1. Identifying internal and external environments – Enterprises should identify internal environment of the company a rogue employee, also check management, policies, finances etc. As well as those posed by the external environment in which an enterprise operates e.g. supplies, competitors, Government policy etc.
2. Risk Identification-Developing an initial risk register, which is a one-time effort, is necessary to identify baseline risks. Too many organizations start a risk management program without knowing what threats the organization faces, or what consequence a disruption would have. As a result, they focus too much protecting against the wrong threats or too little
protecting against threats that matter.
3. Risk Analysis The risk analysis process should estimate the likelihood and consequence of risks facing a firm and accordingly prioritize them for ultimate treatment.
4. Risk Evaluation Enterprises may use their ratings of the likelihood and consequence of risks before and after treatment to evaluate residual risk levels against acceptable risk levels, that is, their risk tolerance.
5. Risk Treatment Once an enterprise understands its supply chain and analysed its potential risks, it can implement an effective supply chain risk management program with its partners, that is, its suppliers, carriers, and logistics providers.
6. Communication and Consultation-Communication should happen throughout the supply chain management process. It should be between the firm and all its stakeholders. Consultation from management, stakeholders, consultant should also be done.
7. Monitoring and Review