, , ,

spanish python

A few weeks ago the BBC documentary programme, Panorama, published a programme containing allegations about Apple’s supply chain. http://www.bbc.co.uk/programmes/b04vs348 Not really news I hear you say? Apple has long been accused of having poor supply chain practices, ranging from poor workers’ rights through to poor environmental or social records.

The Panorama programme, in case you missed it, made allegations that despite the public commitment of Apple to clean up its act, it actually had not done so. In particular it alleged that one of its supplier factories in China worked its workers such that they slept on the production line. Also that tin got into its supply chain from child and illegal mine practices in Asia.

Now it is not for me to form a view on these allegations. I am sure there are others who are closer to this than me and who know the industry better. Apple of course can afford to do better, but also attracts disproportionate criticism in a way that other companies do not. So I suspect the allegation probably has a truth somewhere between the two extreme views.

What interested me, as an auditor however, was why the auditing practices put in place by Apple had not seemed to address the problem. The supplier’s factory in particular talked about having forms for ‘Apple’s auditors to review’. With staff being forced to sign forms as a proxy for accepting a briefing or for their assent to signing away their employment rights. Why did Apple’s auditors accept this and not challenge it?

This reminded me of when I was a junior auditor working in a professional services firm. We used to audit further education colleges in the UK. There was a scandal that a college had made up what was called ‘franchise’ or ‘community provision’ – that was courses that were delivered by commercial partners, charities or businesses in the community to bring education to hard-to-reach students.

My firm led in the provision of spot checks. These were short visits of up to one hour and they would be unannounced. The idea being that you would verify a sample of activity and prove, or not, their existence.

As a junior auditor, it was my task to do these. It was a chore. Driving to out of the way places. We had a big checklist and we had to check the register and the registration data held by the college. There was a mathematical sampling formula that set out the number of spot checks to be done and the partners that should be visited.

I learned a lot from these. First it built up my social skills. As a rather sheltered graduate from a middle class background, it was a shock to wonder into crisp or sandwich factories and speak to adult learners (by the way I would not buy a cheap shop-made sandwich even now! – nor eat a cheap sausage roll from a bakery – but’s that’s a different audit story).

It also taught me to open my eyes. It taught me to think beyond the checklist, beyond the story being told to me. Even now I look for cars in the car park. The language used by interviewees. What they are wearing (my current colleagues notice my observation skills). In one place the small ‘learning shop’ located in a small rural shopping centre seemed okay. It had a small room, two computers, a member of staff, college brochures etc. Yet, when I got back to the office and asked about the total enrolments for the year, I was told a number that could not have been serviced by the small shop I saw.

I learned that tidy records meant higher, not lower, fraud risk. I learned to be critical and testing of clients. I learned to, politely, bring people back to the points I was asking (otherwise the 45 minutes allowed for the spot check could drag on for hours). I learned to interview diverse types of people, those outside of my professional auditor experience.

The real point of all of this is that it is perfectly possible to audit and tick boxes. Don’t get me wrong, sometimes spot check visits felt like they were ticking boxes, not adding value. But audit around the checklist. Join up the dots. Aim for the higher skills marks, and they can become powerful vehicles.

In my current role it is difficult, as it is in most organisations, to oversee supplier risk. To know how far down your supply chain reputational risk extends is tough to decide. the big lesson for me though, and perhaps for Apple post Panorama, is to throw away the forms and the checklist auditing, and to send good quality, critical and intelligent experienced auditors to do spot checks – preferably unannounced.

This is the type of auditing I love. Noticing the detail. Really challenging the consistency across different data sets. And yes – it is a uniquely audit skill. For management are often too naive or trusting, in a way that we auditors (and me from my spot checks many years previously) are not.

How challenging are you of your supply chain?