Supply Chain Risk Management Best Practices

Supply chain risks come in many forms: natural disasters, hackers, labor strikes, pandemics, and even climate change. It’s virtually impossible to eliminate all risk from your supply chain. But, supply chain risk management offers a way to determine which risks are the highest priority — and which risks your business can afford to live with.

Historically, getting a handle on supply chain risk has been difficult for many organizations. A McKinsey survey in 2010 found that  71% of companies believed they were more at risk from supply-chain disruption than previously. Since the pandemic and the disruption of trade from Russia, this number has surely increased.

The consulting firm recommends taking a structured approach to supply chain risk management. Through a combination of strategy and technology, it is possible to diminish supply chain risk to levels never previously realized. Here’s how to approach supply chain risk management for your organization.

[Read more: Reducing supply chain risk] 

Identify known and unknown risks

Before we dive into formulating an approach to supply chain risk management, the first step is to recognize threats to business as usual in terms of known and unknown risks.

• Known risks: these can be identified, measured, and monitored over time. Known risks include things like cybersecurity threats, supplier bankruptcy, or ESG violations that are frequently becoming public reputation liabilities. 
• Unknown risks: these are impossible or very difficult to predict. A volcano eruption or factory fire would be examples of unknown risks. 

Dividing your risks into known and unknown categories helps you create a supply chain risk management approach that optimizes your resources to those threats that are most likely to occur.

Why is this important? Businesses, like humans, tend to have a skewed view of risk. Many people are afraid of being attacked by a shark. Yet, according to National Geographic, you have a one in 3.7 million chance of being killed by a shark — versus a one in 218 chance of dying from a fall.

Known and unknown risks work the same way. You may be overly prepared for one risk, and underprepared for a more prevalent threat. 

Document known risks throughout the supply chain

The next step is to map out and assess the value chains of all major products and material inputs in your supply chain. Create a risk register for each element of your supply chain — suppliers, plants, warehouses, and transport routes, for instance — where you enter the potential issues that may arise at that stage of production.

For instance, in the sourcing phase, you may record the risk of a supplier meeting capacity constraints, or a supplier facing bankruptcy, both scenarios in which they wouldn’t be able to fulfill their obligation to your business.

[Read more: Derisking your supply chain: mitigating risks influenced by external threats]  

Score the impact of each risk 

Next, assess the potential impact each risk in your supply chain could have.

“Every risk in the register should be scored based on three dimensions to build an integrated risk-management framework: impact on the organization if the risk materializes, the likelihood of the risk materializing, and the organization’s preparedness to deal with that specific risk,” wrote McKinsey. “Tolerance thresholds are applied on the risk scores reflecting the organization’s risk appetite.” 

Essentially, the higher the score, the riskier the risk. 

Create a monitoring system

With your risk impact assessment, you can create an early-warning monitoring system that prioritizes the right threats to your business. Successful monitoring systems in supply chain risk management are tailored to your specific organization. While one business may track real-time weather reports to monitor hurricane risk at its factories in the Caribbean, another business might be concerned with trade issues impacting distribution out of China.

It can also be helpful to monitor threats internally and externally. Some threats, such as cyber risk, workforce risk, and financial risk can all be addressed by implementing the right technology.

[Read more: Derisking your supply chain: preventing risks influenced by internal systems] 

Prepare for unknown risks

Finally, there are some general steps in supply chain risk management that can help mitigate the threat of the unknown. This is an opportunity to be proactive about your risk management approach.

“Strong defenses, from request-for-proposal (RFP) language to worker training, all contribute to an organization identifying and stopping unknown risks before they affect operations,” wrote McKinsey.

What are some general ways to reduce risk? Here are a few options: 

• Work with local suppliers: this limits the effect of a disastrous event in one region having a catastrophic influence on an organization's entire supply chain
• Diversify your suppliers: by working with suppliers in multiple locations, a business can reduce the likelihood that all of that organization’s suppliers would be hampered by the same event. 
• Vet your suppliers carefully: investigate your vendors to make sure they have high credit ratings and are free of any legal judgments that have been rendered against them. Software can automate this process for your procurement team. 
• Use real-time data:  data can help you navigate a situation as it unfolds, shifting new suppliers, modifying existing agreements, and negotiating your pricing as you source new inputs.

Automating aspects of your procurement function also empowers greater supply chain risk management. An automated procurement function helps you anticipate where the next risk may come from and prepare accordingly. The data available from an automated supply chain lets you more quickly identify high-risk spend and risky concentration of suppliers. With this insight, you can de-risk the procurement function by providing alternate sources.

To learn more about supply chain risk management, check out our blog, The Source.