Examples of risks or “red flags” include but are not limited to human rights abuses (such as torture, forced labour and child labour), direct or indirect support to armed groups or security forces, bribery, fraudulent misrepresentation, money laundering and issues with respect to payment of taxes, fees and royalties.
Yes – the company identifies specific red flags or risks and how it dealt with them. For an example see Apple’s 2016 report, which mentions how they managed the specific risk of financing armed groups including the DRC police and national army: , pages 4 “Further Due Diligence: Incident Review and Resolution” and A-1.
No – the company does not mention any specific red flags or risks in its supply chain (i.e., it does not mention them at all or it refers only generically to how it manages risks). For an example see Intel’s 2016 report, which refers generically to what steps they take to manage risks in their supply chain but provides no example of how they managed any specific risk.