SIMSA is an integrated Audit Management Platform based on the PDCA (Plan-Do-Check-Act) framework of operational excellence. It cuts out the bureaucratic layers of reviewers & approvers, therefore quick to deploy and intuitive to use. Its simplicity and mobility feature is the key factor for the buy-in from the operational staff. It can be used for self-assessments and tracking of corrective actions.

Category: Insights

Operational Excellence

Operational Excellence Audit: Keeping Excellence on Track

Operational Excellence in VUCA World

A rapidly changing and dynamic environment poses both risks as well as opportunities for the businesses. Therefore, the need for operational excellence is felt by the business more than ever. In the changing context, the focus of operational excellence (OE) is also shifting i.e., from heavily leaning on the Lean to creating a fine balance between Lean and risk management.

Considering the uncertainties and volatility that we face today, the likelihood of OE taking a backseat is very high. There are times, when the exceptions or deviations have to be allowed or short-cuts have to be accepted to meet the customer requirement. What is worrying is when the exceptions become the norms and the short-cuts become the acceptable practices, the productivity, quality, and safety start to suffer. Also, the organizations tend to be more siloed in the absence of clarity of direction. On the other hand, the new technologies, the professional outsourcing partners offer the opportunities to take the OE to the next level.

Operational Audit vs Operational Excellence Audit

SIMSA Operational AuditThe operational audits are focused on assessing the compliance to certain standards e.g. ISO, SOPs or regulatory requirement. The operational excellence audits help to identify the deficiencies, risks and opportunities for improvements, considering the end goal of customer satisfaction. In a nutshell the operational excellence audit enables the realignment of the operational goals, processes, measurement, people to the continuously changing priorities of the business.

While it may not be fair to apply “one size fits all” rule, the areas under the operational excellence audit remain broadly common to most operations.  The indicative areas and checkpoints are:

1. Customer (External / Internal) Satisfaction:

  • Understanding of the Customer Requirement at all levels, differentiated by the product category, market & channels
  • Measurement and visibility of customer satisfaction
  • Alignment of operational KPIs & target to the customer satisfaction goals
  • Streamlined order management process
  • Complaint resolution process effectiveness

2. Collaborative Sales & Operations Planning:

  • Monthly / weekly planning process to balance the customer demand with resource capacity
  • Collaborative and facts-based decision making
  • Collaborative review of operational performance indicators

3. Value Chain Integration (External Collaboration)

  • Joint business planning and performance reviews
  • Supplier managed replenishment of inventory
  • Zero receiving inspection
  • Direct delivery at point of use
  • Real time sharing of information

4. TCO (Total Cost of Ownership) Approach

  • Cost optimization uses cross-functional trade-offs e.g. production change-over cost and inventory carrying cost
  • Cost based decisions use all the visible and hidden cost elements e.g., cost of quality
  • Lifecycle cost

5. Leading Technologies

  • Process automation and Controls automation
  • AIDC (Automatic Identification and Data Capture)
  • Quicker change-overs, lower setup times & cost
  • Advanced planning & Scheduling
  • Data analytics & intelligence for faster & robust decision making

6. Health, Safety & Environment

  • HSE practices documentation and adherence
  • Events reporting & monitoring
  • HSE scorecard & record keeping
  • Regulatory compliance

7. Quality System Deployment

  • QMS documentation and leadership involvement
  • SOP documentation & compliance
  • Quality metrics review & continuous improvement
  • Quality improvement teams
  • Controls for minimization of scrap

8. Visual Management Deployment

  • Operations mission & performance objectives visible
  • Visibility of labelling & coding of product lines, inventory, equipment, & tooling
  • Color coding & differentiation
  • Control room showing status of total operation, customer order & order fulfilment visibility

9. Management of Complexity & Variability

  • Use of common parts, processes, & procedures
  • Simplicity & clarity of operations layout
  • Commonality of tooling & fixturing, equipment & tools,  support software & applications programs
  • Ability to handle variable demand, ability to eliminate controllable variations, to smooth demand, to handle supply chain, number of suppliers, not how complex but how complexity is handled

10. Team work, skill levels and motivation

  • Team problem solving capability & history
  • Employee willingness to talk about customers, products, & company;
  • Team meeting areas & performance charts
  • Training investments, educational support, coaching & mentoring
  • Information sharing, town-hall meetings, intranet access
Implementing the OE Audit

Operational Excellence Audits are the need of the hour to unearth hidden risks & opportunities. However, spending internal resources and doing it in a traditional way is no longer sustainable considering the shocks of volatility and black swan events. Using experts and automation of the audit checklist & workflow, reporting, analysis and improvements not only saves the time of over-occupied resources but also improves the governance and effectiveness of operational excellence.  SIMSA offers both technology platform and experts to help you institute and sustain the Operational Excellence program.

7 Tips for Preparing Checklist for an Operational Audit


Conducting regular audits can help the line managers identify problems as well as areas of improvement for efficiency, quality, accuracy, speed, compliance & safety. The heart of any operational audit is the checklist, which determines the effectiveness of the audit in unearthing the gaps & opportunities.

A checklist can be a simple yet powerful tool that can be used to stay focused  and ensure the entire scope of the audit is covered. A superficial & high level checklist just looks at the tip of the iceberg and address the problems that have already surfaced. The real purpose of the operational audits is to proactively identify and nip the problems in the bud, before these start harming the business.

So, how do we design a checklist that not only digs deeper but also provides a 360 degree view of the operations. Preparing audit checklist and the rating criteria are very important part of the audit preparation.

