Business Continuity Management and Supply Chain Risk Management and its Interdependency in Praxis

Nov 12, 2014    Eberhard Raue


It is reality that BCM (=disaster recovery) and SCRM are typically established as separate practices. The existence of either one doesn’t necessarily require the existence of the other one.

  • Nevertheless is either one missing, the Enterprise Risk Management is incomplete!

Statement of Interdependency between BCM and SCRM

Under the umbrella of ERM:

  • The SCRM deals with detection, analysis, scoring and mitigation of risks in the supply chain processes.
  • The BCM deals with the recovery of the risk affected supply chain processes.
  • In order to provide a profound solution for both components as parts of an integer ERM strategy an interdisciplinary cooperation between the responsible people in the parties of BCM, SCRM, SCM and ERM is a prerequisite.

Following the statement the ideal strategy and structure becomes obvious. The entire Risk Management activities in an organization should become a “Central Management Institution” (CMI), headed by a Manager who reports directly to the board or might be part of the board. Positions as Chief Risk Manager, Chief Risk- and Performance Manager, Chief Enterprise Risk Manager come to mind.

In consequence all Risk Management and Risk Management related activities, e.g. BCM, Quality Management etc. become part of the CMI.

Risk Management in its pure sense has become significant in any organization of any size and in any industry. Admittedly the importance of Risk Management might vary in the various industrial sectors and in its correlation to the size of an organization.

Risk Management in its pure sense has also become significant in all Business- or functional Units of an organization, e.g. in Procurement, HR, IT, Research and Development, Production, Marketing & Sales etc.. Regarding to its importance Risk Management became quite equally valid for any of those Units.

Since our focus is on Supply Chain Risk Management a look at a typical supply chain and the experience of risk potential along a supply chain explains quite simple that in case of occurring risk events Business Continuity Management could be executed immediately. It becomes obvious:

  • Risk events in the supply chain impact all processes of an organization.  
  • The interdependency between SCRM and BCM proves itself.  
  • BCM is the logical and pragmatic complement to SCRM.


Fig1: Supply Chain Scenario

In such a supply chain process an alert should be send from the SCRM-System to the BCM-System at the earliest time possible in order to get the responsible people at the BCM-Team alerted and getting ready to act. This earliest moment is whenever a relevant risk event occurs and is captured from the SCRM-System and becomes visible on the Risk Radar (Monitor). From this early moment on the BCM-Team can use further information from the SCRM-System.

The team members of a BCM-Team have mandatory to be users of the SCRM-System!

Components of BCM

A solid BCM solution is based on best practices, a state of the art methodology and supported by state of the art software. A BCM solution includes the following components:

  1. Development of strategy and determination of responsibilities.
  2. Establishment of a central repository for all relevant business processes.
  3. Performance of a holistic Business Impact Analysis (considering each single process).
  4. Development of a business continuity and disaster recovery plan.
  5. Documentation, reporting, reviewing and communication.
  6. Establishment of workshops for resolving and recovery activities.
  7. Integration with ERM and SCRM.


Fig2: BCM Process Cycle

Components of SCRM

A solid SCRM solution is based on best practices, a state of the art methodology and supported by state of the art software. A SCRM solution includes the following components:

  1. Development of strategy and determination of responsibilities.
  2. Capture of structured and unstructured data from different sources, e.g. Internet, News Media of all kinds, Info Services about financial-, compliance-, sanction-, social responsibility etc. data.
  3. Research and analysis of captured data.
  4. Scoring the data related to risk tolerance / risk appetite.
  5. Alert mechanism sending alerts to assigned users.
  6. Reporting, documentation of analyzed results, reviewing and communication.
  7. Action planning and –management
  8. Simulation of scenarios
  9. Predictive analytics
  10. Integration with ERM and BCM


Fig3: SCRM Cycle

SCRM and BCM integrated

SCRM and BCM as an integrated process finally provide a significant complex in Enterprise Risk Management. The integration of SCRM and BCM completes the Risk Management from:

  • Detection of risk to
  • Validation of Risk to
  • Mitigation of risk to 
  • Recovery of processes in any organization


Fig4: Interaction BCM & SCRM Cycle

Read more about The interdependency of Supply Chain Risk Management and Business Continuity Management – Part 1

Sign up to receive updates from the riskmethods Blog

Related Posts: