Supply chain risk management



Supply chain risk management (SCRM) is "the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity".

SCRM applies risk management process tools after consultation with risk management services, either in collaboration with supply chain partners or independently, to deal with risks and uncertainties caused by, or affecting, logistics-related activities, product availability (goods and services) or resources in the supply chain.

Supply chain exposures
SCRM attempts to reduce supply chain vulnerability via a coordinated, holistic approach ideally involving all supply chain stakeholders, collectively identifying, analysing and addressing potential failure points or modes within or affecting the supply chain. Risks to the supply chain range from unpredictable natural events (such as tsunamis and pandemics) to counterfeit products, and reach across quality, security, to resiliency and product integrity.

Mitigation of supply chain risks can involve logistics, cybersecurity, finance and risk management disciplines, the ultimate goal being to maintain supply chain continuity in the event of scenarios or incidents which otherwise would have interrupted normal business and hence profitability. The cost-effectiveness of resilience and other measures is an important factor since, as long as things are running smoothly, they add to the costs of production. To reduce interruptions to supply chain management in terms of logistic there are logistics risk management programs which includes Defensive Driver Trainings, Fleet Audits, Cargo Loss Minimization, Road Safety, Warehouse Safety etc.

Some supply chain logistics techniques such as supply-chain optimization and lean manufacturing can prejudice continuity and resilience. It is also becoming more common among businesses especially manufacturers to extend supplier quality management practices throughout supply chains. This approach is shown to increase transparency, reduce overhead costs, and improve operational efficiency.

Extent of supply chain disruption
A survey in 2011 conducted by the Business Continuity Institute (BCI) and Zurich, with responses from over 559 companies across 65 countries, found that over 85% of companies had suffered at least one supply chain disruption during the year. Later BCI surveys have reported some reduction in this percentage (70% in 2016, down from 74% the previous year).

The 2011 survey respondents also noted that 40% of the reported disruptions originated upstream with sub-contractors rather than prime contractors or first-tier suppliers.

The 2016 survey also noted that one in three organizations had experienced cumulative losses of over €1 million per year because of supply chain disruptions, and 22% of businesses had experienced 11 or more disruptions.

Resilience
Supply chain risk management typically involves four processes: identification, assessment, treatment, risk reporting and communication, and monitoring of supply chain risks. However, due to the complexity of many supply chains, these processes might not be sufficient to ensure that all eventualities are prepared for. Therefore, the concept of supply chain risk management, which is cause-oriented, is often combined with the concept of supply chain resilience, which aims to ensure that the supply chain can cope with or bounce back from incidents irrespective of their cause or nature. Supply chain resilience is defined as "the capacity of a supply chain to persist, adapt, or transform in the face of change" Some theorists believe that technological updating to modernize management methods -to include digitalization, artificial intelligence, big data and robotics- along the entire path of supply chains will considerably contribute to their sustainability and resilience.

Time to recover
"Time to recover" (TTR) is a valuable metric measured in weeks, originally introduced by Cisco and adopted by the Supply Chain Risk Leadership Council. TTR measures the time it takes a company to restore full operational output following a major supply chain disruption. The determination of TTR assumes that a facility is essentially unusable due to a major event, requiring extensive repairs and reconstruction, as well as re-sourcing and re-qualifying of key equipment used in manufacturing and other operations.

Measuring risk
Supply chain risk is a function of likelihood of an event's occurrence and its impact. Although this is the most popular methodology for quantifying risk, a drawback in the context of supply-chain risk is that it requires assessing likelihood or probability of many different event types across a number of supply-chain organisations and locations (potentially hundreds of thousands for, say, a major vehicle manufacturer). Thus, the range of possibilities is huge, frustrating and limiting the analysis possible in practice. The methodology may be appropriate for a smaller subset of locations and/or types or categories of risk.

Most companies rely on 'risk scores' of various types such as financial risk score, operational risk score, resiliency score (R Score). These are readily available, relatively simple to understand and analyze, and hence can be effective, at least for first-pass identification of risks worthy of further analysis. Standards and certified compliance (such as ISO 9001) are also effective ways to raise the baseline to a known level.

Supply chain resilience options
Some options to engineer an acceptable risk level in supply chains include:
 * Addressing sourcing risks as an integral part of the product design and engineering (e.g. preferring standardized multi-sourced commodities over custom or unique supplies from sole suppliers)
 * Managing stock levels both statically and dynamically
 * Considering alternative sourcing and flexible logistical arrangements (e.g. trucks to supplement or replace trains)
 * General purpose contingency arrangements such as business interruption insurance and proactive business relationship management (building mutual understanding and trust)
 * Supplier questionnaires, risk assessments, audits and certification, both for initial supplier selection and subsequently (e.g. refreshed prior to major changes such as new products, or in response to issues arising)
 * Awareness campaigns and training programs
 * The use of business intelligence from big data analytics and continuous monitoring for predictive security measures vs. clean up
 * Redundancy optimization (e.g. focusing redundancy efforts on business- or mission-critical products)
 * Slick incident management where time is of the essence
 * Postponement, product substitution and other forms of downstream supply chain management (assisting customers)
 * Comprehensive digitalization and modernization of management methods
 * Collaboration

Books

 * Choi, T.M., C.H. Chiu. Risk Analysis in Stochastic Supply Chains: A Mean-Risk Approach, Springer, International Series in Operations Research and Management Science, 2012.
 * Brindley, Clare. 2004. Supply Chain Risk. Ashgate Publishing Ltd., England, Ed. 1.