Jun 22, 2021

Prewave: The Supply Chain Due Diligence Act, Are you Ready?

2 min
Prewave's new white paper on Germany's new supply chain diligence law provides an overview, strategies, goals and solutions for procurement leaders

If you haven’t yet heard, on June 11, Germany enacted new supply chain legislation that holds German multinational corporations legally responsible for human rights and environmental abuses across their supply chains.

Regulating the liabilities companies based in Germany for human rights violations in their supply chain, Lieferkettengesetz (the German supply chain due diligence law) will come into effect in 2023. 

A new white paper from Prewave, a cloud-based, real-time supply chain risk intelligence platform, outlines the details of the topics covered under law, what exactly will be required, and how the law is being enforced and the penalties.

What areas is the law covering?

  • Bodily integrity and health
  • Freedom of association and the right to collective bargaining
  • Fair working conditions (safety at work, breaks)
  • Freedom from torture, slavery and forced labour
  • Protection of children and freedom from child labour
  • Environmentally related obligations to protect human health

Supply Chain Risk Management

A key highlight from the report: “The supply chain due diligence law commits companies to implement an obligatory risk management system. The higher the risk for human rights violations in their supply chains, the higher the need for more in-depth the risk management system and measures. Companies are liable, if issues could have been prevented with appropriate preventative measures. The level of liability decreases with the supply chain depth. The law differentiates between violations at ones own company, the direct suppliers or the further supply chain”. 

“Companies have to regularly evaluate and monitor the risks in their supply chains and react quickly once an issue arises. If the monitoring results in an alert at a supplier, a risk analysis for this supplier has to be conducted. Risk management in terms of the supply chain due diligence law accordingly means creating understanding the supply chain by creating transparency as well as continuous monitoring of the supply chain”. 

The report also offers key questions you should be asking and courses of action you should be taking, such as gaining transparency beyond tier 1 suppliers, supplier data management and supply chain monitoring.

Whether the new law applies to you or not, customers, employees, and our planet are demanding action. gaining transparency and mitigating the risks that lay within your supply chain should no longer remain an option. The report provides valuable guidance to all looking to mitigate their supply chain risks.

Download Everything you need to know about the Lieferkettengesetz.

Share article

Jun 29, 2021

AICPA: The State of Risk Management

4 min
We take a look at AICPA's 2021 State of Risk Oversight report to see how companies are getting along in their Enterprise Risk Management (ERM) processes

In the fall of 2020, the American Institute of Certified Public Accountants (AICPA)surveyed 420 members of the AICPA’s Business and Industry group who serve in chief financial officer or equivalent senior executive positions representing different sizes and types of organisations— resulting in The  2021 State of Risk Oversight report.

Let’s review its key findings.

First, to ensure a clear understanding of our starting point, let’s review the drivers.

The report states that “risk volumes and complexities are at their highest level in 12 years, increased by significant events tied to COVID-19, social unrest, national elections, extremely low-interest rates, and a host of other risk triggers – no type of organization is immune”.

The supply chain disruptions brought on by the global pandemic changed the nature of top risks, with core operations having been significantly impacted by risk events, highlighting the need for improved risk management and continuity of business plans.

Organisations are also facing further pressures from stakeholders to provide more information on risk and mitigation strategies.

Despite the well-accepted need to better prepare for the unforeseen, only 30% of respondents report they are “mostly satisfied” or “very satisfied” with their organization’s Key Risk Indicators (KRIs).

From JIT to JIC—  When in Doubt, Stock

It’s been said that a companies shortcomings can be seen in its safety stocks. Safety stocks or increased inventory levels have their time and place and are a legitimate mitigation tactic. However, companies are often quick to jump from JIT to JIC in place of evaluated, strategic decision making where trade-offs are consciously made based on organisational objectives and values.

Although there is a growing trend towards increasing safety stocks and buffering supply chains, the report states that the majority of organisations have not taken the extra step of aggregating risk information to an enterprise-level inventory of top risks. Organisations continue to struggle in integrating a more formal risk management approach and implement strategic action plans.

Financial services aside, most companies are not considering risk exposure when evaluating possible strategic initiatives or making capital allocations. i.e., risk is not even considered when making some of the business’s most important decisions.

Critically for Procurement, who are often in the position of having to make those critical tradeoffs, most organisations do not formally articulate tolerances for risk-taking as part of their strategic planning activities. 

The report also highlights that there is considerable room for improvement when it comes to mitigating reputation and brand risk.

ERM— We’ve come some of the way, baby…

  • • While progress has been made in implementing complete ERM processes, more than two-thirds of organizations surveyed still cannot claim they have “complete ERM in place.”
  • • Public companies and financial services organisations exhibit the biggest move towards ERM in 2020. 
  • • With the exception of non-profit organizations, most types of organisations believe their risk management oversight is more robust or mature than any of the prior four years. But we aren’t quite there yet...
  • Fewer than half of respondents describe their organisation’s approach to risk management as “mature” or “robust.” 

The Impact Culture on Risk

Some organisations believe other priorities stand in the way of more advanced risk management and that risk is managed in more informal ways, impeding the move to ERM.

The report also indicates that most organisations fail to provide training or guidance on risk management. This can potentially lead to a lack of understanding of the imperativeness of proactive risk management efforts and their ability to improve a companies performance.

Furthermore, risk management is not incentivised, with few organisations embedding risk management incentives into performance compensation arrangements.

There seems to be a misalignment between a companies tolerance for risk and its risk management actions. Despite the majority of organisations describing their risk culture as “strongly risk-averse” to “risk-averse”, only a minority of respondents describe their risk management processes as “mature” or “robust.”

So, it would seem, organisations are aware of the heightened need for risk management, consider themselves to be  “risk-averse”, even perhaps strongly so, yet have immature risk management processes and a culture that impedes progress.

The question remains, what, if anything, will companies do about it?

For a detailed analysis that provides helpful perspective and benchmarking on risk management, download the  2021 State of Risk Oversight report.

Share article