by Norman Katz, CFE, Katzscan Inc.
Instead of asking the question "What is integrity?” let's take a look at how integrity is defined based on its application to supply chain management.
The supply chain, as I view it, exists both internal and external to an organization’s walls, encompassing the movement of raw materials, components, finished goods, and monies. The concept of the “supplier” and the “customer” applies both externally and internally.
For example, the customers of Information Technology (IT) and Human Resources (HR) are the other departments, with IT and HR providing mostly services. The Quality Assurance (QA) department can be thought of as a supplier to inventory or manufacturing, and should be providing only first-quality goods to its “customers”, just like the external supplier whose raw materials the QA department is qualifying.
The internal and external supply chain is generally supported by an Enterprise Resource Planning (ERP) system, where an organization stores its suppliers, customers, finished goods, and raw materials, and whose functions include accounting, sales orders, purchase orders, manufacturing, distribution, and receiving. Application security typically includes the ability to create functional groups of users with varying combinations of base capabilities to add, change/modify, view, and delete data.
The definition of integrity may be broader than the largest global supply chain, but I like the one provided by Doug Ross, of Principle Dynamics who describes integrity as something that has “wholeness, consistency, and objectivity”. As we look at integrity in the supply chain, these components become integral characteristics of a successful supply chain or, in other words because the supply chain is both internal and external and spans all operational functions, a successful organization.
Bringing integrity into the supply chain means several things:
- The supply chain is viewed holistically as per the definition here of the supply chain being internal and external. While it is definitely comprised of connected links, it exists as a whole. A hiccup in one of the links early in the supply chain can have a ripple effect on a link further down the chain.
- The supply chain must be consistent. This means that there cannot be any broken links (processes). This requires converting paper-based or manual processes to those that produce electronic data, and having that data flow intact through all computer systems.
- The supply chain becomes objective when we treat the external and internal supply chains equally: exceptions are reduced, if not eliminated, and the benchmarks the organization holds its external supply chain partners to are equal to those set for the internal supply chain departments.
Supply Chain Wholeness
In 2007 there began a series of tainted consumer product scandals, mostly from the Far East. Muffins with shredded cardboard as filler, toothpaste with an antifreeze component, unsafe chemicals in canned foods from pet food to seafood, children’s toys painted with lead-based paints, etc. In each case the wholeness of the supply chain was broken due to supply chain fraud .
Yes, there were payoffs and bribes and corruption at various levels in the Far East, but that’s really just the start of our broken chain. What comes to my mind is why these tainted products were not caught until after they were purchased and used by consumers? Could quality assurance testing at other points in the supply chain have caught these problems? My opinion is that the answer is “yes”, but then why wasn’t it?
Perhaps there was more than one kind of fraud at work, and perhaps the frauds were perpetrated by a variety of individuals for different reasons. For example, if the executive management of the consumer products company failed to adequately fund quality assurance inspection departments with appropriate staff and equipment, is this fraud? (A very likely answer is “yes”.) Too much focus on analysts’ profit and performance expectations, cost-cutting maneuvers, overly aggressive and ill-conceived compensation plans could be some of the causes. What was the risk management analysis in deciding to outsource manufacturing? Was there some (incorrect) assumption that the organization’s overall responsibility would be outsourced along with product development? How much integrity does an organization show that puts profits and shareholder value ahead of the health and well-being of its consumers? Again, where was the risk analysis?
Supply Chain Consistency
According to the Association of Certified Fraud Examiners a key tactic in reducing fraud is the perception of detection. This means that a monitoring program should be performed with adequate frequency and thoroughness without being an obstacle to performance. (Hint: Avoid the “dummy camera” syndrome! Once this perception of detection is discovered to be false, fraud will re-occur or increase and the organization’s fraud-fighting integrity as it relates to the overall “tone at the top” will be compromised.)
Supply chain links that are paper-based do not contribute data which can be used to perform validations and cross-checks. Thus, from a data flow standpoint, the supply chain is inconsistent. In the purchasing supply chain, for example, primary links include the generation of the purchase order, the physical shipment, the advance ship notice (electronic bill of lading), the receipt, and invoice payment. We use available technologies such as Electronic Data Interchange (EDI) and barcode scanning to extend our ERP system functions and convert paper-based processes to electronic data. The following validations and cross-checks are now available to us:
- PO to: ASN, Receipt, Invoice
- ASN to: Shipment, PO, Receipt
- Receipt to: Shipment, ASN, PO
- Invoice to: PO, Receipt, ASN
Consistency in our supply chain is important to achieve both at the entity level and the activity level. In the above example, the entities include the purchasing, receiving, information technology, and accounting departments. The activities include purchase order generation, inventory receiving, data processing, invoice acceptance, and invoice payment.
