Codes of Conduct and Supplier Self-Determination in the Era of Supply Chain Auditing

Robert Pojasek, Ph.D. | Art Stewart, M.P.M.

The competitive landscape for leading brands, many of which are publicly-held companies, is being transformed by the changing nature of risk and what is required to better manage uncertainty.

What’s driving this transformation?

For one thing, unlike any other time, companies are competing for more buyers of their products and services on price, speed and proximity. They are also competing for better suppliers and more favorable supplier relationships. All of this is re-calibrating their risk exposure.

Many leaders of these organizations acknowledge that threats to brand and reputation are consistently top concerns for them. Beyond lost revenue or asset degradation, a rapid decline in public trust or consumer confidence can taint a hard-earned brand identity, especially when many brands have staked their equity on aligning with customer values.

There is a tremendous amount of equity, as well as financial assets, held in a company’s supply chain. With an investment of this extent, the functional managers and divisional leaders of these companies are expected to operationalize policies to meet stakeholder expectations and improve corporate integrity while they also work to ensure top- and bottom-line growth.

Without skipping a beat, these sourcing companies are requiring suppliers to be upfront in their dealings with them and take ‘ownership’ of their relationships with the facilities that produce the products they sell to them. The effect is a cascading of the sourcing company’s values throughout multiple interdependent supply chains.

A Framework for Driving Expectations
One of the ways leading brands and publicly-held companies impose their standards on suppliers is through a Code of Conduct, which has become part of the expected content you’ll find on their websites. Companies use their codes of conduct to generally establish their mission and strategic objectives, then link them with their standards of professional conduct. In this manner, a Code of Conduct articulates the values an organization wishes to foster in its leaders and employees, thereby defining what they understand to be appropriate, ethical behavior.

Developing a Code of Conduct in a company is a process to reaching consensus on a uniform standard of behavior and the guidelines for maintaining that standard in alignment with what is not only acceptable to the company’s leadership (e.g., the Board), its suppliers, customers, and often shareholders and other investors – but the established norms of their industry, profession and operational context.

Investors in these companies now specifically require formal acceptance of a Supplier Code of Conduct. Traditionally, the suppler code was transmitted to first-tier suppliers by literally attaching it to a purchase order! The signature line on the purchase order was placed below a “notice” that by signing the purchase order, the supplier was acknowledging its intent to abide by the Code of Conduct. Transmitted in this way, the supplier code became a legal contract for compliance to the items presented in the code. History has proven, rather precipitously, that such a manner of compliance was not very effective.

Challenges in Working with the Sedex Partnership
This quagmire created an opportunity for the development of a membership company that would identify and contact the suppliers of the large sourcing companies. Sedex, an independent coordinating entity, assumed this unique role, which was concurrently driven by an opportunity to serve the supplier compliance requirements of the large big box retailers such as Walmart. Sedex became an intermediary that helped seed the development of audit standards and the corresponding oversight system.

The Sedex Members Ethical Trade Audit (SMETA) is one of the most widely used social and ethical audit methodologies worldwide. Some 20,000 audits are uploaded on the Sedex platform each year and another 60,000 audits are conducted for offline use. The current Sedex standard seeks to achieve commonality from the processing of a vast array of codes and incorporating the full farm-to-product development supply cycle, melding 80% of what the Fortune 100 require.

Sedex operates an online service that allows the large sourcing companies to collect, share and analyze information submitted by their suppliers with a compliance-focused ethical sourcing questionnaire. They also maintain a listing of approved auditors that are required to verify the information and create corrective actions when necessary; a concept that is currently used by many large companies.

Sedex provides instruction for outsourced auditors on what to search for when working with a supplier organization and suppliers must select an auditor from their approved list. Challenges emerge when you realize that less than 7% of the overall auditing activity conducted by Sedex is in the U.S. and Canada. Sedex flies in auditing teams from overseas jurisdictions, bringing language issues and cultural idiosyncrasies, in addition to expectations that are out of alignment with American business norms.

Another dilemma is that the Sedex questionnaire contains a large number of fixed answers where a supplier cannot add any wording to it. The questionnaire is black and white, with no shades of gray, requiring many of the responses to be a simple “yes” or “no.”

Despite suppliers being required to pay the auditor fees, Sedex has continued to only disclose to the supplier the general categories to be covered in the audit. The situation is exacerbated for suppliers when sourcing companies rely on questionnaires, checklists and audits that do not reflect the reality of what supplier organization employees are engaged in every day. As a result, suppliers find themselves far less prepared for what a Sedex-based audit will detect.

It’s Time for a Better Approach
With mounting pressure in meeting oversight expectations and navigating the expanding risk landscape, suppliers and auditors could employ a different concept with a range of conformance services that are not available through Sedex or other associations (such as the Responsible Business Alliance).

When a supplier is contacted by Sedex on behalf of one of their sourcing customers, their team could utilize a Competency-Based Training (CBT) approach in conjunction with an international high-level structure and a SaaS-based management system that uniquely integrates the most recent versions of all the global standards. Supplier organization leaders are then able to better compile and manage conformance information in four key areas that are essential to effective audit preparedness: Labor; Environment; Health and Safety; and Business Ethics.

Information is derived from standards currently in use in over 180 countries and is organized for teams using the framework of “Plan-Do-Check-Act (PDCA)”. The designated employees at each of the supplier locations submit the information under the supervision of the supplier’s top leader and a credentialed CBT facilitator.

This model enables a supplier organization to self-determine its conformance and “self-certify” to create conformity statements that include maturity matrices. Suppliers using an ESG-based Sourcing SaaS platform could report on a list of indicators, generated and approved for use in investor ESG evaluations by the World Federation of Exchanges and the Global Reporting Initiative. The Competency-Based Training program can be shared with the sourcing companies and the trained auditors with whom they are partnering.

All the essential information is maintained within the SaaS platform and is easily referenced when completing the Sedex compliance questionnaire. This new management system can help both the sourcing company customer and the supplier organization plan for an auditor visit to a facility. By setting aside a module for this purpose, the supplier may grant “permission” to the auditor or sourcing customer to access any area of the SaaS platform. This avoids the cumbersome downloading of information, enabling direct connection to the “objective evidence” of conformance and compliance activity through a simple URL.

For a sourcing company, an e-audit can be conducted by a competent certified auditor to acquire the “objective evidence” and use an approach that is far more rigorous and up-to-date than what Sedex currently offers. Plus, with the “objective evidence” becoming a “record” within the SaaS platform, conformance documentation is memorialized and protected from alterations. Internal auditors or any external third party would be able to officially verify the information and complete its certification.

This new approach represents a game changer for both the supplier organization and its sourcing company customer. Suppliers can initiate a presumptive move to having their conformance accepted without the need for a Sedex intervention. The process of audit preparedness becomes digitized. Competency-Based Training guides the designated leaders in mastering the SaaS structure, content and e-auditing – thereby opening up a new pathway for perpetual value creation and the discovery of unanticipated growth opportunities. SIP