On 01.01.2023, the Supply Chain Due Diligence Act (LkSG) came into force. The new regulations affect companies with 3,000 employees or more (1,000 employees or more in 2024) and indirectly the companies that are audited as suppliers. The law imposes comprehensive due diligence obligations on the companies concerned with regard to human rights and environmental protection. These obligations apply to their own business operations as well as to direct and even indirect suppliers – hence the name Supply Chain Due Diligence Act.
An essential part of fulfilling due diligence obligations is the establishment of a risk management system. The system must be suitable for identifying risks of human rights violations and environmental damage. Furthermore, the law requires that the identified risks are avoided or minimised with the help of preventive and remedial measures. Other key points required of affected companies are the establishment of a complaints office and regular reporting. The law provides for fines against companies that fail to comply with their obligations (up to 2 percent of global annual turnover).
With the specialist solution otris diligence, companies manage the processes necessary to comply with their due diligence obligations. As a basis, the solution maps the complete procurement structure and supply chains of a company.
Web forms and automated documentation help organise and structure the supplier self-disclosures. The solution supports the step-by-step prioritisation of data via a filter system. The company uses established tools to manage risk analyses and the measures and checks derived from them. The solution generates the reports required by law automatically and in the prescribed formats.
With its individual elements, the system not only supports the management of the due diligence obligations prescribed by the LkSG. With otris due diligence management, you are already prepared for the EU directive on corporate sustainability due diligence, which will become binding in the foreseeable future. The requirements of this directive go far beyond the LkSG and, in addition to human rights due diligence, also include extensive environmental and climate protection requirements along the entire value chain. In addition, the EU Supply Chain Act expands the scope of addressees and already applies in part to companies with 500 or more employees.
The otris solution for the management of your due diligence requirements maps the entire process. The system’s standard functions are open for extensions and customisation.
Procurement Structure | Structure Supply Chain
Web forms support the organisation of supplier self-disclosures. The system transfers the data from the answered online questionnaires into the procurement structure. Visualisations of the relationships between suppliers, sub-suppliers, products and pre-products provide quick orientation.
Risk management | Identify, evaluate, prioritise
Based on the collected supplier data, you consider abstract (e.g. sector- or country-specific) risks as well as concrete risks (e.g. type/scope of business relationship, probability of occurrence, severity of violation, possibilities of influence) in the risk analysis. External databases support the analysis (e.g. sanctions list check). The data determined are the basis for prioritisation in order to be able to react appropriately to risks.
Measures management | Remedy / control
The risk analysis is the basis for preventive and remedial measures. The solution supports the organisation and control of measures. Workflows control the regular review and updating of results, information and reports.
Complaints office | Follow up tips
As a complaints office, the solution integrates the established whistleblowing system of otris software AG. The system is adapted to the requirements of the LkSG, but includes all the security standards that the HinSchG-compliant otris whistleblowing system contains.
Policy Statement | Informing Affected Parties
The LkSG requires a policy statement on the company’s human rights strategy and appropriate information on what is expected of suppliers and employees. With multiple document routing functions, the solution not only simplifies the distribution of the information, but also logs delivery and receipt.
Reports | Meeting verification obligations
The solution generates standardised reports from the supplier data, the risk assessment, the measures and the evidence of effectiveness. The basis for the report format is the BAFA questionnaire. The documents generated by the solution can be enriched with conclusions and other information.
All otris solutions have one thing in common: the focus is on easy usability and a well thought-out software interface. Good usability is a prerequisite for new users to be able to use the software productively quickly.
The system compares the supplier data in the standard with selected external databases (e.g. sanctions list comparison). Other databases to be used for checks can be easily integrated via interfaces.
Sowohl der Funktionsumfang als auch die Anzahl der Nutzer können je nach Anforderung unkompliziert erweitert werden. Ebenfalls möglich: die Integration ergänzender otris-Lösungen aus compliancerelevanten Bereichen (z.B. Vertragsmanagement, Beteiligungsmanagement, Richtlinienmanagement).
The solution can be operated both on-premises and in the otris Cloud. With the on-premises variant, the solution is operated on a server in your own data centre. With the cloud variant, you access a server in the otris Cloud.
Whether due diligence obligations are lived and adhered to is also a question of internal company organisation. Angefangen bei der Strukturierung aller Beschaffungs- und Unternehmens-Informationen, über eine standardisierte Risikoanalyse mit Bewertungsverfahren bis hin zu Maßnahmen, Prüfroutinen und Berichterstattung. The otris LkSG solution supports you throughout the entire process:
The LkSG requires the companies concerned to make a clear commitment against human rights violations and environmental damage. The LkSG module includes a lean editorial system with which you can create the declaration of principles in a team. Release and update workflows ensure that all stakeholders are involved and that the document is continuously adapted to external conditions. The policy statement reaches all stakeholders via distribution workflows. The system automatically documents successful delivery.
Inventory and prioritisation
Analysis and evaluation are preceded by a thorough stocktaking. This applies to relevant data on suppliers, sub-suppliers and the associated services and product types as well as to the company itself. The system supports this process with a range of functions for self-disclosure: web-based questionnaires simplify the organisation of self-disclosure even for a large number of suppliers, participations and subsidiaries. The questionnaires are sent out bundled from the system. The system automatically sorts and categorises the answers according to predefined criteria. Such pre-categorisation enables a clear prioritisation of the total stock of suppliers: Which suppliers fulfil certain criteria that indicate a high risk potential (e.g. turnover volume of the business relationship, importance of the services supplied for the company’s own products, but also general criteria such as region or industry)? And how great are the company’s possibilities to influence the supplier? The filters support a step-by-step refinement to identify the risks / supplier relationships / business practices that need to be addressed with high priority. A well-structured prioritisation supports you to do the most important things first.
Map supply chains
The system structures the data from the inventory into clear information. Visualisations clarify the relationship between the company and the respective suppliers and under which product types and procurement categories the deliveries fall.
You can navigate to all linked information via companies, production sites, product types or suppliers. In addition to master data, you will also find all documents and evaluations that are connected to the supplier.
Once the data is structured in the system, it can be evaluated. You use indices and commodity flows to weight and evaluate the collected data. An easy-to-use, question-based risk assessment supports you in this. In addition, the system uses interfaces to publicly accessible databases to check whether suppliers are on sanctions lists. The system visualises the overall assessment by means of a diagram and traffic light symbol, so that any need for action can be quickly identified.
Recording complaints | Complaints procedure
The otris LkSG solution includes a digital complaints office that whistleblowers can use to submit complaints anonymously. Incoming tips are assigned to the relevant supplier so that they can be included in risk assessment and action management.
The risk analysis and complaint management provide information on where measures need to be taken to remedy the situation. In addition, the LkSG prescribes measures for prevention. otris diligence contains a complete measures management system that supports you in defining, implementing and monitoring measures.
Create a report
In Germany, the BAFA (Federal Office of Economics and Export Control) is responsible for compliance with and auditing of the LkSG rules. The current guideline is available in the form of a questionnaire that provides information on which steps and measures companies are expected to take. With the LkSG solution from otris, an automated response to the BAFA questions is possible using the data from risk, complaint and action management. At the push of a button, the system creates a standardised report for publication.