This is a transcription of our interview. You can watch the original interview here
Boris: Hello ladies and gentlemen and welcome to our interview with Jared Connors. Jared is a senior subject matter expert corporate social responsibility at Assent Compliance, which is the world’s leader in supply chain data management. Jared, thank you for taking your time coming to our interview today.
Jared: Thanks for having me, always a pleasure Boris.
Boris: Thank you, this is our second interview with Jared. We had the first one a few weeks back and we saw high engagement and decided to invite you for the second one.
Today we will do a deep dive into what an effective supply chain risk management workflow looks like and why so many companies are seeing the value in this practice, even before COVID hit us.
Jared, for those viewers who didn’t watch the first interview, can you perhaps tell us a little bit about what you and your team at Assent compliance are up to?
Jared: You bet, so Assent compliance is a software company that’s focused on supply chain risk management. We cover various topics from PAR compliance, regulations like ROSS and REACH, to Corporate Sociability Topics, conflict minerals, what I would call broader CSR which is things like bribery and corruption, labor practices, environmental concerns and we also have vendor management modules as well that cover things like trade compliance support. So basically soup to nuts in terms of supply chain risk management.
Boris: Let’s dive straight into your perspective on how remote look into a suppliers practice can be far more impactful than infrequent onsite audits. Although not formalized across the globe Corporate Social Responsibility has largely followed a process leading to onsite supplier audit. Can you tell us why it was like this?
Jared: Yes, actually we got into this a little bit in the first interview. So let’s get into a little more detail here. So I spent more than a decade doing on-site audits around the globe from, what I would call, supply chain to social accountability audits to equality audits, EHS audits, transaction-based audits, and more conflict mineral audits than I can shake a stick at.
And when you’re out there doing audits there are a few limitations that you have as soon as you go on-site.
Number one: everyone always tells you “you get three days on-site, that’s all you get.” And usually, you’re not allowed to come there right at 8 o’clock on the first day and you have to go through some interviews with the group so your audit usually starts a little late. And on day 3 they typically kick you out after lunch, so whatever you get to uncover around that time is for your gain.
And when you go through an audit you make observations, the whole point of an audit is observations. But the vast majority of the observations you’re making that can hold a supplier accountable to what you observe is what you see in written language, what you see in terms of policy practice, management procedures. So often times when you’re doing an audit, you’ll walk around the facility once or twice but the vast majority of your time is spent in a conference room looking at materials and conducting interviews.
And those sorts of practices are often viewed as secondary to the minimal review you do as an observation as walking around the facility. And contrary to popular belief, having done more audits than I could ever count in more countries than I can ever name, you never walk into a facility and see like the Indiana Jones movie where he had shocked to see the kids doing the mining in the facility, it never happens that way.
Very rarely if I ever made an observation, hundreds and hundreds of the audits I’ve done, that shocked me more than something that I recorded from a written word from transaction, gap and policy management procedure that was perceived to be the issue or could be the gap or be the issue that could cause stuff like that when you’re not there.
So often times even in unannounced audits, you have the ability to put your best foot forward. But that wasn’t necessarily the point that I was trying to make. What I’m trying to say is that a long time it’s been this perception you have to physically see what’s happening in a facility, yet the vast majority of what you’re doing is recording observation from the written word.
So companies say “why do I need to do that” when the most impactful corrective actions or things that I’m trying to plant the seed to make my supplier better come from things that I review, either transactionally or recorded from the procedure.
How effective am I possibly doing an audit on-site? And the next thing is that they say they can’t really afford to do these things all the time, you have a cadence that you’re doing on-site audits, you might be doing them annually, you might be doing them once every three years.
Especially for CSR because you can’t necessarily spend a resource to have someone there all the time, so the transaction reviews are very infrequent. The second thing is that giving your limited time there, you’re not able to really get into a real conversation with those auditees, and when you do you’re often doing that virtually anyway not being on-site.
So companies of by an large kind of looked at CSR audits and said “you know, physical observation is important but the real benefit is having an on-going conversation with the auditee and that’s usually over email or over a tool that says ‘here’s what I’m learning more about you as a company.’ So we can get into it a little more of that as we go here.
