SIMSA Audit Software


SIMSA is an integrated Audit Management Platform based on the PDCA (Plan-Do-Check-Act) framework of operational excellence. It cuts out the bureaucratic layers of reviewers & approvers, therefore quick to deploy and intuitive to use. Its simplicity and mobility feature is the key factor for the buy-in from the operational staff. It can be used for self-assessments and tracking of corrective actions.

Tag: Operational Risks

Internal Audit: Keeping Pace with Changing Time


Optimism Bias towards Risks

Humans, by nature (at least a large percentage) are optimistic about future. But this optimism becomes dangerous when it leads to the belief that "it won't happen to me". That's why many people are under-insured, overspeed on the roads or walk freely without masks & precautions during Covid pandemic.

The same optimism bias translates into the approach towards managing risks in the business. Which parts of the business have the maximum exposure to the risks? No points for guessing right - Supply Chain and Finance. While a structured framework of identifying and controlling Financial risks exists in every business, the Supply Chain risks are left to the fait accompli. The reason is the optimism bias, "It never happened to us, why should we even bother", until one day it happens. The "long term" risks management loses the battle to the "short term" costs savings, when it comes to choosing one over another.

Why Supply Chain is a major source of business risks?

What percentage of end to end supply chain is controlled by one company? Hardly much!


With increasing outsourcing of Supply Chain including the manufacturing operations, the extent of direct control of the focused firms is continuously reducing. There have been number of instances of violation of compliances and norms by the contract manufacturers and outsourcing partners, leading to both loss of business and reputation.

The reasons why Supply Chain is becoming a major source of business risks, are:


According to a study done by Supply Chain Insights LLC, the factors contributing to the. supply chain risks have changed over last 5 years. According to the study, in 2013, 80% of the supply chain leaders accepted to have been impacted by, on an average, 3 material disruptions. The source of most critical risks in the near future will be from Operations Complexity, Regulatory Compliance and Geo-politics events.


How should one prepare for disruptions?

1. Shed Optimism Bias: This step requires a "foresight" into the changing environment and its potential impact on the entire value chain. The value chain includes your tier 2, tier 3 suppliers if these can't be easily and quickly switched-over to the alternative sources. These risks may have profound impact on the strategic supply chain decisions e.g. how many and which suppliers, logistics partners you will have for a category, the design of distribution network, location of the supply chain facilities, the inventory holding etc.

2. Identify Risks in Operations: Map the processes so that you have visibility of what happens in your operations. Process mapping is a useful tool for risk assessment and continued risk management by enabling business owners to better understand the processes and controls associated with identified risks. Once the processes have been mapped, then assess what may go wrong, what could be impact on the business and what controls exist to prevent the short-cuts & leakages. Prepare a Risk Register and update it periodically.

3. Structure Audit Programs to check the effectiveness of Process Controls: Operational audit or Internal audit has been effective and a tested technique to test the effectiveness of the process controls and risks management. Higher the perceived risk, higher is the periodicity of audits required. However, most of the companies have a very rudimentary system of conducting the audits, using pen & paper or excel sheets that do not provide end to end visibility into the audit management program. Also, few companies use an integrated audit management system that assesses the gaps and tracks the linked corrective & preventive action plans to plug the gaps. Implementing such an integrated system may not cost much but may give multiple times ROI in preventing the process control failures.

Operational or Internal Audits in most of the companies are  riddled with long established manual processes, which results into high audit cost of in-house resource, lack of end-to-end audit visibility, and gaps in compliance.

Another gap in the audit process is that it is mostly focused on the internal operations. In the areas of outsourced logistics and sales channels, the audit means only inventory counting, as-if that is one and only risk that exist in the logistics operations. There are whole lot of risks in the categories of safety, security, legal and regulatory compliances, product quality, process adherence that are mostly ignored. What about the supplier audits? How many key suppliers are audited for a comprehensive risks assessment? A structured and automated audit workflow management e.g. SIMSA, based on the framework of operational excellence (Plan, Do, Check and Act) is a best practice to identify and mitigate risks in the operations.

