Social compliance audits as a risk assessment tool
As reported in the Guardian, Human Rights Watch and multiple other reports in the past decade, the widespread use of social audits alone in the Fashion sector cannot address potential and actual adverse impacts, remediate abuses, or mitigate risks in global supply chains.
Some reasons for this include:
- Overuse and lack of reliability of information, for example, working hours and wages, especially in contexts where ‘double books’ might be prevalent.
- Auditors who are under-trained and have to work in difficult and sometimes dangerous positions (for example, an assessor who was held captive by a factory until they released notes from worker interviews).
- Widely known issues of fraud and bribery are more likely to be accepted as the system has pushed audit costs to extreme lows, and many auditors are underpaid.
This is compounded by the fear of losing business to other audit firms and suppliers.
- As reported by the New York Times, downstream customers sometimes request that auditors be removed from rotation if they are too good.
- These same customers incentivise factories themselves to have zero non-compliances or lose business. In one instance, many years ago, Luke was asked not to disclose a minor finding because the factory knew the client would disengage immediately if it were in our report. We reported the finding and spoke with the customer to explain it wasn’t a big issue, but unfortunately, they disengaged with the supplier as it was the easier option.
Despite these challenges, audits remain a tool that companies should consider using in the context of a broader, risk-based due diligence approach. That includes risk assessment and stakeholder engagement and focuses on identifying or confirming the root causes of adverse impacts in a systematic way. This relies on understanding two key lessons related to the use of audits:
Key lesson 1 – Auditing judiciously
A blanket audit programme without room for adaptation is bad responsible sourcing practice. Take, for example, the excessive auditing of suppliers in Asia, the Middle East, or Africa while ignoring those in Europe. This is because the risk prioritisation process typically categorises sector risks as lower in Europe.
But, in many cases, we have found that suppliers in “high-risk” regions have a stronger management system because they are constantly under scrutiny. Typical “low-risk” regions, such as Europe or North America, may have less sophisticated systems that can increase the chances of human rights risks.
A common example within the fashion sector includes the recent case in Italy, where luxury bags were identified as being produced by exploited Chinese workers near Milan. Unfortunately, such cases are not isolated to Italy. This enhances the rationale that suppliers should be selected through a rigorous prioritisation process based on the OECD Guidance, not high-level risk assessments.
Key lesson 2 – Having the right intent
Audits are commonly misunderstood as an effective form of risk management in isolation, sitting within steps 3/4 of the OECD Framework. However, they are ineffective in monitoring supply chain conditions because they represent a “snapshot in time” based on a fixed list of criteria.
Their primary function ought to firmly be within Step 2 (identify actual and potential harms in the enterprise’s own operations and in its supply chain). Ultimately, this means using audits to boost risk assessments that allows for more detailed implemented approaches to risk management.
In addition, companies should complement audits with a range of tools from desk-based research and reviews, and supplier and stakeholder engagement, to focused, risk-based assessments.
This ensures that any site-based assessments, such as audits, can be more focused on known risk areas, reducing the need to assess a range of issues.
For example, suppliers in some jurisdictions in Asia routinely exceed their legal working hours and are more likely to commit fraud. By taking this into account when planning due diligence activities, site assessments and audits can be more targeted at known risks, meaning a more efficient use of resources and better risk management.
This is also why audits should focus on root causes rather than just the problem identified. Any teams related to audits should know and implement an approach such as the “5 whys” or other simple tools.
Conclusion – changing approaches will save time and money and build confidence and trust in the supply chain
It takes a brave company to break with the industry norm. These concepts must be understood and implemented in the modern regulatory environment, and EUCS3D will also expect them.
If you’re tired of seeing the same reports and non-conformances yearly, changing your approach and accurately reflecting the OECD approach will make a huge impact. This will reduce time and resources and build confidence and trust in your supply chain. Remember to work with your suppliers rather than just scrutinising them, as it builds a better relationship and can ultimately improve workers’ lives and lead to improvements in risk exposure and compliance.