The client had over 100,000 suppliers listed in their supplier master file and they wanted to work through that list and build a risk-based compliance programme to manage compliance risks.
The client had not previously conducted any supplier risk assessment and needed a risk-based approach to managing this project. The driver of the programme was mostly the UK Bribery Act to identify potential bribery risks in the supply chain.
The first problem was to sort through the supplier list and build a smaller list of certain suppliers in particular categories that might require a more thorough risk management process.
This process had to be documented and defensible as the client was under significant investigation with the DOJ and the UK SFO.
The project began with a risk roundtable: a facilitated meeting where members of the procurement, business, legal, finance, risk and compliance teams reviewed and discussed the supplier categories across the company for two days.
Over the next two weeks, via telephone, the team worked through a process of looking at each category of spend and assessing it for risk in the following areas:
- Human rights
- Conflict minerals
- CSR and product stewardship
About four weeks in total.
Why The Red Flag Group?
Industry Knowledge. We know our clients industry very well. In this case we were knowledgeable of the mining sector and being aware of the many different parties and operations involved helped us separate and follow different processes. Being aware of the and the industry made it easier for us to help define risk in their supply chain.
Knowledge on Risks. While the project started out looking at the risks associated with the UK Bribery Act and corruption risks, we ended up expanding the scope to be much broader and include several risk areas. While it fell short of the 30 risk areas that be commonly look at, there were several risks that the client included as part of this initiative.
Good Business Experience. If you are going to do a project like this - you need to have a global business vision. It is important to be able to identify supplier with potential risks within minutes. You need to be business savvy, understand the countries local and national laws, know your risks and be up to date with the ever-changing market place.
- Risk-assessment methodology that showed the basis upon which we risk rated the suppliers
- Risk-rating process on how we went though the process and how we documented the analysis
- Pivot tables of suppliers that can easily be manipulated for adjustments in tolerance
- Heat map of suppliers by country and supply code