Supplier Risk Management
Suppliers are continually evaluated for compliance with our operating companies’ guidelines, as well as laws and regulations. Reynolds American and its operating companies utilize an annual supplier management activity matrix, which includes supplier self-assessments, FDA-relevant risk assessment and supplier audits.
Risks identified from the analyses, including sustainability risks, feed into a supplier segmentation process. Suppliers are assessed on level of risk, as well as their impact to our operating companies. Suppliers who score highly in both areas are further assessed through the RAI Enterprise Risk Management (ERM) process. The ERM process categorizes four main risks:
- Operational (including environmental and social risk); and
- Compliance, financial reporting and fraud.
Through the ERM process, suppliers’ risks are assessed each quarter and identified risks are reported to the Audit and Finance Committee twice a year.
The core principles, values and beliefs that drive RAI and its subsidiaries also guide the standards to which we hold our suppliers. To ensure supplier compliance with applicable laws, regulations and supplier guidelines, suppliers are continually evaluated.
Our operating companies use the Business Enabler Survey Tool (BEST) audit for companies that pose the greatest risk. The BEST audit is composed of 29 excellence criteria covering process & quality control, manufacturing resources, management policy and finance.
BEST surveys give RAI's operating companies the information they need to determine whether suppliers follow first-class business practices concerning key issues such as quality, risk of contamination, security of supply, and safety and environmental standards. The program also identifies areas in which suppliers could improve, and RAI’s operating companies work with suppliers to identify corrective actions and ensure timely implementation.
Supplier due diligence is not limited to upstream suppliers. RAI and its operating companies contract with third-party regional distribution centers (RDCs) for finished goods inventory receiving, shipments to customers and inventory reporting. We conduct procedural and physical audits of these downstream facilities at least once every 18 months. Audits include a review of:
- Internal controls to prevent the use and/or shipment of non-conforming, damaged or contaminated product;
- Formal preventive maintenance programs for buildings and equipment;
- Sanitation and pest control;
- Chemical usage;
- Personal hygiene;
- Product handling, identification, traceability and recall; and
- Security and environmental hazards.