The Compliance Tightrope: How to Audit Your Program Before the DOJ Does

In the world of Supplier Inclusion, we often spend our energy showcasing the impact—the billions spent with diverse businesses, the community empowerment, the brand recognition. But there is a silent, critical element that underpins all of this success: compliance integrity.

With increasing scrutiny from government entities and heightened awareness of greenwashing/diversity-washing claims, the landscape is shifting. The focus is moving from celebrating the numbers to auditing the mechanisms that produce those numbers. For Supplier Inclusion Managers, this means treating your program less like a marketing initiative and more like a financial control system.

We are no longer just demonstrating good corporate citizenship; we are mitigating legal and financial risk. Your goal isn't just to meet a target, but to prove, rigorously, that your process is fair, defensible, and free of systemic bias or fraud. If you wait for an external audit—say, from the Department of Justice—it’s already too late.

Beyond the Quota: The Core of Program Integrity

Compliance in Supplier Diversity is not about whether you hit a 5% target; it’s about answering:

How can you definitively prove that your reported spend is legitimate and that your procurement system is neutral?

The most common compliance failures stem from two areas:

1. Definitional Drift: The failure to strictly enforce certification requirements. This includes relying on expired, provisional, or unverified certificates (e.g., counting a business as WBE when its WBENC certificate has lapsed).

2. Systemic Leakage: Fraudulent "pass-through" arrangements where a diverse-certified company acts as a middleman for a non-diverse supplier, or situations where the reported spend is for a service the diverse supplier did not actually provide.

Your audit focus must be on the controls you have in place to prevent these issues, not just the numbers themselves. A robust program is one where the data can be trusted, because the process behind it is airtight.

Auditing Your Mechanisms: The Three Pillars of Internal Scrutiny

Before the pressure hits, initiate an internal audit focused on these three pillars:

1. The Data Chain of Custody: The integrity of your spend data is only as strong as its weakest link. You must trace the process from the moment a PO is issued to the final reported figure. Is the diverse spend tracked at the invoice level, or is it a general allocation? Can you match every dollar of reported diverse spend back to an active certification?

2. The Sourcing Neutrality Mechanism: If your program is focused solely on after-the-fact counting, it suggests a lack of mechanism for front-end inclusion. A compliant program must prove that diverse suppliers have a fair and transparent opportunity to compete before a sourcing decision is made. This involves auditing your Request for Proposal (RFP) processes to ensure diverse vendors are systematically invited and evaluated by the same objective standards as non-diverse vendors.

3. The Tier 1 Verification Gateway: Your program must have a clear, documented process for verifying that the services claimed by a certified Tier 1 supplier (the one you pay directly) are actually performed by the diverse-certified company, especially in industries where services are easily subcontracted (like staffing or professional services). This is your shield against "pass-through" fraud.

By proactively auditing these core mechanisms, you move your program from a potential liability to a corporate strength, demonstrating that your commitment to inclusion is underpinned by unwavering operational rigor.