3 ways Walmart can improve its labor and human rights auditing
3 ways Walmart can improve its labor and human rights auditing
A few months back, someone sent me an article from Forbes that repeated a story I’ve heard a lot recently, and which sets a self-celebratory scene among the 14,000 people at Walmart’s annual shareholder meeting.
It discusses one of five resolutions filed there by an activist shareholder in response to the tragedy in Bangladesh. Some 1,100 workers died there in the collapse of a factory where a supplier, Tazreen, produced garments for brands including Walmart.
The proxy predictably failed. However, supporting comments by Kalpona Akter, a former factory worker flown to the meeting by the shareholder activists included this:
“Now Walmart executives have stated the repairs needed to make our factories safe are too expensive, yet the costs would be just two tenths of 1 percent of the company’s profit last year, and just 1 percent of the dividends paid out last year to the Walton family heirs.”
The message was a powerful reminder to Walmart of the continuing reputational vulnerability it faces throughout its supply chain. But while there are plenty of blog column inches dedicated to why a company like Walmart should do something about the Tazreen tragedy, the practical advice on how it can be done is smaller.
In auditing terms, Rana Plaza was a non-conformity, symptomatic of a systemic failure. In other words, it happens because the current model of procurement and compliance auditing needs improvement.
So, if I had access to Walmart’s 1-percent of dividends as proposed, what would be my wish list for auditor empowerment and improvement? What would make my job, as Walmart’s hypothetical supply chain program manager, more effective?
1. Dynamic Auditing
Dynamic Auditing is my approach to linking the auditor to systems and tools that will ensure the most targeted and effective audits. Through Dynamic Auditing, auditor deployment will be based more specifically on competence enhancement, matching the core skills of the auditor to site-by-site risk and real-time supplier risk analysis. Some of the key aspects of dynamic auditing include:
• Auditor competence: Building on competence and knowledge management, auditor training, qualifications, supporting tools and conduct will need overhauling. Auditors will need to be the principal source of identifying relevant risks and their solutions, not just through experience and professional judgments, but also through documented cases to illustrate underlying and associated risks and their corrective actions. Auditors will have a more constructive, less compliance-based, role in supporting suppliers through knowledge transfer.
• Matching core skills to risk: Historical and forecasted risk exposure will determine the auditor team selection and planning. Auditors will be prompted to prepare for emerging risks in advance by following local and regional trends. Once a region reports a pre-defined threshold of non-conformities, auditors can be prompted to undertake training.
• Real-time risk analysis: The on-site audit is always going to be a snapshot of compliance, regardless of the professed systems commitment from the supplier. Anything that captures risk between site audits will only help to prevent these occurring in between the audits. Inputs to real-time risk analysis can be derived from various sources such as worker feedback monitoring, health and safety incident reporting or tracking of working hours can be preventative and, if adequately communicated and implemented, empower suppliers.
2. Supplier empowerment
Supplier empowerment is essential for sustaining behavioral change and continuous improvement, such as where this a way there is a will. Traditionally empowerment has been about providing supplier training, but even in the apparel industry there remains a reluctance to allow suppliers to pool resources or collaborate. Here I see a greater role for the auditor:
• On-the-ground Support: The value of the auditor is largely wasted if not used to support suppliers in managing risks. This is not about consulting for the same suppliers that are audited. This is about allowing the supplier to learn from the auditor about relevant management skills such as evidence seeking and systems testing, root cause analysis, behavior-based change management and even embedding with suppliers an appreciation of what drives their customers to manage these issues.
Some of the work we are asked to do at Two Tomorrows includes supplier mapping, largely driven by conflict minerals regulation in the electronics industry. In all the cases I know, this exercise has provided us and our clients with unexpected risks and solutions. What remains even more surprising is the fact that there has been no clear solution to the common complaint that supplier fragmentation and opacity allows for shadow factories and the use of unknown sub-suppliers.
• Increase focus on supplier management: The supplier’s ability to manage its own supply chain risks is a common component of auditing schemes. An auditor is challenged by the natural reluctance of suppliers to expose their cost base, their production capacity and business model. But auditors also need to be much more capable of assessing the risk of subcontracting orders through production capacity analysis, including cross-checking compensation schemes with working hours; cross-checking material reception with deliveries; and cross-checking worker numbers with shift patterns. When shadow factories are revealed, the level of risk should be defined as a trigger in audit schemes to allow the auditor to insist on the need for further site visits.
In the last few months there has been considerable criticism of the brands and retailers that ultimately have the responsibility of assuring the consumers and wider stakeholders. There has also been equal criticism of the auditors themselves, and the certification bodies they work for. Following the Ali Industries fire in Karachi in 2012, there was considerable surprise among commentators that the certification body (CB) that had audited Ali Industries (RINA, the Italian registrar) to the SA8000 standard was entirely reliant on the use of sub-contracted auditors in Pakistan and did not even have a directly-employed, qualified auditor in the country. RINA’s subcontractor (RI&CA) was furthermore driven by a Pakistani subsidy program awarding $4,100 per audit once the certification has been issued. This creates a motivator for the auditors to award certificates, and lower the barrier to compliance.
In my opinion, this criticism is misplaced. Possibly because of a misunderstanding of the certification or auditing market. It is more lucrative for auditors or their CBs to seek long ongoing engagements rather than a quick issuance of a certificate. Given the administrative costs, increased auditor days are the principal motivator rather than the number of audits given their administrative costs. In other words, CBs value quality rather than quantity. Therefore, seeking to blame the auditing industry is misguided. Instead we should be looking at engagements where the buyer will allow auditors to feel confident in the assurance they are providing. Whether this is through scope adjustment, or dynamic auditing as described above, we as auditors should never be incentivized to issue certificates as a cookie-cutter model. Neither should we be incentivized to sub-contract entire operations if we lack the structure and controls for doing so.
As a final word, the preponderance of industry codes of conduct that are industry-dependent and do not involve established certification bodies in their development is worrying. Despite claims of multi-stakeholder involvement in their development and implementation, increasingly we are seeing industry-specific codes and standards that are clearly lacking in input from CBs. Once a standard and its intent is defined, I recommend that a seasoned auditor perspective be sought in order to determine and define criteria for “auditability” (what approach to take, how to seek evidence) or propose new areas to cross-check.