The document provides guidelines for setting up a successful supply chain risk management process. It outlines key ingredients including defining the scope of relevant supply chains, creating a risk inventory with supplier, location and country risks, increasing supply chain visibility beyond tier 1 suppliers, identifying risks through automated data collection from expert databases, and integrating risk management into procurement processes. The goal is to help companies establish a professional risk management process to avoid delays and costs.
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Recipe for successful Supply Chain Risk Management
1. WHITE PAPER
Recipe for Successful
Supply Chain Risk Management
In collaboration with:
WHITE PAPER
Ingredients:
- 1 cup Supply Chain
- ¾ cup Transparency
- 2 tbs Risks
- 1 pinch of preventive actions
- Mix with procurement process
- ...
Recipe for SCRM
5. 1
Introduction
This white paper serves as support for everyone involved in
implementing supply chain risk management (SCRM). These
guidelines are intended to provide companies with a checklist
containing all the ingredients that are important for setting up
professional, successful supply chain risk management. In this
way, time-consuming delays and costly errors can be avoided.
The individual chapters contain detailed descriptions on the
following ingredients for a comprehensive supply chain risk
management process, and how to integrate them in an organi-
zation:
• Definition of the scope
• Definition of risks to be monitored (“Risk Inventory”)
• Supply chain transparency
• Risk identification
• Risk assessment
• Action plan management for minimizing risks
• Integration into further procurement processes
As the approach described in this white paper is a generic one,
specifics must be adapted to the relevant sector and company
size in order to adapt the generic concept accordingly.1
You can
find a detailed description of the benefits and the return on in-
vestment of supply chain risk management in the “ROI of Supply
Chain Risk Management” study.2
As is the case with any dish: Adjust the ingredients according to
your personal (company-specific) liking!
1
This will not be pointed out again in the chapters below.
2
Free download at www.riskmethods.net/de/roi
As the approach described in this white paper is a generic one,
specifics must be adapted to the relevant sector and company
You can
find a detailed description of the benefits and the return on in-
“ROI of Supply
As is the case with any dish: Adjust the ingredients according to
- Definition of the scope- Supply chain transparency- Risk identification- Risk assessment
- ...
Checklist of all ingredientsrelevant to success:
6. -6-
2
Ingredient 1:
Selection of Relevant Supply Chains
First, define which supply chains to focus on and to include in SCRM. In principle, one of two approaches can
be used: Either a) all supply chains or b) a very specific section of the supply chains is monitored.
The following parameters can be used and taken into consideration for specifying the section:
2.1 Impact on Sales
Besides the purchasing volume, the impact on sales must also be
taken into account as a parameter. The idea behind selecting the
impact on sales is to capture additional supply chains that may
have low purchasing volumes yet impact severely on whether a
product or service can be supplied.
2.2 Customer Specifications
As supply chains based on customer specifications are not selec-
ted using classic decision-making processes, they could contain
additional risks when combined with the established supply net-
work. Insolvency risks (“pain-sharing”), performance risks and
also quality risks are examples of this.
2.3 Region
The background to a region selection is that the focus of risk
management activities is on supply chains in unstable local or
national environments. The reasons for this can often be found
in infrastructural, macro-economic and political risks. The criti-
cality may even be higher if certain circumstances exist, like sin-
gle-source situations, extremely long storage periods or patent
dependencies.
2.4 Purchasing Volume
According to the Pareto Principle, 20% of the supply chains that
make up most (80%) of the purchasing volume can be identified,
for example. The intention of this parameter is that all large-scale
supply chains are included in the risk radar. In many cases addi-
tional parameters are combined with this one, as the purchasing
volume alone does not ensure that all critical components or ser-
vices concentrated on are covered.
2.5 Selected Indirect Materials and Services
When taking a closer look at supply chains that impact on sales,
many a service that is supposedly quick and easy to substitute
turns out to be one that should at least be monitored: Availa-
bility of certain indirect materials and services, such as logistics
services, machinery, sales materials or IT can certainly impact on
the supply, depending on the sector and size of the company.
