Supplier Audits – Key to Mitigate your Supply Chain Risks

Frontline Managers

Suppliers are the key source of competitive advantage for any business. Your quality, efficiency and service delivery significantly depends on what kind of suppliers you have. Having selected a good and competent supplier doesn't guarantee a perfect partnership. Even the best suppliers can fail or falter depending on a situation. The classic case study of how Ericsson lost months of production due to fire in the microchip plant of Philips, highlights the importance of continuous engagement with your critical suppliers.

Supplier audits have been used as tested tool to ensure that the suppliers not only consistently deliver high-quality materials, ingredients or services but also taking steps to identify and mitigate future risks. Leveraged correctly, supplier audits can identify, address, and prevent problems in a supplier’s product quality or processes before the problems spread.


  • Ensuring suppliers are complying and working to the industry standard, regulatory norms and professional ethics
  • Identifying risks in your value chain before they become a problem and jointly working on the mitigation plan
  • Helping your suppliers with guidance on development on critical areas and performance improvement
  • Enhancing the communication between the manufacturer and supplier
  • Improving your sourcing strategy and decisions
SIMSA Operational Audits

Supplier audits is not a one time activity but has to follow a structured approach aligned to the sourcing strategy.However, there are certain stages of the supplier lifecycle management that definitely require the audit interventions, irrespective of any sector or business.

  1. Introducing a new supplier:
    If you don't have a past experience of working with the supplier or don't have enough verified information about supplier in terms of quality, delivery, or service, & other aspects of performance, makes that supplier a risk for your business. If these risks are significant for the business, then the supplier must be audited by a cross-functional team consisting of procurement, quality, production and finance experts. The audit scope should cover all the areas e.g. quality, manufacturing process, compliance, financial analysis, supply chain, operations excellence. It would not only ensure that the supplier is fit to meet your business requirement but also identify the areas of future development and relationship.
  2. Problem with an existing supplier:
    If an existing supplier is not performing to the desired level of expectation, a detailed audit may help to identify the root cause of the problems in the processes, human resource or technology. Sometimes, it is the lack of understanding of the requirement by the supplier of communication gaps between the manufacturer and supplier could be the cause of the problem. Such audits are highly focused on addressing specific problems and need not cover all the aspects of the supplier relationships.
  3. Developing existing supplier for a new material or service:
    If you plan to develop your existing supplier for a new line of materials or services, an audit may help to identify the key areas of support required by the supplier. It also help to assess the readiness of the supplier to supply the new materials and potential risks associated e.g. the new equipment ordered by the supplier may get delayed or supplier's capacity may get constrained and impact the existing services.
  4. A supplier is critical for your business continuity:
    Preventive audits are necessary if a supplier is critical to your business, for example, the supplier is highly regulated and would be shut down due to non compliance. Or, an incident at supplier's place can impact your production (Ericsson-Philips case study). Even if the critical supplier is performing well, the high risk and criticality of the supplier to your organisation means you must continuously assess its processes and other capabilities.

There is no "one size fits all" approach to supplier audits and each audit is driven by the objectives and risks under consideration. However, at broad level the areas covered under the audit are:

  1. Risks Management:
    You would like to be assured of the supplier's process of identifying and mitigating risks in its value chain. The suppliers who have a business continuity plan in place and update it periodically are much more valuable than who don't. This area of audit becomes very critical if your dependence to the supplier is high and do not have alternatives. For example, in pharma industry it takes lot of time and cost to get regulatory approval for a supplier of a critical ingredient. The questions that must be answered are:

    • Whether the supplier has mapped its valued chain, identified the risks and assessed the impact on the business?
    • Has the supplier identified the potential disruptive events and got the disaster recovery plans in place? If yes, what is the time to recovery for each of the likely event?
    • How frequently the risk assessment is updated and if it is reasonable enough keeping in mind the changing environment?
  2. Operational Processes:
    Audits should assess the processes & systems that are affecting the performance of the supplier and ensure action is being taken to address the gaps found. The processes involved are:

    • Quality Management
    • Manufacturing
    • Equipment Maintenance
    • Design & development of new products
    • Safety & Security
    • Inbound operations - procurement, receiving, storage, inventory management
    • Outbound operations - finished products storage, inventory management, dispatches
    • Customer service - order fulfilment, complaints management
    • Documentation

    The auditor need to assess whether there are SOPs defined for each process, if the SOPs are followed and the checks & controls implemented in the critical processes to detect any deviation.

