Supply Chain Risk Management in six steps

Supply management is not just about acquiring goods and services at the best possible price. It’s also about identifying possible disruptions to the supply chain and taking steps to mitigate them. So said James Kiser and George Cantrell in their 2006 article Six Steps to Managing Risk, where they discussed six steps that a company can take to build a plan for dealing with potential supply disruptions. While the article may be lacking in academic depth, it makes up for it in its hands-on managerial approach.

The starting point

According to Kiser and Cantrell, a good risk management strategy has several key components.

It must identify risks for the entire life cycle of every product or service the company provides. It must be able to predict the financial impact that a supply disruption can cause. It must offer strategies that can mitigate the effects of any disruption of supplies.  It must delve deeper into the supply chain than the first tier.

The key strategy is the holistic perspective and the focus on the actual impacts.

What are supply chain risks?

Modeled along the lines of Martin Christopher’s book chapter on Managing Risk in the Supply Chain, Kiser and Kitrell define  risks outside and inside the supply chain:

External risks can be driven by events either upstream or downstream in the supply chain:

  • Demand risks related to unpredictable or misunderstood customer or end-customer demand.
  • Supply risks related to any disturbances to the flow of product within your supply chain.
  • Environment risks that originate from shocks outside the supply chain.
  • Business risks related to factors such as suppliers’ financial or management stability.
  • Physical risks related to the condition of a supplier’s physical facilities.

Internal risks are driven by events within company control:

  • Manufacturing risks caused by disruptions of internal operations or processes.
  • Business risks caused by changes in key personnel, management, reporting structures, or business processes.
  • Planning and control risks caused by inadequate assessment and planning, and ineffective management.
  • Mitigation and contingency risks caused by not putting in place contingencies.

No suprises here, except for the last internal risk, which seems somewhat redundant, given the already mentioned planning and control risks. The same risk can also be found in the SCOR Risk Management Framework.

The six steps

Again, very similar to Martin Christopher, understanding and managing supply chain risks involves these steps:

  • Profiling the supplier base
  • Assessing the supply chain vulnerability
  • Evaluating implications
  • Identifying mitigation and contingency actions
  • Analyzing costs and benefits
  • Implementing actions and measures

In describing each step, the level of detail Kiser and Cantrell provide is anything from several long paragraphs to just a few short lines.

Step 1: Supplier base

This is an important task, particularly identifying what is essential for the company to be in control of, and what does not matter so much:

  • Identify each raw material
  • Identify strategic materials
  • Understand the strategic suppliers’ organization

Step 2: Vulnerability

For each of the risks listed, the company must identify what scenarios that are likely to happen, why they happen, and how the company is able or unable to cope with them.

Step 3 : Implications

This is one of the sections where the article falls short of mentioning anything substantially useful besides promoting the Monte Carlo simulation technique.

Step 4: Mitigation

This is where the company needs to set goals and targets and how to achieve them, e.g.:

Within 24 hours of a supply disruption of material X, purchase orders will be placed with the alternate supply source to assure there will be no disruption in the supply of X.

This is in fact very similar to business continuity planning and evaluating how soon the the company can get back to ‘business as usual’.

Step 5: Costs and benefits

Any cost in mitigation actions and measures brings with it the benefit of risk reductions and possible cost savings in case of a disruption. But how much, and is it really worth it?

The figure above, taken from one of my previous articles on this blog, is a good illustration of the relationship of cost-benefit and vulnerability versus reliability: The disruptions costs, and thus vulnerability, increase from right to left (solid line), the cost of countermeasures to overcome potential disruptions, and hence the assumed reliability, increase from left to right (dotted line). At point A, with no measures in place, the cost of disruptions is high, at point B, with (expensive) measures in place, the cost is low, but the benefit/cost ratio is negative. At point C the benefit/cost ratio is positive, but there is still room for improvement. Optimum is reached at point D. An example of how to actually calculate the costs and benefits can be found here: How to calculate the Value at Risk

Step 6: Measures and actions

The most important part of implementing supply chain risk management is the clarification of roles and responsibilities, including involving or partnering with the suppliers to in securing the supply chain, but not only that.

