Supply Chain Risk management

What is Supply Chain Risk Management (SCRM)?

As the famous saying goes: a supply chain is as strong as its weakest link. Recent history is seeing disruptions of many kinds, ranging from flooding, earthquakes and volcanoes to industrial accidents such as nuclear plant fires or ships blocking the world’s critical canals to geopolitical turmoil to the worldwide Covid-pandemic. These events are effectively showing us that maybe our supply chains have many weak links, depending on what happens to them. Apparently, our supply chains are running much more risk and are much more vulnerable than we used to think.

Interestingly enough, Supply Chain Risk Management is not a new topic at all, but those recent events have made that it’s now at the top of each Executive’s agenda. Better late than never.

In 2018, Fan & Stevenson published the results of their extensive research into the topic of Supply Chain Risk Management (SCRM), after reviewing hundreds of academic articles about it. On the basis of their findings, they proposed the following formal definition, stating that SCRM is:

“The identification, assessment, treatment and monitoring of supply chain risks, with the aid of the internal implementation of tools, techniques and strategies and of external coordination and collaboration with supply chain members so as to reduce vulnerability and ensure continuity coupled with profitability, leading to competitive advantage” (Fan & Stevenson, 2018).

This definition contains a few critical elements: first of all, the notion of vulnerability and secondly, the key word of continuity. Let’s take a closer look at these two elements.

Why is Supply Chain Risk Management important?

The supply chain is crucial for any business as it consists of different activities. It includes the transformation of natural resources, raw materials, and work in progress resources into a finished product that is then delivered to the end customer. Hence, when one process fails to provide what is required on time for the next step in the supply chain, it can disrupt the entire supply chain. Hence, the threat and disruption to the supply chain can cost in terms of the following:

• Material shortages
• Reduced revenues with a possibility of impact on market share
• Cost volatility with a possibility of inflated cost
• Damaged organization reputation and lower customer confidence

Therefore, a comprehensive SCRM strategy is important for businesses to be resilient and responsive to mitigate the risk involved in supply chain. This involves the management of all types of risk in all tiers of the supply chain (suppliers, logistics, locations and more). When SCRM is implemented well, it will have a significant competitive advantage over other businesses.

SCRM: the notion of ‘vulnerability’

So, in which ways can supply chains be vulnerable, from which angles are they at risk? In order to be able to limit the impact of supply chain disruption, businesses will need to identify what risks they are exposed to in their supply chain.

First of all, risks can be internal (controllable) or external (uncontrollable). However, the complexity of the supply chain requires an assessment of all types of risks involved and the related factors that cause them.

In Mastering the Supply Chain: Principles, Practice and Real-Life Applications (Weenk, 2019) supply chain risk management is also addressed. In the book, Weenk refers to a model presented in the work of Sheffi (2007), and based on a framework developed by Debra Elkins at General Motors. In this model four distinct risk categories are mentioned, namely financial-, strategic-, operations-, and hazard vulnerability.

• Financial vulnerability, ranging from more internal policy factors such as debt and credit ratings and provisions for health care and pension plans to macroeconomic factors such as interest and currency fluctuations, economic recessions and so on.
• Strategic vulnerability, ranging from internal aspect such as ethics violations, budget overruns and ineffective planning to external factors such as attack on the brand, new competitors, mergers and acquisitions, and so on.
• Operations vulnerability, ranging from internal risks such as theft, harassment and discrimination, the vulnerability of manufacturing equipment, and staff, to more external factors such as supplier or service provider failures.
• Hazard vulnerability, referring to both random and malicious disruptions, such as intentional damage to property, intentional land or water pollution, and terrorism as well as weather- or nature-related risks such as earthquakes, plagues of insect, flooding and so on.

These dimensions together lead to a diagram dubbed the ‘concentric vulnerability map’, in which the risks represented towards the outside of the circles are coming from outside the company (less controllable), whereas the risks towards the middle come more from within the company (more controllable).

For identifying the external risks, one could for example turn to the well-known PESTEL analysis, which is an excellent way to identify risks on which companies have little to no influence, but that can have a tremendous impact on their supply chains. PESTEL stands for Political, Economic, Socio-cultural, Technological, Environmental, and Legal factors.

For the identification of internal risks, the most appropriate way would be to put together experts from the different functional areas and have them create an overview of the vulnerabilities as seen from the different viewpoints.

SCRM: the objective to ‘ensure continuity’

Identification of risks is obviously not enough. Knowing what you’re vulnerable to is only the first step. But to be able to ensure continuity of the business in the case of suffering from a certain event, plans need to be developed to deal with them. So, how to manage supply chain risk?

After identifying risks it is first important to classify them so that priorities can be set. What are the chances that this risk event will occur and what impact will it have? Obviously, the high-probability risks which have a high impact when they occur, should receive the highest priority. This is then the basis for defining so-called mitigations and putting those into place, ready to be activated whenever necessary.

What are the steps in the (Supply Chain) Risk Management process?

Combining the notion of vulnerability and the objective of business continuity brings us to the process of managing supply chain risks. Returning once more to the definition presented above, this is where it refers to identification, assessment, treatment and monitoring of supply chain risks, which effectively are the steps in the process. In fact, this process is pretty much the same as in any generic risk management approach, but now applied to the specific context of Supply Chains.

The steps involved in risk management helps to understand and mitigate the possible risk. SCRM steps are:

• Identifying and assessing risk: Requires visibility across the supply chain to have a good understanding of all tiers involved in the supply chain.
• Quantifying risk: One way is to plot the likelihood of occurrence against business impact and then prioritize accordingly. Further, it can also be assessed against the financial impact and time to recover from any risk.
• Mitigating risk: There are various mitigating risk strategies that can be employed. For example, increasing use of standard components or dual sourcing to avoid supplier failure. The objective is to have strategies in place that minimize the business disruption.
• Respond and recovery: The mitigation strategies in place and business continuity plans that are tested are key to speedy recovery.

SCRM: simple but not easy

Like many topics related to Supply Chain Management, this is easier said than done. As one of the central storylines in Mastering the Supply Chain: Principles, Practice and Real-Life Applications states: ‘simple but not easy’, meaning that the underlying concepts are, in fact, fairly straightforward, but that their successful application is not necessarily easy at all.

In line with the philosophy of the book, which is to capture an Integrated Learning Approach in the form of a textbook for learners, it presents the underlying concepts as well as some practical exercises to try and put these into action.

In addition, a Teaching Case about SCRM has been created, building on the specific context of Covid-19.

Managing supply chain risk in the end to end supply chain is increasingly important for all kinds of businesses. Having a supply chain continuity plan and having risk management tools in place helps organizations to prepare before a crisis occurs and if carried out properly it can give them a competitive advantage in their industry.