White Paper On Ethics And Compliance Part 2

Globe made up of hexagons

First published in Australian Compliance Institute newsletter, October 2010.

Why organisations are COINing it to protect their brand and reduce their risk.

As Darwin’s theory of evolution states, “in the struggle for survival, the fittest win out at the expense of their rivals because they succeed in adapting themselves best to their environment”. And the same rule can be applied in the evolution of business – you either adapt or perish, which begs the question of why organisations are finding it so hard to adapt to the issues of supplier compliance and what it means for their reputation and their bottom line.

The business buzzwords today are ethics, risk, accountability and reputation, with perception being everything to a business. Ethics in business is paramount when talking about compliance, because once you do the wrong thing, a catalyst of slow reputational disintegration may commence, with no end in sight.

The jungle that is the business world enables the separation of winners from losers. So why do organisations bother to adapt? It’s one of the oldest imperatives in the book – fear. Fear of brand damage, of heavy financial penalties and of personal liability, are driving many organisations to include Supplier Compliance Management in their risk reduction strategies.

It would be fair to expect that the bigger a company is, the greater its financial resources are to ensure it is compliant. However, many of these large firms struggle to come to terms with the issue of supplier compliance management (SCM). The trouble is that the current method of collecting, compiling and reporting on supplier compliance is usually a manually based nightmare, which is why insufficient time, administrative resources and inadequate budget are often the three major reasons for inaction.

As a follow up to last month’s article, this article outlines the core principles of COINs. It lists the differences between the COIN approach and the current method and specifically,  how COIN’s overcome the cost barriers. The article concludes with some of the tangible benefits of COINs covering reduced risk, improved recall and withdrawals in the supply chain and improved quality though tracking of corrective actions.

The consequences of non-compliance

Last month we mentioned that more than 30% of organisations are trying to track over  10,000 documents with 79.6% of all organisations using manual methods to collect, store and track supplier compliance. This is just the tip of the iceberg. Anecdotal evidence is telling us that most organisations don’t collect supplier compliance information at all. We’ve split organisations into four major categories.

Office worker shrugging
The Uninformed

These organisations are unaware that they are legally obligated to collect supplier compliance information. They still operate under the illusion  that having a clause in a contract requiring suppliers and subcontractors to “comply in all material respects with all applicable laws, statutes, and regulations” is enough. Thankfully the number of these organisations is decreasing.

The Risk Takers

These are the organisations that know what they should be tracking and reporting, but are using the excuses of insufficient time, inadequate budget and insufficient administrative resources to take the risk that nothing’s going to happen. Unfortunately for the shareholders, these organisations are the significant majority.

Office worker with fingers crossed
Stressed office worker with piles of paper
The Grudgingly Compliant

These organisations deserve to be applauded. They are investing the time and money to protect their shareholder’s interests by actively ensuring their suppliers are ethical and complaint, like Texas Instruments mentioned in the previous article.

The Sorted

These organisations are COINing it, in more ways than one. Their supplier compliance levels average over 95% and missing documents are typically less than 1% or 2%, all for a fraction of the expenditure experienced by the grudgingly compliant.

Office worker with thumbs up

The consequences of non-compliance can be severe for a company, its directors as well as its managers. Plenty of disaster stories exist around high profile companies that have come undone because of non-compliant product suppliers: lead paint in children’s toys, poisonous baby milk in China and many more. Brand reputation takes years to rebuild and the costs reverberate right throughout the supply chain. Food safety incidents have serious consequences for growers, food processors, distributors, retailers and foodservice entities. Supplier-caused recall incidents cause a company significant financial damage, including the cost of recalls, decontamination, recovery costs, lost sales, litigation costs, damage to brand and reputation, trade restrictions, and the impact on the stock price.

McDonalds had to recall 13.4 million novelty Shrek glasses due to high levels of cadmium. “This recall is said to be a huge setback for McDonalds and it is expected to cost them millions of dollars, while also damaging their reputation.” The share price dropped 1.3%

Before we look at COINs, the issue of how supplier compliance is managed today needs to be understood.

A day in the life of John

John is a full-time staff member responsible for collecting and reporting on supplier compliance.

Every day, John comes to the office and starts uploading documents into the system that suppliers and contractors have faxed or emailed in over the past few days. Not all suppliers fax in the right document, or even the current one, so John spends most of his time on the phone, asking for the correct, missing or renewed document. Some suppliers are busy or unavailable so John has to call again and again.

