In my last corporate position, my company was at the compliance forefront because we required compliance related audits for vendors in the supply chain. This was cutting edge in 2007-08. However, now an audit for adherence to compliance requirements has become a standard best practice in the management of business relationships with third-party vendors in the supply chain. In several settlements of enforcement actions through both DPAs and NPAs, in the 2012 FCPA Guidance and, most recently, in the 2019 Guidance, the DOJ made it clear that a best practices compliance program includes the right to conduct audits of the books and records of its suppliers to ensure compliance. Many companies have yet to begin their audit process for FCPA compliance on vendors in their supply chain. This is a missed opportunity from both the compliance perspective and greater business efficiency.
Any organization which audits a business partner in its supply chain should consult with legal, audit, financial and supply chain professionals to determine the full scope of the audit and a thorough and complete work plan should be created based upon all these professional inputs. After an audit, an audit report should be issued. This audit report should detail incidents of non-compliance with the compliance program and recommendations for improvements. Any reported incidents of non-compliance should reference the basis, such as contractual clauses, legal requirement or company policies.
Three key takeaways:
- Is your supply chain vendor committed to the audit process?
- Capture the data, analyze the data, report on the data.
- Supply chain audits are no longer cutting edge but are now simply best practices.