Would you like to know a secret? If you select a supplier and for some reason they do not perform as you need them to, then you are accountable! Well, no surprise there really. But think of the damage to your reputation if it is serious. Think of the number of hours it would take to resolve the issues. Think of the potential costs; and so, it is worth putting some preventive measures in to optimise supplier performance.
So, what do the ISO Standards say about auditing suppliers? Well you need to look at their wording very carefully…
ISO 9001:2015:
(the quality management standard) for instance, does not use the term auditing with regards to suppliers, only the terms “monitoring” and “evaluating” with a view to ensuring conformity of products and services. This can evolve into an audit of sorts, even if you are simply checking goods in versus agreed specifications.
ISO 27001:2013:
(the information security management standard) is more prescriptive: “organizations shall regularly monitor, review and audit supplier delivery”; note the use of the word “delivery”; there are possible options here to conduct audits from the desktop, for instance monitoring the activities of a cloud computing company.
ISO 14001:2015:
(the environmental management standard) simply says “ensure that outsourced processes are controlled or influenced” and uses the term “life cycle perspective” to ensure there is environmental thinking right across the supply chain.
But let’s put standards aside for a minute and think about risk (which is what ISO management system standards preach anyway). If a supplier “messes up” (for whatever reason) what are the potential consequences for your company? It would make sense for actions to be proportionate to the risk involved. It is also useful to examine the reasons for a supplier not doing what they are supposed to be doing. Was the communication unclear on your side? Was the wrong supplier selected for the job? Are they resentful of the terms? Or are the issues not serious enough to be concerned over.
Considering impact and likelihood is highly recommended as this can lead to the right actions for the right supplier being implemented. Service Level Agreements (SLAs) are common-place but beware: a supplier may sign to state that they do something, but they may not actually be doing it. It has been known…