Sourcing and Due Diligence

Overview

At the John Lewis Partnership we take our responsibilities for the effective management of risk very seriously and to help us effectively manage this risk, we operate a Supplier Due Diligence (SDD) process. We want to ensure that all 3rd party and supply chain risk is appropriately identified, assessed and proactively managed in order to prevent breaches in areas such as Modern Slavery, Data Protection, Cyber, Health and Safety, Anti-bribery and Corruption, Corporate Responsibility and more.

Completing SDD satisfactorily is a mandatory requirement for all suppliers to the Partnership. The Partnership uses Coupa to collate and analyse data collected during the SDD process.

This guide explains the steps both potential and existing Suppliers will be asked to complete on Coupa.

Note: Reference to Company or Organisation includes any entity where there is a business relationship with the John Lewis Partnership. This includes Companies and unless a question states otherwise, Freelancers.

Supplier Code of Conduct  Supplier Privacy Notice 

Receiving and Answering Sourcing Risk Question in Coupa

If your organisation has been short-listed to provide the John Lewis Partnership with new goods or services, the next stage will be to ask you to answer a series of questions aimed at assessing the risk to the Partnership of commencing a relationship with you.

In the Partnership we have ten separate Risk Domains (individual areas of identifiable risk). Depending on the level of risk already established by JLP earlier in our process, you will be sent (via Coupa) a number of question sets. Typically you may receive around 5 or 6 different
question sets, but in some cases this may be up to 10 to cover each of our Risk Domains.

These are the steps we ask you to follow on receipt of a request from JLP to commence the Sourcing and Due Diligence process:

1. You will receive an email notification containing information and several links
2. You can either click on I intend to Participate or View Event

   Note: Both take you into Coupa to complete our questionnaire; View Event shows slightly more detail. Suppliers should note also that they may receive a risk assessment as part of the tendering process as well.
   
3. Set up a password (if prompted to do so)
4. Next, you are taken into the Sourcing Risk Questionnaire where you should work through the various sections, answering questions as you go.
5. If you selected View Event from the email notification you should tick the I intend to participate in this event box 

   There is also a useful countdown timer showing how long there is left to complete and submit the questionnaire
   
6. Some sections, such as the Key Contracting Principles, require you to download and save a document to your computer. Then, you will be required to update the document with your answers or details, re-save and upload back into Coupa

   Notice also that sections marked * are mandatory
   
7. Scrolling down further, you will be asked to confirm that you have read and accept John Lewis Partnership's policies and code of conduct. There are several questions like these so please make sure you have read and ticked the boxes to accept all of them

   
8. Once you have answered all the questions, and uploaded all the requested documents, you are ready to submit your responses back to JLP. 
   Note: If you need more time to complete your responses, you can click Save and come back to the form later
9. Click Submit Response to Buyer when you are ready to send your responses back to JLP

   

What happens next?

Your responses will be reviewed by our team at JLP. If JLP wish to proceed to the next stage, you will be:

- Invited to create an account in Coupa where you complete details of your organisation (for new suppliers to JLP only)

- Asked to provide further evidence based on your previously submitted answers to our initial questions 

Registering and Creating a New Account in Coupa

The process where new suppliers set up an account in Coupa is not covered in this guide, but is covered in the guide below:

GNFR Coupa registration guide

Responding to a Request for Additional Due Diligence Information 

By this stage, you will have already answered a number of questions relating to the Partnership’s ten Risk Domains.
To complete this process, we now need to ask you for proof of your credentials (for example, if you have told us you are Gas Safe registered, we would like you to upload into Coupa a copy of your current Gas Safe certificate).
The next step is to create an account in Coupa Risk Assess. This is required so we ask you for additional information about your organisation, and for you to upload and submit this back to us.

Follow the steps below to do this:

1. You will receive an email notification informing you that an account has been created for you in Coupa Risk Assess 
2. This notification contains a link which you will need a little later
3. Next, you will receive a second email notification containing a unique Authorisation Code 
4. Copy, or make a note of, this code
5. Go back to the original notification and click on the link
6. Paste or enter the code into the Authorisation Code box
7. Select a Security Question to answer
8. Enter and confirm your response to the Security Question selected
9. Click Continue, You are now set up to use Coupa Risk Assess 

1. To proceed, click on the link within the notification
2. Log into Coupa Risk Assess
3. You will then be presented with the Coupa Risk Assess dashboard 
4. In the Evaluations section, you will see a summary of the requests awaiting your attention 
5. Click the Show Me link to open the full list
6. From the list that is presented to you, click the green View button to open the request

   
7. Work through the questions asked (remember that those marked * are mandatory) 
8. Follow the instructions to upload the documents required
   Note on Public Liability Insurance: Whilst we recognise that is not a legal requirement to hold this insurance, the John Lewis Partnership does ask that its suppliers have Public Liability
   Insurance in place. If for any reason your company does not have Public Liability insurance, please provide and upload a document with a justification as to why you think this insurance is
   not applicable to your Company.
9. If you ever need more time to complete all the necessary steps, you can click Save and return to the document later 
10. Otherwise, once complete, click Submit

What happens next?

Your responses will be reviewed by our team at JLP. This may result in: 

- One or more of your responses being rejected. This could be because the evidence provided is incomplete, or we need a little more information from you. See section 4 below on how to deal with any follow up requests

- JLP asking you to complete an Action Plan, which will be a commitment from you to complete a particular action or provide evidence of a certificate or policy in order for JLP to complete its Due Diligence process.

- Completing Actions Plans is not covered in the guide but there is a useful guide linked below:

Risk Action Plans in Coupa

Dealing with any follow up requests for Information

If the JLP Risk Team has reason to reject your submission, you will receive this notification. To make adjustments, you should log back into Coupa via the link in the notification, note the comments made by the JLP team, update as necessary and re-submit back to JLP: