The audit process Supplier development and consolidation One of ASSA ABLOY supply management objectives is to leverage, consolidate and develop suppliers. All suppliers to ASSA ABLOY must comply with the Code of Conduct and to verify they are compliant processes and methods at different levels have been developed. A reporting system with clearly defined targets and measurements is also in place. Supplier Self-Assesment Sustainability Supplier quality As part of the supplier evaluation process and to make a first high level risk assessment, suppliers are asked to fill in a self assessment survey, which result is stored in the central system. On-site Audits Scoring Principles Traffic Light System Green Yellow Orange Purple Red Follow-up audits Audit scores are linked to a color-coded system. Green: the supplier is approved. Yellow, orange, purple: the supplier is approved on condition that it resolves outstanding issues within an agreed time frame. Red: the supplier is not approved. Supplier Development Grow Fix Exit Yellow, orange and purple reflects the level of non-conformities; yellow has the least non-conformities and purple the most. They can be revised based on evidence of a corrective action plan, well-documented progress and firm commitment from the supplier. If a supplier is scored "red" for longer than six months, the contract is terminated. The ASSA ABLOY auditing process is always the same, regardless of supplier or auditor. Suppliers in low-cost countries are in focus for the sustainability audits. In total, the Group has about 2,300 direct material suppliers based in low-cost countries. The ASSA ABLOY sustainability audit program now covers about 90 percent of the supplier spend in low-cost countries. Potential suppliers of direct material in low-cost countries go through a two-step process: a self-assessment and an on-site sustainability audit. Distribution of supplier spend The traffic light system Audit scores are linked to a five color-coded system – the traffic light system. Green means that the supplier is approved. Yellow, orange and purple means that the supplier is approved on condition that it resolves outstanding issues within an agreed time frame. Red means that the supplier is not approved. Yellow, orange and purple reflects the level of non-conformaties; yellow has the least and purple the most. Red, yellow, orange and purple statuses can be revised based on evidence of a corrective action plan, well-documented progress and firm commitment from the supplier. Contracts with suppliers may be subject to termination in case of non-compliance that is not remedied within an agreed time frame. If a supplier is scored “red” for longer than six months, the contract is terminated. The objective of the sustainability audits is to minimize risks of non-compliance among suppliers, primarily in low-cost countries. During the sustainability audit, ASSA ABLOY can verify whether or not the supplier is in compliance with the ASSA ABLOY Code of Conduct. Each division is responsible for performing audits when required and their audit reports are submitted to the Group’s supplier database. Risk areas and “stoppers” Audits are designed to assess risks within areas such as business ethics, workers’ rights, health and safety and environment. Some criteria in the audit checklist are of such significance that they are called “stoppers." If a supplier fails to comply with these important standards, it is automatically rated “red” – regardless of its performance in other areas. The supplier data base Suppliers in selected low-cost countries are listed, graded and tracked in the ASSA ABLOY supplier database. It ensures transparency and access to consistent information on the suppliers' performance.The purchasers use this database to gain easy access to information on the sustainability performance of suppliers from selected countries. It also enables ASSA ABLOY to follow up on several key performance indicators as well as being an importatant means of identifying and developing preferred suppliers. Confidentiality is ensured by assigning user rights and limiting updating rights.