Supply Risk Management Supply Risk Management

In today's changing business climate, procurement's role is not just about getting the right goods and services at the best possible price, with the right volumes, at the right time. Their role, among other things, also involves helping to identify procurement risks, and with organizational involvement, develop a risk mitigation strategy that reduces a company's vulnerability to potential supply management impacts. Procurement folks need to keep in mind that focusing on just a past history of events and trying to predict low-probability, high-impact events are pretty much impossible. For procurement and executive management, it becomes more effective to identify the outcomes—that is, to develop a plan to evaluate the possible impact of “potential” extreme events.

A company's failure to plan, measure, and mitigate risk factors in their supply base before a major disruption occurs can create a ripple effect that can negatively impact a product or service's quality, supplier relationship and thus ultimately affect corporate earnings. Consequently, the financial impacts can affect some companies for some years after the risks were identified and being mitigated. Like a major heart attack straining the flow of blood, a disruption shuts off access to important information, products and causes internal service issues for the organization, suppliers and customers. Similar to a major health issue, it can have lasting financial effects on a company's business health.

What Are Some Types of Risk an Organization May Face?

  • Product adulteration
  • Foreign Exchange Rates
  • IP infringement
  • Legal
  • Geo-Political
  • Mergers of competitive suppliers
  • IT/Data Security
  • Fake products
  • Quality
  • Shipping/Logistic Problems
  • Product testing
  • Credit/financial
  • Strikes
  • Product liability
  • Plant/Equipment breakdowns
  • Natural disasters
  • Environmental waste
  • Regulatory issues
  • Loss of key resources
  • Poor contract management

Many organizations lack a defined process in identifying the events of potential supply risk disruptions, as well as, the systems and processes to plan, measure and mitigate risk. The lack of planning is the direct cause of unforeseen supply risks that negatively impact the profitability of an organization. To unearth potential supplyrelated problems, the entire organization needs to be involved from procurement through IT, legal, marketing, operations, and sales. The risk plan must be created with defined measurements that are able to predict with relative certainty the financial impact that a supply disruption can cause. The defined risk strategies are created to help mitigate the effects of any disruption of supplies with costs and benefits associated.

A practical outcome focused process framework created with cross-functional input can help ensure an organization has a risk management plan that's the right fit for their company.

Develop an Overall Process Framework Tied to Outcomes

Total Supply Risk Management Framework

Identify the Risks and Potential Outcomes

Ultimately, the organization must create a strategy that focuses on achieving various quantifiable outcomes. An organization should develop a quantified picture of current total product or service related risk. For example, procurement should identify the probable internal and external risks in strategic, critical or commoditized products or services supplied. They should also place a level of severity of that impact/outcome. The collectiveness of all the risk factors identified that intersect and impact the organization is the "total supply management risk.” By assessing the total supply management risk, managers can analyze their situations and assign resources to improve their risk mitigation efforts. To arrive at that total risk, however, they must undertake a risk management process to identify the vulnerabilities in each of the risk areas, the circumstances that create the vulnerability, the probability of occurrence, and a process to mitigate the risk. Employing a process methodology for risk management will help businesses stay ahead of any market changes and plan for cause/effect risk contingencies.

Process Methodology For Risk Management

Profile the Suppliers

Start with prioritization of key suppliers based on risk profile and develop the appropriate risk management strategies for each individual supplier. To identify potential risks, start by making sure you have a thorough understanding of all the steps within the supply or service provided. Identify each product material, service related process step and contractual performance agreements. Begin by building a process chart of all related labor, materials and associated overheads. Examine each component to understand and capture the processes used by each supply source. Your supply assessment should include potential as well as existing suppliers to gain an assessment of competition and backup sources. Identify value-added steps in the supply management process to assess the possibility of working with new or existing suppliers closer to your organization to improve competitiveness as well as reduce potential supply risks. Unless your management team is monitoring and measuring the complete supply process from beginning to end of your supplier's actual product or service, a disruption could cause issues to your product or service way before you become aware of it.