Tips for Smart Audit Checklists:
  1.  Align with the objectives and the scope of the audit: For example, the objective could be either identify the root cause of certain pain points or ensuring compliance to a standard. The checklist should accordingly cover those questions or points that are relevant for the audit as well as cover the entire scope.
  2. Apply PPT framework: PPT (Processes, People & Technology) are the key drivers of operational effectiveness. Each aspect of the audit should be evaluated from all the 3 angles of PPT. For example, the check point related to batch control in the warehouse should cover
    • Process of batch-wise storage including checks & controls
    • IT system to record the batch-level inventory
    • Training people on batch control procedures
  3.  Map checklist to the detailed activities and the process outcomes: In order to unearth the hidden issues, the checklist should mirror the activities and their impact on the outcomes of the processes. It ensures that all critical check points are included in checklist.
  4. Refer to appropriate standards or documents: The sources of information for the checklist could be:
    • ISO standards
    • Internal controls document
    • Risk assessment document
    • Previous audit observations
    • Key pain points & reported issues
  5.  Keep the check points manageable: A very long list of questions could dilute the focus from the core areas. Also, a long checklist may consume lot of time without adding much incremental value. Also the questions must be categorized under logical categories, so that results could be analyzed at the category or sub-category levels and not just an overall rating.
  6.  Sequence the questions in logical order: If you are auditing a large site, such as a manufacturing site or a warehouse site then the questions should be sequenced in the order of logical physical movement of the auditor. Otherwise, the auditor may end up wasting time in back & forth movement. For example, for a warehouse all the questions related to the security area should come together followed by the parking areas & so forth.
  7.  Review checklists periodically: The checklists should keep changing with the changes in the process, technology, reported issues & the risk profile. A process of periodically reviewing the checklist helps to ensure that it remain relevant and up to date. New questions may be added, and existing questions may be removed. A technology driven "intelligent" checklist reduces dependence on the experts.

In a nutshell, a well thought off and prepared checklist minimizes the risk of surprises and helps to identify the opportunities for improvement. So, have you reviewed your audit checklist?

Operational Audits: Tool for Continuous Improvement


Operational Audits: Tool for Continuous Improvement

Managing operations of any kind, be it manufacturing, logistics or services, is getting tougher by the day. Considering unpredictable scenarios, volatile environment and numerous micro and macro factors impacting the operations, it is unfair to assume that managers & people will have a razor-sharp focus on operational efficiency and effectiveness. When the pressure mounts, people tend to take short-cuts and make their own informal procedures which could be detrimental in the long run.

It reminds me of a case when we had a temporary problem with a regular transporter and had to allow non-contracted transporters to ensure timely delivery to the customers. It meant higher cost and a risk of working with unknown carriers. However, even after the regular transporter resumed normal services, the delivery staff continued to use non-contracted transporters on some pretext or the other. It was discovered when one of the vehicles of one such transporter went missing along with the products.

Need for the Operational Audits

The purpose of an operational audit is to improve the efficiency of day-to-day operations as well as identify risks due to non-compliance to the set procedures & policies. The audits provide a feedback loop to the operational managers based on the assessment of the effectiveness of the processes. These are not same as the internal audits, conducted by the audit department once or twice every year. The operational audits must be carried out as frequently as deemed important. For example, for a laboratory in the pharma manufacturing unit the, 5S audits may be required at a weekly frequency whereas the Contamination audits may be done once every month. For a warehouse operation, the cost efficiency audits may be done once a quarter while the stock audits may be required every month.

Operational Audits are different from Internal Audits

Operational audit programs are much more in-depth than normal internal audits. They do not look at how things are, they also look at how things could be. In one of the examples of the warehouse audit, the auditor discovered that the pickers are travelling to the same area of warehouse multiple times during the observation period. On further investigation, it was found that the orders are being picked individually for each customer order. However, the back & forth movement of the pickers for each order was not only inflating the need for more manpower but also slowing down the operation. The auditor recommended the change in the picking method to batch picking which led significant reduction in picking time & cost. From an internal audit perspective, there was no gap in the process but from the operational audit perspective, there was a significant opportunity for improvement. That is where the operational audits distinguish from the internal audits.

Another important aspect of the operational audit is that the auditors can be from the same team or the operational excellence experts from within the organization.

We already have Metrics in place to monitor and improve performance, then why Operational Audits?

Metrics and performance indicators are the outcomes and by the time the problems translate into visible outcomes, it is often too late. The operational audits are proactive in nature and used to isolate the problems right at its inception. Much before it is big enough to show up in the performance metrics.

A simple example from daily life is effect of your eating habits on the weight. Even though you measure weight on daily basis it may take many days or months before it starts reflecting on the weighing scale. On the other hand, if you audit what you eat and take corrective actions on daily basis, you can be assured about the positive impact on the body weight.

SIMSA Operational Audit
Structuring the Operational Audit Program

A meaningful operational audit program needs to be well-structured and planned to deliver effective results. The steps involved are:

  1. Prepare an Audit Plan:

    • Depending on the nature of operations, one needs to start with defining the key outcomes of the processes that are part of the operations. As mentioned in the examples above, for a lab operation, it is the maintain the hygiene and prevention of contamination that is critical, whereas for customer service operations, it is the accuracy and timeliness, apart from the cost that is important.
    • Decide whether all the outcomes can be clubbed in a single audit or divided into 2-3 different types of audits. The idea is not to make audit program too complex yet manageable. For example, for a warehouse audit the safety and compliance could be clubbed into one audit whereas the cost, service, and quality into another. Considering the higher risk associated with safety and compliance, it can be conducted more frequently as compared to the other audit.
    • A sample audit plan may look like:


    Audit Areas

    Need for Audit


    Audit Responsibility



    To fulfil the corporate policy of zero tolerance to safety and compliance
    Warehouse Manager


    To achieve the set cost & quality objectives
    Regional Logistics Manager
    Hygiene / 5S
    To prevent the contamination of product
    Warehouse Supervisor
    Customer Service



    To reduce the number of errors and increase the customer satisfaction score
    Operational Excellence Manager
  2. Define Audit Criteria or Checklist:
    For each audit type, determine the reference or standard to be used for the assessment e.g. ISO standard or Risk & Control Matrix. If you don’t have one, it can be developed as below:

    • Map the key activities for each process involved. For example, in warehouse operation the key safety areas include the movement of vehicles in the yard, loading & unloading operations, use of material handling equipment and storage of products.
    • Now, assess the risk involved in each area and the controls that need to be in place to mitigate the risk. For example, the risk involved in the movement of vehicles in the yard is the accidents due to reckless or high-speed driving. The controls that need to be in place to mitigate the risk are putting a speed limit signboard, putting direction and markings for vehicular movement, installing convex mirrors at the sharp corners etc.
    • Include all the important control points as the audit checklist. For each checkpoint, add the related best practice document or pictures that act as a guidance for the auditor.


