For the full report, see:

Our group conducted research about the potential for managing risks in Supply Chain Management.  This study showed that documenting the likelihood & impact of risks was not a key part of SCM and that supply chain risk information was not readily available to key-decision makers.  Furthermore, very few firms are actually able to exploit risk to an advantage by taking calculated risks in the supply chain and even fewer were prepared to minimize the effects of disruptions.  The results were very mixed on whether a key part of supply chain management was documenting the likelihood & impact of risks.  Even more mixed was if supply chain risk information was accurate and readily available to key-decision makers.  There was some debate as to the validity and usefulness of tools to operationalize the process.  The managers did tend to prefer approaches which combine subjective and objective measures because this allows them some freedom rather than being pushed into taking decisions solely on complicated numerical analysis.  Failure Mode Effects and Analysis (FMEA) is a mainstream tool used to collect information related to risk management decisions for most companies in an engineering capacity, but not in a supply chain capacity.  There were several documented procedures to complete an FMEA, especially in automotive.  Most managers supported a modified version of the tool that could be used to help evaluate the risk of SCM decisions.

Several of the firms used financial reports and questionnaires during supplier approval to compare supply candidates to the business requirements of the buyers or project teams. When justified by a perceived level of risk, a few of the firms went one step further and had candidate comparison matrices (e.g., supplier profiling form and supply Chain PFMEA). Additionally, most had formal processes for supplier visits (e.g., Rapid Plant assessment, site verification of the supplier questionnaire, etc.).  Some firms actually used life cycle management with supplier report cards and their buyers would conduct periodic supply chain reviews.  In one firm, sourcing was assigned risk ownership and they used FMEA principles to evaluate risk impact.  For each risk, they would assess what the financial impact would be in the event of a disruption.  They then assigned a probability to each risk area and then they prioritized by multiplying the financial impact by the risk probability.  Most firms are only using existing SCM applications for managing risk with no formal risk management system in place.  In the absence of risk management applications, these firms are building risk considerations into traditional SCM applications. 

Managing supply chain risks should occur at all levels of the supply chain, and the process should support integration with supplier and customer risk management activities.  The process should be active in all stages of the acquisition life cycle, starting with technology development and continuing through acquisition, production, maintenance, repair, and disposal.  The scope of the process should include all types of risks appropriate for the supply chain.  In addition to the common causes of disruption, risk identification should consider economic, political, environmental, regulatory, manufacturing readiness, and technological obsolescence issues.  All levels of management should be actively engaged in risk management, including strategic, business, program, technical, and tactical levels.  The process should both leverage common tools for assessing risk, but also develop specific SCM mitigation tools and solutions. 

A method for analyzing supply chain risk must be a cross-functional process that involves senior management as well as key stakeholders from finance, operations, internal audit, and risk management.  However, the companies in this study have not adopted this boundary spanning process.  Instead, they have managed risks within functional areas.  However, it was acknowledged that the most effective forms of risk management demands involvement across multiple areas of the organization. 

The process begins with an assessment of the supply chain.  This can usually be done with internal resources but might require the assistance of outside consultants.  In either case, it was agreed that this assessment would take the most effort. While generally lacking among firms, this study indicates the importance of having a process that will allow an organization to analyze, prioritize, and measure the economic impact of risks in the supply chain.  Such a process should provide decision makers with financially justified value propositions for initiatives that are aligned with the company’s strategic goals.  Though a number of different risk management processes have been put forward, most tend to follow the generic process offered in this study with the following key elements.

  • SCM Risk Planning:  develops an overall plan for assessing, handling, and communicating supply chain risks.  It identifies how risk priorities are established, how risks are communicated, the training resources required, and the stakeholders responsible for each of the risk management activities.
  • SCM Risk Identification:  uses tools that enable a thorough investigation of all possible sources of risks within a supply chain.  To be effective, this part of the process must be conducted throughout the supply chain and life cycle of the program. 
  • SCM Risk Analysis:  assess each risk in terms of its likelihood of occurrence, and the estimated impact should the risk occur.  This study recommends a modified version of the FMEA tool that could be used to help evaluate the risk of SCM decisions. 
  • SCM Risk Handling:  stakeholders rank order the risks and determine what options exist to mitigate the most likely and/or serious risks.  Mitigation strategies can either lower the likelihood that the risk will occur or reduce or eliminate the impact should it occur.  These plans must be assessed both in terms of their cost as well as their impact on the likelihood and severity of the risk.  Based on this analysis, mitigation strategies are selected that provide the greatest return to the company.  Our study shows that many risks are actually common across a large number of suppliers and industries.  What is implied is that the same mitigation strategy may be successful in addressing a broad range of supply chain risks. 
  • SCM Risk Monitoring:  systematically track the risks and the risk handling plans against cost, schedule, and performance metrics, to ensure that risks are being managed as planned.  In other words, measure and monitor performance to maintain a balanced risk profile. 

Understanding the risks within a supply chain requires an in-depth knowledge of business operations.  To develop this understanding, the company must begin with interviews and workshops typically involving a cross-functional team of subject matter experts representing sourcing, manufacturing, and logistics.  The company must collect its financial and risk performance data (e.g., average lead times, safety stock levels, other inventory levels, etc.) and benchmark it against industry and functional comparisons.  This process enables the organization to develop a detailed picture of its supply chain, which in turn helps it identify potential risks more easily.  A few managers took the view that effective supply chain risk management does not need to be a highly formalized and structured process.  However, our approach favors a more formal, structured process for managing risk.   

Also, for more research papers, see (click “PDF” once on the site):

Please reach out for more material and reports on this topic. Thank you. Sime

Sample Lectures & Should You Major in Supply Chain Management?

Dr. Sime (Sheema) Curkovic, Ph.D., Professor, Operations/Supply Chain
Western Michigan University, Haworth College of Business


“WMU Integrated Supply Management (ISM)…Nation’s best undergraduate SCM program (Gartner); 2nd in SCM technology (SoftwareAdvice);  2nd in top global SCM talent (SCM World)”

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *