Monday, 2 April 2012

How much third party due diligence is enough?

Lee Glendon CBCI
Reputational risk is a hot topic as many of you will be aware.   Last week, I was invited to  a debate at the UK’s House of Lords, following comment in the Financial Times on the need to understand and prepare for the reputational consequences of moving production to countries with potentially very different business practices to the UK.

The debate was intended to focus on anti-corruption due diligence following the introduction of the UK Bribery Act, which requires adequate procedures of due diligence; however, it soon became a broader debate on the limitations of a compliance approach.  How much due diligence and compliance would be enough if you have 60,000 suppliers?  How do you justify to the board that the investment will be effective?  Some participants were looking at potentially spending millions of dollars on the due diligence

This debate would resonate with many BCM practitioners, who have been looking at supply chain resilience issues, even more so when the topic of standards and kite marks was discussed.  It has to be said that while kite marks were seen as a good in theory and reference frameworks had been developed for third party due diligence in this area, it was widely felt by those present that they would be an insufficient means of assurance, when applied in isolation.

One participant, who is a serving board member, noted that his boardroom had discussed the issue of anti-corruption and noted that Non-Executive Directors were particularly attuned to the issue as they would be held responsible. However, executive directors were less animated by the issue - one had commented that the legislation would make it impossible to do business in some of the major growth markets around the world.   

The debate moved on to an area familiar to all of us:  compliance alone is not enough to address the issue, it’s about the culture of the company and executive commitment.    The board needs to be engaged and understand that they are responsible when this goes wrong. 
The thought running through my mind was simply: here’s another part of the organisation that is looking at supply chain resilience, wanting to engage with procurement and bidding for resources from the board to perform due diligence. 

Surely, there is some opportunity for BCM practitioners to leverage this activity, share expertise and position BCM as a framework for understanding this problem?


No comments:

Post a Comment