    Risk Involved

    Risk Level

    Control Measure

    Guideline Document

    Moving Vehicles in the Yard
    Put Speed Signages
    Mark Directions for Vehicle Movement
    Signage - Size and Placement Guideline
  3. Implement the Audit Program:
    • The implementation requires communication with all the stakeholders and getting their buy-in. The stakeholders’ alignment becomes easier if the audit objectives are aligned to the business or functional objectives, as shown in the step 1.
    • It must be communicated that the purpose of the audits is to drive continuous improvement and not to find faults with the auditee
    • Select a suitable tool e.g. SIMSA, to minimize the manual efforts in managing the audit program
    • Train the personnel responsible for conducting the audit on the process as well as using the tool
    • Make a calendar of audits for each site, in agreement with the auditors and the auditees

    Audit Title




    Warehouse Safety & Compliance Audit
    Site ABC
    From dd/mm/yyyy to dd/mm/yyyy
    John Smith
    Site XYZ
    From dd/mm/yyyy to dd/mm/yyyy
    Jane Doe
  4. Monitor the Audit Program:
    Any program not subjected to periodic monitoring and review is likely to fail and the audit program is no exception to it. The purpose of the audit program review is to ensure:

    • Whether the audits are happening as per the calendar?
    • Whether the reports are shared in a timely manner with all the stakeholders?
    • Whether there are corrective actions in place for all the observed gaps?
    • Whether the corrective actions are being closed in a timebound manner?

    Monitoring an audit program can become extremely cumbersome without a dedicated tool like, SIMSA, which can not only pull all the information on click of a button but also send automated reminders to people, should there be any backlogs. The visibility of the status of the audit programs instils the seriousness and accountability in the organization

  5. Improving and refreshing the Audit Program:
    In a dynamic environment, it would be naïve to assume that the risks, controls and audit criteria once decided can be used for ever. As the business priorities change or there is a change in the risk profile or the nature of controls, the audit program must be altered to accommodate these changes. Also, if certain deficiencies were found in the previous audit program, the same should be rectified. This approach aligns with the PDCA (Plan-Do-Check-Act) framework of operational excellence.

Source: How to Conduct a Quality Internal Audit, Seetharam Kandarpa

SIMSA Operational Audits

It is obvious that operational audit is one of the important levers of continuous improvement. Unlike internal audits, the operational audits are proactive in nature because the focus is not what is not right but what could be done better. However, it has been seen that in most organizations the operational audits are missing or done in an adhoc manner. Therefore, it does not translate into any visible improvements. A well structured operational audit program supported by technology like SIMSA, can be an important tool in the hands of operational managers to drive the operational excellence.

Sales Channel Audit – Key to Customer Success


Sales Channel Audit - Key to Customer Success

The network of sales channel partners not only provides a conduit for the flow of products to the end customers but also enables implementation of various sales programs. Imagine if the conduit is leaky or damaged, do you think your end customers would be satisfied? Which option is better - repair the reported leakages or proactively prevent the leakages?

Often the channel partners are treated as the money making machine. The sales is pushed through the network, irrespective of its capacity and capability. Sooner or later the cracks in the channel network start to appear resulting in leakage of revenue, efficiency and even compliance risks in many cases. A company needs to pay as much attention to the health of the sales channel as to its own business.

Role of Sales Channel Audit

A well structured sales channel audit provides a basis for the health check of the channel. It functions as a documented record of all your sales channels processes, operations, assets and compliances. It helps to identify the bottlenecks and roadblocks for increasing your sales, improving efficiencies and maximising the ROI for the channel partners. The channel audit highlights what you do well and areas where you can improve. By focusing on those areas of improvement, you gain a significant advantage over your competitors.

The key benefit of the sales channel audits are:

  • Growing your market by identifying unaddressed geographies & segments
  • Benchmarking your sales processes, programs and strategies with competitors
  • Improving the processes & capabilities of the channel partners to grow the sales faster
  • Ensuring compliances to the regulatory requirements and company's policies
  • Providing a better ROI to the channel partners as compared to the competitors
Approach and Scope of Sales Channels Audit

It is very important to define the scope of sales channel audit. There are various approaches for defining the scope:

  1. Comprehensive: This approach requires covering all processes and operations of the channel partners. It provides a thorough and in depth understanding of the effectiveness of the process, gaps and potential improvements. However, these audits are resource and time intensive. It may also lead to interruptions in the operations impacting the sales. This approach is useful if a company does the channel audit first time or once in 2-3 years.
  2. Risk-based: This approach priorities the processes based on the risk assessment or based on the reported issues from the sales team or customers. It helps to focus on the areas that are of prime concern to the company and therefore has a better return on the investment in resources used for the audit. It also allows to conduct the audit more frequently and better attention from all the stakeholders for taking the corrective actions.
  3. Differentiated Approach: This approach requires segmenting your channel partners based on the value or geography. Each segment of channel partners may have a different set of processes and therefore the risks involved. A differentiated approach leads to even sharper focus and better insights.

The right approach would depend on the maturity level of a company in the channel partners management. At the low level of maturity, a comprehensive approach is preferred and as the understanding of the channel improves, one can move to the risk-based or differentiated approach.

