An introduction to supply chain risk management

Many organisations are increasingly concerned about their supply chain risk, not only the traditional supplier issues of late delivery and poor quality but also other risks with security, environmental, social and ethical impacts. What’s more, the effective management of these risks is becoming more taxing as supply chains become increasingly complex, in part due to globalisation, new technologies and customer demand for variety. The good news is that formal Supply Chain Risk Management (SCRM) techniques can help.


Organisations can be vulnerable to a wide range of supplier problems, whether from internal events, such as product defects or warehouse fires, or external threats like cyber-attacks, trade wars or natural disasters disrupting production or shipment. Their risk exposure depends on the breadth and depth of their supply chain, which in turn is governed by the types of products and services provided and, importantly, the extent to which they rely on third parties. For example, how much does the business outsource manufacturing, assembly, transport and storage of components to enable it to meet its customers’ needs? Ideally, all layers of the supply chain should be identified and managed in such a way that any failures or disruptions have minimal impact on continued business operations and profitability. SCRM provides a practical, risk-based approach to realising this goal.


SCRM is an important subset of enterprise risk management (ERM) and focuses on the implementation of strategies to manage both every-day and infrequent risks along the supply chain on a continuous basis, with the objective of reducing vulnerability and ensuring continuity if risks occur.

SCRM attempts to reduce supply chain vulnerability via a coordinated and collaborative approach, involving all supply chain stakeholders, including subcontractors. SCRM systematically identifies and analyses the key failure points within the supply chain. Mitigation plans are put in place to ensure supply chain continuity in the event of a scenario which otherwise would have interrupted normal business. The supply chain environment is continuously monitored for risk events or their precursors.

Using a risk-based approach provides a way of prioritising events based on their frequency and consequences and promotes the identification of tangible improvements that reduce operational, financial and reputational risks, while meeting the needs of customers and end-users. The approach taken needs to recognise that each organisation is different and has competing needs and priorities, whether driven by cost, risk, efficiency or competitiveness.

A secondary objective of SCRM is to not only mitigate financial and reputational risks but to also increase value within the supply chain through improved performance.


A key attribute of successful SCRM is that suppliers are able to demonstrate that they apply the principles of good governance. These include providing evidence of qualifications, references, competence, quality, reliability, corporate social responsibility and environmental and security compliance.

The earlier that suppliers are assessed in the procurement process, the greater the opportunity to address risks and avoid unnecessary failures, delays and costs.

With a risk-based approach, the level of assurance required from each supplier is proportionate to the business risk, noting that this isn’t necessarily the same as the commercial exposure. For example, a low value contract with a specialist supplier to provide a critical, long lead time component could have a large business impact if the component cannot be readily sourced from elsewhere.

An important first step is to create a detailed map of the entire supply chain to enable greater understanding of each individual link, including the supply sources, logistics and geographies. Who depends on what, from whom and from where? The output from this exercise is crucial for the development of a supply chain risk register that sets out the ‘inherent risk’ (untreated) versus the ‘residual risk’ (after mitigation) for each source of risk. The resulting risk register can also help to illustrate the return on investment for improvements that are being proposed.


The main benefits of SCRM include:

  • Creating a strategic competitive advantage by promoting an agile supply chain.
  • Outperforming competitors affected by the same shared risks, thus boosting market share when a common risk occurs.
  • Supporting optimal supply chain design by reducing uncertainty and strengthening relationships and trust to reduce risk.
  • Continually detecting, optimising and reducing risk exposure and cost when compared to competing supply chains.
  • Operating and continually improving a resilient supply chain.
  • Enabling organisational self-assessment or certification against international standards.


The cost-effective way to manage the impact of supplier risk to an organisation is to implement a strategic risk-based approach. The proactive assessment of risks associated with the supply chain aims to reduce vulnerability and ensure continuity. Mapping the supply chain, assessing suppliers and maintaining a risk register are all crucial steps in successful SCRM.