Supplier assessment and improvement plans

Share this page

Linked In

Commitment to continuous improvement is essential to sustained progress in supply chain social responsibility. Our concentrated effort to lead and encourage our supply chain to embrace positive change has generated many improvements. This section includes successes that IBM and our suppliers achieved in 2015, along with our approach to the challenges that still remain.

IBM’s Social and Environmental Management System for its suppliers

In 2010, IBM established a requirement that first-tier suppliers create a management system to address their social and environmental responsibilities. Our objective in establishing this requirement was to help our suppliers build their own capability to succeed in this area. Suppliers are required to:

  • Define, deploy and sustain a management system that addresses intersections with employees, society and the environment, and that addresses integration with and compliance to the Electronic Industry Citizenship Coalition (EICC) Code of Conduct.
  • Measure performance and establish voluntary, quantifiable environmental goals in the areas of waste, energy and greenhouse gas emissions.
  • Publicly disclose results associated with these voluntary environmental goals and other environmental aspects of their management systems.
  • As part of their social and environmental management system, conduct self-assessments, audits and senior leadership reviews of their system.
  • Cascade these requirements to their next-tier suppliers.

In 2015 over 1,200 new suppliers — primarily from the Services and General Procurement sector of our supply chain — were afforded a period not to exceed 12 months to demonstrate compliance with these requirements. Suppliers are tracked monthly and action taken by purchasing to ensure plans reach acceptance.

More information on these eight supplier requirements may be found on IBM’s supply chain environmental responsibility webpage.

Supply chain social responsibility

Supply chain social responsibility has been an element of IBM’s procurement strategy since 2004. We have witnessed this aspect of business protocol grow, both within our company and across our industry, as the EICC continues to expand and mature each year. As a founding member of the EICC, IBM endorses the EICC Code of Conduct for its internal operations and requires the same of our first-tier suppliers. IBM communicates our requirement for EICC code compliance at the initial stages of supplier engagement, as well as progress on any plan implemented to achieve compliance as part of regular business reviews. Continuous focus on social responsibility and the commitment of our suppliers has helped lead to many improvements over the past decade. Audits and re-audits continue to play a valuable role in providing our suppliers with objective, third-party evidence to determine if their operations are code-compliant or need further improvement.

Annually we assess a cross-section of our supply chain in the developing world. In this report we are highlighting the outcomes of these audits and sharing the results of improvements made by our suppliers, which have positively affected working conditions for thousands of people employed in our extended supply chain.

In 2015, audits to the EICC Code of Conduct took place simultaneously for both our Production and Logistics Procurement suppliers, and those in the Services and General Procurement supply chain. IBM continued its long-standing use of the EICC’s Validated Audit Process (VAP), the standardized social responsibility audit developed by the electronics industry. In 2015, we provided a long-range outlook to suppliers in order to give them time to plan and contract with the EICC for these assessments, as part of their ongoing social responsibility work.



full-scope audits measuring supplier compliance from 2004 through 2015

By year-end 2015, the total number of full-scope audits (not counting re-audits) in the 11-year time frame reached 1,858. These assessments measured supplier compliance to the EICC code and in earlier years — prior to 2010 for Production Procurement suppliers, and 2012 for Services and General Procurement suppliers — to IBM’s Supplier Conduct Principles. Since 2013, IBM has been using the EICC’s Validated Audit Process exclusively for all of its supply chain social responsibility assessments. In order to accurately depict this transition, this year we are separating our audit history to show results prior to full EICC audit usage, as well as after. Audit results from 2004 through 2012 are shown in a heritage chart, and audits from 2013 in a new cumulative chart, which is attenuated exclusively to the EICC code and its provisions. This change allows us to present suppliers’ audit results exclusively against the EICC code without any lingering influence from audits performed to the legacy IBM Code of Conduct.