SIMSA Operational Audit

The next most important aspect of the channel audit is to identify the scope, based on the approach adopted. Typically, the areas that are included are:

  1. Market Coverage and Service: A channel partner who is interested in short term profit may not focus on the markets or customers that are growing but not yet profitable, leaving gaps for the competitors. Also, ensuring the complete assortment and placement of the products on the retail shelf may not adhere to the laid down norms or policies. The common gaps observed in this area are:
    • Missing out certain outlets or visit beats to the outlets
    • Improper placement of the products on the shelves
    • Not having assortment according to the norms for a category of outlet
    • Out of Stock products ordered by the retailers
    • Product damages in the outlet
    • Poor merchandising
  2. Incentives, Rebates and Claims: Lot of leakage and abuse of money budgeted for incentives & rebated may happen if proper controls are not in place. The key control gaps observed in this area are:
    • Claims and payments made on sales to ineligible end-customers
    • Products procured from unauthorised sources
    • Products claimed ineligible for volume rebates
    • Claims on products subsequently returned
    • Product claimed across multiple programs
    • Inappropriate use of Market Development Fund
    • Duplicate claims
  3. Internal Processes: The effectiveness of internal processes of the channel partners has a direct impact on the outcomes. However, the channel partners may not have the skilled resources, a great infrastructure to ensure or technology to enforce process and quality standards. It results in inefficiencies, wastage and losses, which in turn leads to lower ROI for the channel partner and bottlenecks for the sales growth. The common control gaps observed in this are:
    • Obsolete or expired stocks due to lack of adherence to FIFO or FEFO policies
    • Inventory losses on account of lack of cycle counting process
    • Poor hygiene and upkeep within the premises and surroundings
    • Poor handling and Product damages
    • Inadequate storage infrastructure
    • Inadequate record keeping, checks & controls
    • Lack of system for handling customer complaints
    • Improper record keeping, documentation and MIS
  4. Compliances: There are whole of compliances that are required for doing business in a country or a region. The compliances include the legality of place from which the channel partner is operating from, tax compliances, human resource compliances, storage compliances, regulatory compliances with respect to the specific products e.g. pharmaceuticals, food, hazardous goods etc. The problem is that many channel partners are either not aware or not updated on various compliances. It could not only have an impact on the continuity of the business of the channel partner but also the company's image & business continuity.
  5. People / Sales Force Management: A sales business is as successful as the quality of its sales resources. Due to various constrains, most channel partners don't have the most skilled resources. Also, the employee churn is also high leading to gaps created due to learning curve. Most channel partners do not have structured training programs or modules that can help to bridge these gaps. The key areas to be checked for people management are:
    • Process for selecting, onboarding and training new employees
    • Standard Training modules for training on product knowledge, systems & processes, selling skills, communication skills, IT skills etc.
    • Employee welfare and engagement programs
    • Handling of employee grievances & complaints
Structuring an Effective Channel Audit Program

Structuring a channel audit program requires strategising, planning and execution capabilities. A well thought through program delivers better outcomes as compared to the ad-hoc audits. It should not be merely a paper exercise. The key steps are:

  1. Classify your channel partners based on the revenue, sales region and product portfolio.
  2. Map the risk profile for each category of the channel partners.
  3. Based on the risk profile decide the scope and frequency of audits. Prepare a calendar of various audits.
  4. Communicate the audit plan with the stakeholders.
  5. Identify the audit resources required for conducting the audit and determine whether these have to be outsourced.
  6. Prepare checklists covering the specific areas as determined in the scope of each audit. Remember, each checklist has to be tailored to the risks identified for each category of channel partner.
  7. Get the channel partners' buy-in and integrate them in the audit program.
  8. Have a robust mechanism for planning corrective actions for the gaps identified in the audit and tracking of the deadlines for each action point.
  9. Use a technology platform to manage the end to end audit workflow and provide complete visibility on the gaps and corrective actions to both you as a customer and the suppliers. The technology helps you to save time, efforts in putting together and tracking the information and it at the same time it ensures consistency throughout.
  10. As the improvements are realised, review the audit program i.e. frequency, checklists etc.
SIMSA Operational Audits

The channel partners' audit is a mean to de-bottleneck sales processes and prevent leakages of revenue & efficiency. A differentiated and risk based approach should be adopted for a sharp focus and targeted improvement. A structured process should be instituted for sustainable and continuous improvements. The use of modern technologies to automate the workflow along with analytics is highly recommended.

Supplier Audits – Key to Mitigate your Supply Chain Risks


Suppliers are the key source of competitive advantage for any business. Your quality, efficiency and service delivery significantly depends on what kind of suppliers you have. Having selected a good and competent supplier doesn't guarantee a perfect partnership. Even the best suppliers can fail or falter depending on a situation. The classic case study of how Ericsson lost months of production due to fire in the microchip plant of Philips, highlights the importance of continuous engagement with your critical suppliers.

Supplier audits have been used as tested tool to ensure that the suppliers not only consistently deliver high-quality materials, ingredients or services but also taking steps to identify and mitigate future risks. Leveraged correctly, supplier audits can identify, address, and prevent problems in a supplier’s product quality or processes before the problems spread.


  • Ensuring suppliers are complying and working to the industry standard, regulatory norms and professional ethics
  • Identifying risks in your value chain before they become a problem and jointly working on the mitigation plan
  • Helping your suppliers with guidance on development on critical areas and performance improvement
  • Enhancing the communication between the manufacturer and supplier
  • Improving your sourcing strategy and decisions
SIMSA Operational Audits

Supplier audits is not a one time activity but has to follow a structured approach aligned to the sourcing strategy.However, there are certain stages of the supplier lifecycle management that definitely require the audit interventions, irrespective of any sector or business.

