Supply Chain Risk Catalog

This is an old revision of the document!

Risk assessment

Effective risk management is crucial in today's uncertain economic environment, especially from the point of successful and continual business operations in a company. As every organization is part of one or more supply chains, a holistic approach to risk management throughout supply chains is crucial, because an occurring risk in a single company can have a serious effect on the whole supply chain.

There are some internationally recognized standards in the field, but no standard exists today for holistic supply chain risk management. We based our research and catalogue on ISO 28000 (Security in supply chains) and ISO 31000 (Risk management) families, but none of these specifies a successful risk identification and description model as a whole. Because of that, we constructed a model to be used in risk assessment in companies and supply chains that identifies risks and then additionally describes them by different dimensions.

ISO 31000 defines the risk assessment process as a combination of three phases - risk identification, risk analysis and risk evaluation.

Risk identification is a process where an organization identifies sources of risk, areas of impact, events and their causes and their potential consequences. Our risk catalog, as a list of identified risks, accomplishes the identification of events that carry risk. Other parameters of risks, such as sources and impact, are specific to each individual organization and are therefore not in the scope of this general risk catalog. These risk parametres have to be added to the catalog in each organization during risk identification, where this general risk catalog is used as a checklist for an easier and more efficient risk identification.

Risk analysis is the second step in risk assessment, where the risk catalog also represents a valuable resource for organizations. ISO 31000 defines the purpose of risk analysis as developing an understanding of the risk. In our model, risks are described by different dimensions which define their attributes and provide information about general risk properties. We also propose some organization specific dimensions of definig risks during risk analysis, which every organization has to define in the frame of its specific external and internal context.

Risk evaluation as the final step of risk assessment as defined in ISO 31000 is the process of deciding about which risks need treatment and the priority for treatment implementation. This step can not be generalized and is therefore not in the scope of this risk catalog, but is entirely dependant on specific organizations.

Link za download supplychainriskcatalog_orig.csv


Log In