conducting and closing responsible sourcing type audits ... … · b. internal ethics values c....
TRANSCRIPT
DNV GL © 2017 SAFER, SMARTER, GREENERDNV GL © 20171
Conducting and Closing Responsible Sourcing Type Audits
AIM Progress – Dubai – 23rd March 2017
Dr Colin Morgan, Principal Consultant, DNV GL
DNV GL © 2017
Agenda
2
DNV GL © 2017
Introduction
3
DNV GL © 2017
Your Presenter
4
Dr Colin Morgan, Principal Consultant, DNV GL
13 Years in Sustainability Roles
Worked Extensively Across a Range of Sectors Globally
Specialism in Social Audits / Assessments / MSA
Key Areas – Value Chain, Modern Slavery, Report Assurance, SDGs
Please Contact Me…
Mobile +44 (0) 7808 880784
Email [email protected]
LinkedIn https://uk.linkedin.com/in/colinwmorgan
DNV GL © 2017
About DNV GL
DNV GL’s core competence is to identify, assess, and advise on how to effectively manage risk. Our independence and integrity are our main strengths. We have a global presence and a network of over 300 offices in 100 different countries.
Our Purpose
To safeguard life, property, and the environment
Our Vision
Global impact for a safe and sustainable future
Our Values
• We build trust and confidence
• We never compromise on quality or integrity
• We are committed to teamwork and innovation
• We care for our customers and each other
• We embrace change and deliver results
16,000Professionals
100Countries
300+Offices globally
£1.79 bn2014 revenues
1864Year founded
OsloHead office
1864Year founded
5
DNV GL © 2017
DNV GL © 2017
Preparing for the Audit
7
DNV GL © 20178
DNV GL © 2017
The Responsible Sourcing AuditFirst, Understand What the Audit is Based On
1. Auditors are the eyes and the ears of someone not
present at the audit
2. Responsible sourcing supply chain audits serve two
customers: the audited company (supplier) and the audit
requestor (buyer) – usually a supplier pays for 1 audit,
the buyer can commission thousands
3. Client-specific audits are regulated by client own
requirements and auditors are bound by these
4. The audit has clear objectives and the auditor has to
follow a set audit and sampling framework but can be
flexible in the structure of the day
5. A good audit is not enough, a good report is equally
important and above all the audit simply records the
underlying systems and information – above all – the
audit seeks to verify what you are doing over the long
term
6. The audit is intended to understand the level of
integration of your systems and to assess the level of risk
you expose yourselves and your customer to
9
Our experience means…we have seen it all
We know the devil is always in the detail
DNV GL © 2017
A Typical Social / Responsible Sourcing Audit
10
HEALTH & SAFETY
1. Health & Safety
Management System
2. Health & Safety Training
3. Emergency & Fire Safety
4. Machinery & Site Vehicles
5. Hazardous Materials
6. Worker Health
7. Housekeeping & Hygiene
ENVIRONMENT
1. Environmental
Management System
2. Waste
3. Natural Resources
Management: Raw
Materials & Water
4. Pollution & Emissions
5. Energy & Climate
6. Biodiversity
7. Supplier Sourcing
LABOUR
1. Labour Management
System
2. Freely Chosen Employment
3. Freedom of Association and
Collective Bargaining
4. Accommodation
5. Child Labour and Young
Workers
6. Wages
7. Working Hours
8. Discrimination
9. Regular Employment
10.Discipline & Grievance
LAND RIGHTS
1. Land Rights of
communities and
indigenous people
BUSINESS ETHICS
1. Business Ethics
Management System
2. Anti-Corruption
DNV GL © 2017
Audit Overview
11
DNV GL © 2017
Preparing : Understanding - Overview of the Audit Cycle
12
DNV GL © 2017
Code of Conducts
Code of Conducts / supplier audits are
typically based on:
A. Standards and International norms
B. Internal ethics values
C. International Conventions
Code of Conducts therefore comprise a mix
of elements and ultimately result in a mixed
set of requirements drawn from different
resources
13
DNV GL © 2017
Preparing
First principle is that you, as the nominated supplier:
– Consent to the audit
– Agree access to the auditor
– Benefit from the audit
– Can prepare fully to ensure a good audit and good audit result
– Can demonstrate that you have a conforming approach to requirements
Second principle is that the auditor:
– Is objective and impartial
– Will not take any information from the site / treats information confidentially
– Will treat you and your team with courtesy and professionalism
– Cares that you do well on the audit
– Appreciates that your commercial relationship is valuable
– Wants you to have a good experience
– Has phenomenal levels of experience to bring of social audits
– Wants to help you by ensuring you understand the requirements
– Won’t surprise you at the end of the audit
14
DNV GL © 2017
Preparing
15
SA8000
GUIDANCE
DOCUMENTLink:
http://www.sa-
intl.org/index.cfm?f
useaction=Page.Vi
ewPage&pageId=1
463
SEDEX
SUPPLIER
WORKBOOKLink:http://www.sede
xglobal.com/res
ources/supplier-
workbook/
SMETA BEST
PRACTICE
GUIDANCELink:http://www.sedexglobal.com
/wp-
content/uploads/2014/11/1a
.-Publicly-available-SMETA-
Best-Practice-Guidance-4-
Pillar-5.0.pdf
WORLD BANK
DATABASE
Link:http://www.doingbusiness.