2.6 Technology and Patents
When monitoring risks in supply chains it is also important to
take note of technological expertise and the legal situation, and
where applicable, even of patent dependencies: Are technolo-
gies available that secure a USP for your own products? Patents
that force single-source situations or that are necessary for fu-
ture products or services? In that case, it is important to include
these supply chains in the monitoring process as well.
2.7 Ownership Structures
Any ownership structures in the organization itself in respect of
suppliers or even competitors require that such supplier relati-
onships be included in risk monitoring, where applicable.
7. -7-
3
Ingredient 2:
Definition of Risk Inventory
Once the focus as to which supply chains should be monitored
has been defined, the company-specific risk inventory must
be specified. Typically, the risk inventory is recorded in a risk
scorecard that applies uniformly throughout the company. This
scorecard includes all individual risks and indicators, which act
as sensors for detecting risk changes. To facilitate definition of
these individual risks, it helps to create theme-based clusters.
For example, all aspects concerning
• Supply chain stability
• Supply disruption risks
• Market and cost risks
• Image and compliance risks
• Performance and quality risks
can be organized into individual areas. The decision as to which
risks should be included in a risk scorecard is based on criteria
such as:
• Reflection of the corporate and procurement strategy
• Reduction to relevant risks (i.e. no “nice-to-know”
information)
• Availability (is an authoritative database available?)
• Global coverage of the database
This should not be based exclusively on the suppliers (solven-
cy, CSR conformity, etc.); interruptions can also occur along the
supply paths: Location risks such as natural catastrophes, strikes
and accidents at sites, logistics hubs or warehouses often affect
several suppliers at once. Furthermore, country risks that are
imminently connected to suppliers and locations, for instance in-
frastructural, political or macro-economic risks, can affect entire
markets. In practice, this results in a subset in most cases, which
consists of the following risks and which can be monitored on
the basis of 1-n indicators.
3.1 Examples of Supplier Risks and Indicators
• Financial stability supplier
- Ownership structure
- Revenue stability
- Insurance coverage
- Current ratio
- Profit margin
- Contract limit
- Cash collection
- Payment behavior
- Patents/rights
- Credit rating
- Low-cost supplier threat
- Field issues
- Major product release delays
- Revenue/growth outlook
- Bankruptcy
• Innovation potential
- Number of new patents
- Key employee stability
• Price increase
- Monopoly / oligopoly situ-
ation
- Currency exchange rates
• Labor / health & safety
- Labor Practices & Human
Rights principles at supplier
• Environmental / sustainability
- Environment
- Hazardous substances
- Carbon footprint
• Fair business practices
- Fair business practices
principles at supplier
• Sustainable procurement
- Sustainable procurement
principles at supplier
• Information / IP security
- Confidential information
security
- Cyber attacks or other IT
security issues
- Intellectual property (IP)
security
• Regulatory & Legal aspects
- Sanctioned suppliers
- Sanctioned persons
- Supplier corruption or
bribery
- Conflict minerals
• Quality
- Relocation
- Failures
• Delivery reliability
- Delivery quantity reliability
- OTD performance
• Operational capabilities
- Manufacturing capabilities
- Crisis management
• Disasters at supplier site
- Any disasters at supplier site
(man-made, other hazards)
• Material / services availability
- Accessibility to rare raw
materials
• Staff disputes
- Industrial disputes at
supplier plant
8. -8-
Ingredient 2:
Definition of Risk Inventory
3.2 Examples of Location Risks and Indicators 3.3 Examples of Country Risks and Indicators
• Natural Hazards
- Earthquake
- Volcano
- River flood
- Tropical cyclone
- Wildfire
- Extratropical winter storms
- Flash flood
- Hailstorm
- Lightning
- Storm surge
- Tornado
- Tsunami
• Local Events
- Civil unrest
- Terrorist acts
- Disasters at location
- Power outages
- Industrial disputes at location
• Corruption or bribery
- Country corruption or bribery
• Labor cost
- Labor cost
• Political situation country
- Political situation
- War
• Logistics Performance
- Customs
- Infrastructure
- International shipments
- Logistics competence
- Tracking & tracing
- Timeliness
• Pandemic outbreaks
- Pandemic disease outbreaks
• Financial stability country
- Country rating
- GDP growth rate
- GDP per capita
- Unemployment rate
- Population below poverty line
- Public debt
- Inflation rate
3
9. -9-
4
Ingredient 3:
Supply Chain Visibility
3
Study ”Supply Chain Resilience 2014“ – Business Continuity Institute.
