Supply Chain Risk Management
Evan Stinson - Content Marketing Specialist

Supply Chain Risk Management 101: Everything You’ll Ever Need to Know

  • Blog
  • Cross-Industry
  • Supplier Management
  • Supply Chain Management

What is Supply Chain Risk Management and Why is it Important?

Supply chain risk management (SCRM) is the process of creating a strategy and working to identify, assess and mitigate the risk in your entire supply chain.

A good program will help you secure (and build) better supplier relationships, prevent supply bottlenecks and ensure your company is operating both legally and ethically.

Supply chain risk management involves a firm grasp of supplier management, conducting internal and external audits, an understanding (and visibility) of your n-tier supply chain, and the development of a crisis response playbook.

Simply put, it’s one of the most important areas for a business, especially considering the risks and disruptions that have been piling up recently.

From pandemics and natural disasters to financial and reputational risks there is a wide gamut that you, as a supply chain professional, must keep an eye on.

Here’s an example of how quickly disruptions can strike and bring a healthy supply chain to a screeching halt.

Read more about President Biden’s supply chain review here

A single disruption can cost millions, if not billions of dollars (looking at you Suez Canal) and in some cases, can cause a domino effect of late shipments, decrease capacity, and severely affect the operations of buyers several tiers downstream.

Staying on the semiconductor shortage example (if you haven’t checked out that link yet, it’s worth the read), the shortages aren’t just affecting computers or cars.

These chips go into everything from cars, phones, computers, gaming systems, household appliances and even advanced military and defense systems. One warehouse fire, compounded with the existing capacity issues, caused a cascading disruption effect spanning into multiple tiers and multiple industries.

That’s why SCRM is important and why gaining visibility over your suppliers is crucial.

What is Supplier Risk Management?

Supplier risk management is a discipline, largely used by manufacturers, retailers, financial institutions and governments, that involves auditing, vetting and scoring suppliers based on the strategic value they bring to operations and their subsequent risk factors.

The end result is a comprehensive supplier risk matrix that lays out potential risk factors, the impact it would have on operations as well as a plan to address and mitigate any potential supplier risks.

Supplier risk management falls under the larger umbrella of supplier management. Often confused with supplier relationship management, risk management is actually only a small subset of what true SRM does.

Find out our 10 golden rules of supplier risk management here.

Steps to Manage Supply Chain Risk

Although there are certainly a lot of moving parts to contend with, when it comes to managing your supply chain & supplier risk, it really is a simple framework.


The first step is to identify what elements of risk there are in your supply chain. For this you need to account for all of your tier 1, but ideally, you’d look beyond into tier 2 or 3 as that’s where the majority of disruptions occur.

Establishing your own specific risk scorecard is important to get a snapshot of all the important risk elements using a standard numerical scale that you consider important. Once you’ve decided what and how you want to measure risk, you can then implement a solution to monitor your supply chain on a continuous basis.

In this step a proactive monitoring system is key. Doing a risk assessment when you first onboard a supplier is important, but it doesn’t end there. Situations change and risk factors change even faster. You will need an automated, AI-powered process to monitor and capture all risk data in your supply chain.


So now you have your risk data flowing in, but it’s not actionable yet.

In this stage, you need to actually look at the data and assess the impact that each potential risk area could have.

This is important to focus your mitigation efforts and supply chain risk management strategy on what’s most important and what will have the largest impact.

To do this you need to figure out what’s important to your business. Here are a few examples to get you started:

  • Total time to recover from disruption
  • Relocation time or time to substitute
  • Brand and reputational image effect
  • Number of customers that will be affected
  • How many qualified alternate suppliers are there?

This is not an exhaustive list, and it’s best to bring in additional stakeholders to find out what your company risk priorities are.

From here you need to create a risk assessment matrix. Again, this will be company or vendor-specific, but the basics are the same.

One axis should be disruption impact, the other should be the likelihood that it occurs. You then start mapping out each event to create a matrix that will guide your strategy.


Identifying and assessing risk is great but without mitigating risk you’re really just sitting on the sidelines, ill-prepared for any sort of disruption.

A highly effective risk mitigation plan falls into two parts:

  1. proactive risk mitigation
  2. reactive crisis management.

The first should be handled in tandem with your risk identification and assessment. You have the data coming in, and as you get used to seeing that data you’re able to take steps to prevent a disruption from occurring.

This could also be something like avoiding sole sourcing events, broadening your supplier portfolio by geography, or encouraging or fine-tuning your own processes.

The second option requires a more comprehensive approach and is often overlooked – it’s building a crisis response playbook.

