Skip to content

Where to begin with supply chain risk assessment

Assessing sustainability risks in your supply chain can seem like an overwhelming task. Split this into stages and use good quality data to identify issues and focus on the most serious for follow-up activities. 

No business wants to use factories that pollute local water supplies, or wants its products made by workers subject to poor working conditions. Yet in today’s complex and shifting supply chains, these problems can be all too real. These sustainability issues present not just reputational risks, but increasingly regulatory hazards and operational costs. For example, the US government blocks imports of products it considers produced by forced labour, while many corporate sustainability laws include fines.  

So how can companies identify the risks they face in complicated and extended supply chains? Visiting every supplier site is unrealistic, and third-party auditing is more effective when auditors know what issues they should look especially closely for.  

A structured approach to risk assessment for a supply chain helps procurement leaders to identify risks, prioritise the most serious ones and focus resources on reducing and preventing these. An intelligent risk assessment tool, such as Sedex’s Radar tool, enables initial analysis on a global scale using third-party data. It also incorporates supplier-specific data as this is added into our Platform.  

Overcoming global complexity 

The initial challenge is that sustainability risks come in many forms and vary from country to country and sector to sector. For example, an electronics factory in Thailand using migrant labour from Myanmar will have a very different risk profile to a chemical plant in Switzerland.  

A step-by-step approach looking at the various factors that drive risk — country, sector, types of workers, employment practices, manufacturing processes — enables a business to understand potential issues across thousands of supplier sites globally.  

Preparation: Assessing your supply chain risk management capabilities 

Supply chain sustainability risk management is a regular, “always-on” activity. Social and environmental risk levels are strongly influenced by global events evolving across weather, politics and economics.  

Make sure someone in your business has the time and skills to carry out regular risk assessment and to review the analysis as things change in your supply chain. 

The key stages of supply chain risk assessment 

Stage 1: Mapping your supply chain 

The first step is to build a picture of where suppliers are located and what they do — a supply chain map. This should be by tier of supplier (starting with your direct suppliers, then the businesses supplying them) and where they operate. Include outsourced contractors and labour providers, as these can be sources of high-risk issues.  

While this map should be as comprehensive as possible, you can start looking at the risks present before you have a complete, end-to-end picture. Supplier information can be stored on a single data platform, like the Sedex Platform, to continue adding to.  

Stage 2: Recognising high-level risk factors  

Next, look at contextual or high-level factors that contribute to risk levels in certain countries or sectors.  

At a country level, risk factors may include poor legal systems, endemic discrimination against certain groups and high levels of poverty or corruption. There may also be regional factors such as security issues or proximity to migration corridors. Within different sectors, risks may relate to how land or resources are used, worker characteristics (e.g. seasonal migrants, mostly women) or levels of danger.  

Information on these risk drivers is available from a range of sources, such as UN agencies, governments or specialist research agencies. Our Radar tool brings together many of these data sources to provide contextual country and sector risk scores.  

Stage 3: Understanding specific suppliers’ risk profiles  

The next step is to drill down and understand more about each supplier’s specific risk profile.  

For example, a supplier may be considered high-risk due to contextual risk factors that indicate vulnerable migrant workers in its particular country and sector. But in practice, this supplier may not employ migrant workers — or it may have robust processes for recruiting and supporting migrant workers.  

So, it’s important to understand more about each supplier’s workforce, production patterns, worksite location and employment practices. You can also ask about suppliers’ risk management practices — how do they address the issues that are high-risk in their sector and region? 

Information on the supplier’s situation is available from multiple sources. These might include previous audits, data provided by the supplier (e.g. through a self-assessment questionnaire), direct feedback from workers or feedback from colleagues who have visited the supplier.  

Stage 4: Prioritising risks  

No company has unlimited resources. Prioritising risks is important for identifying the most serious potential impacts on people, communities and environments, and for using resources effectively.  

The above steps will likely produce a long list of potentially problematic issues and suppliers. It’s vital to narrow your focus to the most serious ones and tackle these first – an approach known as “risk-based prioritisation”. 

The UN Guiding Principles on Business and Human Rights (UNGPs) suggest that prioritisation should be based on ‘saliency’ – a concept that ranks risks according to their seriousness. This involves thinking about risks in ways such as:  

  • How grave or serious impacts would be on communities or individuals. 
  • How widespread impacts would be (or how many people would be affected). 
  • How hard it would be to put right, or whether the impact can be reversed. 
  • How likely is it that the issue may occur.  

Sedex’s Radar tool produces scores across country, sector and risk type. These can be used to create a ranking of risks that may be sufficient as a basis for determining priority. This can be a resource-efficient way to carry out an analysis of supply chain sustainability risks.  

Next: Addressing these risks 

Risk assessment is an important activity, but it isn’t an end in itself. The purpose is to spot issues and take action to address them – to reduce likelihood, prevent negative impacts and protect business in doing so.  

The benefits of this risk awareness, and the activities to maintain it, include: 

  • Increased visibility across a supply chain and the operations within it. This enables more informed decision-making about what a company might want to change, and what the “ripple effects” might be. 
  • Improved operational resilience by being better-prepared for upcoming disruption – such as regional events or supply chain shocks that can affect a business. 
  • Readiness to comply with new laws that are being introduced around the world on sustainable business practices. These laws typically require companies to actively manage the sustainability risks in both their own operations and in their supply chains – and some allow companies to be fined for failing to do this. 

Looking at the “root causes” of risks and issues provides valuable insights on how to address them. Some of these causes may be within a company’s power to fix. Others may require a joint approach based on collaboration with other brands, governments, suppliers and affected communities.  

See how Sedex can support you with supply chain risk assessment.