Integrative Improvement Blog

The integrative improvement blog discusses and provides commentary on the latest topics in the business performance improvement sector.

Risk management the key to a resilient supply chain

Risk management the key to a resilient supply chain

In addition to taking many lives, the 2011 Fukushima earthquake and tsunami in Japan left the world auto industry reeling for several months. Thailand’s floods in the same year affected the supply chains of computer manufacturers dependent on hard disks and the supply chains of Japanese auto companies with plants in Thailand. The 2010 eruption of a volcano in Iceland disrupted millions of air travellers and affected time-sensitive air shipments.

Because historical data on these rare mega disasters or force majeure are limited or non-existent, their risk is hard to quantify using traditional models. As a result, many companies do not adequately prepare for them. This can have catastrophic consequences when they do strike and can force even operationally sound companies to scramble after the fact — Toyota, in the wake of the Japanese tsunami being a good case in point. Add economic turmoil to the mix, and the risk of supply chains being affected by such unforeseen disruptions is likely to escalate.

With increased fragmentation of the supply chain, the risk profile may change significantly. Greater complexity in interactions and coordination are likely to introduce increasing variability and uncertainty in delivery from suppliers. While the impact of certain risks, such as the guaranteed supply of raw materials, may decrease with broader supply sources, this same action increases the number of potential risks across a larger number of suppliers.

Many organisations struggle with supply chain risk management processes that are fragmented and inconsistent across functions, business units and geographic regions. In 2008, a study conducted by Marsh Consulting and Risk Insurance magazine found that this fragmentation leads to redundant efforts or unaddressed risks, as well as increasing the difficulty of identifying domino risk effects and hidden interdependencies across functions and regions.

By not managing risk, the organisation exposes itself to potential consequences which may include the following:

  • Damage to tangibles — human and physical assets such as property, products, infrastructure, personnel and the environment
  • Damage to intangibles — non-physical assets such as reputation, market position and goodwill
  • Further harm to the organisation including community status and regulatory issues

Responsive and resilient supply chains that can withstand the effects of major disruptions without negatively affecting the customer experience, or suffering significant recovery costs, will enable organisations to have a sustainable competitive advantage in their markets. They will also be better prepared for economic recoveries, particularly when the operating environment is highly volatile.

To achieve this resilience and responsiveness, organisations need to develop a comprehensive supply chain risk management plan and the capabilities to support it. Such a plan defines how supply chain risks will be managed and may include the following techniques:

  • Avoiding the risk — changing plans in order to prevent the problem from arising (e.g. employee training, lead indicators)
  • Mitigating risk — lessening its impact through intermediate steps
  • Transferring the risk to another party (e.g. by contract)
  • Accepting that some portion of a risk is inevitable, given the organisation’s work and accounting for that probability (e.g. setting aside a risk fund) — this should be a last option, given the reputational and financial implications of this technique

The risk management plan should answer the following questions:

  • Which supply chain risks must be managed?
  • How much supply chain risk is acceptable?
  • Who is responsible for the supply chain risk management activities?
  • What relative significance does time, cost, benefits, quality and stakeholders have in managing the supply chain risks?

The plan should consist of two parts, both of which are interrelated and reviewed on a regular basis, namely:

  1. Risk analysis, which involves the identification, evaluation and prioritisation of risks.
  2. Risk control, which includes the monitoring and reporting of identified risks and related actions.

Supply chain continuity framework


With the focus of many companies on profitable growth, they also need to consider the risks inherent in new markets, facilities and partners. Critical suppliers should be included in the risk management plan at this early stage to ensure that business continuity and contingency plans are in place. An integrated supply network design process can enable the company to make decisions in an informed, creative and systematic way that takes into account risk and still finds cost-effective solutions.

An example of this is described in the article ‘From Superstorms to Factory Fires’ (David Simchi-Levi, William Schmidt and Yehua Wei, Harvard Business Review, January 2014), which shows how Ford Motor Company applied Simchi-Levi’s Risk Exposure Index (REI). This enabled them to focus their mitigation efforts on the most important suppliers and risk areas instead of ignoring them or using an exhaustive approach.

Risk communication

The formal recording of information is an important element in risk analysis and risk management. Risk information needs to be reported and communicated on a regular basis in an appropriate and simplified form, so that responsive action can be taken timeously.

Risk communication to all employees should include what the risk information reveals as well as the visible signs of actions to address the risks. In other words, employees need to see how senior management identifies, prepares for and mitigates against risk.

Furthermore, risk communication should be a dialogue rather than an instruction. By providing employees with the context of risk management and inviting them to question and discuss risks, they become more aware of how risks might affect both the extended supply chain and their departments, as well as gain an understanding on how to identify, prevent and mitigate risks.

The TRACC framework helps organisations build standardised and integrated good practice and performance capacity across their Plan, Source, Make and Deliver functions. Simultaneously it accelerates their collaboration and alignment capacity to build world class end-to-end value chains, enabling the organisation itself to become the ultimate source of sustainable competitive advantage.
Sign up to our monthly TRACC Community newsletter for CI insights, interviews and news!