Monitoring of latent risks and an early warning system for events enable prompt implementation of appropriate preventive measures in a crisis situation. These predefined actions, together with quicker crisis response time and assessment of the criticality can save costs and time. Read more about the step-by-step approach, and conceptual and organizational implementation of risk identification!
1. Identification of relevant supply chains. The first step
in risk identification involves defining which supply
chains should be included in risk analysis. There are two
approaches: either a) all suppliers or b) a specified
supply chain section. The following criteria are suitable
selection parameters: purchasing volume, effect on sa-
les, technology and patents, ownership structures, cus-
tomer requirements, or regions. At this point, at a mini-
mum, we recommend taking all direct material supply
chains into account, as some suppliers assumed to be
quick and easy to substitute can turn out to be surpri-
singly critical upon closer inspection of the sub-tier
structures.
The fact that 51 % of supply disruptions do not occur at
direct suppliers but rather in sub-supply chains shows
that it is essential to include the first tier of the supply
chain as well as supply chain sub-structures in risk
analysis (source: „Supply Chain Resilience 2014“ study,
Business Continuity Institute). Besides sub-suppliers, it
is equally important to capture paths and structures:
these include critical logistics hubs (ports, airports, and
bottleneck regions such as Rotterdam and the Suez
Canal), own production sites and distribution centers.
Development of risk scorecard. Once the supply
chains to be monitored have been defined, the compa-
ny-specific risk inventory must be created. A risk score-
card designed specifically for this purpose, contains all
risk indicators, which detect changes in risks. To facilita-
te definition and classification of the individual risks it is
useful to create clusters by topic, such as economic
stability of the suppliers, supply disruption risks, market
and cost risks, image and compliance risks, or quality
and performance risks. Here it is important to not only
take into account the supplier perspective (solvency,
CSR conformity, etc.), as interruptions can also occur in
the supply paths. Location risks, such as natural disas-
ters, strikes, and accidents at sites or logistics hubs, can
often affect several suppliers at once.
It is vital to integrate risk information into additional
procurement processes, such as contract award decis-
ions or supplier validations, or to use established
purchasing processes such as RFIs or voluntary infor-
mation for collecting and updating data of supply chain
structures, for example. In this way it is possible to yield
synergies in the many different purchasing processes.
Data capture and automation. The challenge in iden-
tification and constant monitoring of risks along the
supply chains is the huge volume of data required:
initial assessment of latent supply chain risks requires
information from numerous expert databases. The
same applies to ongoing risk monitoring on a (near)
real-time basis for ad hoc identification of crisis situa-
tions that occur. High automation for data capture and
data updates on a global scale is therefore indispensa-
ble and should be a key decision criterion when setting
up Supply Chain Risk Management. Besides currency
and capacity, relevance is also a factor: the alerting
logic should filter noise from actual risk signals.
Another critical aspect in terms of success is standardi-
zation of the data. Enhanced comprehensibility can
only be ensured if consistent terminology exists. For that
reason, data such as financial indicators (e.g. Credit
Ratings: AAA, AA+, ..., D), earthquakes (e. g. probability
of occurrence and magnitude based on the range on
the Mercalli scale of MM I to XII) or political stability
Natural disasters, strikes, sanctions, fires or in-
solvencies – the causes for supply disruptions
are numerous. Globalization is making supply
chains susceptible to disruption, and the
results are serious: contractual penalties,
production standstills, drop in sales or reputa-
tional damage. Comprehensive risk manage-
ment helps secure supplier relationships
and prevent supply bottlenecks. Therefore,
risks along the global supply chain must be
identified upfront.
Supply Chain Risk Management
1. RISK Identification
Risk
Radar1.
3.Action
Planner
2.Impact
Validator
Controlling &
Analytics
2. Orleansstraße 4 • 81669 München • T: +49 (0)89 9901 648 - 0 • info@riskmethods.net • www.riskmethods.net
Martin Wiedemann, Logistic Director,
Bosch Diesel Systems
˝Targeted alert messages from on-site
monitoring of objects enable us to respond
quickly and to save costs and time as a result
of the reduced response time. This gives us an
enormous competitive advantage.˝
Threat / Probability
Impact/Criticality
low high
high
Benefits of risk identification:
• Increased probability of finding a risk event
by 85 % (compared to search engines)
• Automated early warning system reduces
response time by 1.5 days
• 1 hour production downtime =
penalty of € 200,000
• Reduced manual risk search by
1 hour/day/buyer
• Prevention of price increases of up to 16 %
resulting from bridging demand at short notice
Source: ˝ROI of Supply Chain Risk Management˝ study, eckseler consult riskmethods
Supply Chain Risk Management
1. RISK Identification
(e. g. Global Peace Index Score in categories on a scale
from 1 to 5) must be converted to a uniform risk scale.
This is where scales that are easy to understand are
helpful, for example „No risk“, „Low risk“, „Medium risk“,
„High risk“ and „Risk event“.
Integration of risk management in the organization.
Organizational integration is just as important as the
conceptual framework and content-related develop-
ment of risk management. Sourcing decisions should
not solely rely on cost. A good balance between risk-
adjusted contract awards and savings is seldom found
in procurement’s targets. The consequences of this are
well documented. To ensure that this conflict of objec-
tives does not occur in the first place, risk management
requires top-level management awareness, clear
responsibilities and defined roles within the processes
– ideally in the form of a responsible risk manager.
Integration of risk management in the agreed targets of
all buyers and product group managers involved should
be compulsory. For risk management to be successful
in the entire organization, it is essential to create aware-
ness concerning the benefits of risk management and
to set measurable objectives.