The following chart depicts supplier audit performance from 2004 through 2012. The noncompliant provisions are primarily from IBM’s legacy Code of Conduct, with a portion from the EICC Code of Conduct. These 1,591 audits gave us a strong foundation in understanding the issues in our supply chain and helped to influence the development of the EICC code and its VAP, which went into use in 2010.

Full audit results: 1,591 total, cumulative 2004 ‐ 2012

(Top 10 nonconformances to IBM Code of Conduct by %)

Since 2013, IBM has used the EICC code and VAP exclusively for supplier assessments. From 2013 through year-end 2015, IBM’s suppliers were engaged in 267 full-scope EICC audits. Data included in the 2013 — 2015 cumulative chart includes second-, third- and fourth-cycle full-scope audits (versus only initial full-scope audits), reflecting IBM’s practice of including social assessment as part of its ongoing engagement with suppliers. For the EICC audit results, we are showing two levels of data. The first level depicts the percentage of major and minor nonconformance (for the 267) to the EICC code based on the five pillars of the code: labor, health and safety, environmental, ethics, and management system. (For reporting purposes, incidents of priority nonconformance found during IBM commissioned audits to the EICC code are consolidated into major nonconformance depicted in the charts.)

2013 - 2015 full audits: distribution of nonconformances

(by section of EICC Code of Conduct)

  • 30% Labor
  • 27% Health and safety
  • 24% Management system
  • 12% Ethics
  • 7% Environmental
  • 30% Labor
  • 27% Health and safety
  • 24% Management system
  • 12% Ethics
  • 7% Environmental

Going one step further, the second-level data reporting presents the 10 most frequent code nonconformance (major and minor) for these same 267 full-scope audits, showing both major and minor breakout for each provision of the EICC code (For reporting purposes, incidents of priority nonconformance found during IBM commissioned audits to the EICC code are consolidated into major nonconformance depicted in the charts). For linkage of the provisions to the five code sections, we have noted this via abbreviation: Lab (labor), H&S (health and safety), Env (environmental), Eth (ethics) and Mgt (management system).

Full audit results: 267 total, cumulative 2013 - 2015

(Top 10 nonconformances to EICC code provisions by %)

Code sections include Health and safety (H&S), Labor (Lab), Environmental (Env) and Management system (Mgt).

Each nonconformance is treated with equal attention by IBM’s Supply Chain Social Responsibility team, working with the audited suppliers. As described in the annual data, Corrective Action Plans (CAP) are formulated to address these nonconformances. Beyond these top 10, another 34 code provisions had major or minor code nonconformance — all have been addressed with the audited suppliers.

In 2015, IBM engaged its suppliers in 63 full-scope audits and 86 re-audits for a total of 149 assessments in 20 countries or territories. China was the most active for audits and re-audits, followed by Mexico, Brazil, Malaysia, Thailand and Korea. Of these audits, 63 percent were with our Production and Logistics suppliers, and 37 percent with our Services and General Procurement suppliers. Fifteen countries had re-audit activity, following audits conducted in the prior two years, as we aim for re-audits to follow any full-scope audits with noncompliance. Year-to-year, total audits performed decreased 40 percent as a result of changes in business with suppliers caused by the divestitures of System x servers and Microelectronics group business units. Full audits were commissioned only with suppliers having continued IBM business; re-audits were completed with divested suppliers in order to complete the EICC recommended cycle. By comparison with aggregated data from the 2015 EICC annual report (page 21), IBM’s 63 full-scope audits comprised 18 percent of all full-scope EICC audits conducted, while IBM’s 86 re-audits represented 53 percent of all EICC re-audits performed in 2015.

2015 completed audits by country

(149 conducted*)

*Chile, Russia and Slovakia each had one full audit in 2015; Indonesia and the Philippines each had one re-audit.

Of the 63 full-scope audits, reports were completed for 51 by the end of first quarter 2016. Representing full-audit results for those 51 suppliers, we continue with two levels of audit result reporting. The following chart depicts the 2015 results mapped to the five sections of the EICC code.

