The interdependency of Supply Chain Risk Management and Business Continuity Management

This blog series outlines the relationship between Supply Chain Risk Management (SCRM) and Business Continuity Management (BCM). In order to provide a transparent view it is necessary to bring BCM and SCRM in perspective to Enterprise Risk Management (ERM) and Supply Chain Management (SCM).

As of today many of the hereinafter described processes are represented by isolated standards. In consequence many solutions targeting the specific areas have been developed in silos.

Definition of terminology is important when it comes to discussions about Business Processes. Consequently this is true for discussions on BCM and SCRM.

Another aspect is where to position BCM, SCRM and ERM. Arising questions are:

  • Where to position each solution and how do they correlate to each other?
  • Which solution is part of which other solution or complementing other solutions?
  • Is the particular discussed solution to be considered a standalone solution, e.g. is BCM a standalone solution or is it even a part of an Enterprise Resource Planning (ERP) or ERM solution?
  • Is SCRM a standalone solution or is it a part of an ERM solution?

Definitions and answers to questions are found in many publications, last but not least in Wikipedia. A clear answer often enough remains missing. Best of all is when definitions are represented in ISO standards or equivalent documents.

Nevertheless to bring it all under one umbrella remains challenging!

The interdependency of Supply Chain Risk Management and Business Continuity Management

Business Continuity


Business Continuity

Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012)

Business Continuity Management

Business Continuity Management (BCM) is defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (Source: ISO 22301:2012)

Risk Management (=ERM)

The de facto standard for Risk Management (RM) is the ISO 31000, it provides a framework for RM. It defines Risk as “Effects of uncertainty on objectives”.

An extension to ISO 31000 is provided through the Austrian Standards Institute (ON) by the ONR 49000 rules, dealing with “Risk Management for Organizations and Systems”. The ON-Rules are typically used in order to document the development during the process of definitions towards standardization.

At its actual status the ONR 49000 goes beyond ISO 31000, it defines Risk as “Effect of insecurity on targets, activities and requirements”. Rather than focusing on strategic targets only, this intents to include operational activities as well.

Supply Chain Management

Supply Chain Management (SCM) is the collaborative planning, management and control of intercompany value-chains with a network structure in which the network entities and its processes regarding flows of goods, finance and information are interrelated. SCM is a logistical management task and has an impact on product development, procurement, production and sales. Logistic is a part of SCM with an intra-organizational perspective.

Supply Chain Risk

Supply Chain Risk (SCR) is the damage caused through a potential dysfunction or disruption in the Supply Chain, measured in relation to the likelihood of such an event. The Supply Chain Risk affects value generating performance-objects (e.g. production location, warehouses) as well as pure risk objects (e.g. weather, transport routes).

Supply Chain Risk Management

As of today there is no standard in place for Supply Chain Risk Management (SCRM). Nevertheless the definition for this article will be:

Supply Chain Risk Management is a component of Enterprise Risk Management. SCRM deals with the activities in order to mitigate risks in the supply chain processes of any organization. SCRM covers:

  • The identification and evaluation of risks and it’s caused damages within the supply chain.
  • The development, implementation, continuously adjustment and monitoring of an appropriate strategy and provisions based on joint activities of all supply chain members in order to reduce:
    • Probability of risk occurrence
    • Frequency of risk events
    • Size of damage
    • Time of recovery from damage
    • Time of detection of risks
    • Missing or inadequate provisions
    • Wrong allocated provisions
    • Wrong insured risks
    • Missing insurances

Business Impact Analysis

The Business Impact Analysis (BIA) is an essential component in any kind of Risk Management, consequently it is a component in BCM and SCRM. Typically the BIA has an exploratory component in order to reveal the vulnerabilities and its value and a planning component in order to develop a strategy for risk mitigation.


After analyzing many of the ongoing discussions, publications and taking standards into consideration, all in order to get the best understanding of “…how BCM and SCRM relate to each other….”, it is stated:

  • BCM and SCRM are side by side, in no hierarchal order, components of ERM.

So my next blog post will put Business Continuity Management and Supply Chain Risk Management into context to each other.

After Studies of Engineering and Business Administration in his Engineering Career Mr. Raue held managing positions in Companies such as Du Pont, Dillinger Stahlbau, Grillo AG. In his Career in Marketing and Sales Mr. Raue has held leader ship positions in Companies like Xerox, General Dynamics, Beta Systems, Lockheed, Oracle and SeeBeyond. Mr. Raue founded Global Business Partners, a Mergers & Acquisition Company, mainly focusing on the axis Europe – Asia Pacific. He also founded Beta Systems S. E., Worldwide Marketing of System Software to the IBM Mainframe community.

Since 2001 Mr. Raue is focusing as an Interims Manager at Business Development in the field of “Enterprise Risk- and Performance Management” by working jointly with leading and entrepreneurial organizations providing software products, solutions and services in that field. Products and solutions cover areas such as Enterprise Risk Management, Supply Chain Risk Management, Operational Risk Management, Data Warehousing, Business Intelligence, Analytics, Business Process Management and Change Management.

Leave a Reply