2-D-4 Analyze and resolve issues raised in supply management audit reports

How well is the supply management department really doing? How well are its processes really working? Is the organization consistently following procedures? How do you know? The answers to these questions are normally acquired through an audit, in which objective evidence is gathered. An audit is more than a compilation of opinions. It is a structured process to ascertain whether an organization, process or product meets an agreed upon standard. Reasons for undergoing an audit include:

• Prevention of mistakes and problems.

• Gauging system and process efficiency and effectiveness. How do the policies work in practice? Repetitive or contradictory practices are easily identified through an audit. The supply management process may meet every organization policy, rule and procedure, and still may be seriously flawed.

• A regulatory or industry compliance requirement.

An audit usually gauges compliance with a given standard. Without a standard, a review exercise is not auditing, but rather investigating. Sample standards could include organizational policies, organizational procedures, contract requirements, regulatory requirements and ISO requirements. There are many standards that an organization is required to meet. There are several types of auditors:

• Internal-An audit conducted by auditors who are employed by the organization being audited, but who have no vested interest in the audit results of the area being audited. If a supply management department is being audited, it may be audited by a team from another department. Advantages of an internal audit include ease of scheduling, flexibility and the auditors already have an understanding of the organization. Disadvantages include difficulty in finding qualified auditors with technical or audit expertise, and the audit report may not be taken seriously, depending on the reputation of the auditors. The audit report may be submitted to designated management, the board of directors or both.

• External-This type of audit is performed when an organization hires an outside auditor to audit the organization. An external auditor will probably conduct a preliminary interview to determine the audit scope and probably request a current organization chart, copies of procedures and any special requirements. Depending on the scope of the audit, it is common for the auditor to request a list of key suppliers or internal customers. Advantages of external audits are that the auditors are trained in the function, the audit report is more likely to be taken seriously, and the auditor has no vested interest in the outcome. A disadvantage is the cost and time to educate the auditors about the organization.

• Self-inspection - Self-inspection is the process of using an auditor who has a vested interest in the audit, hence the term "inspection" versus "audit." A supply management department can be audited by individuals from that department Self-inspection can be a valuable tool, however, it can be biased.

1) Typical types of audits (for example, ISO, GAAP; SOX)

• ISO (International Organization for Standardization) -An ISO audit is conducted by external third-party auditors. This normally happens when an organization is first certified, and then reoccurs on a schedule of once every six to nine months. However, the ISO standards require that an organization have an internal auditing and corrective action program.

• GAAP (Generally Accepted Accounting Principles) -A widely accepted set of rules, conventions, standards and procedures for reporting financial information, as established by the U.S. Financial Accounting Standards Board (FASB). (ISM Glossary, 2006.) The International Financial Report Standards (IFRS) are standards and interpretations adopted by the International Accounting Standards Board (IASB). There is some pressure on countries for the international harmonization of accounting standards. The European Union adopted the IFRS standards in 2005.

• Sarbanes-Oxley (SOX) -The Sarbanes-Oxley Act of 2002, commonly called SOX, regulates the accounting profession and imposes extensive reporting requirements on all publicly-traded corporation in the United States. The law requires internal financial controls to provide assurance of the reliability .of financial reporting and preparation of financial statements. (ISM Glossary, 2006.) Supply management plays an important role in maintaining compliance with SOX provisions. Many governments worldwide have implemented or will be implementing Sarbanes-Oxley type regulations. See Tasks 1-B-4 and 3-B-5 for further information.

2) Measurement of change initiatives

One function of an audit is to document the effects of changes in supply management processes, policies, procedures or organization. The final step in that process is to periodically review outcomes using the measurement criteria defined in the process. Thus, the supply management audit may be used to evaluate the outcomes of previous changes.

3) Validation of current policies, procedures, work instructions and forms

The purpose •of an audit could be as narrow as verifying that complete purchase orders are filed correctly, or as broad as an ISO 9000 systems audit. The purpose of the audit will also determine the resources required for the audit. Some other possible purposes include:

• Are proper monetary limits being adhered to?

• Are the appropriate personnel conducting transactions?

• Are suppliers' references and performance records being checked?

• Are supply management professionals responding in a timely fashion to internal customer inquiries?

• How often does the item received match the one ordered (with the standard being the contract or PO)?

• Are items that have not been received followed up on?

• Are competition requirements being met?

• For larger projects, how good is the forecast? How close was the actual price to the budgeted number?

• Is the organization using prompt payment discounts, if it is the organization's policy?

• Are the best transportation methods consistently being used?

• How do contract administrators gauge that contract requirements are being met? Are they accurately keeping payment records?

• Is receiving conducting incoming inspections for key components?

• Is technology used to its fullest advantage?

• Is supply management providing internal customers with appropriate information regarding new products, services and suppliers?

4) Corrective action process

The audit report presents findings (conclusions) based on observations. Audit reports are representations of fact. There should be no mention of blame, and the focus of the report should be on the audit standard. The number of findings varies with each audit. There should not be any surprises from the draft audit report presented in the closing meeting.

Even in award winning organizations, there are normally areas in need of improvement. Internal auditors and regulatory auditors normally require a plan that outlines what steps are going to be taken to. address audit findings. The corrective action required will vary depending on the magnitude and root cause of the problem. In general, the process will include establishing time frames for improvement, prioritizing the steps in the improvement plan, and conducting cost/benefit analysis to determine the appropriate level of resources to allocate to the corrective action plan implementation.

A) Establishment of time frames - Once a problem area is identified, it is necessary to establish time frames for corrective action. This may take the form of a final due date, along with milestones and time frames leading up to full implementation of the corrective action. The supply management professional must be clear about the purpose of the corrective action. In some cases, the first step may be to take the time to determine the root cause of the problem and then to develop an action plan for dealing with the root cause. In other cases, interim measures may be taken to deal with symptoms of the real problem, while a plan is developed for identifying the root cause.

B) Prioritization -Whatever the process, prioritizing the steps in the implementation plan is critical. This process should include an understanding of the resources needed for the action and their availability.

C) Cost/benefit analysis - Corrective action must be cost effective, given the expected benefits if the action is undertaken. A comparison of resources (people, time, equipment, money, etc.) and availability to the expected value (quantified in some way) should be performed. An ability to quantify the value of the benefits achieved is paramount. In most process improvements, this benefit is in the form of saving time. One of the most commonly used methods of quantifying savings is through activity based cost analysis.

5) Audit- schedules and reports The auditor's report is a formal opinion or disclaimer issued by the internal auditor or an independent external auditor as a result of an internal, external or self-:-inspection examination. The report is provided to ~he group that requested the audit whether that is the organization's board of directors or the supply management department's senior leadership. Depending on the type of audit, the schedules included will vary. A financial audit will include various financial statements and accompanying notes.