What is SCRM? Supply Chain Risk Management is “the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.” Supply Chain Management is an essential part of vendor governance, and involves the entire life cycle from procuring the raw materials required for a product until it reaches the consumer. Supply chain management consists of identifying the vendors involved in producing a finished product and the risk these vendors pose to the entire chain. While sourcing, contract management, and supplier management are some of the critical elements of SCM, in this article, I will focus on vendor risk management. A supplier’s risk to the supply chain cannot be conducted in isolation but needs to be conducted along with cyber risk, financial, reputational, legal, risks. For example, a supplier with weak cyber operational controls will pose a significant risk for the entire chain. Supplier management needs to be meticulous, thorough, data-driven, and also include a list of back up suppliers to minimize the impact in the event of a disruption. Today, almost all organizations rely on hundreds if not thousands of suppliers across all areas to function. In many cases, the overwhelming volume of suppliers and the massive load of data associated with them, are some of the reasons for organizations to defer looking into starting the process of supplier management. At ComplyScore, as a vendor risk management company, we have helped multiple companies reduce their supplier risk by implementing industry best practices. I have listed a few of them below.
2. Inherent Risk on each supplier– First, assess the “impact” of the vendor across multiple areas. These areas are: a. Financial Impact What will be the monetary impact on your business if the supplier is unable to deliver due to any reason? E.g., Bankruptcy? b. Operations impact Will a delay/disruption from a particular vendor affect your production directly and indirectly? c. Legal Impact Will, there be a legal impact, and how much will it be a lawsuit if the supplier does not comply with regulations? d. Information Security impact Does business with a particular supplier put your security posture at risk? e. Reputation impact Will, the goodwill and reputation of your organization, be impacted by doing business with the supplier f. Assess the sensitivity of the supplier‘s failures across internal & external factors:
3. Putting it together –
a. Monitor the supplier‘s metrics
b. Monitor the external factors
This blog was originally posted on https://complyscore.com/blog/supply-chain-risk-management/
0 Comments
Leave a Reply. |
AboutComplyScore is a suite of GRC, Information Security and Vendor Governance solutions that help organizations stay compliant and keep their information systems secure. ComplyScore's robust, web-based solutions integrate governance, risk and compliance management across Core Business Areas, Vendor Management as well as Information Security. ComplyScore's web-based solutions integrate risk, compliance, and audit in a unique way that eliminates redundancies and streamlines the process of managing compliance and risk. |