At Ingka Group, we are led by our values, our strong IKEA culture and our vision to create a better everyday life for the many people.
We want to run our business honestly and with integrity, meeting high ethical standards in our interactions with each other, our customers, visitors, suppliers and the world around us.
Our Code of Conduct, policies and rules set out our position and requirements for how we do business.
All new co-workers are required to complete training on our Code of Conduct within a month of joining the company. We provide refresher training for co-workers once every two years. We fully investigate any breaches of our Code (see below for details).
We have zero tolerance for bribery or corruption in any form. Read more on our anti bribery and corruption framework.
As the pace of technological change continues to accelerate and digital solutions become more integrated into our lives, we are committed to building an ethical digital culture across the business. We place the highest priority on protecting our customers’ data and managing cybersecurity risks; read more here.
We only work with suppliers and service providers who respect our values, uphold our standards and want to have a positive impact on societies and communities. Suppliers must adopt the IKEA supplier code of conduct – known as IWAY – and ensure their suppliers understand and apply our standards too; read more on IWAY.
We promote an open culture of trust, fairness and honest communication. If our co-workers have a concern at work, we encourage them to raise this with the person involved in the first instance, where this is appropriate. When this isn’t suitable, concerns should be raised with their line manager, local risk manager or People & Culture representative.
Co-workers can anonymously raise a concern through our Trust line. The platform is independently operated by a third party. It is available in all countries where we are present, except for Austria and the USA. In the USA, we provide a similar service called iSpeak. Concerns are evaluated by Trust line managers, and where an investigation is required, this is carried out by a designated manager within our People & Culture or Business Risk & Compliance functions.
We offer clear guidance on how to manage situations of misconduct, and undertake regular risk assessments, both nationally and within our functions and three businesses (IKEA Retail, Ingka Centres and Ingka Investments). We take every case of potential unethical behaviour and policy breaches very seriously. We investigate and respond quickly and carefully, following our investigation procedure to ensure confidentiality, consistency and accountability.
There were 219 concerns raised via Trust line (FY20: 185). The majority of the concerns related to potential breaches of our human resources policies and were raised by retail co-workers.
We made progress on our business ethics goals during FY21. Key actions included:
Ingka Group is committed to doing business in an honest way, and we have zero tolerance for bribery or corruption in any form. Corruption is not only illegal but can damage our reputation and harm our customers and co-workers. Anyone acting on behalf of Ingka Group must not engage in corrupt practices, which includes accepting or offering bribes, kickbacks or loans. We support efforts by regulators and enforcement agencies to tackle bribery and corruption.
Our Risk & Compliance Committee provides oversight of our approach, and is chaired by our Chief Financial Officer and Deputy CEO, who is a member of our Management Board.
Our Anti-Bribery and Corruption Framework incorporates policies, governance and due diligence designed to mitigate the risk of bribery and corruption, and is underpinned by our values and culture. Our internal controls cover key areas of risk including conflicts of interest, gifts and entertainment, sanction screening and anti-money laundering. We carry out periodic risk assessments and focus on ensuring effective implementation of our internal controls. In FY21, we made minor updates to our Anti-Bribery and Corruption Policy and strengthened our procedures relating to management of incidents.
Anti-bribery and corruption is an important part of our Code of Conduct training for all co-workers. In addition, we aim for all co-workers in sensitive roles (such as procurement or real estate) to complete more detailed training on our anti bribery and corruption framework which is delivered face-to-face and online. This is supported by an e-learning tool and workshops where co-workers explore potential ethical dilemmas they may encounter in their work.
We have clear procedures to enable co-workers to raise concerns; see Raising Concerns and Investigating Misconduct.
In FY 21, 10,115 co-workers in sensitive roles completed our Anti-Bribery and Corruption training. Most of the training was done online due to Covid restrictions.
There were 11 incidents reported to us that were associated with anti-bribery and corruption in FY21. These were fully investigated and addressed, following our investigation procedure (see section on Raising Concerns & Investigating Misconduct).
We work with thousands of suppliers to help run our business – from companies providing construction, security and cleaning services, to home delivery providers and product assembly businesses. We choose to work with suppliers and service providers who share our values, uphold our standards and seek to have a positive impact on societies and communities.
Our suppliers must comply with IWAY, the IKEA way for responsibly procuring products, services, materials and components, and ensure their own suppliers understand and meet the requirements too. Our Global IWAY Forum steers the development and implementation of IWAY and we have Country IWAY Forums, with members from our procurement, business risk, compliance and distribution teams. Our IWAY Calibration Group which reports to the Global IWAY Forum – monitors and manages IWAY implementation and verification.
IWAY sets out mandatory requirements for all suppliers and service providers that we work with. It covers environmental, social and working conditions (see below). The latest version of IWAY (introduced in September 2020) was updated to cover topics such as biodiversity and conservation, animal welfare, and an increased focus on the competence development of workers. IWAY is one of the key ways we seek to mitigate human rights risks across our supply chain; read more on our approach to Human rights.
The IKEA product offer is sourced by the Inter IKEA Group; see the IKEA Sustainability Report FY21 for details of IWAY compliance in the home furnishing supply chain.
IWAY is our supplier code of conduct – the IKEA way for responsibly procuring products, services, materials and components.
It sets minimum requirements on environmental, social and working conditions. These are based on the Universal Declaration of Human Rights, the United Nations Convention on the Rights of the Child, the eight core conventions defined in the ILO Fundamental Principles of Rights at Work and the Ten Principles of the UN Global Compact.
To be compliant with IWAY, a supplier must:
► Sign an IWAY Compliance Commitment as part of their contract.
► Have a risk rating (which is assigned by us).
► Suppliers with a high- or critical-risk rating must receive an IWAY review and address any major non-compliances (“i.e. comply with our IWAY Musts”).