Define the Total Outcome Plan for Implementing Risk Management Strategies

Take into account all the identified risks and prioritize them. Developing and utilizing an organizational-tailored risk template, rank the risks in order by assigning a risk score. This template can be a risk spreadsheet “simulation” or based on internal system scenario planning. You can establish a risk score by estimating the likely time of the disruption and costs you will need to recover. Include a "worst possible scenario" to assess the effects of a long period of supply disruption. Then evaluate if other options will provide a measure of protection and what the cost would be for that protection. It is critical that your team gets management sign off for any implement plan. Once you have data analyzed and developed, the next best step would be to develop a cost/benefit business case presentation to executive management. The head of procurement or even supply chain should help to lead this effort. Specify the risk impacts and make sure you are clear on the action steps and commitments needed. Also, schedule time-phased progress reviews with executive management. It is very important to have executive management support when developing and implementing a risk management strategy to the organization. They provide support and needed commitment towards your goals. Management can build support from different departments and these departments will provide commercial insights and technical expertise to the risk plan. Once the strategy and plan have been approved, stay the course and hold periodic team reviews to ensure the strategy remains effective and sound. When circumstances demand changes, be ready to recommend and implement those changes to the plan with executive management.

Communicate, Communicate, and Communicate!

An agreed communication schedule helps a corporate culture embrace a company goal for effective risk management. Continually ask these questions in the process:

  • Are all needed people chosen in identifying risk factors?
  • Have we mapped out all those who should participate?
  • Have internal stakeholders been communicated to regarding the issues?
  • What risks are we planning to discuss with external stakeholders?
  • Have we developed a touch point strategy in the event that a risk event occurs?
  • Is there clear roles, responsibility and accountability for insuring the right people get information and take action if required?
  • Any contingency plans created, evaluated and put into a run-through?

Example Steps To Implement a Mitigation Strategy for Identified Risks

Organizational Steps

  1. Choose resources with organizational strength for your cross-functional team
  2. Identify procurement areas in scope
  3. Identify suppliers involved in risk areas
  4. Agree on a supplier ranking for potential risks
  5. Develop supplier qualification criteria
  6. Assess current risk weaknesses
  7. Create a risk base financial model
  8. Identify risk mitigation options
  9. Team options are evaluated
  10. Teams choose various options for implementation

First, choose resources that have strong organizational and functional strength.

  • Identify functional expertise required
    • Recruit functional experts
    • Assemble cross-functional project team
    • Possible team composition:
      • Procurement
      • IT/Systems
      • Product research & development
      • Engineering
      • Regulatory
      • QA
      • Supply chain
  • Identify procurement areas in scope
    • All approved and currently marketed products
    • All products that have passed stage 3 approval but not yet fully approved
  • Identify suppliers involved in risk areas (sole source, single source, multiple source, no perceived risk)
  • Agree on supplier ranking and develop a supplier qualification criteria
    • Develop supplier qualification through RFI assessments with weighted questioning, risk mapping, utilize a baseline functional risk ranking to develop a total risk profile
    • Develop a modeling process to develop time, cost, and resource requirements for developing alternative sources
  • Assess current risk weaknesses
    • Identify unmitigated revenue disruption risk by total company, product/service line and supplier
  • Create a risk based financial model
    • Collect qualitative and quantitative data; RFI & internal
    • Map qualitative into quantitative
    • Develop a decision model to understand financial risk and evaluate mitigation investment options
  • Identify risk mitigation options
    • Identify potential risk mitigation options including cost, time and resources to implement; Options could include backlogging stock products or forward buying needed services, fully qualify alternative source, partially qualify alternative source and build risk inventory. Also identify present value towards investing in potential options via previously developed financial risk model
  • Team options get evaluated
    • Recommendations developed by evaluating current revenue loss exposure (via financial model) Whole company–consider all end products/services by product line and supplier
    • Identifying best options and related cost, time and resources to implement by raw material, by supplier, by end product (supplier qualification models and risk mitigation options generation)
  • Choose a summary of options to management


Supply chain risks represent a major threat to businesses and a process must be developed to identify potential impacts to the organization and a method to quantify risks. Incorporating a wellplanned, cross-business and cross-functional team approach is essential for success and helps in the process of gaining top management endorsement. An organization also needs to be aware of areas of risk, probability, impact and timeline to correct issues that arise. By utilizing a financial risk model that will channel present value towards investing in potential options, organizations will be able to mitigate risk and avoid potentially painful monetary loss.