Supply chain risk management


Supply chain risk management is "the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity".
SCRM applies risk management process tools, either in collaboration with supply chain partners or independently, to deal with risks and uncertainties caused by, or affecting, logistics-related activities, products or resources in the supply chain.

Supply chain exposures

SCRM attempts to reduce supply chain vulnerability via a coordinated, holistic approach ideally involving all supply chain stakeholders, collectively identifying, analysing and addressing potential failure points or modes within or affecting the supply chain. Risks to the supply chain range from unpredictable natural events to counterfeit products, and reach across quality, security, to resiliency and product integrity.
Mitigation of supply chain risks can involve logistics, cybersecurity, finance and risk management disciplines, the ultimate goal being to maintain supply chain continuity in the event of scenarios or incidents which otherwise would have interrupted normal business and hence profitability. The cost-effectiveness of resilience and other measures is an important factor since, as long as things are running smoothly, they add to the costs of production.
Some supply chain logistics techniques such as supply-chain optimization and lean manufacturing can prejudice continuity and resilience. It is also becoming more common among businesses especially manufacturers to extend supplier quality management practices throughout supply chains. This approach is shown to increase transparency, reduce overhead costs, and improve operational efficiency.

Resilience

Supply chain risk management typically involves four processes: identification, assessment, controlling, and monitoring of supply chain risks. However, due to the complexity of many supply chains, these processes might not be sufficient to ensure that all eventualities are prepared for. Therefore, the concept of supply chain risk management, which is cause-oriented, is often combined with the concept of supply-chain resilience, which aims to ensure that the supply chain can cope with or bounce back from incidents irrespective of their cause or nature. Supply chain resilience is therefore "The adaptive capability of the supply chain to prepare for unexpected events, respond to disruptions, and recover from them by maintaining continuity of operations at the desired level of connectedness and control over structure and function"

Time to recover

"Time to recover" is a valuable metric originally introduced by Cisco and adopted by the Supply Chain Risk Leadership Council. TTR measures the time it takes a company to restore full operational output following a major supply chain disruption. The determination of TTR assumes that a facility is essentially unusable due to a major event, requiring extensive repairs and reconstruction, as well as re-sourcing and re-qualifying of key equipment used in manufacturing and other operations.

Measuring risk

Supply chain risk is a function of likelihood of an event's occurrence and its impact. Although this is the most popular methodology for quantifying risk, a drawback in the context of supply-chain risk is that it requires assessing likelihood or probability of many different event types across a number of supply-chain organisations and locations. Thus, the range of possibilities is huge, frustrating and limiting the analysis possible in practice. The methodology may be appropriate for a smaller subset of locations and/or types or categories of risk.
Most companies rely on 'risk scores' of various types such as financial risk score, operational risk score, resiliency score. These are readily available, relatively simple to understand and analyze, and hence can be effective, at least for first-pass identification of risks worthy of further analysis. Standards and certified compliance are also effective ways to raise the baseline to a known level.

Managing risk proactively

A survey in 2011 conducted by BCI and Zurich for over 559 companies across 65 countries found that over 85% of companies had suffered at least one supply chain disruption during the year. The respondents also noted that 40% of the reported disruptions originated upstream with sub-contractors rather than prime contractors or first-tier suppliers.

Supply chain resilience options

Some options to engineer an acceptable risk level in supply chains include: