Classification of high risk suppliers

Detailed step-by-step instructions on Prewave platform

Contents

Tab "General Information"

Side Topic: Ad Hoc risk analysis

Tab “Suppliers”

Side Topic: Historical scores

Side Topic: Own Business analysis

In the "Analysis" tab of the Prewave platform, with the click on Start New Risk Analysis button begins the classification of suppliers into essential and non-essential (see Fig. 1). In this risk analysis users can filter for essential suppliers using Prewave recommendations or own specifications.

01-startnew

Fig. 1: The regular risk analysis begins with the "Start New Risk Analysis" step in the "Analysis" tab.

Tab “General Information"

This is the start page of the risk analysis and should therefore be filled with the following parameters for LkSG-relevant reporting, (see Fig. 2).

Type of analysis:

LkSG

Name:

A name for the analysis can be assigned here so that later it could be found in the reporting and in the documents.

Date:

The date on which the analysis is carried out (typically "today").

Period:

The period over which the risk analysis is carried out, typically the financial year of the company.

Level of analysis:

For the LkSG-compliant risk analysis, the individual sites must be considered and not just the higher-level organisations (site groups). For this reason, "Site" (formerly "POI" or point of interest) is selected at this step.

DI Model (Degree of Influence Model):

determines how the influence of your own company on the supplier is calculated: either at a higher organisational or on a site level.

The "Direct" model calculates as follows if "Site Group" is selected for Level of Analysis:

  DI = expenditure at a site group (group of companies) / turnover of the site group

If the turnover for a company group is not available, the expenditure for the individual sites is added together for this calculation.

If "Site" is selected for Level of Analysis, the approach is as follows:

   DI = expenditure at a site / turnover of this site

The "Parent" calculates as follows:

   DI = The sum of the expenses at all sites / turnover of the company group

"Auto" compares both options and selects the one with the greater impact. It is recommended by Prewave. In our example, this would be the "Direct" option.

Additional information:

LkSG regular risk analysis must be carried out once per financial year. A vacant field in the report (see Chapter 4) is filled with the information from the "Scope of analysis". Any measures taken for these selected areas are also included into a BAFA report. Own business area and direct suppliers (Tier 1) must be considered at the first place. If an ad hoc risk analysis needs to be carried out due to substantiated knowledge of possible breaches at indirect suppliers or significant changes in the risk situation due to new business areas, etc., this option can be selected here instead of the regular risk analysis (then select "Ad hoc risk analysis"). Note: Several different risk analyses can be carried out in succession. The results of these can be combined for the overall BAFA report. To do this, check "Approve for report" for all relevant analyses later (see Chapter 4: Generating the BAFA report).

 

🧠Good to know:

At least 2 separate risk analysis have to be created for the BAFA report:

1) Own Business

2) Suppliers (Tier-1)

Recommended suppliers:

The abstract risk analysis takes into account the components of the peer score: the country and industry score. In the regular risk analysis according to the LkSG, the essential suppliers are therefore identified on the Prewave platform and in this case separated from the non-essential suppliers. Using the "Recommended Suppliers" filter method in the first step of the analysis, those suppliers with a country OR industry score of 55 and below can be separated from those whose score is higher. Suppliers with a score of 56 or higher are sorted into risk groups that indicate a risk as likely for only some suppliers (mid) or only in individual cases (low) or no risk at all (no). Suppliers with a score of 56 or higher are therefore considered insignificant. The recommended suppliers are the significant suppliers. Another factor that can (but according to the LkSG does not have to) characterise a supplier as significant is the influence that you have on your direct supplier in terms of share of total sales (purchase volume threshold). However, this information is optional here, as the level of influence is only considered in the next step. If you want to ensure that the information in this step has no influence on the decision as to whether a supplier is marked as significant or insignificant, we suggest entering an unrealistically high value (e.g. 999999999999999).

To initiate the analysis, the "Create" button must now be clicked.

02-generalinfo

Fig. 2: The basic parameters for the risk analysis are set in the "General Information" tab.

 

Side topic: Ad hoc risk analysis
The ad hoc risk analysis can also be carried out in the risk analysis area within the Prewave Platform. If the user is in the "General Information" tab of the risk analysis, the selection "Adhoc risk analysis" must be made in the selection field for "Type of regularity" under the additional information for the analysis.

Side topic: Ad hoc risk analysis

The ad hoc risk analysis can also be carried out in the risk analysis area within the Prewave Platform. If the user is in the "General Information" tab of the risk analysis, the option "Adhoc risk analysis" must be selected in the selection field for "Type of regularity" under the additional information for the analysis.

03-adhoc

Fig. 3 - The ad hoc risk analysis can be selected via the "Type of regularity" action field

 

Once the selection has been made, further fields open where all additional information relevant to the analysis can be entered. On the one hand, the reason for the analysis can be selected under the drop-down field "Reason for analysis", on the other hand, there is also the option of adding an individual description for the reason for the analysis under "Reason Description":

04Abb. 4 - Selection of the reason for ad-hoc analysis

 

🧠 Useful knowledge: Reasons for an ad-hoc analysis can be, for example

  • internal/strategic decisions
  • external factors
  • substantiated knowledge of possible violations at indirect suppliers
  • significant change in the risk situation due to new products/projects
  • significant change in the risk situation due to new business areas

Tab "Suppliers"

The main suppliers that need to be considered in detail for LkSG-compliant handling are listed under the "Suppliers" tab in the "Recommended" subcategory (see Fig. 3). All those suppliers are listed here that were recorded with the criteria of the previous step. In the example in Fig. 3, the values recommended by Prewave are a country score of 55 or less OR an industry score of 55 or less OR annual expenditure of €1 million or more.

