Risk Management Throughout the Supply Chain

A wide range of business-critical risks face today’s automotive supplier.

October 11, 2023
QAD Automotive Industry

Typical risks include material shortages, catastrophic property losses from unforeseen events, supply chain interruptions, IT failures and more.

For tier-one suppliers, the lack of transparency and control among sub suppliers adds to their risk equations. Now and into the future, smart planning is imperative, especially as the globalization of automotive supply processes increases.

Some automotive OEMs are already requiring suppliers to create risk management procedures, contingency plans and strategies. Standards and guidelines likewise have added requirements: Materials Management Operations Guideline, Logistic Evaluation (MMOG/LE) addresses risk management and ISO/9001:2015 includes risk-based thinking as will the next revision ISO/TS16949.

This paper addresses the resources and tactics to put into place for an effective risk management strategy.

Supply Chain Risk

Let's list some of them:

  • Natural disasters
  • Geopolitical risks
  • Epidemics
  • Terrorist attacks
  • Labor disruptions
  • Raw material prices
  • Currency volatility
  • Material shortages
  • Shipping disruptions
  • Financial health of suppliers
  • Supplier performance
  • Quality issues

We can classify risks from Known to Unknown, and also from Controllable to Uncontrollable.

Automotive Supply Chain Risks

The automotive supply chain grows longer and more complex each year, with regional events having an impact on global production. From 2011’s tsunami in Japan and 2012’s fire at a German resin supplier to several years of severe Midwest U.S. snowstorms, natural and manmade disasters pose a serious threat to automotive production across the globe.

On a personal level, we protect our home and families by assessing the risk of fire or flood and then making decisions about insurance, smoke detectors, emergency contact numbers, and ensuring everyone knows how to escape. In business, organizations must do the same thing by assessing supply chain risk and creating associated contingency plans for events that have a high impact and probability of occurrence, which will potentially affect the OEM part quality or delivery.

From unknown and uncontrollable disasters to the more predictable and controllable interruptions, automotive manufacturers could face a range of potential disruptions as described by a study by Ford/MIT, shown in the graphic below.

Tier-Two - Tier-n Supply Chain Risk

The risk that causes most OEM executives to lose sleep is the lack of visibility beyond tier-one suppliers. This is a key area that many OEMs want tier-one suppliers to focus on during risk assessment.

Several of the risks noted above from the Ford-MIT research revolve around sub supplier risk management. It is critical for suppliers to understand their level of exposure to risk in the organization’s supply base and to prepare for it. This should include tracking the location of all suppliers, and assessing financial and operational viability (e.g., quality and delivery).

The ability to track all supplier locations is critical in the event of a disruption, such as a typhoon, snowstorm, or hurricane. It is important to know the location of the organization’s sub suppliers so that the organization can assess the safety of all suppliers and identify any risk.

Many automated solutions are available today to help suppliers be proactive and reduce risk in the area of operational visibility for both quality and delivery, such as portals that track corrective actions, forecast and scheduling information, and vendor ratings (quality and delivery performance). These portals allow organizations to be proactive in reducing risk by avoiding material shortages and shipping disruptions.

The Role of MMOG/LE Assessments and the Supply Chain

Materials Management Operations Guideline, Logistic Evaluation (MMOG/LE) is a guideline for assessing, improving and benchmarking materials management and logistics operations of suppliers. This assessment tool, created by the Automotive Industry Action Group (AIAG) and Odette in conjunction with the OEMs, suppliers, software vendors and consultants, helps manufacturers uncover critical areas where automation and systems can significantly increase plant efficiency, reduce supply chain risk and streamline processes. It serves as an assessment of delivery, just as ISO/TS-16949 relates to quality. Once suppliers complete the assessment, it scores them against best practices, with the goal of helping suppliers achieve Level A, world-class supplier status.

The MMOG/LE Full assessment consists of an Excel spreadsheet, containing six chapters and 197 criteria. OEMs or customers ask sub suppliers to go through all 197 criteria and indicate if they meet each one. Many OEMs and tier-one suppliers typically require the submission of an MMOG/LE assessment for all production suppliers. In the case of the OEMs, they also require it for aftersales/aftermarket suppliers. Following the initial assessment, OEMs generally require it on an annual basis. OEMs or customers may typically review
MMOG/LE assessments with their suppliers in the cases of new business, new product launches or poor delivery performance.

The MMOG/LE Basic assessment was introduced at version 4 and has 106 criteria. The Basic assessment was developed so that the lower tier suppliers can complete assessments and have a meaningful roadmap of continuous improvement opportunities and therefore help reduce risk among the lower tiers in the supply chain. With the introduction of the Basic assessment, the industry is seeing an increase in the adoption of MMOG/LE with tier-one suppliers for this purpose.


