The engine that powers sustainable organisations
Supply chains are rife with risks, and choosing ignorance is akin to embracing a ticking time bomb. If a company has a large supply chain, they should think about supply chain risk management. This means they need to have a plan to deal with any problems that could happen in their supply chain. This article talks about why it's important to manage these risks, and how to make a plan that follows the rules.
Supply chain risk management (SCRM) is the practice of:
risk events along a company’s supply chain.
Supply chains with up to hundreds of suppliers in locations across the globe are incredibly complex hives of activity.
Given all that activity in supply chains, it’s no wonder that they are hotbeds for risks. If those risks are unaccounted for, the consequences can travel all the way back to the sourcing company in the form of penalties or supply chain disruptions.
In the eyes of the public (and increasingly, the law), the sourcing company is responsible for risks that happen within the supply chain, even if it exists beyond the direct control of said company.
There are recent regulations that are aiming at human rights and environmental risks within the supply chain:
They require large companies to perform due diligence within their supply chains to take reasonable action to prevent such violations from taking place.
In view of these regulatory developments, compliance is a major factor for implementing SCRM if you are a large EU-based company. Companies that actively monitor supply chain risks are also better able to manage business continuity.
The Lieferkettensorgfaltspflichtengesetz and the CSDDD don’t tell us how to set up an SCRM, but the law does lay out specific requirements that should be part of your SCRM. Let’s go through this below.
These are the requirements of the due diligence laws in the current European regulatory landscape. Translating this into a step-by-step framework, here’s a condensed outline of setting up an SCRM in compliance with the above criteria.
Start by visiting your supplier database, going through each supplier to identify potential and actual risks in their business and operating environment.
Here, it is useful to note two types of risks in the supply chain:
Both types of risks should be considered carefully and thoroughly in this step. This step requires supplier motivation to gather information.
Risks should be classified based on two factors:
The results can be plotted in a risk matrix, which allows you to prioritise risks based on importance. For more advanced SCRM frameworks, the use of quantitative analysis such as Conditional Value at Risk (CVaR) to measure risk is common.
Prevent risks from happening by actively implementing supply chain risk management strategies, adopting the precautionary principle such as screening potential suppliers based on their risk profile, and establishing mechanisms to monitor the risks.
Define clearly the procedures for minimising and monitoring the risk. Relevant personnel should be trained on the proper procedures. For example, the party responsible for managing the whistleblowing channel should be in a position to handle complaints indiscriminately and confidentially. Lines of reporting should be established to ensure strong governance.
Where risks have occurred in the supply chain, define the procedure for managing those risks, either by adopting new practices or changing old ones that can minimise the probability of said risks.
Where damage has been done, consider ways to compensate for the parties involved in human rights violations or ways to rehabilitate or restore ecosystems that have been impacted negatively. Part of this is also ensuring the same violations do not reoccur.
By far the biggest challenge for SCRM is taking control of a wide network of factors beyond your immediate control. However, this can be managed by having in place a comprehensive SCRM with detailed procedures for different scenarios.
Another significant challenge is obtaining data to inform the SCRM. The process of engaging your suppliers to cooperate and share information is necessary to identify, assess, and develop strategies for risk mitigation. Continuous data updates are needed to monitor risks on a regular basis. In this respect, the help of software to automate some of these processes can be of great use to your SCRM framework.