How to Manage Supply Chain Risk and Ensure Continuity

Thomas Jefferson said, “With great risk comes great reward.” However, he failed to mention that with great risk comes the potential for great loss. Risk is not something only investment firms have to acknowledge. Every company, especially manufacturing companies with large supply chains, have the challenge of managing risk.

Because of the potential for loss, it is important for organizations to mitigate, manage, and handle risk in their supply chain if they want to ensure customer satisfaction, experience greater profitability and outcompete competitors. People running supply chains certainly know that risk management is important, but do they know just how important it is?

The data says no.
Previous studies have found that many supply chain executives are apathetic towards managing and assessing risk. For example, none of the organizations in the study use an outside source for assessing the risk in their supply chain, yet most organizations will bring in consultants for employee management, marketing, sales, and finance. A shocking 90% of organizations do not consider risk when outsourcing their production, which could have dramatic effects on the speed of their supply chain.

This is perplexing — most companies can access potential risks, the severity of risks and certain actions to take to avoid the impacts of risk through predictive/prescriptive analytics solutions.

Risk is the only constant when it comes to the supply chain, so managing it is should be a priority for many organizations. But most executives are not rewarded for managing risks.

Without significant motivation to act — such as a crisis — risk management often falls to the bottom of the list for most supply chain managers. Executives are rewarded to produce results today. When an organization manages risk, fewer problems arise, and it (perhaps) appears managers are not working hard.

Since very few organizations implement a proactive risk management strategy, adopting one must certainly bring a hefty advantage over competitors!

In this article, we’ll talk about:

  • How to identify the different types of risk in the supply chain
  • How to prioritize the risk
  • How to take action to mitigate the risks

As with so many of our posts, the end goal is to provide a few tips that might help you improve profitability, optimize operations and (the no-brainer) run a better business!

Overcoming Your BiggestRisk Challenges in 2020 and Beyond. Download the guide.

Four Areas for Identifying Risk

The goal of supply chain risk management software (SCRM) is to reduce an organization’s vulnerability and ensure supply chain continuity by implementing strategies to manage risks based on continuous risk assessments.

A supply chain faces all sorts of risk — organizational, operational, strategic, commercial or external factors, but there are four main channels of risk that disrupt the flow of the supply chain: price, quality, delivery, and reputation.

Price Risks

Volatility and inflation can disrupt a supply chain with a rapid increase of supplies, making forward-planning difficult unless an organization uses advanced forecasting software. Organizations who are looking to reduce price risks should purchase and sell hedge contracts, especially in commodity markets. They should also secure contracts with suppliers if they believe prices will rise.

Quality Risk

Nothing can bring a supply chain to a halt faster than quality. There are two types of quality errors that occur in a supply chain: human error and automation error. Organizations need to measure both of these channels if they want to assess their quality risks.

An organization could measure the probability of human error based on the hours the average employee works, how much work needs to be done, and other factors. For example, an organization that manufactures semi-trailers could run an analysis that their employees have been working over 60 hours per week, which increases the risk that human error will occur. To decrease the risk, the manufacturer could hire more employees.

Delivery Risk

Weather, traffic, and inventory strategies can cause goods and products to arrive late, never arrive or arrive too early. Organizations must measure all factors, even small ones, that may impact the delivery of goods.

For example, an organization whose supply chain involves moving products via train must account for the risk that weather brings. In the winter and snowy areas, railroad tracks must be cleared before the trains can advance or risk derailment. Optimizer software can show an organization how to allocate their resources should an event like this occur.

Reputation Management and Risk

Social media has many benefits when it comes to the supply chain. One such advantage is the ability to manage an organization’s reputation. Reputations take an organization years to build but can be destroyed in weeks if it is not managed properly.

For example, in 2010 an oil rig owned by BP had exploded and sunk. For 87 days a sea-floor oil gusher flowed until it was capped. This accident had cost them $4.525 billion in fees and fines, but the company suffered serious loss in their brand. People began to boycott BP and still do to this day. Some stations saw sales decrease by 10% to 40%.

Monitoring social media would not have solved this problem, but it does show the importance of managing an organization’s reputation. Most companies ignore their reputation and take it for granted because it is often the most misunderstood areas of risk.

Identifying risks is not usually difficult. In fact, organizations often find that they have too many ideas when it comes to potential risks. As a result, what organizations really need to master is how to prioritize risks.

