In this five-part podcast series, sponsored by Assent Compliance Inc. (Assent), I explore market impacts of emerging regulations on supply chain compliance and the supply chain professional. During the course of this series, I visit with several members of the Assent team to introduce the topic, look at Human Trafficking and Slavery (HTS), supply chain risk management programs, Corporate Social Responsibility (CSR) value propositions, the current state of responsible mineral sourcing and where all of this is headed. In this second episode, I visit with Jared Connors, senior CSR subject matter expert (SME), on how to institute a broader supply chain risk management program.

In 2019, under the Trump Administration, sanctions and a wide variety of other economic pinch points can be levied and changed on an almost daily basis. I asked Connors how this was impacting supply chain professionals. He said that previously the focus for supply chain professionals was on operational risk issues, this included “business continuity, quality lead time, availability, very similar procurement type risks to make sure that they can get the goods from suppliers they need to either assemble or manufacture or have assembled the products that a company is trying to put to market.” However, these operation risk issues have been overtaken by what Connors called “other peripheral risk issues, including regulatory issues addressing corporate social responsibility from human trafficking regulations, to environmental impacts and other similar corporate social responsibility issues.”

Yet Connors believes many supply chain professionals and companies are not addressing sanctions issues specifically involving Specially Designated Nationals (SDNs) and Potentially Exposed Persons (PEPs). Moreover, they are not evaluating their suppliers from the perspective “of am I even allowed to import goods from this company?” This has led him to conclude, “I think a lot of companies, are starting to realize that they’re leaving a lot of risk issues on the table and they are not sufficiently engaging.”

He provided the example of a CSR representative who might say something along the lines of the following, “I learned about this supplier months after the contract was signed and the procurement representatives said, I need you to address these risk issues that are out there. What do you mean we have risk issues out there with the supplier? We already have a contract. This puts the organization at a disadvantage to make sure that they are properly addressing engaging those risks with the suppliers.” Connors believes it is about setting expectations around the relationship, noting, “it just means that you might need to plant a seed with the supplier to make sure they’re clear on what the expectations are. Because oftentimes risk from the supply chain is nothing more than level setting on expectations.”

We then turned to risk assessments which are a key tool in managing your supply chain. One important way to think about risk assessments is to recognize that it is one data point that is continually refined with the additional data that you receive. Properly viewed this allows you to continue to refine information to narrow down a cogent list of the areas of risk which require your attention. In other words, this process allows you to determine the highest risks to your organization and manage those risks. This allows you to focus on your risk but in a cost-effective manner so that you are not spending time, money and your efforts on every risk, but on the key risks for your organization.

I asked Connors about the different ways to obtain information through the risk management process. He noted, “a lot of organizations will have their supplier management or supplier onboarding portals. You can start through very basic, oftentimes public information on a third party to determine your initial risk. This can be based on things like what types of materials they are producing for your organization, what is the risk associated with those types of materials, labor concerns, geographical risks, the amount of your spend, sole source suppliers and a myriad of other issues” which might show how vulnerable your organization is with a supplier if that supplier were to no longer exists tomorrow.

There are multiple ways to use information from your initial risk assessment. As you are gathering information on the supplier, you can further refine the focus areas you may need to address with the supplier. It may well be that you need to perform a  physical, onsite audit.

Yet even in that situation, Connors related, “oftentimes I find that corrective actions, for example, can be done long before physical audit. A physical audit can be used to actually assess if your supplier has instituted those corrective actions. If not, then then the auditor can go and focus on those things. Even for companies which cannot afford supply chain audits because they may have too large of a supply base or do not have the in-house capabilities to perform supply chain risk assessments”, Connors noted there are multiple “automated tools to help support that risk assessment.”

Join us tomorrow where we ask, ‘what’s your CSR value proposition’? You can check out more about Assent Compliance Inc. by clicking here.