Would You Pay to Audit Your Suppliers?
Suppliers' charging to be audited seems to be currently limited to the pharmaceutical and biotech industry. In order to comply with FDA standards and GMP practices, there is a requirement to conduct GMP on-site audits of suppliers. It is understandable that a small supplier would balk at hosting dozens of customer audits every year. Suppliers in the aerospace industry, where site visits by primes are common, complain of feeling like a tourist bureau hosting customers who are continually conducting site visits. (It's Tuesday, it must be Airbus). It is time-consuming and costly for suppliers to dedicate resources to preparing for and hosting audits and site visits and is particularly onerous and costly for small suppliers. But in some industries, it's part of the cost of doing business. And there is a financial upside for small suppliers to winning the business of large customers. Some suppliers feel that charging for audits is a way of determining who the most serious customers are. Customers, on the other hand, spend considerable resources conducting on-site audits. Paying the supplier in addition to incurring their own costs makes the process quite costly.
An international pharmaceutical supply chain consortium, Rx-360, recently conducted a survey of customer companies regarding suppliers who are charging for audits. A big thanks to Sandra Gauvin, a quality expert and publisher of Current Quality newsletter, who tipped me off to this practice and shared a copy of the survey results. Out of the 89 companies who participated, half responded to the survey. The respondents were mostly biotech and pharmaceutical firms. About 44% of the respondents had been asked to pay a fee to conduct an on-site audit at a supplier in the past 12 months. Of these firms, 45% agreed to pay the fee, while the rest did not agree to pay. 34.8% of respondents would agree to pay a supplier-requested fee if their annual business with the supplier was below $20,000, in appreciation of the burden created for a supplier with which they do very little business. While the majority of the survey respondents felt that more suppliers are requesting on-site audit fees, the practice is still not the norm.
Whether this practice of charging customers for audits is likely to increase within pharma and biotech and spread into other industries is unclear. Will customers leave auditing to auditing consulting firms in order to save time and money? Is there any risk in depending upon third-party firms? Will paying to audit a supplier have any influence on the audit findings? Will customers have to audit the audit firms to be sure there are no ethical violations or improprieties? What impact does pay to play have on the relationship with a supplier? Is this merely a shifting of the financial burden from the supplier to the customer? I wonder how suppliers would react to an audit that was scaled or made more efficient by a supplier evaluation software solution. Would they perceive it as lessening the burden?
Pay to audit raises more questions than answers.
For instance, if a supplier wants to gain business with a customer, and the customer requests an audit using an independent auditor of the customers choice, the supplier should pay the fees.
Another scenario would be if the customer receives defective product, and the customer requests an audit, once again, the supplier should pay.
In the case where the customer wants an on site supplier audit just to check on a supplier, and it isn't based on any detrimental events from the product or delivery, this is where the customer should pay.
I feel this would keep a supplier on their toes, and also have a tendency to keep the customer from putting unnecessary pressure on the supplier.
Most audits are a waste of the supplier's resources. I can understand why they are charging a "nuisance fee".
So if your suppliers are charging you to audit them, you may want to consider if your efforts are adding value to them or if you are really just "checking the box".
Best regards,
"Dr. Know"
ISO9000 and ISO14000 were promised to solve many matters of the expensive nature of supply chain quality assurance and inter- trade trustworthiness. It added some value in most cases, but not all. It is way better than a hot stick in the eye and better than nothing and even better than previous customer driven schemes—the auto industry was a good example of supplier audit chaos and ineffectiveness.
However, these international standards and the accreditation bodies governing the credentialing of auditors and registration processes have underachieved the industry promises of utopia. One eye closed audits( some times for payola), shallow erroneous check box audits , mis applied layered audits, remote data driven audits, and witnessed audit surveillance tactics have all came up short.
Audits were intended basically to validate that what was promised in contract is actually being performed and results delivered. I would like to suggest that going back to two very well thought out , highly documented, robust quality practices would go a long way to more cost effectively achieve what these frail auditing tactics fail to achieve—validated results of contractual commitments.
First, Advanced Product/Process Quality Planning- APQP- has critical requirements that are fundamental to meeting the preventative benefits of Cost of Quality’s costs of conformance. One of these is customer approved FMEA and PFMEA---a failure modes effects analysis of both product and the associated processes. FMEAs identify and rank( via Risk Priority Numbers-RPN) the characteristics and parameters that will most impact customer satisfaction(i.e. meeting the spec and voice of the customer).
Secondly, once armed with agreed upon product and process aspects and the characteristic parameters , we need to establish full supply chain traceability and contractually , not voluntary, mandated conformance at the expense of each entity at its source of value add( product content or process). ({I hear your cries of “that’s ridiculously and unnecessarily expensive and time consuming”. My reply: It used to be ,but not any longer)} With use of cost effective real-time data capture and auto-logging to secured databases and interoperability of internet web centric traceability servers, the following is possible. From raw materials to end point of use by intended user, and any other shorter or narrower definition of supply chain( as long as it is a contiguous chain of custody for process ad products as defined) you have a really valuable tool. You can capture the step by step activity that documents and locks in, preventing post process and measurement tampering , and limiting visibility to only up process owners who are authorized to look backwards down the bill of process and bill of materials . This real-time certifying actually exists…one system is called GOCERTS-Global Online Certifications, in essence allows each entity of the supply chain to create the DNA of quality of each lot or product serialized. This works and is fair because this quality “tax” is built into the selling prices from its cost accounting by the supply chain participants, proportionately to their value added.
