Supplier assessment and improvement plans

In today's socially connected world, information availability and the exchange of ideas continue to rise to levels never imagined a decade ago. In this era of omnipresent communication, we see heightened expectations for companies to continually invest in and improve their social responsibility — both internally and upstream through their extended supply chains.

Against this backdrop, IBM continues developing and refining its supply chain initiatives that support our beliefs and those of our stakeholders. The following examples highlight a number of activities that we engage in with our suppliers as we encourage continuous improvement in order to meet these heightened expectations.

IBM's Social and Environmental Management System for its suppliers

In 2010, IBM established a requirement that first-tier suppliers create a management system to address their social and environmental responsibilities. Our objective in establishing this requirement was to help our suppliers build their own capability to succeed in this area. Suppliers are required to:

  • Define, deploy and sustain a management system that addresses intersections with employees, society and the environment; integration and compliance to the Electronic Industry Citizenship (EICC) Code of Conduct is part of their management system.
  • Measure performance and establish voluntary, quantifiable environmental goals in the areas of waste, energy, and greenhouse gas emissions.
  • Publicly disclose results associated with these voluntary environmental goals and other environmental aspects of their management systems.
  • As part of their management system, conduct self-assessments, audits, and senior leadership reviews of their system.
  • Encourage first-tier suppliers to cascade these requirements to their own suppliers.

More information on these supplier requirements may be found on IBM's supply chain environmental responsibility webpage.

During 2014 we received submissions of management systems materials from over 1,500 new suppliers primarily from our Services and General Procurement sector of the supply chain.

Supply chain social responsibility

Supply chain social responsibility has been part of our corporate and procurement strategy since 2004. IBM endorses the Electronic Industry Citizenship Coalition (EICC) Code of Conduct for its internal operations and requires the same of our direct suppliers. IBM communicates code compliance at the initial stages of supplier engagement and compliance — or progress on any plan implemented to achieve compliance — is part of regular business reviews at the functional and executive levels. This ongoing and frequent focus on social responsibility and the commitment of our suppliers has helped lead to many improvements. Audits continue to play a valuable role in providing our suppliers with objective, third-party evidence to determine if their operations are still compliant or in need of further improvement.

Year by year, we have assessed a growing percentage of our supply chain in the developing world, and with the resulting improvements made by our suppliers, this has driven upstream improvements in conditions for thousands of people employed in the extended supply chain.

In 2014, assessments to the EICC Code of Conduct took place simultaneously for both our Services and General Procurement suppliers, and those in the Production and Logistics Procurement supply chain. IBM continued its longstanding endorsement of the electronics industry standard social audit, and further solidified our leadership position in using this protocol as our means to assess suppliers' compliance to the EICC code. In 2014 we provided a long-range outlook to suppliers for the sites where we would be requesting EICC audits, in order to give them the time to plan and contract with the EICC for these assessments, as part of their ongoing social responsibility work.

In 2014, the total number of full-scope audits in the 10-year time frame reached 1,811, with cumulative results illustrated in the chart below. These assessments measured supplier compliance to the EICC code — and in earlier years to IBM's Supplier Conduct Principles. IBM is a major user of the EICC's Validated Audit Process, directing code-related supplier assessments through this sector-developed approach that provides a common process for sharing results and eliminating costly duplicate assessments. Our 2014 data includes in this cumulative total second-, third-, and fourth-cycle full-scope audits (versus only initial full-scope audits) as a reflection of IBM's practice of including social assessment as part of its ongoing business engagement with its suppliers. In the last decade, social responsibility assessments have been chartered with suppliers in 34 growth-market countries as listed at the bottom of the following chart.

1,811

full-scope audits measuring supplier compliance from 2004 through 2014

Supplier full-scope audit results: Global cumulative 2004-14

(% non-compliant to IBM/EICC code; base = 1,811 assessments)

ibm_crr_supply_bar_chart_supplier_global_audit

Since 2004 full audits were performed in the following countries or territories: Argentina, Brazil, Bulgaria, Chile, China, Colombia, Costa Rica, Czech Republic, Dubai, Hong Kong, Hungary, India, Indonesia, Kenya, Korea, Madagascar, Malaysia, Mauritius, Mexico, Nigeria, Peru, Philippines, Poland, Romania, Russia, Singapore, Slovakia, Slovenia, South Africa, Taiwan, Tanzania, Thailand, Turkey and Vietnam.

In 2014, IBM engaged its suppliers in 164 full-scope audits and 79 re-audits for a total of 243 assessments in 25 countries or territories. China was the most active for audits and re-audits, followed by Mexico, India and Taiwan. Fifteen countries had re-audit activity, from audits conducted in the prior two years, as we aim for re-audits to follow any full-scope audits with noncompliance.

2014 IBM SCSR completed audits by country

(243 assessments conducted)

ibm_crr_supply_bar_chart_supplier_country_audit

Of the 164 full-scope audits IBM engaged its suppliers in, at year-end, reports were in hand for 112 audits. (Due to a large number of audits scheduled in fourth quarter 2014, many of the reports were received during first quarter 2015.) The results of the 112 full-scope audits are representative of the 164 and are depicted in the following chart.

Supplier full-scope audit results (2014) — Production and Services/General

(% non-compliant to EICC code; base = 112 assessments)

ibm_crr_supply_bar_chart_supplier_audit_results

For the 112 full-scope audits depicted, 67 were from Production Procurement suppliers and 45 from Services and General Procurement suppliers, in the latter case, these assessments were often the first time the suppliers were assessed to the EICC Code of Conduct.