Not only that but John’s organisation keeps adding and removing suppliers and contractors, so he needs to contact the new suppliers and get them to submit their compliance documents and policies by fax or email documents. Should

Man stressed by paperwork

John gets through the list for the day, he then looks at the database or excel spreadsheet, monitoring any expired or missing documents. When he finds an outdated certificate, he has to contact each supplier individually chasing them for the missing or expired documentation. If there is no response within a couple of days, John then has to call them again to remind them. At the same time, John needs to remove any redundant suppliers from his lists and filing. In the free time he may have, John needs to file each supplier’s compliance document as a backup copy.

John is also expected to run random checks against fraud, calling up issuing authorities to check the validity of certificates and compliance documents. For poor old John, this tail-chasing exercise continues day after day.

This time-wasting occurs for the supplier as well. Suppliers are continuously being asked by their customers to fax or e-mail compliance documents. The same documents can be requested for each and every proposal, no matter that they were posted before as they have now been “filed somewhere else in the system”.

As a result, John is spending hours behind his desk phoning suppliers and chasing them to fax or email in their updated certificates. John is managing paperwork, not compliance or risk. It’s not what he signed up to do. Is it any wonder we have heard this job described as a “soul-destroying, never-ending task”

The COIN approach

To anyone who has used a social networking site like LinkedIn or Facebook, the COIN approach is instantly recognisable. The underlying principles are that each member of the COIN

  1. Has their own business-grade secure site on the COIN.
  2. Has the ability to upload compliance certificates, policies and documents onto their secure site within the COIN.
  3. Can add company profiles and contact details.
  4. Chooses which documents to share with which trading partners.
Add Metadata to provide Business Intelligence

Each COIN member adds key metadata with respect to each document or item, i.e. document name, expiry date, insurance value, fat content, %RDA, product specification, etc. Using this metadata, COIN members can run compliance status reports on all their linked trading partners who are also members of the same COIN.

  1. Which of my suppliers have a compliance certificate anniversary next month?
  2. Which of my suppliers is missing their Work Cover certificate?
  3. Are any of my suppliers non-compliant today?

COINs are communities, implying common purpose and dialogue. Effective COINs set up communication links between trading partners on the same COIN. This allows members to broadcasts messages to their trading partners, e.g. from buyers to groups of suppliers, or suppliers to  groups  of buyers. These communication paths use multiple existing systems, e.g. telephones, mobiles, faxes. SMS, e-mail as well as an internal messaging system on the COIN. An effective COIN doesn’t simply rely on e-mail as the compliance message can get lost in the mass of communications in the inbox.

The power of a COIN comes into its own when these two core principles of metadata and communications are combined. Not only can members run reports on which suppliers are non-compliant but

  1. they haven’t had to physically collect any of that information,
  2. it takes less than 10 seconds to run the report and
  3. using the communications, they are able to broadcast automatically out to the non-compliant suppliers, based on the results of the report.

A new day for John

Back to John. John is now managing over 1,000 suppliers on a COIN similar to the international compliance information exchange. This emerging compliance-related COIN has over 60,000 business members worldwide with over 300,000 compliance-related certificates and documents.

John arrives in the office on Monday morning, he’s pretty relaxed and grabs a quick cup of coffee before logging on to his COIN site. It’s 9:05 am on Monday morning and John runs two reports. The first lists all suppliers that have documents that have expired, the other lists all documents that will expire in the next two weeks. Based on these reports, John sends out two broadcasts. The first goes to the group with documents about to expire over the next two weeks. About 10% of his suppliers are on the list but he isn’t bothered because he knows that most will update their documents a few days after getting his reminder. He knows this because these suppliers are getting the same message from their other customers.

Man happy at computer

The second broadcast goes out to those few suppliers who have expired documents. This broadcast is somewhat sterner and more of a final warning. John’s next step will be to phone the Senior Manager of these organisations if the documents have not been updated by Wednesday morning.

It’s now 9:07 am and John can focus on managing compliance rather than managing paperwork. This two-minute interval identifies the power of COIN over the traditional manual approach.

How COIN is overcoming cost barriers

As one of our survey respondents said, “A real-time system would be very helpful but the cost is a constant constraint” Let’s revisit those three reasons for inaction and compare the traditional way with the COIN way as there have been some interesting trends in recent research.

Excuse 1—Insufficient time

Often insufficient time is cited as a reason for not being able to collect and manage the tens of thousands of supplier compliance documents.

Frankly, this response is not surprising. At just five minutes per document, 10,000 documents equates to 104 working days. In addition, multiple organisations collect multiple compliance certificates from all of their suppliers and in return, distribute multiple copies of their policies and procedures. As we said last week, over 98% of all documents across an industry are duplicates.