  1. Introducing a new supplier:
    If you don't have a past experience of working with the supplier or don't have enough verified information about supplier in terms of quality, delivery, or service, & other aspects of performance, makes that supplier a risk for your business. If these risks are significant for the business, then the supplier must be audited by a cross-functional team consisting of procurement, quality, production and finance experts. The audit scope should cover all the areas e.g. quality, manufacturing process, compliance, financial analysis, supply chain, operations excellence. It would not only ensure that the supplier is fit to meet your business requirement but also identify the areas of future development and relationship.
  2. Problem with an existing supplier:
    If an existing supplier is not performing to the desired level of expectation, a detailed audit may help to identify the root cause of the problems in the processes, human resource or technology. Sometimes, it is the lack of understanding of the requirement by the supplier of communication gaps between the manufacturer and supplier could be the cause of the problem. Such audits are highly focused on addressing specific problems and need not cover all the aspects of the supplier relationships.
  3. Developing existing supplier for a new material or service:
    If you plan to develop your existing supplier for a new line of materials or services, an audit may help to identify the key areas of support required by the supplier. It also help to assess the readiness of the supplier to supply the new materials and potential risks associated e.g. the new equipment ordered by the supplier may get delayed or supplier's capacity may get constrained and impact the existing services.
  4. A supplier is critical for your business continuity:
    Preventive audits are necessary if a supplier is critical to your business, for example, the supplier is highly regulated and would be shut down due to non compliance. Or, an incident at supplier's place can impact your production (Ericsson-Philips case study). Even if the critical supplier is performing well, the high risk and criticality of the supplier to your organisation means you must continuously assess its processes and other capabilities.

There is no "one size fits all" approach to supplier audits and each audit is driven by the objectives and risks under consideration. However, at broad level the areas covered under the audit are:

  1. Risks Management:
    You would like to be assured of the supplier's process of identifying and mitigating risks in its value chain. The suppliers who have a business continuity plan in place and update it periodically are much more valuable than who don't. This area of audit becomes very critical if your dependence to the supplier is high and do not have alternatives. For example, in pharma industry it takes lot of time and cost to get regulatory approval for a supplier of a critical ingredient. The questions that must be answered are:

    • Whether the supplier has mapped its valued chain, identified the risks and assessed the impact on the business?
    • Has the supplier identified the potential disruptive events and got the disaster recovery plans in place? If yes, what is the time to recovery for each of the likely event?
    • How frequently the risk assessment is updated and if it is reasonable enough keeping in mind the changing environment?
  2. Operational Processes:
    Audits should assess the processes & systems that are affecting the performance of the supplier and ensure action is being taken to address the gaps found. The processes involved are:

    • Quality Management
    • Manufacturing
    • Equipment Maintenance
    • Design & development of new products
    • Safety & Security
    • Inbound operations - procurement, receiving, storage, inventory management
    • Outbound operations - finished products storage, inventory management, dispatches
    • Customer service - order fulfilment, complaints management
    • Documentation

    The auditor need to assess whether there are SOPs defined for each process, if the SOPs are followed and the checks & controls implemented in the critical processes to detect any deviation.

  3. Compliance:
    Compliance to the regulation and professional ethics is essential for the business continuity. The typical questions that must be answered are:

    • Has the supplier clearly identified the complete list of regulatory requirements that must be met?
    • What are the supplier’s internal processes to ensure those regulatory requirements are being addressed, maintained, and improved on?
    • Whether the roles and responsibilities are defined within the organisation for ensuring the compliances?
    • Whether there’s independence within the organisation to resolve any compliance or regulatory issues quickly by senior management and leadership?
    • Whether there’s an effective, robust process in place to add or update the existing regulatory requirements?
  4. Performance Management:
    The focus on innovation, performance management and continuous improvement helps an organisation to become efficient and overcome business challenges. It is not just the supplier but you as a customer may get the benefit of their efficiency and innovation. As part of the audit, you may want to assess:

    • How does the supplier measure their performance on various aspects of business and operations?
    • What are the benchmark standards used for comparing the performance?
    • Which techniques of continuous improvement are used ?
    • What is the role & involvement of people at various levels in continuous improvement?
    • If there is a well structured innovation & product development process and how effective is the process?
  5. IT Security:
    If you have shared your proprietary information, designs or technology with your supplier as part of the agreement, you may want to ensure that information is secured with the supplier. Therefore, you would have a periodic assessment of their IT policy; what security protocols have been implemented; how frequently vulnerability and penetration tests are conducted; how the gaps identified are closed. While the supplier may have signed a legal non-disclosure agreement, it may still make a sense to prevent such breaches at the first place rather than going through legal process.

A common failure in a supplier audit program is turning it into a paperwork exercise, listing all sorts of documentation and exercises in an audit report without much focus on the recommendations for improvement. As the resources required for conducting the supplier audits are limited, therefore, the approach adopted must be both effective and efficient. A risk based approach is recommended in identifying which suppliers have to be audited, how frequently to be audited and what is the expected outcome of each audit.

Given the risk profile of each supplier, some suppliers may be required to be audited at least once a year while others may be once in 2 or 3 years. The key steps required to structure the supplier audit program are:

  1. Map all the suppliers and assess the criticality of each depending on your dependence a supplier and the potential impact of the supplier's failure on your business.
  2. Prioritise and identify the suppliers for including in the supplier audit program.
  3. Evaluate the past performance and issues of the suppliers and impact it had on your business.
  4. Depending on the criticality of the material being sourced and past performance, determine the periodicity and scope of audit for each audit. Prepare a calendar of supplier audits.
  5. Determine the criteria and standard ( e.g. ISO, OSHA) to be used for each audit.
  6. Identify the audit resources required for conducting the audit and determine whether these have to be outsourced.
  7. Prepare checklists covering the specific areas as determined in the scope of each audit. Remember, each checklist has to be tailored to the risks identified for each supplier.
  8. Get the suppliers' buy-in and integrate them in the audit program.
  9. Have a robust mechanism for planning corrective actions for the gaps identified in the audit and tracking of the deadlines for each action point.
  10. Use a technology platform to manage the end to end audit workflow and provide complete visibility on the gaps and corrective actions to both you as a customer and the suppliers. The technology helps you to save time, efforts in putting together and tracking the information and it at the same time it ensures consistency throughout.

