Compliance needs monitoring

Man at desk shouting down phone

First published by Procurement Professional, the official magazine of CIPS Australia, June 2011


Actions by suppliers are damaging brands and reputations and more and more company directors,
officers and managers are facing prosecution for supplier negligence. Why are purchasing and contract
professionals not adequately protecting themselves and their organisations? Nigel Dalton-Brown shares
his research into how companies are managing supplier compliance and exposes the underlying issues

Key points

  • Many organisations don’t track compliance.
  • The consequences of non-compliance can be severe for a company, its directors and its managers.
  • Organisations are beginning to share the costs and administrative burden across their supply chains


Why is supplier compliance management (SCM) in such a poor state? Why are professionals finding SCM so difficult to manage? A recent survey shows purchasing and contract professionals are drowning in paperwork while, at the same time, they’re handicapped by antiquated tools.

Inspired by an Aberdeen Group finding that “59% of organisations either didn’t measure or didn’t know when they ran independent audits of contractor compliance”, we tested the Australian market and found that only 30% of respondents didn’t track compliance. The other good news is that the percentage of companies that check the compliance of their suppliers at least once a month is currently 20%. So why are only 20% of companies tracking supplier compliance at least once a month?

Over the past 10 years, we’ve spoken to a number of organisations about supplier compliance, whether it’s for the supply of products or services. We’ve found that all organisations fall into one of the following four categories:

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

The uninformed

These organisations are unaware that they are legally obligated to collect supplier compliance information. They still operate under the illusion that having a clause in a contract requiring suppliers and subcontractors to “comply in all material respects with all applicable laws, statutes, and regulations” is enough. Thankfully, the number of these organisations is decreasing.

Office worker shrugging
Office worker with fingers crossed

The Risk Takers

These are the organisations that know what they should be tracking and reporting, but are using the excuses of insufficient time, inadequate budget and insufficient administrative resources to take the risk that nothing’s going to happen. unfortunately for the shareholders, these organisations are in the majority.

The Grudgingly Compliant

These organisations are investing the time and money to protect their shareholder’s interests by actively ensuring their suppliers are ethical and compliant.

Stressed office worker with piles of paper
Office worker with thumbs up

The Sorted

These organisations’ supplier compliance levels average over 95% and missing documents are typically less than 1% or 2%, all for a fraction of the expenditure experienced by the grudgingly compliant.

So how big is the problem?

We asked “Approximately how many compliance documents do you believe your organisation needs to manage?” and “What type of system do you use to manage your suppliers’ compliance?” and the results show that:

  • 44% of organisations are trying to manage over 5,000 compliance documents, each with different expiry dates, and
  • 6% of organisations either have no system or have manual systems for managing thousands of compliance documents.

With most companies trying to manage this large volume of documents manually, it’s not surprising that almost 50% of companies responded that they did not remove suppliers for non-compliance because they could not track it well enough.

When we dug deeper, it comes as no surprise that 56% of respondents report that they have either never run, or found it too difficult to run, a report to check on supplier compliance. even when the report is run, 42% report having a low or very low confidence in the accuracy of the data as most of the information is months out of date.

Organisations are putting purchasing and compliance professionals at risk by asking them to track thousands of documents using antiquated manual methods, with no increase in budget or resources. It’s no wonder most don’t have time to keep up to date with all the legal and regulatory requirements.

Why is supplier compliance so important?

The consequences of non-compliance can be severe for a company, its directors and its managers. Plenty of disaster stories exist around high-profile companies that have come undone because of non-compliant product suppliers: lead paint in children’s toys, poisonous baby formula in China and many more. Brand reputation takes years to rebuild and the costs reverberate right throughout the supply chain. Food safety incidents have serious consequences for growers, food processors, distributors, retailers and food service entities.

Supplier-caused recall incidents cause a company significant financial damage, covering cost of recalls, decontamination, recovery costs, lost sales, litigation costs, damage to brand and reputation, trade restrictions, and the impact on stock price. In early 2010, McDonald’s had to recall 13.4 million novelty Shrek glasses due to high levels of cadmium.

Closer to home, according to a statement by the ACCC, “product recalls are a crucial part of the Australian consumer product safety system – over the past 23 years, more than 10,000 recalls have taken place. In 2009, there were 779 recalls in Australia, some involving many thousands of products”.

There are various examples of head contractors being prosecuted along with sub-contractors for OHS incidents that were arguably caused by the sub-contractor, and the proposed new “model” OHS laws that are due to be implemented in early 2012 will widen this area of potential liability for head contractors.

Sustainable risk and compliance

From PricewaterhouseCoopers

  • It is possible to significantly improve risk management and compliance effectiveness and lower costs.
  • The last decade has seen an unprecedented increase in risk management spend.
  • The costs of the risk management and compliance functions themselves are only a fraction of the true cost of risk and compliance activities.
  • The credit crisis has caused deep reflection as to the effectiveness of risk management and compliance in its current form.
  • Moving quickly is imperative.
  • A fundamental re-think of the existing frameworks is needed.
  • Financial institutions are beginning to organise around a core of common principles as opposed to the existing silos.
  • Progress is being made through agreement on these principles, alignment of the organisation and the execution of pragmatic, incremental steps.
  • Technology is emerging as a key enabler.
  • Modern sourcing practices for risk and compliance services are being applied to reduce costs.
  • Where successful, senior management has committed to this new way of thinking and the accompanying cultural changes.

Conclusions and recommendations

There is a growing understanding of the need to check supplier compliance, for both products and services, on a regular basis; however, with 80% of organisations doing it less often than monthly, there is a long way to go.

T racking supplier compliance today is difficult because:

  • Almost 80% of companies rely on manual systems;
  • Most companies track over 1,000 documents, 44% track over 5,000;
  • 64% of staff and officers are not fully aware of all the compliance issues they need to track;
  • As a result, 50% of companies do not remove suppliers for non-compliance because they are unable to track it effectively and accurately.

Organisations are beginning to share the costs and administrative burden across their supply chains by using the Community of Interest (COIN) approach detailed in the April 2010 edition of Procurement Professional.

It’s been noted that supply chain management today is an area of enormous reputational risk. Organisations need to provide purchasing and contract professionals with the budgets and the tools to carry out their jobs more efficiently and more effectively so that they can spend more time managing compliance rather than managing the paperwork. These professionals are key members of the team that defend the company’s brand and reputation.

Table of Contents

Nigel Dalton-Brown, GAICD, AMIIA, MBA

Managing Director, Chair, Speaker, Lecturer, Author

Nigel is the Founder of Strytex and has been presenting and writing on Goverence, Obligational Awarenss, Risk Management and Compliance administration (GORC) since 2010.

Leave a Comment