All News
by Stephen Gould
March 4, 2022

In a globalized world, supply chains have more strategic importance for businesses than ever before. Supply chains today face an array of threats from both internal and external factors. Stephen Gould’s team of supply chain experts can help you implement the systems and standards you need to manage risk, assure quality, and make sure your products are built and delivered to your customers as promised.

As supply chains become more complex, they also become more susceptible to disruption. A breakdown or stoppage at a single point — broken machinery at a production facility, incorrect demand forecasting, an unexpected natural disaster — can have cascading effects throughout a supply chain. When supply chains are compromised, it can cost companies millions in lost sales and deal significant damage to their brand reputation.

Supply chain risk assessment is a set of practices that companies develop to identify internal and external risks and curb their potential impact on their business. Identifying potential risks and assessing their likelihood is essential to avoiding supply disruptions and keeping customers and shareholders satisfied.

What is Risk?

The International Organization for Standardization (ISO), an independent, non-governmental body made up of representatives of national standards organizations from around the world, defines risk as “the effect of uncertainty on objectives.” This definition focuses on the effect of incomplete knowledge of events or circumstances on an organization’s decision making.
ISO defines risk management as “systematic application of management policies, procedures and practices to the tasks of communication, consultation, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk.” It is a coordinated set of activities that govern how organizations identify, assess, and mitigate risk.

What Types of Risks Do Supply Chains Face?

In recent years, many organizations, including some of the world’s largest and most successful companies, have been affected by supply chain disruptions. Increased complexity has made it more challenging to identify weak points in supply chains and stay on top of potential vulnerabilities. All of this contributes to an environment in which there is a much higher level of risk and a wider range of potential risks that companies must prepare for.

Here are seven categories of common risks that companies face today along with some examples:

  • 1. Financial

    Supplier bankruptcy

    Budget overruns

    Unexpected or unfavorable changes in exchange rates

    Missed milestones requiring additional funding

  • 2. Scope and Scheduling

    Poorly described or vaguely written scope of work (SOW) that creates confusion and delays

    Natural disasters that cause production delays or damage to products and facilities

    Unexecutable SOW that needs to be revamped

  • 3. Legal

    Contractual disputes or differing interpretations of obligations

    Failure to meet terms and conditions

    Misuse of intellectual property and patent infringement

  • 4. Environmental

    Climate change


    Water rights and access

    Excessive emissions and waste

  • 5. Sociopolitical

    Changes in the regulatory environment as a new government takes power

    Impact of sourcing and doing business in politically unstable countries

    Consumer boycotts or pressure to address how product is manufactured, sold, or used

  • 6. Planning

    Hiring the right people with the right skills

    Deploying equipment to the right locations

    Estimating lead times and logistics needs accurately

  • 7. Human Behavior

    Worker illness or injury

    Departure of key personnel

    Poor decision making

In addition to the categories above, supply chain risk assessment should also identify if the risks to be considered are internal (related to our own operations) or external (related to conditions outside of our organization, such as market factors, political climate, regulatory environment, economic circumstances, etc.).

What Are Some Common Strategies for Supply Chain Risk Assessment?

Once businesses are aware of the different supply chain risks, it is time to begin formulating a supply chain risk management strategy. Here are some models and approaches that many businesses have implemented:

PPRR Supply Chain Risk Management Model

The PPRR strategy is often employed by retailers with global supply chains. PPRR stands for:

  • Prevention

    Using precautionary measures to mitigate risk in the event of a crisis

  • Preparedness

    Developing and regulating a contingency plan for dire situations

  • Response

    Having a contingency plan to counteract risk and minimize impact on your supply chain

  • Recovery

    Analyzing operations and projecting the time needed to return to routine procedures

Manage Environmental Risk

Smart businesses recognize that they will have to continue to adapt their business model and operations in response to climate change and the threats posed by environmental degradation.