2015 full audits: distribution of nonconformances

(by section of EICC Code of Conduct)

  • 32% Labor
  • 28% Health and safety
  • 21% Environmental
  • 10% Ethics
  • 9% Management system
  • 32% Labor
  • 28% Health and safety
  • 21% Environmental
  • 10% Ethics
  • 9% Management system

In 2015, the largest two contributors to noncompliance were labor, and health and safety. The management systems category improved its compliance level as a result of continued dialogue with our suppliers — as described earlier, relating to our requirement for suppliers to have a social and environmental management system in place. Examining 2015 audit results at the second level of data reporting, the following chart depicts the 10 most frequent nonconformances found in the 51 full-scope audits.

Full audit results: 2015, 51 Total

(Top 10 nonconformances to EICC code provisions by %)

Code sections include Health and safety (H&S), Labor (Lab), Environmental (Env) and Management system (Mgt).

Among the 51 full-scope EICC audits in 2015, 32 were from Production Procurement suppliers and 19 were from Services and General Procurement suppliers; in the latter group, these often were the first time suppliers were assessed to the EICC Code of Conduct. IBM is one of the pioneering companies in the extensive use of EICC audits in the so-called indirect supply chain (services and software).

In 2015 full-scope audits, five of the top 10 noncomformances were labor-oriented and four were related to health and safety. These 2015 results were notably improved, compared to audits in 2004 — 2012. Often, audits are criticized as ineffective for driving long-term change. Our experience has been the opposite: Audits are a valuable tool, and if combined with long-term supplier relationships and suppliers’ agreements to invest in improvements toward code compliance, they can help drive relative long-term improvement. For example, consider working hours. In the 2004 — 2012 time frame, combined major and minor nonconformance for working hours was 46 percent for audits conducted; in 2015 it was 26 percent. Other areas, such as health and safety, have seen improvements to a lesser degree. Many of the findings in the top 10 provisions uncovered weaknesses in the supplier’s management systems relating to health and safety, such as frequency of conducting emergency drills, planning for all manners of emergencies, egress signage, training of first-aid personnel and first-aid kit supplies. Although we require a complete post-audit CAP, suppliers typically address the health and safety findings with expediency, often during the course of the audit itself. The EICC Code (by design) is very robust in management systems relating to an organization’s structure to attain and maintain long-term compliance to the code provisions. Suppliers with nonconformance were often lacking one or more elements of a strong management system — having documented goals, objectives, metrics, periodic reviews with in-line management and tracking of closure actions. Other code provisions with nonconformance are related to the proper establishment of policies and practices, such as in freely chosen employment (having an implemented and communicated policy on human trafficking, for example). For each nonconformance found in an EICC assessment, the EICC audit report provides a description of the finding — and very importantly, a cross-reference to the specific provision of the EICC code and/or the local law or regulation. This level of detail is an important feature of an EICC audit and enables suppliers to isolate the root cause of any finding and work on lasting improvements.

IBM’s supplier assessment activity stringently follows the methodology developed by the EICC, whereby audited suppliers create and submit a CAP for all nonconformance discovered in an assessment. This requirement is a core tenet of IBM’s supplier management system and is fully supported by IBM Global Procurement and its executive team. The CAP enables the audited company to create meaningful targeted improvements — and later, test their effectiveness by means of a re-audit. During 2015, 161 supplier CAPs were reviewed and accepted within 90 days of submission, reflecting audits and re-audits that occurred in late 2014 and throughout 2015.

The effectiveness of our audit/CAP/re-audit system is depicted by comparing “before and after” results of suppliers undergoing a complete assessment cycle, as shown by the following chart. Re-audits conducted during 2015 at 77 Production and Services and General Procurement suppliers are compared with their full-scope audits (conducted over the 2013 – 2015 timeframe). For ease of reading and comparison, only major noncompliance results are depicted.

Improved nonconformance rates from 2015 re-audits

(% nonconformance to EICC code provisions*)

* Code sections include Labor (Lab), Health and safety (H&S), Management system (Mgt) and Environmental (Env). Data is based on the results of 77 re-audits vetting Corrective Action Plans generated from audits conducted in 2013 - 15. Provisions shown are the 10 most frequent major findings from the full audits preceding the re-audits.

