DNV GL © 2017 SAFER, SMARTER, GREENERDNV GL © 20171

Conducting and Closing Responsible Sourcing Type Audits

AIM Progress – Dubai – 23rd March 2017

Dr Colin Morgan, Principal Consultant, DNV GL

DNV GL © 2017

Agenda

2

DNV GL © 2017

Introduction

3

DNV GL © 2017

Your Presenter

4

Dr Colin Morgan, Principal Consultant, DNV GL

13 Years in Sustainability Roles

Worked Extensively Across a Range of Sectors Globally

Specialism in Social Audits / Assessments / MSA

Key Areas – Value Chain, Modern Slavery, Report Assurance, SDGs

Please Contact Me…

Mobile +44 (0) 7808 880784

Email c.morgan@dnvgl.com

LinkedIn https://uk.linkedin.com/in/colinwmorgan

DNV GL © 2017

About DNV GL

DNV GL’s core competence is to identify, assess, and advise on how to effectively manage risk. Our independence and integrity are our main strengths. We have a global presence and a network of over 300 offices in 100 different countries.

Our Purpose

To safeguard life, property, and the environment

Our Vision

Global impact for a safe and sustainable future

Our Values

• We build trust and confidence

• We never compromise on quality or integrity

• We are committed to teamwork and innovation

• We care for our customers and each other

• We embrace change and deliver results

16,000Professionals

100Countries

300+Offices globally

£1.79 bn2014 revenues

1864Year founded

OsloHead office

1864Year founded

5

DNV GL © 2017

DNV GL © 2017

Preparing for the Audit

7

DNV GL © 20178

DNV GL © 2017

The Responsible Sourcing AuditFirst, Understand What the Audit is Based On

1. Auditors are the eyes and the ears of someone not

present at the audit

2. Responsible sourcing supply chain audits serve two

customers: the audited company (supplier) and the audit

requestor (buyer) – usually a supplier pays for 1 audit,

the buyer can commission thousands

3. Client-specific audits are regulated by client own

requirements and auditors are bound by these

4. The audit has clear objectives and the auditor has to

follow a set audit and sampling framework but can be

flexible in the structure of the day

5. A good audit is not enough, a good report is equally

important and above all the audit simply records the

underlying systems and information – above all – the

audit seeks to verify what you are doing over the long

term

6. The audit is intended to understand the level of

integration of your systems and to assess the level of risk

you expose yourselves and your customer to

9

Our experience means…we have seen it all

We know the devil is always in the detail

DNV GL © 2017

A Typical Social / Responsible Sourcing Audit

10

HEALTH & SAFETY

1. Health & Safety

Management System

2. Health & Safety Training

3. Emergency & Fire Safety

4. Machinery & Site Vehicles

5. Hazardous Materials

6. Worker Health

7. Housekeeping & Hygiene

ENVIRONMENT

1. Environmental

Management System

2. Waste

3. Natural Resources

Management: Raw

Materials & Water

4. Pollution & Emissions

5. Energy & Climate

6. Biodiversity

7. Supplier Sourcing

LABOUR

1. Labour Management

System

2. Freely Chosen Employment

3. Freedom of Association and

Collective Bargaining

4. Accommodation

5. Child Labour and Young

Workers

6. Wages

7. Working Hours

8. Discrimination

9. Regular Employment

10.Discipline & Grievance

LAND RIGHTS

1. Land Rights of

communities and

indigenous people

BUSINESS ETHICS

1. Business Ethics

Management System

2. Anti-Corruption

DNV GL © 2017

Audit Overview

11

DNV GL © 2017

Preparing : Understanding - Overview of the Audit Cycle

12

DNV GL © 2017

Code of Conducts

Code of Conducts / supplier audits are

typically based on:

A. Standards and International norms

B. Internal ethics values

C. International Conventions

Code of Conducts therefore comprise a mix

of elements and ultimately result in a mixed

set of requirements drawn from different

resources

13

DNV GL © 2017

Preparing

First principle is that you, as the nominated supplier:

– Consent to the audit

– Agree access to the auditor

– Benefit from the audit

– Can prepare fully to ensure a good audit and good audit result

– Can demonstrate that you have a conforming approach to requirements

Second principle is that the auditor:

– Is objective and impartial

– Will not take any information from the site / treats information confidentially

