< Back to Blog Listings

Leveraging Risk Assessment in the Automotive Supply Chain


A wide range of business-critical risks face today’s automotive supplier. Typical risks include material shortages, catastrophic property losses, supply chain interruptions, IT failures, and more. For Tier One suppliers, the lack of transparency and control among sub-suppliers adds to their risk equation. Smart planning is imperative, especially as the globalization of automotive supply processes increases.

Automotive OEMs are requiring suppliers to create risk management procedures, contingency plans, and related strategies. Likewise, standards and guidelines have added risk management requirements. For example, AIAG’s Materials Management Operations Guideline, Logistic Evaluation (MMOG/LE) now addresses risk management, ISO/9001:2015 has recently introduced risk management, and ISO/TS 16949 will adopt it when introduced in the near future.

MMOG/LE is a guideline for assessing, improving, and benchmarking materials management and logistics operations of suppliers. This assessment tool — created by AIAG and Odette in conjunction with OEMs, suppliers, software vendors, and consultants — helps manufacturers uncover critical areas where automation and systems can significantly increase plant efficiency, reduce supply chain risk, and streamline processes. It serves as a delivery assessment, just as ISO/TS16949 relates to quality. Once suppliers complete the assessment, it scores them against best practices, helping them achieve Level A, world-class supplier status.

The MMOG/LE Full assessment consists of an Excel™ spreadsheet containing six chapters and 197 criteria. OEMs or customers ask sub-suppliers to assess themselves against the criteria and indicate if they meet each one. Many OEMs and Tier One suppliers typically require the submission of an MMOG/ LE assessment for all production suppliers. OEMs also require it for aftersales/aftermarket suppliers. Following the initial assessment, OEMs generally require a reassessment on an annual basis. In the case of new business, new product launches, or poor delivery performance, OEMs or customers may review MMOG/LE assessments with their suppliers.

The MMOG/LE Basic assessment, introduced at Version 4, has 106 criteria. The Basic assessment allows lower-tier suppliers to complete assessments and produce a meaningful roadmap of continuous improvement opportunities, and therefore, help reduce risk. With the introduction of the Basic assessment, the industry is seeing an increase in the adoption of MMOG/LE by Tier One suppliers.

MMOG/LE Version 4 requires organizations to have processes for managing risk to achieve the status of world-class supplier. The criteria for risk assessment includes having a process to define, prioritize, and proactively reduce risk. Based on the risk outcomes, the supplier develops contingency plans that are documented, reviewed, tested, and validated, and include training and lessons learned.

The first section on risk management in MMOG/LE looks at how the organization defines its risk assessment process. Specifically, the organization outlines how it assesses and addresses risk within the supply chain. The plan should identify supply chain areas that could affect the ability to meet the customer’s requirements in case of a deviation from normal business processes. Examples include EDI or systems failure, insufficient packaging, key equipment failure, sub-supplier material shortages, and utility outages. The plan should:

  • Address the step-by-step process for reviewing and defining risk
  • Name who is responsible for managing the process
  • Identify how often the process is reviewed and updated

Supply chain risk should include all departments within the organization since each can potentially disrupt customer delivery. The organization, however, should focus on prioritizing those risks that have high impact on the customer’s business and a high likelihood of happening. For example, for a facility located in Detroit, it is highly probable that a snowstorm could disrupt product transportation. The same facility, however, has a low probability of a major earthquake causing disruption.

The organization needs to include in its risk process how it will proactively reduce risk with contingency planning. For example, if the organization has a financially troubled supplier, will the organization take steps to:

  • Actively replace the supplier
  • Further develop the supplier
  • Alert the OEM (in cases where the supplier provides a unique capability)

The MMOG/LE section on contingency plans looks at the process for developing a robust set of emergency procedures.

Once an organization assesses risks, it needs to review, document, test, and validate its risk and contingency plan. At a minimum, the contingency plan should include key internal/external contacts, containment actions, recovery steps to return to normal operations, and key persons responsible for execution. Organizations should consider whether or not the plan is applicable to all shifts, whether to make the plan accessible on- and off-site, and to confirm that the primary contact has spending authorization to purchase what is needed to resolve the outage.

Lastly, it is important that the organization provides its suppliers with any customer-directed contingency plans. How will the supplier react if a sub-supplier does not have the appropriate packaging at the time of shipment?

Both risk and contingency planning should include a step for lessons learned. After evoking a plan, it is not uncommon to uncover something not addressed in the original plan. The best response is to update the plan with any findings after debriefing.

Resources available to assist organizations in risk management and contingency planning include:

  • AIAG’s Business Continuity Planning for the Automotive Supply Chain (M-12). This guide aids automotive suppliers in the development of business continuity programs and can be adapted for any size organization. It can also validate an existing business continuity program. It includes all elements of business continuity planning such as emergency, communications, business resumption planning, and IT disaster recovery.
  • Insurance organizations and consultants. These offer services and advice for managing risk exposure.
  • Odette’s Supply Chain Risk Management Guidelines. These contain an explanation of the three key elements of supply chain risk management, including the identification and quantification of risk, the development of mitigation strategies, and supply chain design to reduce risk. The guidelines also contain recommendations on the format and use of a Risk Categorization Matrix to classify and prioritize supply chain risk. The content helps organizations that do not have a robust supply chain risk process, or have not yet implemented one and are seeking to identify a practical starting point.

Most OEMs require their suppliers to complete MMOG/LE on an annual basis. It serves as a good reminder for organizations to review risk at least once a year. Reviewing all risk on an annual basis is important because something that may not be a risk one year may quickly become a risk the next year; or, it might become an item an organization should review further. For example, in 2008 when the global economy crashed, many sub-tier suppliers went bankrupt. Some automotive companies were caught off guard. Today, more organizations are looking at the financial viability of all sub-suppliers each year, reviewing risk management plans, and noting any lessons learned.

Terry Onica is director, automotive for QAD, an ERP leader in global automotive markets for parts manufacturers offering tools to help reduce risk as well as MMOG/LE support and resources.



Subscribe to Email Updates