Supply chain risk management

What is supply chain risk management?

Supply chain risk management (SCRM) is the application of risk management tools to manage the risks and uncertainties which can be caused by or may be affecting the resources or logistics in the supply chain. Due to globalisation, both outsourcing and the supply chain processes are getting longer and complicated.This leaves many companies exposed to risk.

The aim of supply chain risk management is to put strategies in place to reduce the vulnerability in the supply chain to ensure continuation in an event of disruptions.

Is supply chain risk management really necessary?

Supply chain risk management has become increasingly difficult as a result of globalisation, as it has become harder to trace where goods have originated from.

For example, a weapon manufacturer may use raw materials sourced from a supplier who had no idea that they were part of a complex supply chain and had no knowledge of their material’s final usage. This increases exposure to risks.

The process of supply chain risk management

Robust supply chain risk management processes are required to identify and manage the increasing number of supply chain risks.

The process involved in managing supply chain risks usually consists of four steps:

  • Identification
  • Assessment
  • Controlling
  • Monitoring

Identifying supply chain risks

The supply chain risk is the likelihood of an event occurring and the impact it will have on the business. The downside of using this method to analyse supply chain risk is that some risks, e.g. the possibility of a hurricane, can be difficult to predict.

It is advisable for companies to use cross-functional teams to create a comprehensive list of the risks the company faces.

Potential risks to the supply chain include:

  1. Natural disaster threats, e.g. floods, hurricanes, earthquakes
  2. Counterfeit products
  3. Security
  4. Product Integrity
  5. Resilience
  6. Geopolitical
  7. Reputational, e.g. as the result of a trading partner engaging in bribery or money laundering
  8. Financial, e.g. as the result of supplier bankruptcy or market volatility
  9. Man-made risk such as fires or explosions

Whilst known risks can be identified and evaluated, other risks such as natural disasters or man-made risks can be far harder to calculate. For unknown risks such as the ash cloud in Iceland, it is more important to develop the ability of the supply chain to respond to risk rather than focusing on calculating the possibility of the risk occurring.


Contingency plans which may minimise the damage caused by risk include:

  1. Stock management
  2. Contingency insurance
  3. Risk assessments and audits
  4. Alternative sourcing arrangements
  5. Training programs
  6. Business intelligence
  7. Collaboration

Supply chain resilience

Because many supply chains are very complex, supply chain risk management may not be comprehensive enough to cover all eventualities. Consequently, supply chain management is often done in tandem with supply chain resilience.

Supply chain resilience focuses on the strengthening of the supply change so that it is capable to adapt itself to withstand unexpected events and to recover from them quickly whilst maintaining operations and control over function and structure.

Successful monitoring systems are designed to the needs of the organisation. They should incorporate early warning systems linked to the highest risks in order to give the company the maximum chance of mitigating or at least minimising their impact if they occur.