Many large businesses are battling to regain control of their supply chains. The lack of transparency due to off-shoring, myriad partnerships and poor data management means that a chief executive and their board can appear clueless when a scandal breaks. 
And break they do, as shown by the horsemeat scandal that swept across Europe, the collapse of the Rana Plaza factory in Bangladesh and Nestlé's discovery of forced labour in its supply chain.
Andrew Minton, Managing Director at Criticaleye, says: “If the CEO and the board are unaware of the risks, how are they expected to mitigate them? Often organisations don’t realise the inherent reputational danger that lies within their immediate and extended supply chain around the world. If executives don’t develop a strategy to deal with that, it can quickly become too late.”
The focus during the recent Criticaleye Global Conference Call: Reputation Management and Your Supply Chain was on how senior executives can show greater diligence in mitigating against such failures.
Here are four key points to emerge from the discussion:
1) Centralise Data
The single largest barrier to creating a visible, transparent supply chain comes down to having good information that is updated regularly. 
Richard Shoylekov, Group General Counsel at the FTSE 100 distributor of plumbing and heating products Wolseley, comments: “Business partner due diligence − knowing who your partners are − is important. It sounds easy but it’s about having the right system in place to ensure you’re not doubling up or missing something, and categorising them properly.
“IT systems and data on existing operations should talk to one another and allow you to extract data in a reliable way – we’ve had a challenge with that.”

The crux of the problem lies with fragmentation. Bruce Morrison, Vice President for Production Procurement at GlaxoSmithKline, says: “We have a presence in 150 countries, the best part of 50,000 tier one suppliers and 72 manufacturing sites operating on multiple ERP systems. The biggest hurdle to overcome is getting control of this complexity and understanding what you’re doing today. 
“I’ve been asking how many suppliers we have. Only now are we getting to the right answer; it’s taken us a year to get there.”
2) Prioritise the Risks
The sheer volume of suppliers, particularly those in tier 2 and 3, makes due diligence extremely complex for an international business.
Bruce notes that GSK has introduced Category Councils to ensure the organisation is choosing appropriate suppliers: “These are business-led as opposed to procurement-led and are an opportunity to debate why we are selecting a particular supplier or how we manage risk within a category,” he explains. 
A programme called Third Party Oversight (TPO) was also launched a couple of years ago. It’s company-wide and focuses on 13 different risks – including anti-bribery and anti-corruption, labour rights, health and safety, information risk and conflict minerals – across all external engagements with suppliers, distributors and companies in which GSK holds an equity stake. 
“In my area – the manufacturing organisation – we have 72 sites and about 20,000 tier one suppliers. Our goal through TPO is to assess all of those suppliers across the 13 risks by the end of 2017; to date we’ve assessed about 1,000 suppliers."  
Luke Wilde, CEO at consultancy twentyfifty, says that companies need to prioritise which supply chains require an in-depth assessment, although he acknowledges that it’s no easy task. “It’s important to explain how you’re doing that prioritisation in your reporting,” he explains. “Most sensible external critics will recognise when a company needs to make decisions about where it invests limited resources; it’s about having a good rationale to do that.”
3) Focus on Collaboration, Education and Enforcement 
Proper interaction with suppliers needs to take place. Amelia Knott, Director of Consulting at twentyfifty, says: “The focus on this area has increased. For many years there was a safety net, [companies] would simply put something in the contracts and that would be adequate. Now there is a recognition they need to go further.” 
Last year, GSK introduced additional training to develop employees so they can, if necessary, ask suppliers the right questions. “It’s no longer just left to a CSR representative or an auditor,” explains Bruce
While not underestimating the scale of policing companies across a global supply chain, it’s evident there must be greater responsibility for enforcing standards. Bruce continues: “Previously, there was a tendency to think that inserting the right clause in a contract would be sufficient; that has definitely changed. Legislation, such as the Modern Slavery Act, is encouraging us to further understand what we are doing and our approach in this area.
“The first point is making sure you’re sufficiently empowered to drive change. We’re fortunate that we have a Global Ethics and Compliance Team that sits within our executive committee, reporting into our CEO.” 
Given that the reputation of a business is inextricably linked to suppliers, there needs to be a clear and unambiguous set of expectations, argues Will Smith, Vice President for Property & Market Development at retailer Asda.  
“The way we do business has to be consistent,” he explains. “There’s one set of rules, one code of ethics and they apply internally and externally. There are no exceptions and there is no grey area. We communicate clearly through regular supplier briefings and training days… All suppliers sign up to our standard terms of engagement with the appropriate ongoing checks and balances – or there is no business.” 
4) Communicate With Stakeholders
Regulators, NGOs and other stakeholders want to see companies strike the right balance between margins and an ethical, sustainable approach to managing risk. 
Amelia notes that companies should be prepared to answer questions about their supply chains and work with external parties for the greater good: “The board might want to ask who your teams are talking to and what relationships they have with NGOs and institutions like the International Labour Organization (ILO), which has insight into the conditions within various supply chains.
“NGOs are willing to support companies that are genuinely trying to make a difference. They’re not expecting companies to solve the problem of modern slavery, for example, which is huge and would require multi-stakeholder action. It’s more about showing proper commitment to understanding where risks are in supply chains and making an informed decision about where to focus effort.” 
As ever, a company’s appetite for investment in systems and processes, combined with its ability to communicate with external parties, depends very much on the leadership within an organisation. David Horlock, Managing Director for Asia Pacific at standards body BSI Group, comments: “The CEO has to specify the direction of the company in terms of values and how to drive that with procurement, [suppliers], training and governance. 
“The CEO needs to state that, while price is important, there is a minimum criteria and [be clear on] what that entails.’” 

By Dawn Murden, Editor, Advisory 
What are your thoughts on supply chain risk? If you have an opinion that you’d like to share, please email Dawn at:
Find out more about Criticaleye's next Global Conference Call: Cyber Security – What Boards Need to Know with Justin Lowe, Cyber Security Expert at PA Consulting and Sigga Sigurdardottir, Head of Customer & Innovation at Banco Santander.