By Laxman Maharjan (SIRM)

As organisations rely on a long and complex supply chain to meet consumer demand and maximise shareholders wealth, they are ever more vulnerable to supply chain disruption, risk of poor quality, and reputational loss.

In the wake of Covid19, many companies were without the raw materials and products when factories in Wuhan, China shut down. In addition, an explosion at the port of Beirut resulted in many companies losing cargos – or it cost them huge amounts of money and extended lead times having to reroute them. Covid19 related risks can be complex, according to Gartner.

According a report by Mckinsey, the total global loss in 2019 due to earthquakes, floods, fires and the like reached $150 billion. Similarly, nearly $350 billion loss was recorded due to hurricanes Irma in the continental US and Maria in Puerto Rico in 2017 and Thai flood and the Fukushima earthquake-tsunami in 2011.

Now looming US and China trade tensions, Brexit, as well as tension between Russia and the West pose significant additional risks to supply chains. These events could result in sanctions, protectionism and increase in tariffs, which will ultimately disrupt the supply chain and hurt the bottom line of many businesses.

Supply chain is one of the top enterprise risks in business and thus require comprehensive and yet pragmatic approach to managing it.

Building Blocks of Supply Chain Risk Management


The foundation of supply chain risk management starts with securing senior management ownership. Having someone senior in the organisation accountable for supply chain risk provides a voice and leadership in the board room. This will ensure supply chain risk management is done properly and consistently across the organisation.

Knowing your supply chain

Organisations use many suppliers and outsourced partners to deliver value to the end consumer. In big corporations the number of suppliers can reach up to thousands, making it difficult to gauge the level of risk exposure.

The first step to supply chain risk management is to know your supply chain. This can be achieved by asking some key questions, perhaps including:

  • Who are our suppliers?
  • What do they provide?
  • Where are they based?
  • How critical are they to achieve our strategic objectives?
  • How do they operate – i.e. do they use sub-contractors, are they reliant on other suppliers etc?
  • How financially stable are they?

Having analysed and mapped the supply chain to mission critical products and services and strategic objectives, organisations can understand who the key suppliers are and, therefore, devise an appropriate risk management strategy.

A care must be taken not to miss tertiary suppliers during the mapping process as sometimes they are the key dependency in the supply chain.

Identifying and managing supply chain risk

The main purpose of supply chain risk management is to identify potential risks and assess the probability and severity of the impacts when they materialise.

Although there are only so many risks that can affect supply chains – such as adverse weather conditions disrupting supply chain or a supplier running in to financial distress, or an increase in the cost of raw materials – the likelihood and severity of these risks will vary depending on the criticality of materials, where the suppliers are based, how they operate, and their financial standing.

That is why knowing the level of risk exposure from each key supplier is critical. It enables you to allocate resources properly and devise appropriate risk monitoring, control effectiveness, and reporting process.

Use Scenarios to Forward Planning

The global pandemic 2020 has proved that the unexpected can and does happen. Scenario planning is a useful tool to understand severe but plausible risk events affecting the supply chain and its impact on the organisation.

By deliberately making scenarios severe, where a number of plausible but correlated risk events occur simultaneously, organisations can recognise where the vulnerabilities lie in the supply chain. With such insights, risk managers can challenge and improve supply chain risk management and provide useful foresights to senior management to plan with a strategic focus.

Develop and maintain Plan B

As IT interruptions and adverse weather conditions continue to increase and disrupt supply chains, developing a robust continuity strategy is important to alleviate operational and financial losses in the event of a disruption. On top of having sound continuity plans, organisations also need to ensure that all their key suppliers also have a robust business continuity plans as part of the due diligence process. A copy of the plan should be submitted to you for assurance.

Monitor, review and improve

Finally, the most important steps to managing supply chain risk is to regularly monitor the changes in the business environment that may affect the supply chain: record and analyse incidents and losses that have occurred: reassess the effectiveness of the measures in place:  and improve on them.

Laxman Maharjan (SIRM) is a member of IRM and director of the consultancy ERM PLUS.
The views expressed in the article are the author’s own and do not represent the official position of IRM.