7.4 Risk Management Strategies to Mitigate the Supply Chain Vulnerability
Learning Objective
3. Examine risk management strategies to mitigate the supply chain vulnerability.
Video: Supply Chain Risk Management (SCRM) | AIMS UK (3:35)
If you manage a supply chain, you need to do all in your power to get the very best supply chain risk management or SCRM options at your disposal. It will not be easy to do that, and this is why you have to first identify the supply chain risk factors and deal with them to the best of your capabilities.
Media 7.7 Supply Chain Risk Management (SCRM) [Video]. AIMS Education, UK. (URL: https://www.youtube.com/watch?v=7-jpmngs6aw)
Risk Management
The following material adapted from Supply Chain Risk Management: Literature Review by Amulya Gurtu & Jestin Johny under Creative Commons Attribution License 4.0.
Risk management refers to the implementation of strategies and plans to manage supply chain networks through constant risk assessment and reduce vulnerabilities to ensure resilience in supply chains. All supply chains do not have the same risks, but some risks are common. The risks are also specific to an area of business or the field of study. A supply chain is as strong as the most vulnerable member of the supply chain. Therefore, the longer a supply chain, the greater the risk of failure of the supply chain. Supply chains have many players. A high number of players present risks. However, building a robust supply chain is expensive. Numerous research articles have suggested the need for such supply chains due to the magnitude of the adverse effects of risk on its performance. A risk event is an indicator of a threat that disrupts a supply chain. Global supply chains have many challenges and greater risks. The dependence on an organization for parts has changed to a supply chain. This requires greater transparency and sharing of information among supply chain players.
“Risk management refers to strategies, methods, and supporting tools to identify and control risk to an acceptable level” (Alhawari et al. 2012). Additionally, risk management can also be referred to as a synchronized set of actions and approaches to direct an organization to minimize the risk for achieving the organizational goals. Managing risks allows the decision-maker to understand and assess the impact of risk in a supply chain network. Controlling complexity leads to higher cost efficiency and reduces risks.
Risk detection plays a pivotal role before disruption occurs. Force majeure disruptions are challenging to manage but can be estimated through conscious risk assessment strategies, identifying risk indicators, and applying the principles of Total Quality Management (TQM) in sharing information among SCM partners. Corporations should have contingency plans in the case of the occurrence of a disruptive event. Performance failures of a supply chain can be monitored through audits in an organization. Toyota have applied these principles in their supply chains and minimized the disruptions due to product recalls.
Strategies to control risk may be divided into seven categories: prevention, rescheduling, conjecture, numerical and economic, vertical integration, risk-sharing, and technology and security. The prevention strategy is used when risks are linked with each product or its terrestrial markets, or close engagement with suppliers/customers is not possible. Divestiture of resources, delay of entry, or contributing to less ambiguous markets is prevention. Ensuring flexibility and delay in spending refers to rescheduling. Market demand, customization of products or services, input costs, product life cycle, and product modularity affects rescheduling. The conjecture is the opposite of rescheduling, and decisions are influenced by projected demand. Supply chain resources are leveraged to maximize the competitive advantage in serving the customers. Financial risks are addressed through numerical and economic approaches. The numerical approach is for a large population, e.g., insurance. The occurrence of an event for many people at the same time requires an economic approach. A few risks incentivize vertical integration because vertical integration reduces the risks due to better supply and demand control. Opportunism and asset specificity, capacity constraints, and improved supplier–buyer power balance are such incentives. Contracts with flexibility for possible changes in the environment reduces risks. Designing flexible contracts acts as a control mechanism. Outsourcing or offshoring transfers risks in SCM. Technology to detect nuclear, chemical, or biological elements exists and reduces the risk of carrying such shipments.
(Gurtu & Johny, 2021). CC-BY-4.0
Effective Risk Management Processes
Companies need to use an effective risk management process that consists of the following steps: identifying, assessing, responding, communicating, and monitoring risks in the global value chain. The process is the so-called risk management cycle. The risk management cycle is a helpful tool for helping companies in a variety of industries to recognize potential risks at all levels and then manage risks at all levels. The most comprehensive risk management cycle was created by the Government of Canada (2016). The risk management cycle helps organizations to choose “the best course of action under uncertainty” (Government of Canada, 2016). The cycle includes the following steps: identity, assess, respond, communicate, and monitor risks (Government of Canada (2016). It is a systematic, proactive, and ongoing process that equips organizations to be more effective, high-performance, and build confidence when companies face uncertainty (Government of Canada, 2016).