  3. Compliance:
    Compliance to the regulation and professional ethics is essential for the business continuity. The typical questions that must be answered are:

    • Has the supplier clearly identified the complete list of regulatory requirements that must be met?
    • What are the supplier’s internal processes to ensure those regulatory requirements are being addressed, maintained, and improved on?
    • Whether the roles and responsibilities are defined within the organisation for ensuring the compliances?
    • Whether there’s independence within the organisation to resolve any compliance or regulatory issues quickly by senior management and leadership?
    • Whether there’s an effective, robust process in place to add or update the existing regulatory requirements?
  4. Performance Management:
    The focus on innovation, performance management and continuous improvement helps an organisation to become efficient and overcome business challenges. It is not just the supplier but you as a customer may get the benefit of their efficiency and innovation. As part of the audit, you may want to assess:

    • How does the supplier measure their performance on various aspects of business and operations?
    • What are the benchmark standards used for comparing the performance?
    • Which techniques of continuous improvement are used ?
    • What is the role & involvement of people at various levels in continuous improvement?
    • If there is a well structured innovation & product development process and how effective is the process?
  5. IT Security:
    If you have shared your proprietary information, designs or technology with your supplier as part of the agreement, you may want to ensure that information is secured with the supplier. Therefore, you would have a periodic assessment of their IT policy; what security protocols have been implemented; how frequently vulnerability and penetration tests are conducted; how the gaps identified are closed. While the supplier may have signed a legal non-disclosure agreement, it may still make a sense to prevent such breaches at the first place rather than going through legal process.

A common failure in a supplier audit program is turning it into a paperwork exercise, listing all sorts of documentation and exercises in an audit report without much focus on the recommendations for improvement. As the resources required for conducting the supplier audits are limited, therefore, the approach adopted must be both effective and efficient. A risk based approach is recommended in identifying which suppliers have to be audited, how frequently to be audited and what is the expected outcome of each audit.

Given the risk profile of each supplier, some suppliers may be required to be audited at least once a year while others may be once in 2 or 3 years. The key steps required to structure the supplier audit program are:

  1. Map all the suppliers and assess the criticality of each depending on your dependence a supplier and the potential impact of the supplier's failure on your business.
  2. Prioritise and identify the suppliers for including in the supplier audit program.
  3. Evaluate the past performance and issues of the suppliers and impact it had on your business.
  4. Depending on the criticality of the material being sourced and past performance, determine the periodicity and scope of audit for each audit. Prepare a calendar of supplier audits.
  5. Determine the criteria and standard ( e.g. ISO, OSHA) to be used for each audit.
  6. Identify the audit resources required for conducting the audit and determine whether these have to be outsourced.
  7. Prepare checklists covering the specific areas as determined in the scope of each audit. Remember, each checklist has to be tailored to the risks identified for each supplier.
  8. Get the suppliers' buy-in and integrate them in the audit program.
  9. Have a robust mechanism for planning corrective actions for the gaps identified in the audit and tracking of the deadlines for each action point.
  10. Use a technology platform to manage the end to end audit workflow and provide complete visibility on the gaps and corrective actions to both you as a customer and the suppliers. The technology helps you to save time, efforts in putting together and tracking the information and it at the same time it ensures consistency throughout.

The supplier audit is a strategic tool to identify and mitigate risks in your supply chain for business continuity planning. Given different nature of risks associated with each supplier, "one size fits all" approach does not work. Instead a risk based approach must be adopted to determine the scope and periodicity of audit for each supplier. Next, the buy-in and early involvement of the suppliers in the structured audit program is essential for the successful outcomes.