Supply Chain Act with otris software implement
10. February 2023

LkSG: How to set up a solution-oriented process

The Supply Chain Sourcing Obligations Act (LkSG) came into force on 01.01.2023. Affected companies know the requirements that the law places on them. However, the concrete process with which the new due diligence obligations are to be implemented is often still in the drafting phase. With otris software, companies implement a solution-oriented process that identifies and prioritises risks and documents the procedure. The individual process elements at a glance:

Create and communicate policy statement

One requirement of the LkSG is to produce a policy statement with a clear commitment against human rights violations and environmental degradation and to distribute the document to all relevant stakeholders.
Process support: otris diligence includes editing functions. You work together in a team on a draft text and use functions for commenting and editing as well as approval workflows. Once the policy statement has been created, you send the document to the stakeholders from the system. The system automatically documents the sending and the status of the confirmation of receipt.

Import supplier data

In order to identify risks arising from supplier relationships, basic data on all suppliers must be compiled and structured as completely as possible. This is supplemented by data from the company’s own operating sites.
Process support: An interface in otris diligence enables the connection of external databases. The system imports basic data from the company’s supplier database. In addition to the supplier name, this includes the country of operation, the volume of the business relationship or the product group. Data on the company’s own operating sites can be imported from third-party systems according to the same principle or created manually.

Carry out prioritisation

If you have a large total inventory of suppliers, it makes sense to first examine the suppliers that have a high level of abstract risk.
Process support: otris diligence provides support through a prioritisation process that sorts suppliers according to the level of abstract risk. The solution automatically checks whether suppliers are on indices or sanctions lists. To do this, the system regularly compares the imported supplier data with publicly accessible databases. In a second step, the solution identifies abstract risks that are defined according to predefined criteria. These criteria include, for example, the location of an operating site, the products supplied or the value of the goods supplied. As a result, otris diligence creates a list of suppliers and company operating sites that should be subjected to further risk assessment with high priority.

Define initial prevention measures

The identification of abstract risks may already be sufficient to derive preventive measures.
Process support: After deciding on a preventive measure, it is assigned to the risk / company in otris diligence. You organise the communication with the affected supplier as well as the processing and follow-up of the measure with solution-specific functions. The system documents the communication and all activities automatically.

Create/distribute supplier questionnaires

After abstract risks have been identified, questionnaires must be sent to the prioritised suppliers.
Process support: You create supplier questionnaires within the solution. You send the questionnaires bundled from the system to suppliers you have selected. The recipients are asked to fill in a web form (no additional communication via e-mail with attachment).

Evaluation / Re-prioritisation

The response to the supplier questionnaires enables further prioritisation.
Process support: The system not only documents the sending, but also the confirmation of receipt and automatically evaluates the returned answers. The clear evaluation classifies suppliers according to risk potential.

Assess risks

The LkSG describes a functioning risk management as a central element in order to fulfil due diligence obligations adequately and effectively. The aim of the risk analysis is to identify human rights and environmental risks in the company’s own business operations as well as in the supply chain. The risk analysis is in turn the basis for preventive and remedial measures.
Process support: otris diligence integrates a complete risk management system. You collect the relevant information from your suppliers using the questionnaires you have previously created. Evaluation functions support you in the classification and weighting with regard to probability of occurrence as well as extent, scope and irreversibility. By visualising the results, the system makes clear where action is needed.

Recording complaints

The LkSG requires companies to set up a publicly accessible complaints channel that protects the identity of the user and is available in all necessary languages.
Process support: otris software is the manufacturer of an established whistleblowing system that meets all legal requirements and complements otris’ LkSG solution. A connection to existing third-party systems is also possible. Submitted complaints can be linked to the respective supplier and flow into the risk assessment.

Implement preventive and remedial measures

To respond appropriately to identified risks, companies must implement targeted preventive and remedial measures.
Process support: The risk assessment identifies the need for action. You assign the derived preventive and remedial measures to the corresponding risks in the system. Using established methods, otris diligence organises the communication of the measures to those responsible and the follow-up of their implementation. In addition, the system supports you in planning and carrying out audits.

Create a report

A key requirement of the LkSG is the regular production of a public report in accordance with BAFA specifications. The report is generated from the answers to a structured questionnaire with open and closed questions.
Process support: otris diligence generates the report “at the push of a button”. To answer the BAFA questionnaire, the solution compiles data from the different functional areas of the system (risks identified, complaints received, measures implemented, etc.).