Boris: So what are some other approaches? Companies can’t exactly send representatives out and around the planet right now to audit suppliers on-site, is there another way to accomplish this? How do you think companies are going to follow this pass in today’s environment?
Jared: It’s really important to think about how you’re going to react for the business going forward, even before COVID. Companies were really looking into a better process workflow to evaluate CSR practices, and if you think about that, what that means, is that I don’t want to be sent to somebody who I perceive as high risk because they’re in a certain geography, or they represent a certain amount of spends or they’re a certain type of business. Those things are important for a risk assessment to say “should I do some evaluations on these guys” but they don’t necessarily reveal anything prior to your audit.
So what companies buy in large doing now for several years in fact and you see the smart money really putting a lot more emphasis on this upfront and less emphasis on a physical audit.
And at the backside of the workflow cause, they are saying “I can uncover, I can reveal things about those companies management procedures, I can reveal things about their policies that will represent a gap for me”.
And I can actually work with them so that I’m not sending an audit there to have the only finding be a policy because if you’re going to a facility and you are looking at things like policies and you’re finding gaps there, you’re going to spend a lot of time by the pool as an auditor. I used to say this a lot: “What did you do in Vietnam? What did you do in Malaysia”, well I spent a lot of time by the pool because every gap was in policy and I could be sitting on my lap looking at those particular gaps?
I didn’t need to physically observe, in fact, I can’t physically observe that because I need to understand what their approach to these topics is. I can’t observe bribery and corruption in a facility, it’s pretty hard to, but I can certainly observe a gap in policy.
So when companies go through that process, what they smartly do is they put in place a very robust workflow. There’s nothing wrong with having on-site audit in your workflow but the beauty of having a robust workflow that goes to risk assessment, that goes to a quality questionnaire and goes to corrective actions and provides you the opportunity to understand what you really need to be doing if you’re going on-site.
And what that also allows you to do with the evaluation, is it allows you to send people who may not be necessarily certified or trained in a particular discipline of the audit. “Wait for a second, Jared, what do you mean by that?” If I’m going through this process and I have a very robust workflow and often times questionnaires get a bad name, that’s because of the way that questionnaires are often written, they’re not written as yes or no questions.
“Do you have a policy on child labor?” Everyone is going to answer yes on that, but if you get into nuances of what those policies should entail then you really understand the practices of the organization from the questionnaire. And then when you go through to your corrective actions, you’re able to set the tone of what your expectation is. And I don’t even like to use the word “corrective action” oftentimes, I like to use “planting the seed” because what you’re trying to do is you’re trying to up-level or better your suppliers’ practices.
So when you actually do want to go to the audit, you know what you’re actually there to accomplish if you even need to get to an audit. So oftentimes what this workflow has been doing well before COVID, is calling down the numbers, reducing the numbers of third parties that I feel that I need to send an auditor to do because I’m actually addressing risk through policy up-level and I’m addressing risk through transaction detail logs like hiring practices I’m looking at, verifying documentation of my employees.
I can even conduct anonymous interviews of employees through virtual means if you will. So there’s a lot of things that companies have already been doing, and now in the COVID era you see all of these things coming out in the news.
Whether it’s the governor of India laxing on Indian enforcement issues with labor rights issues. Here in the US even, the EPA (Environmental Production Agency) no enforcement as long a company can demonstrate that their water and air pollution has been directly linked to keeping their business afloat during the COVID crisis, that’s just nonsense right there.
And also if you look at the articles that are coming out in South-East Asia of companies forcing employees to stay in factories and dormitories to quarantine to ensure that their workforce is still available to work.
Just imagine if we weren’t in this non-travel COVID era right now and imagine what NGOs could be observing around the globe during this. It’s kinda like 2008 during the financial crisis when we still had people traveling, just traveling and seeing things, as a CSR auditor I’ve never been busier in my life. Because of all of those NGO reports that were coming out, so if those companies that were relying exclusively on all that or didn’t necessarily engage in CSR evaluations of their supply chain because they thought audits were too expensive.
Those companies could get hit behind the left ear from a major issue that comes out. So imagine if your company is starting to recover and you’re seeing an uptick in business and everybody is going “yes, we’re coming out of it, we’re seeing light at the end of a tunnel” and then you get hit by a major reputational issue where somebody names you in an article or they make a link to you later on because of a particular issue.
