Identification of relevant supply chains. The first step in risk identification involves defining which supply chains should be included in risk analysis. There are two approaches: either a) all suppliers or b) a specified supply chain section. The following criteria are suitable selection parameters: purchasing volume, effect on sa-les, technology and patents, ownership structures, cus-tomer requirements, or regions. At this point, at a mini-mum, we recommend taking all direct material supply chains into account, as some suppliers assumed to be quick and easy to substitute can turn out to be surpri-singly critical upon closer inspection of the sub-tier structures.

The fact that 51 % of supply disruptions do not occur at direct suppliers but rather in sub-supply chains shows that it is essential to include the first tier of the supply chain as well as supply chain sub-structures in risk analysis (source: „Supply Chain Resilience 2014“ study, Business Continuity Institute). Besides sub-suppliers, it is equally important to capture paths and structures: these include critical logistics hubs (ports, airports, and bottleneck regions such as Rotterdam and the Suez Canal), own production sites and distribution centers.

Development of risk scorecard. Once the supply chains to be monitored have been defined, the compa-ny-specific risk inventory must be created. A risk score-card designed specifically for this purpose, contains all risk indicators, which detect changes in risks. To facilita-te definition and classification of the individual risks it is useful to create clusters by topic, such as economic stability of the suppliers, supply disruption risks, market and cost risks, image and compliance risks, or quality and performance risks. Here it is important to not only

take into account the supplier perspective (solvency, CSR conformity, etc.), as interruptions can also occur in the supply paths. Location risks, such as natural disas-ters, strikes, and accidents at sites or logistics hubs, can often affect several suppliers at once.

It is vital to integrate risk information into additional procurement processes, such as contract award decis-ions or supplier validations, or to use established purchasing processes such as RFIs or voluntary infor-mation for collecting and updating data of supply chain structures, for example. In this way it is possible to yield synergies in the many different purchasing processes.

Data capture and automation. The challenge in iden-tification and constant monitoring of risks along the supply chains is the huge volume of data required: initial assessment of latent supply chain risks requires information from numerous expert databases. The same applies to ongoing risk monitoring on a (near) real-time basis for ad hoc identification of crisis situa-tions that occur. High automation for data capture and data updates on a global scale is therefore indispensa-ble and should be a key decision criterion when setting up Supply Chain Risk Management. Besides currency and capacity, relevance is also a factor: the alerting logic should filter noise from actual risk signals.

Another critical aspect in terms of success is standardi-zation of the data. Enhanced comprehensibility can only be ensured if consistent terminology exists. For that reason, data such as financial indicators (e.g. Credit Ratings: AAA, AA+, ..., D), earthquakes (e. g. probability of occurrence and magnitude based on the range on the Mercalli scale of MM I to XII) or political stability

Natural disasters, strikes, sanctions, fires or in-solvencies – the causes for supply disruptions are numerous. Globalization is making supply chains susceptible to disruption, and the results are serious: contractual penalties, production standstills, drop in sales or reputa-tional damage. Comprehensive risk manage-ment helps secure supplier relationships and prevent supply bottlenecks. Therefore, risks along the global supply chain must be identified upfront.

Supply Chain RiSk ManageMent1. RISK Identification

RISK Radar1.

3.ACTION Planner

2.IMPACT Validator

ContRolling & analytiCS

Orleansstraße 4 • 81669 München • T: +49 (0)89 9901 648 - 0 • info@riskmethods.net • www.riskmethods.net

Martin Wiedemann, Logistic Director, Bosch Diesel Systems

˝Targeted alert messages from on-site monitoring of objects enable us to respond quickly and to save costs and time as a result of the reduced response time. This gives us an enormous competitive advantage.˝

Threat / ProbabilityIm

pact

/Cr

itica

lity

low high

high

Benefits of risk identification:

• Increased probability of finding a risk event by 85 % (compared to search engines)

• Automated early warning system reduces response time by 1.5 days

• 1 hour production downtime = penalty of € 200,000

• Reduced manual risk search by 1 hour/day/buyer

• Prevention of price increases of up to 16 % resulting from bridging demand at short notice

Source: ˝ROI of Supply Chain Risk Management˝ study, eckseler consult & riskmethods

Supply Chain RiSk ManageMent1. RISK Identification

(e. g. Global Peace Index Score in categories on a scale from 1 to 5) must be converted to a uniform risk scale. This is where scales that are easy to understand are helpful, for example „No risk“, „Low risk“, „Medium risk“, „High risk“ and „Risk event“.

Integration of risk management in the organization. Organizational integration is just as important as the conceptual framework and content-related develop-ment of risk management. Sourcing decisions should not solely rely on cost. A good balance between risk-adjusted contract awards and savings is seldom found in procurement’s targets. The consequences of this are well documented. To ensure that this conflict of objec-tives does not occur in the first place, risk management requires top-level management awareness, clear responsibilities and defined roles within the processes – ideally in the form of a responsible risk manager. Integration of risk management in the agreed targets of all buyers and product group managers involved should be compulsory. For risk management to be successful in the entire organization, it is essential to create aware- ness concerning the benefits of risk management and to set measurable objectives.