4
The telecommunications sector collaborates with GeSI (Global e-Sustainability Initiative) and shares information regarding CSR in the supply chain.
This is also the case with the chemical industry, which has a similar arrangement in the form of the TfS initiative (Together for Sustainability).
For comprehensive risk management along the entire supply
chain, it is useful to include not only the full scope of the supply
chains and the risk inventory in the risk radar, but also as many
tiers of the relevant supply chains as possible. The reason for this
is obvious: Approx. 51% of all supply disruptions originate below
the Tier 1 supplier3
. It is therefore important to capture the 1st
tier of the supply chain structure and typically also the supply
chain substructures. As only a percentage of supply interruptions
can be traced back to incidents at suppliers, it is equally essential
to record the paths and structures, and to include these in risk
monitoring. This includes:
• Neuralgic logistics hubs such as ports and airports
• Bottleneck regions such as the Kiel Canal or the Suez Canal
• Locations of warehouses and distribution centers, for example
Effective means for identifying partially non-existent informa-
tion are:
• Dispatch of questionnaire to 1st tier suppliers, incl. follow-up
(e.g. through external service providers)
• Inclusion of the required information in RFX processes (Re-
quest for Information, Request for Quotation)
• Integration of the required information in cyclical voluntary
supplier information
• Integration of the required information in the supplier qualifi-
cation process (onboarding)
• Integration of the required information in supplier auditing
questionnaires
Practice has shown that obtaining information from suppliers is
easier if an explanation of the background is forthcoming. This
results in understanding on the part of suppliers and dispels any
existing reservations (e.g. bypassing the 1st tier business part-
ner). It also helps, of course, if suppliers benefit from disclosing
their 2nd tier structures: For example, some companies share
the risk alerts generated from 2nd tier structures with their di-
rect suppliers (1st tier). As a result, both parties benefit directly,
and information acquisition is faster and more complete. The
telecommunications sector or the chemical sector use a similar
approach and have already created topic-specific networks for
exchanging risk information in the area of CSR.4
This shows that
approaches regarding sharing of risk information are already
functioning successfully in some areas: Effort on the part of eve-
ry individual is reduced as the network shares the effort associa-
ted with gathering information (e.g. audit), and at the same time
more influence can be exerted where maladministration is iden-
tified. Apart from that, suppliers also benefit from the network,
as redundant audits can be avoided, and as such, also costs asso-
ciated with these audits.
10. -10-
The challenge in identifying and constantly monitoring risks
along the supply chain lies in the enormous data requirement:
Information from a large number of expert databases is neces-
sary for initial assessment of latent supply chain risks. The same
applies for ongoing risk monitoring on a (near) real time level to
identify crisis events on an ad-hoc basis. Monitoring a mere 100
key supply chains (1st and 2nd tier) using a scorecard comprising
40 indicators requires constant updating of approx. 48,000 infor-
mation items. It is logical, therefore, that a high degree of auto-
mation in the collection and updating of data is needed and that
this should be an essential decision criterion when setting up
supply chain risk management. A high degree of automation also
has other beneficial aspects: Increased efficiency gain (working
time) is achieved because manual data collection and updating
becomes redundant, which means there is more working time
for value-adding activities, such as risk prevention.
In addition, it is important to take into account the timeliness
of the required information: Databases such as those of the UN
ISDR (United Nations Office for Disaster Risk Reduction) may
offer a large volume of historical data related to catastrophes,
but no assistance in establishing an early warning system. Con-
sequently, it is advisable to use web-based search methods so
that risk events can be identified in near real time through online
and social media. Integrating intelligent search mechanisms also
assists in increasing the accuracy of matches and receiving only
relevant and authoritative information.