Prioritizing Your Risks

Once an organization has a list of potential risks, they must find a method for prioritizing the list of risks. Most organizations prioritize their risks based on the probability and severity associated with each risk, but they all differ on how they measure severity. For some organizations, they will place an emphasis on lost revenue — others might place more importance on customer satisfaction or brand management.

An organization can calculate the probability by using past data, forecasting data or utilizing insurance companies. Although insurance companies will likely not give you their algorithms, they can share and often publish information about the claims that are often made.

For example, an insurance company can inform an organization about the most common claims made by related businesses. Manufacturers can learn about the probability that one of their employees will be injured. Oil companies can learn about the probability that prices will increase. Of course, all of this is speculation, but it goes a long way in helping companies prioritize.

The other factor for prioritizing risk is by determining the severity that each risk represents. Predictive analysis is powerful for helping an organization identify the potential impacts of an event.

The largest challenge with prioritizing risks comes from events that have low probabilities, but high impact such as natural disasters. Some examples include hurricane Katrina and Fukushima earthquake and tsunami. But using mathematical models like the one introduced by David Simchi-Levi can help organizations prioritize risks.

Once an organization has identified risks and given them priority, they can begin brainstorming strategies to mitigate risks.

Strategies for Mitigating Risks

Identifying and prioritizing risks does not do very much for an organization if they do not develop strategies to mitigate risk. Organizations can develop two types of strategies to mitigate their risks: risk prevention and risk mitigation.

Risk Prevention Strategies

The first strategy for minimizing the impact of risk has to deal with managing the probability of risk occurring. Unfortunately, this strategy is the most important and least expensive methods, but is frequently neglected because nobody is rewarded for preventing fires — only putting them out.

Preventing loss and risk offers organizations a serious competitive advantage. Companies who can prevent risk will be able to maximize profitability and ensure the continuous flow of their supply chain. Like sickness, prevention is often the best medicine.

The most profitable and leading organizations will look for ways to prevent risk. For example, effective organizations are selective when it comes to their suppliers and third-party manufacturing companies. They do extensive research to verify companies have the capacity to fill present and future orders.

Some other examples of risk prevention can include picking financially strong partners who will not go out of business tomorrow, designing for globalization or applying lean/six sigma techniques to their supply chain.

New call-to-action

Managing the Impacts Associated With Risk

Risk prevention is a powerful risk management strategy, but no amount of preparation can prevent a risk from occurring. Some events — e.g. natural disasters — cannot be prevented. However, an organization is expected to plan for them, developing a crisis-prevention strategy for when they occur.

For example, in 2011, Fukushima was devastated by an earthquake and a subsequent tsunami. The tsunami caused the meltdown of a nuclear plant, taking 20,000 lives. The nuclear plant said that this — the worst crisis since Chernobyl — could have been prevented.

Many have cited that the plant could have planned for the up to 14m waves that knocked out their backup power supply and caused three of their six reactors to meltdown. They could have built multiple power supply locations to prevent an event like this or developed a plan to evacuate people once the reactors were melting.

Regardless of whether or not the nuclear plant could have planned for it, this event demonstrates the need for scenario planning, which is the method that executives use to determine implementation strategies for future events. The company at the forefront of scenario planning is Shell Oil Company because it addresses all sorts of scenarios and develops actions in the event their future predictions occur.

For example, Shell has a plan for what to do if an oil spill occurs in a certain geographic region. They have a plan for what to when the oil prices began bottoming out over a year ago. They have developed a plan for all probable scenarios.

Many organizations leave themselves exposed to risk by not planning for it, i.e. by not leveraging software that offers scenario analysis and improved planning. Organizations can manage risks by developing disaster preparation plans, hedge purchasing, supplier segmentation or other various methods.


Risk is a fact of any supply chain, but too many organizations are not giving risk enough attention. This provides a massive competitive advantage to the company that implements a risk management strategy in their supply chain, especially one that can account for happenings across the entire enterprise.

Organizations can begin developing a risk management strategy by identifying risks, prioritizing them and mitigating risks. This is not a one-time action. The most successful organization make this a regular, ongoing strategy. They will search for risks every so often and create a plan to address risks as their business changes. Integrated planning software that allows users to leverage what-if and scenario analysis is the best way for organizations to discover, prioritize and offer solutions to mitigate risks.

Case Study Strategic Planning and Risk Management

You May Also Enjoy Reading
Supply Chain Brief