Many companies operate across geographic and physical boundaries, using increasingly 
complex supply chains. The supply chain is no longer a mere support function but has now evolved into a separate, distinct and extremely important business function, responsible for operational efficiencies and profitability for the organization.
With this new found importance for the supply chain function comes additional risk for the organization. The complexity and integration of supply chain with other business functions means that risks to the supply chain can adversely affect the organization as a whole to unprecedented levels.
INTERNAL AUDIT – WHY IT’S IMPORTANT?
One way to anticipate and mitigate the risks to supply chains is by conducting internal audits. An internal audit of the supply chain is one of the most powerful ways to reduce operational costs, improve the efficiency and effectiveness of operations and provide the company competitive advantages and. The main purview of the activities of an internal audit is assessing risk and analyzing the functioning of the supply chain.
For gas and electric utilities and petrochemical companies, the supply chain process requires focused attention. These organizations place strategic reliance on maintaining critical infrastructure and obtaining materials for large facilities. Within the utility and petrochemical industry, inventory and supply chain processes are often thought of as the procurement and management of large pieces of equipment such as transformers, transmission poles, pipes etc. Supply warehouses are also filled with many other types of ancillary tools and equipment that are more difficult to count accurately and inventory. There are materials which have high scrap value that can be misused. Very often, storerooms exist in locations that are unmanned.
Before organizations can devise effective means of reducing supply-chain risks, it is important to understand the universe of risk categories as well as the events and conditions that drive them. Internal auditors need to be aware of the various risks and relational value when considering a review of the supply chain process. With clear, specific knowledge about crucial risks, organizations can proceed to select and tailor mitigation strategies, to be most effective. Today’s supply chain auditing requires innovative thinking in broader terms than typical reviews of bid and award processes.
Some of the key points to consider when undertaking Internal Audits and Supply Chain Risk Management are:
MAP YOUR SUPPLY CHAIN
Mapping the supply chain can help identify the risks the organization faces and how best to prioritize and address them. To prioritize and address risks, firms will need to identify criteria for determining what may pose a risk to its operations. One potential starting point is the supply chains for the products most affecting firm profitability.
IDENTIFY THE EXTERNAL AND INTERNAL RISK ENVIRONMENT
Internal risk can be posed by a rogue employee, inadequate policies, strategies, or organizational structures, systems breakdowns, procurement failures and other causes.
The external risk environment to an organization can be related to its suppliers and vendors, such as supplier bankruptcy. External risk can also involve natural disasters, accidents, sabotage, or labor uncertainty and disputes, act of war or terrorism etc.
IDENTIFY AND ASSESS RISK
Risk identification and assessment process includes risk analysis and evaluation as well. Risk identification can start with making a list of common external risks such as natural disasters; accidents, sabotage, or labor uncertainty; supplier risks such as production problems, financial issues, or subcontractor problems; distribution risks such as cargo damage, warehouse inadequacies, or supply pipeline constrictions; and internal risks such as personnel availability or facility unavailability. It’s important to prioritize risks by the threat (as measured by likelihood and consequence) they can pose to a firm’s operations. Risks can be prioritized through risk-based pricing and analysis of performance of individual elements.
SUPPLIER RELATED RISK
Access your relationship with your suppliers in terms of their risk mitigation and their solvency and stability. Also, an organization should examine their reliance on the supplier in terms of profitability and operational dependency. Suppliers may face meteorological risks, or transportation risk, which can affect the organization as well. Supplier risk can include production problems, financial problems and other issues. Often, with suppliers, issues arise relating to conflict of interest, pricing, kick-backs, fraudulent billings, accounting for returns and scrap as well as a multitude of other issues.
MAKE A RISK TREATMENT PLAN
Devise risk treatment plans. This includes measures to protect the supply chain from risks, plans to respond to events that these risks may cause, and plans to continue operations in the face of disruptions and fully recovering from them. This may also involve determining ways to measure risks and the effectiveness of plans to limit them or to respond to disruptions. Risk management systems which proactively address risk including Key Risk Indicators (KRIs) for early warning are essential.
TACKLE RISKS AT THE CORRECT LEVEL IN THE SUPPY CHAIN
After you have identified risks and rated their effect on profitability, it’s essential to tackle risks at the right level. For example, manufacturing risks exist at manufacturing sites and may require different policies than for corporate headquarters. Supplier risks exist at supplier sites (including those of sub-tier suppliers) and their mitigation often requires greater communication and interaction with the supplier. Distribution risks exist at suppliers and in transportation and logistics systems. Legislative, compliance, intellectual property, and regulatory risks exist at the country or regional level for multinational enterprises. Finally, strategic risks exist at the business unit or corporate level.
CONTINUALLY MONITOR AND ASSESS YOUR RISK TREATMENT PLAN
It’s essential for the organization to have continual communication and consultation as well as monitoring and review of the risk management process. Internal audits need to have procedures in place for supplier due diligence and monitoring of quality specifications. For utility and petrochemical companies, quality and environment, and health and safety impacts from the supply chain are as important as efficiency of operations. Continuously monitoring and reviewing includes evaluating the effects of risk treatment and also maintaining the plan and responding to changes in suppliers, processes, and regulation affecting elements of the supply chain. It also entails continually identifying opportunities for improvement.
However, today’s supply chain auditing mustn’t just include responding to crises. Early intervention and even prevention must be given priority over crisis management. For internal auditors and supply chain managers, the challenge and opportunity is to mitigate risks by intelligently positioning and sizing supply chain reserves without decreasing profits. That’s easier said than done. If you’re looking for some expert guidance, this webinar on post auditing supply chain processes by expert Lynn Fountain, CGMA, CRMA can help you in chemical industry regulations. Lynn is especially experienced in auditing for the petrochemical or utilities companies and provides expert guidance tailored especially for such organizations.