Strategies to manage environmental risk depend on the size of the business, complexity of supply chains, and the competitive environment. Many businesses have built redundancies into their supply chains by working with multiple suppliers and holding extra inventory in case of emergency. Other companies have shifted their business models in response to new customer demands and advances in technology.

Environmental risk cannot be completely eliminated, but businesses can develop response plans to prepare for different scenarios. Software and analytics can also help businesses better understand their supply chain’s strengths and weaknesses. Supply chain management should include effective contingency plans at each stage of the supply chain in response to the likelihood of environmental risk.

Mitigate Cyber Supply Chain Risks

Modern companies are completely dependent on digital technology to manage their supply chains. This makes them vulnerable to cyber threats including hacks, data breaches, viruses, and malware. These risks may expose sensitive information on clients, vendors and funds. Businesses should implement effective cybersecurity strategies and defenses including:

  • Standardized compliances for external partners, suppliers, vendors and distributors

  • Security measures that authorize only certain users, restricting access to classified information

  • Perform a risk assessment on suppliers before finalizing business

  • Assign ownership to each database that clearly defines which partners can access specific information

  • Train every employee on cybersecurity protocols and limit data visibility to specific employees

  • Implement software to monitor supply chain processes that alert users of unusual activity and metrics

  • Implement backup hard drives that store separate copies of data in the event of a malfunction or security breach

  • Update firewall, anti-virus, and anti-spyware processes to ensure digital fronts are secure


An organization must use a credit rating agency before committing to a supplier relationship. This way they can generate stability reports based on the potential vendor’s financial reputation.

The analysis will use the supplier’s financial history to estimate visibility of a risk that may be introduced to a company. This lets businesses build secure partnerships while reducing supply chain vulnerability.

Monitor Freight Carrier Data

Retailers must keep the remaining supply chain processes on schedule. One late delivery could delay hundreds of order shipments.

Partnering with freight carriers that offer real-time metrics and tracking lets businesses continuously monitor deliveries. Management should assess new and existing carriers by using key metrics including:

  • Transit Time

    The amount of time it takes for products to reach the customer

  • Loading Time

    The average time it takes a supplier to load a carrier and fill out documentation once it arrives at its destination

  • Start and Stop Time

    The average start and stop times of workers allows companies to calculate when a shipment will arrive

  • Route Optimization

    How carriers maximize their route to reduce travel time

  • Maintenance Routine

    How frequently maintenance checks are performed to prevent delayed deliveries from breakdowns

Implement a Comprehensive Logistic Plan

Retailers should develop a logistic contingency plan to ensure that operations can seamlessly continue if there is an unexpected disruption within a supply chain. Management should consider several elements during the planning process including:

  • Outlining all supply chain processes and identifying which operations are the most vulnerable

  • Assessing suppliers and third parties to determine political, economic and geographical risks

  • Expanding network of suppliers to introduce alternatives

  • Auditing providers to assess their disaster plans

  • Developing response teams to make final decisions in the event of a crisis

  • Establishing a dependable communication line between employees and partners to ensure every party’s responsibilities are understood

  • Documenting all operations to establish a universal platform for employees to access and reference

  • Adapting contingency plans according to updates

  • Creating backup contingency plans in the event of multiple crises

Continuous Risk Monitor

Management must have visibility and monitor operations to ensure it’s long-term effectiveness once the supply chain strategy has been implemented. Business will often forget this final step, which leaves errors and discrepancies unnoticed.

Businesses can detect and immediately respond to potential threats by carefully tracking each step of the supply chain. By using advanced software, these processes are automated to generate and update reports or insights.

Model Data and Define Risks Scenarios

Businesses can forecast potential risks by equipping the supply chain with predictive analytics and data modeling. Big data allows the software to pull internal and external information on each process to model different scenarios and suggest ways for the company to respond. This allows management to develop one or multiple contingency plans in advance to anticipate the worst-case scenario.

Managing Known Risks

Known risks to supply chains can be measured and anticipated with access to historical and real-time data. Known risks are related to internal operations, in which the business can control.