Among the 77 re-audits, there were 42 code provisions from the full-scope audits with major or minor nonconformance. The CAPs drove compliance improvement across all 42 code provisions. The above chart shows a sample of these improvements focusing on the 10 provisions having the highest relative nonconformance in the full audits that preceded the 77 re-audits. All 10 provisions registered significant improvement, including working hours (47 percent improvement), emergency preparedness (80 percent) and wages and benefits (83 percent). For the following 17 code provisions, all prior major and minor noncompliance were fully rectified in the CAP / re-audit process:

  • Humane treatment (Lab)
  • Non-discrimination (Lab)
  • Physically demanding work (H&S)
  • Pollution prevention and resource reduction (Env)
  • Wastewater and solid waste (Env)
  • Air emissions (Env)
  • Material restrictions (Env)
  • Storm water management (Env)
  • Intellectual property (Eth)
  • Non-retaliation (Eth)
  • Responsible sourcing of minerals (Eth)
  • Privacy (Eth)
  • Company commitment (Mgt)
  • Legal and customer requirements (Mgt)
  • Training (Mgt)
  • Worker feedback and participation (Mgt)
  • Audits and assessments (Mgt)

Analyzing the 2015 re-audit data further, nearly 60 percent of the re-audited suppliers resolved all major code noncompliance after completion of their re-audit cycle — a sizable accomplishment and testament to the results of following the full EICC process as well as the commitment of our suppliers to invest in lasting improvements. IBM Global Procurement has contingency plans for suppliers that remain noncompliant after a re-audit, and each is handled with executive involvement. Our procurement executive team reviews the results of all supplier assessments (full-scope and re-audits) on a monthly basis, and quarterly with IBM’s chief procurement officer.

From the results of 2015 EICC full-scope audits and re-audits, IBM is able to attenuate its communication plans with suppliers for the following year of assessments. Our 2016 audit plan includes full-scope audits aligned with the newly released EICC Code of Conduct version 5.1 (effective January 1, 2016), and re-audits stemming from audits conducted during 2014 (which will be vetted to code version 5.0).

Center of Excellence for Product Environmental Compliance

IBM’s Center of Excellence (CoE) for Global Product Environmental Compliance enables IBM to meet the environmental regulations in all the countries in which IBM does business, by rolling out consistent methodologies to deliver environmentally compliant products. The CoE’s mission includes comprehensive and detailed review of regulations, the development of compliance strategies, processes and deployment plans, as well as education and training materials for IBM’s employees and suppliers. The CoE is also an active member on many industry and regulatory bodies around the world.

As governments worldwide become increasingly concerned about the environment and health and safety of their citizens, the number of product environmental laws has grown exponentially over the last several years and looks set to continue this trend. Not only are such laws growing in number year over year, but they are also increasingly more detailed, and the scope of what constitutes an environmental law has continued to expand. The product-oriented laws directly pertain to all hardware products IBM designs, manufactures or contracts to manufacture, and/or purchases for resale, and the scope of IBM’s product environmental compliance work includes but is not limited to:

  • Validating that all IBM hardware products do not contain prohibited substances, or do not exceed certain maximum thresholds of reportable substances, as called out by EU RoHS and REACH regulations, in addition to non-EU RoHS and REACH-type regulations.
  • Meeting eco-design directives as well as power and energy reduction regulations and voluntary standards such as the U.S. Environmental Protection Agency’s (EPA’s) ENERGY STAR program.
  • Complying with the U.S. Toxic Substance Control Act, nanomaterials reporting requirements, battery laws, product takeback regulations and annual reporting.
  • Delivering supplier education via dedicated global webinars.

Globally, in 2015 the CoE identified 135 new or modified product-related regulations for review, of which 127 required implementation plans and all were successfully executed to meet their respective compliance dates.