Mitigate

This phase aims at selection of the right methods for Supply Chain Risk Mitigation. The choice of method is important since each item on the risk profile may require a unique mitigation effort. However, we can use some thumb rules in categorizing risks to select the correct mitigation strategy. This is aptly explained by COSO’s Risk Quadrant as illustrated below.

Designing a Mitigation strategy requires organizations to create large-risk data on events and probabilities. Categorization of risk events on the Probability – Impact quadrant and an organization’s risk tolerance are the key specifics in designing mitigation plans. 

• Typically, organizations recognize and accept the risk of events with low impact and low probability.
• High-impact, low-probability risk events such as natural disasters and terrorist attacks can be insured. Their risk is shared with an external entity by paying a limited premium. Commodity derivatives can be another form of risk-sharing strategy. Low-impact, high-probability risk events are the most deceptive and are difficult to identify; hence, they mandate proper mitigation strategies. Such events occur everywhere in the supply chain, but are mostly ignored due to their initial low-impact nature. For example, manufacturing equipment often suffers from wear and tear. The cumulative impact of this wearing down leads to equipment failure, thereby creating a high-impact event. With such events escalating from low risk to high risk, the organization must institute a proper control mechanism to mitigate the risk.
• High-impact, high-probability risk events demand the highest attention and focus.  Mitigation strategies like risk share, insure, transfer, buffer are adopted in combination with control mechanisms. The varying cost of a mitigation program is explained in the figure below. Organizations must strive to achieve the optimal balance between the mitigated cost of disruptions and cost of such mitigation.

                  Source: Supply Chain Risk Management in six steps, Husdal, http://www.husdal.com, 2009.

Sustain

It is essential that an organization’s mitigation effort is thoroughly documented and the mitigation team is well trained. The mitigation plans and emergency drills needs to be validated frequently. Time and again, these plans need to be revisited and upgraded. Continuous monitoring is essential and all supply chain risk event data needs to be carefully observed to identify any deviation. Organizations like Cisco have designed best practices in collecting large amounts of risk data and continuous monitoring.

Some of the other best practices in sustaining risk management programs include:

• Designing alternative supply sources and storage points;
• Performing active monitoring of suppliers’ financial health and labor relations;
• Adhering to supply chain security standards provided by ISO 28000; and
• Ensuring supply chain data security and sharing information with key supply chain partners.

Finally, Supply Chain Risk Management is as much about people as it is about processes and technology. “Risk Conscious” organizations will have this approach embedded in their DNA. It’s exactly 150 years since Charles Darwin published the theory of evolution, and he would have been proud to see that his theory applies to organizational evolution as well. It’s survival of the fittest here too!!

Agree or disgree with with our guest contributor's perspective? What would you add? Let us know your thoughts for publication in the SCDigest newsletter Feedback section, and on the website. Upon request, comments will be posted with the respondent's name or company withheld.