For example, the risk of a supplier losing funding can be assessed and managed by evaluating historical and current financial stability to project the likelihood of bankruptcy. The steps that companies can follow to structure a known supply chain risk management strategy including:

Identify and Report Risks

First, management must identify and define any risks that are present at each level of the supply chain. This identification should include each participant from the suppliers to the carriers. The threats are then documented for future reference.

Develop a Supply Chain Risk Management Program

Outlined risks should be ranked according to three different factors:

  • Impact on the organization

  • Likelihood of occurrence

  • Company’s preparedness

Based on these factors, supply chain management scores each risk and sets a tolerance threshold that represents the business’s ability to handle each hazard.


Once the supply chain risk risk management plan is complete, employees should closely monitor processes that pinpoint risks and assess their damage. Successful tracking will allow staff to respond and reconcile any issues that may have been caused by the threat. This allows the supply chain to continue to operate.

Perform Regular Assessments and Reviews

Businesses should develop a governance procedure. With this procedure, managers can assess the risks that are reported to determine better ways to identify and anticipate them.

An additional board of experts can help managers adapt their supply chain risk management plans by using metrics that improve response time. As a result, the level of damage can be reduced. Businesses can efficiently counteract evolving threats by continuously updating strategies.

Preparing for Unknown Risks

Beyond known risks, there is another category of unknown risks that are, by definition, impossible to predict. Unknown risks cannot be addressed with the frameworks used to manage known risks. The only ways to mitigate unknown risks is to develop a work environment that 1) builds robust defensive systems into its operations and 2) fosters a risk-aware company culture.

Building Defensive Systems

A strong, multi-layered defense will assist in quickly identifying and mitigating emerging unknown risks before they can affect the operations. Companies often invest in the following areas as part of their defense against unknowns risks:

  • Design quality

  • Strict control of configuration

  • Oversight of maintenance strategies

  • Risk-informed decision making

  • Clear performance standards


Implementing risk-awareness programs in work environments will assist companies in becoming more resilient to unknown risks. There should be more than just one group of staff that identify and prepare risks. Businesses should hold training sessions for employees that teach them how to define and anticipate risks in the workplace.

A risk-aware culture helps businesses establish and maintain strong layers of defense against unknown risks. It also helps respond more quickly when an unknown risk surfaces and threatens an operation. Here are some qualities demonstrated by risk-aware organizations:

  • Acknowledgement

    Employees and management should feel empowered to pass on bad news and lessons learned by mistakes. Openness fosters an environment where it is okay to voice issues of concern. It is critical for an organization to not get discouraged or point fingers when a risk occurs. They must work harmoniously towards a rapid resolution.

  • Transparency

    Leaders need to clarify and communicate risk tolerance for an organization. Risk mitigation has an associated incremental cost, so it is critical to align which risks should be mitigated and which are created by the organization. Business culture should allow for warning signs in the event of an internal or external risk to be openly shared.

  • Responsiveness

    Employees should be empowered to react rapidly to perceived external changes. Creating an ownership environment where members feel responsible for outcomes of actions and decisions can enable effective responsiveness.

  • Respect

    The risk appetites of employees should be aligned with an organization so individuals or groups do not take risks that harm the organization or themselves.


Supply chain risk assessment is essential for businesses to minimize their exposure and vulnerability to risk and ensure their processes are able to continue through interruptions.

Stephen Gould understands how critical it is for modern businesses to assess both known and unknown supply chain risks. Our team has developed custom supply chain risk assessment strategies for businesses at all stages, from start-ups to established multinational leaders. We can evaluate existing supply chains and build new, robust supply chains from scratch that will help your business keep moving no matter what challenges arise.

We offer full end-to-end supply chain solutions, including ISO-certified facilities, and quality management and control systems that ensure your products meet the highest standards of excellence. No matter what the future holds, we are dedicated to strengthening your people and supply chain partners so you’re prepared for anything.

Contact us today to learn more about our supply chain risk assessment services.