Are you wondering why should I audit my suppliers? If you are wondering what the benefits are, read on.

Should one of your suppliers fail, your company pays the cost. This cost is not just financial, it could be lost time, reputation, increased risk on a project, reduced quality, and loss of human resources.

Your client might terminate a contract due to the poor supplier management, this loss of a contract may lead to reputation damage and additional lost work. This loss in revenue in turn may result in your company having to make head count reductions, all because of a failure on the part of your supplier.

In addition to the above, disruption to your supply chain is similarly costly. Coming out of the Covid-19 pandemic many businesses will be operating on a reduced capacity and some may not have made it through these challenging times. As a result, you may face production or service downtime and your company might not be able to fulfil your client’s requirements, leading to further lost business or reputation damage.

Managing your supplier’s performance, their ability to deliver and support your business is crucial to your business’ future success and ability to retain talent.

If the above does not make you consider a supplier audit program, the below benefits might.

1.      Auditing suppliers will save your company money

Regular audits of your suppliers mitigate supply chain risk

·        You can assess how your suppliers perform against service level agreements

·        You can identify problems early and seek to remedy them

·        You can improve inefficiencies on both supplier and company interfaces

·        You can identify any non-compliance with the commercial contract

2.      An Audit of your suppliers will ensure that they are complying with your standards

If you do not regularly audit your suppliers, how can you know that they are complying with your company’s standards? Be those Health and Safety, Quality, Standard Operating Procedures, Employee management standards. Your suppliers maybe in breach of their contract with you for not complying, how would you know?  Your client may expect your suppliers to comply with their standards, how do you check that this is happening?

·        Auditing to quality management standards

·        Auditing to the commercial conditions outlined in your contract

·        Auditing the adoption of the required health and safety practices

·        Auditing the implementation of client’s requirements, environment, culture and safety

3.      Auditing your suppliers ensures that you achieve continuous improvement

Frequently auditing your suppliers will help you understand if you are receiving a consistent product or services. Product delivery suppliers should be producing consistent products, using the required standard of materials, to your specifications, without defects. The only way to know if this is happening, is to audit your suppliers. For service providers, maybe outsourced finance services, how do you know that they are representing your company to your clients in the way you require them to, providing a high quality service, without periodically checking your 3rd party provider?

If you are committed to continuous improvement, it is exceedingly difficult to achieve without auditing suppliers. You need to have a in depth understanding of your supplier performance, to put in place the improvement for both your company, the suppliers’ company and the output to your clients.

Undertaking regular audits of your suppliers, strengthens your relationship with them. If you leave your suppliers to just get on with it, you are missing an opportunity to enhance the relationship, further develop partnerships, improve processes, reduce costs and share knowledge across companies.

Auditing your suppliers is a ‘win win’ process for both your company and your suppliers company, as the output provides improvement for both parties and strengthens your relationship with them. If you leave your suppliers to just get on with it, you are missing an opportunity to enhance the relationship, further develop partnerships, improve processes, reduce costs, and share knowledge across companies.

Your 3rd line of defence Internal Audit team may not have the capacity to undertake these audits. Your 2nd line of defence business assurance auditors may be focussed on your compliance with standards and may not have the capacity to undertake these audits. Your procurement team maybe not have an audit skill set to enable them undertaking these audits.

If any of the above applies to your company, but you would like to perform a health check audit on your suppliers, Audit Ink has the experience and resources available to assist, please get in touch to discuss further.

Contract Compliance is exactly what it says on the tin. It is ensures that the invoices received from your suppliers are complying to the contract that you put in place with them.

It sounds very simple and you would assume that your company already does this, because it is so simple, however they do not. Most invoices are automatically 3 way matched, which means the purchase order value, the quantity and service has been received. Whilst this process speeds the process up utilising automation, reducing time and effort, it sometimes misses the detail.

If you think about the volume of invoices that you receive in your company daily, it can be for some companies thousands, from small £50 invoices to £250,000 invoices.

The contract compliance approach takes your top 10-20 suppliers by volume and value and performs a forensic deep dive on the invoice to ensure that all the elements being charged comply to the contract.

Areas where I have found exposures are on hire items, where the rate should reduce after a set period, however it is not reduced and goes unnoticed.

Internal and external storage, the invoice is for 100,000 m2, the space you are utilising is 91,000 m2, your company is overpaying for space, however it goes unnoticed.