4. Constitute a Risks Management Committee: A committee of senior management as well as independent board members should look into the overall effectiveness of the risks management, assess the risks associated with the gaps observed in various audits and monitor whether the gaps are being closed in a time bound manner. The committee also sets the risks management guidelines, policies, define the roles and responsibilities of the frontline and supporting roles in risks management and approves major decisions involved in the risks mitigation.

5. Build Agility and Resilience in Supply Chain: Despite taking all the possible measures internally, the external disruptions cannot be ruled out. Agility is about how quickly you can shift gears to counter the impact of any disruption. Resilience is the ability to bounce back to business as normal after encountering the disruptive event. Building agility and resilience requires proactive planning involving "what-if" scenarios and preparing a response for each scenario. Systemic use of predictive analytics and market intelligence involving weather data, port & transportation strikes, geo-political situation & impact on trade-policies / duties etc. go a long way in minimising the "time to recover" in the event of disruption.

Given that the frequency and impact of supply chain risks is increasing by the day, the risk management should be one of the top 3 priorities for any company. A structured risk management and business continuity planning is not just an option but a business imperative to survive and become more resilient to the shocks of disruptions.

Warehouse – How secure are your Operations?


Warehouses are no longer old dilapidated buildings in dingy lanes, conventionally used for the storage purpose. Warehouses today are part of optimal flow of goods, have increasing levels of complexity & automation, and play a strategic role in fulfilment of customer demand. Increasingly, warehousing operation is encompassing activities like postponement, packing, light manufacturing, sortation, cross-docking , reverse logistics, after sales service, orders fulfilment etc. Also, with use of information technology and automation, the need for the skilled manpower has gone up, which is not easy to find.

The increased level of warehouse complexity and activity also means more exposure to various kinds of risks. Though there are no statistics available for country-wide warehouse incidents but one could assess the gravity of the situation from news reports, while a majority of incidents are not reported. Unfortunately, barring few industries that are quite sensitive to risks across supply chain, most of the companies leave the risks management to their 3PL or don't bother at all. Few 3PLs put in place some common and basic safety & security procedures in place but is it what is needed for effective risks management?

Warehouse Safety

Image: Fire incident in a warehouse in Delhi on Oct 6, 2020 (Image Source: ANI)

Let's first understand what risks warehouses are exposed to. The risks span from Safety, Security, Quality, Service, Regulatory, Legal, Financial, Environmental etc. The risk profile of a warehouse is determined by 3 major factors:

  1. Selection and location of a Warehouse: The risks associated with quality of building construction and quality of construction material used, cannot be easily identified and mitigated. The flooding of the surrounding area and seepage of water from the walls, flooring are the most commonly found issues in a warehouse. The problems get compounded with extreme weather events & intensity of rainfall. What was built for normal weather may not sustain under extreme weather events. The water drainage from roof gutters or stormwater drain may lead to water flooding & seepage. The warehouse situated in the cyclone prone area should have cyclone resistant design & construction. The same holds true for the strength, joints & quality of flooring, quality of electrical wiring & fixtures, fire control system etc. From the location perspective one needs to assess legal & regulatory compliance, potential of political interference, security environment, proximity from the fire station & hospital etc. Once a warehouse facility is decided, the associated risks are fixed during the period of occupancy, which are hard to mitigate. Therefore, a thorough due diligence and SIMSA automated audit workflowusing an exhaustive & standard checklist is a must before zeroing on the location & type of facility.
  2.  Warehouse Layout, Fixtures & Equipment: Starting with the external flow of vehicles in the warehouse, space for parking of vehicles, designing of internal flow of people & equipment, providing enough space for various activities to prevent crowding go a long way in preventing major accidents. Putting up the right fixtures and using MHE based on the load requirement, built-in safety features and their regular maintenance determine the levels of risks. The warehouse layout & design would not only determine the safety, security hazards but also the productivity & turnaround time. If you are going for ready to use warehouse facility, it makes sense to use a checklist based assessment to compare various options.
  3.  Warehouse Operations: The third category of risks emanate from how the warehouse operations are organised and managed. While organising the warehouse operations, one must take into account the risks carried forward from the first two categories i.e. the location & facility selection and layout, fixture & equipment. The risks associated with the warehouse operations are:
    • Health & Safety
    • Security
    • Financial
    • Regulatory Compliance
    • Quality & Service
    • Environment