Furthermore, various filter options can be used to limit the selection of suppliers. For example, if only suppliers from a specific collection are relevant for the analysis, the relevant collection can be selected via the "Collections" filter (1) and confirmed via "Apply" (2) (in the example, the "Risk Analysis Demo" collection).

05

Fig. 5: List of all recommended high risk suppliers that should be subjected to a specific risk analysis.


In the next step, it is essential to select all (recommended) suppliers as shown in Fig. 6 via "Select all" (1) and add them to the analysis via "Add to Analysis" (2). If these steps are not carried out, the analysis cannot be performed correctly.06

Fig. 6: The recommended suppliers are added to the risk analysis.

In our example, 246 of a total of 294 suppliers are labelled as significant. These present an abstract risk (identified using the categorisation methods in the "General information" step) and must be examined more closely with the help of a concrete risk analysis (see section 2.2.3).

07

Fig. 7: The recommended suppliers have now been added to the analysis and are grouped under "Suppliers" or "Included".

 

Important: To ensure that all suppliers and their risks are listed for reporting purposes, another analysis may be carried out once after the concrete risk analysis using media monitoring, in which ALL suppliers (not just those recommended for the concrete risk analysis) are added.

Side Topic: Historical scores

Historical scores can be taken into account for the risk analysis: If a date in the past is selected in the "General Information" tab when selecting the basic parameters, the scores for this date are also used in the analysis.

In the example in Fig. 9, a day in September 2022 was selected as the reference date:

 

01-ABB2022Fig. 8: Risk analysis with cut-off date in September 2022

02-ABB2022measures

Fig. 9: The score of 87 refers to the cut-off date of the analysis in September 2022.

In the further analysis, including in the "Measures & Actions" tab, an overall or 360° score of 87 is therefore displayed (see Fig. 10). This is despite the fact that the current score of this supplier may be different because the score on the selected cut-off date in 2022 was precisely this value (see Fig. 11).

All recommended measures are therefore drawn up on the basis of this score. If you look at the target profile (Fig. 10) of the supplier under consideration here, you can track the development of this score and compare it with the current value.

05-ABBprofile

Fig. 10: Target profile of the analysed supplier. The current score (left) is 72. The development of the score (right) shows that the score was higher in September 2022.

 

For comparison, Fig. 11 shows an analysis that was carried out on the same day. However, no past date was selected in the parameters in "General Information", but the current date at the time this sub-article was created. 

 

03-ABB2024Fig. 11: Risk analysis with cut-off date in January 2024

Accordingly, the risk analysis also shows the current score of this supplier (see Fig. 12).

04-ABB2024measuresFig. 12: The score of 72 refers to the current score at the time of writing this sub-article (January 2024)

 

Side Topic: Analyse des eigenen Geschäftsbereichs

   

As part of the LkSG, a risk analysis of the company's own business area is also being considered. All locations affected by the LkSG should be critically analysed in order to take measures to avoid risks or remedy confirmed incidents if necessary. In contrast to suppliers, there is an obligation to successfully carry out corrective actions in your own business area. 

Follow these instructions to carry out an analysis of your own business area on Prewave.

  1. Creating supplier locations (Sites)
    All relevant locations for LkSG compliance should be created on Prewave. This can be done as part of the discovery process by sending the individual company locations, including address and other relevant information, to the Customer Success Team. Alternatively, individual sites can also be added in the Site Group profile. New sites can be created in the Sites tab. 
    Screenshot 2024-07-22 at 13.49.00
    Fig. 13: Adding new Sites via the Site Group Profile
  2. Set Sites as your Own Business Area
    In the Network Tab under "My Targets" you will find the individual sites that are assigned to your company (Site Group). Select the sites that you want to define as an Own Business Area for the LkSG analysis. Then click on "Add as Own Business Area". 
    Screenshot 2024-07-22 at 13.54.19

    Fig. 14: Adding Sites to the Own Business Area

    Once the locations have been successfully added, they are located in the "Own Business Area" collection (Fig. 15). 
    Screenshot 2024-07-22 at 13.57.01

  3. Set parameters for risk analysis of your own business area
    In the Analysis tab the user can initiate a new risk analysis. To do this, "Own Business" must be selected under Scope of Analysis. "Recommended Suppliers" does not necessarily have to be taken into account here, as all sites of the user's own business area that are considered within the scope of the LkSG are generally considered as substantial. Screenshot 2024-07-22 at 14.44.58
    Fig. 16: Selecting the Scope "Own Business Area"

    In the next step "Own Business Entities" the relevant Sites can be selected and added to the analysis. (Fig. 17). 
    Screenshot 2024-07-22 at 14.51.02
  4. Carrying out the risk analysis for the Own Business area
    As with the suppliers, the next steps are to analyse the risk matrix and take relevant measures in the area of risk prevention as well as remedial measures in the event of identified violations of legal positions. It should be emphasised here once again: BAFA expects that violations in its own business area must be successfully ended. One can therefore speak of an "obligation to succeed" for corresponding measures.

🧠 Good to know:

Own company locations are always assigned a "Critical" impact. This is due to the fact that the influence of change on the company's own locations is categorised as the highest.