– Will treat you and your team with courtesy and professionalism

– Cares that you do well on the audit

– Appreciates that your commercial relationship is valuable

– Wants you to have a good experience

– Has phenomenal levels of experience to bring of social audits

– Wants to help you by ensuring you understand the requirements

– Won’t surprise you at the end of the audit

14

DNV GL © 2017

Preparing

15

SA8000

GUIDANCE

DOCUMENTLink:

http://www.sa-

intl.org/index.cfm?f

useaction=Page.Vi

ewPage&pageId=1

463

SEDEX

SUPPLIER

WORKBOOKLink:http://www.sede

xglobal.com/res

ources/supplier-

workbook/

SMETA BEST

PRACTICE

GUIDANCELink:http://www.sedexglobal.com

/wp-

content/uploads/2014/11/1a

.-Publicly-available-SMETA-

Best-Practice-Guidance-4-

Pillar-5.0.pdf

WORLD BANK

DATABASE

Link:http://www.doingbusiness.

org/data/exploretopics/lab

or-market-

regulation#difficultyHiring

LABOUR STANDARDS AND CODES OF CONDUCT

LOCAL LAW

ECOLEX

Link:http://www.ecolex.org/ecolex/l

edge/view/Legislation;DIDPF

DSIjsessionid=D36ED530F8A

657D97E8C4CB9D996B3BB

SMETA

MEASUREMENT

CRITERIALink:http://www.sedexglobal.com

/wp-

content/uploads/2014/11/1b

.-Publicly-availablity-

SMETA-Measurement-

Criteria-4-Pillar-5.0.pdf

DNV GL © 2017

Preparing – 9 Point ETI Base Code – Self Assessment

16

DNV GL © 2017

Audit Preparation

Company/site to be audited should get prepared and be made aware

about the audit process - auditor should send and confirm at least:

– Audit plan (agenda)

– Agreed scope of the audit (e.g. sites / buildings)

– Requirements to be used for the audit (e.g. Code or standard)

– Documentation that needs to be available during the audit

– Key people to be available on the day of the audit

– Arrangements for employee interviews

– Confidentiality / data protection information

Sometimes, confusion can happen!

– Company has set up all necessary logistics and authorisations

– There are no language barriers with management and workers

– No misunderstanding on scope, criteria or purpose of the audit

17

DNV GL © 2017

Triangulation Method – Verifying from Different Sources Observation, Document Reviews, InterviewsWe Are Not There to State You Are Not Compliant…

18

Opening Meeting

“Continuous” Interviews,

Examination of Facts,

Validation

Policy Reviews

Site Walk

Documentary Evidence

Reviews e.g. Effectiveness of

Systems…e.g. You Do

Training, But How Do You

Know Effective

Confidential

Worker Interviews

Selected by Auditor

Policy Reviews

Procedure, Process Checking

Record Checking

Audit Team Discussion

Auditor Reflections

Fact Checking

DNV GL © 2017

Audit Structure – What We Will Do

19

Opening Meeting● Introduce audit team to management and workers’ reps ● Ensure that management is clear about the audit process, scope,

criteria and purpose● Held in a language understood by the management● Confirm availability of required documents and to take photos● Explain confidentiality and privacy protection measures ● Explain conclusion and follow up to audit

Site tour

● Visit and freely investigate all areas● Visual inspection of safety aspects and general working conditions● Identify potential vulnerable groups of workers● Hold unstructured conversation with management and workers● Seek site-based evidence to support findings● Observe management systems and practices● Take photographs with permission of management

● Individual or group worker interviews on compliance issues ● In the worker’s own language● Uncover hidden issues such as discrimination or intimidation● Cross check with management declarations and company records

Worker

Interviews

Management

Interviews

● Management interview e.g. HR manager, HSE ● Interview for Business Practices e.g. Sales Manager

DNV GL © 2017

Audit Structure – What We Will Do

20

Closing Meeting

● Inform and agree with site management of findings● Clarify any outstanding issues or questions● Agree suggested CAPR● Dispute of findings (manager is able to reject a non

compliance)● Include all those attending at the opening-meeting● Relevant findings are presented but protect confidentiality● Immediate correction of non-compliances (still noted in the

Report)● View findings in positive and constructive manner● Conclusion of the audit

● A meeting between auditors aimed at consolidating all the findings (supported by objective evidence)

● Review and discuss the evidence presented● Determine the compliance status of each finding● Make copies of useful supporting documents

Documentation

Review

● Written policies and procedures● Company documents and records including collective

bargaining agreements, permits, licences, insurance etc. ● Sample individual worker documents and records including

payroll, employment contracts, hours worked, other personnel records, grievances, disciplinary, training etc.

