Purchasing: how to manage supplier risk?

Don't take the subject of supplier risk lightly: when suppliers fail, your company suffers! As Parliament puts the finishing touches to the Duty of Vigilance Act, we explain how to get started, from responsible purchasing to e-reputation.

Reading time : 14 minutes

The

Provigis (French only)

At the beginning of February 2017, the Senate is due to consider the proposed Duty of Vigilance Act on second reading. ” This will be a significant and ambitious step forward for France on the road to strengthening corporate social responsibility (CSR) and, more broadly, respect for human rights and fundamental freedoms ,” said French Finance Minister Michel Sapin. This text responds to the need to take supplier risks into account, particularly in terms of CSR. In this area, the liabilities are considerable, particularly in the agri-food sector.

In its current version, the proposed law would require large French companies (with more than 5,000 employees in France and 10,000 outside France) to deploy a vigilance plan. The goal? Prevent and reduce risks and human rights abuses in their supply chain, since the companies concerned will be held civilly liable for damage they could reasonably have avoided. This could result in financial penalties of up to €10,000.

This vigilance plan will include :

  • Risk mapping to identify, analyze and prioritize risks;
  • procedures for regularly assessing the situation of subsidiaries, subcontractors and suppliers with whom we have an established business relationship, with regard to risk mapping;
  • appropriate actions to mitigate risks or prevent serious harm;
  • a mechanism for alerting and collecting reports on the existence or occurrence of risks.

This latest legislative development underlines the importance for every company of taking supplier risk seriously in its purchasing policy. From production delays to workplace accidents, boycotts and even bankruptcy, the consequences can be devastating. But not all companies are aware of this. A study conducted by the AFNOR group with insurer Generali in 2015 showed > see video extract that not all SMEs are well equipped to withstand shocks: 23% have implemented prevention and vigilance measures, without experiencing any failures, 64% have done so, either empirically because they have experienced an accident, or in an unsuitable way, and 13% have taken no measures at all.

A complex definition

But what exactly do we mean by “supplier risks”? According to Bruno Frel, head of the Purchasing theme at AFNOR, “. they are multiple and encompass consequences as well as causes. When mapping risks, the simplest approach is to start with the consequence and work backwards to identify and control the source. These risks often come under the heading of CSR, a concept that covers a very broad spectrum: ethics, human rights, child labor, the environment, consumer relations, and so on. “.

Some buyers find it difficult to include so many subjects in this definition; they exclude ethics, for example, or cite the cost of “responsible” purchasing as a reason for not bothering. But we can’t compartmentalize things, we have to look at the whole picture. Bruno Frel takes the example of an office chair: ” When you choose a model of better ergonomic quality, you know that it will cost your company more, but it will also enable you to reduce other costs: fewer musculoskeletal disorders, and therefore less absenteeism, better productivity and greater satisfaction. A buyer who is able to monetize these risks can easily convince his internal specifiers, his contracting authority or his management. “Of course, the difficulty varies from one sector to another, especially when the supply chain is long and includes suppliers from low-cost countries. According to a recent IBM study, 400 purchasing managers in Europe acknowledged that they did not have full control over their supply chain. Hence the importance of risk mapping!

Un accompagnement pas-à-pas

Un service que le groupe AFNOR rend aux entreprises de tous les secteurs grâce à son expertise des normes volontaires, son cœur de métier, normes faites par et pour ces entreprises, et qui servent de bases à des prestations de conseil, d’évaluation et de certification. « Nous pouvons ainsi accompagner une organisation du début jusqu’à la fin du processus », résume Bruno Frel. C’est chez AFNOR Editions que se trouve la première brique : l’offre OK Pilot.

okpilotCe service permet à une entreprise, via un questionnaire, de déterminer son positionnement et surtout d’identifier des axes de progrès, en l’occurrence en matière d’achats responsables. Plus en profondeur, on pénètre chez AFNOR Compétences, la filiale formation continue du groupe, avec de multiples stages, certifiants ou non. Mi-novembre, l’association Achats & Suppy Chain de HEC Paris a interrogé des acheteurs sur les achats responsables, et la moitié a indiqué de pas être formés. En la matière, AFNOR Compétences s’adresse aussi bien à un public d’acheteurs qu’à un public d’auditeurs des fonctions achats. Et c’est là la dernière marche : l’audit du service achats, un exercice qui permet d’identifier les dysfonctionnements et d’installer une démarche d’amélioration continue, rythmée par des audits réguliers. Au-delà de l’affichage d’un certificat en bonne et due forme, l’objectif est de progresser et faire progresser.

