For companies involved in trade, control of risks within the supply chain is of the highest importance. A well-structured due diligence process can be a very useful tool in your risk management arsenal.
In this article, we share valuable information on ways to apply due diligence to supply chain risk management. Thanks to Current Consulting Group for sharing with us some of their expertise.
Due diligence is a term familiar to many. Organizations rely on this process and its various methods to determine the fidelity and reliability of potential or existing business relationships, operational procedures, and people involved in both. This evaluation can be handy, but sometimes may be missing critical pieces. This can increase risks and lead to unwanted consequences. So, what nuances should you concentrate on when undertaking Due Diligence? We won’t overwhelm you with a huge list but focus on a few critical ones.
Warren Buffett is alleged to have said that it takes years to build a reputation and only a few seconds to destroy it. The questionable reputation of those with whom you do business may negatively affect your organization. Reputation is typically related to brands and people who represent them. Anything from a news article or a social media post to past or ongoing litigation and official complaints can have a damaging effect on reputation. Some of these factors can be easily uncovered through the search of publicly available information. Others require either subscription to proprietary databases or access to people with knowledge inside a specific industry or professional community. One would have to know where to look and whom to ask to help complete an evaluation of reputation and help minimize negative impact in the future. It is important to remember that most reputation related issues can be resolved successfully through closer oversight and close coordination with the third party. Please remember that strong contractual language is most useful when it allows for stricter proactive control and monitoring. A contract enforced after an incident is purely a reactive measure and cannot help avoid damage to reputation.
Even small to medium enterprises are building systems and processes which are increasingly complex. Consider, for example, an increase in losses due to the so-called “CEO email” scam. This is when a finance person in an organization receives an email allegedly from their company’s senior executive with urgent instructions to immediately transfer funds to an outside party to help complete a commercial deal. Scammers in these cases rely on weak redundant controls (secondary approver) over the release of funds to outside parties. We have seen multiple instances in which companies lost significant sums of money without much hope for recovery. It is prudent, therefore, to look at financial management and redundant approval process nuances if such could reduce the reliability of the organization with which you plan to (or already) do business. Several governments recently issued guidance to companies to help increase their internal controls to help avoid such scams. However, the application is inconsistent, and losses continue. As you can see, the fix is easy, but verification is necessary.
Compliance with standards
Organizations of all sizes and in many industries like standardizing their operations and processes. This is accomplished through initial alignment with international standards and then asking independent auditors to evaluate compliance and issue certifications. Yet, because operations continue after receipt of certifications, compliance often starts to slip – sometimes inviting very high and undetected risks. Here, we recommend an old and tried “trust but verify” method of due diligence to help avoid losses and conflicts. It shouldn’t be difficult for you to determine which of the certified processes maintained by your partner company are most important to your organization. You can then apply due diligence controls to review such critical processes. Your due diligence can be applied both momentarily as a one-time assessment and continually through process oversight. Please remember that it is riskier to wait for slip-ups because those could be costly financially, operationally, and from a reputation perspective.
We hope you’ll find these simple points useful. Just remember that many governments no longer tolerate the process of “ticking boxes”.
Author: Ilya Umanskiy, PSP, RAMCAP, MA, Senior Advisor at Current Consulting.
Current Consulting Group (CCG) is an independent management consulting firm that specializes in risk management and supply chain optimization in Asia, since 2007,