
The engine that powers sustainable organisations

contact@daato.net

Follow us on Linkedin!


Supply chains are rife with risks and choosing ignorance is akin to embracing a ticking time bomb. Companies with a significantly large supply chain should consider supply chain risk management as an extension of their existing risk management strategy. This article explores the importance of risk management for the supply chain, including how to set up a framework that complies with regulations.
Supply chain risk management (SCRM) is the practice of identifying, assessing, monitoring and managing risk events along a company’s supply chain. Supply chains with up to hundreds of suppliers in locations across the globe are incredibly complex hives of activity.
Given all that activity, it’s no wonder that they are hotbeds for risks and if those risks are unaccounted for, the consequences can travel all the way back to the sourcing company in the form of penalties or supply chain disruptions.
In the eyes of the public (and increasingly, the law), the sourcing company is responsible for risks that happen within the supply chain, even if it exists beyond the direct control of said company.
Recent regulations such as Lieferkettensorgfaltspflichtengesetz (German supply chain due diligence law) and the proposed Corporate Sustainability Due Diligence Directive (CSDDD) take aim at human rights and environmental risks within the supply chain. They require large companies to perform due diligence within their supply chains to take reasonable action to prevent such violations from taking place.
In view of these regulatory developments, compliance is a major factor for implementing SCRM if you are a large EU-based company. Companies that actively monitor supply chain risks are also better able to manage business continuity.
Lieferkettengesetz and CSDDD don’t tell us how to set up an SCRM, but the law does lay out specific requirements that should be part of your SCRM. Let’s go through this below.
These are the requirements of the due diligence laws in the current European regulatory landscape. Translating this into a step-by-step framework, here’s a condensed outline of setting up an SCRM in compliance with the above criteria.
Start by visiting your supplier database, going through each supplier to identify potential and actual risks in their business and operating environment.
Here, it is useful to note two types of risks in the supply chain: operational risks i.e. risks within the supplier’s business that are within their direct control, and external risks i.e. risks beyond their control such as natural disasters or geopolitical conflicts. Both types of risks should be considered carefully and thoroughly in this step. This step requires supplier engagement to gather information.
Risks should be classified based on two factors: the likelihood of occurrence and the severity of the impact on the business and other stakeholders concerned. The results can be plotted in a risk matrix, which allows you to prioritise risks based on importance. For more advanced SCRM frameworks, the use of quantitative analysis such as Conditional Value at Risk (CVaR) to measure risk is common.
Prevent risks from happening by actively implementing supply chain risk management strategies, adopting the precautionary principle such as screening potential suppliers based on their risk profile, and establishing mechanisms to monitor the risks.
Define clearly the procedures for minimising and monitoring the risk. Relevant personnel should be trained on the proper procedures. For example, the party responsible for managing the whistleblowing channel should be in a position to handle complaints indiscriminately and confidentially. Lines of reporting should be established to ensure strong governance.
Where risks have occurred in the supply chain, define the procedure for managing those risks, either by adopting new practices or changing old ones that can minimise the probability of said risks.
Where damage has been done, consider ways to compensate for the parties involved in human rights violations or ways to rehabilitate or restore ecosystems that have been impacted negatively. Part of this is also ensuring the same violations do not reoccur.
By far the biggest challenge for SCRM is taking control of a wide network of factors beyond your immediate control. However, this can be managed by having in place a comprehensive SCRM with detailed procedures for different scenarios.
Another significant challenge is obtaining data to inform the SCRM. The process of engaging your suppliers to cooperate and share information is necessary to identify, assess, and develop strategies for risk mitigation. Continuous data updates are needed to monitor risks on a regular basis. In this respect, the help of software to automate some of these processes can be of great use to your SCRM framework.