Supply Chain Risk: Creating a Risk Map
During a recent presentation at the University of Massachusetts, a group of students in the College of Management’s Supply Chain program were asked to brainstorm all the different ways in which they thought a supply chain could be disrupted. In fifteen minutes, these undergrads generated a list of dozens of supply chain risks in about ten categories. The risks spanned everything from volcanic eruptions to “the administration bans shipments by boat.”
This is the continuation of our series on how to develop a supply chain risk management approach that makes the initiative less daunting. In our last blog post on supply chain risk we examined the effects that a supply chain disruption can have on a business. In this post, we look at ways to identify the potential risks.
Risk Mapping Approaches
The first step toward mitigating the potential threats in a supply chain is to compile a comprehensive inventory of the risk factors that are present. To assist with this analysis, we have found that having a map, hierarchy, or matrix of possible areas of risk is a valuable aid.
The mapping exercise lists every possible way in which your particular supply chain could be interrupted, and then looks for commonality among those risks so that mitigation strategies can be developed that address the broadest possible range of threats.
A number of practitioners and scholars have developed a variety of risk assessment and categorization approaches. In a literature review of supply chain risk classification schemes, the authors cited 25 different research papers on the topic which in the aggregate identified 93 unique supply chain risks in a dozen different categories.
These different schemes variously take the form of tables, hierarchy diagrams, or simple bullet lists.
Which Mapping Approach Should You Choose?
The definitive answer is “It doesn’t matter.” The exercise is to allow you to work from a detailed level of specific risks to a higher level set of categories, and ultimately, to a set of mitigation strategies that may address multiple risks at once.
Can’t decide? Here is a risk framework that we developed that uses the APICS Supply Chain Operations Reference (SCOR) model as an organizing principle. The SCOR model decomposes every supply chain into the high-level processes of Plan, Source, Make, Deliver, Return, and Enable.
Our map of supply chain risks looks like this:
This model correlates the high-level supply chain processes with different categories of risks such as product/service or privacy/security.
Cause or Effect?
Further confounding our efforts to list supply chain risks is the inter-related nature of these factors. It is often difficult to determine if a particular factor such as cybercrime is a root cause, or an effect of another area of exposure, such as lack of effective information technology controls.
Is the small manufacturer delivering critical parts to your company on the brink of insolvency because of poor management, or because their shipments are held up in the West Coast ports because of strikes and slowdowns?
Use analytical techniques such as the “Five Whys” to try to determine the root cause of a potential risk. You want to plan to mitigate the underlying problems – not the symptoms.
Enhancing the Model
OK – you have created a list of possible threats to your supply chain. But have you thought of everything? The source documents you used to arrive at this list may be a computer network model or even visual diagram of the movement of materials, products, and information. Overlays of transportation routes, supplier locations, and geographic and political boundaries can bring new insights into potential areas of risk.
In the creation of your supply chain map, you may also want to identify constraints such as capacity limitations of manufacturing facilities, limitations of sources of supply, and transportation hubs that represent choke points.
You Can’t Protect Against Everything…
No organization has the resources available to develop comprehensive mitigation strategies for every possible risk. In the next post in this series, we will look at various ways in which to assess the potential impacts of supply chain events, and to prioritize your responses.
Comments? Questions? We love exchanges of viewpoints. Contact us.
Want help figuring how you can map your own supplier risk map? Reach out for a demo.