The relevance of risk information should be another criterion
for information acquisition. In this regard, it is helpful to focus
on risk objects to be monitored (suppliers, logistics hubs, sto-
rage, bottleneck regions, etc.) when requesting information from
data sources. Geocoding of key locations (supplier plants, logis-
tics hubs, etc.) helps in terms of geopolitical and location-based
risks, because it allows for inquiries in respect of specific addres-
ses. When requesting company data, master data (such as name,
legal form and address etc.) should be available in order to rea-
lize an optimal hit ratio in respect of credit information inquiries
or sanction checks, for instance.
To ensure that the required risk information is authoritative,
established data sources should be used, to the extent availa-
ble: Reinsurers such as MunichRE provide global, well-founded
and highly authoritative data on natural hazards on the basis of
worldwide geo-coordinates. Governments often make available
data on infrastructure, macro-economy, corruption or healthcare
(CIA Worldfactbook, RSOE, etc.) at no charge. Non-governmental
organizations, on the other hand, provide data on war indices,
spreading of epidemics, corruption indices, etc. (United Nations,
World Bank or Transparency International, WHO, CDC, etc.). Fur-
thermore, supplier data in respect of creditworthiness, sanctions
or corporate social responsibility of commercial providers (D&B,
Bureau van Dijk, Creditsafe, Format, European Compliance Com-
pany, EcoVadis, etc.) can be used.
Comprehensibility for everyone involved in the risk manage-
ment process is also an important parameter for risk identifica-
tion. For practical reasons, it is advisable not to use a methodolo-
gy that is too scientific when identifying risks (e.g. determination
of probability of a strike/unrest). Especially when it comes to soft
facts (risk assessment to be determined by persons), a simple
and comprehensible scale (range) is critical for success in terms
of users. Easy-to-understand scales such as “No risk”, “Medium
risk”, “High risk” and “Risk event” are useful here so that emplo-
yees‘ expert knowledge can also be included.
Easy, mobile accessibility that supports a cross-departmen-
tal methodology is another criterion for successful SCRM. For
example, “mobile apps” facilitate easy integration of expert
knowledge of quality, logistics, finances, legal issues, insurance,
compliance, corporate social responsibility and enterprise risk
management at the push of a button. A comprehensible risk
scale (see previous paragraph on “Comprehensibility”) promo-
tes interaction between departments, as a comprehensive un-
derstanding of risk identification is easy to establish. Incidentally,
the same applies to all information recipients of the early war-
ning system.
5
5
This is calculated as follows: 100 1st tier suppliers + 300 2nd tier suppliers = 400 suppliers to be monitored (assuming that one 1st tier supplier has three 2nd tier suppliers).
Add to this 800 locations to be monitored (assuming that there are two logistics hubs per supply path). Formula: (400 suppliers x 40 indicators) + (800 locations x 40 indica-
tors) = 48,000 risk information items required.
Ingredient 4:
Risk Identification
11. -11-
6
Ingredient 5:
Impact Assessment
Defining tolerance areas (e.g. in the scorecard at indicator level)
allows automatisms for alarm notification to be defined. Whe-
re an indicator moves out of the tolerance area because of a
change in a supplier’s failure index, this triggers a message/alarm
to the responsible employees. As a result, they can generate ap-
propriate responses to the risk event within a short period of
time in case of a crisis. In addition, analyses enable risk situations
(without occurrence) to be examined, so as to initiate tailored
preventive risk avoidance activities. In this way, preventive mea-
sures can be activated on the basis of trends or accumulated risk
situations, for example.
In both scenarios, it is important to assess the criticality of the
supply chains affected. In many cases, determining a goods
group/item-specific criticality is unavoidable. The granularity
criterion gained in the assessment then allows suitable and fo-
cused action plans to be initiated. Typical factors for determining
criticality are:
• Evaluation of dependency
- Ascertainable by means of EVO vs. sales of the supplier (de-
pendency of supplier)
- Ascertainable by means of EVO vs. part of sales attributable to
supplier products (dependency of supplier)
- Alternative, reliable sources (market structure)
• Evaluation of (potential) interruption
- Total time to recovery (TTR)
- Inventory incl. rolling stock
- Shortfall of parts (due to TTR) - production schedule for
TTR period (parts) + inventory = Delta
• Evaluation of financial impact
- Loss of sales due to Delta
- Loss of profits due to Delta
- Damage to reputation due to event
• Evaluation of effect on market
- Determination of customers affected
- Costs for corrective marketing and sales activities
• Additional risks/indicators depending on the sector,
company size, etc.
