The weakest link? Internal audit and supply chains

Global supply chains touch every part of our lives – from the cars we drive to the computers and machines we work on, to the food we eat, the medications we take and the beds we sleep in. We sit in chairs shipped from China and drink tea grown in India, while wearing clothes made from Italian yarn, knitted in Romania and sold across the world.

The need for strategic, adaptable and ethically grounded supply chain management has therefore never been greater. Organisations and their internal audit functions must work hand in hand to ensure that supply chains are not only efficient and robust, but also aligned with the imperatives of sustainability, social responsibility and ethical governance. This is no longer just a logistical concern, but a strategic priority crucial for enduring success in a rapidly evolving global environment.

The increasing complexity and importance of supply chain risk has prompted the Chartered IIA to produce two new reports, “Supply Chain Security and Resilience: Harnessing the Potential of Internal Audit” and “Supply Chain ESG Risks: Harnessing the Potential of Internal Audit”. These could not be more timely or relevant. They highlight critical issues already impacting supply chains and offer key strategies that can embed sustainability and resilience into an organisation’s supply chain risk management.


Geopolitics and global crises

Recent years have given us many stark illustrations of the inherent vulnerabilities embedded within global supply chains. The Covid-19 pandemic acted as a watershed moment, triggering widespread supply chain disruption and demonstrating the limitations and fragility of existing systems.

Throughout 2022 and 2023, these supply chain challenges were further exacerbated by escalating geopolitical tensions. The conflict in Ukraine not only disrupted regional trade, but also had far-reaching impacts on global supply chains, particularly within the energy and agricultural sectors.

Adding to these complexities is the volatile situation in the Red Sea. Since November 2023, attacks on commercial vessels in the southern Red Sea have prompted the largest shipping companies to take other routes, significantly increasing shipping costs and transit times. With 12% of global trade, including vital energy and container ships, affected, this maritime disruption shines a light on the fragility and interconnectedness of supply chains.

CEOs are taking notice. A PwC survey found that 46% say they are considering supply chain adjustments to dodge geopolitical disruptions. These events are wake-up calls that underline the urgent need for agile, adaptable supply chain models that can weather global storms.

 

ESG considerations

In the face of these realities, there’s also a rising chorus of people emphasising the importance of reinforcing supply chain resilience and integrating environmental, social and governance (ESG) considerations into supply chain management. The urgency of these issues was recently highlighted at the climate conference COP28, which brought ESG risks to the forefront of corporate strategy.

As climate change increases the number and likelihood of extreme weather events and makes severe climate impacts more unpredictable, businesses are facing ever more challenges to managing their supply chains effectively. Whether the problem is a drought impacting the Panama Canal and disrupting global trade routes, or extreme weather in Europe and North Africa leaving UK supermarket shelves empty, the effects of climate change are already having a tangible impact on supply chains.

At the same time, recent supply chain scandals have highlighted the severe reputational consequences that some organisations may face if they don’t take their supply chain ESG risks seriously enough. Fast-fashion retailer Boohoo found this out when it gained negative press for “breaking its promises” to make clothes fairly and ethically. Stronger legislative requirements and public scrutiny are making corporate attempts to greenwash facts as a substitute for real action increasingly futile.

 

Tech solutions (and problems)

Technology also plays a pivotal role in this evolving landscape. The advanced and unprecedented capabilities of data analytics, artificial intelligence (AI) and blockchain are providing essential tools for improving the way organisations manage ESG risks. New powers to track, report and ensure compliance with ESG standards are enhancing transparency and accountability across complex supply chain practices. For instance, blockchain technology can create a transparent and binding ledger of a product’s journey, ensuring ethical sourcing and adherence to environmental protocols.

Simultaneously, AI and data analytics are emerging as powerful tools for predicting environmental impacts on supply chains, allowing organisations to mitigate potential disruptions proactively.

However, technological integration creates its own challenges. The escalating frequency and severity of cyber attacks, particularly ransomware attacks targeting supply chains, pose a significant and growing threat. The shortage of digital expertise within many organisations leaves them exposed. A poignant example is the June 2023 attack on MOVEit, a third-party software provider. This affected over 620 organisations, including well-known companies such as the BBC, Boots and British Airways.

Economic factors, demographic shifts and changing market dynamics add further complexity to the already vexed issue of supply chain risk management. The challenge for organisations is to strike a delicate balance between maintaining cost-efficiency and building resilience so they can react to, and meet, evolving market demands and consumer expectations. These too are increasingly highlighting the value of sustainability and ethical practices in supply chains.


Internal audit’s role

Internal auditors must take an active role to support their organisations as they navigate these evolving risks. As supply chain management becomes more important, and knowledge of supply chain risk develops, the role of internal audit becomes increasingly crucial. Internal auditors are uniquely positioned to assess the resilience of supply chain strategies, ensuring that these can withstand global crises.

The Chartered IIA’s new reports offer a balanced perspective and practical guidance to help organisations navigate the complexities of modern supply chain risk management. For boards and senior management, the reports underscore the key role of internal audit and the importance of an approach that integrates risk management, leveraging technology and innovative strategies to embed resilience and ESG considerations into the fabric of supply chain risk management.

 

Key actions for internal auditors

  • Comprehensive risk management. Conduct regular, detailed evaluations of supply chain risks, integrating both traditional operational risks and ESG-related factors. This includes assessing risks from geopolitical conflict and environmental changes to conducting supplier contract audits and evaluating supplier monitoring processes.
  • Strategic supplier engagement and oversight. Enhance supplier management processes with robust due diligence, focusing on resilience, ESG compliance and ethical practices. Regularly review supplier networks for both security and sustainability criteria.
  • Technology and cyber security oversight. Critically assess the integration of new technologies in supply chains, focusing on enhancing efficiency while ensuring robust cyber security measures to mitigate digital threats.
  • Crisis management and business continuity planning. Develop, review, and test crisis management and business continuity plans for potential supply chain disruptions, including those related to climate change, political unrest and market volatility.
  • Legal and regulatory compliance. Ensure supply chain activities adhere to current environmental, social, governance and cyber security laws and standards, both locally and internationally.
  • Sustainability and Net Zero initiatives. Audit the organisation’s efforts in environmental sustainability, including carbon footprint reduction and progress towards Net Zero goals. Assess how these efforts are integrated into supply chain strategies.
  • Data analytics and transparent reporting. Leverage advanced data analytics for deeper insights into supply chain risks and performance, ensuring accurate and transparent ESG and operational reporting.
  • Advocacy for ethical and social responsibility. Promote and ensure the organisation’s commitment to ethical standards and social responsibility within supply chains, particularly in labour rights, anti-corruption and fair trade practices.
  • Global and regional trend analysis. Maintain awareness of global and regional trends affecting supply chains, including economic factors, market dynamics and evolving consumer demands.
  • Collaborative approach for ESG and security integration. Facilitate cross-departmental collaboration to integrate ESG considerations and security measures effectively into supply chain strategies, enhancing overall resilience and compliance.
  • Continuous professional development. Encourage ongoing learning and development in supply chain management, ESG issues, and emerging technologies to ensure internal audit functions remain effective and relevant.

Mo Warsame is Senior Policy and Public Affairs Executive at the Chartered Institute of Internal Auditors.

 

This article was published in March 2024.