The activities associated with defining the scope of the risk assessment or risk management program, and reviewing existing risk documentation and risk classification standards. This includes interviewing key stakeholders, obtaining/assessing/publishing documentation and classification standards and tools, and identifying sources of information.
A Risk Breakdown Structure is a recommended tool to classify risks. It provides a standardized structure to guide risk classification. Typical classes include:
- Strategic = Risks related to the effectiveness of the business strategy and its implementation; Organizational structures, Mergers & Acquisitions, Product strategy, Go-to-Market strategy, Supply Chain strategy, Intellectual Property strategy
- Economic = Risks related to external economic influences; Markets, Competition, Availability credit/funding, inflation, volatility of interest and exchange rates, and price volatility of base materials and energy
- Financial = Risks related to availability of financial instruments/funding, liquidity and cash flow, changes in tax law and practices, customer credit, accounting errors, and financial crimes
- Socio-economic = Risks related to corporate corruption, tax avoidance, political change, war and terrorism, conflict minerals, human rights, trade barriers, and reputation and brand-value
- Operational = Risks related to conducting day-to-day business; supplier performance, production capacity, production quality, logistics network congestion, logistics network capacity, product liability, natural disasters
- Compliance = Risks related to corporate governance, international, national, regional and local regulations, permits, recognition of intellectual property rights of others, employment law, workplace safety, and mandatory reporting
- Supplier risk assessment
- Merger, acquisition or divestiture risk management
- ERP implementation program risk management
- Terrorism and cyber crimes risk assessment
OpenReference recommends adoption of ISO 31000 processes to build Supply Chain Risk Management governance processes, systems and behaviors. G3 provides the processes to describe an enterprise's SCRM processes. ISO 31000 is copyright ISO.
Compare to: ISO 31000:2009:5.3 Establish the context.
|G3||Manage Supply Chain Risk||2||G3|
|RBS||Risk Breakdown Structure||RBS|
|SCO||Supply Chain Outline||SCO|
|SCRM||Supply Chain Risk Management||SCRM|
Note: Common inputs and outputs are listed in alphabetical order. Other inputs and outputs may be required to support varying use cases.