Expert Insight: Guest Contribution
By Mitul Shah
Date: July 27, 2009

Keeping Risk at Bay with SCRM


Six Essential Steps to Carry Out an Effective and Holistic SCRM Program

Today’s supply chains are so intricately interwoven into a vast network that the shock waves of a seismic event like a recession are felt across the globe. Such cascading interdependence has brought to the fore the importance of Supply Chain Risk Management (SCRM) as never before. Organizations need to take proactive steps to mitigate both traditional and non-traditional risks and safeguard their supply chains.

In my opinion, SCRM processes already exist in supply chain operations, e.g., product quality checks, keeping buffer inventories, use of derivatives in procuring commodity raw materials, etc. However, since these processes are executed without embracing SCRM in a wholesome manner, they lack the maturity to mitigate all potential supply chain risks, especially the unpredictable ones. Worldwide operations increase vulnerability to worldwide risks – geopolitical, natural, and man-made – that can fundamentally challenge the organization’s strategic direction. Unfortunately, day-to-day supply chain processes are incapable of withstanding the impact of such unanticipated events. Therefore, there is a need to reassess exposure and uniformly carry out risk management across all products, markets and operations with a consistent view of the organization’s risk appetite. This is essential to build a resilient supply chain that can help the organization control risk, optimize opportunities, and maximize profitability.

The Supply Chain Council defines SCRM as the systematic identification, assessment, and quantification of potential supply chain disruptions with the objective to control exposure to risk or reduce its negative impact on supply chain performance. Potential disruptions can either occur within the supply chain (e.g., insufficient quality, unreliable suppliers, machine breakdown, uncertain demand, etc.) or outside the supply chain (e.g., flooding, terrorism, labor strikes, natural disasters, large variability in demand, etc.)

To manage these perils, organizations must develop continuous strategies to control, mitigate, reduce, or eliminate risk. In this series, we will discuss the 6 essential steps described in SCOR 9.0 to carry out an effective and holistic SCRM program. The six steps are:

  • Build: Who is the sponsor?
  • Discover: What will the program cover?
  • Analyze: What is the organization’s risk tolerance?
  • Assess: Where and how big are the potential risks?
  • Mitigate: How will the risk be eliminated or mitigated?
  • Sustain: How can SCRM be integrated into day-to-day operations?

We will discuss Build and Discover phases in this post. The remaining four steps will be discussed in following posts.


Organizational support and executive sponsorship is vital for any transformation program to succeed. To ensure such backing, organizations must:

  • Build a core steering group for the SCRM program;
  • Establish key value deliveries for each of the stakeholders and stage gates;
  • Put together a steering team which has representations from the various supply chain functions;
  • Institute key success factors and criteria for measuring progress;
  • Lay down key dependencies on extended teams, budget, data requirements and interim targets; and
  • Identify the supply chain under focus.

Implementing an SCRM program is as much about changing the mindset of people as it is about state-of-the-art tools and processes. SCRM starts bringing a change in the mindset by introducing risk consideration as an important component in the decision-making process. Communication of the SCRM program within the organization and with key partners during the entire implementation is a key requirement.


Each organization has a different risk appetite. It is critical to establish clear supply chain priorities – whether the supply chain needs to be more reliable, or responsive, or cost efficient, etc. An organization must define the scope of the supply chain covered in the program. It is advisable to include Tier 1 suppliers and/or Tier 1 customers in this exercise.


For a successful SCRM program, an organization also needs to establish a base case of its current risk profile for the chosen supply chain and, based on the risk appetite, arrive at a desired risk profile. The risk profile will be primarily defined by the supply chain’s vulnerability, risk coverage, and organizational culture. Based on this profiling, a program charter must be prepared and shared with key stakeholders and steering committee members. The program must identify key technology enablers, if any, at this stage.

Agree or disgree with with our guest contributor's perspective? What would you add? Let us know your thoughts for publication in the SCDigest newsletter Feedback section, and on the website. Upon request, comments will be posted with the respondent's name or company withheld.

Send an Email
profile About the Author

Shah is a Senior Consultant with Retail, CPG & Logistics Practice at Infosys Consulting. He is a member of a core team which has put together Supply Chain Risk Management Framework in SCOR 9.0.

Mitul shares his thoughts on supply chain management at:


Shah Says:

Implementing an SCRM program is as much about changing the mindset of people as it is about state-of-the-art tools and processes.

What Do You Say?
Click Here to Send Us
Your Comments
profile Related Blogs
Demand Forecasting Maturity Curve

Supply Chain Transformation - The Need for Speed

"Will the Real Digital Twin Please Stand Up?"

INCOTERMS 2020: Is Your Organization Ready?

Is Your Supply Chain Transparent?

Streamlining the Movement of Goods in the EU

Blockchain: Surgere's New Supply Chain Tool

Surgere Creates Visibility Across the Supply Chain for Companies Like Honda

Dynamically Routing Your Fleet and For-Hire Capacity

Cargo Threats Need Closer Attention

<< Previous | Next >>

See all posts