Supply Chain Risk Management: A One-Week Checklist for Buyers Who Got Burned
Two years of port backlogs, chip shortages, and single-source factories going dark taught procurement teams an expensive lesson: the lowest unit price is worthless if the part never arrives. Risk that lived quietly in a spreadsheet for a decade became a board-level conversation overnight. The instinct now is to overcorrect — to demand a second source for everything and triple every safety stock. That is just as wasteful as the complacency it replaces. Risk management is about spending your attention where the exposure actually is.
You do not need a six-figure software platform to start. You need a disciplined pass through your supply base, which a small team can do this week. Here is the checklist.
Map before you mitigate
You cannot manage a risk you have never written down. Start by building a simple register of your most important inbound flows. Spend the first day mapping, not fixing.
List the items that, if late, stop production or stop you serving a customer — usually a small fraction of your SKUs.
For each, record the supplier, where it is actually made (not just who invoices you), and the lead time you really see, not the quoted one.
Flag every single-source and sole-source item — a part only one supplier sells is your sharpest exposure.
Note geographic and logistics concentration: items that all ship through one port, region, or carrier fail together.
Rank by likelihood and impact
Not every risk deserves the same response. Score each entry on two simple questions — how likely is a disruption, and how badly does it hurt if it happens — and focus your effort on the top of the list. A handful of items will dominate your true exposure.
Impact. What does a four-week outage cost in lost revenue, penalties, or idle production? Put a dollar figure on it so leadership can prioritize honestly.
Likelihood. Consider supplier financial health, single points of failure, geopolitical and weather exposure, and how stressed the lead time already is.
Detectability. Would you even know a problem was coming, or would the first signal be a missed delivery? Blind spots deserve extra weight.
Recovery time. If this source vanished tomorrow, how long to qualify an alternative? Long requalification times turn a hiccup into a crisis.
Act on the top of the list
For your highest-ranked risks, pick mitigations that match the exposure rather than reflexively buying more inventory. Qualify a second source for a critical single-source part. Negotiate buffer stock the supplier holds for you. Build a small strategic reserve only where lead times are long and shelf life allows. Tighten contracts with clearer lead-time commitments and the right to audit. Above all, talk to your key suppliers about their risks, because their disruption becomes yours.
Finish the week by assigning an owner and a review date to each top risk. A register nobody revisits is just a document; a register you reopen every quarter is a living capability. Risk management is not a project you complete — it is a habit you keep.
If you want a second set of hands to build the register, run the supplier conversations, and turn the findings into stronger agreements, XNM's procurement, sourcing & contract management can help you move from reacting to disruption to managing it.