The supplier audit is a strategic tool to identify and mitigate risks in your supply chain for business continuity planning. Given different nature of risks associated with each supplier, "one size fits all" approach does not work. Instead a risk based approach must be adopted to determine the scope and periodicity of audit for each supplier. Next, the buy-in and early involvement of the suppliers in the structured audit program is essential for the successful outcomes.

Supply Chain Risks & Audit


Integrated Approach to Supply Chain Audits


The conventional approach to Supply Chain Risks Management and Audits is inadequate to address the ever-changing risk profile of the entire value chain. The audits within the four walls of the organisation doesn’t present the true picture of all the risks the business is exposed to. In today’s connected and dynamic world, an integrated risk-based approach is required.

In the last few years, a number of businesses have been caught by surprise by unforeseen supply chain disruptions across industries ranging from pharmaceuticals & consumer goods to electronics & automotive. Even if we discount the year 2020 as an exception, according to BCI report 2019, about 42% of the companies surveyed experienced at least 1 to 5 supply chain incidents that led to significant disruptions in 12 months. The worrying fact was that almost 22% of the companies surveyed had no idea of what may have caused the disruption in their operations.


Supply Chain Disruptions

Almost 75% companies surveyed have faced at least one disruption in 12 months preceding Covid

The major impacts of the disruption, according to the report, are:

  • Loss of Productivity (50.3%)
  • Customer Complaints (41.5%)
  • Increase in Cost of Working (39.9%)
  • In Loss of Revenue (36.1%) mmm

The Covid pandemic has led to a greater divide – the business with proactive supply chain who rebounded much faster than the businesses with not so proactive supply chain. It has thrown the light on importance of supply chain risks management & business continuity planning for business sustainability. There has never been a greater need for supply chain transparency. Understanding the importance of governance, monitoring mechanism & visibility of controls effectiveness are necessary to mitigate risks in supply chain.

Sources of Supply Chain Risks

The sources and types of supply chain risks may vary a lot depending on each part of the value chain.

The key sources of the supply chain risks are the external environment and internal operations. The external risks e.g., acts of terrorism, critical labour stoppages and port closures, infectious diseases, and natural disasters, cause high levels of concern and are less controllable.

On the other hand, the internal operations risks that involve quality assurance, IT security and uptime, compliance with regulatory requirement, sustainability, health and safety, conflict minerals etc. are much more controllable. The occurrence and impact of internal operational events go unnoticed most of the time and therefore, offer a greater opportunity for improvement through better governance.


The supply chains are increasingly becoming vulnerable to risks. There are multiple factors contributing to the supply chain vulnerability e.g. globalization, outsourcing of operations, stringent regulatory compliance, higher workforce turnover, inadequate transparency & visibility etc.

Role Supply Chain Audits in Risk Management

Supply chain audits present an opportunity for the companies to look at the supply chain processes and operations to make sure they’re doing right things to control costs and mitigate risk factors. Conventionally, supply chains have been audited by the internal audit function – once or twice a year. Given the increasing uncertainty and increasing instances of disruptions, the traditional internal audit process is not sufficient to assess the effectiveness of risks mitigation controls.

The approach needed for the keep pace with changing risks involves:

  1. Frequent updation of the Risks in the value chain:It may seem to be daunting task to keep a track of what has changed. Use of AI and ML technologies could be immense use to track events across the world can help to quickly update the risk profile of a supplier, contract manufacturer or supply network.
  2. Prioritization of Risks:Given the complexity involved in tracking and mitigation of risks, the companies must identify high risk areas in the value chain that requires closer monitoring. The audits should focus on the risks that has higher likely impact on the business. As the confidence level on certain risk control measure grows, the priority may shift to the next in the order of risk level.
  3. Frequent Audits:Audits should not be once in a year activity but be perpetual so that the gaps could be identified much earlier before they cause any disruption. Such audits have to be dovetailed into the operations e.g.
    • Daily Gemba walk in manufacturing plants and warehouses by the site managers
    • Monthly self-assessment by the site teams on the critical checkpoints
    • Use of technology for visibility and integrated workflow management based on the PDCA (Plan-Do-Check-Act) framework, that is quick to deploy and easy to use for the site teams.

    There are many audit tools available in the market, but most cater to the automation of the conventional internal audit process. This makes these tool too elaborate & complex with multiple level of reviews & approvals, and therefore, cannot be used for the periodic self-audits. SIMSA has broken the conventional thinking on the audits by making the technology available on mobile and does not have too many steps involved to schedule & conduct the audits followed by planning & tracking corrective actions.

  4. Remote Audits and Real Time Audits:Covid had put restriction on conducting physical audits but, at the same time opened opportunities for the use of technologies for conducting remote audits. Also conducting perpetual audits across various supplier, third parties and manufacturing locations is practically not feasible with physical audits. While still at a nascent stage, the future lies in conducting audits using Augmented Reality and IoTs based data analytics for risk assessment.
  5. Automation of Controls:Using the IT / control towers for monitoring the key drivers and triggering self-corrective actions may obviate the needs for the conventional.
Integrated approach to Supply Chain Risks and Audits

No supply chain audit program can be “internal” in the true sense. With increasing level of outsourcing, the involvement of the suppliers and third parties absolutely must for an audit program that really addresses the supply chain risks proactively. However, if each organization in the value chain follows a silo approach for the audits keeping in mind the organization specific objectives & risks, it may lead to sub-optimal results, duplication or missing out on certain areas.

An integrated approach to the audits, keeping in mind the overall objectives of the supply chain and risks in the extended value chain, is required for prioritization and scoping the extent of audits. Many procurement and logistics professionals (who deal with the 3rd parties) tend to take refuge in the contractual terms and liability clauses for certain risks, and therefore, follow the hands-off approach. One must realize that the financial penalties or liabilities may not compensate for the loss of image, reputation or customers’ confidence.

