Assessing Risk in Your Supply Chain


With more attention being paid to supply chain risk and the problems it can present for global organizations, an increasing number of procurement professionals are getting involved with risk mitigation. According to business advisory firm CEB, about 50% of procurement executives feel “direct pressure” from CEOs to improve their supply chain’s risk management activities.

In Supply Chain Risks Continue to Disrupt Operations, CEB reports that increasing reliance on third parties introduces a greater likelihood of compliance risk from corruption, import-export license issues, and labor and employment violations which all can cause massive reputational harm. Despite these elevated risks, CEB found that 78% of compliance professionals report little or no control over approval of third-party relationships and 55% report “little or no control over the auditing and monitoring of these relationships.”

That lack of control can spell trouble for the organization that doesn’t proactively assess its own risk profile and that of its Tier 1 and Tier 2 suppliers (at minimum).

“Many companies lack the visibility into their own supply chains to be able to effectively respond to a disaster,” points out Dale Ford, vice president at IHS Electronics & Media in El Segundo, Calif., “because they have no idea what the dependencies are in relation to those supply chains.”


Many companies lack visibility into their supply chains, making it difficult to respond effectively to disaster, says Dale Ford, IHS Electronics & Media.
Of particular concern is that most organizations have visibility over a single level of suppliers and lack any insights into the risk profiles and viabilities of their suppliers’ vendors. When disaster hits—be it a major catastrophe, an economic crisis or an issue that’s restricted to a single supplier—that lack of visibility frequently translates into chaos for the buying group.

The good news is that there are steps that buyers can take to identify and properly address risk in advance. Here are four ways to do it:

  1. Put on your risk manager’s hat. Being able to effectively assess risk requires a slightly different view of the supply chain, according to Ford. “Procurement is extremely focused, while risk management requires a step backward in order to see the forest for the trees,” he says, noting that buyers are particularly well positioned to take on this role, and/or play a key role in assessing and mitigating supply chain risk. “Buyers are on the front lines working directly with suppliers, and they understand the supply chain,” says Ford. “They just need to organize and expand on their strong knowledge bases in order to leverage the understanding that they already possess. It makes sense for them to be involved.”
  2. Go beyond that “one step up” the supply chain. You may be purchasing goods and services from a number of Tier 1 suppliers, but don’t overlook the fact that those vendors also have their own supply chains to manage. “Go beyond just that ‘one step up’ the supply chain,” Ford advises. By peeling back the layers and figuring out the various dependencies and vulnerabilities among all of the suppliers your organization depends on, you’ll be better positioned to manage risk across the supply chain.
  3. Evaluate suppliers thoroughly before trading with them. In Top 5 Areas to Cover When Assessing Supply Chain Risk Factors global trade management (GTM) software provider Integration Point tells buyers to evaluate five key points when selecting suppliers: country of origin (know where your supplier’s production facilities are); shipment and delivery accuracy (to ensure consistent, on-time delivery); physical security (particularly in areas that are prone to terrorist attacks); internal processes (such as manufacturing controls); and social and environmental responsibilities (compliance with child labor laws, for example).
  4. Conduct thorough scenario planning. One of the most straightforward ways to assess risk is by using “what if?” scenarios across various components of your supply chain. Say, for example, you purchase electronic components from three Tier 1 suppliers that are all situated in the same geographic region. And let’s say that area is prone to tornadoes. What if a natural disaster were to sweep through the area? How would their operations be affected? How would your firm be affected? How would your organization respond if this were to happen? This exercise will help you determine where your firm’s key supply chain risk points are and come up with a plan of action, says Ford, such as sharing in the cost required to move some of the Tier 1 supplier’s manufacturing equipment to a new location that’s away from the “danger zone.”

Five Critical Risk Areas

In The Evolving World of Supplier Risk, Ernst & Young highlights five critical areas of supply chain risk that organizations should be concerned with. They are:

  1. Execution. Is your company in danger of having to stop operations because you can’t get tools, supplies and necessary services on time at locations where you do business? Do your suppliers meet all appropriate safety and environmental regulations and provide quality goods and services?
  2. Commercial. Do your suppliers comply with all contractual terms? Do they bill you appropriately?
  3. Continuity. Are your suppliers financially stable? In the event of a natural disaster or other disruption, do you have multiple suppliers with geographic diversity who can keep your operations running?
  4. Competitive. Do your suppliers present risk in terms of theft of intellectual property or conflicts of interest?
  5. Compliance. Do your suppliers comply with critical regulatory guidelines such as the Foreign Corrupt Practices Act/UK Bribery Act, labor laws, domestic government regulations, tax laws and more?
Supplier