How to conduct effective distributor audits

By Sanday Chongo Kabange, The Red Flag Group®

With increased global scrutiny on organisational compliance, distributor audits are becoming more-and-more vital to ensure adherence and alignment to expected corporate ethical behaviour.

While there is familiarity with audits in the context of internal audits, accounting audits or process audits, there is a growing trend for companies to conduct third-party audits. These third-party audits typically focus on suppliers, vendors, distributors and channel partners.

The increasing focus on third-party audits in recent years has been due to: improved supplier due diligence and supply chain management; an outcry from the public, NGOs and regulators about the need for transparency and accountability; and, human-rights concerns.

Most companies are starting to get a handle on where their products and services are coming from (i.e. suppliers and vendors) but are becoming more and more concerned with what happens after their products leave their facilities and are in the hands of distributors. Frequently, formal and scrutinised processes are established and carried out for those acting on behalf of the company and providing raw materials and building components. In addition to these existing audits, the ad hoc nature of auditing the distribution network needs to be addressed.

When companies conduct a distributor audit, there are many factors to consider. An audit of distributors needs to be focused, with appropriate methods used to obtain information that is useful, relevant and, above all else, actionable. The end result of the audit is to know more about your distributors, what they are doing for your company, and how they are doing it.

Preparing for the audit

The first step in the process of a distributor audit is to appropriately plan and determine the scope of the project.

Before anything is implemented, you need to ask the following important questions:

  • What do we want to know after this project has been completed?
  • Why are we doing this audit?

These two questions will determine the direction of the audit. If the goal is to learn more about the distribution network because of a high suspicion of misconduct, that will produce a much different project than if the goal is to do a risk-based assessment to learn more about distributors in a complex global operation.

Scope of the audit

When determining the scope of the audit you must keep in mind the purpose and the desired results, as this can teach you what to look at and in what depth. A constraint of the audit can be the limitations on resources, in terms of time, money and work hours of those individuals heading up the audit. It can be worthwhile to seek outside help to conduct an effective audit. The scope of the audit should determine:

  • Which distributors to examine, as only some of the high-risk entities will be examined based on location, size of the relationship, size of the distributor, and the type of work being done
  • The type of information to collect, such as areas of high risk, operational information, financial standing, distributors’ distributors and any possible red flags.

There are varying methodologies to gathering the required information, which are based on the time and budget constraints of the audit. The most common methods are:

  • Questionnaires
  • Document reviews
  • Interviews
  • Onsite visits.

CONTACT US 

TO LEARN MORE ABOUT A SCALABLE AND HOLISTIC COMPLIANCE PLATFORM PROVIDING THE DATA YOU NEED TO EFFECTIVELY MANAGE THIRD PARTIES.

Audit methods

After the target list of distributors is identified, the next step is to send the questionnaire to the list of distributors as a first step to gathering the necessary information

It is important to spend enough time thinking about the questions you will ask to make certain that all the answers provided relate back to the purpose of the audit. The questionnaire should obtain basic information about company ownership, areas of operation, extent of the relationship and details of operation. You should also include questions related to specific risk topics.

The use of closed-ended, yes/no questions is recommended for most of the questions, but with some open-ended ‘please explain’ questions throughout where necessary.

It is recommended that the questionnaire be kept to fewer than 40 questions, with the estimated time to complete it limited to about 20 to 30 minutes. A balance should be struck between being comprehensive in nature with the questionnaire but at the same time not overly burdensome in terms of the necessary time to complete it. Keeping the questionnaire as brief as possible can encourage more distributing entities to participate in a timely manner.

There needs to be an assumption that the person analysing the completed questionnaires will have limited prior knowledge of the distributors. Therefore, it is worthwhile to ask baseline information about the distributors’ operations and relationships to your company.

Another key aspect of audits is the review of relevant documents. It is not necessary to obtain all of the policies from an audited entity – only those that relate to the main objective laid out in the initial planning stages. Asking for too much documentation can overwhelm distributors and will likely cause a reduced rate of response and slow down the entire project. 