We aim to monitor IWAY compliance for all our suppliers with contracts in place. We require all key suppliers to sign a contract with us. In FY21, we had around 8,000 contracted suppliers which accounted for nearly 80% of our spend.
The IWAY Code is available to download in the IWAY section of the IKEA website.
With so many companies in our supply chain, we carry out IWAY reviews for the highest risk suppliers. We use internal and external data to assess risks, based on the suppliers’ location and industry, and the individual characteristics of the business they run. All new suppliers are evaluated and given a risk rating of critical, high, medium or low. Those with a critical- and high-risk rating are required to have an IWAY review to check compliance with our standards within 9 months of the risk rating.
Our suppliers are responsible for communicating IWAY requirements to their own suppliers and ensuring high-risk sub suppliers comply with the critical parts of IWAY (“IWAY Musts”). We support suppliers with this through our training and ongoing dialogue.
IWAY has been at the heart of how we work with suppliers for 20 years, and it’s always evolving. During FY21, we introduced IWAY 6 (our updated IWAY requirements) for new suppliers and started rolling it out to existing suppliers, with training and awareness sessions for business teams and stakeholders involved in the IWAY process. The new IWAY requirements are easier for all types of businesses to work with, including small suppliers, as they are focused on achieving positive outcomes rather than setting prescriptive requirements.
We updated our governance processes for IWAY in FY21, establishing a Global IWAY Forum to support the development and implementation of IWAY. The Forum also oversees IWAY compliance, shares best practice and provides guidance to the business. Our Country IWAY Forums and IWAY Calibration Group (ICG) collaborate with the Global IWAY Forum.
An online Supplier Support Hub was developed to help suppliers understand our IWAY requirements. We have also introduced new internal resources to develop co-worker knowledge about IWAY and learn from each other.
We also focused on extending IWAY to more suppliers and parts of our business. This included:
We aim for 100% of contracted suppliers to achieve IWAY compliance each year. In FY21, 99.9% of contracted suppliers had signed our IWAY Compliance Commitment (as part of their contract) and had a risk rating (assigned by us). 97% of new contracted suppliers that are high- or critical-risk received an IWAY review within required timescales1 and addressed any major non-compliances. Read more on how we define and measure IWAY compliance in the section What is IWAY (See above).
In FY21, we completed 338 IWAY reviews of Ingka Group suppliers, this is a significant increase from 196 in FY20 when fewer reviews were conducted due to the pandemic. This included 226 IWAY reviews of suppliers rated as critical or high risk (out of 234 new contracted suppliers with a critical or high risk rating). 5% of the reviews (16 of 338) were conducted by an external auditor to help provide an independent perspective. In addition, 5% of the reviews (17 of 338) were unannounced. We plan to increase the number of unannounced reviews since these can provide a more accurate picture of supplier performance than reviews which are scheduled in advance.
We found major non-compliances (issues related to “IWAY Musts”) during 23% of supplier reviews in FY21 (79 out of 338), a small decrease from 24% in FY20. Non-compliances were mostly related to working hours, accident insurance and minimum wages. The suppliers with the highest number of major non-compliances were in Russia, China and Poland.
If we find that suppliers aren’t meeting our standards, we agree an action plan to correct this. We require suppliers to fix major non-compliances within 14 days and 96% of major non-compliances were resolved within this timeframe in FY21. All remaining issues must be resolved within 90 days. Major non-compliances are reported to the relevant Ingka Group decision making body. We phase out suppliers who don’t implement their corrective action plans in good time.
We also conducted 202 assessments to check compliance at potential new suppliers in FY21 (FY20: 142). Of these, we found that 37% (74 out of 202 suppliers) did not meet our minimum requirements (“IWAY Musts”). These issues must be resolved before we start working with them.
See Appendix Data and Progress FY21 for detailed data on IWAY reviews, including breakdown of data by country and type of supplier.
As the pace of technological change continues to accelerate and digital solutions become more integrated into our lives, we are committed to protecting our customers’ data and to managing and reducing cybersecurity risks. We also aim to empower our customers and co-workers, giving them control over the data they provide to us and how it is used.
Our cybersecurity strategy enables us to adopt new technologies, while protecting our customers, co-workers and our business. Our approach is consistent with international standards for cyber security and data protection, including ISO 27001:2013 and the NIST Cybersecurity Framework.
Our Group rules on data privacy out the standards and controls we have in place to protect customer and co-worker data. We have a network of experienced and dedicated data privacy experts whose role is to embed data privacy into our daily operations, business processes and digital products.
Our Customer Data Promise gives customers more control over their data. The IKEA app includes features to improve customer information and control over their data. For example, customers can now easily toggle on or off personalised content based on their browsing or purchasing history. The improved features in the IKEA app have been rolled out across all countries by the end of FY21.
We aim to respond quickly and efficiently to any customer or authority data requests and empower our co-workers at all levels with data privacy training and awareness initiatives. In FY21, over 93,000 of our co-workers took the training.
Cyber-attacks and other cyber security threats are a growing risk for all businesses. We take a comprehensive approach to securing our systems, processes and data. We have a central expert team dedicated to ensuring we have effective security mechanisms across our business and a wide network of resources embedded locally to ensure that our approach is complete and effective.
We continuously monitor our cybersecurity and the effectiveness of our response to any real or suspected incident. The Audit Committee and Supervisory Board is updated periodically on our cybersecurity approach and performance. We conduct regular testing of our cybersecurity defences using independent external experts to help ensure we are well prepared to respond to any incidents. Internal and external auditors continually review our IT programs and security processes, providing assurance to our stakeholders.
1New contracted suppliers that are high- or critical-risk are required to have an IWAY review to check compliance with our standards within 9 months of the risk rating.