● Health & Safety and Environmental related documents● Business Practices related documents

Pre - Closing

Meeting

DNV GL © 2017

Audit Preparation - Key People to be Available

21

Senior management representative

Human Resources Manager

Health & Safety Manager

other managers or key individuals identified by the site as the persons responsible for demonstrating compliance on relevant audit areas (for example Environment or Business Ethics)

union and/or worker representatives

in case of subcontractors operating on-site, reference management of the subcontracted company

DNV GL © 2017

Documentation Review and Sampling

All documentation requested in the audit plan should be available on-

site for inspection on the day of the audit

If requested documentation is unreasonably absent during the audit,

this may normally be regarded as a Non-Conformance

We usually review documents from a period of 12 months prior to

the audit and to select at least 3 months’ of records from this set of

data (especially for wages and working hours) and for good practice

we may include records for peak season, low season, holiday periods

and most recent period available – they all need to be in good order

The records for the workers who have taken part in individual

interviews may be checked and we will ask their permission – but we

will never specify who said what when we report back

We will pay special attention to records of local inspections by

government organisations (e.g. business licenses, checks by fire

department or structural safety checks)

22

DNV GL © 2017

Audit Preparation - Typical Documents to be Made Available

23

Facility floor plan

Applicable laws and regulations

Labour contracts/written employment agreements

Employee handbook (terms and conditions of employment)

Collective Bargaining Agreements (CBA)

A list of all the chemicals and solvents used

Training records

Permits, Operating licences, Certificates of Operations, etc.

Government Inspection Reports, e.g. sanitation, fire safety, structural safety, environmental compliance, etc.

Machinery inspection/service logs

Accident and injury log

Emergency action procedures

Evacuation plan

Time records for the past 12 months

Payroll records for the past 12 months

Piece rate records for the past 12 months (if applicable)

Insurance, tax and other required receipts

Production records

Minutes of joint committees

Previous audit reports & corrective action logs

Any appropriate certifications

Facility polices

DNV GL © 2017

What Auditors Look For

In simple terms, the auditor is looking for conformance to the standard

The standard e.g. SMETA, or your customer’s own protocol e.g. SGP, URSA

The auditor is also looking for

– Demonstration of compliance

– Living and logical systems

– Order

– Maturity of systems

– Level of conformance to your customer’s requirements

– Level of compliance to local law

– Impact on your issues (e.g. on workers)

– Continuous improvement

– Accountability

– Clear, solid data, good data management – e.g. on working hours

– Positive supportive behaviour and good practice

24

DNV GL © 2017

What Auditors Look For – Management Interview Example

Assess management awareness and understanding of their role andresponsibility in meeting the requirements

Review and discuss company’s implementation of policies andprocedures against relevant Code or standard and laws

Request objective evidence of effective implementation and compliance

Dig beneath the surface and challenge initial responses

“Yes.”

“Is potable water

available?”

“Yes, but for how

long?”

“Yes.”

“Is lighting in the

production area

sufficient?”

“Yes, but are all lights

turned on at all

times?”

“Yes.”

“Are workers provided

with protective

equipment?”

“Yes, but are they

capable of using it?”

DNV GL © 2017

What You Can Do to Prepare

Understand your customer’s requirements

– Study them

– Appoint someone in your organisation to undertake an analysis

– If that is you, then thank you for coming!

Undertake an internal audit / gap self-assessment of your current alignment / SAQ

For instance;

– Many challenges currently made by your customers on recruitment practices

– So what are you doing currently to evaluate and manage risk?

– Ask yourself

– what policy do we have on this?

– who is in charge / accountable for this?

– who knows about it in the business?

– what are the risks, how are they managed?

– what policies / procedures do you have?

– what data you have to support this?

– what training and improvement plan?

26

DNV GL © 2017

A Good Audit Means a Good and Effective System is in Place

Actually what the auditor is looking for is

– Evidence that you have a robust system

– That your system is well established

– That the information you have, can be verified from different perspectives

– Also known as triangulation

– Whilst it is important to have a good audit experience

– It is most important that you can demonstrate the system is well embedded

– That the systems are taken seriously

– That the commitment to the system is high

– That you are compliant

27

DNV GL © 201728

EVIDENCE

FACTS

SYTEMS

CONTROLS

SAMPLING

DATA

DNV GL © 201729

SHOW ME

TELL ME

WE ASK LOTS OF

QUESTIONS

DNV GL © 2017

Audit Findings

Non Conformities (or Non Compliances)

An instance where the audited company practices do not meet the audit

criteria or the audited company was unable to demonstrate compliance

Observation (or Opportunity for Improvement)

A practice that does not contravene the audit criteria, but if not corrected,

could lead to Non Compliance

Depending on the type of the audit, it may include situations where insufficient

evidence has been gathered to record a Non Compliance or an isolated lapse is

rectified and verified as corrected before the end of the audit.