For risk management to be effective, it must be fully integrated into the company’s business processes. The process of identifying risks, analyzing them, and planning mitigation strategies must be documented and reported throughout the organization. To effectively evaluate risk strategy, management must balance the cost of mitigation with available resources and optimum cost management objectives. The risk management strategy should apply to everyone at all levels in the organization and focus on achieving the company’s business objectives.


The final paragraph is what strikes me most here, clearly acknowledging that supply chain risk management is more than just supply chain, it is the business itself. As with Ericsson versus Nokia in the classic case of how not to deal with supply chain disruptions,

A well-handled supply disruption
can turn into business continuity, while
an ill-handled supply disruption
can turn into business dis-continuity.

While the article may be lacking in academic depth, it makes up for it in its hands-on managerial approach. Some parts are (deliberately ?) cursory treated, while other parts are given with much detail. Nonetheless, it is an article that fully supplements the research literature on suply chain risk and risk management, e.g. Martin Christopher’s book chapter on Managing Risk in the Supply Chain.


Kiser, J., & Cantrell, G. (2006). Six Steps to Managing Risk. Supply Chain Management Review, 10(3), 12-17.

Author links

James Kiser and George Cantrell are working with ADR International,  a global consultancy specialising in procurement.

Related links

Related posts on this blog

Tags: , , , , ,
  • Pavan

    Hi Husdal,

    I was going through your amazing social library, the above topic says flow of materials is an external risk, in what perspective..?

    Is it not a core business process to make the product available to customers…?

    What if the distributor maintains everything like retail outlets as well..?

    • Jan Husdal

      Hi Pavan and thank you for your compliments.

      As to your question, as far as I am able to tell, article above uses the focal company perspective, looking at at ingoing and outgoing external flows. “Raw” materials in, “finished” products out.

      While you may be right in saying that it is “a core business process to make the product available to customers”, very few companies really own their distribution channels, but of course, if a manufacturer owns the entire supply chain, or if the distributor owns the retail outlets and the trucks distributing the goods, that could be viewed as an internal flow.

      That perspective is then perhaps more similar to the one seen in Jüttner et al.(2003), which has the organization, the network, and the environment as risk sources.

  • pavan

    Hi husdal,

    You are helping me out very much in all the ways, however I am gonna start my master’s dissertation. I am confused with the topic selection under supply chain risks.

    Basically, I want to find out how many types of risks are there and their appropriate strategies, I tried a lot searching for that but ended up with nothing.

    If you can please tell me any previous research done in this area with respect to my question then please do reply me. thanks

    • Jan Husdal

      Hi Pavan,

      Thank you for you comment and for your question. I wish I could help you, but frankly, there are about as many risks as there are supply chains.

      That said, I believe that you might find the SCOR supply chain risk management framework quite useful for your dissertation.


    It is learning for the student to see the slides and many information for the students.

    • Jan Husdal

      Dear Muhammad,

      Thank you for your comment. I’m glad that my site is of help to you. That is exactly what it is meant to be. Good luck with your research!

Online journals - curse or blessing?
A year ago or so I was perusing the Internet for scholarly or academic blogs, which I found, comment[...]
When your supplier goes bust...
...what do you do? Is so-called supplier default something you have even thought about? And what if [...]
Biting the hand that feeds. All firms are snakes.
'All firms are snakes'. So says Paul D. Cousins in A conceptual model for managing long-term inter-o[...]
Book Review: Supply Chain Risk
A comment on a a previous book review - Supply Chain Risk Managament by Donald Waters - prompted me [...]
Book review: Handbook of Transportation Engineering
Comprehensive and all-encompassing, the Handbook of Transportation Engineering by Myer Kutz (editor)[...]
Book Review: Supply Chain Risk
This book, Supply Chain Risk, is from 2004 and edited by Clare Brindley of the Manchester Metropolit[...]
A risky business? The top 10 challenges of offshoring
Organisations embarking on offshoring face multiple challenges; many of which can be extremely daunt[...]
Vulnerable or valuable supply chain?
More than a year old now, but still holding not so few words of wisdom is the Pricewaterhouse Cooper[...]
A Decade of Living Dangerously
Do you remember the movie The Year of Living Dangerously with Mel Gibson? Topically unrelated maybe,[...]