Skip to content
GT
⚖️ Human Rights Due Diligence
Back to course
Supply Chain ImplementationLesson 2 of 46 min readOECD Due Diligence Guidance (2018), SA8000, SMETA

Supplier Codes of Conduct & Auditing

Supplier Codes of Conduct and Auditing

Supplier codes of conduct and social auditing became the dominant tools of corporate supply chain governance from the mid-1990s onward. Driven by consumer campaigns, NGO pressure, and reputational crises in branded industries, companies developed codes specifying labour and human rights standards that suppliers must meet and established auditing programs to verify compliance. Today, most large companies in consumer goods sectors have supplier codes, and the social audit industry processes tens of thousands of audits per year globally. Yet there is growing recognition that auditing, as currently practised, has significant limitations - and that moving "beyond auditing" is a necessary evolution for genuine human rights due diligence.

What a Good Supplier Code of Conduct Contains

A supplier code of conduct sets out the minimum standards that suppliers are expected to meet as a condition of the business relationship. While codes vary in detail, the most robust codes include the following elements:

  • Legal compliance: Compliance with all applicable national laws and regulations, with the requirement to apply the stricter of the code or national law
  • Forced labour prohibition: A prohibition on all forms of forced, compulsory, trafficked, bonded, and prison labour, including clear requirements on freedom to resign and document retention
  • Child labour prohibition: Prohibition on employing workers below the minimum age, with requirements for age verification, and a commitment to remediation rather than immediate dismissal if child labour is discovered
  • Freedom of association: Recognition of workers' rights to form and join trade unions and to bargain collectively, with alternative mechanisms where law restricts these rights
  • Non-discrimination: Prohibition on discrimination in hiring, compensation, training, promotion, and termination based on protected characteristics
  • Working hours: Maximum working hours and overtime limits, consistent with applicable law and international standards
  • Wages and benefits: Payment of at least the legal minimum wage, timely payment, transparent wage documentation, and a commitment to progress toward living wages
  • Health and safety: Safe and healthy working conditions, hazard identification and control, emergency preparedness, and OHS training
  • Grievance mechanisms: Access to a confidential grievance mechanism free from retaliation
  • Subcontracting controls: Requirement to notify and obtain approval before subcontracting any work, and application of code requirements to approved subcontractors
  • Environmental standards: Minimum environmental compliance requirements (this is increasingly included as codes evolve)

Types of Social Audits

Social audits are the primary mechanism companies use to assess supplier compliance with codes of conduct. They involve a third-party auditor visiting a facility, reviewing documents, inspecting the physical environment, and interviewing workers and management. Audits vary significantly in their design:

Audit TypeDescriptionStrengthsLimitations
AnnouncedSupplier knows the date and time of the audit in advanceSupplier can prepare documentation; smoother processAllows coaching of workers, cleaning up non-compliances temporarily
Semi-announcedSupplier knows the audit will happen within a window (e.g., two weeks) but not the exact dateSome preparation benefit; reduces worst coaching risksSophisticated suppliers can still prepare if the window is short
UnannouncedSupplier receives no advance notice; auditor arrives without warningBest chance of seeing normal operating conditionsSupplier may be unavailable; records may be off-site; can create adversarial relationships
Follow-upTargeted audit of specific non-compliances identified in a previous auditVerifies remediation of known issuesDoes not assess new or undisclosed issues

SMETA and SA8000

SMETA (Sedex Members Ethical Trade Audit) is the world's most widely used social audit format, developed by the Sedex (Supplier Ethical Data Exchange) platform. SMETA audits use a standardized reporting format and cover four pillars: labour, health and safety, environment, and business ethics. Audit reports are shared on the Sedex platform, allowing multiple buyers to access a single audit report, reducing audit duplication for suppliers. SMETA is widely used in consumer goods, food and agriculture, and manufacturing sectors.

SA8000 is a certification standard developed by Social Accountability International (SAI), based on international human rights and labour norms. Unlike SMETA, SA8000 is a certification standard (not just an audit format): facilities that meet the standard receive a certificate valid for three years, with annual surveillance audits. SA8000 is distinctive in requiring worker representatives to be involved in the audit process and in its stronger requirements on freedom of association. It is particularly prevalent in the European market and in sectors where long-term certification provides commercial value.

