- Step 1: Engage Stakeholders and Partners
- Step 2: Assess risks and impacts
- Step 3: Develop code of conduct
- Step 4: Communicate and Train across your supply chain
- Step 5: Monitor compliance
- Step 6: Remediate violations
- Step 7: Independent review
- Step 8: Report performance
Managing Audit Data
Auditing has little utility unless the company is committed to using audit data to improve labor conditions over time. Audit data should be entered into a database system that allows for thorough analysis of any particular audit, as well as analysis of aggregate data over time on each supplier and worksite audited, on each product line, on each type of violation, on compliance in distinct geographic zones, and other patterns.
There are several challenges to maintaining an effective audit database.
First, the system must be able to effectively process data coming from a variety of different individual auditors, including internal and external auditors and/or audit data received from industry or multi-industry group audits. If your audit tools are on paper, your auditors or other staff must be trained to enter data in a uniform way into the system. (Some companies hire subcontractors to clean audit data.) If your company also receives data from independent monitors, you should include that data as well.
Training is especially important if you allow those being audited to enter their own information for the self-assessment. For example, the Business Social Compliance Initiative gives applicants access to their database to enter the self-assessment, and then auditors add their reviews to the supplier’s account in the system. Some of these applicants may have limited computer literacy or familiarity with databases and it is crucial to teach them how to properly enter information to ensure data integrity.
Before thinking about training auditors and self-assessors, you should focus on database design. A well-designed database can help ensure data integrity by making data easy for the user to enter in the right format. A customized database with a logical design means that a company only gets the information it needs and that this data is useful and analyzable. Any company, no matter its size, can minimize faulty data by starting with a good database. Additionally, data integrity checks can be automated with several software programs available.
Integration with Other Information Systems
The second challenge is integration. The database must be integrated with information systems that track other social compliance program data, such as supplier lists, supplier training and capacity-building data, remediation, and independent verification information. Second, it must be integrated with other company functions, particularly sourcing, so that social compliance data is utilized effectively by other business units. Integration should be such that the sourcing department places orders with suppliers who perform well on social audits.
Using the Data
A third challenge is setting up clear processes for the use of data. Auditors should check the database as they prepare for an audit, to look at the audit history of a particular worksite as well as the types of violations that are common in that geographic location and/or product type. The social compliance team should have clear processes for analyzing data from specific audits as well as tracking patterns across all audits.
If violations are found at a worksite, there should be processes in place for tracking that supplier’s remediation. The team should be looking for patterns of violations in specific product lines, particular regions, violations related to supplier ownership/management and other issues. When patterns are detected, the scheduling audits should shift toward those types of worksites that seem to pose greater risks. The team should also have checks in place to identify “outliers” and verify data accuracy.
There will be times when audit data reveals serious violations, and times when a particular supplier continues to violate the code despite repeated audits and remediation efforts. Your company will need policies to determine when to continue remediation, and when to discontinue your business relationship with a particular supplier. Some companies have “no tolerance” policies in place with respect to certain violations, often child labor or forced labor, for which they will immediately discontinue or suspend a relationship with a supplier. Others continue remediation for a certain time period or to achieve specified targets, but if the supplier does not show sufficient improvement, the company discontinues the relationship. When terminating a business relationship with a supplier, the company should always keep in mind the impact of such a termination on the workers.
Continue to Further Resources >>