We believe that a key component of managing foreign business partners, including vendors in the Supply Chain under the Foreign Corrupt Practices Act (FCPA), is the right to audit. While others have indicated that they feel such a right is not a key component, one thing we all agree on is that if you have that right, you must exercise it. We were therefore interested this week when Apple released its 2011 Supplier Responsibility Report. Apple looked at a variety of issues that affect its business relationships with its suppliers, these areas included training, protecting of workers, use of underage labor and social responsibility. The area which Apple audited that caught its attention was compliance.

In this Supplier Responsibility Report Apple set forth its audit protocols. We felt the Report provided a good outline of such an audit program and is useful for the compliance practitioner; whether following the FCPA, Bribery Act or some other similar legislation. Initially, Apple stated that it has a rigorous monitoring program to ensure its products meet the appropriate compliance conditions. Of the suppliers Apple audited in 2010, more than 40 percent stated that Apple was the first company ever to have audited their facility for compliance.

Audit Site Selection
Each year, Apple audits more factories across its supply chain base and audits all final assembly manufacturers every year. Apple also selects other suppliers based on risk factors, such as conditions in the country where a facility is located and the facility’s past audit performance, enabling Apple to focus its efforts where it believes it can have the greatest impact. As of December 2010, Apple reported that is has audited 288 facilities located in China, the Czech Republic, Malaysia, the Philippines, Singapore, South Korea, Taiwan, Thailand and the United States.

Audit process
An Apple supplier responsibility auditor leads every audit, supported by local third-party auditors trained to use Apple’s detailed audit protocol and to assess the requirements as specified in Apple’s compliance program. The audited supply chain vendors included final assembly manufacturers, component suppliers which manufacture parts, peripherals and components. Apple also audits non-production suppliers, such as office supply vendors and call centers which provide products and services, that are not part of the Apple manufacturing process.

Apple audits cross-reference data from multiple sites. It conducts interviews with employees, contract workers and senior management in relevant functional areas. Apple also conducts a physical inspection of manufacturing facilities and factory-managed dormitories and dining areas, as well as a review of records and relevant policies and procedures. Apple also believes that there may be cases where its audit reveals compliance in actual practice, but the underlying management system may not be strong enough to prevent violations. For this reason, the Apple audits include examination of the management systems, such as policies and procedures, roles and responsibilities and training programs, underlying every category in its compliance program.

Audit Review
After the audit is complete, Apple reviews all audit findings with the facility’s senior management team. When a violation is found, Apple requires that the facility implement a corrective action plan that addresses the specific violation, as well as the underlying management system. The company expects that all corrective and preventive action plans will be closed within 90 days after the audit. The goal is to drive each facility toward compliance with Apple’s compliance program, as Apple believes that this provides the best path to positive change over the long term. Apple also performs a follow up verification audit to confirm that actions have been executed, and collaborate with the supplier until issues are fully addressed.

If a facility’s actions do not meet its demands, Apple may have no choice but to terminate the business relationship. This final point was driven home by an incident which occurred during the audit process. Apple found one of its suppliers had engaged in an offer to bribe Apple’s audit team and Apple reported that it terminated its business relationship with that supplier. We certainly applaud Apple’s response to that incident.

While we congratulate Apple for having a compliance audit program as part of its compliance best practice, we further applaud Apple for actually performing the compliance audit AND making the final report available. This is very useful guidance to the compliance practitioner and demonstrates that a thoughtful and thorough program can be an integral part of any anti-corruption program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011

1 comments
Howard@OpenAir
Howard@OpenAir

It's great for Apple, but bad for other tech companies. If I were a tech company, and going into the DOJ, the thing I would least like to hear is "well, Apple actually conducts audits...why don't you?" This---in my opinion an "exception that proves the rule" situation---shows my premise, which is exactly what you said: don't have audit rights if you're not going to use them. One thing to remember also is the market power that Apple has. Apple can force these provisions down their suppliers' throats. When I was in-house, working at larger companies, we'd force suppliers into the same sort of contractual provisions, and at the same time, push back when someone tried to do it to us. This was commonplace. How many times do you think Apple has been audited by their distributors? And since most companies don't have the market power, time, or resources to do the type of audits that Apple does, in my opinion most companies should opt for more limited audit rights. Rights that only come into play if there's reasonable basis to believe a violation has taken place. It's easier to get into the contract, and it would likely satisfy that checkbox for the DOJ. Even then, I would guess that a majority of companies don't follow through even when there's a potential violation. And if they tried, I'd also be shocked if the violator allowed a real audit. Maybe I'm just cynical.