Supplier Assessment & Improvement Plans

Supplier Assessment & Improvement Plans

In today’s socially connected world, the pace of information availability and exchange continues to rise to levels never before experienced. Along with this velocity comes greater expression towards companies to continue investing in and improving their social responsibility—as they are considered the vanguards of change.

Within the field of supply chain management, companies with a public brand presence are held to high expectations for their supply chain stewardship by their many stakeholders. Against this backdrop, IBM continues developing and refining its supply chain initiatives that support our beliefs and those of our stakeholders.

The following examples highlight a number of these activities that we engage in with our many suppliers as we work and continually encourage continuous improvement in order to meet these heightened expectations.

Global Supply Social and Environmental Management System

Three years ago, IBM Global Procurement introduced its Social & Environmental Management System (S&EMS) program to its vast network of existing and newly on-boarded suppliers. The S&EMS program requirements can be summarized as follows:

In November 2013, IBM's S&EMS successfully completed its second ISO 14001 surveillance audit conducted by Bureau Veritas, which has resulted in IBM’s continued ISO certification.

During 2013, IBM's S&EMS program received the following internal and external recognition:

Supply Chain Social Responsibility

IBM’s dedication to Supply Chain Social Responsibility (SCSR) has been part of our corporate and procurement strategy since 2004. Year by year, we have assessed an ever larger footprint of our supply chain in the developing world and we believe this has driven upstream improvements in conditions for thousands of people employed in the extended supply chain.

2013 represented a transition year in our SCSR evolution with three significant changes occurring sequentially over the twelve-month period. During the first quarter, we introduced the Electronic Industry Citizenship Coalition (EICC) Code of Conduct to our Services and General Procurement suppliers and retired the IBM Supplier Conduct Principles for this segment of suppliers. The transition to the EICC Code (for Service and General Procurement suppliers) matched the change we made with our Production Procurement suppliers in 2010 and allowed us to standardize on a single code for all of IBM’s suppliers worldwide. In the second quarter we migrated to the EICC’s Validated Audit protocol for our Services and General Procurement—again matching the use of the EICC audits we had with our production suppliers since June 2010. This dual implementation of EICC audits continued to build upon IBM’s longstanding endorsement of the industry standard social audit, and further solidified our leadership position in using this protocol as our exclusive means to assess suppliers’ compliance to the EICC Code. In the third quarter, we provided a longer-range outlook to suppliers on the sites for which we would be requesting EICC audits, in order to give them the time to plan and contract with the EICC for these assessments, as part of their ongoing social responsibility activities.

In 2013, the total number of full-scope audits across the nine-year span reached 1,683, with cumulative results illustrated in the chart below. These assessments measured supplier compliance to the Electronic Industry Citizenship Coalition (EICC) or the IBM Code of Conduct (prior to 2010 and 2013, as described in the paragraph above.) IBM is a major user of the EICC’s Validated Audit Process, directing all hardware supplier assessments (and for Services and General procurement suppliers from second quarter 2013) through this collaboratively developed approach that provides a common process for sharing results and eliminating costly duplicate assessments. In 2013 we included in this cumulative total second-, third-, and fourth-cycle full-scope audits (versus only initial full-scope audits) as a reflection of IBM’s practice of including social assessment as part of its ongoing business engagement with its supplier base. Assessments have engaged suppliers in 34 growth market countries as listed at the bottom of the following chart.

1,683 full scope audits measuring supplier compliance from 2004 through 2013

Audits were performed in the following countries or territories: Argentina, Brazil, Bulgaria, Chile, China, Colombia, Costa Rica, Czech Republic, Dubai, Hong Kong, Hungary, India, Indonesia, Kenya, Korea, Madagascar, Malaysia, Mauritius, Mexico, Nigeria, Peru, Philippines, Poland, Romania, Russia, Singapore, Slovakia, Slovenia, South Africa, Taiwan, Tanzania, Thailand, Turkey, and Vietnam.

In 2013, IBM engaged its suppliers in 83 full-scope audits and 118 re-audits for a total of 201 assessments in 23 countries or territories. China was the most active for audits and re-audits, followed by Malaysia, Mexico, Singapore, Taiwan, and Thailand. Almost every country in 2013 had re-audit activity, continuing a trend from prior years as we ensure re-audits follow any full-scope audits with noncompliance.