In 2014 full-scope audits, health and safety was the most prevalent noncompliance uncovered, which is similar to recent years. Many of the findings in this category uncovered weaknesses in the supplier's management systems relating to health and safety, such as: frequency of conducting emergency drills, planning for all manners of emergencies, egress signage, training of first-aid personnel, and first-aid kit supplies. While we do require a complete post-audit Corrective Action Plan, suppliers tended to address the health and safety findings with expediency, often during the course of the audit itself. The second-most prevalent finding was in Management Systems (Labor and Ethics). The EICC Code (by design) is very robust in management systems relating to an organization's structure to attain and maintain long-term compliance to the code provisions. Suppliers with nonconformance were often lacking one of more elements of a strong management system — having documented goals, objectives, metrics, periodic reviews with in-line management, and tracking of closure actions. Working hours was the third-highest nonconformance, reflecting the challenge suppliers have in meeting the code or local requirements; however, we continue to see incremental progress in meeting this provision during successive audit cycles. Many audit findings were related to proper establishment of policies and practices, such as in forced labor (having an implemented and communicated policy on human trafficking, for example) or in child labor (policies and practices pertaining to pre-employment age documentation). In no instances were underage workers found in these audits during 2014.

For each noncompliance found in an EICC assessment, the EICC audit report provides a description of the finding — and also, very importantly, a cross-reference to the specific aspect of the EICC code and/or the local regulation that it pertains to. This level of detail is indicative of the thoroughness of the EICC audit and is very effective in enabling the supplier to isolate the root cause of any noncompliance and to work on sustainable improvements.

IBM's supplier assessment activity follows the prescribed methodology of the EICC, whereby audited suppliers create and submit a Corrective Action Plan (CAP) for all incidents of noncompliance discovered in the full-scope audit. The CAP links noncompliance back to its root cause and enables the supplier to create meaningful targeted improvements, and ultimately test their effectiveness by means of a closure or re-audit. During 2014, 141 supplier CAPs were reviewed and accepted within 90 days of submission (reflecting audits that occurred in late 2013 and throughout 2014).

The effectiveness of our audit/CAP/re-audit practice is illustrated by comparing the “before and after” results of suppliers experiencing a complete cycle, as shown by the chart below. Re-audits conducted during 2014 at 69 Production and Services and General Procurement suppliers are compared with their full-scope audits (conducted over the 2013-14 timeframe). For ease of reading and comparison, only major noncompliance results are depicted in the chart.

Comparison of 69 re-audit vs. full-scope audit compliance

(% non-compliant, major non-compliance levels illustrated)

ibm_crr_supply_bar_chart_supplier_reaudit

With regard to a number of code provisions, the re-audits indicated major noncompliance was completely remediated in respect and dignity, and in monitoring/record-keeping. In the top five noncompliant full-audit provisions, substantial reductions in noncompliance were achieved, including a 73 percent improvement in health and safety compliance, a 48 percent improvement in working hour compliance, a 76 percent improvement in management systems (labor and ethics), a 61 percent improvement in protection of the environment, and a 74 percent improvement in forced labor compliance.

At the conclusion of the re-audits, working hours remained the largest area of noncompliance. While this is unsatisfactory, it is consistent with our understanding of the challenges associated with full resolution on a global basis, especially in developing markets. In particular, China poses a significant hurdle for complete compliance in working hours — however, we believe that much progress has been made by our suppliers in China with substantial reductions in total hours worked and greater adherence to rest day requirements.

In 2014, just over 50 percent of re-audited suppliers (Production Procurement, and Service and General Procurement ) resolved all major noncompliance issues after completion of one cycle — a significant accomplishment and testament to the results of following the EICC process. For the other 50 percent, IBM Global Procurement has contingency plans for its suppliers that remain noncompliant after a re-audit, and each is handled with great attention. Our leadership team tracks and reviews the results of all supplier assessments (full-scope and re-audits) on an ongoing basis. Reports are compiled and reviewed on a monthly basis with executives and on a quarterly basis with IBM's chief procurement officer.

With the results of the 2014 full-scope audits and re-audits, IBM is able to attenuate its communication plans with suppliers for the following year of assessments. Our plans for 2015 include a mass communication of the newly released EICC Code Version 5.0 (effective April 1) to our supply chain and a second round of advance notification for suppliers that will be selected to participate in EICC assessments (full-scope audits or re-audits).

Center of Excellence for Product Environmental Compliance

IBM's global Center of Excellence (CoE) for Product Environmental Compliance enables IBM to meet the global environmental regulations in all the countries in which IBM does business, by rolling out consistent methodologies to deliver environmentally compliant products. The CoE's mission includes the development of strategy, processes, deployment plans, research, and development of alternative materials and technologies, and education and training materials. The CoE also is an active member of industry and regulatory bodies around the world.

As governments worldwide become increasingly concerned about the health and safety of their citizens, the number of product environmental laws has grown exponentially over the last several years. Not only are such laws growing in number year over year, but they are also increasingly more detailed and the scope of what constitutes an environmental law has continued to expand. These product-oriented laws directly pertain to all hardware products IBM designs, manufactures, or contracts to manufacture, and/or purchases for resale. The scope of IBM's product environmental compliance work includes:

  • Validating that all IBM hardware products do not contain prohibited substances, or do not exceed certain maximum thresholds of reportable substances, as called out by EU RoHS and REACH regulations
  • Meeting power and energy reduction requirements
  • Complying with the US Toxic Substance Control Act, French Nano Particle Decree, battery laws, product takeback regulations annual reporting, and import/export documents of conformance

Globally in 2014, IBM's CoE assessed 120 new and modified environmental regulations. From these 120 regulations, 64 required implementation plans and all were successfully executed to meet their respective compliance dates, without any detriment to IBM's client deliveries or IBM's revenue.