January 11, 2014
Risk management is like insurance: You often don’t think you need it, but when you do, you’re really happy to have it.
That’s especially true today for the supply chain, which is being increasingly called upon to help companies expand into new and unfamiliar areas in search of growth. When part of a complex, global business, a supply chain can be vulnerable to a host of risks, ranging from merely annoying to catastrophic. That’s why it’s critical to realistically identify, prioritize and mitigate risks to your supply chain operations to ensure your company is as prepared as possible to address the unexpected.
SCE has found a simple yet powerful five-step approach can be highly effective in helping companies identify and mitigate supply chain risk.
Step 1: Identify as many of the potential risks that could impact the business.
The starting point for any kind of risk management program is identifying, as completely as possible, the full universe of risks that could affect the company’s supply chain. These risks generally fall into one of seven categories: internal, economic, commodities and currencies, geopolitical, natural disasters, customers, and suppliers.
Step 2: Determine the likelihood each risk could occur.
Once you’ve complied your list of potential risks, you should try to predict, as best as possible, how likely it is they could happen. A simple scoring method in which a company rates each risk on a scale of 1=highly unlikely to 10=highly likely is a good way to get an initial picture.
Step 3: Estimate the level of damage the company would suffer if exposed to the risks identified.
It’s also critical to also get a firm handle on the extent of damage specific risks could inflict on the business. In some cases, you can quantify the damage in objective terms, while in others, the assessment might be more subjective. Regardless, you still can get a quick estimation of the potential effect by rating each risk you’ve identified on a similar 1-10 scale, where in this case 1=minimal to no damage and 10=catastrophic damage.
Step 4: Prioritize the risks and determine how to allocate resources to mitigating each. Using the scores given to risks on the two dimensions just mentioned—likelihood and extent of damage—you can plot each potential risk on a simple matrix (see figure). Highest priority are risks that are both likely to occur and have the potential to cause extensive damage to the company—risks that would fall in the upper-right quadrant.
Categorizing and prioritizing potential supply chain risks
Step 5: Create and implement a comprehensive risk mitigation plan.
Once you’ve gone through the preceding exercise and created a prioritized list of risks, you should develop a formal and comprehensive risk management process and plan. Key elements include the method by which all risks will be identified on an ongoing basis; a categorization of all risks; a standardized method for allocating risk-mitigation resources; explicit assignment of ownership and executive sponsorship of each risk or risk category; and a documented approach for mitigating each risk.
Importantly, an effective risk mitigation process and plan strikes an appropriate balance between protecting the organization’s supply chain against its most critical and likely risks while supporting the continuity of the business and not eroding profitability. And because risks are constantly evolving and new ones emerging, the risk mitigation plan must be dynamic and continually updated—yearly at a minimum, but optimally every six months.
A popular insurance company commercial notes, it’s wise to “protect yourself against mayhem.” For companies and their supply chains, that’s great advice, indeed.