1,683

full scope audits measuring supplier compliance from 2004 through 2013

2012 IBM SCSR Completed Audits by Country

Of the 83 full-scope audits IBM managed with its suppliers in 2013, at year-end, reports were in hand for 74 audits. The results of the 74 full-scope audits are illustrated in the following chart. In comparison with the cumulative data (2004-2013), the 2013 full scope audit results had a comparatively higher degree of noncompliance than the historical data. This is primarily a result of the change in assessment protocol for our Service and General Procurement suppliers to the EICC audit protocol as described in the opening paragraphs. The EICC code and the associated audit protocol have a larger number of questions and therefore was a deeper assessment. The Service and General Procurement audits comprised approximately a third of the 74 full-scope audits conducted in 2013. For each noncompliance found in the audit, the EICC audit report provides not only a description of the finding, but also, very importantly, a cross-reference to the specific aspect of the EICC code and/or the local regulation that it pertains to. This proves to be very effective in enabling the supplier to isolate the root cause of any noncompliance and to work on effective improvements. Many of the audit findings were related to proper establishment of policies and practices, such as in forced labor (having an implemented and communicated policy on human trafficking, for example) or in management systems (having documented goals, objectives, metrics, periodic reviews, and tracked actions). The major findings in the child labor provision were associated with noncompliance to policies and practices to fully investigate pre-employment age documentation. In no instances were underage workers found in these audits during 2013. In the category of working hours, the 2013 assessments continued to illustrate the steady progress suppliers are making toward full compliance with the EICC code. Overall, IBM’s efforts in communicating code compliance begin at the initial stages of supplier engagement and are part of regular business reviews at the functional and executive levels. This ongoing and frequent focus on social responsibility and the commitment of our suppliers has helped lead to many improvements. Audits continue to play a valuable role in providing our suppliers with objective, third-party evidence to determine if their operations are still compliant or in need of further improvement.

Supplier Initial Audit Results

IBM’s supplier assessment activity follows the prescribed methodology of the EICC, whereby audited suppliers create and submit a Corrective Action Plan (CAP) for all incidents of noncompliance discovered in the full scope audit. The CAP links noncompliance back to its root cause and enables the supplier to create meaningful targeted improvements, and ultimately test their effectiveness by means of a closure or re-audit. During 2013, 175 supplier CAPs were reviewed and accepted within 90 days of submission.

The effectiveness of our audit/CAP/re-audit practice is illustrated by comparing the “before and after” results of suppliers experiencing a complete cycle, as shown by the chart below. Re-audits conducted during 2013 at 112 Production and Services and General Procurement suppliers are compared with their full-scope audits (conducted over the 2011-12 timeframe). For ease of reading and comparison, only major noncompliance results are depicted in the chart.

Comparison of 112 assessments measuring initial supplier compliance versus re-audits compliance

With regard to a number of code provisions, the re-audits that indicated major noncompliance were completely remediated in freedom of association and child labor. In all other code areas, substantial reductions in noncompliance were achieved, including a 60 percent improvement in working hours compliance, a 75 percent improvement in health and safety compliance, an 80 percent improvement in management systems (labor and ethics), an 84 percent improvement in ethics, and an 85 percent improvement in wages and benefits compliance.

At the conclusion of the re-audits, working hours remained the largest area of noncompliance. While this is unsatisfactory, it is consistent with our knowledge of the challenges associated with full resolution on a global basis, especially in developing markets. In particular, China poses the greatest hurdle for complete compliance in working hours—however, we believe that much progress has been made by our suppliers in China with substantial reductions in total hours worked and greater adherence to rest day requirements.

Overall, 63 percent of re-audited suppliers (in 2013) resolved all major noncompliance issues after completion of one cycle—a significant achievement. IBM Global Procurement has contingency plans for its suppliers that remain noncompliant after a re-audit, and each is handled with great attention. Our leadership team tracks and reviews the results of all supplier assessments (full-scope and re-audits) on an ongoing basis. Reports are compiled and reviewed on a monthly basis with executives and on a quarterly basis with IBM’s Chief Procurement Officer.

2013 Center of Excellence for Product Environmental Compliance

IBM’s global Center of Excellence (CoE) for Product Environmental Compliance has end-to-end responsibility for meeting product-related government environmental requirements. The CoE’s mission includes the development of strategy, processes, deployment plans, research and development of alternate materials and technologies, and education and training materials. The CoE also is an active member of industry and regulatory bodies around the world. Year over year, environmental regulations continue to increase in number and complexity.

The types of product regulations that IBM's Center of Excellence for Product Environmental Compliance addresses include prohibited substances, restricted chemicals, nanomaterial, product take-back, batteries, power, and energy programs. In 2013, IBM successfully executed its highest number of year-on-year regulations (approximately 120). In 2013, the CoE kicked off an activity in support of the expiring European Union Restriction of Hazardous Substance exemptions designed to restrict the use of hazardous substances in electrical and electronic equipment. The CoE members continue to participate in industry consortia and advisory committees to assist, where possible, in pending regulatory or technology developments. The CoE continues to develop new and innovative ways to work with the industry to deliver product-compliant products. To this end, the CoE has developed various software solutions to track and collect product data, and it utilizes those tools to rapidly optimize data availability, streamline inquiries, and drive data accuracy. Ongoing, the CoE works in conjunction with an extended matrix of IBM professionals around the world to best deliver the right technology on time to meet the ever-increasing number of regulations. As of January 1, 2014, all IBM servers, storage and mircoelectronics products shipped globally were compliant with the applicable product environmental regulations in the countries IBM does business in.