12. -12-
Interpreting current threats (cf. Chapter 5) and their impact (cf.
Chapter 6) makes up an important information base for deri-
ving suitable action steps. A differentiation is made here bet-
ween reactive measures for minimizing the impact in the case
of unavoidable risks, and preventive measures for precautionary
risk avoidance and reduction. When assessing the situation, it
is helpful to take into account the joint impact of threats and
potential damage: For example, a high potential threat through
earthquakes in critical supply chains with monopolists can be
transferred through insurance, while construction measures at
warehouses and production sites of suppliers may seem low risk.
On the other hand, a bottleneck in a supply chain with sufficient
reliable, alternative procurement sources and a short lead time
typically results in an action plan that includes activating the al-
ternative option(s) and rescheduling logistics. These two exam-
ples show that it may be extremely helpful to take these two
key parameters into consideration when selecting an action plan.
Implementing risk management measures in the supply chain
is generally a cross-departmental task: Necessary expert know-
ledge, reactive measures in the event of a crisis, and risk preven-
tion call for collaboration between the procurement department
and the logistics, compliance/CSR, insurance, risk management,
sales and other departments. To ensure a smooth and coordina-
ted order of events in terms of risk activities, it is worth creating
a type of action plan matrix, for example: By eliminating the re-
levant threats for a risk object (supplier, location/supply chain
hub, country, supply chain) and criticalities/impact (item-specific
where applicable), you can gain insight as to
a. when measures would seem effective
b. which measures seem appropriate
c. which departments are meaningful to include.
Measures are frequently differentiated based on their effect:
• Risk avoidance (e.g. non-qualification of suppliers associated
with risks in award decisions)
• Risk reduction (reduced risk potential by setting up alterna-
tive capacity/diversification)
• Risk limitation/transfer (specifying defined upper limits for
risks through Contingent Business Interruption insurance
with a deductible)
• Risk acceptance (possible risks are assessed as acceptable)
Communication of the risk situation in a transparent and verifia-
ble manner constitutes another task when implementing action
plans. It is therefore highly recommended to develop a scenario
for crisis events that includes responsibilities and procedures for
communication, implementation of damage control and knock-
on effects, and follow-up activities for purposes of prevention.
Prevention, in turn, includes setting up risk identification (Ingre-
dient 4), risk assessment (Ingredient 5) for purposes of early de-
tection, as well as preparing preventive measures and reactive
emergency plans (Ingredient 6). This will reveal how strongly
process-driven a (supply chain) risk management control loop
can be configured, so that it provides fully effective protection.
7
Ingredient 6:
Risk-Minimizing Measures
Probability of occurrence
Riskofdamage
LowMediumHigh
High Medium Low
Avoidance
Transfer
Limitation
Reduction
Acceptance
13. -13-
8
Ingredient 7:
Integration into Procurement Processes
The risk management process along the supply chain can benefit
from other procurement procedures and also support them. This
white paper focuses on the following interactions within Procu-
rement:
• Interaction in terms of award decisions
• Interaction in terms of supplier qualification/voluntary
supplier information
• Interaction in terms of purchasing dashboard/reporting
8.1 Interaction in Terms of Award Decisions
Within the framework of award decisions, Procurement “tradi-
tionally” evaluates costs and, in cooperation with the inquiring
technical department, quality and scope of the service to be
contracted. The risk data from SCRM provides an additional key
criterion for award decisions, which can be used for managing
and optimizing overall costs throughout the collaboration peri-
od with business partners. The positive spin-off of this is better
award decisions, as is explained in the riskmethods & eckseler
consult study “ROI of Supply Chain Risk Management”. By inte-
grating risk data, extreme costs resulting from supply disruptions
and damaged images of high-risk supply chains can be comple-
tely avoided, in an ideal case. Particularly, as regards identifying
1-n tier supply chains, and especially in the award process (e.g.
in the RFI), an option is provided for obtaining this information
quickly and in full from potential business partners, allowing for
a risk evaluation to be performed at that early stage.
