Identifying risks is an essential task and we must carry it out using protocols that consider what, how, and when to do it, especially if we have an international reach.
Risk management for the supply chain has been gaining relevance these past few years due to globalization, an increase of suppliers’ networks, the demands of the market, and competitors.
We can define risk in the supply chain as events that may have a negative effect – either quantitatively or qualitatively – on an item’s manufacturing, transportation, or delivery flows. Therefore, risk management consists of anticipating, identifying, assessing, and mitigating these possible interruptions in every logistics process.
Below are the steps we must follow for managing risks in the supply chain. We will see them in detail later.
1. Risk Identification
- Brainstorm possible risks.
- Define the characteristics of each risk: level and scope.
- Have a record of risk identification.
- 2. Risk Assessment
- Carry out a quantitative analysis: quantify the probability, financial impact, and potential monetary loss, assess main risks in an aggregated manner, and come up with models and simulations for scope.
- Carry out a qualitative analysis: check the probability of the risk happening, classify it, find out the necessary data, create categories for identification, and assess priorities.
Create an Action Plan
- Develop a plan stating the actions to take and when to carry them out.
- Look for approvals.
- Consider budgets and resources.
Execute the Action Plan (if needed)
- Schedule the actions.
- Analyze the variations in the expected results if the risk happened.
- Analyze the budget set for carrying out the actions.
- Meet regularly to consider adjustments and new factors.
Step 1: Risk Identification
These are some types of risks that may arise in any supply chain:
- Supply Risks: related to suppliers, availability, labor interruptions, costs, quality, deadlines, transportation, theft, and customs.
- Demand Risks: related to mistakes in forecasting, delays in shipments, prices, quality, loss of clients, and guarantees.
- Risks in Internal Processes: related to information, technology, data safety, inventory management, capacity, accounts receivable, customer service, planning, strategy, manufacturing, and mergers.
- Environmental Risks: related to political and financial instability, infrastructure (roads, airports, etc.), legislation, regulations, customs, press, environment, natural disasters climate change, currency fluctuation, traffic jams, and strikes.
Sometimes, risks are also caused by commercial factors since buyers and sellers create risks in their quest for better prices.
Step 2: Risk Assessment
The Risk Rate assesses the probability and impact of a risk happening in the supply chain. Probability refers to the chance of the event happening while impact refers to the magnitude of the loss if the risk were to happen. This is its formula:
Risk Rate = Probability x Impact
The combination of probability and impact values creates a matrix that lets us assess the risks and understand which human, technical, and financial resources will be needed to mitigate each risk:
Low risks in green, intermediate risks in yellow, and high risks in red.
Meanwhile, this is the formula for assessing risk in a quantitative manner – only for cases where we have real and trustworthy data:
Expected Money Value (EMV) = Probability x Impact x Cost
The difference against the risk rate is that the EMV is stated in monetary terms.
Steps 3 and 4: Create and Execute the Action Plan
After having identified, classified, and assessed the risks, we must set an action plan to guarantee the continuity of operations. There is no question that having policies, processes, and procedures set to counter eventualities – as well as having a risk committee – will lower any possible negative effects considerably.
An action plan should include instructions on how to restore processes and services and should also take the following into account:
- Real impact on costs
- Recovery time
- Person in charge of each task
- Alternative processes
- Partners in the supply chain
- Other supply sources
- Members of the same sector
- Insurance, bonds, and coverage
- Applicable incoterms
- Training plans
We must keep in mind that the action plan is not a one-time effort and thus should be updated every two or three years.
Risk Management Technology
To develop better risk management strategies, we recommend investing in technology that expedites and integrates the company’s processes with those of the suppliers and clients. It is not just about connecting them but about creating collaboration channels to increase visibility and controls.
There is specialized risk management software that includes tools for an efficient management of documentation, which optimizes the communication of findings in real time and helps make better decisions.
Risks affecting the supply chain may prove catastrophic for the performance of any company. Here are some tips on how to avoid or combat them as best as possible:
- Choose solid international 3PL providers.
- Lower the time of international shipping and reduce the variations in the cycle.
- Implement methodologies such as Lean or Six Sigma to reduce waste.
- Hire insurance.
- Use visibility tools to track shipments.
- Integrate the systems of suppliers, distributors, and clients.
Even though risk management does not eliminate the possibility of incurring in them, it does prepare companies to face them. Especially in global and volatile environments. Therefore, it is recommended to lean on external advisors to define the internal policies and action plans.
In the case of Solistica, some months ago we inaugurated our Risk Management Center (GRIS) in Brazil. We use this risk and asset safety office to identify risks and we design and carry out prevention and reaction strategies using the most advanced technology to monitor cargo constantly and to take prevention and resolution measures in real time.
To learn more about this, we suggest reading Keys for Managing and Controlling Risks in Logistics and A Model for Managing Risks.
*This blog was originally published on December 20, 2018 and modified on June 6 2022.