Risks to the supply chain can exist at various levels and parts within an organisation.
Manufacturing risks will exist at production sites; supplier risks at not only the main supplier sites but also those of secondary suppliers; whilst distribution risks exist at suppliers and in upstream and downstream transportation and logistics systems.
Legislative, compliance, intellectual property, and regulatory risks can exist at the country or regional level, while strategic risks may exist at the business-unit or corporate level.
The presence of risks at differing levels highlights the importance of initially defining the internal context within which a risk management program is to be implemented.
The external environment in which an enterprise and its suppliers work also poses differing risks. For example, some suppliers will face meteorological risks, while others, because of their distance, may have greater issues with transportation risks.
The technique of supply chain process mapping can be used to understand the potential risks a business faces and how best to prioritise and address them, as well as assist in understanding the various participants involved in the supply chain and identifying the relationships, key measures and ownership.
Businesses will need to identify the criteria for determining what may pose a risk to its operations; e.g. the actual vulnerability of the products most affecting the profitability of the business.