A recent survey by Integrity Interactive highlights an emerging attitude within the industry, namely that to counter the “no time” issue, 86% of  respondents have decided that “someone else (i.e. suppliers themselves or an independent third party)  should take on the actual day to day grind of driving supplier participation in the purchaser’s ethics and compliance initiatives”. COINs meet this need by shifting the emphasis from “buyer collects” to “supplier publishes and shares”.

Excuse 2—Inadequate budget

Time is money and it costs a lot of time to manage tens of thousands of documents on manual systems, hence the same survey reports that 75% of respondents have decided that “suppliers should share or bear the cost of participating in the purchaser’s ethics and compliance initiatives”.

Up until now, a major perceived drawback of the COIN approach has been comments like “my suppliers will never agree to pay to join a system simply to make my life easier”. Well, the tide is turning. COINs distribute the cost burden across the entire industry. Every COIN member contributes to the cost of the system. It’s analogous to the early days of the phone network, at the beginning companies built their own telegraph networks and then they realised it makes economic sense to build an open-access system that everyone can share for a fee. COINs are at the tipping point right now and this 75% of organisations will quickly drive the status quo to “everyone pays”.

Excuse 3—Insufficient administrative resources

The elimination of duplication effectively overcomes this barrier however it’s interesting to note that the Integrity Interactive report mentions that “the emerging solution has a great deal to do with collaboration”. COINs are by definition, collaborative.

So what are the key differences?

  • COINs change the paradigm from “buyer collects” to “supplier publishes and shares”
  • Document duplication, filing and storage across an industry is cut by 98%
  • Costs are shared across all parties
  • Reports are generated in seconds in real-time
  • Risk and Compliance communications are elevated from the noise of background e-mail

The Business Benefits of COIN’s

To conclude, I’d like to list some of the tangible and anecdotal benefits of the COIN approach experienced by those organisations who are COINing it.

Greater than 85% reduction in administration costs

Compared to the manual approaches to managing supplier compliance, we calculate that organisations can reduce administration expenses by more than 85%. This cost saving is made up of elimination of time taken to collect documents, reduced time chasing missing and expired documents, reduced time to generate reports, reduced cost of filing in terms of time and physical storage.

Furthermore, with the COIN approach, costs are shared across the industry.

Average supplier compliance greater than 95%

Now that compliance officers are no longer managing paperwork their focus on compliance helps drive average supplier compliance to greater than 95%.

Missing compliance documents at less than 1% or 2%

Having the luxury of time, compliance managers are now able to ensure suppliers are providing all the necessary compliance documents and not just the minimum of Product and Public Liability Insurance and Workcover.

The numbers don't lie

Looking at the advanced uses of COINs in terms of product recalls and corrective actions, our analysis shows:

  • Based on 1,426 recorded recalls relating to 111,000 products with over 540,000 items pulled off shelves, 77.1% of recalls were completed within two hours. By using automated phone messages, product recalls can be initiated within minutes and completed in a few hours. In the case of a high-risk product recall event, speed is of the essence to protect the brand.
  • According to a recent statement by the ACCC, “Product recalls are a crucial part of the Australian consumer product safety system – over the past 23 years, more than 10,000 recalls have taken place. In 2009 there were 779 recalls in Australia, some involving many thousands of products”.
  • Based on 22,950 Corrective Actions dating from October 12th, 2005, 41% of Critical Corrective Actions and 50% of Major and Minor corrective actions closed within 30 days.

Corrective actions are a fact of life when dealing with suppliers. Nothing is ever 100% correct all of the time. However, with COIN’s, suppliers have nowhere to hide. Buyers use the communications facilities of a COIN to log and analyse all non-compliances delivered by their suppliers.  Anecdotal evidence tells us that by highlighting Corrective Actions Requests (CARs) buyers have reported an marked increase in quality simply because the frequency and severity of all CARs are now measured and reported.


So, we’ve looked at how suppliers could be putting brands and reputations at risk. We’ve discussed the three main reasons for inaction and the consequences of non-compliance. Finally, we’ve examined the COIN approach, how it works and the measurable benefits it delivers.

COINs are being used by more and more risk and compliance managers because it is:

  • Low cost
  • Efficient
  • Accurate
  • Measurable

Furthermore, it

  • Improves Quality
  • Protects the Brand
  • Reduces risk exposure

So to ask the question posed last month – are your suppliers gambling with your company’s brand and reputation?

If you don’t know, you need to start COINing it.

Hand of cards

Table of Contents

Nigel Dalton-Brown, GAICD, AMIIA, MBA

Managing Director, Chair, Speaker, Lecturer, Author

Nigel is the Founder of Strytex and has been presenting and writing on Goverence, Obligational Awarenss, Risk Management and Compliance administration (GORC) since 2010.

Leave a Comment