With the introduction of MMOG/LE Version 4, the assessment now requires organizations to have processes in place for managing risk to achieve the status of world-class supplier. Table below summarizes the requirements for Risk Assessment and Contingency Planning and the MMOG/LE criteria.


Risk Assessment Process

  • Define.
  • Prioritize.
  • Proactively reduce risk

Contingency Plans

  • Documented
  • Reviewed, tested,validated, and trained
  • Lessons learned, documented
  • Communicated to sub suppliers


The first section on risk management in the MMOG/LE looks at the risk assessment process and how the organization defines it.

The organization needs a process that outlines how the organization assesses and addresses risk within the supply chain. The plan should identify areas within the supply chain that could affect the ability to meet the customer’s requirements in the event of a deviation from the normal business processes. Examples include items such as EDI or systems failure, insufficient packaging, key equipment failure, sub supplier material shortages, and utility outages, to name a few. The plan should:

  • Address the step-by-step process for reviewing and defining risk
  • Name who is responsible for managing the process
  • Identify how often the process is reviewed and updated

Supply chain risk should include ALL departments within the organization, as each department has the ability to potentially impact or disrupt customer delivery. As an example, is the IT department involved in assessing potential EDI or planning system outages or cyber security threats?

Any number of events could potentially affect the organization. However, the organization should focus on prioritizing those risks that both have high impact on the customer’s business and a high likelihood of happening. As an example, if the facility is located in Detroit, Michigan in the U.S., there is a high probability and high impact of a snowstorm that could disrupt product transportation. However, the same facility has a low probability of a major earthquake causing disruption.

The organization needs to include in its process how it will proactively reduce risk with contingency planning. For example, if the organization has a financially troubled supplier, is the organization taking steps to:

  • Actively replace the supplier
  • Further develop the supplier
  • Alert the OEM (in cases where the supplier provides a unique capability)

Reviewing Sub Suppliers and Gauging Risk Appetite

Most OEMs require their suppliers to complete MMOG/LE on an annual basis. It serves as a good reminder for organizations to review risk at least once a year. Reviewing all risk on an annual basis is important because something that may not be a risk one year may quickly become a risk the next year. Or it might become an item an organization should review further. For example, in 2008 when the global economy crashed, many sub-tier suppliers went bankrupt. Some organizations in the automotive industry were caught off-guard. Today, more organizations are looking at the financial viability of all sub suppliers each year, reviewing risk management plans and noting any lessons learned.

Risk appetite is another consideration. It is defined as “the amount and type of risk that an organization is willing to take in order to meet strategic objectives.” An example in the automotive industry is sourcing to a low cost supplier versus looking at the broader consideration of total cost of ownership. It is important that organizations align the metrics of the purchasing department with those of the supply chain department when trying to reduce risk.

Contingency Plans

The MMOG/LE section on contingency plans looks at the process for developing a robust set of emergency procedures.

Once an organization assesses risks, it needs to review, document, test, and validate its risk and contingency plan. At a minimum, the contingency plan should include key internal/external contacts, containment actions, recovery steps to return to normal operations, and identification of key persons responsible for execution. Organizations should be sure to consider whether or not the plan is applicable to all shifts, to make the plan accessible both on- and off-site, and to confirm that the primary contact has spending limit authorization to purchase what is needed to resolve the outage.

Resources Available to Assist in Risk Management

Resources available to assist organizations in risk management and contingency planning include:

• Business Continuity Planning for the Automotive Supply Chain (M-12) from the Automotive Industry Action Group (AIAG). This guide aids automotive suppliers in the development of business continuity programs and can be adapted for small, medium and large organizations. It can also validate an existing business continuity program. It includes all elements of business continuity planning, such as emergency, communications, business resumption planning and IT disaster recovery.

• Process Failure Mode and Effects Analysis (PFMEA). PFMEA is a qualitative analysis that involves reviewing components, assemblies and subsystems to identify failure modes, causes and effects.
• Insurance organizations and consultants offer services and advice for managing risk exposure.

• Odette’s Supply Chain Risk Management Guidelines. These guidelines contain an explanation of the three key elements of supply chain risk management, including the identification and quantification of risk, the development of mitigation strategies and supply chain design to reduce risk. The guidelines also contain recommendations on the format and use of a Risk Categorization Matrix to classify and prioritize supply chain risk. The content helps those organizations that do not currently have a robust supply chain risk process, or have yet to implement such a process and are seeking a better understanding of the processes involved to identify a practical starting point.

QAD’s Role in Risk Management

QAD holds a leadership position in global automotive markets for parts manufacturers. The company offers tools to help reduce risk and provides MMOG/LE support, consultation, and resources to help suppliers implement the required business systems and prepare for internal reviews and customer MMOG/LE audits. QAD provides effective support to customers around the world. Whether in mature or emerging markets, organizations leverage QAD’s products and services to achieve preferred supplier status, reduce risk and improve performance as an Effective Enterprise.