Gerard Pearce03.20.09
Supply Chain: Protecting the Global Supply Chain Through an Effective Audit Program
Gerard PearceSupplier audits are a critical component of ensuring the integrity of the supply chain. However, evolving supply chains are outpacing traditional audit program methods. Today, effective supplier audit programs require a fresh look at the people, processes and technology involved.
Looking at all of the FDA warning letters for 2008, medical device manufacturers still struggle with supplier controls, with nearly one in five highlighting deficiencies in this area. In hundreds of discussions with major healthcare manufacturers and their suppliers, this arose as a constant cause for concern on both sides. A good supplier audit program is the cornerstone of supply chain integrity. By acknowledging and addressing the challenges of an effective supplier audit program, companies can improve their supplier controls, while improving quality and supplier relations and reducing costs and risk.
From an external complexity standpoint, almost all companies reported an increasingly global supply chain. Auditing from a world away comes with a new set of challenges. In addition to reducing the availability of the audit team through increased travel, cultural and language differences have an impact on the final result and follow-up actions. A “local knowledge factor” can be particularly important when exploring risks such as intellectual property loss and counterfeiting.
Companies are aware of the need to control supplier numbers. However, growth of the supplier base over time and changes on the supplier side (name, location, etc.) make this increasingly difficult—especially when managing thousands of suppliers. In some cases, companies are unable to give a fair estimate of the number of their suppliers. An increasing amount of the audit team’s time is devoted to determining if suppliers are still an active part of the supply chain.
With a more diverse supply chain comes a greater risk, and reducing that risk in the supply chain means increasing the number, frequency, and duration of audits performed. Even without increasing the scope of the audit function, the natural growth and diversification of the supplier base will outpace the structure and resources of a static supplier audit program.
Companies also must deal with internal complexity, in which multiple divisions spawn supplier quality “islands” that operate in functional and data isolation. The supplier quality structure reflects the organizational structure. This leads to isolated pockets of activity that are neither standardized nor coordinated. Poor visibility between these business areas causes duplication and redundancy between supplier audit programs—not to mention frustration for suppliers.
Companies that are successful in overcoming these challenges are focusing less on the actual auditing (although this is still critical) and more on the infrastructure and process involved.
Program Foundations
An effective supplier audit program must be built on a strong, yet versatile, found-ation. This foundation comprises solid team structure, process definition, tools, data systems, and standardization will help the audit program keep up with the supply base.
The team structure for an audit program must include resources for management and coordination. Many audit programs consist of groups of supplier quality engineers that audit part time, against a general supplier list. While this may be appropriate in “for cause” audits, it is inefficient for a widespread supplier audit program. The audit program team should include dedicated resources for overall management, program tools, supplier verification, scheduling, document control,
results verification and corrective action follow-up. Not all of these roles require senior quality management expertise, and an increase in the number of team members will be more than offset by the time saved in administrative activity.
Auditors need to be local, or at least regional to the supply base. As mentioned above, audits that begin from 10,000 miles away are inefficient due to travel time and potential cultural and language differences. At the very least, a local contact to accompany a non-local auditor is highly recommended.
To maximize effectiveness and minimize redundancy, the supplier audit process should be defined, consolidated and standardized across the organization. This also applies to the various tools used in the process—not just the audit checklist. Standard items, such as supplier letters, auditor training, sample audits and corrective actions, frequently asked questions and contact details should be controlled and made available to all stakeholders.
Fast access to better supplier data is critical to eliminating wasted time. At the very least, the supplier audit program should be based on a data system that maintains the status and results of the supplier audit program—and makes this data available to all stakeholders. Ideally, the system will not simply be a repository for results, but integrate with supplier ERP data and automate many of the administrative aspects of the program (notifications, reminders, monitoring of due dates, etc.)
Effective Execution
The constantly moving parts of an effective supplier audit program must be monitored, managed and acted upon by the program team. Prioritization, resource management and measurement of the process help maximize the output of every audit event.
Typically, supplier audits are prioritized based on criticality of the supplier. More critical or strategic suppliers warrant a more in-depth audit using key program personnel.; less critical, less strategic suppliers may warrant a more high-level audit with non-program-core or even third-party audit resources. By managing resources in this way, key program personnel are optimized, while the overall program volume may be managed evenly throughout the year (rather than a flurry of activity at the end).
Aside from the audit itself, there are many behind-the-scenes aspects of the program that ensure consistent results, including a fine-tuned, closed-loop process and visibility for stakeholders throughout the organization.
First, the verification of a supplier audit can yield several benefits, including updating contact/location details, determining if the supplier is still active and determining if a current audit for that supplier already exists. Having a resource dedicated to coordinating schedules of suppliers and auditors (rather than having auditors do it themselves) saves time and results in audits being scheduled and conducted sooner. Applying a “content management” or validation function against every audit will help maintain consistency and improve audit team performance. By splitting the corrective action process between monitoring/follow-up and actual technical approval, it is possible to close the loop faster and cheaper than if a senior quality resource were to handle it all—even better if the monitoring/follow-up process can be automated. Throughout the execution of an audit, “event” stakeholders across the company should have visibility into its status and results via the program’s data system. Ideally, these stakeholders receive an automated e-mail as each event passes through a stage in the process.
Companies with more effective supplier audit programs are focused on making the most out of each audit; they want to do more than just satisfy the requirements of ISO 13485. Additional areas of focus include overall capability and capacity, financial stability, sub-tier suppliers, counterfeit risk and social and environmental accountability.
Lastly, the effective execution of the process cannot be gauged until it is measured. This allows for improvement and fine-tuning. Some examples of program measures include number of on-time audits, average audit report turnaround time, average time for corrective action closure and average number of overdue corrective actions. These measures greatly enhance the resource planning and management aspect of the program.
Adapting to the Environment
One of the greatest challenges of an effective audit program is the changing supplier environment. In order to prevent the program from falling behind the supply chain, companies should explore ways to “stack” audit events with additional supplier insights, balance key resources through effective use of third parties, automate laborious manual processes and improve the process by learning from meaningful data.
Each of these initiatives is an extension of the effective execution of the program. Learning more about suppliers will help keep the supplier base in check by taking a “use, improve or lose” action as a result of the audit. With dedicated scheduling and coordination resources, program resources can be utilized more efficiently, and supplemental resources (internal and external) can be used for exceptions and less critical audits. Automation and information go hand in hand and emphasize the need for an effective data system that provides visibility and control to stakeholders in multiple parts of the organization. The new global standard for supplier audit programs is an agile, multi-faceted model that comprises a disciplined process, optimized key resources, versatile tools and complete stakeholder visibility.
This results in greater supply chain integrity and improvement—the goal being, in the words of Thomas Huxley, an English biologist in the 1800s,“not knowledge but action.”