Best practice calls for companies to be able to track and trace the pedigree and whereabouts of the raw materials used to make their products all the way through the manufacturing process and out to end-point customers, says Steve David, former CIO of Procter & Gamble. But many companies, for many reasons, don’t have supply chains that can do that, and that becomes evident in clumsy recalls that go on too long, cost too much, and have the potential to damage corporate and product reputations.

“The ugliness of bad data management really hits you when you have a product recall,” David says.

As soon as the decision is made to recall a product, companies should release consistent, correct information to minimize brand damage, says Joe Barkai, a practice director at Manufacturing Insights, a consulting firm that is a sister company to CIO’s publisher. “But,” he says, “now [traceability] is mainly a manual procedure. Companies don’t have it automated.”

And that’s a problem. ConAgra, for example, had to revise its recall twice as it learned more about how much infected product it could have manufactured and where it might have gone, according to FDA records. The original Valentine’s Day 2007 announcement recalled peanut butter made after May 2006. In early March, ConAgra expanded the scope to December 2005 and added toppings made in its Humboldt, Tenn., plant using peanut butter from its Sylvester, Ga., plant, where the original contamination had occurred. A week later, ConAgra pushed the date back to October 2004—22 months before the first reported illness.

ConAgra declined to comment on the recall. Talking about how its IT and supply chain managers perform recalls, a spokeswoman says, “doesn’t align with our priorities.” But it’s clear the experience revealed problems at ConAgra. Paul Hall, vice president of global food safety, gave a talk at the Food Marketing Institute in April, after the recall was under way. The peanut butter recall taught ConAgra lessons other food manufacturers can use, he noted, including knowing where all of your product is going, such as toppings, and assessing ahead of time overall recall and traceability processes across your supply chain.

Hall himself is at ConAgra as a result of the recall. The company created a global food safety group after the recall and hired him to lead it.

Lead Paint and Other Horror Stories

When your boss sweats through hostile questions from Wall Street or is sworn in to testify before Congress, as were both ConAgra Senior Vice President of Operations David Colo and Mattel CEO Bob Eckert, he doesn’t tap on a keyboard looking for answers from the company’s factory floor software. He’s got a piece of paper in his hands and a trusted adviser whispering in his ear. He’s not working with data; he needs information. IT leaders have to provide it, turning numbers into ideas.

For example, in his testimony, Eckert outlined the history of Mattel’s early August recall of those Chinese-made toys containing lead paint.

When product samples failed lead tests performed for a Mattel trading partner in France, Eckert said, Mattel product integrity employees in China then inspected the manufacturing records the company requires its Chinese contractors to keep, showing data such as pigment tests that can be matched to specific containers of paint in use on the factory floor. The containers get stickers with batch number, test number and other information. That data must be kept available for periodic audits.

By assessing data the factory handed over, as well as data it couldn’t—such as authorization to use paint from a source not approved by Mattel—Mattel tracked the lead to yellow pigment in paint used on some parts of certain Dora the Explorer and Sesame Street toddler toys.

“Based on what I saw within the first week of this hitting them, they had a pretty solid contingency plan in place,” says John Quelch, a business administration professor at Harvard Business School. (Mattel declined a request for an interview.)

CIOs who want to mitigate risk during a recall must move information to where it needs to be: to the FDA or U.S. Department of Agriculture or Consumer Product Safety Commission, for example. Or to factory employees and to the public, says Rick Blasgen, former senior vice president of integrated logistics at ConAgra.

Blasgen, who left ConAgra in 2005 to become president and CEO of the Council of Supply Chain Management Professionals, declined to talk specifically about ConAgra. But during his three years there and his five years leading Nabisco’s supply chain operations before that, he was part of several recalls. “Particularly if there’s product that can hurt someone, you stop what you’re doing and focus on that,” he says. “You want to be as accurate as possible.”

Who Wants Yesterday’s Data? (You Do)

Accuracy, unfortunately, is not an absolute. Manufacturing systems commonly fail to feed production-line information into corporate data warehouses, where it could be kept to trace bad products or bad ingredients down the road, says Fernando Gonzalez, CIO of Byer California, a $300 million clothing company. Gonzalez has managed IT at aerospace, medical device and chemical companies before coming to Byer, and has been involved in several recalls, including one of railroad car room deodorizers contaminated by bacteria.