Supply Chain Risk Management at BAE Systems

BAE Systems Plc spends more than £10 billion a year with 25,000 suppliers around the world. In this article Keith Roach, Head of Enterprise Risk Management, explains the importance of working with their supply chain partners to manage risk.

Supply chain risk management (SCRM) is the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous assessment of risks and uncertainties with the objective of reducing vulnerability and ensuring continuity. Increasingly, BAE Systems’ suppliers are adopting a structured approach to risk management, which is something BAE Systems encourages, and aims to mandate in the future.

Why managing supply chain risk matters

Risks within the supply chain are variable in nature. They can include such wide-ranging things as natural disasters, fluctuations in raw material prices, flu pandemics and supplier bankruptcy.

“Increasingly, BAE Systems’ suppliers are
adopting a structured approach to risk management,

which is something BAE Systems encourages,
and aims to mandate in the future.”

Keith Roach, Head of Enterprise Risk Management, BAE Systems Land (UK)

Any supply chain is only as strong as its weakest link. Significant supply chain disruptions can reduce revenue, cut into market share, inflate costs, exceed budgets, and threaten production and distribution. They can also damage credibility with investors and stakeholders. This applies to BAE Systems, but also to all our individual suppliers, and their suppliers.

Supply chain risk management works best when there’s a common approach of identifying, recording and managing risks between customer and supplier.

The benefits of supply chain risk management include faster decision making and less ‘fire fighting’, fewer surprises (managed threats and successfully converted opportunities) and improved confidence and trust across the stakeholder community. Added to this it leads to better use of resources, improved morale and reduced cost.

BAE risk management process

BAE risk management process


A mature risk management process has the following elements:

  • Sharing information on business risk and opportunities: Open dialogue, sharing of risk registers
  • Using a common platform
  • Using similar definitions and methodologies (e.g. three point estimating, Monte Carlo analysis)
  • Visibility of risks would decrease chances of unforeseen interruption
  • Sharing lessons learned – these are the risks and opportunities for future projects

Talk about your risks (risk sharing)

BAE Systems values long term relationships with a limited number of suppliers. This makes an open dialogue about risk with supply chain partners critical to success for all projects. It’s important that all parties understand the risks and opportunities. Some risks might be better managed by BAE Systems or a supply chain partner, and some risks can be shared between organisations. Proactive sharing of risks is seen as a positive at BAE Systems, rather than a negative thing. It enables all parties to effectively focus on finding early solutions to problems that may impact at some point in the future.

The right tool

For many companies, MS Excel is the first tool they think of when starting to manage risk, which is understandable, as it is easy to use and widely adopted. While MS Excel is OK for keeping track of risks in small, isolated projects, it’s not appropriate in an environment which needs risks to be input, updated and managed by lots of people. Also, it’s really hard to gain a portfolio view of risks and it is difficult to consolidate and aggregate risks held in different MS Excel sheets across a business, so it just doesn’t work well when managing risks in the supply chain.

A tool that documents individual risks and opportunities can provide a basis for important decisions affecting their overall outcome. A significant number of businesses within BAE Systems use Risk Decisions’ Predict! suite of risk management tools, which provides a complete and fully integrated risk management and analysis package. It is highly flexible and can be readily adapted to the way any company manages risk and opportunities without the need for customisation. Its RC Lite module allows risk information to be uploaded using MS Excel, allowing supply chain partners to update a risk database without directly logging in. And once risks and actions are captured using RCLite, they can be uploaded into Predict!, making the information available for instant review across the business.

Similar methodologies: Three point estimating & Monte Carlo analysis

Three point estimating uses uncertainty in its inputs to generate a range of possible outcomes, which are then most commonly reported as a triangular distribution, or three point estimate. (a minimum, likely and maximum value). For example, the time required to produce, ship and deliver a piece of equipment can be a minimum of 10 days (best case), likely of 12 days and maximum of 15 days (worst case).

Monte Carlo analysis uses baseline, risk and uncertainty data in its inputs to generate a range of possible outcomes for any discrete set of activities (e.g. the percentage likelihood of delivering on time and to budget). It maps the overall distribution of these outcomes, facilitating easy interpretation and more informed decision making.

Visibility of risks

Involving your contractors openly in the risk management process can help to forge trust and confidence, and reduce conflict in customer/supplier relationships. For example, allowing key members of your supply chain to access your risk tool, such as Predict!, can allow stakeholders to have visibility of relevant risks and share in their ownership and mitigation. Properly implemented, open and joint risk management can lead to faster risk responses, and achievement of a common goal in reduction of risks that lead to issues.

Lessons learned

Documenting lessons learned allows you to build up a database that can be a vital source of information. Using this information for new projects can save time (no need to re-invent the wheel) and increase your chances of project success, as often projects share the same main risks.


Ultimately, an effective supply chain risk management process is all about peace of mind: for BAE Systems, its customers and its supply chain partners. It is about adopting a common language, maintaining an open dialogue, and using a professional tool to record, aggregate and mitigate risks and opportunities. BAE Systems is committed to helping supply chain partners take their risk management practices to the next level.

Looking to improve your supply chain resilience? Contact us to discuss how we can help you.