Integrated Approach to Supply Chain Audits

Operational Audits

The conventional approach to Supply Chain Risks Management and Audits is inadequate to address the ever-changing risk profile of the entire value chain. The audits within the four walls of the organisation doesn’t present the true picture of all the risks the business is exposed to. In today’s connected and dynamic world, an integrated risk-based approach is required.

In the last few years, a number of businesses have been caught by surprise by unforeseen supply chain disruptions across industries ranging from pharmaceuticals & consumer goods to electronics & automotive. Even if we discount the year 2020 as an exception, according to BCI report 2019, about 42% of the companies surveyed experienced at least 1 to 5 supply chain incidents that led to significant disruptions in 12 months. The worrying fact was that almost 22% of the companies surveyed had no idea of what may have caused the disruption in their operations.


Supply Chain Disruptions

Almost 75% companies surveyed have faced at least one disruption in 12 months preceding Covid

The major impacts of the disruption, according to the report, are:

  • Loss of Productivity (50.3%)
  • Customer Complaints (41.5%)
  • Increase in Cost of Working (39.9%)
  • In Loss of Revenue (36.1%) mmm

The Covid pandemic has led to a greater divide – the business with proactive supply chain who rebounded much faster than the businesses with not so proactive supply chain. It has thrown the light on importance of supply chain risks management & business continuity planning for business sustainability. There has never been a greater need for supply chain transparency. Understanding the importance of governance, monitoring mechanism & visibility of controls effectiveness are necessary to mitigate risks in supply chain.

Sources of Supply Chain Risks

The sources and types of supply chain risks may vary a lot depending on each part of the value chain.

The key sources of the supply chain risks are the external environment and internal operations. The external risks e.g., acts of terrorism, critical labour stoppages and port closures, infectious diseases, and natural disasters, cause high levels of concern and are less controllable.

On the other hand, the internal operations risks that involve quality assurance, IT security and uptime, compliance with regulatory requirement, sustainability, health and safety, conflict minerals etc. are much more controllable. The occurrence and impact of internal operational events go unnoticed most of the time and therefore, offer a greater opportunity for improvement through better governance.


The supply chains are increasingly becoming vulnerable to risks. There are multiple factors contributing to the supply chain vulnerability e.g. globalization, outsourcing of operations, stringent regulatory compliance, higher workforce turnover, inadequate transparency & visibility etc.

Role Supply Chain Audits in Risk Management

Supply chain audits present an opportunity for the companies to look at the supply chain processes and operations to make sure they’re doing right things to control costs and mitigate risk factors. Conventionally, supply chains have been audited by the internal audit function – once or twice a year. Given the increasing uncertainty and increasing instances of disruptions, the traditional internal audit process is not sufficient to assess the effectiveness of risks mitigation controls.

The approach needed for the keep pace with changing risks involves:

  1. Frequent updation of the Risks in the value chain:It may seem to be daunting task to keep a track of what has changed. Use of AI and ML technologies could be immense use to track events across the world can help to quickly update the risk profile of a supplier, contract manufacturer or supply network.
  2. Prioritization of Risks:Given the complexity involved in tracking and mitigation of risks, the companies must identify high risk areas in the value chain that requires closer monitoring. The audits should focus on the risks that has higher likely impact on the business. As the confidence level on certain risk control measure grows, the priority may shift to the next in the order of risk level.
  3. Frequent Audits:Audits should not be once in a year activity but be perpetual so that the gaps could be identified much earlier before they cause any disruption. Such audits have to be dovetailed into the operations e.g.
    • Daily Gemba walk in manufacturing plants and warehouses by the site managers
    • Monthly self-assessment by the site teams on the critical checkpoints
    • Use of technology for visibility and integrated workflow management based on the PDCA (Plan-Do-Check-Act) framework, that is quick to deploy and easy to use for the site teams.

    There are many audit tools available in the market, but most cater to the automation of the conventional internal audit process. This makes these tool too elaborate & complex with multiple level of reviews & approvals, and therefore, cannot be used for the periodic self-audits. SIMSA has broken the conventional thinking on the audits by making the technology available on mobile and does not have too many steps involved to schedule & conduct the audits followed by planning & tracking corrective actions.

  4. Remote Audits and Real Time Audits:Covid had put restriction on conducting physical audits but, at the same time opened opportunities for the use of technologies for conducting remote audits. Also conducting perpetual audits across various supplier, third parties and manufacturing locations is practically not feasible with physical audits. While still at a nascent stage, the future lies in conducting audits using Augmented Reality and IoTs based data analytics for risk assessment.
  5. Automation of Controls:Using the IT / control towers for monitoring the key drivers and triggering self-corrective actions may obviate the needs for the conventional.
Integrated approach to Supply Chain Risks and Audits

No supply chain audit program can be “internal” in the true sense. With increasing level of outsourcing, the involvement of the suppliers and third parties absolutely must for an audit program that really addresses the supply chain risks proactively. However, if each organization in the value chain follows a silo approach for the audits keeping in mind the organization specific objectives & risks, it may lead to sub-optimal results, duplication or missing out on certain areas.

An integrated approach to the audits, keeping in mind the overall objectives of the supply chain and risks in the extended value chain, is required for prioritization and scoping the extent of audits. Many procurement and logistics professionals (who deal with the 3rd parties) tend to take refuge in the contractual terms and liability clauses for certain risks, and therefore, follow the hands-off approach. One must realize that the financial penalties or liabilities may not compensate for the loss of image, reputation or customers’ confidence.

Given the spread and extant across geographies and organizations, no supply chain audit is “internal” in true sense. The outsourcing of operations doesn’t imply outsourcing of risks management.


While supply chain risks are becoming greater headaches for everyone, it requires a different approach to manage risks. The conventional internal audit programs are inadequate to proactively identify, assess and mitigate risks, as the supply chain risks are dynamically changing. A perpetual, integrated and collaborative approach across the value chain, making use of modern technologies, is the need of the hour for effective supply chain risks management.