The two most important factors when assessing supply chain risks are Severity and Likelihood. These are typically measured on a scale [e.g., 1–5], with the product of the two giving a risk score.
Severity measures the potential impact on the organisation if the risk materialises. For example, supplier insolvency may severely disrupt operations.
Likelihood assesses the probability of the event occurring.
The combination of severity × likelihood determines whether a risk is low, medium, or high, and informs mitigation strategies.
Other options are less central:
Location may influence likelihood but is a sub-factor.
People involved is not a formal assessment criterion.
Cost can be a consequence but is part of severity, not a separate factor.
Using severity and likelihood ensures risks are prioritised based on both impact and probability, allowing category managers to allocate resources effectively.
[Ref: CIPS L5M6 Study Guide, p.40 – Risk assessment and mitigation protocols]