Given the spread and extant across geographies and organizations, no supply chain audit is “internal” in true sense. The outsourcing of operations doesn’t imply outsourcing of risks management.


While supply chain risks are becoming greater headaches for everyone, it requires a different approach to manage risks. The conventional internal audit programs are inadequate to proactively identify, assess and mitigate risks, as the supply chain risks are dynamically changing. A perpetual, integrated and collaborative approach across the value chain, making use of modern technologies, is the need of the hour for effective supply chain risks management.

Internal Audit: Keeping Pace with Changing Time


Optimism Bias towards Risks

Humans, by nature (at least a large percentage) are optimistic about future. But this optimism becomes dangerous when it leads to the belief that "it won't happen to me". That's why many people are under-insured, overspeed on the roads or walk freely without masks & precautions during Covid pandemic.

The same optimism bias translates into the approach towards managing risks in the business. Which parts of the business have the maximum exposure to the risks? No points for guessing right - Supply Chain and Finance. While a structured framework of identifying and controlling Financial risks exists in every business, the Supply Chain risks are left to the fait accompli. The reason is the optimism bias, "It never happened to us, why should we even bother", until one day it happens. The "long term" risks management loses the battle to the "short term" costs savings, when it comes to choosing one over another.

Why Supply Chain is a major source of business risks?

What percentage of end to end supply chain is controlled by one company? Hardly much!


With increasing outsourcing of Supply Chain including the manufacturing operations, the extent of direct control of the focused firms is continuously reducing. There have been number of instances of violation of compliances and norms by the contract manufacturers and outsourcing partners, leading to both loss of business and reputation.

The reasons why Supply Chain is becoming a major source of business risks, are:


According to a study done by Supply Chain Insights LLC, the factors contributing to the. supply chain risks have changed over last 5 years. According to the study, in 2013, 80% of the supply chain leaders accepted to have been impacted by, on an average, 3 material disruptions. The source of most critical risks in the near future will be from Operations Complexity, Regulatory Compliance and Geo-politics events.


How should one prepare for disruptions?

1. Shed Optimism Bias: This step requires a "foresight" into the changing environment and its potential impact on the entire value chain. The value chain includes your tier 2, tier 3 suppliers if these can't be easily and quickly switched-over to the alternative sources. These risks may have profound impact on the strategic supply chain decisions e.g. how many and which suppliers, logistics partners you will have for a category, the design of distribution network, location of the supply chain facilities, the inventory holding etc.

2. Identify Risks in Operations: Map the processes so that you have visibility of what happens in your operations. Process mapping is a useful tool for risk assessment and continued risk management by enabling business owners to better understand the processes and controls associated with identified risks. Once the processes have been mapped, then assess what may go wrong, what could be impact on the business and what controls exist to prevent the short-cuts & leakages. Prepare a Risk Register and update it periodically.

3. Structure Audit Programs to check the effectiveness of Process Controls: Operational audit or Internal audit has been effective and a tested technique to test the effectiveness of the process controls and risks management. Higher the perceived risk, higher is the periodicity of audits required. However, most of the companies have a very rudimentary system of conducting the audits, using pen & paper or excel sheets that do not provide end to end visibility into the audit management program. Also, few companies use an integrated audit management system that assesses the gaps and tracks the linked corrective & preventive action plans to plug the gaps. Implementing such an integrated system may not cost much but may give multiple times ROI in preventing the process control failures.

Operational or Internal Audits in most of the companies are  riddled with long established manual processes, which results into high audit cost of in-house resource, lack of end-to-end audit visibility, and gaps in compliance.

Another gap in the audit process is that it is mostly focused on the internal operations. In the areas of outsourced logistics and sales channels, the audit means only inventory counting, as-if that is one and only risk that exist in the logistics operations. There are whole lot of risks in the categories of safety, security, legal and regulatory compliances, product quality, process adherence that are mostly ignored. What about the supplier audits? How many key suppliers are audited for a comprehensive risks assessment? A structured and automated audit workflow management e.g. SIMSA, based on the framework of operational excellence (Plan, Do, Check and Act) is a best practice to identify and mitigate risks in the operations.

4. Constitute a Risks Management Committee: A committee of senior management as well as independent board members should look into the overall effectiveness of the risks management, assess the risks associated with the gaps observed in various audits and monitor whether the gaps are being closed in a time bound manner. The committee also sets the risks management guidelines, policies, define the roles and responsibilities of the frontline and supporting roles in risks management and approves major decisions involved in the risks mitigation.

5. Build Agility and Resilience in Supply Chain: Despite taking all the possible measures internally, the external disruptions cannot be ruled out. Agility is about how quickly you can shift gears to counter the impact of any disruption. Resilience is the ability to bounce back to business as normal after encountering the disruptive event. Building agility and resilience requires proactive planning involving "what-if" scenarios and preparing a response for each scenario. Systemic use of predictive analytics and market intelligence involving weather data, port & transportation strikes, geo-political situation & impact on trade-policies / duties etc. go a long way in minimising the "time to recover" in the event of disruption.

Given that the frequency and impact of supply chain risks is increasing by the day, the risk management should be one of the top 3 priorities for any company. A structured risk management and business continuity planning is not just an option but a business imperative to survive and become more resilient to the shocks of disruptions.

Warehouse – How secure are your Operations?


Warehouses are no longer old dilapidated buildings in dingy lanes, conventionally used for the storage purpose. Warehouses today are part of optimal flow of goods, have increasing levels of complexity & automation, and play a strategic role in fulfilment of customer demand. Increasingly, warehousing operation is encompassing activities like postponement, packing, light manufacturing, sortation, cross-docking , reverse logistics, after sales service, orders fulfilment etc. Also, with use of information technology and automation, the need for the skilled manpower has gone up, which is not easy to find.

