Evaluate Risk

Identify and evaluate key environmental, social and governance risks

Start by mapping out potential risks, such as potential human rights violations, potential environmental impacts, supplier reliability, transport logistics, political instability, and natural disasters. To compile a comprehensive risk list, engage relevant departments, including procurement, supply chain management, sustainability, legal, and compliance. Depending on the risk, engage suppliers, customers, and regulatory bodies for a more holistic view. Once compiled, assess each risk's severity and likelihood and your organisation's ability to mitigate it. For issues with potential for high risk, consider forming a dedicated group to investigate them further. Keep in mind that, risks are often evolving and can change suddenly.^{1, 2, 3}

EXAMPLE: Co-op Group’s high-risk area identification process

Co-op combines stakeholder input with public human rights data to identify labour rights risk hotspots in its supply chain.⁴

EXAMPLE: Mars recognises farmer livelihoods as a key business risk

The agri-food company Mars Inc. found that many rice, cocoa, and vanilla farmers at the base of its supply chain were giving up farming. Mars recognised this trend as a strategic business risk due to its impact on the quality and availability of essential raw material inputs. Further investigation helped the company identify poverty as the key factor driving farmers to seek better livelihoods in urban areas.⁵

EXAMPLE: Risk assessment tool for public procurement in Sweden

The Swedish organisation Adda designed a sustainable public procurement (SPP) risk assessment tool to identify sustainability risks, evaluate suppliers, and prioritise based on risk and performance. The adaptable tool offers proactive SPP solutions tailored to different product categories, as exemplified in a report on China's state-imposed labour risks in ICT supply chains.

EXAMPLE: Supplier due diligence at Schneider Electric

In response to the introduction of the Duty of Vigilance in France, Schneider Electric leveraged the Responsible Business Alliance methodology and organisational intel to identify suppliers with the highest human rights and environmental risks. Schneider Electric conducted on-site audits to determine non-compliance and collaborated to create action plans for correction where needed.⁶

Identify risk mitigation options for reducing impacts and managing uncertainty

After risk identification and assessment, begin to devise mitigation strategies. This could involve designing contingency plans for potential disruptions. These are known as bridging strategies; they focus on quick response and recovery after a disruption.^{7, 8} You can also employ buffering strategies to mitigate potential disruptions.⁹ For instance, you may consider diversifying your supplier base or bolstering your logistics infrastructure.^{10, 11, 12}

Another approach is to form partnerships with suppliers (and brands) for joint risk management and mitigation. Overall, it is essential to establish clear roles, timelines, and objectives for your risk management planning and regular communication with suppliers and other stakeholders. Make sure to also regularly review your risk management plan to keep it up-to-date and effective.

EXAMPLE: General Motors' risk-notification system

GM's supply chain risk-notification system combines its supplier mapping efforts with geographic risk data. In cases where disruptive events occur, GM can quickly identify and contact suppliers in the area that may be affected.¹³

EXAMPLE: Risk Mitigation in BMW Group's Supply Chain

BMW Group employs a three-phase approach to mitigate human rights risks in its supply chain and align with OECD guidelines.¹⁴ It integrates due diligence into procurement, standardises supplier assessments, and prioritises high-risk raw materials for detailed audits.