Often times companies say “well I’m B2B so I’m never going to get named in an article by a NGO”. But that’s not necessarily true because you don’t have to get named for somebody to make that link to that company that is named.
Or even by proxy where you’re in a supply chain or your facility is in a region and that region is named is a hot spot for CSR issues, whether it be environmental or labor practices. By proxy you can have a reputational hit so if you don’t have a strong process to demonstrate, even if you are named, “well actually look what I’ve been doing”.
You can really have a major hit, financially, after the fact, even if you see a period of recovery. So those companies that are either forgoing CSR practices or saying that it’s too costly or that they don’t know how am I suppose to do it because they can’t get it on-site. They’re really rolling the dice for a major hit that could occur as the world starts to build back up.
Boris: Let’s summarize. If someone who is listening to this interview would like to walk away with 1 or 2 major takeaways, what would it be?
Jared: Sure, number one: I would develop your process before you start engaging your supplier. Sit down, take some time and think about what that linear flow looks like. It’s not always linear, sometimes you can go through things and look back into certain aspects.
Let’s say you’re doing a policy review, you might need to link back to the initial request to make sure that now you’ve got the grade you want essentially from your suppliers, paraphrasing here. But what I’m trying to say is its mostly linear as a flow, determined what that is don’t just say “I’m gonna do a risk assessment and going to look at the corruption perception index, which is so common in companies” and say “I need to audit that guy because they are in that country” or “I need to audit that guy because they represent a certain amount of spend”.
And the other thing is: don’t downplay the value of a good questionnaire. A self-assessment questionnaire can go a long way if written right. So really, what you need to think about there is what standards should I be basing that questionnaire off of?” “How do I really poke at somebody to learn more about their practices through questionnaires?” Rather than asking them the do-or-don’t questions, do you or do you not have a policy because you’re not going to get too deep. So learn what standards you can benefit from.
And the third thing is look at all of those different areas of risk that you can be assessing from within your supply base. Often times companies have a code of conduct and I encourage companies to go back and look at your own supplier expectations or code of conduct document and say: “here are all the things I want to hold them accountable for.” And then when you look at your self-assessment or your audit practice, are you really looking at all of those areas of the code of conduct? I would beg to differ, I don’t see that often. So all of those things should be covered in the standardized format.
And what that allows the supplier to do, especially if you’re following standards, is it allows them to use that same information for other customers. So that they can constantly repeat that information, so it’s not something that custom or unique or new just for you.
That’s something that there might be accustomed to from another customer who’s asking them details on trust, that’s the same exact questionnaire standard, labor practices, environmental concerns, all those areas of risk could be uncovered through that evaluation process.
So standards are really important to make your process more effective. And also think about what you’re trying to accomplish. I remember in my old days of doing audits, a VP would often come to me and say “Jared, you’re going to do 37 audits this year”. “Oh, really how did we determine 37 audits?” “Well because that’s what we have a budget for.”
So I’m being sent 37 weeks around the globe, that’s great, I would love to see home. But why am I going there? I’ll tell you from practice the vast majority of those audits, again I’ve spent a lot of time by swimming pools in a lot of different countries because I didn’t need to go to all those facilities or the conversation could be best served by a back in forth conversation through a tool, especially rather than just email.
To say “tell me more about your policies and practices so I can properly evaluate you.” Because oftentimes especially if in unannounced the audit, you’re not able to get into all those details because they have to drag out those documents from different sources.
Sometimes you’re at a facility and then you go ask corporate, or within a facility, they need to ask 14 different stakeholders and some of them are on vacation. So it’s really hard to get all that information but if you have, an ongoing review or an ongoing conversation oftentimes through self-assessment, you’d be surprised how much you can uncover with a proper procedure. And it also allows you to go through that process of feedback, planting the seed, “here’s what you can do to get better to make sure your company is protected and me, your customers are also protected, so let’s work together”. This isn’t looking down on little brother and saying you’re doing something wrong, it’s saying let's work together to grow so we can both have practices that ensure that none of us can get hit.
Boris: Alright, this has been a very informative interview. I wish you a good day.
Jared: Always a pleasure Boris, have a good day.