Identifying Risk
Identifying risk in the global value chain is the initial step in the risk management process. In this step, the organization has to identify as many risks as possible and share them with every stakeholder and third party. Next, identify warning signs of risks by creating questions, for example, is our new technology proven and mature for the global value chain? Why does the organization have significant gaps between partners and information? Why does the organization not have a mitigation or contingency plan? (FITT, 2021)
The organization should spread the mitigation plan, expectations, and valuable tools with stakeholders, partners, and staff. According to the Government of Canada (2016), there are several techniques and tools available for identifying risks, such as checklists, workshops, and risk assessment forms (Government of Canada (2016). In addition, identification activities have to be provided by the staff, such as identifying people who should be involved in identifying risk roles, how to document identified risk and what type of information should be collected and recorded (Government of Canada, 2016).
Assessing Risk
Assessing risk includes analyzing and prioritizing steps (Government of Canada, 2016). The scope of the risk has to be determined by the assigned person. Also, determine the factors about the severity of this risk and how this risk impacted businesses in the past. The likelihood and the impact of an event are the significant parts of this step. The organization should take into account two terms together impact and probability. Probability is how often the event occurs in the past. For assessing risks, companies should characterize, evaluate, and prioritize risks for supporting the chosen decision. This action will help the organization to manage risk in the future. There are a variety of assessments: qualitative, quantitative, and semi-quantitative. Quantitative assessment consists of numerical risk criteria such as numbers which can be counted or measured. Qualitative assessment based on the qualitative descriptions of risks, for example characteristics or information that cannot be counted. Semi-quantitative which combines quantitative and qualitative data. After getting information, risks have to be measured and ranked. The top priority risks have the highest probability and greatest impacts (FITT, 2021). There are a few specially designed tables for this purpose.
Responding to Risk
According to the Government of Canada (2016), this step includes selecting and implementing measures to the risk. Responding to the threat has several mitigation strategies: accepting, reducing, avoiding, monitoring, and transferring risks (Government of Canada, 2016). Accepting risk is the same as retention risk, and an organization accepts particular risk because it is not enough to spend money to mitigate it. For example, it can cost a small amount of money. Accepting is the most common approach for small risks in the global value chain. Reducing risks can be through control or prevention. Installing security systems, burglar alarms, protective equipment, and insurance companies are common approaches to minimizing risks. Avoidance strategy is applicable for organizations that want to eliminate as many challenges as possible and potential risk sources. This strategy is not acceptable for all hazards and can be mitigated by creating policies, procedures, training and so forth. For example, if a country has the weakest political stability, the company can avoid the political risk and avoid expansion to that country. Monitoring risks have to be an ongoing process within the global value chain. Companies can transfer risks to the insurance company by purchasing an insurance policy. Also, transfer risk to the third party who will be responsible for consequences and loss, meaning transferring risks.
Communicating Risk
The government of Canada (2016) describes this step as the risk management process of making decisions according to the communication and reporting information about risks to the particular department. The communication process must be internally between employees and externally between clients, stakeholders, and third parties. An integral part of communications is providing enough information to make the right decision (Government of Canada, 2016).
Monitoring Risk
Regular review of risks’ information and mitigation plan is an ongoing process for the global value chain. Review risk responses to ensure that the plan is implemented effectively and efficiently. It is an essential part of the whole cycle because new improvements or opportunities can be effectively identified and executed (Government of Canada, 2016).
Risk Management Cycle
Note. Adapted from Government of Canada, 2016.
Check Your Understanding
Examine risk management strategies to mitigate the supply chain vulnerability.
Answer the question(s) below to see how well you understand the topics covered above. You can retake it an unlimited number of times.
Use this quiz to check your understanding and decide whether to (1) study the previous section further or (2) move on to the next section.
Interactive activity unavailable in this format
Text-based alternative to interactive activity available in Chapter 7.6.
Overall Activity Feedback
Risk management refers to the implementation of strategies and plans to manage supply chain networks through constant risk assessment and reduce vulnerabilities to ensure resilience in supply chains. All supply chains do not have the same risks, but some risks are common. Companies need to use an effective risk management process that consists of the following steps: identifying, assessing, responding, communicating, and monitoring risks in the global value chain. The process is the so-called risk management cycle. Strategies to control risk may be divided into seven categories: prevention, rescheduling, conjecture, numerical and economic, vertical integration, risk-sharing, and technology and security.
Media Attributions and References
AIMS Education, UK. (2022, January 14). Supply chain risk management (SCRM) | AIMS UK. [Video]. YouTube. https://www.youtube.com/watch?v=7-jpmngs6aw
Government of Canada. (2016, May 12). Guide to integrated risk management. https://www.canada.ca/en/treasury-board-secretariat/corporate/risk-management/guide-integrated-risk-management.html#toc4_6