A supply chain covers all organizations and activities related to the flow and transformation of goods, from the raw material stage to the final consumer, with the associated financial and information flow. All companies belong to at least one supply chain, and therefore do not exist in isolation, but interconnected with other operations.
Factors such as globalization, increased outsourcing and the growing demand for higher quality products and better service levels, have made supply chains increasingly complex, and with increasing complexity, the vulnerability and risks of break.
Agile and resilient supply chains represent an important competitive advantage, and in order to achieve such resilience, managing risks is a fundamental part.
The risk management consists of the planning, identification, quantitative and qualitative analysis, reaction planning and monitoring and control processes.
1. Planning of the risk management: Process of preparing the plan of the supply chain risk management, which, among other information, will contain the approach to be used, the roles and responsibilities, the risk categories and the definition of probability and impact.
2. Identify the risks: Determination of the key dangers that can have some effects on the chain and what the potential responses are. To collect the information, techniques like Delphi, brainstorming, interviews and root cause analysis is very useful. The risks of supply chain can be classified into three categories: internal to the company (processes and control); external to the company, but internal to the chain (supply and demand); and external to the chain (socio-political events, natural disasters, etc.). As examples, in the transport sector, cargo theft, and the lack of available carriers, especially in periods of peak demand.
3. Conduct risk analysis qualitatively: Process for prioritizing risks in line with a qualitative assessment of their likelihood of happening and impact. A tool widely used for this purpose is the likelihood and impact measures.
4. Carry out a quantitative analysis of risks: For a risk that justifies such an analysis, its effects on the chain are numerically estimated, with the aim of supporting decision-making. Among the most used techniques are the analysis of the expected monetary value, simulation and modeling and sensitivity analysis.
5. Plan for risk responses: In this process, we seek to develop alternatives that allow us to increase positive risks (opportunities) and minimize negative risks (threats). The possible strategies for negative risks are to eliminate, transfer and mitigate. The positive risks must be explored, shared or improved. Accepting is another possible strategy, both for threats and for opportunities.
6. Monitor and control risks: It’s the process of monitoring identified risks, if necessary, implementing planned responses, monitoring residual risks, identifying new risks and evaluating the efficacy of risk management.
Regarding how companies effectively deal with risk management, a research shows that, in 2019, almost 60% of the companies had a formalized risk management policy, of these companies, approximately one third had implemented it less than a year ago. Among companies that did not have a formalized policy, more than 60% had plans to implement it, which demonstrates the growing interest of organizations in data science company services.