This is essentially a catalog of every risk under the sun, taken from the data you’re collecting, which is then turned into an action plan. Now whenever a potentially supply-chain-breaking event occurs, everyone knows exactly what to do to minimize the effect and shield the bottom line.

The more detail you can get into the better and there’s no one-size-fits-all approach here.

Crisis Management

It’s important to learn from what disruptions bring and to prepare a more robust procurement crisis management plan. Otherwise, the next time disaster strikes, whether it’s a pandemic, natural disaster or something else entirely, you’ll find yourself in trouble all over again.

Developing your Own Plan and Leading from the Top

Strong leadership in a moment of crisis is invaluable. In procurement, that’s no different. We wrote back in 2017 that one of the key skills for procurement managers in the future would be the ability to quickly make decisions based on clear data.

Take the pandemic for example, we saw that come to fruition in 2020, as companies who were able to make agile decisions were better able to navigate the changing market.

It’s incumbent on leadership to develop an effective plan that covers the necessary business goals and clearly outlines priorities for the immediate, medium, and long term so that the procurement team can act quickly and effectively.

However, don’t try to please everyone with your plan. As Bill Franklin, Head of Finance at Discover Global Network said in May, another key part of responding to a crisis is having the vision to say no to some requests and prioritize others. This decision-making will keep your team focused and able to execute against your plan.

Adapting for Your Industry

Ultimately, there’s no one size fits all solution to crisis management. If there were, there’d be a whole lot less confusion when disaster strikes. Instead, it’s important to consider the specifics of your company’s vertical or verticals and consider any nuances. In the case of COVID-19, the medical and pharmaceutical fields had to respond completely differently than manufacturing or transportation. As you develop your crisis plan, make sure to consider the different possibilities and keep your options open based on the specifics of the crisis.

Essential Crisis Management Steps

Short Term

The first step in an immediate crisis response is simply setting expectations. This is where a procurement manager needs to clearly establish their authority and unite the team around common guidelines. By issuing specific, unambiguous rules, you not only put an immediate stop to unnecessary spending or off-contract purchases, but also inspire a culture of savings.

What exactly these rules look like might vary based on your organization. We spoke with some smaller teams who responded to COVID-19 by altering approval rules such that all new purchase requests had to be approved directly by the CFO. This cut down on the number of low priority or frivolous requests and instead created a culture of austerity.

Larger organizations might not want so many requests coming to the CFO, but instead lower the cost threshold for certain approval steps or limit specific categories in order to minimize small-dollar spending. Whatever you choose to do for your organization, the important thing is that you are decisive from leadership down.

Another major step for procurement managers is leading an effort to diversify sourcing options and revisit existing contracts. By asking your team to spread spending across more suppliers, you minimize the risks posed by one vendor becoming overwhelmed or having one supplier failure derail your entire supply chain.

Revisiting contracts will allow your team to ensure that expectations are being met by vendors and to identify any clauses that allow you to change or terminate contracts due to the crisis situation. Both can potentially save the team significant amounts of money early on in a disaster situation and build a more solid foundation moving into mid-term decision making.

Medium Term

One of the most important medium-term strategies that you can put in place in your response plan is building a more agile approach. This not only applies to agile decision-making in response to the unfolding crisis but also in the tools and programs you implement to emerge on the other side.

By the mid-term stage, chances are you have a pretty good idea of what damage has been done and how you’re mitigating it, and you have a decent idea of how long the situation could last. As you make plans for the future, it’s important to take an agile approach so that you can quickly get up and running with new tools, methodologies, or processes that will help you get back to normal.

In some cases, this might mean ramping up production or services that were slowed during the disaster. Pent-up demand might mean your suppliers are suddenly struggling to keep up. For others, you might be ramping down new categories or suppliers that you had to establish to stay afloat during rough times.


Long-term goals related to crisis management typically come into play once things have stabilized and there seems to be a clear path to recovery. It’s now that you have to begin to prepare for the next potential disruption.

One key area to focus on is removing data silos and increasing transparency across your organization. It’s only with up-to-date, accurate data that you can make quick decisions during a disruption, so clear data is essential. It falls to management to foster a culture of transparency and build processes and policies around data sharing and integrity. Integrating external data sources, like third-party risk management systems or partner data, can also play a role in building a more robust information structure.

Once you have your data sorted – or at least a plan in action to get there – you can start building a stronger plan for the future. Once again, this starts from the top down, but it also can’t be done in isolation. Everyone from the front lines to leadership needs to be involved in conversations and documenting a plan for the future.

