Classifying supplier risks in emerging markets
The client had over 100,000 suppliers listed in its supplier master file and wanted to work through that list and build a risk-based compliance programme to manage compliance risks.
The client had not previously conducted any supplier risk assessment and needed a risk-based approach to managing this project. The driver of the programme was mostly to comply with the United Kingdom Bribery Act by identifying potential bribery risks in the supply chain.
The first problem was sorting through the supplier list and building a smaller list of certain suppliers in particular categories that might require a more thorough risk-management process.
This process had to be documented and defensible as the client was under significant investigation with the United States Department of Justice and the United Kingdom Serious Fraud Office.
The project began with a risk roundtable: a facilitated meeting where members of the procurement, business, legal, finance, risk and compliance teams reviewed and discussed the supplier categories across the company for two days.
Over the next two weeks, via telephone, the team worked through a process of looking at each category of spend and assessing it for risk in the following areas:
- Human rights
- Conflict minerals
- CSR and product stewardship.
- Risk-assessment methodology that showed the basis upon which we risk rated the suppliers
- Went through the risk-rating process and how we documented the analysis
- Pivot tables of suppliers that can easily be manipulated for adjustments in tolerance
- Heat map of suppliers by country and supply code.
About four weeks in total.