Auditing The Supply Chain in 2019: What to Know and Why

Much internal audit work has focused on financial transactions and controls. Now, many auditors are adding supply chain audits to their responsibilities. Supply chain audits present an “opportunity for internal audit teams to look at the supply chain organization and make sure they’re doing things to control costs and mitigate risk factors,” says Jonathan Eaton, practice leader with Grant Thornton’s national supply chain practice.

A first step is identifying supply chain risks. We’ve broken down some of the common ones below:

Working With Vendors and Third Parties

A supply chain audit should check that the organization is working with vendors that offer quality work at competitive prices and that it complies with relevant regulations, Because regulations limit the amounts National Grid can charge its customers, “there’s consistent pressure to be more efficient,”.

Contract Management

Once an organization’s vendors have been vetted and contracts are in place, the focus shifts to contract management. This often requires gaining clarity over which department—usually, purchasing or the business unit—is responsible for managing the contracts and monitoring vendor performance. This is a business decision; audit’s main concern is that ownership is clearly determined.

Inventory Management

For an asset-heavy company operating across multiple regions like National Grid, inventory and warehouse management is another key area.

Each year, the United Nation’s World Food Programme (WFP), serves more than 90 million people in more than 80 countries. They provide food to individuals impacted by conflict, natural disasters, and severe drought, among other challenges.  It’s critical that the food makes its way to the intended beneficiaries safely and timely.

Although it’s not strictly part of the supply chain, they’ll also test controls related to the distribution of food to individual beneficiaries, ensuring they receive the correct amounts for themselves and their families.  This typically includes confirming that the food is weighed throughout the process and checking the ordering processes to make sure the right amount of food is ordered and delivered.

Data Protection and Cybersecurity

Two-thirds of respondents to a recent survey by Crowdstrike said their organizations had experienced a software supply chain attack. Nearly all—90 percent—had incurred some financial cost, with the average price tag topping $1.1 million.

With many companies linking electronically to their vendors, the risks of such attacks increase, says Bernie Donachie, managing director and leader of the global supply chain practice with Protiviti. To test this, auditors can review what data is accessible and who has access to it.

Geopolitical Risks

Geopolitical conflicts can disrupt trade routes, while changes in trade agreements and tariff schedules can increase costs, or even force companies to identify alternate sources of supply. Internal audit can consider ways to mitigate these risks.

Challenges of Auditing Supply Chains

Even as supply chain audits have become more important, auditing them is challenging. First, there’s the number of processes, from purchasing to warehousing and contract management, contained within a supply chain. Due to time and resource constraints, audits often focus on one segment, which makes it challenging to get a holistic view. Moreover, because the processes are interrelated, identifying the root cause of a problem can require continual digging.

A sound supply chain audit requires understanding third-party risks, and that’s a unique skill set,. The auditor typically needs to understand both data and physical security, regulatory requirements, and the vendor code of conduct, among other functions.

Approaching a Supply Chain Audit

Supply chain audits can require visiting vendors, factories, and warehouses to, for instance, physically check the inventory and to make sure the business actually exists.

Because these risks can impact departments throughout an organization, such as legal and human resources, a cross-functional team usually is also required to identify, prioritize, and decide how to mitigate them, Eaton says.

Additionally, auditors also need to be well versed in current affairs, macro-economic trends, and trade agreements, among other subjects. If the U.S. pulls out of trade agreement, how could that impact suppliers?

Strong supply chain auditors understand the business and the environment in which it operates and can work with individuals across the organization who can help identify supply chain risks and develop response plans.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 59