The documents that are typically requested and reviewed during the review will be codes of conduct and policies related to the identified risk topics.

Along with providing copies of standalone policies, distributors should also be asked to provide documents that prove their legitimacy. These documents may include:

  • Company registration materials
  • Evidence of good standing within local business registrations
  • Company charters
  • Licences and permits
  • Ownership information.

Interviews should be conducted after the questionnaire has been answered and the requested documents have been expertly reviewed. By gathering the information in the questionnaire and the document review ahead of the scheduled interview, you can analyse the responses and properly tailor the interview to centre on the yellow and/or red flags raised by the information provided.

Due to cost and time constraints, interviews will most likely take place over the phone. While it would be ideal to conduct all interviews face to face, it is often not plausible to do so as the distributors can be located in other countries. For phone interviews, it could be necessary to accommodate interviewees’ time zones with a small global team of interviewers. Interviews should be scheduled as soon as possible after the questionnaire has been completed and associated documents reviewed.

At the start of an interview, it is worthwhile to explain the project at a high level so that the distributor knows exactly why the questions are being asked. Explaining the purpose of the project is a good way to put the interviewee at ease as it reassures them that the interview is not a jumping-off point into allegations of misconduct, but rather to learn more about the company’s operations and distribution network and how they can be improved in the future. You should be personable, friendly and professional, and keep the tone of the interview conversational. If you follow these practices, you will likely set a positive tone for the interview whereby most individuals will feel comfortable sharing information. This contrasts with them feeling guarded and defensive, and afraid that something they say might imply that the distributor isn’t taking the proper precautions.

USE OUR EXPERIENCE IN SELECTING AND ONBOARDING SUPPLIERS AND THE PLATFORM TO MANAGE THEM

DISCOVER MORE HERE

What to examine

Much of the content of the questionnaire and the interview agenda will be dictated by the scope of items examined in the audit. When determining which areas to examine, companies must keep in mind the core questions of the audit. It is advisable to only ask for information that can be realistically obtained during the audit process. Companies must understand that there is a limit to the amount of information that distributors are willing (or able) to share.

Understanding the potential size and maturity of the distributors’ programmes can set the depth of information that is to be gathered. There is only a set amount of time and resources (of both the company and the distributors that are subject to the audit) and special attention to high risk areas that you’d want the most detail provided. The audit needs to be used to find out what distributors are doing in your company’s name as their actions can have an impact on your future.

You need to examine the following areas in varying degrees of thoroughness:

  • anti-bribery and corruption
  • government connections and interactions
  • potential or actual conflicts of interest
  • gifts, travel and entertainment
  • human rights
  • industry-specific risks (conflict minerals, HIPAA etc.)
  • export controls
  • information privacy and confidentiality
  • past or current infractions and investigations.

These are historically the most problematic areas for distributors that cause the most harm for companies. By focusing on these high-risk areas, the audit can help to prevent or detect misconduct.

Follow-up actions as a result of the audit

The entire audit process is essentially fruitless if there are no follow-up actions or changes to the distribution network after the information has been obtained. Distributors should be further categorised into a tiered risk ranking system of high, medium and low. Putting distributors into these lists can be an efficient way of determining who will be under increased focus and scrutiny.

The process of the distributor audit can seem daunting. However, when broken down into manageable sections with proper resources, the audit can help to identify, manage and mitigate the potential risks of distributors.

Explore how our products and services can help you manage risks and compliance. Visit at www.redflaggroup.com or email us at info@redflaggroup.com if you have any enquiries.

You may also like:

Developing and maintaining a policy lifecycle management system

Are your due diligence reports providing maximum value for your business

Identifying and avoiding weak links in your supply chain

Previous Article
Employee background checks: criminal history off limits
Employee background checks: criminal history off limits

A wave of legislation preventing employers from considering the criminal history of potential candidates is...

Next Article
Offset agreements and hidden compliance risks
Offset agreements and hidden compliance risks

Although often legitimate, offset agreements have been known to be used to cover bribes and kickbacks. All ...

Looking to build a perfect due diligence programme for your business?

Contact us