8.2 Interaction in Terms of Supplier Qualification/
Voluntary Supplier Information
Regularly recurring supplier qualification/voluntary supplier
information is an effective means for capturing supply chain
structures of potential and existing suppliers. In practice, three
aspects are essentially of relevance:
• Verification of the production locations to be monitored (vs.
sales locations)
• Recording of key logistics hubs (e.g. Suez Canal, Rotterdam,
etc.)
• Determination of sub-tier suppliers
The benefit is obvious: Based on information (a-c) that is interro-
gated cyclically, supply chain structures can be automatically cap-
tured and updated – without research or maintenance effort on
the part of Procurement. In addition, added value for suppliers
can be generated, to the extent that the risk profile determined
via the qualification portal is made available to the supplier, for
example. Modern supplier management systems even support
the following interaction to allow for and review supplier feed-
back and, where applicable, also (self)-initiated measures based
on the published risk profile.
8.3 Interaction in Terms of Purchasing Dashboard/
Reporting
Numerous procurement systems offer comprehensive supplier
dashboards to facilitate the implementation of goods groups
strategies for goods groups managers and lead buyers, for ex-
ample. An integrated “control center” helps display data from
various procurement processes in a central location, and to
analyze this data and initiate the best possible derivations and
measures. When making important decisions, such as supplier
reductions, setting up alternative sources, risk prevention mea-
sures, changes in Contingent Business Interruption insurance
or other action plans on a well-founded basis, a display of this
nature combined with risk data is indispensable. In addition to
purchasing volumes, requirements forecasts, contract data, stra-
tegic implications, requester specifications, etc., risk and critica-
lity profiles of (sub-tier) suppliers, locations and (sub-tier) supply
chain structures make up one of the most important compo-
nents in providing procurement experts with a comprehensive
view and enabling successful procurement management.
14. -14-
9
Summary
A single white paper can certainly not answer every company’s individual requirements of SCRM generically.
With this paper, we hope, however, to have been able to provide you with a well-founded composition of
ingredients and ideas for your company-specific organization, and with process steps and possible contents
for configuring professional SCRM.
We look forward to your comments, feedback and experiences, and we will gladly also publish your experi-
ence reports in our Supply Chain Risk Management expert blog (http://blog.riskmethods.net/).
Our special thanks goes to all involved purchasing agents, who
shared their experiences with us within the framework of perso-
nal discussions and an onsite workshop, and who have actually
made this white paper possible:
Karl-Heinz Pöhlmann
VP Global SC & Purchasing,
Hottinger Baldwin Messtechnik GmbH
Jürgen Schuhmacher
Director of Strategic Procurement,
KARDEX Deutschland Produktion GmbH
Jörg Thürwächter
Strategic Purchaser,
KARDEX Deutschland Produktion GmbH
VP Global SC & Purchasing,VP Global SC & Purchasing,
Hottinger Baldwin Messtechnik GmbH
Director of Strategic Procurement,
Jürgen SchuhmacherJürgen SchuhmacherJürgen Schuhmacher
Director of Strategic Procurement,
KARDEX Deutschland Produktion GmbH
Strategic Purchaser,
Jörg ThürwächterJörg ThürwächterJörg Thürwächter
Strategic Purchaser,
KARDEX Deutschland Produktion GmbH
15.
16. About riskmethods
riskmethods provides companies with a comprehensive supply chain risk management solution for proactive monitoring and assessment
of risks in the supply chain. An early warning system for potential risk ensures that proactive steps can be taken to avoid supply disruption,
enforce compliance and protect the corporate image. The SaaS solution “Social Supply Risk Network”, which was developed in Ger-
many, combines state-of-the-art technology with cutting-edge provision of risk intelligence, to establish a leading standard in supply chain
risk management.
Version:Februar2015
KontaktKontakt
Contact
Heiko Schwarz
riskmethods GmbH
Orleansstrasse 4
81669 Munich / Germany
Phone: +49(0)89-9901 648-0
info@riskmethods.net
www.riskmethods.net