There maybe a volume discount clause in the contract, whereby your company will be in receipt of a bulk or volume discount if you purchase a certain amount of fuel over a period of time, your purchase price will be reduced for example, you pay £20 per litre for 100,000 litres of Marine Gas Oil, if your company purchases 100,001-200,000 litres of MGO the price drops to £18 per litre.

However, your company has not been tracking the utilisation, your supplier has not notified you and the discount point was reached 6 months ago, and you have been paying the £20 per litre rate, when you should have been receiving the £18 per litre rate, you are now in a position where the contract is not being complied with and you need to make a credit claim from your supplier.

Requesting credits from your supplier can be difficult and uncomfortable, which is why using a 3rd party to perform this service for you and negotiate the credit, can help preserve the client supplier relationship.

If you do not have a contract compliance function or somebody focussing on contract compliance, you maybe losing money on every invoice that you receive in from a supplier.

You may also be under charging clients, through a poor understanding of the terms and conditions of the contract and not managing the scope creep which nearly always occurs in projects and contractual relationships. Contract compliance protects your company’s interests and saves your company money.

Services

Contract compliance can be undertaken prior to Contract Award. This review removes any ambiguities, omissions, duplications and contradictions which can lead to over charges, under charges or costly misinterpretations.  This service can be undertaken remotely.

Contract Compliance can be undertaken as a Pre-payment service designed to detect any non-compliance before invoices are paid. This service detects non-contractual rates, over-charging, poor supporting documentation, volume and bulk discount non-compliance, which are all eliminated prior to invoice payment, in real time. This service can be undertaken remotely.

Contract Compliance can be undertaken as a Post Award forensic deep dive at the suppliers offices to ensure all elements of the commercial contract are complied with. This can also be referred to as a supplier audit and can focus on the financials, the commercials, health and safety, risk management and the general management of the contract. This service can improve the relationship between supplier and client by highlighting any operational improvements that can be made.

If you would like to learn more about Contract compliance or Audit Ink’s Contract Compliance services, get in touch kara.griffiths@auditink.com or head over to www.auditink.com

The current economic climate is challenging for all industries, for the Oil & Gas industry, the oil price on top of the Covid-19 pandemic has seen companies put projects on hold and commence consultation processes.

Oil & Gas companies find themselves continually reinventing the way in which they operate to manage and mitigate the commodity price volatility, increased technological innovation, and regulatory uncertainty.

Process improvement can deliver short term quick wins and long terms strategic changes to the way in which they operate. This can be in the form of a full restructure of resources or a restructure of a business line to streamlining end to end process to reduce waste.

An example may be ensuring that the controls around procurement ensure that you have full visibility and control over who is committing to spending your company’s money.

Often overlooked this fragmented process can be riddled with poor controls, from the Delegation of Authority which sits with Finance, the operational requirement, the project team’s needs and the procurement department’s control over the delivery of goods and services. Such a process which spans many departments can result in time, cost and energy waste.

Each element when viewed in isolation may seemingly work, and result in control owners saying “It has always been done this way”, however mapped end to end with all of the contributing processes, may identify areas of weakness and poor control which leaves your company open to fraud and financial waste.

Another example would be a company which has merged or acquired another, or many others due to the continual changes in the market. Often in these cases, the individual companies remain operating in the same way as they did prior to the M&A activity, which results in duplicate finance systems, procurement systems, risk systems and project management systems. It leads to difficulties in pulling together the month end financial reporting, which may be performed in several systems, using different methodologies resulting in incomplete or inaccurate consolidated reporting.  Not least working this way leads to increased costs for the licences and maintenance of the systems, duplicate staff increasing the overhead costs and inconsistent ways of working.

Taking time at the start of the merger process to identify these duplications and apply a business process improvement approach, reduces waste.

If you are interested in finding out more about Audit ink’s Business Process Improvement services and how it can help your organisation, please get in touch kara.griffiths@auditink.com.

Surprisingly, some companies still review risks on an annual basis, reviewing them to tick the box, only to put them in a drawer until the next compliance cycle.

Companies aim to ensure that they achieve compliance to the legislative, regulatory or best practise standard which they adhere to for risk management. Does this focus on compliance, lead to companies ticking the box of risk management compliance, rather than ensuring that the business actively manages it risks?