Good Practice

A voluntary site practice exceeding the audit requirements

30

CORRECTIVE ACTION

PREVENTIVE ACTION

DNV GL © 2017

Description of the issue

Factual

Precise

Objective

Traceable

Concise

31

Would someone else who was not present at the audit be able to understand what happened and the severity

of the problem, based on what you write?

The Independent Objective Observer Test

What was the issue?

How many people were involved?

When did it occur? How often did it

occur (was it isolated, periodic,

systematic)?

Where did it occur? in which

department or area?

DNV GL © 2017

Audit Criteria

o Every Non Conformance must be raised against an applicable audit

criteria, either from standard, Code or Conduct or relevant legislation

(national/local law)

o Legislation should be used as a default - Code/standard when it’s

stronger than law or when no local law exists

o When raising a Non Conformance against legislation requirement,

adequate information shall be provided over the violated requirement,

for the benefit of the report reviewers and readers

– include full name of the law and reference to section/article number

– copy (or summarise) an extract from the text of law (keeping as short as

possible)

32

DNV GL © 2017

Audit Findings and Conclusions

33

Audit findings result from a process that evaluates audit

evidence and compares it against audit criteria. Findings

identify non-conformities but also identify best practices or

improvement opportunities.

Audit conclusions are drawn by the audit team after the

audit has been completed and after audit findings and audit

objectives have been considered.

DNV GL © 2017

Table Discussions on Challenges

34

DNV GL © 2017

10-15 Minutes Discussion

In your tables, please discuss then raise questions on

– What challenges you have in Health & Safety

– How can you demonstrate you are conforming / compliant

– Have you undertaken a risk assessment – how did you do it

– What do you need to focus on when you get back

– What challenges you have on Working Hours

– Examine what the auditor will find if they visited you today

– Are you conforming / compliant

– What changes do you need to make to ensure you are compliant

– How accurate is your data – cf. Working Hours, Pay, Actual Production

– Are you aware of the international dimensions e.g. Modern Slavery Act 2015?

– Questions, feedback

35

DNV GL © 2017

For Instance – On Working Hour and Overtime

Use a time-keeping system

Set limit for hours worked in a week

Observe overtime compensation

regulations

Mandate days off

Indicate processes for worker overtime / contracts

Ensure that all overtime is voluntary

36

DNV GL © 2017

Closing Out the Audit ResultsCorrective Action Follow-Up

37

DNV GL © 2017

If Auditor Finds This On Arrival – There is An Underlying Problem

38

DNV GL © 2017

Closing Out an Audit’s Findings

At the end of the audit, at the closing meeting, the audit findings will be discussed

The auditor should ensure that you have the opportunity to discuss findings

There will be a discussion about root-causes

So for instance, the picture previous, what is the root-cause here…?

You need to think deeply about why the finding arose and how you can prevent it

39

DNV GL © 2017

Follow-Up Verification to Close Findings

Used to verify progress and clear non-conformances

Must address the fundamental finding raised

Ensure you don’t solve one issue whilst causing another

Ensure the new system / approach is embedded

Tackle the deep-root-causes to ensure does not go back

One of the key concerns of your customers is recidivism

Auditor will either visit site again / or close remotely

The more findings the more likely an onsite follow-up

The auditor will follow the same audit method as initial

Ensure that corrective actions are done in 90 days

Ensure the corrective action is sustainable

Get to a position where you shine for the customer!

40

DNV GL © 2017

Finally…Social Auditors’ Soft Skills

Perceptiveness - ability to grasp the problem quickly but without

jumping to conclusions

Persistence - ability to overcome difficulties and maintain planned

course of action in spite of setbacks

Flexibility - ability to see things from different points of view and

adapt to changing circumstances

Discipline - ability to approach a problem logically and

systematically without prejudices

Sociality - ability to interact effectively with people of different

culture and background

Empathy - ability to understand others’ emotions and feelings

Communication - ability to formulate questions and express

thoughts clearly, both orally and in writing

41

DNV GL © 2017

Q&A

42

DNV GL © 2017

SAFER, SMARTER, GREENER

www.dnvgl.com

Dr Colin Morgan

c.morgan@dnvgl.com

+44 (0) 7808 880784

43