Companies must frequently assess their supply chains and their ability to detect and deal with fraudulent activity. Unfortunately, many businesses lack the people and budget to conduct sweeping reviews. If your company is constrained by limited resources, consider conducting a targeted risk assessment that focuses only on those changes that have occurred during the pandemic.
Although a targeted assessment isn’t a substitute for an all-encompassing supply chain review, it can help prevent certain threats from resulting in financial pain. Here’s a step-by-step guide to conducting a targeted risk assessment of your company’s supply chain.
1. Evaluate changes in the operating landscape
Both individual companies and the larger marketplace changed due to the pandemic. Although some of those changes were readily apparent, such as consumers no longer shopping in person in non-essential retail stores, other changes weren’t as initially apparent.
Any change in how your business operates can create risk, especially if it occurs quickly and doesn’t adhere to your company’s policies and procedures. For example, your company might have engaged new suppliers in response to the pandemic and, because of supply shortages or a need to make a quick decision, not vetted them according to policy. If this is the case with your business, backtrack now and apply your ordinary vetting.
2. Study your current vendor list
Combatting crime requires a detailed understanding of your company’s defenses and their ability to mitigate risk. For example, if you had to engage additional vendors to meet surging demand in your essential business’s products, revisit those decisions and their impact on overall risk.
Address these questions:
• Who was responsible for finding the vendors, and did that person subject them to the appropriate level of due diligence, including rigorous background checks of the company’s principals?
• Were exceptions resolved appropriately?
• Should you replace any of these vendors now that you have more time to find and screen them?
3. Ask employees for their input
Employees often are the first to spot criminal activity in supply chains. During your targeted review of vendors, ask employees, as well as third parties, to share any suspicions and areas for improvement. If you haven’t done so already, consider establishing an anonymous reporting hotline or online reporting mechanism. By doing so, you’ll enable workers and other stakeholders with concerns about fraud to voice them without fear of retaliation.
4. Document and address gaps in the control environment
Once you’ve scrutinized new suppliers and gathered employee feedback, document potential control weaknesses. This requires you to first identify current internal controls and determine whether they’re being followed. Then decide whether you need to mandate greater adherence to existing controls or add new rules.
For example, say you’ve determined that the vendors your business engaged in April and May weren’t subjected to sufficient due diligence. You may simply need to remind managers of your controls, retrain them, or prohibit management overrides. On the other hand, the pandemic may have exposed gaps in controls that allow sloppy or even intentionally criminal workers to engage suppliers. To ensure the timely resolution of control gaps, assign responsibility for remediation to an individual with the authority to resolve them, such as the owner or Chief Operating Officer. You may also consider hiring outside fraud experts to help close your business gaps.
We are Here to Help
The COVID-19 pandemic has added many considerations for organizational leaders, but it is important to continue to mitigate your risks. That is one of the many reasons we are here. Contact us for assistance in assessing and upgrading internal controls.
Fill out the form below for more information.
© Copyright 2020 Thomson Reuters.