org/data/exploretopics/lab
or-market-
regulation#difficultyHiring
LABOUR STANDARDS AND CODES OF CONDUCT
LOCAL LAW
ECOLEX
Link:http://www.ecolex.org/ecolex/l
edge/view/Legislation;DIDPF
DSIjsessionid=D36ED530F8A
657D97E8C4CB9D996B3BB
SMETA
MEASUREMENT
CRITERIALink:http://www.sedexglobal.com
/wp-
content/uploads/2014/11/1b
.-Publicly-availablity-
SMETA-Measurement-
Criteria-4-Pillar-5.0.pdf
DNV GL © 2017
Preparing – 9 Point ETI Base Code – Self Assessment
16
DNV GL © 2017
Audit Preparation
Company/site to be audited should get prepared and be made aware
about the audit process - auditor should send and confirm at least:
– Audit plan (agenda)
– Agreed scope of the audit (e.g. sites / buildings)
– Requirements to be used for the audit (e.g. Code or standard)
– Documentation that needs to be available during the audit
– Key people to be available on the day of the audit
– Arrangements for employee interviews
– Confidentiality / data protection information
Sometimes, confusion can happen!
– Company has set up all necessary logistics and authorisations
– There are no language barriers with management and workers
– No misunderstanding on scope, criteria or purpose of the audit
17
DNV GL © 2017
Triangulation Method – Verifying from Different Sources Observation, Document Reviews, InterviewsWe Are Not There to State You Are Not Compliant…
18
Opening Meeting
“Continuous” Interviews,
Examination of Facts,
Validation
Policy Reviews
Site Walk
Documentary Evidence
Reviews e.g. Effectiveness of
Systems…e.g. You Do
Training, But How Do You
Know Effective
Confidential
Worker Interviews
Selected by Auditor
Policy Reviews
Procedure, Process Checking
Record Checking
Audit Team Discussion
Auditor Reflections
Fact Checking
DNV GL © 2017
Audit Structure – What We Will Do
19
Opening Meeting● Introduce audit team to management and workers’ reps ● Ensure that management is clear about the audit process, scope,
criteria and purpose● Held in a language understood by the management● Confirm availability of required documents and to take photos● Explain confidentiality and privacy protection measures ● Explain conclusion and follow up to audit
Site tour
● Visit and freely investigate all areas● Visual inspection of safety aspects and general working conditions● Identify potential vulnerable groups of workers● Hold unstructured conversation with management and workers● Seek site-based evidence to support findings● Observe management systems and practices● Take photographs with permission of management
● Individual or group worker interviews on compliance issues ● In the worker’s own language● Uncover hidden issues such as discrimination or intimidation● Cross check with management declarations and company records
Worker
Interviews
Management
Interviews
● Management interview e.g. HR manager, HSE ● Interview for Business Practices e.g. Sales Manager
DNV GL © 2017
Audit Structure – What We Will Do
20
Closing Meeting
● Inform and agree with site management of findings● Clarify any outstanding issues or questions● Agree suggested CAPR● Dispute of findings (manager is able to reject a non
compliance)● Include all those attending at the opening-meeting● Relevant findings are presented but protect confidentiality● Immediate correction of non-compliances (still noted in the
Report)● View findings in positive and constructive manner● Conclusion of the audit
● A meeting between auditors aimed at consolidating all the findings (supported by objective evidence)
● Review and discuss the evidence presented● Determine the compliance status of each finding● Make copies of useful supporting documents
Documentation
Review
● Written policies and procedures● Company documents and records including collective
bargaining agreements, permits, licences, insurance etc. ● Sample individual worker documents and records including
payroll, employment contracts, hours worked, other personnel records, grievances, disciplinary, training etc.
