Procurement compliance risk and system construction for SMEs

On 23 May 2022, the China Association of Small and Medium Enterprises released a group standard for the Evaluation of Effectiveness of Compliance Management Systems for SMEs. The standard is based on the ISO37301:2021 – Compliance management systems requirements with guidance for use, which is the first group standard in this regard.

The goal is to standardise the evaluation of the effectiveness of compliance management systems, guide and promote system construction, and facilitate the popularisation of compliance management, which is a modernisation project of strategic significance for the management of SMEs.

Because of the many sub-fields of compliance management, the practice of the above-mentioned “evaluation of effectiveness” has varied greatly. This article aims to further discuss the construction and effectiveness evaluation of SMEs’ procurement compliance management system following the basic idea of “construction by evaluating” in the standard.

Procurement compliance risks

Procurement is a key part of the operation in most enterprises. The Ministry of Finance has issued No.7 of the Application Guidelines for Enterprise Internal Control – Procurement Business, which streamline the main procurement processes and highlight four compliance risks in procurement.

Procurement plans and demands. Article 3 of the above-mentioned guidelines states that the first risk in enterprise procurement is the preparation of procurement plans. In practice, most SMEs’ procurement processes are not regulated, especially as procurement plans are often not substantively reviewed and adjusted internally because of the actual situation, or the procurement is performed by personnel in other positions.

Consequently, the demand in the prepared procurement plan, or the plan itself, can be unreasonable, which easily leads to disputes that harm the enterprise, even triggering compliance risks such as waste of resources.

Supplier selection and integrity. According to article 3, section 2 of the guidelines, enterprises should pay attention to risks in supplier selection. In fact, most SMEs’ access management and assessment of suppliers are mere formalities.

When selecting suppliers, SMEs should be aware of the following:

1. Inadequate preliminary assessment may lead to non-performance or other forms of defaults later, damaging the enterprise’s interests;
2. If a supplier has received serious administrative penalties, co-operation may harm the image of the enterprise;
3. If a supplier experiences capital chain ruptures, this may lead to losses for the enterprise and carry the potential for subsequent contractual disputes; and
4. Attention should be paid to compliance risks related to integrity in corporate procurement projects.

Procurement product quality and acceptance. One of the risks arising from improper supplier selection is being provided with poor-quality products, which can impair the ordinary operation of the enterprise. In addition, non-standardised product-acceptance criteria and processes add to the risk of non-conformity between the accounting information and the facts, as well as material losses.

Lax payment approvals. Payment is the last step of the procurement process. Lax management of payment approval, irregular payment processes and improper selection of payment methods may result in risks such as capital loss, credit damage and violations of laws and regulations.

System establishment, evaluation

The evaluation of effectiveness also concerns compliance management systems under the features and practical needs of SMEs. In this regard, the article further explores the establishment of procurement compliance management systems and their evaluation.

Procurement compliance management institution and configuration of responsibilities. First, a procurement compliance leadership team can be established. In this team, the first responsible person is designated to assume responsibility for procurement compliance jointly with the head of the procurement department.

Second, a specialised procurement compliance management body can be set up to balance benefits and costs during the establishment. Finally, procurement planning professionals able to prepare procurement plans and pricing may be assigned to the process of building and evaluating the procurement compliance management systems.

Identification of and response to procurement compliance risks. Enterprises can explore the following paths based on balancing their own costs and efficiency:

1. Risks in supplier selection and integrity. First, set up strict access criteria. Strict reviews are conducted on suppliers’ corporate creditworthiness, business status, risk of violations of laws and regulations, and affiliation, and if necessary on-site research or due diligence should be carried out.

Second, conduct regular appraisals of previous suppliers to promote their legal compliance. Third, conduct pre-post integrity training for procurement personnel and evaluate them regularly. Finally, sign procurement integrity and commercial non-disclosure agreements with co-operating suppliers to ensure subsequent supervision.

2. Risks in product quality and acceptance. Regarding suppliers, the terms and responsibilities for ensuring product quality should be clearly specified in the contract, and inspection and acceptance of products should be carried out in strict accordance with agreed quality standards.

Internally, a complete acceptance process should be established to provide acceptance personnel with standardised guidelines, ensuring that the product type and quality are acceptable. In addition, enterprises should arrange regular product sampling to screen for potential quality risks.

3. Risks in payment approval. Enterprises should establish and improve the mechanisms for payment auditor supervision and procurement payment management, with clear authority and responsibilities.

Payment auditors or other approving officers should strictly follow the standards to review procurement-related documents and make payments accordingly only after confirming them to be correct.

Procurement compliance culture building. According to the evaluation of effectiveness, the building of a procurement compliance culture should take place in various areas at all levels of an enterprise, and should be tailored according to the scope of authority and responsibility, as well as the degree of compliance risks.

Staff training and compliance posters may be adopted to promote a compliance culture. In addition, enterprises should establish a commitment and credit mechanism for procurement compliance, a performance assessment mechanism for compliance duties and a non-compliance accountability system to promote standardisation.

Finally, an enterprise may set up a professional procurement compliance training platform and designate learning groups to create a sound compliance culture and shape decent procurement conduct.

Liang Muzhou is a senior partner and Lu Zhongrui is an associate at ETR Law Firm