Supply-chain risk management (SCRM) is “the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity”.
In other words, SCRM is to apply risk management process tools, with partners in a supply chain or on your own, to deal with risks and uncertainties caused by, or affecting, logistics-related activities or resources in the supply chain.
SCRM attempts to reduce supply-chain vulnerability via a coordinated holistic approach, involving all supply-chain stakeholders, which identifies and analyzes the risk of failure points within the supply chain. Risks to the supply chain range from unpredictable natural threats to counterfeit products, and reach across quality, security, to resiliency and product integrity. Mitigation plans to manage these risks can involve logistics, cybersecurity, finance and risk management disciplines; the ultimate goal being to ensure supply chain continuity in the event of a scenario which otherwise would have interrupted normal business and so profitability.
Sometimes, it’s possible for supply chain logistics techniques such as supply-chain optimization to prejudice contingency planning which would otherwise reduce the overall risk level for that particular supply chain. It is also becoming more common among businesses especially manufacturers to employ a supplier quality management software, which integrates all phases of the supply-chain cycle. This approach is shown to increase transparency, reduce overhead costs, and improve operational efficiency.
Supply chain risk management typically involves four processes: identification, assessment, controlling, and monitoring of supply-chain risks. However, due to the complexity of many supply chains, these processes might not be sufficient to ensure that all eventualities are prepared for. Therefore, the concept of supply-chain risk management, which is cause-oriented, is often combined with the concept of supply-chain resilience, which aims to ensure that the supply chain can bounce back from risks irrespective of their cause. Supply chain resilience is therefore “The adaptive capability of the supply chain to prepare for unexpected events, respond to disruptions, and recover from them by maintaining continuity of operations at the desired level of connectedness and control over structure and function” 
Time to recover
An important metric originally introduced by Cisco and adopted by the SCRLC is called “time to recover” (TTR). TTR is the time it takes a company to restore 100% of operational output following a major supply-chain disruption. The determination of TTR assumes that the facility is essentially unusable due to a major event, and would need extensive repairs and reconstruction, as well as re-sourcing and re-qualifying of key equipment used in manufacturing and other operations.
Supply-chain risk is a function of likelihood of an event’s occurrence and its impact. Generally this is the most popular methodology for quantifying risk. The drawback of using this to compute supply-chain risk, is that it requires assessing likelihood or probability of many different event types for n number of supply-chain locations (which can be hundreds of thousands of locations). Thus, the range of different possibilities is very wide. This methodology is generally more appropriate for a smaller subset of site(s). Most companies look at measuring risk using risk scores. Many different metrics are available. For example, financial risk score, operational risk score, resiliency score (R Score), etc. are easily acquired, easily analyzed and can be used effectively and understood easily.
Managing risk proactively
A survey in 2011 conducted by BCI and Zurich for over 559 companies across 65 countries found that over 85% of companies had suffered at least one supply-chain disruption during the year. The respondents also noted that 40% of the reported disruptions originated in a sub-tier supplier and not their direct supplier.
Some options to engineer an acceptable risk level include:
- Managing stock
- Considering alternative sourcing arrangements
- Business interruption / contingency insurance
- Risk assessments and audits
- Awareness campaigns and training programs
- The use of business intelligence from big data analytics and continuous monitoring for predictive security measures vs. clean up
- Redundancy optimization
- ^ Andreas Wieland, Carl Marcus Wallenburg (2011): Supply-Chain-Management in stürmischen Zeiten. Berlin.
- ^Wieland, A., Wallenburg, C.M., 2012. Dealing with supply-chain risks: Linking risk management practices and strategies to performance. International Journal of Physical Distribution & Logistics Management, 42(10).
- ^Brindley, Clare (2004). Supply Chain Risk. England: Ashgate Publishing Ltd. p. 80. ISBN 0754639029.
- ^“Managing the Supply Chain with Quality Management Software”. Sparta Systems. Retrieved 27 July 2015.
- ^Wieland & Wallenburg (2012)
- ^Ponomarov, Serhiy Y.; Holcomb, Mary C. (2009). “Understanding the concept of supply chain resilience”. International Journal of Logistics Management. 20 (1): 124-143. doi:10.1108/09574090910954873.
- ^“SCRLC”. www.scrlc.com. Retrieved 2017-04-26.
- ^“Majority of companies suffered supply-chain disruption in 2011: Survey – Business Insurance”. Business Insurance. Retrieved 2017-04-26.
- ^Tang, Christopher S. (2006). “Robust strategies for mitigating supply chain disruptions”. International Journal of Logistics Research and Applications. 9 (1): 33–45.