What is a supply chain risk management plan?

Everstream Team | February 5, 2021

What a turbulent few years it’s been for supply chains. No wonder more companies are going beyond supply chain management to asking, “What is a risk management plan?” Before COVID-19, many companies had a more  reactive approach to supply chain management, assigning teams to respond to disruptions as they happen. A plan, however, puts the organization in a more proactive stance.

Adding to the COVID challenge are recent trade wars and tariffs. Supply Chain Quarterly explains the issue, saying, “In the past year and a half, the United States has imposed tariffs on three different lists or tranches of goods and has identified a fourth. The first three rounds of tariffs have already resulted in a significant shift away from China and to other countries of origin for goods imported into the United States. As country of origin shifts away from China and toward other markets, there will be reverberating effects elsewhere in all major markets – those in which goods will now be sources, as well as across all markets that are buyers and consumers of those goods.”

Supply chain management must begin with a supply chain risk management plan.

How a supply chain risk management plan works

A supply chain risk management plan is a strategy to speed response to as many circumstances as can be predetermined to minimize disruptions to the supply chain if they were to occur.

Supply chain risks can come from anywhere, as we have learned. Some of the most common are natural disasters and weather-related risks from climate change. COVID-19 is still causing problems, along with emerging environmental, social, and governance (ESG) and human rights laws, raw materials shortages, and safety recalls.

While some risks happen more frequently than others, even those that appear less emergent can be equally destructive. These may include changing market conditions, the competition gaining market share or operating at lower costs, or evolving customer tastes. The pandemic clearly revealed winners and losers, and those companies able to respond quickly to changes in demand are boosting their revenue. Once again, supply chain management can either help or hurt a business.

diagram of ways Everstream’s software supports supply chain risk management plans

Figure 1: Everstream’s risk management software supports a robust supply chain risk management plan.

Companies must be nimble and resilient, keeping an eye on margins, costs, and quality. Customer satisfaction must remain a priority, and that means being able to shift the supply chain management plan as quickly as possible to keep up with customers’ wants and needs. One, even seemingly small, disruption to the supply chain can have a ripple effect that ultimately affects any of these variables.

For example, the Texas-based H-E-B grocery chain had a virus pandemic on their radar from 2005 with the H5N1 outbreak in China. The company developed a plan of how it would respond and what business implications it would need to consider, including modifying their supply chain. They refined that plan over years of other virus outbreaks and even hurricanes, something the Texas coast is quite familiar with.

When COVID-19 hit the U.S. coast, H-E-B was able to put their plan into action and became a shining star in how global supply chains can be optimized on a dime. Having its plan already in place enabled the company to quickly respond, adding new suppliers to its supply chain to fill the anticipated gaps.

H-E-B is just one example of why it is so critical for companies to be nimble. So many variables can play into the supply chain delivery model and in the case of the pandemic, being able to keep the supply chain running smoothly can be a matter of life and death. A single supply chain disruption can have significant implications.

The supply chain risk assessment is, therefore, crucial for any organization who is dependent on others for their success. Suppliers, distributors, manufacturers, and retailers are the primary stakeholders in the supply chain. From raw materials to parts and carriers, they all must work synergistically for the end consumer to get what they expect, when they expect it.

Prior supply chain risk management planning prevents poor business performance

As the old military adage goes, “Prior planning prevents poor performance.” The risk management plan requires pre-planning first. It takes time, but proper due diligence is the difference between a company folding due to a crisis or persevering despite the odds.

The following pre-planning steps yield valuable information that ensures the supply chain risk management plan is comprehensive, accurate, and reliable.

Step 1: Assess your risks

You can only plan for what you can see. Risks are everywhere, so you need to document them. Supply chain management begins with understanding all risks, at least all the ones you can possibly anticipate.

Consider each link in your supply chain, as well as each of their risks. Indirect risks count, too. Your suppliers may have risks that you don’t, but that doesn’t mean you won’t feel the effects if they do. Go as far out as possible, even talking with your suppliers to find out what they view as their most probable risks.

Natural disasters, weather-related events, safety recalls, foreign economic instability, and all the variables mentioned above could result in delays, higher costs, and decreased sales and customer satisfaction on your end. You won’t be able to anticipate every threat, but add as many to the list as warranted, even if those risks seem improbable. Few believed a pandemic would hit our shores as it did, but now we know. Historical references are always welcomed as they add much-needed lessons learned.

We are still learning lessons from COVID-19, and we can look at that and other historical events to plan and strengthen our supply chain management approach. Take the rare but still occurring government shutdowns as an example. For many companies, government shutdowns do not have a significant impact, particularly if they are only for a few days. But there was a shutdown in 2013 that impacted many organizations.

The Institute for Supply Management released a supply chain risk management study that referenced the 2013 government shutdown. They found 52% of respondents said their firm’s performance was impaired by the government shutdown, and the majority of those that activated their supply chain management plan missed minor risks, such as delays in government inspections. With this experience and hindsight in mind, those firms would likely confirm their supply chain risk management plan included a government shutdown and delays in government inspections as a risk factors.

