Data-based risk analysis – RiskNET

The Supply Chain Act (LkSG) obliges German companies to fulfill new due diligence requirements with regard to human rights and environmental risks along global supply chains. Companies with more than 3,000 employees are directly affected (from 2024: more than 1,000 employees). Due to the planned EU directive on corporate sustainability due diligence, smaller companies will also be affected in the second step.

For the operational risk management the legal innovation means that risk management-Processes must be expanded to include the level of direct suppliers. The Supply Chain Act obliges companies to carry out annual risk analyses, in the course of which every direct supplier of their own company must be checked for possible violations of human rights, illegal labor practices and environmental pollution. Thus, the annual risk analysis represents a complex challenge, since a large number of companies usually have to analyze several thousand direct suppliers. In the following we would like to show how Funk and its customers implement the annual risk analysis in practice in a pragmatic and result-oriented manner and how the procedure in the risk management-Processes integrated.

Funk has developed a methodical approach that converts the requirements of the annual risk analysis according to the Supply Chain Act into a practical implementation. If necessary, we will also support you as part of a gap analysis in determining all the necessary implementation steps. On the basis of the Funk LkSG tool, the risks of direct suppliers are evaluated based on data. In a funnel model, all direct suppliers are prioritized according to risk groups and non-risky suppliers are sorted out. The annual risk analysis is carried out in four steps:

Read also  Inclusive education in Burkina: A capitalization document in validation

Figure: Funnel model for implementing the risk analysis in accordance with the LkSG

Step 1: Inclusion of all immediate suppliers in a radio template

In the first step, all direct suppliers are assigned both a country of origin and a product group.

Step 2: Automated data analysis with the Funk LkSG tool

In the second step, all direct suppliers are subjected to an automated risk analysis in accordance with the requirements of the Supply Chain Act. Based on a large number of data sources, the Funk LkSG tool automatically determines the country and product group risk for each supplier. The LkSG tool also shows the risk characteristics of almost 30 possible individual risks. The aim of this step is to sort out the majority of non-risky suppliers.

Step 3: In-depth analysis of suppliers with increased Risk.

In the third step, only direct suppliers with an increased country and product group risk are considered. The more in-depth risk analysis includes the structured evaluation of the individual risks according to their severity and probability of occurrence. In addition, other criteria such as influence, causal contribution and business activity are used.

Step 4: Derivation of preventive and remedial measures

In the last step, necessary preventive measures are derived for critical suppliers. If specific violations have already occurred, appropriate remedial measures must be implemented.

The results of the risk analysis and the methodical procedure are finally documented in a well-founded risk report. For our customers, the effort along the four process steps is low. The significance of the risk assessment is high and actively supports companies in identifying appropriate preventive measures. The methodical approach is designed to link the new legal requirements to the lean processes of German SMEs. In addition, the identified risks can be easily integrated into the Risk inventory take up a company.

We are also happy to offer you an individual exchange in order to give you pragmatic support with the due diligence obligations of the Supply Chain Act.

Authors and contacts:

Max von Bohlen
Sales Manager
Funk Risk Consulting GmbH
Max von Bohlen  Sales Managers |  Funk Risk Consulting GmbH

Tom Gaycken
Funk Risk Consulting GmbH

Tom Gaycken | Consultant | Funk Risk Consulting GmbH

[ Bildquelle Titelbild: Adobe / Siarhei | Bilder Text: Funk Risk Consulting ]