C’est ici AFNOR Certification qui entre en jeu. « Nous proposons des audits afin d’évaluer les fournisseurs sur site pour vérifier leurs critères sociaux via des référentiels internationaux reconnus tels que SMETA ou SA8000 », décrit Charles Baratin, chef de produit chez AFNOR Certification. Ceux qui veulent se positionner comme acheteurs responsables choisiront le label Relations Fournisseur Responsables (RFR), un label d’État dont AFNOR Certification est distributeur, et qui est arboré aujourd’hui par 37 entreprises françaises. Dont dernièrement Gutenberg Networks, une entreprise de communication graphique et numérique qui a ressenti le besoin d’afficher son engagement.

Responsible purchasing and anti-corruption

This label will soon evolve to be consistent with the future international voluntary standard ISO 20400 on responsible purchasing, announced for March 2017 > read here. As Isabelle Lambert, Project Manager at AFNOR Normalisation, explains, “. This standard will encourage general managers, purchasing managers and buyers to ask themselves questions about risks, which are seen as both opportunities and threats. A unifying force, it is eagerly awaited, as demonstrated by the unusual number of countries and international institutions on the technical committee – some forty – and the participation, at every stage of the process, of the UN, the European Commission and the OECD. “However, companies remain at the forefront of this issue, from which they can only emerge as winners, according to an Ademe survey of 19 purchasing departments of volunteer French companies in all business sectors, presented at the last Pollutec trade show at the end of November 2016: on average, they estimate that their return on investment in responsible purchasing took place within two years. The study also shows that a responsible purchasing policy enables companies to win market share and reduce their environmental impact, as Lesieur has done with innovative packaging, for example.

Another reference standard that serves as a foundation for a sound responsible purchasing policy, and more generally for supplier risk prevention, is the new
international standard ISO 37001
which provides guidelines for a good anti-corruption management system. It provides a set of instructions to ensure that the company, its staff and subcontractors do everything in their power to protect themselves against all forms of corruption,” explains Sandra Parot, Project Manager at AFNOR Normalisation, who contributed to the genesis of the text at ISO in Geneva. Based on the structure of major management standards such as ISO 9001 for quality and ISO 14001 for the environment, it systematizes exercises such as risk identification and employee awareness-raising. And to harmonize practices between subsidiaries within the same group. “When it comes to anti-corruption, it’s a useful tool for anyone with operations in high-risk countries, where bribes are commonplace…

A global issue

The recently published ISO 37001, which is > certifiable like ISO 9001 and ISO 14001The new “Sapin 2″ law on transparency and the fight against corruption, another risk against which companies need to protect themselves, both internally and as suppliers to dishonest firms, has given rise to a second round of legislation in France. A risk they are largely unaware of, as shown by a study unveiled on the occasion of Global Anti-Corruption Day on December 9: more than half the companies surveyed do not consider themselves adequately equipped to prevent and combat corruption risks.

ISO 20400, ISO 37001… To keep pace with the international dimension of risk management, the range of tools offered by the various AFNOR Group entities will evolve in 2017, as the Group is present in forty countries and cultivates commercial relations with a hundred or so. ” Our international subsidiaries will soon be offering a supplier audit service managed by our Shanghai office, which should gradually be extended to the rest of the world,” announces Bruno Frel. As a preliminary step, a study of the types of risk perceived and managed in different countries (France, Germany, UK, Italy, Russia, Morocco, Tunisia) is underway. To be continued in 2017!

3 questions to Bruno Frel, Head of Purchasing, AFNOR Group

How can companies prevent supplier risks?

Frel_BrunoAFNOR_Solutions_AchatsThere are at least three main categories of action. The first category includes internal measures such as employee training and awareness-raising, the drafting of a code of ethics with clear penalties for non-compliance, the setting up of a whistle-blowing system within the company or an external audit service. Second category: the work carried out during consultations on the choice of supplier and the questions to be asked about the product-supplier pairing in the specifications. This contractual document may be reinforced by general or special purchasing conditions. The third category concerns relations with suppliers: how can we assess them regularly, draw up a progress plan, and check that what they say is actually done? Not forgetting to check internally that the commitments made to them are respected.

Do SMEs and large companies face the same risks?

Small and large structures face risk in the same way, but the consequences differ. The former have fewer resources, but certain risks are better controlled. Often, they have no real purchasing function, and it’s the boss who makes the important decisions in this area. This simplifies the decision-making chain. What’s more, small businesses committed to responsible purchasing are more so than others, as they are driven by the strong convictions of their managers, who use this to differentiate themselves from the competition. However, VSEs and small SMEs generally have less capacity to absorb risk, and can sometimes go under in the event of a problem. On the other hand, large companies such as Shell, H&M and Nike, which have been singled out time and again, are bouncing back because they are so solid.

What developments can we expect?

Until regulations, especially European ones, get to grips with the subject. At the same time, voluntary approaches are being consolidated. For example, the RFR label, which began with a charter of ten commitments to be signed, now has over 1,600 signatories and some forty companies with the label! I’m a great believer in the future international standard on responsible purchasing, which should help to change many practices.

Watch the replay of our web-conference on sustainable procurement from April 12, 2016…


Repeated scandals

Supplier risk management method