Shop Direct automates third-party assurance programme with SureCloud® to meet compliance requirements
Shop Direct Group is the UK’s leading online and home shopping retailer and includes the Littlewoods, Very, Woolworths, Kay&Co, and Isme brands.
Shop Direct relies on a network of 800 suppliers, which provide services such as logistics, call centers, finance, and manufacturing. Naturally, customers’ personal data has to be shared with these third party organizations, and the retailer is therefore obliged to ensure that the data is sufficiently protected throughout the supply chain, in order to minimize security risks. Shop Direct wanted to improve the way that it audited its suppliers and called on SureCloud for help.
Manual spreadsheet-based auditing was cumbersome and time-consuming
The role of the group’s small compliance team is to undertake due diligence testing of all suppliers to ensure they meet the standards both customer and the regulators expect. Suppliers were firstly asked to complete a questionnaire held in a spreadsheet and return it via email. Then, they were visited by the compliance team, in order to validate the information received and establish further actions.
Being manual, this process was incredibly time-consuming and unwieldy, as managing multiple spreadsheets is a notoriously complex challenge. Hundreds of emails were exchanged between the team and suppliers. Version control of the spreadsheets was a headache, and auditing the predominantly qualitative information relied heavily on the experience of the team rather than on analytical evidence. In addition, collating and aggregating the information in order to rank and compare suppliers was very difficult and challenging. Much of the work undertaken was administrative, chasing suppliers by email and telephone to return their spreadsheets, which meant that the team’s auditing skills were not being effectively utilized
Isolated departmental audits were inefficient
Other areas of Shop Direct’s business also needed to audit third party organizations. There was no central point where audits were collated, each area had slightly different requirements and there was a possibility of unnecessary duplication. As a result of these challenges, Shop Direct’s full supply chain audit took much longer than they would like to complete to a satisfactory level. Additional people were recruited in order to help cover the supplier base more quickly. However, with increasing governance, risk and compliance (GRC) requirements to be met, and the undoubted growth of the supply chain, the retailer knew that a new approach was needed to automate the processes.
Find out how SureCloud solved this issue by downloading the full case study.
Learn more about SureCloud’s Third-Party Risk Manager here.