How AI Fits with Supply Chain and Supplier Risk Management

Artificial intelligence is still an evolving technology, with new use cases and developments popping up constantly.

Especially in procurement or supply chain management, AI isn’t quite mainstream yet, but being an early adopter will pay huge dividends down the road by allowing you to iteratively improve internal processes and speed up your ultimate time to ROI.

Today, AI’s main use cases are in these three areas.

Supplier Scorecarding and Performance

One of the best ways to manage suppliers strategically is to run a supplier scorecard.

This will rank them against a number of factors like sustainability, historical performance, strategic value to the business, supplier diversity, and a number of other metrics that allow you to rank and group suppliers to find your “core strategic set”.

It’s no secret that this is an incredibly time-consuming exercise and one that constantly changes.

There is always new data coming in. New laws are passed, new suppliers onboarded, performance or quality issues arise, or maybe your business strategy has changed and requires a completely new scorecard metric.

There is also the problem of data integration, with all of these data points coming from a variety of sources, getting a “single source of truth” can be difficult.

The point is that to accurately score a supplier and then effectively manage performance is a next to impossible task.

But not with AI. By using advanced ML and RPA technologies this supplier data can be captured, scored, and updated on a constant basis.

This allows you to adjust your supplier strategy at a moment’s notice by always having access to updated and reliable supplier profiles in a single dashboard.

For example, the pharmaceutical industry has been in the global spotlight for well over a year now. Vaccine distribution and production have made headlines, and now an increased demand has caused bottlenecks and shortages in many areas.

This has led to some countries pausing vaccine rollout, spacing out shots, and in some extreme cases having to throw out whole batches due to timing and storage issues.

With the right supplier scorecarding and data coming in, this could all have been avoided. Grouping key suppliers together and coming up with contingency plans could’ve been done proactively, while also keeping other supplier options close at hand should the need arise.

Supply Chain Visibility

N-tier supply chain visibility is more important than ever before, but it’s also harder to achieve than ever before.

Up until the 1980s manufacturing plants had offices overlooking the floor to keep an eye on every product line. If one machine went down, it was instantly spotted and adjusted for.

But now we’ve outsourced so much. Five station lines have become five companies, five buildings all over the world. That direct visibility doesn’t exist now, and it’s even further complicated when you have to account for not only your suppliers but their entire supplier ecosystem as well.

Supply chains are global, interconnected webs of activity where it’s hard to get an accurate picture past the second tier of suppliers.

However, by applying AI to an advanced supplier management platform that data becomes accessible.

AI algorithms combined with advanced analytics can model a supply chain to the n-th tier while providing real-time performance updates.

This means that you won’t get caught off guard due to a fire taking out a second-tier suppliers’ factory, or a third-tier supplier going through an ethical workplace investigation.

You’ll achieve a 360° view of your supplier ecosystem that allows you to stay ahead of disruptions while making strategic optimizations to drive increased value.

Predictive and Prescriptive Analytics

One of the most common applications of artificial intelligence is by using it to augment data, specifically in creating predictive and prescriptive analytics.

Predictive analytics is the more common of the two today. This is based on analyzing historical performance data and other external data points to develop predictions of what a likely outcome is.

An example of this in use today is JAGGAER’s On-Time Delivery Predictor (OTD). This solution is able to predict, with up to 95% accuracy, if a shipment will arrive on time or not before you even place the order.

This is an incredibly useful application that drastically cuts down on late shipments causing further supply chain disruptions and bottlenecks.

Prescriptive analytics is the next step of this. By combining enhanced AI with predictive data, the system is then able to give recommendations and solutions to problems.

For example, if you now know that a certain supplier is likely to be late, the system will give you several alternative scenarios that match your timeline, goals, and quality standards.

Quite useful in the case of another Suez Canal blockage, which caused billions of dollars worth of shipments to be late, not to mention the logistics nightmare that ensued. AI could’ve helped solve that in a fraction of the time.

Or even more complex, let’s say the price of oil (or any other commodity) is projected to increase. The system will flag that and then recommend that you renegotiate with certain suppliers or place an order now to beat the price inflation.

These are just two small examples of the potential use cases that prescriptive analytics and AI can unlock in your supply chain management.

Looking for more on risk management? Check out this in-depth guide to contract management

Financial Group Drives Compliance with JAGGAER

Want to do a deep dive on procurement and supplier compliance? You can learn everything you’ll ever need to know here!

Start learning now 

Related Blog Posts

We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and advertising cookies that may analyze your use of this site. Learn more