The increasingly complex and often global nature of modern day supply chains exposes organisations to a range of risks. What generally used to be only a business continuity risk from possible supply chain interruptions, has evolved with the potential to raise safety, legal or reputational risks as well. This requires the procurement function to take a more direct role in organisational risk management than has traditionally been the case.
Examples of the broader range of risks to the organisation that can arise from the supply chain include:
- Failure to identify or manage unsafe product in the supply chain, with the potential for harm to your organisation’s workers or to your organisation’s customers.
- Regulatory non-compliance of foreign content in the supply chain, potentially resulting in legal penalties and/or reputational damage.
- Failure to identify poor supplier practice in supplier labour or environmental / sustainability management, potentially resulting in legal penalties and/or reputational damage.
- Regulatory non-compliance due to poor management of subcontractor obligations.
- Business continuity risk from an interruption to the flow of product (e.g. raw materials or parts) in the supply chain or from an inability to control supply due to sub-contracting in the supply chain.
- Chain of Responsibility (CoR) requirements. Whilst drivers have traditionally been the focus of road laws, it is now recognised that breaches are often caused by the actions of others. Complying with transport law is a now a shared responsibility and all parties in the road transport supply chain are responsible for preventing breaches. This approach recognises that anybody who has control over the transport task can be held responsible for breaches of road laws and may be legally liable. CoR is similar to the legal concept of ‘duty of care’ that underpins Work Health and Safety law.
Supply chain risk assessments frequently focus primarily on a supplier’s financial performance and whether they have their own management systems in place, with the assumption that these questions will be sufficient to provide assurance regarding continuity of supply.
Such limited assessments would be unlikely to identify the reputational and regulatory risks that can arise from some of the above examples.
It is therefore recommended that organisations undertake their own risk assessment on the supply chain risks they might be exposed to, with the broad range of potential sources of risk in mind, and then seek more specific assurances from suppliers to manage the identified risks.
Please contact QRMC for assistance with supply chain risk assessments and Chain of Responsibility (CoR) requirements.