● Health & Safety and Environmental related documents● Business Practices related documents
Pre - Closing
Meeting
DNV GL © 2017
Audit Preparation - Key People to be Available
21
Senior management representative
Human Resources Manager
Health & Safety Manager
other managers or key individuals identified by the site as the persons responsible for demonstrating compliance on relevant audit areas (for example Environment or Business Ethics)
union and/or worker representatives
in case of subcontractors operating on-site, reference management of the subcontracted company
DNV GL © 2017
Documentation Review and Sampling
All documentation requested in the audit plan should be available on-
site for inspection on the day of the audit
If requested documentation is unreasonably absent during the audit,
this may normally be regarded as a Non-Conformance
We usually review documents from a period of 12 months prior to
the audit and to select at least 3 months’ of records from this set of
data (especially for wages and working hours) and for good practice
we may include records for peak season, low season, holiday periods
and most recent period available – they all need to be in good order
The records for the workers who have taken part in individual
interviews may be checked and we will ask their permission – but we
will never specify who said what when we report back
We will pay special attention to records of local inspections by
government organisations (e.g. business licenses, checks by fire
department or structural safety checks)
22
DNV GL © 2017
Audit Preparation - Typical Documents to be Made Available
23
Facility floor plan
Applicable laws and regulations
Labour contracts/written employment agreements
Employee handbook (terms and conditions of employment)
Collective Bargaining Agreements (CBA)
A list of all the chemicals and solvents used
Training records
Permits, Operating licences, Certificates of Operations, etc.
Government Inspection Reports, e.g. sanitation, fire safety, structural safety, environmental compliance, etc.
Machinery inspection/service logs
Accident and injury log
Emergency action procedures
Evacuation plan
Time records for the past 12 months
Payroll records for the past 12 months
Piece rate records for the past 12 months (if applicable)
Insurance, tax and other required receipts
Production records
Minutes of joint committees
Previous audit reports & corrective action logs
Any appropriate certifications
Facility polices
DNV GL © 2017
What Auditors Look For
In simple terms, the auditor is looking for conformance to the standard
The standard e.g. SMETA, or your customer’s own protocol e.g. SGP, URSA
The auditor is also looking for
– Demonstration of compliance
– Living and logical systems
– Order
– Maturity of systems
– Level of conformance to your customer’s requirements
– Level of compliance to local law
– Impact on your issues (e.g. on workers)
– Continuous improvement
– Accountability
– Clear, solid data, good data management – e.g. on working hours
– Positive supportive behaviour and good practice
24
DNV GL © 2017
What Auditors Look For – Management Interview Example
Assess management awareness and understanding of their role andresponsibility in meeting the requirements
Review and discuss company’s implementation of policies andprocedures against relevant Code or standard and laws
Request objective evidence of effective implementation and compliance
Dig beneath the surface and challenge initial responses
“Yes.”
“Is potable water
available?”
“Yes, but for how
long?”
“Yes.”
“Is lighting in the
production area
sufficient?”
“Yes, but are all lights
turned on at all
times?”
“Yes.”
“Are workers provided
with protective
equipment?”
“Yes, but are they
capable of using it?”
DNV GL © 2017
What You Can Do to Prepare
Understand your customer’s requirements
– Study them
– Appoint someone in your organisation to undertake an analysis
– If that is you, then thank you for coming!
Undertake an internal audit / gap self-assessment of your current alignment / SAQ
For instance;
– Many challenges currently made by your customers on recruitment practices
– So what are you doing currently to evaluate and manage risk?
– Ask yourself
– what policy do we have on this?
– who is in charge / accountable for this?
– who knows about it in the business?
– what are the risks, how are they managed?
– what policies / procedures do you have?
– what data you have to support this?
– what training and improvement plan?
26
DNV GL © 2017
A Good Audit Means a Good and Effective System is in Place
Actually what the auditor is looking for is
– Evidence that you have a robust system
– That your system is well established
– That the information you have, can be verified from different perspectives
– Also known as triangulation
– Whilst it is important to have a good audit experience
– It is most important that you can demonstrate the system is well embedded
– That the systems are taken seriously
– That the commitment to the system is high
– That you are compliant
27
DNV GL © 201728
EVIDENCE
FACTS
SYTEMS
CONTROLS
SAMPLING
DATA
DNV GL © 201729
SHOW ME
TELL ME
WE ASK LOTS OF
QUESTIONS
DNV GL © 2017
Audit Findings
Non Conformities (or Non Compliances)
An instance where the audited company practices do not meet the audit
criteria or the audited company was unable to demonstrate compliance
Observation (or Opportunity for Improvement)
A practice that does not contravene the audit criteria, but if not corrected,
could lead to Non Compliance
Depending on the type of the audit, it may include situations where insufficient
evidence has been gathered to record a Non Compliance or an isolated lapse is
rectified and verified as corrected before the end of the audit.
