Supply chain due diligence – How much is enough?

By Stephen Cherlet   

Business Operations Industry Innovation & Technology Production Aerospace Automotive Electronics Food & Beverage Manufacturing Transportation Business management systems Due diligence Editor Pick financial statements Operations review Overview of the business quality management supply chain third party assessment

It wasn’t until very long ago that onboarding a new supplier for an organization was a straight-forward process.

Photo: enanuchit / Adobe Stock.

Onboarding a new supplier focus has traditionally been on three main elements – cost, quality, delivery – although the priority may have been different between firms. After preparing a shortlist of suppliers competitive on price and delivery, a buyer would send a vendor’s information for a review by the quality assurance department. Often, it may have been a perfunctory review providing the supplier could provide an ISO 9001 certificate, or equivalent.

Today, the areas of focus are greatly expanded, as are the regulations that might apply. From the 1976 implementation of International Traffic in Arms Regulations (ITAR), impacting products for defence contractors, to the 2022 EU Mandatory Due Diligence Directive, impacting companies operating in the EU, there are a plethora of regulations to consider.

Current supply chain interruptions mean that many firms are shortening supply chains and bringing elements of work, or entire factories, closer to home. However, that means having a process in place to ensure firms understand not only their own regulatory landscape but also that of their suppliers.

Beyond the basics, what should organizations be looking at, and how far should the review go? That’s not an easy question but here are a few quick tips:

  • Develop an in-house checklist based on best practices gleaned from other firms considered to be best-in-class;
  • Focus on key suppliers and/or apply a standard A-B-C type categorization to work through the supply base. Keep in mind, a critical supplier may be one with a low business volume. Remember, don’t only focus on the top ranked, eventually the whole list should be reviewed, or a deeper dive on the top ranked;
  • We need to consider the end-to-end supply chain, which on the supplier end means “my vendor’s vendors.” To truly be able to validate a key vendor’s ability to perform, we may need to look a level below them. Recent conversations with colleagues have revealed that it is often the tier two vendors causing a tier one vendor to be unable to deliver.

What should be some of the items on a supplier due diligence checklist?

Photo: Trueffelpix / Adobe Stock.

Overview of the business

Chart showing legal, organizational and ownership structure of the business. This should include a list of directors, offices, and key employees of the company. With the list of sanctioned countries, companies, and individuals growing continuously, this is a critical item. Also, a summary of the company history, and product listing.

Financial statements and/or third party assessment

For most business needs, a third party assessment by a recognized firm, is sufficient. For larger, or critical, suppliers obtaining a copy of the last three to five years financial statements could be a good idea. Your internal finance team can provide their assessment of the historical operating performance.

Key is to try to ascertain that the proposed, or existing, supplier can continue operations. For example, a discussion around current supply chain issues revealed that efforts to onboard a second source for a critical, sole source supplier was about to be derailed by the merger of the two entities.

Business management systems

Understanding if the supplier has a fully functional, integrated business system is a good starting point. Many smaller firms operate with a combination of standalone systems for each functional silo. This can make them prone to key employee departure. Such non-integrated approaches often make it difficult for businesses to scale up. For vendors who have an integrated business system, understanding its age, the vendor and maintenance status is important.  In either case, we want to be aware of the timing of potential system implementations or migrations. These events can often lead to lower output or actual delivery interruption.

Photo: onephoto / Adobe Stock.

Operations review

Many firms skip a visit to the supplier’s site. This may be due to cost avoidance or lack of resources, but this is not a good approach. Nothing beats going to see where your goods are being produced. Seeing the layout, organization, cleanliness, and safety of production is always highly worthwhile.

Key to validating what has been seen, is the collection of review of typical related certifications as may be applicable to your industry: ISO 14001 (environmental management system) or OHSAS 18001 (health and safety management). For firms supplying into the defence industry, other certifications may apply such as ITAR, and its equivalent in other jurisdictions.

For faster movement of goods, Customs Trade Partnership Against Terrorism (C-TPAT) of 2001 is an example of a trusted trader program. Such programs facilitate customs clearance and can be time savers in the overall lead time. These programs do invoke their own audit and checklist requirements. To maintain your organization’s C-TPAT certification, you must audit your suppliers regularly for their continued compliance with the program. Both your facilities, and those of your suppliers, are subject to audit including overseas suppliers.

Quality management

Each quality assurance department will have its own checklist or survey form. Company’s may want to consider consolidating checklists having different sections assigned to functional owners. The industry and products involved will heavily influence the requirements. The key certification as a validation of a vendor’s responses is typically an ISO 9001 (Quality Management Systems) approval by a respected auditor. Other certifications could include ASME, EN and others.

Due diligence is a detailed and complex effort. This is not a “one size fits all” undertaking. It can be a daunting exercise, the key is to focus on key topics for your most critical suppliers first, followed by working through the lower echelons.
Stephen Cherlet is a senior management professional with 40 years of experience. A graduate of Aerospace Engineering Technology at Ryerson, he has worked in aerospace and defense for Bombardier Aerospace and Honeywell. His last role in industry was COO at Velan Inc. Currently, Stephen is the owner/founder of FarStar S.A.C. Consulting. He is also the Chair of the National Board of Directors at Supply Chain Canada. He can be contacted at


Stories continue below

Print this page

Related Stories