Managing Risk in the Supply Chain
A supply chain risk is any risk where a failure in supply would result in an increased risk to
the community or staff, a significant disruption in Service provision, a large financial
impact or negative impact on publicity or the environment.
Risk assessments must be completed for all procurement initiatives and where the level of
risk is found to be medium or high (see step 2) appropriate action must be taken to
manage that risk.
Step 1 - Identify Medium or High Risk Supply Chains
A Risk Impact Assessment must be completed in order to identify and record any risks in
the supply chain. (Appendix 1). This assessment will form part of a register of those risks
to the Authority.
To help understand supply chain vulnerability and to complete the Risk Impact
Assessment the following should be considered:
Supply Chain Complexity (appendix 2) looks at the whole supply chain and
highlights areas such as inspection, movement, lead times, documentation,
consumption and disposal. Evaluation of each step can help identify the key risk
Supplier Analysis (appendix 3) looks at how we perceive the importance of the
goods/service supplied based on the level of value and risk and compares this to
how important we are to the supplier based on the profit made and scope to
develop the account. If we are not perceived as being important to our suppliers
this could lead to supply failure, late notification of problems or loss of credit terms.
Market Analysis (appendix 4) encourages you to look at how business can be
affected by what others are doing e.g. an increase of suppliers in the marketplace
increases our bargaining power or where there are a limited number of suppliers
they have the bargaining power. Alternatives and substitutes to the product/service
purchased can affect the service delivery provided by the suppler.
PEST Analysis (appendix 5) examines external factors which are outside our
control that could affect the contract.
Step 2 – Risk Estimation
Estimation of likelihood and impact should be undertaken by the risk owner, who will have
a full understanding of the supply chain, the risks and their potential outcomes. This
estimation should be undertaken using a set of pre-determined standard definitions, which
can be found in Appendix 6.
Step 3 – Risk Evaluation
Risk Evaluation is undertaken to make informed decisions as to the significance of the risk
and to determine what action is required. Current risk acceptance and tolerance levels set
by the Authority can be found in appendix 7.
West Midlands Fire Service/Page 1
Step 4 – Plan to Manage Risk
Once the risk has been identified as medium or high appropriate action is required to
minimise the likelihood or impact of the risk. Methods to be considered:
Risk Reduction: Additional measures e.g. stockholding, dual sourcing, monitor
contract closely etc.
Risk Avoidance: e.g. change supplier, strengthen contract clauses etc
Risk Acceptance: accepting level of risk.
Risk Transfer: e.g. managed service contract, additional contract clauses etc.
Risk Contingency: set up contingency contract, include liquidated damages clause
in contract, request a copy of the suppliers contingency plans etc
Step 5 – Monitor and Review Risk
Contracts which are considered medium or high risk should be monitored and reviewed on
a regular basis, until such time as the level of risk has been reduced to an acceptable
level or the contract has been concluded.
West Midlands Fire Service/Page 2
Activity New Contract Ref. No.
Action (including Additional Review
Risk Description Existing Controls Risk Evaluation
Controls and Control Owners) Date
Weather conditions mean supplier Increase stockholding.
Impact 3 Jul 08
can not deliver product resulting in None Source second supplier
shortage of equipment/commodity Control Owner: ***
Risk Rating M
Product causes injury to FS Conform to Suppliers Impact 4 Introduce acceptance testing.
personnel servicing schedule. Control Owner: ***
Risk Rating M
Order all equipment in year one or
None Impact 1 source alternative supplier. Apr 09
Supplier goes into liquidation
Control Owner: ***
resulting in inability to order Risk Rating L
Shortage of raw material results in Regularly review stock Impact 2 None
late deliveries levels. Control Owner: ***
Risk Rating L
Risk Owner Completed by Date NOTES:
Supplier goes into liquidation
Buying Dept Buyer 4/4/08
West Midlands Fire Service/Page 3
Supply Chain Mapping
Customer - WMFS
Returns to supplier. Lead time Risk - how are orders placed?
Ordering from overseas -
Delivery in delivery times due to variable exchange rate,
customs and excise. communication difficulties.
