Risk Analysis of your Supply Chains is a critical need

Roger OakdenGlobal LogisticsLeave a Comment

ISS_13619_07089g

Uncertainty and Risk

Although organisations that supply materials and components are theoretically linked with their suppliers and customers through supply chains, actions taken by parties in a supply chain are typically independent from those of other enterprises. These outcomes from an event are both Emergent and Cumulative, which cannot be predicted with any certainty. And, little or no control over the outcome can be exercised by management at other organisations in that supply chain.

Given the current instabilities around the world, identifying Uncertainties and managing Risks in the supply chains of a business must be a core capability of the Supply Chains group (Procurement, Operations Planning and Logistics). Managing Risks in an organisation’s supply chains has the Aim to improve Resilience of the business, which is the ability to reduce the impact of disruptions within an organisation’s supply chains and to recover operational capability after disruptions occur.

The Supply Chains Resilience Plan (based on inputs from the Supply Chains Network Design, Supply Markets Intelligence and Supply Chains Risk Management Plan), helps to assure continuity of operations when an organisation is exposed to major market, industry or supplier disruptions.

The Risk Evaluation process

Approaching the task of managing Risk is guided by how senior management view risks in relation to the business; summarised as:

  • Risk appetite: the type and amount of risk the organisation is prepared to pursue and accept and
  • Risk tolerance: the capability of the organisation to withstand the effects of the accepted risks

To better understand the scope of risks requires the Supply Chains group to work as a cross-functional team and engage other disciplines and expertise when required. The diagram outlines the process for Evaluating Risks in supply chains, with the process In the centre and the perimeter differentiating risks by Classification and Category.

Risk Evaluation process

The initial step is to gather the Uncertainties that surround the organisation’s supply chains. This is a challenge to initiate, because it requires peoples’ time to gather the data. The current and potential Uncertainties are allocated to the preferred Risk Classification shown in the diagrams above and below.

Risk Classification for Supply Chains

Supply Chains Network Design: Refers to the challenges associated with choices made for supply and transport of materials and components. Underlying these choices are Uncertainties associated with Procurement decisions concerning the buyer and supplier, as shown in the diagram above and using the Spend-Risk Analysis below.

Procurement Spend – Risk Analysis

External to the supply chains: The risks are summarised under the acronym of PESTEL: (Geo)Political; Economic; Social; Technological; Environmental and Legal. An example of a PESTEL assessment is provided by the World Economic Forum (WEF) as Infographic #6 in their Global Risks Report 2025

Internal supply chain challenges that constrain the business from achieving consistent outcomes relating to planning and scheduling the movement and storage of materials. For example, challenges can be identified and addressed within each supply chain function. However, due to a lack of cross discipline teamwork, the challenges within each function are not consolidated to identify a larger critical supply chain risk.

Internal Supply Chains group refer to challenges identified within each discipline of the Supply Chains group. These can address organisation and staffing, training, IT and Occupational Health & Safety (OH&S) within Logistics.

Having Classified each Uncertainty, the next step is to place the Uncertainty within its Category, shown in the Evaluation diagram above. Between the Categories of Certainty and Not Known (or ignorance, which has a cost) are three categories of risk:

  1. Known risks: such as late deliveries, changes in material costs or an event that moves outside the limit lines of Variability control charts. It can be an event with a low probability of occurring but a high impact if it occurs
  2. Known – Unknown risks: the probability of an event is known from past experience, but the consequences are not known. An example is inbound ocean shipment delays due to customs intervention. The probability of this occurring by country and port can be identified from records of previous shipments and custom broker knowledge. However, the consequences (delays, additional payments, rejection) are unknown
  3. Unknown – Unknown risks: The probability of occurrence and the possible consequences of an event cannot be foreseen. To better allocate Unknown-Unknown risks, consider them within two sub-categories:
    1. Unknown but Knowable Unknown risks (also called ‘knowable unknowns’): the likelihood and consequences of events can become known, given sufficient time and resources
    1. Unknown and Unknowable Unknowns: events with a very low probability and very high consequences are typically not discovered until they happen. These have been named Black Swan events and cannot be addressed using risk management techniques. Disruptive technologies are rarely Black Swans.

Unknown – Unknown risks are recognised in supply contracts as a ‘force majeure’ – a French term meaning ‘greater force’, enabling one or both parties to be freed from liability or obligation when an extraordinary event occurs. which is beyond control of the parties.

For the Risk Assessment, a 12 segment matrix is formed, comprising the three Categories (known; known-unknown and knowable unknowns) and the four Classifications. The Uncertainties within each segment are then assessed, as shown in the diagram below.

Risk Assessment for Supply Chains

The Risk Assessment provides the relative Criticality (or strategic value) of an event to the organisation. It requires an evaluation of the Likelihood (from A to E) of the event occurring and if it does, the Consequences and Cost (from 1-5). At the macro level, this is the ‘Revenue at Risk’, which identifies the future sales that could be lost if the risk eventuates.

In addition to considering events with high probability but low consequences, give equal time to address events with low probability, but high consequences. Also, annual spend on an item or with a supplier does not equate to Criticality. A small supplier which provides a critical part or ingredient may have a risk profile that is equal to a large supplier.

The risks are place in a Risk Portfolio for the four levels of risk shown in the Assessment diagram. The ranking enables options for the scope of work (SOW) to be generated for selected risks. These are to either: transfer, share, reduce (mitigate or adapt) or eliminate the risk.

Finally, the Portfolio is updated in your organisation’s Supply Chains Network Design, which updates the Supply Chains Resilience Plan. From this, Scenario Analysis can be undertaken to enable the Supply Chains Disaster Recovery Plan and the Supply Chains Continuity Plan which are needed for future challenges.

Share This Page

About the Author

Roger Oakden

LinkedIn X Facebook

With my background as a practitioner, consultant and educator, I am uniquely qualified to provide practical learning in supply chains and logistics. I have co-authored a book on these subjects, published by McGraw-Hill. As the program Manager at RMIT University in Melbourne, Australia, I developed and presented the largest supply chain post-graduate program in the Asia Pacific region, with centres in Melbourne, Singapore and Hong Kong. Read More...

Leave a Reply

Your email address will not be published. Required fields are marked *

Save my name and email in this browser for the next time I comment.