Almost all organisations rely on others for services, stock or tools that are essential to the running of the business. This is largely because of the advantages found in strategies such as globalisation, outsourcing, supply-base rationalisation, just-in-time deliveries, supplier consolidation and lean inventories.

In the survey conducted for the Business Continuity Institute (BCI) Supply Chain Resilience Report 2017, only 25% of responding companies said they hadn’t experienced disruption in their supply chain within the previous 12 months. The top causes were unplanned IT/telecommunications disruption, cyber attacks and data breaches, loss of talent, outsourcer failure and transport network disruption.

Disruption in supply chains can result in a loss of productivity, increased cost of working, customer complaints and loss of revenue and, amongst other things, reputational damage and regulatory investigations.

Supply chain risk management (SCRM) is about avoiding and managing the potential impact of events occurring at any point in the supply chain, from sourcing raw materials through to end use by customers.

The potential cost savings and benefits can help justify the investment in SCRM.

Business impact assessments

Identify the key functions in your business and work out the damage that interruption could do.
 

Start preparing now

Key actions for supply chain risk management (SCRM)

Risks to the supply chain can exist at various levels and parts within an organisation.

Manufacturing risks will exist at production sites; supplier risks at not only the main supplier sites but also those of secondary suppliers; whilst distribution risks exist at suppliers and in upstream and downstream transportation and logistics systems.

Legislative, compliance, intellectual property, and regulatory risks can exist at the country or regional level, while strategic risks may exist at the business-unit or corporate level.

The presence of risks at differing levels highlights the importance of initially defining the internal context within which a risk management program is to be implemented.

The external environment in which an enterprise and its suppliers work also poses differing risks. For example, some suppliers will face meteorological risks, while others, because of their distance, may have greater issues with transportation risks.

The technique of supply chain process mapping can be used to understand the potential risks a business faces and how best to prioritise and address them, as well as assist in understanding the various participants involved in the supply chain and identifying the relationships, key measures and ownership.

Businesses will need to identify the criteria for determining what may pose a risk to its operations; e.g. the actual vulnerability of the products most affecting the profitability of the business.

Initial mapping of supply chain networks and their associated risks should be done with input by staff from across the business and sponsorship by a senior manager/director.

A risk register should be prepared to identify threats for mapped processes. Not all of these will be significant to the supply chain, but it will represent a starting point and ensure all aspects are considered.

Supply chain risks can be many and varied, including:

  • External perils, such as natural disasters, fire, pollution incidents, crime, political uncertainty, worker strikes, market challenges, legal actions and emerging technology that has the potential to make an industry obsolete.
  • Temporary or permanent loss of a key supplier. This might be due to material shortages or increased taxation, or it might be due to a business continuity issue faced by the supplier, such as production problems and bankruptcy.
  • Distribution difficulties, e.g. because of road or railway closure, accidents, strikes, theft of vehicles or parts or cargo or an IT/communications system failure.
  • Internal disruption, as a consequence of loss of equipment, products defect, unrest amongst workers, a shortfall of demand, design uncertainty, financial threats, inaccurate data or poor communication.

Analyse the identified risks, estimating the likelihood that they’ll happen and the consequences if they were to, so that you can sort them by priority (with those that pose the biggest danger to operations being placed top of the list for control).

It may emerge that existing controls are already effectively managing the risk; otherwise, actions should be taken to tackle any residual risk. These can be classified by what they achieve:

  • Avoid: eliminate the possibility of an event by, for example, withdrawing from a market, changing a product or design or changing supplier.
  • Transfer: move the risk (legal or financial) to a third party, e.g. insurer or supplier.
  • Mitigate: reduce the impact of an event. The classic mitigations strategies used in supply chain management are increased inventory levels, spare capacity, dual sourcing, distribution and logistics alternatives, and back up arrangements.

Even with the best laid plans, a business may still confront crises in their supply chains due to events that are difficult to foresee or prepare for, such as natural disasters, major infrastructure failures, major fires and political unrest.

To effectively respond to such crises, crisis management or business continuity plans, supported by a Crisis Management Strategy Team (CMST) can assist. The aim is to provide a co-ordinated response from all affected parts of a business complementing local plans, arrangements and actions.


Monitor and review implementation of controls

Having established a SCRM programme, a monitoring system should be implemented, including periodic reviews, testing and post-incident report analysis of plans and processes.

In addition (and often missed), the business should review and validate the business continuity plans of key supply chain partners to ensure that they are appropriate.

Frequently asked questions

Find answers to some common queries about managing risks to people, property and business continuity.

Resources