Revision as of 18:59, 25 June 2017
The activities associated with discovery, recognizing and describing Risks that might affect your supply chain or its results. This may include documenting the supply chain network and associating risks at each node and/or process in the supply chain network and includes classifying the risk as internal or external.
A typical deliverable of this process is to create and classify new entries in the Risk Register or Risk Log and classify these entries.
Use Cases
- Classification is typically preceded by developing a Risk Breakdown Structure. A Risk Breakdown Structure provides a standardized structure to guide risk classification. Typical classes include:
- Strategic = Risks related to the effectiveness of the business strategy and its implementation; Organizational structures, Mergers & Acquisitions, Product strategy, Go-to-Market strategy, Supply Chain strategy, Intellectual Property strategy
- Economic = Risks related to external economic influences; Markets, Competition, Availability credit/funding, inflation, volatility of interest and exchange rates, and price volatility of base materials and energy
- Financial = Risks related to availability of financial instruments/funding, liquidity and cash flow, changes in tax law and practices, customer credit, accounting errors, and financial crimes
- Socio-economic = Risks related to corporate corruption, tax avoidance, political change, war and terrorism, conflict minerals, human rights, trade barriers, and reputation and brand-value
- Operational = Risks related to conducting day-to-day business; supplier performance, production capacity, production quality, logistics network congestion, logistics network capacity, product liability, natural disasters
- Compliance = Risks related to corporate governance, international, national, regional and local regulations, permits, recognition of intellectual property rights of others, employment law, workplace safety, and mandatory reporting
- Risk Register
Notes
OpenReference recommends adoption of ISO 31000 processes to build Supply Chain Risk Management governance processes, systems and behaviors. G3 provides the processes to describe an enterprise's SCRM processes. ISO 31000 is copyright ISO.
Compare to: ISO 31000:2009:5.4.2 Risk Identification.
Supply Chain Risk Management
Hierarchy
ID | Name | Level | x | G3 | Manage Supply Chain Risk | 2 | G3 |
G302 | Identify Risks | 3 | G302 |
Workflow
Note: Common inputs and outputs are listed in alphabetical order. Other inputs and outputs may be required to support varying use cases.Identify Risks Manage Supply Chain Risk 930200 3 Identify, Risk, Register, Log, Supply Chain, SCRM, Supply Chain, Governance Discovery, recognizing and describing risks that might affect your business or its results. This includes establishing entries in a risk register or log