Managing known and unknown risks in the supply chain

How to manage known and unknown risks in supply chain management.

Supply chain is the backbone of large and global businesses. It is why vulnerabilities down the supply chain can be costly. Over the last decade, supply chain vulnerabilities have cost large corporations in various industries billions of dollars. From pharmaceutical to electronics and automotives, companies have supply chain networks spanning several countries around the globe. Large corporations therefore, invest heavily in their supply chains. Their role is central to maintaining the profitability of the company. Organizations are also investing in technology to manage their suppliers and supply chain risks. Complexity of supply chains has also grown in the 21st century. Globalization has brought higher complexity and risks. There is an increased need to invest in modern technologies including digital technology and AI for supply chain efficiency.  However, while technology helps at managing specific risks, it cannot help manage all of them. Many of them just require the managers and risk management teams to remain on high alert.

There are both known and unknown risks in the supply chain. Known risks can be identified and managed easily over time. You can determine their likelihood based upon specific factors. For example a supplier’s financial history can help you understand his capability, role in the supply chain and his chances of going bankrupt. Unknown risks on the other hand are difficult to identify and foresee. An example is a cybersecurity vulnerability buried deep in  the firmware of a critical electronic component. Even the most alert managers find it difficult to foresee and manage such risks. Companies therefore need to be able to respond to such risks faster in order to sustain their competitive advantage. This advantage can be obtained by creating a risk aware culture and building strong layers of defense.

Managing known risks:

Identify and document risks:-

The first critical step in the process of risk identification is mapping out the value chain of all the major products. For this purpose, ach node of the supply chain from the supplier to the warehouses and logistics is assessed in detail. The risks are entered in a risk register and tracked regularly. There may be parts of the supply chain where no data exists. They too should be recorded so that further investigation can be carried out.

Build a risk management framework:-

Now, it is the time to score each of the risks that are recorded in the register on three important parameters. They are:- the likelihood of the risk, its impact on the organization and how prepared is the organization to deal with it. After each risk has been scored, the tolerance thresholds can be applied which reflect the company’s ability to deal with the specific risk or its risk appetite. It is critical to design and consistent methodology to be used for the assessment of all the risks. This also allows to aggregate and prioritize threats to identify the highest risk products and value chain nodes having the greatest potential of failure.

Monitor Risks:-

After having created a risk management framework, it is critical to monitor risks continuously. New digital tools have made it possible to monitor risks and track risk indicators even in the most complex supply chains. Successful risk monitoring systems are customized to the needs of an organization. Type of risk can vary from organization to organization. So, while manufacturing and quality issues may represent highest risk for one organization, for the other, hurricanes or other natural calamities can be the source of highest potential risk. Regardless of the characteristic of risk, organizations should have an early warning system in place to maximize chances of mitigating the threats or at least minimizing losses happening due to their occurrence.

Governance and ongoing review:-

The last step to managing known risks is to set up a strong governance mechanism which periodically reviews risks and outlines mitigating actions for improving the resilience and agility of supply chain. Such an extensive governance mechanism requires the formation of a cross functional risk management board with participants from each node of the value chain. Generally, these boards include line managers form each involved function. Risk management experts who are the part of a central risk management function can offer the risk management board additional support and guidance related to identification and mitigation of risks. An effective board holds meetings regularly to review the top supply chain risks and decide the mitigating actions. In several organizations the risk board is also responsible for making suggestions regarding improving the agility and resiliency of the organizations ranging from  supply chain reconfiguration to reducing lead times and optimizing operations in more ways. For most organizations increasing supply chain agility is a great way to remain prepared for a wide range of risks.

How to manage unknown risks.

Unknown risks are difficult or even impossible to predict. It is why incorporating them into the risk management framework like the known risks is not possible. So, the mitigation of unknown risks requires the creation of risk aware cultures and strong defenses.

Build strong defenses

Strong defense affect the identification and mitigation of unknown risks before they can affect the operations. Some of the common layers of defense that  organizations frequently use to defend against unknown risks are as follows:

  • Design quality
  • Strict control of configuration
  • Oversight of maintenance strategies.
  • Risk informed decision making.
  • Set clear standards of performance.

Creating a risk aware culture:

Establishing and maintaining strong layers of defense becomes easier with a risk aware culture. It also helps organizations respond faster when a risk comes to the surface or poses a threat to the operations.

Acknowledging the risks:

It is important that the employees are empowered enough to pass on any bad news. There must be an openness in the environment so that people can voice and deal with issues. In case of occurrence of any risks, organizations should not get discouraged but instead teams must work together to harmoniously achieve a rapid resolution.


Transparency is also important to deal with the unknown risks. Leaders should communicate the risk tolerance of the organization clearly. Moreover, common agreement on which risks can be tolerated and which need to be mitigated. The organization culture should also allow for risks both internal and external to be shared openly.


Organizations must empower their employees. This is important in order to ensure that the employees can perceive external change and respond to them. Leaders should create an environment where the employees feel for the outcome of their actions and decisions.