Manufacturer, often overseas
Problems with production and
Transport, packaging, inspection supply. how many third tier
Third tier suppliers - raw materials
West Midlands Fire Service/Page 4
WMFS PERCEPTION OF IMPORTANCE
High High-dependency items High value strategic
Small equipment Appliances
Specialist equipment Breathing Apparatus
Vehicles Spares PPE
Risk Appliance Bay Doors Energy
Routine items Important items
Consumables Premises Maint
Office equipment Cutting Equipment
Catering Travel & Accommodation
SUPPLIERS’ PERCEPTION OF IMPORTANCE
High Potential for Key strategic account
development - – allocate appropriate
nurture resources to nurture
of account Nuisance – Cash cow – maximise
service with profitability
Score to develop account
The above assess how important the supplier is to the buying organisation (model 1) and
how the supplier sees the buying organisation (model 2). Only by carrying out this
exercise can we ascertain the risk of the supplier being more important to us than we are
West Midlands Fire Service/Page 5
Analysis of Competition
New Market Entrants, e.g.:
entry ease barriers
new entrant strategy
routes to market
Supplier Power, e.g.:
Competitive Rivalry, e.g.: Buyer Power, e.g.:
geographical coverage number and size of firms buyer choice
product/service level industry size and trends buyers size/number
quality fixed -vs- variable cost change cost/frequency
relationships with bases product/service
customers product/service range importance
bidding processes/ differentiation, strategy volumes, JIT scheduling
Product and Technology
fashion and trends
West Midlands Fire Service/Page 6
PESTAL analysis for supply of PPE
POLITICAL Change in relationships between countries could have an effect on supply of goods
manufactured outside EU, change of government may affect cost of goods.
ECONOMIC Changes in EC directives, UK regulations and impact of international standards, Changes to
Tax affects budgets e.g. fuel.
SOCIAL Compliance with Ethical Trading Initiative, Diverse workforce means increase in amount of
employees who are vegan.
TECHNOLOGICAL Technologic development could change the way orders are placed and the contract managed.
Changes in technology leading to specification changes and reduction in spares.
ENVIRONMENTAL Sales of goods act, European directives, Contract clause in frameworks
LEGAL Disposal issues, bulk or direct deliveries, Extreme weather conditions
West Midlands Fire Service/Page 7
LIKELIHOOD/IMPACT RATING RISKS DESCRIPTORS
Rating LIKELIHOOD IMPACT Financial IMPACT Environmental IMPACT IMPACT IMPACT IMPACT IMPACT ICT/Systems
Reputation Service Delivery Physical Injury Legal
Significant >25% of local objectives not Event requiring external Failure or significant
Death of employee(s)
Very High >50% Major damage to an eco- adverse publicity delivered OR permanent legal advice or possibly disruption to mobilising
Unplanned costs in or third party arising
4 Likely to occur within system and/or long term across entire area impact on Service Delivery resulting in legal action and/or communications
excess of £150k from Fire Service
next 3 months environmental damage covered by to other Departments/ being taken against systems across
authority Commands organisation organisation
11 to 24% of local Serious (RIDDOR) Event managed at Service Failure or significant
Unplanned costs above Significant damage to Adverse publicity
High 25% to 50% objectives not delivered OR injuries to employees) level using formal disruption to office
£50k or outside the scope environment e.g. within part of area
3 Likely to occur within temporary impact on or third party arising procedures e.g. systems outside
of the Department discharge of pollutants covered by
3 to 12 months Service Delivery to other from Fire Service grievance/ complaints Department or
/Command budget into watercourse authority
Departments/ Commands activity procedures Command
No media Event managed at local
Unplanned costs above 5 to 10% of local objectives
Medium 10% to 24% Spillage or pollution within attention or Moderate injuries to level using formal
£10k or outside the scope not delivered or significant Failure or disruption to
2 Likely to occur within a contained area requiring adverse publicity third party as a result procedures e.g.
of the Department impact on core activity of critical local services
two years external clean up confined within of Fire Service activity grievance/ complaints
/Command budget Department/ Command
Unplanned costs below
Low <10% Unlikely attention or < 5% of local objectives not
£10k or those which fall Minor spillage or pollution Minor injury to Event managed at local
to occur within next adverse publicity delivered or minor impact Failure or disruption to
1 within the scope of the within a contained area employee not RIDDOR level through informal
two years or not confined within on core activity of non critical local services
Department/ Command dealt with by organisation reportable action
anticipated to occur Department/ Department/ Command
West Midlands Fire Service/Page 8
RISK ACCEPTANCE & TOLERANCE MATRIX
L L4 M M H H RISK RATING ACTION
K Immediate action required. Risk realisation likely. Existing
L3 L M M H High (H)
E control measures not effective. Initiate contingency plans.
L Consider further action. Risk realisation increasingly likely.
L2 V.L L M. M Medium (M)
I Existing control measures having limited impact.
H No action required. Risk within tolerance. Existing control
L1 V.L V.L L M Low (L)
O measures having impact but ongoing monitoring required.
O No action required. Risk under control. Existing control
D I1 I2 I3 I4 Very Low (V.L)
measures effective. Keep risk under review.
All risks should be assessed in terms of likelihood and impact using the appropriate risk descriptors. This assessment should take
account of existing control measures. The resulting RISK RATING should then be used to identify the required course of action.
West Midlands Fire Service/Page 9