an essential part of the assurance process.

At Achilles, we have an ISO 21001 certification, to ensure our information security management is of the highest standard. We follow a clear and recognised approach to managing sensitive company information, so it always remains secure.

Their approach to audits
Supplier audits give buyers confidence that they are working with the right suppliers, as well as helping them improve their processes, become more competitive and enhance their credibility. While you think your suppliers are working to your ethical code of conduct, an audit may show that they are not fully committing in certain areas. Eliminating the practice of modern slavery in supply chains relies heavily on supplier audits.

Your audit partner must be able to show that they have the experience, specialist knowledge and proven approach to compliance that is needed.

The different levels of assurance
There is no one-size-fits all approach to supplier audits. We base our data validation on the level of risk that an individual supplier poses to a buyer. Some suppliers may only need to fill out a questionnaire while others will go through a comprehensive on-site audit. To adopt this kind of tailored approach, we have to ensure we are categorising suppliers correctly, using a clear and defined risk matrix. Companies in construction, for example, are much more susceptible to some types of modern slavery than other industries.

Buyers need to scrutinise their assurance partners because they need to have confidence in the results. If your supply chain is complex, you need assurance that allows all parties to work together in the knowledge that each have the right capabilities.

An assurance failure like the one Badger experienced can be damaging and disruptive, but there is no need for it to be fatal. Buyers need to act quickly and decisively to limit the damage.

Dealing with an assurance failure
For a supplier, losing the trust of their buyers can be disastrous. An assurance failure could lead to a loss of revenue and sales and reputational damage that lingers, but not if the supplier in question takes the right steps.

Here is what a supplier needs to do:
Acknowledge what went wrong – help everyone in your supply chain clearly understand what went wrong and how it is likely to affect them.
Take a break – putting a temporary halt to the activities that have been called into question will give you the space needed to figure out what the right course of action is.
Investigate in detail – understanding what has happened in as much detail as possible helps make sure it doesn’t happen again. This process may take a longer amount of time then you would like, but it should never be rushed.
Be as transparent as possible – the results of the investigation should be shared with all relevant parties, and should lay out how the problem was dealt with and the controls and policies that have subsequently been put in place.

Second party assurance is an important piece in the puzzle of creating and maintaining efficient, open and productive supply chains. It is also something that needs a defined process, demonstrable expertise, clear accountability and an ethical code of conduct to be useful. Finding an assurance partner who can show these skills is the first step to having full confidence in your supply chain.

Request a call back to hear more about our supply chain solutions



You may also be interested in

Få insikter i din inkorg varje månad

Prenumerera