A company must assess its risk exposure and establish acceptable risk limits to effectively manage risk. The initial step involves creating a policy document outlining the company's Code of Conduct. This document expresses the ethical and operational standards expected of all stakeholders, including suppliers and sub-suppliers, who are encouraged to adhere to these guidelines. Following the establishment of the Code of Conduct, the company proceeds to outline acceptable risk parameters. This involves identifying the various types of risks present within the supply chain and evaluating the potential consequences associated with each risk event. Once the consequences are defined, the company assesses the probability of these events occurring. In summary, the company's risk management process begins with the formulation of a comprehensive Code of Conduct, followed by the expression and verification of these standards among suppliers and sub-suppliers. Subsequently, the company defines acceptable risk by assessing the types, consequences, and probabilities of risk events within the supply chain.
After establishing acceptable risk parameters, the company proceeds to assess its risk exposure. This is achieved by distributing a sustainability survey to suppliers, which results in the allocation of a sustainability score across categories such as human rights, labour, environment, and corruption. Once suppliers and sub-suppliers complete the survey, the ESG Manager can evaluate the overall risk of non-compliance with ethical business practices within the supply chain. Additionally, the impact of each supplier needs to be scored. Users should have the capability to sort suppliers based on their impact and score, including both overall scores and scores within different categories. This sorting functionality allows for efficient evaluation and management of suppliers based on their ethical conduct and impact on the business.
Following the sustainability survey's completion, the ESG manager analyzes the results. This analysis, coupled with additional information, provides insights for identifying risks that require the company's attention. These risks are thoroughly described and then plotted into a risk matrix. Furthermore, each identified risk is assigned a risk owner, who is responsible for managing and mitigating the associated risks. This structured approach enables the company to proactively address potential threats to its ethical and sustainable practices.
After defining the risks, it is essential to develop an action plan to mitigate them effectively. This plan outlines specific steps to address each identified risk and reduce its impact on the company's operations. Subsequently, both the risks and the corresponding action plan require ongoing monitoring and updates to ensure their effectiveness. To facilitate this process, users should have the capability to save multiple versions of the risk matrix and mitigation plan. This allows for tracking changes over time and maintaining historical records of risk management efforts. Additionally, the ability to report on progress throughout the year ensures transparency and accountability in managing risks and implementing mitigation strategies. By establishing this systematic approach, the company can proactively address risks and safeguard its ethical and sustainable practices.
When the planning period ends, the risks are analyzed again. The question to ask here is “has the risk changed during the past year and have the mitigating actions reduced the risk?” Once that is done, the risk matrix must be updated with the mitigation plan. It is important to be able to prove that actions have been taken and that the company has a continuous process for working with these issues during the year.
The ESG manager is responsible for annual reporting on supply chain risk assessment. This involves assessing the effectiveness of actions taken to mitigate risks. The process includes analyzing outcomes, evaluating impact, and ensuring alignment with organizational objectives. The report highlights key findings and recommendations for future risk management efforts.
Get in contact with a member of our team.
