Q – I have a solid Enterprise Risk Management Program so why do I need to have a Supply Chain Risk Management Program?
A – Enterprise Risk Management (ERM) provides the framework for understanding and defining risk at the strategic or governance level, building risk programs at the business or mission system level and defining a risk tolerance level at the program level. Supply Chain Risk Management (SCRM) uses the enterprise concepts and the defined risk tolerance levels to identify which critical systems and components need to flow through a secure supply chain. ERM provides the structure for governance level policies and procedures for the management of strategic, operational and tactical risk programs. This program provides the framework to better understand risks, vulnerabilities, and the tolerance level an organization is willing to accept over time. As the threats change and new vulnerabilities are identified, the ERM process evolves or morphs to better mitigate the threats.
SCRM follows a very similar path and uses the results of a viable, robust ERM program to provide the cornerstone for a prioritized secure supply chain. As with all programs, there are only a finite amount of resources that can be applied to securing a supply chain. These resources must be used to first identify those systems and their components that require further analysis across their supply chain. Once systems are selected and potential vendors are identified, Interos Solutions will conduct multi-layered vendor/component assessments to determine risk and vulnerabilities throughout the supply chain. As part of this process, Interos maps the supply chain and determines risk based activities that can create challenges for an organization. Where possible, Interos provides recommended mitigations designed to enhance the security of the supply chain.
So in short, a strong Enterprise Risk Management Program is a critical component of any Supply Chain Risk Management Program. It provides the foundation, structure and allows mission and program owners to identify the risk tolerance level they are willing to accept to secure product supply chains.