Your interest in supply chain risks.
Managing risk is a continual process of identification, analysis, assessment and implementation. Attached to your organisation’s One Plan should be the risks in achieving the Plan and management’s actions to counter the risks. It is preferable to anticipate potential problems, rather than overcoming disruptions after they have occurred.
Supply chains are uncertain (and therefore contains risks) because organisations do not have control over the activities of parties in their supply network. Global supply networks require a network view – what are the risks to your supply network and once identified, how may those risks affect the organisation? The risk of a disturbance at a single node or link in a supply chain may cause disruption to an entire chain or even your organisation’s entire supply network. What would this do for the competitive landscape of your industry?
In the economic climate that has existed in developed countries over the past decade, many enterprises have focused on reducing costs by making their supply chains ‘lean’, eliminating redundancy and reducing inventories. This approach significantly increases the importance of each node and link in the supply chains, with some nodes and links becoming critical.
While organisations may state in surveys that supply chain risk is a concern, few take significant steps to address the situation. It requires your organisation to define its understanding of risk and the level of risk it is willing to take – in this case, within its supply chains.
Classifying supply chain risks
The difference between uncertainty and risk is that risk can be measured. To manage risk, the first step is to identify supply chain events that have high uncertainty. Then provide sufficient information that enables agreed probabilities to be attached about the likelihood of the event occurring and the possible consequences if the event happens.
Based on these probabilities and the level of acceptance (or risk appetite) inside your organisation, decisions can be taken concerning the investment in resources and time required to reduce the likelihood and/or the consequences of risks that are of concern.
To make the risk management process more structured, risks identified within your supply network should be classified. My approach is to classify into five levels of risk:
- External risks that arise from interactions between a supply chain and its wider environment:
- Environment level risks
- Sovereign (country) and Political risk
- Physical and Geographic risks
- Economic and Market risks
- Supply network risks within the inbound and outbound supply chains:
- Network risks
- Industry risks
- Internal (enterprise) risks are related to the workings of the core supply chains of a business or organisation
- Supply chain process risks occur due to the inability to achieve consistent outcomes from planning
- Risks within Procurement
- Risks within Logistics
- Risks in Material Conversion including Operations Planning, Quality and OH&S risks
- Supply chain project risks, related to the scope, schedule and cost
Other classifications could also provide a satisfactory outcome. Examples are:
- Physical risks associated with the movement and storage of materials
- Financial risks associated with the flows of money
- Information risks associated with the flows of data and information
- Organisational risks that arise from links between members of a supply chain
Waters D. Supply Chain Risk Management 2nd ed. 2011 Kogan Page
- Strategic risks at the organisation level
- Operational risks – quality, timing and scheduling of materials
- Hazard risks – damage to physical assets or intellectual assets (product liability). Hazards can usually be insured
- Financial risks – often contained within the treasury function
Ostring P. Profit Focussed Supplier Management 2004 Amacom
- Level 1: Risk to underlying operations
- Level 2: Risk to (supply chain) assets and infrastructure
- Level 3: Risk to organisations and inter-organisational networks
- Level 4: Risk from the environment
Christopher et al (2002) Supply Chain Vulnerability. Final report on behalf of DTLR, DTI and Home Office, School of Management, Cranfield University UK
Because supply chains differ by industry and geography, a definitive identification and classification of supply chain risks is not possible. So, just select the classification that people are most comfortable with and get going.
Classification is the initial step in a supply chain risk management program. Not difficult to do, but difficult to get going, because it comes down to time – of people and other resources. Should you spend time structuring and managing a risk plan that may never happen?