I have recently found myself in an odd position. For years, I have been vocally critical of social auditing practices as lacking adequate rigor. Others have voiced these concerns – sometimes more strongly than I do. But not all of those criticisms are fair or appropriate, so I defend social auditing/auditors occasionally. Today is one of those times.
Human rights non-profit Transparentem issued their new report Hidden Harm: Audit Deception in Apparel Supply Chains and the Urgent Case for Reform. The report presents a scathing view of social auditing practices/results in the garment manufacturing sector as a result of their own investigations “across nearly 20 garment factories and spinning mills in India, Malaysia, and Myanmar.” It doesn’t really offer anything new – just more detail about problems that are already generally recognized.
The (Same Old) Problem
According to Transparentem, “audit deception” is rampant and undetected in social audits. They define audit deception as “efforts to conceal labor rights violations from social auditors” and they “found evidence of at least one form of audit deception at the majority of worksites it [Transparentem] has investigated… Common tactics included coaching workers to lie, hiding adolescent workers, and document falsification (primarily by recruiters).”
Again, nothing much new here.
Putting It In Context
Yes, they are right that certain things are broken and some reforms would be valuable in improving audit quality and reducing human rights violations. In reading through the report, however, a few items caught my eye that are worth bringing forward for context.
To begin with, there is minimal acknowledgment that every audit is bound by a variety of limitations – time, cost, scope and sampling are typical limitations. Social audits are no different – and limitations may even be more important here.
Yes, fraud is a known issue in social audits. Auditors make efforts to anticipate and control for fraud, but if someone works hard enough to hide things from auditors, they can. That is the unfortunate truth. The report itself mentioned that Transparentem found fraud in their investigation, yet they “rarely found the same form [of fraud] consistently across all investigated factories in a country,” acknowledging difficulties to at least some extent.
The report emphasizes interviews. Auditors are generally taught interviewing skills, which includes training on non-verbal cues. Although Transparentem refers to US Department of Labor Bureau of International Labor Affairs recommendations that auditors “record information ‘that [they] gain nonverbally, through observation of site conditions and workplace climate, interviewees’ body language and other cues'”, I strongly oppose that.
The latest research about FBI and CIA interview/interrogation techniques shows what we as auditors are taught about reading body language is simply wrong – or overly simplified to the point of being inaccurate. There is a great deal of science to reading non-verbal cues, as well as how to follow up on them in interviews. Auditors very rarely have this training. Unless the auditor has appropriate training in reading/interpreting non-verbal cues, conjecture in auditor notes about non-verbal cues can create problems in audit QA/QC reviews and potential legal liability.
The report’s stated methodology indicates that information was obtained only through interviews, which begs the question as to whether Transparentem themselves fell victim to the same shortcomings they point to within audits. There is no mention of corroborating evidence or supporting documentation in the methodology. Discussions later in the report about Aadhaar cards in India imply that documentation was reviewed by someone – but it is unclear by whom and whether directly as a part of this investigation.
What You Can Do
There are undoubtedly concerns in obtaining accurate and representative evidence in any audit, not just social audits. This is called “audit risk” – something posing a potential risk that audit results may be inaccurate or inadequate, or that the audit process may be inappropriate, incomplete or based on fraudulent information. Controlling audit risk is supposed to be an explicit element of every documented audit plan.
Auditors and buyers of their services both have a role in improving the social audit ecosystem.
- Where fraud is expected, auditors experienced in fraud detection should be used and prepared. As an example, auditors should obtain known authentic original examples of relevant official documents. These are used as references to which documents presented during audits are compared. Auditors should also compare documents to each other to identify potential abnormal commonalities across multiple documents reflecting the same topic (e.g., identical signatures that should each be original) – a red flag that documents may have been reproduced. Check dates recorded on logs to confirm they are consistent with reported work schedules, vacations and holidays.
- Information obtained in interviews should be corroborated (direct visual observations or validated documentation) wherever possible. Where this isn’t possible, audit planning should address interviewing techniques to cross-check information provided by an interviewee. The Transparentem report suggests asking questions about an interviewee’s schooling to cross check statements made about the worker’s age. That is reasonable, but where a workforce comes from rural locations, it is possible that not everyone attended school. The report offers another opportunity to verify interview information, although this was not explored. Workers discussed voluntarily keeping their passports in lockers for safekeeping, and even displayed keys to auditors as proof. Yet Transparentem was told the keys did not work and were intended only to show auditors. These claims were not verified. It would be appropriate for an auditor to ask employees to demonstrate using their keys to validate claims that the keys are real and employee access to the documents is unobstructed.
- Avoid trying to interpret non-verbal cues without specific training reflecting updated science, techniques and practices. Moreover, avoid making written notations about interviewee non-verbal cues or auditor conjecture related to body language.
Buyers of Audit Services
- Recognize that business relationships depend on these audit results – buyers should be willing to pay appropriately for audits with commensurate staffing and timing. Give social audits the respect they deserve. Hold these audits and auditors up to high standards of professionalism. It is time to move past the pernicious “lowest bidder always” mentality.
- Carefully review written audit plans in advance to ensure they reflect your knowledge of, and concerns about, individual locations to be audited. Higher risk facilities may require longer time on-site, a larger audit team or more senior auditors. Be willing to pay more where audit risk is high. Discuss acceptable and expected ways for the auditors to validate interview information.
- Ensure audit limitations are communicated to you in a timely manner, giving you the chance to direct changes to the audit if necessary.
- Understand that fraud investigation is not the same as an audit even though fraud may be encountered in an audit.
- Don’t expect audits alone to result in improved performance. Audited entities need to act on audit findings in order for improvements to happen. If the audited entity is a supplier, develop and implement business metrics to encourage (or require) improvements based on audit results.