Gap Analysis in Supply Chain Management

Wednesday, August 17, 2011

Mary Shaddock Jones

5029f8f9d65d988cb378fc0290f86cc4

Identification of Legal and Regulatory Risks: Gap Analysis with the Supply Chain Management Department

On July 21st I wrote a blog titled “Identification of Legal and Regulatory Risks: Gap Analysis with the Human Resources Department”.

Today I turn my attention to the Supply Chain Management Department. There is no question but that international trade is more prevalent now than ever before.

In many industries, international trade is more of a necessity than a luxury. The ability of a company to compete and financially grow in a particular industry may depend upon tailoring a program to buy and sell goods and services from and to companies and consumers in other countries.

There are numerous laws (international, federal, state and local) that employees within the Supply Chain Management (“SCM”) Department are required to comply with in order to perform the responsibilities inherent in their jobs.

How does the Compliance Department make certain that the Supply Chain Management Department as a “risk center” and the employees as “risk owners” have a system in place to know, abide by and monitor the compliance of the laws under their domain?

Here are a few questions that the Compliance Officer may pose to the SCM department in order to perform a gap analysis regarding policies and procedures:

(Note: many of the questions listed below are similar, if not identical, to the ones I posed for dealing with the HR department. Obviously, there are overlapping questions, but it is important to document that the question has been asked and answered with all “risk centers’).

1. Does the SCM department have an inventory of policies, procedures, laws and regulations covering supply chain related matters applicable to the company’s business?

2. If yes, do you have a specified person who is in charge of updating the inventory?

3. If no, what system does the SCM department utilize to ensure that it is aware of the various laws and regulations and has a process to comply with them?

4. What evidence would the SCM department be able to produce to the government to support a finding that the company has a solid compliance program for applicable supply chain laws and regulations?

5. What types of enforcement actions are predominate in the supply chain arena? How does the SCM department track such actions? (i.e. import and export requirements; customs; freight forwarding, port clearances, “deemed exports”, blocked persons; etc.)

6. Are employees within the SCM department specifically trained to understand compliance requirements applicable to the supply chain arena?

7. Does the SCM department provide senior management with periodic updates on the monitoring of results, key risks, and compliance violations within SCM?

8. Has the SCM department established some type of escalation criteria to ensure that high-risk issues are reviewed at the corporate level?

9. Does the SCM department have compliance monitoring standards in place? Does the SCM department perform periodic audits to ensure that the policies and procedures are being complied with?

10. Do any of the following laws impact the SCM department? Foreign Corrupt Practices Act; Embargo; Anti-Boycott; Anti-Money Laundering; Export Administration (such as ITAR, EAR and OFAC or “deemed exports”?); Custom and Import laws?

These are only a few of the questions that you may want to ask to begin the process of assessing what laws and regulations applicable to the Supply Chain Management Department apply to your company.

In addition, I am always looking for good resources so that I don’t have to recreate the wheel. Here are a few that I found searching the Internet that may be of assistance in identifying legal and regulatory requirements applicable to SCM department.

  • “Getting the Deal Through Online” http://www.gettingthedealthrough.com/ - This website (free for in-house counsel according to the website) provides international guides to law and regulation in 45 practice areas and more than 100 jurisdictions. There are books addressing Public Procurement, Anti-Corruption; Mining; Oil; and Gas Regulation to name a few. Each book is written in a question and answer format addressing many common issues that arise with the particular topic of the book. Each chapter focuses on one of the various international jurisdictions highlighted.
  • Gregory Husisian, Foley & Lardner, LLP, wrote a great article in January 2009 “Coping with U.S. Regulation of International conduct: Compliance Strategies for the Foreign Corrupt Practices Act, Export Controls, Sanctions, and Anti-Money Laundering Laws and Regulations”.

My final suggestion is to work with the Supply Chain Management Department (and possibly the Audit) department to have a consolidated “Supply Chain Management Compliance Audit Checklist” that can be used to audit (and document) the company’s SCM Compliance Program.

When in doubt, contact a good attorney both in the U.S. and locally in whatever foreign country you are operating, and have them review the SCM Compliance Audit Checklist. Enlist their help in keeping you advised of changes in the applicable laws and regulations, which apply to the SCM department of your company.

The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and document, document, document.

Mary Shaddock Jones, Attorney at Law can be reached at 1202 Kirkman St. Suite C, Lake Charles, LA 70601 or via email at msjones@msjllc.com or via phone at 337-515-8527.

Cross-posted from Tom Fox Law

Possibly Related Articles:
20775
Enterprise Security
General Legal
Legal Compliance Risk Management Supply Chain Gap Analysis SCM
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.