The Limitations of Auditing

Social auditing has come under significant criticism from researchers, NGOs, and practitioners for a series of structural limitations that reduce its effectiveness at detecting the most serious human rights violations:

  • Audit fatigue: Factories serving multiple buyers may receive dozens of audits per year from different buyers using different standards and formats. This consumes significant management time and resources without proportionate benefit, and creates pressure to manufacture audit compliance rather than genuine improvement.
  • Trained evasion: Sophisticated suppliers - particularly in high-audit-frequency sectors like garments - learn to coach workers on what to say, prepare false documentation (double books for wages and working hours), and temporarily suspend non-compliant practices during audits.
  • Structural issues remain invisible: Audits are generally better at detecting physical issues (fire exits, PPE availability) than structural violations (suppression of worker organizing, systematic wage theft through illegal deductions, or the absence of effective grievance mechanisms).
  • Short-termism: A point-in-time audit cannot capture seasonal child labour, sporadic forced overtime, or violations that occur only under certain production conditions.
  • False assurance: A clean audit report may create false confidence in buyers, reducing the pressure for deeper engagement with supply chain risks.

Example: Audit Failures in High-Profile Cases

Multiple investigations have documented serious labour violations in facilities that had recently received clean or near-clean social audit reports. One of the most cited is the case of Ali Enterprises in Karachi, Pakistan, where a fire in September 2012 killed 258 workers. The facility had received a SA8000 certification just weeks before the fire. Post-incident investigation found that emergency exits were locked, windows were barred, and workers had no fire safety training. A similar pattern emerged in post-Rana Plaza investigations, which found that some collapsed factories had passed audits. These cases prompted significant reflection within the audit industry and gave impetus to the "beyond auditing" movement.

Beyond Auditing: Complementary Approaches

The "beyond auditing" movement, championed by organizations including the Worker-Driven Social Responsibility Network, BSR, and academic researchers, argues that auditing must be complemented by approaches that give workers themselves a meaningful role in identifying and escalating violations:

  • Worker Voice Technology: Digital platforms (e.g., Labor Link, Laborlink, Ulula, Fishcoin) that allow workers to report conditions anonymously via mobile phones, outside the audit visit and without management intermediation
  • Trade Union Engagement: Engaging directly with trade unions representing workers in supplier factories as a complement to company-controlled audit processes
  • NGO Partnerships: Working with civil society organizations that have trusted relationships with worker communities to conduct independent worker interviews and community assessments
  • Supplier Development Programs: Moving from pure compliance checking to collaborative supplier capacity building, helping suppliers understand and implement the requirements rather than just assessing whether they pass
  • Legally Binding Agreements: Models such as the International Accord on Building and Fire Safety in Bangladesh establish legally binding, enforceable agreements with real financial consequences for brands that fail to fund remediation

The Audit Paradox

A fundamental tension in social auditing is that audits are paid for by buyers (or by suppliers at buyers' request), which creates an incentive for audit firms to produce results that satisfy buyers. If buyers primarily want reassurance rather than accurate information, audit firms that consistently report problems lose clients. The Worker-Driven Social Responsibility model proposes an alternative: binding agreements where workers and their representatives define the standards, participate in monitoring, and have enforcement mechanisms - rather than relying on buyer-controlled audit processes.

Key Takeaways

  • 1A robust supplier code of conduct covers forced labour, child labour, freedom of association, non-discrimination, working hours, wages, OHS, grievance mechanisms, and subcontracting controls, requiring the stricter of the code or national law
  • 2SMETA is the world's most widely used audit format (with results shareable across buyers on the Sedex platform), while SA8000 is a certification standard with stronger worker representation requirements
  • 3Unannounced audits provide the most realistic picture of working conditions, though even these can be evaded by sophisticated suppliers
  • 4Social auditing has documented structural limitations - audit fatigue, trained evasion, invisibility of organizing suppression and wage theft, and false assurance - that reduce its effectiveness for the most serious violations
  • 5Complementary approaches including worker voice technology, trade union engagement, NGO partnerships, and legally binding agreements are necessary to address the limitations of conventional auditing

Knowledge Check

1.What distinguishes SMETA from SA8000 as supply chain audit tools?

2.Which of the following best describes 'audit fatigue' as a limitation of social auditing?

3.The Ali Enterprises factory fire in Karachi (2012), which killed 258 workers, is significant in the history of social auditing because:

2 of 4