Good Practice
A voluntary site practice exceeding the audit requirements
30
CORRECTIVE ACTION
PREVENTIVE ACTION
DNV GL © 2017
Description of the issue
Factual
Precise
Objective
Traceable
Concise
31
Would someone else who was not present at the audit be able to understand what happened and the severity
of the problem, based on what you write?
The Independent Objective Observer Test
What was the issue?
How many people were involved?
When did it occur? How often did it
occur (was it isolated, periodic,
systematic)?
Where did it occur? in which
department or area?
DNV GL © 2017
Audit Criteria
o Every Non Conformance must be raised against an applicable audit
criteria, either from standard, Code or Conduct or relevant legislation
(national/local law)
o Legislation should be used as a default - Code/standard when it’s
stronger than law or when no local law exists
o When raising a Non Conformance against legislation requirement,
adequate information shall be provided over the violated requirement,
for the benefit of the report reviewers and readers
– include full name of the law and reference to section/article number
– copy (or summarise) an extract from the text of law (keeping as short as
possible)
32
DNV GL © 2017
Audit Findings and Conclusions
33
Audit findings result from a process that evaluates audit
evidence and compares it against audit criteria. Findings
identify non-conformities but also identify best practices or
improvement opportunities.
Audit conclusions are drawn by the audit team after the
audit has been completed and after audit findings and audit
objectives have been considered.
DNV GL © 2017
Table Discussions on Challenges
34
DNV GL © 2017
10-15 Minutes Discussion
In your tables, please discuss then raise questions on
– What challenges you have in Health & Safety
– How can you demonstrate you are conforming / compliant
– Have you undertaken a risk assessment – how did you do it
– What do you need to focus on when you get back
– What challenges you have on Working Hours
– Examine what the auditor will find if they visited you today
– Are you conforming / compliant
– What changes do you need to make to ensure you are compliant
– How accurate is your data – cf. Working Hours, Pay, Actual Production
– Are you aware of the international dimensions e.g. Modern Slavery Act 2015?
– Questions, feedback
35
DNV GL © 2017
For Instance – On Working Hour and Overtime
Use a time-keeping system
Set limit for hours worked in a week
Observe overtime compensation
regulations
Mandate days off
Indicate processes for worker overtime / contracts
Ensure that all overtime is voluntary
36
DNV GL © 2017
Closing Out the Audit ResultsCorrective Action Follow-Up
37
DNV GL © 2017
If Auditor Finds This On Arrival – There is An Underlying Problem
38
DNV GL © 2017
Closing Out an Audit’s Findings
At the end of the audit, at the closing meeting, the audit findings will be discussed
The auditor should ensure that you have the opportunity to discuss findings
There will be a discussion about root-causes
So for instance, the picture previous, what is the root-cause here…?
You need to think deeply about why the finding arose and how you can prevent it
39
DNV GL © 2017
Follow-Up Verification to Close Findings
Used to verify progress and clear non-conformances
Must address the fundamental finding raised
Ensure you don’t solve one issue whilst causing another
Ensure the new system / approach is embedded
Tackle the deep-root-causes to ensure does not go back
One of the key concerns of your customers is recidivism
Auditor will either visit site again / or close remotely
The more findings the more likely an onsite follow-up
The auditor will follow the same audit method as initial
Ensure that corrective actions are done in 90 days
Ensure the corrective action is sustainable
Get to a position where you shine for the customer!
40
DNV GL © 2017
Finally…Social Auditors’ Soft Skills
Perceptiveness - ability to grasp the problem quickly but without
jumping to conclusions
Persistence - ability to overcome difficulties and maintain planned
course of action in spite of setbacks
Flexibility - ability to see things from different points of view and
adapt to changing circumstances
Discipline - ability to approach a problem logically and
systematically without prejudices
Sociality - ability to interact effectively with people of different
culture and background
Empathy - ability to understand others’ emotions and feelings
Communication - ability to formulate questions and express
thoughts clearly, both orally and in writing
41
DNV GL © 2017
Q&A
42
DNV GL © 2017
SAFER, SMARTER, GREENER
www.dnvgl.com
Dr Colin Morgan
+44 (0) 7808 880784
43