Many companies are achieving ISO 9001:2018 which is “an international standardised quality management system that helps organisations to analyse, control and improve their internal systems, processes, protocols and policies in preparation for any potential risks that the business may face.” These companies are audited to ensure that they have a risk policy, process and procedure, they are not audited in a way which establishes if the risk management is effective and embedded in the company. Some companies align to ISO 31000, which is a set of risk management guidelines that is not certifiable.

Other companies, which are listed on the stock exchange, have a requirement under the Financial Reporting Council (FRC) which states  “The board has ultimate responsibility for risk management and internal control, including for the determination of the nature and extent of the principal risks it is willing to take to achieve its strategic objectives and for ensuring that an appropriate culture has been embedded throughout the organisation.” The Board satisfies itself that there is a risk policy, procedure and process. Most annual reports, report on the company’s significant risks and the mitigations for the coming year, how much of this translates into real active risk management?

Many companies believe that risk management is a finance or health and safety function, while it is true that there are financial and health and safety risks which face companies on different scales depending on the specific industry, these are not the only risks which will lead to a company failure. A company faces risks across each function, each department and each system.

People hear the phrase ‘Risk Management’ and think, that does not apply to me, there is a risk manager in the company that has it all covered. If this is the case, then it is an indicator that the activity of Risk Management is not embedded in the organisation in question.

“Risk management involves understanding, analysing and addressing risk to make sure organisations achieve their objectives.” Institute of Risk Management (IRM).

Active risk management occurs when companies recognise that the accountability and responsibility for risk management lies with the Board, the senior executive, the managers and employees of the company and the risks are those which may stop an organisation achieving its objectives. They review these risks on a regular basis and continually improve the controls and mitigation strategies.

For risk management to be truly embedded in an organisation, each employee should understand, even at a high level, what risk management is and what their responsibilities are for assisting the Board in the management and mitigation of the risks.  Most employees mitigate risk on a daily basis by using process, procedures and systems, all of which are control, however they may not realise what they are doing is mitigating the risks of their company, because no one has explained Risk Management to them, or the importance of it within a company.

Companies face risks on a daily, weekly and monthly basis, reviewing risks annually is just ticking the box. Actively managing risks, actively owing them and the mitigation leads to embedded risk management.

Further reading:

IRM https://www.theirm.org/what-we-do/what-is-enterprise-risk-management/

ISO https://www.iso.org/iso-31000-risk-management.html

FRC https://www.frc.org.uk/getattachment/d672c107-b1fb-4051-84b0-f5b83a1b93f6/Guidance-on-Risk-Management-Internal-Control-and-Related-Reporting.pdf

What surprises me?

I have been an Auditor for 20 years now and a consultant to companies requiring Internal Audit or Risk Management support for the past 4 years. What surprises me is the number of large organisations who have not yet entertained the benefits of Internal Audit for their organisations. Many of my friends do not really understand what I do either, so as a profession we must work harder to explain.

Why do we have so many organisations in the UK not have an Internal Audit Function?

I think one of the common occurrences would be that companies do not understand the benefits of Internal Audit. In addition to not understanding the benefits, having an Internal Audit function increases the overheads of a business and ultimately impacts the bottom line. The other is the confusion between the work of External Audit and Internal Audit.

What are the differences between Internal and External Audit?

External Audit is a service provided by a 3rd party accountancy organisation. External audit is engaged by the Board to provide an independent assessment of the financial statements to ensure they are a “true and fair” account of past financial performance and current financial position.

Internal Audit’s role, as defined by the Chartered Institute of Internal Auditors, is to provide independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively.

What are the benefits of Internal Audit?

Internal Audit sits in a unique position in an organisation, it reports to the Audit Committee, which is made up of Non-Executive Directors, this enables the function to provide independent, unbiased and objective advice to the Board and senior executive.

Internal Audit is typically the only function which can see across a whole organisation and has the ability to provide assurance to the Board that the risks which face the organisations objective, vision and mission, are being managed effectively with the use of controls, processes and procedures.

The helicopter that Internal Audit has, enables the function to identify gaps in process between departments, gaps in roles and responsibilities and where the mission, tone or culture, which has been set by the Board, is not cascading effectively.

Audits are typically aligned to the organisations risks and will assess the effectiveness of the mitigation plans of those risks, be it controls, processes, systems or improvement projects. If the controls are not effective in mitigating the risk, Internal Audit will provide recommendations on what can be done to in order to improve.

Further reading

There is some useful literature on the IIA’s website aimed at Audit Committees and Directors which can be accessed using the links below.

Internal Audit - Director Briefing

Internal Audit - What every director should know