With most of the warehousing operations being outsourced, the companies have a little visibility & control over the operations. Many companies have basic Standard Operating Procedures documents, which most of the time never referred to or updates. Some of these documents are so textual that it makes a good bed-time reading. Most of the supervisors and other people managing the operations may not have even seen these documents ever. Moreover, every site may have different risk profiles. How can one standard document serve the purpose of each site?

So people take short-cuts, especially during month-ends pressure and then slowly it creeps as the bad practice until it snowballs into a big incident. Until then, it is optimism bias that prevails, "it won't happen to us".


Optimism bias, "it won't happen to us" and leaving risks management to your 3rd party logistics provider or contract manufacturers are the biggest risks to your operations. The risks management should start on the day, you decide to build or outsource a warehouse.

Approach to handle Warehouse Risks

Risks management is a three level approach i.e. Strategic, Tactical and Operational.

  1. Strategic Level: Whether it's a green field or a brown field project, detailed risks assessment has to be an integral part of the project. To re-emphasise, the risks accepted at this stage cannot be mitigated easily. It requires a team of people from engineering, operations IT, legal compliance to visit sites to assess risks from various angles. This could be a burden on the company's resources and also many companies many not have that expertise in-house. A better alternative is to take the services of experts in this field. It should not be seen as a cost but an investment to prevent any unforeseen risk that may cost multiple times the fees of hiring the expert.
  2. Tactical Level: Before start of any operations, a thorough risk assessment must be done and corresponding internal controls should be implemented. For example, a company instituted a procedure for authorisation by the warehouse manager, if any operator has to work at more than 6 feet from the ground level. The authorisation is nothing but a checklist of do's & don'ts to be explained to the operator before starting the work.

    But then how do you ensure whether the controls are effective and are being implemented in spirit and not just on papers. Internal audit is one of the most tested techniques in proactively identifying the gaps in controls. The audits are effective if:

    • Aligned to the risks identified for a site and operation.
    • Done periodically, rather than just once a year activity. The practice of monthly self-audits on high risk areas, followed by the quarterly more detailed audits by a 3rd party covering all the risk areas.
    • Corrective and Preventive action planning, with accountability, visibility and tracking of the closure in a time-bound manner.

    It may appear an additional work, but not investing time and resources on this aspect of risk management may cost dearly. It's easier to cure a cancer if identified much early, through periodic check-up. It may also sound daunting to manage the entire planning and managing the data as well as tracking corrective actions.

    A platform like SIMSA, that is based on the operational excellence framework of Plan, Do, Check & Act, not only automates entire audit workflow but also ensures complete visibility & control over risks & corrective actions.

  3.  Operational Level: It is at this level at which the controls are executed on day to day basis. It is best to automate the controls and workflows, so that the dependence on the people is minimised. As the technology is becoming affordable, the use IoT and Cameras with Analytics could be the of immense use not only to identify risks on real time basis but also help in predicting future risks. Instead of asking the warehouse manager to report a small fire incident, it may be automated using the sensors. Even in the absence of the advanced technology, simple workflow tools can be used to facilitate the implementation of checklists & reporting of events, instead of using excel sheets or emails.

Warehouses will increasingly play a much larger, complex and strategic roles in the supply chain. Therefore, the risks associated will also be much higher. The risks have to be managed at Strategic, Tactical and Operational levels. Use of information technology can facilitate the effective management of the warehousing risks. It's high time that companies start thinking in this direction and shed the optimism bias or dependence on 3PLs for risks management.