by Duke Okes
Supplier audits are certainly ripe for improvement. All too many supplier audits are done simply because a procedure calls for them. At the same time, changes in our perspective about business reliability point to opportunities to make supplier audits truly worthwhile. In order to do so, one must ask the following two questions:
- What should be audited? Risk management is much more than just preventing product failures, which is the current focus of most quality system audits. Risk management involves ensuring that adequate controls exist across all management systems (e.g., environmental, human resources, information technology, safety). Additionally, mere compliance to requirements or standards such as ISO 9001 does not enhance competitiveness—it just gets the ticket punched. Audits (risk assessment) need to look at changes in organizational performance over time to evaluate improvement.
- Who should be audited? The interdependence of organizations within a supply chain means that audits should not necessarily be restricted to just the organization’s direct suppliers. The Theory of Constraints tells us that the performance of the supply chain can be no better than that of the weakest player. Supply chain partners should therefore consider selectively applying audits where they would be most beneficial—where the risks are higher.
Given that many firms are now registered to ISO 9001 (or a derivative of it) there is less rationale for auditing a supplier’s quality management system. However, this doesn’t mean that assessments should go away, but instead that a higher level of value should be attained by supplier audits. Quality professionals should rethink the purpose of supplier quality audits and see them as assessing the potential reliability of the supply chain.
What should be audited?
Traditionally, the quality system has been the major focus of supplier audits (although credit status is also typically reviewed by someone in the purchasing or accounting department). The purpose has typically been to evaluate whether the supplier can be expected to operate in a consistent manner, decreasing the risk of product quality problems.
But many other problems can occur that could also affect the ability of an organization to fulfill its obligations. These could affect quality, delivery, or even the ability of the organization to be an ongoing concern. Figure 1 provides a few examples of different situations and some of the items that might be assessed to evaluate potential risks.
Figure 1: Example Assessment Items
Situation | What to Assess |
The supplier operates near production capacity limits, or has unique equipment in the value creation process | Equipment reliability, business expansion plans, scheduling system |
The supplier is highly regulated and would be shut down by a significant violation | Records of compliance to appropriate systems (e.g., safety, environmental) and how well the system adapts to changes in the organization |
The supplier is highly impacted by the performance of its suppliers | Percentage of resources allocated to supplier management, record of past performance of the firm’s suppliers |
The supplier is highly financially leveraged | Cash management practices, relationships with financial backers, likely future financial demands |
The supplier has high employee turnover or is a cyclical business | Employee selection methods and training practices |
The supplier heavily utilizes unique information technologies for critical applications | How IT system reliability is maintained |
The list could easily be expanded to look at other important business processes such as development and execution of strategy, public relations, and continual improvement methods/successes. One organization with which the author has worked looks at whether suppliers who are located in Asia meet the intent of U.S. child labor laws.
The key point is that the importance of the supplier depends on the organization’s role in the supply chain and how that role is unique. Rather than assessing all management systems/processes, the Pareto principle should be used to identify those most important to reliability of the organization. The assessment should also not just look at whether there is a system (a compliance view), but also how well the system has performed over time. Note that this alone is a major test of whether the organization will be a good supply chain player since asking such questions will help determine whether the management team is open and trusting enough to be an effective partner.
This change in assessment strategy means that a cross-functional team of auditors will likely be necessary. The team should be lead by a generalist, someone familiar with the full range of management systems and audit practices, who guides the process and works with specialists who look at specific systems (e.g., financial, quality, safety, information technology, human resources). Such a team would also enable evaluation of the interrelationships of systems to detect how one may affect others (e.g., a financial problem that may eventually create a capacity or quality problem).
Who should be audited?
The normal response to this question is “our supplier” or “our class A suppliers.” However, not all class A suppliers (e.g., those providing a product that becomes part of the finished product or those whose dollar volume exceeds a certain amount) are necessarily high risk. A supply chain reliability perspective would indicate that the focus should instead be on the weakest links in the chain. Many potential suppliers are likely to have proven to be consistent in serving other organizations, and it may then make sense not to audit such an organization unless the product to be provided (or the working relationship) is very unique, or that the new contract will affect capacity or capital risks.
Instead, one should look throughout the supply chain to see where the greatest risk may be. Figure 2 shows an example of a portion of a supply chain where such a view might be very useful. Company C or D may want to be more concerned about Company A (who is making a $350,000 die that would be very difficult to replace) than about Company B (who could easily be replaced). Companies B, C, and D might even jointly conduct an audit of Company A to gain confidence in the quality of the die design process, financial stability of the company, and the commitment of the firm to provide ongoing replacement parts (e.g., of die wear components) at a reasonable price and in a timely manner.
Figure 2: Partial Supply Chain
Note that such thinking requires collaboration among members of the supply chain, sharing information regarding past performance or potential risk, and deciding which players should be assessed. This must be done with the mindset that members of the supply chain will help the assessed organization address any deficiencies, otherwise it’s just a witch-hunt and will not promote partnership thinking.
Why Audit?
This is really the most important question to be asked. If organizations establish a rationale for conducting audits of members of the supply chain and ensure that the rationale is based on solid business reasons, then the audit process will be value-adding. The “what to audit” and “who to audit” questions will be driven by understanding why each audit is being conducted in the first place.
About the author
Duke Okes is a knowledge architect specializing in quality management. He has been in private practice since 1985 working with organizations in the United States and around the world. He was formerly a quality professional in TRW’s automotive sector.
Okes is a Fellow of the American Society for Quality and is certified by ASQ as a manager of quality/organizational excellence, quality engineer and quality auditor. He has served as vice chair of technology for ASQ’s Quality Management Division and chair of the Northeast Tennessee section of ASQ, who recognized him with their quality leadership award.
Okes is the author of two books, Root Cause Analysis: The Core of Problem Solving and Corrective Action and Performance Metrics: The Levers for Process Management, co-editor of The Certified Quality Manager Handbook (second edition) and has written numerous articles for publications such as Quality Progress, Quality World, Business Improvement Journal, APICS-The Performance Advantage, Manufacturing Engineering, The Auditor, and Quality Management Forum.
Note: This article originally appeared in “Vista,” a newsletter of the ASQ Quality Audit Division, Winter/Spring 2004 issue.