Consistency at the activity level is attained through business software application security: assigning the appropriate rights (add change/modify, view, and delete) to the appropriate user based on the roles and responsibilities that user is charged with. (Users may belong to functional groups where security settings are established too.) A user’s roles and responsibilities as defined in a business software application, such as an ERP system, should be aligned with the user’s job description as maintained by the HR department.
Consistency at the entity level is achieved by looking at how an entity’s business processes function and the technology tools available to perform these functions. In the case of the purchasing department, all purchase orders should be generated in similar ways: the purchase order for raw materials should be little different, if at all, to the purchase order for technology services. If this is not the case, the reasons why must be uncovered and the exceptions exposed and resolved through a mix of technology and process realignment solutions.
Consistency as described here should have a great impact in reducing fraud. At the activity level, user security will help prevent someone from committing fraud through data manipulation. At the entity level, because of the activity-based security, the commission of a fraud will more likely require collusion. With a forced separation of responsibilities – another strongly suggested tactic by the ACFE for reducing fraud – consistency makes fraud harder to commit.
Further, with greater consistency in our operations, frauds are more likely to stand out. Fraud is easy to commit when things are in disarray, from a messy warehouse to lots of paperwork to poor procedures. As these situations are corrected, fraudsters will find it harder to commit fraud. The organization, through these corrective actions, actually begins a healing process, and the positive psychological impact to the honest employees cannot be overlooked.
Consistency breeds integrity; it nourishes integrity; it grows integrity.
Supply Chain Objectivity
Too often the roadblocks to success are pride and politics. Pride may not allow us to admit we’re wrong or we don’t know something and need help, and politics prevents us from asking for help when we need it, sometimes for fear of retribution. In an integrity-based organization, pride and politics would be abolished. Pride and politics are just two of the inhibitors to objectivity in the supply chain.
Just because something is legal to do, does not mean that it is ethical to do. Just because we can do something does not mean that we should. An objective look at our supply chain should remove exceptions (which likely exist due to politics) even within our own areas of responsibility (within which there should be great pride). Objectivity in the supply chain may mean taking on additional tasks because it makes good sense on the whole.
Very often, external suppliers are held to unrealistic standards that are documented in vendor compliance guidelines with internal supply chains not bound by the same benchmarks. External suppliers are typically found guilty until they prove themselves innocent of compliance violations, often times being monitored and judged by unqualified persons and faulty technologies. One can easily see the lack of integrity in the double-standard that external suppliers are held to versus their internal counterparts.
By being objective and considering what is best for the organization, management by exception becomes exception management: the vast majority of transactions simply happen, flowing through systems and processes almost automatically. Exceptions are handled as they happen, which should be rare, and are objectively analyzed to determine why they are the exception and if they can be folded into normal operations processing. This should lead to the organization realizing an overall reduction in operating costs and an increase in efficiency and throughput.
Supply Chain Integrity
Bringing integrity into the supply chain also provides benefits in the following areas and supports the following initiatives:
- Corporate Governance – An organization’s ability to create financial statements and disclosures on a timely basis with accuracy and reliability
- Risk Management – The ability to expose potential risks and then to address these risks on a timely basis before disaster strikes
- Regulatory Compliance – Ensuring that industry and government regulations are adhered to
The need for integrity in organizations is everywhere and is supported by various initiatives and laws developed after the meltdowns of corporations severely lacking in integrity. One of the key aspects of the Committee of Sponsoring Organizations (COSO) framework, widely used for Sarbanes-Oxley compliance – the Control Environment – deals specifically with the integrity, ethics, competence, philosophy, and style of management.
Organizations that lack integrity become a breeding ground for fraud against the organization and its employees, customers, and suppliers. Small frauds turn into larger frauds as the perpetrators find them easier to commit and become reliant on the extra income to support their growing but unaffordable new lifestyles. The “social structure” of the organization breaks down possibly to the point of no return. And when the norms of society are replaced by unethical and criminal behavior, everyone ultimately looses.
Norman Katz is a private investigator, Certified Fraud Examiner (CFE), and president of Katzscan , a consulting firm located near Fort Lauderdale, Florida, and specializing in Barcode Applications, Electronic Data Interchange, Supply Chain Vendor Compliance, Turnaround Management Help , Supply Chain Fraud Detection & Reduction , Business Operations & ERP Systems, and Data Conversions & Data Reporting.
Norman can be reached at 954-942-4141 or via e-mail email@example.com.