So where are the supply chain benefits then? Assuming that you have an effective supplier qualification and selection process completed (with or without ISO9000 based requirements etc), the sourcing scenario can be more trustworthy under this scheme. First, we can potentially eliminate 90% of all audits, plant (post sourcing) visits for quality checking, eliminate expensive time consuming travel and supplier lost productivity due to dog and pony site visit preparations, and dependence on third party or departmental entities vulnerable to any form of kickback deals.
The discussions about quality conflicts/disagreements/mis-understandings can be more efficiently and effectively resolved, as all parties can share and review in real-time the same data and traceability facts. These facts include the product/process parameters as measured, statistics computed, and the chain of custody time- space -personnel continuum. Problem definitions are more succinct and clear. Root cause identification effort is more focused and quicker, and containment can be narrowed to only products at risk. Buffer Inventory is reduced, scrap is reduced, rework, if called for, will be less costly with early defect ID and resolution. Warranty costs, product failures and returns, reduce liability and recalls all can be minimized. Product quality feedback to root cause corrective and preventative fixes, raises quality and reliability of this one other products by legacy lessons learned from these closed loop TQC improvements.
From the perspective of Cost of Quality theory, this investment in APQP and Real-Time GOCERTS like Traceability is a cost to conform that will lead to reduced large scale costs of internal and external failure (nonconformance). The closer companies get to ZERO defects, the less need there is for any audit…and their politics as well as costs. Even though “Internal” audits are a cost of conformance category, all f the second party, customer visits/inspections and third party forced audits…should be considered a internal failure cost—due to the unreliability and untrustworthy relationship of the parties. Finally, Pay to audit would become a limited debate.
Bill
1. It helps prepare the supplier for their ISO audits.
2. Most always there seems to be new ideas that could improve processes or systems.
3. It gives the supplier employees a vision of who their customers are.
4. It gives the supplier an opportunity to explain to the auditor if there is any to change the design of a part for better manufacturability.
5. It could increase the supplier business if the company has any new products in the future.
I have actually had suppliers give their employees a half day off after I delivered a supplier of the year award to them after an audit.
There are some alternatives to yearly on-site supplier audits.
Implement a supplier certification program, where “Certified Suppliers” are only audited once every three years when they meet certain criteria, “Qualified Suppliers” are audited once every two years when they meet certain criteria and “Approved Suppliers” are the ones who are audited every year. This system gives the suppliers some incentive to improve so they won’t be audited every year. The criteria for each step are different and give the supplier something to work for to improve both their systems and/or processes. Each step is closer to becoming a ship to stock supplier, and a candidate for a supplier award at the end of the year.
The criteria for each step should be spelled out in the company’s procedures and their supplier’s manual.
This system works very well and I would recommend it to any company or medical company. If anyone has any questions, please feel free to contact me.
Let us consider both sides of the audit aspects. Many companies require that supplier pass through the second party or third party audits which is fair. Passing these audits is a recognition which sometimes is valid globally & helps future business of suppliers.
May be Biotech & farma companies require special audits which require conformance to some special third party requirements. In which case this shall be a part of contract. If there is a possibility that it might end up having no contract, then both parties shall share the expenses equally.
With that said, let’s look at how this situation should and could be avoided in the first place:
Not coming from the pharmaceutical or biotech industry first hand, I went to the GMP web page and briefly read the FDA requirements. I noticed that there are a few ways for a supplier to comply with FDA— consultants being one of them. If this was determined to be the most economical way of doing business, I would expect that this cost would automatically be rolled into the product price during the quotation phase. The customer should not be expected to be charged extra for a supplier to be compliant to the rules and regulations imposed by law to his or her chosen industry.
As a customer, I would hope that somewhere within the customer’s quality system / supplier quality manual, there is a clear statement of when and how GMP audits will be handled and that this statement is clearly communicated in the RFQ and the P.O. language. I would also think that, during the supplier selection phase, this would be communicated and agreed on by all parties involved as standard advanced quality planning.
When a customer’s requirements exceed the supplier’s standard practice, the supplier should be able to include the requirement in his or her quote either as a separate line item or amortized across the product.
The key is up front communication! In today’s competitive world and ever increasing pressures for cost reductions, we try to pretend these costs are just a part of doing business and we will never see them. Perhaps this should be true in the case of being compliant to the FDA requirements. The cost should be baked into the standard shop rate and we as customers won’t see it. However, when a customer expects over and above what is standard practice for the supplier, it needs to be communicated. With a little transparency and up front communication between the customers and the suppliers, this issue would be avoided altogether.
I've always been of the viewpoint that customers have the right to perform audits on Suppliers. In my experience, these audits have supplemented formal quarterly business reviews and have led to action plans resulting in measurable process and product improvements. Scores from these surveys help a customer make the tough choices, such as whether or not to continue to work with a struggling supplier who isn't committed to meeting targets.
Now, what if these audits were not performed? One could argue that a company could simply send the same survey and have the vendor fill it out. The problem with this is that surveys tend to be subjective and vendors tend to rate themselves better than their customers might on those types of questions.
Another option, which was mentioned above, is to have a supplier certification program. I like this idea and it does have merit. If your a customer based in Japan and have a vendor on the other side of the U.S. (real scenario), then it might make sense to set some objective benchmarks based on an initial audit. If the vendor continues to meet or exceed these deliverables, then there may be no need to visit and audit them. The customer and vendor both win.
Bottom line is I'm in favor of cost-free site audits. But I believe there is plenty of room for communication regarding expectations on this as well as clearly outlining when these types of audits could be discontinued or replaced with a "remote audit" (ie, form of survey), if deliverables performance meets or exceeds goals.
I agree with you 100%. Good reply!
Is there an explicit requirement from FDA that supplier audit has to be conducted?
Thanks,
Dan