The increased level of warehouse complexity and activity also means more exposure to various kinds of risks. Though there are no statistics available for country-wide warehouse incidents but one could assess the gravity of the situation from news reports, while a majority of incidents are not reported. Unfortunately, barring few industries that are quite sensitive to risks across supply chain, most of the companies leave the risks management to their 3PL or don't bother at all. Few 3PLs put in place some common and basic safety & security procedures in place but is it what is needed for effective risks management?


Image: Fire incident in a warehouse in Delhi on Oct 6, 2020 (Image Source: ANI)

Let's first understand what risks warehouses are exposed to. The risks span from Safety, Security, Quality, Service, Regulatory, Legal, Financial, Environmental etc. The risk profile of a warehouse is determined by 3 major factors:

  1. Selection and location of a Warehouse: The risks associated with quality of building construction and quality of construction material used, cannot be easily identified and mitigated. The flooding of the surrounding area and seepage of water from the walls, flooring are the most commonly found issues in a warehouse. The problems get compounded with extreme weather events & intensity of rainfall. What was built for normal weather may not sustain under extreme weather events. The water drainage from roof gutters or stormwater drain may lead to water flooding & seepage. The warehouse situated in the cyclone prone area should have cyclone resistant design & construction. The same holds true for the strength, joints & quality of flooring, quality of electrical wiring & fixtures, fire control system etc. From the location perspective one needs to assess legal & regulatory compliance, potential of political interference, security environment, proximity from the fire station & hospital etc. Once a warehouse facility is decided, the associated risks are fixed during the period of occupancy, which are hard to mitigate. Therefore, a thorough due diligence and SIMSA automated audit workflowusing an exhaustive & standard checklist is a must before zeroing on the location & type of facility.
  2.  Warehouse Layout, Fixtures & Equipment: Starting with the external flow of vehicles in the warehouse, space for parking of vehicles, designing of internal flow of people & equipment, providing enough space for various activities to prevent crowding go a long way in preventing major accidents. Putting up the right fixtures and using MHE based on the load requirement, built-in safety features and their regular maintenance determine the levels of risks. The warehouse layout & design would not only determine the safety, security hazards but also the productivity & turnaround time. If you are going for ready to use warehouse facility, it makes sense to use a checklist based assessment to compare various options.
  3.  Warehouse Operations: The third category of risks emanate from how the warehouse operations are organised and managed. While organising the warehouse operations, one must take into account the risks carried forward from the first two categories i.e. the location & facility selection and layout, fixture & equipment. The risks associated with the warehouse operations are:
    • Health & Safety
    • Security
    • Financial
    • Regulatory Compliance
    • Quality & Service
    • Environment

With most of the warehousing operations being outsourced, the companies have a little visibility & control over the operations. Many companies have basic Standard Operating Procedures documents, which most of the time never referred to or updates. Some of these documents are so textual that it makes a good bed-time reading. Most of the supervisors and other people managing the operations may not have even seen these documents ever. Moreover, every site may have different risk profiles. How can one standard document serve the purpose of each site?

So people take short-cuts, especially during month-ends pressure and then slowly it creeps as the bad practice until it snowballs into a big incident. Until then, it is optimism bias that prevails, "it won't happen to us".


Optimism bias, "it won't happen to us" and leaving risks management to your 3rd party logistics provider or contract manufacturers are the biggest risks to your operations. The risks management should start on the day, you decide to build or outsource a warehouse.

Approach to handle Warehouse Risks

Risks management is a three level approach i.e. Strategic, Tactical and Operational.

  1. Strategic Level: Whether it's a green field or a brown field project, detailed risks assessment has to be an integral part of the project. To re-emphasise, the risks accepted at this stage cannot be mitigated easily. It requires a team of people from engineering, operations IT, legal compliance to visit sites to assess risks from various angles. This could be a burden on the company's resources and also many companies many not have that expertise in-house. A better alternative is to take the services of experts in this field. It should not be seen as a cost but an investment to prevent any unforeseen risk that may cost multiple times the fees of hiring the expert.
  2. Tactical Level: Before start of any operations, a thorough risk assessment must be done and corresponding internal controls should be implemented. For example, a company instituted a procedure for authorisation by the warehouse manager, if any operator has to work at more than 6 feet from the ground level. The authorisation is nothing but a checklist of do's & don'ts to be explained to the operator before starting the work.

    But then how do you ensure whether the controls are effective and are being implemented in spirit and not just on papers. Internal audit is one of the most tested techniques in proactively identifying the gaps in controls. The audits are effective if:

    • Aligned to the risks identified for a site and operation.
    • Done periodically, rather than just once a year activity. The practice of monthly self-audits on high risk areas, followed by the quarterly more detailed audits by a 3rd party covering all the risk areas.
    • Corrective and Preventive action planning, with accountability, visibility and tracking of the closure in a time-bound manner.

    It may appear an additional work, but not investing time and resources on this aspect of risk management may cost dearly. It's easier to cure a cancer if identified much early, through periodic check-up. It may also sound daunting to manage the entire planning and managing the data as well as tracking corrective actions.

    A platform like SIMSA, that is based on the operational excellence framework of Plan, Do, Check & Act, not only automates entire audit workflow but also ensures complete visibility & control over risks & corrective actions.

  3.  Operational Level: It is at this level at which the controls are executed on day to day basis. It is best to automate the controls and workflows, so that the dependence on the people is minimised. As the technology is becoming affordable, the use IoT and Cameras with Analytics could be the of immense use not only to identify risks on real time basis but also help in predicting future risks. Instead of asking the warehouse manager to report a small fire incident, it may be automated using the sensors. Even in the absence of the advanced technology, simple workflow tools can be used to facilitate the implementation of checklists & reporting of events, instead of using excel sheets or emails.

Warehouses will increasingly play a much larger, complex and strategic roles in the supply chain. Therefore, the risks associated will also be much higher. The risks have to be managed at Strategic, Tactical and Operational levels. Use of information technology can facilitate the effective management of the warehousing risks. It's high time that companies start thinking in this direction and shed the optimism bias or dependence on 3PLs for risks management.