Step 2: Classification of high risk suppliers

Detailed step-by-step instructions on Prewave platform

Contents

Tab "General Information"

Side Topic: Ad Hoc risk analysis

Tab “Suppliers”

Side Topic: Historical scores

Side Topic: Own Business analysis

In the "Analysis" tab of the Prewave platform, with the click on Start New Risk Analysis button begins the classification of suppliers into essential and non-essential (see Fig. 1). In this risk analysis users can filter for essential suppliers using Prewave recommendations or own specifications.

Fig. 1: The regular risk analysis begins with the "Start New Risk Analysis" step in the "Analysis" tab.

Tab “General Information"

This is the start page of the risk analysis and should therefore be filled with the following parameters for LkSG-relevant reporting, (see Fig. 2).

Type of analysis:

LkSG

Name:

A name for the analysis can be assigned here so that later it could be found in the reporting and in the documents.

Date:

The date on which the analysis is carried out (typically "today").

Period:

The period over which the risk analysis is carried out, typically the financial year of the company.

Level of analysis:

For the LkSG-compliant risk analysis, the individual sites must be considered and not just the higher-level organisations (site groups). For this reason, "Site" (formerly "POI" or point of interest) is selected at this step.

DI Model (Degree of Influence Model):

determines how the influence of your own company on the supplier is calculated: either at a higher organisational or on a site level.

Additional information:

LkSG regular risk analysis must be carried out once per financial year. A vacant field in the report (see Chapter 4) is filled with the information from the "Scope of analysis". Any measures taken for these selected areas are also included into a BAFA report. Own business area and direct suppliers (Tier 1) must be considered at the first place. If an ad hoc risk analysis needs to be carried out due to substantiated knowledge of possible breaches at indirect suppliers or significant changes in the risk situation due to new business areas, etc., this option can be selected here instead of the regular risk analysis (then select "Ad hoc risk analysis"). Note: Several different risk analyses can be carried out in succession. The results of these can be combined for the overall BAFA report. To do this, check "Approve for report" for all relevant analyses later (see Chapter 4: Generating the BAFA report).

 

Recommended suppliers:

The abstract risk analysis takes into account the components of the peer score: the country and industry score. In the regular risk analysis according to the LkSG, the essential suppliers are therefore identified on the Prewave platform and in this case separated from the non-essential suppliers. Using the "Recommended Suppliers" filter method in the first step of the analysis, those suppliers with a country OR industry score of 55 and below can be separated from those whose score is higher. Suppliers with a score of 56 or higher are sorted into risk groups that indicate a risk as likely for only some suppliers (mid) or only in individual cases (low) or no risk at all (no). Suppliers with a score of 56 or higher are therefore considered insignificant. The recommended suppliers are the significant suppliers. Another factor that can (but according to the LkSG does not have to) characterise a supplier as significant is the influence that you have on your direct supplier in terms of share of total sales (purchase volume threshold). However, this information is optional here, as the level of influence is only considered in the next step. If you want to ensure that the information in this step has no influence on the decision as to whether a supplier is marked as significant or insignificant, we suggest entering an unrealistically high value (e.g. 999999999999999).

To initiate the analysis, the "Create" button must now be clicked.

Fig. 2: The basic parameters for the risk analysis are set in the "General Information" tab.

 

Side topic: Ad hoc risk analysis
The ad hoc risk analysis can also be carried out in the risk analysis area within the Prewave Platform. If the user is in the "General Information" tab of the risk analysis, the selection "Adhoc risk analysis" must be made in the selection field for "Type of regularity" under the additional information for the analysis.

Side topic: Ad hoc risk analysis

The ad hoc risk analysis can also be carried out in the risk analysis area within the Prewave Platform. If the user is in the "General Information" tab of the risk analysis, the option "Adhoc risk analysis" must be selected in the selection field for "Type of regularity" under the additional information for the analysis.

Fig. 3 - The ad hoc risk analysis can be selected via the "Type of regularity" action field

 

Once the selection has been made, further fields open where all additional information relevant to the analysis can be entered. On the one hand, the reason for the analysis can be selected under the drop-down field "Reason for analysis", on the other hand, there is also the option of adding an individual description for the reason for the analysis under "Reason Description":

Abb. 4 - Selection of the reason for ad-hoc analysis

 

Tab "Suppliers"

The main suppliers that need to be considered in detail for LkSG-compliant handling are listed under the "Suppliers" tab in the "Recommended" subcategory (see Fig. 3). All those suppliers are listed here that were recorded with the criteria of the previous step. In the example in Fig. 3, the values recommended by Prewave are a country score of 55 or less OR an industry score of 55 or less OR annual expenditure of €1 million or more.