Many risks will be highly dependent upon the location of your company, its suppliers, distributors, manufacturers, and retailers. Weather-related events, natural disasters, social unrest, and infrastructure issues are prime examples. Other risks are more general, such as cyber threats     and changing industry trends. Once the risks are determined as best as possible, it’s time to move on to step number two.

Step 2: Score risks

Not all risks are the same. In step two, you will assess the likelihood of each risk per location, per shipment, or per whatever matters to your company, and its potential impact on the supply chain. Some risks may only cause minor interruptions, such as a brief winter storm. Other risks could spell disaster, such as a wildfire that destroys the raw materials your business depends on.

To clarify these risks, implement a scoring mechanism everyone can understand. For each of the risks you assess, these scores represent the likelihood of each event occurring, as well as its potential severity.

For example, if you have a distribution facility on the Gulf Coast, and a Category 4 hurricane is barreling toward the facility, the score should reflect the immediacy and severity of the situation. Alternatively, if the hurricane is expected to hit further to the east near Florida, the score will represent the threat level being less severe. By assigning each risk a quantifiable number and/or color, it helps key staff visualize and prioritize the threats.

Step 3: Build contingencies

How you respond to threats is an essential part of your risk management plan. “If X happens, then we will respond with Y.” By building “what if” scenarios, you can role play to determine who and how teams will respond to each event if it were to happen.

Your models can be as detailed as you believe is necessary, but include roles and responsibilities. From a role-by-role flowchart with strict protocols to a simpler series of actions that would occur in anticipation of an event, during an event, or after the event occurs.

By modeling situations, your company can avoid many risks and be able to respond much faster to ones they can’t. Instead of winging it when something happens, you will know exactly what to do by referencing your plan. These scenarios can be a powerful learning tool and help stakeholders execute the plan with confidence.

The supply chain risk management plan

Now that you assessed all conceivable risks, modeled various scenarios, and documented how your company is to respond to each event, you can develop your supply chain risk management plan. No two plans are alike, because each organization faces its own risks and has varying response capabilities. Institute for Supply Management lists the following as some of the most common line items:

  • A list of qualified alternate suppliers
  • Communication protocol with critical and major suppliers (first thru fourth-tier suppliers)
  • Qualification of more suppliers
  • A surplus of critical supplies
  • Communication protocols with critical and major clients
  • Assistance to critical suppliers

It is critical to review your plan regularly, as much as every six months or annually. Your suppliers and their suppliers may change, markets change, customers change, the world changes. Remember that while your plan is the golden record, it is not static. It must be adaptable, and that requires frequent revisions.

Don’t forget logistics

Getting your parts or products from your suppliers on time is always a priority, as is being able to deliver your products or parts to your customers. Logistics is vital, and shipments must be able to run smoothly. One of the more critical components of any supply chain risk management plan is to analyze transportation and routes. Freight is vulnerable to all kinds of risks, from weather-related events to infrastructure outages.

Your risk management plan must include logistics, and it begins with assessing the risks specific to shipments. These risks may be the same or unique to logistics. Follow the same steps as with your supply chain risk assessment, quantifying logistics risks with scores, working through scenarios and modeling, and then developing responses to each.

There are many variables that come into play with logistics, so don’t lose heart. Depending on the freight and route, assessing all the risks to a shipment from pick-up to final delivery can be a grueling, manual process, but what you don’t want is a partial or inaccurate plan. Don’t rely on assumptions and guesses. You have data, so use it to build out your plan.

Use software to automate the process. This will save you incredible amounts of time and ensure your data is comprehensive. The technology gathers massive amounts of internal and external data from a variety of sources, then scores each risk so users can quickly see where to focus their attention and trigger the mitigation part of the plan.

The software presents the data in a visual, actionable way to give you a complete picture of all risks, as well as the probability of those risks during each leg of the journey and the expected severity of those risks. Users can customize their own dashboards to answer specific questions that matter most to them. The system identifies current problems and potential issues up to 10 days ahead of shipment pickup schedules.

What is a risk management plan as it relates to logistics? It may be simpler to view it as what the plan answers, questions including:

  1. What are the risks to each shipment from the time the goods are packed onto trucks,
    railcars, airplane, or ship until they make it to their destination?
  2. How likely are those risks and what would their impacts be?
  3. How would we respond in each case?
  4. What would trigger the plan?
  5. What is the prescribed flow of response?
  6. Would changing the mode of transportation, the route,
    or the timing of the shipment reduce the risk without adding significant cost?

When you have comprehensive, reliable data early enough in the scheduling process, you can make better decisions that continually improve supply chain management. Your company will be in a better position to avert or minimize risks, and if the worst happens, a plan is in place to recover more quickly.

A risk management plan gives your company the opportunity to save costs while ensuring more on-time deliveries that drives customer satisfaction and loyalty. Even with unavoidable risks, you will know early on so you can set appropriate expectations. Your customers may not love delays, but at least you can make aware of the potential delays so they can plan.

The key to your supply chain risk management plan is to access and utilize the data that is out there. You can’t get to it manually, at least not fast enough. Software will get you what you need, when you need it, giving your company a competitive edge.

Get our comprehensive white paper to learn more about supply chain risk management planning, implementation, and operations.

Share this post