Furthermore, various filter options can be used to limit the selection of suppliers. For example, if only suppliers from a specific collection are relevant for the analysis, the relevant collection can be selected via the "Collections" filter (1) and confirmed via "Apply" (2) (in the example, the "Risk Analysis Demo" collection).

Fig. 5: List of all recommended high risk suppliers that should be subjected to a specific risk analysis.

In the next step, it is essential to select all (recommended) suppliers as shown in Fig. 6 via "Select all" (1) and add them to the analysis via "Add to Analysis" (2). If these steps are not carried out, the analysis cannot be performed correctly.

Fig. 6: The recommended suppliers are added to the risk analysis.

In our example, 246 of a total of 294 suppliers are labelled as significant. These present an abstract risk (identified using the categorisation methods in the "General information" step) and must be examined more closely with the help of a concrete risk analysis (see section 2.2.3).

Fig. 7: The recommended suppliers have now been added to the analysis and are grouped under "Suppliers" or "Included".

 

Important: To ensure that all suppliers and their risks are listed for reporting purposes, another analysis may be carried out once after the concrete risk analysis using media monitoring, in which ALL suppliers (not just those recommended for the concrete risk analysis) are added.

Side Topic: Historical scores

Historical scores can be taken into account for the risk analysis: If a date in the past is selected in the "General Information" tab when selecting the basic parameters, the scores for this date are also used in the analysis.

In the example in Fig. 9, a day in September 2022 was selected as the reference date:

 

Fig. 8: Risk analysis with cut-off date in September 2022

Fig. 9: The score of 87 refers to the cut-off date of the analysis in September 2022.

In the further analysis, including in the "Measures & Actions" tab, an overall or 360° score of 87 is therefore displayed (see Fig. 10). This is despite the fact that the current score of this supplier may be different because the score on the selected cut-off date in 2022 was precisely this value (see Fig. 11).

All recommended measures are therefore drawn up on the basis of this score. If you look at the target profile (Fig. 10) of the supplier under consideration here, you can track the development of this score and compare it with the current value.

Fig. 10: Target profile of the analysed supplier. The current score (left) is 72. The development of the score (right) shows that the score was higher in September 2022.

 

For comparison, Fig. 11 shows an analysis that was carried out on the same day. However, no past date was selected in the parameters in "General Information", but the current date at the time this sub-article was created. 

 

Fig. 11: Risk analysis with cut-off date in January 2024

Accordingly, the risk analysis also shows the current score of this supplier (see Fig. 12).

Fig. 12: The score of 72 refers to the current score at the time of writing this sub-article (January 2024)

 

Side Topic: Analyse des eigenen Geschäftsbereichs

As part of the LkSG, a risk analysis of the company's own business area is also being considered. All locations affected by the LkSG should be critically analysed in order to take measures to avoid risks or remedy confirmed incidents if necessary. In contrast to suppliers, there is an obligation to successfully carry out corrective actions in your own business area. 

Follow these instructions to carry out an analysis of your own business area on Prewave.

1. Creating supplier locations (Sites)
   All relevant locations for LkSG compliance should be created on Prewave. This can be done as part of the discovery process by sending the individual company locations, including address and other relevant information, to the Customer Success Team. Alternatively, individual sites can also be added in the Site Group profile. New sites can be created in the Sites tab. 
   
   Fig. 13: Adding new Sites via the Site Group Profile
2. Set Sites as your Own Business Area
   In the Network Tab under "My Targets" you will find the individual sites that are assigned to your company (Site Group). Select the sites that you want to define as an Own Business Area for the LkSG analysis. Then click on "Add as Own Business Area". 
   
   Fig. 14: Adding Sites to the Own Business Area
   
   Once the locations have been successfully added, they are located in the "Own Business Area" collection (Fig. 15). 
   
   
   
3. Set parameters for risk analysis of your own business area
   In the Analysis tab the user can initiate a new risk analysis. To do this, "Own Business" must be selected under Scope of Analysis. "Recommended Suppliers" does not necessarily have to be taken into account here, as all sites of the user's own business area that are considered within the scope of the LkSG are generally considered as substantial.
   Fig. 16: Selecting the Scope "Own Business Area"
   
   In the next step "Own Business Entities" the relevant Sites can be selected and added to the analysis. (Fig. 17). 
   
4. Carrying out the risk analysis for the Own Business area
   As with the suppliers, the next steps are to analyse the risk matrix and take relevant measures in the area of risk prevention as well as remedial measures in the event of identified violations of legal positions. It should be emphasised here once again: BAFA expects that violations in its own business area must be successfully ended. One can therefore speak of an "obligation to succeed" for corresponding measures.