Supply chain risk management (SCRM) has a strong influence on the cooperation among partners and the performance of the entire production chain. A supply chain designed to minimize risks enables firms to establish a competitive position and provides long-term benefits to stakeholders. The SCRM system should be structured to manage both routine and extraordinary risks, such as natural disasters and major accidents. The risks should be managed both reactively, by monitoring changes in the chain, the needs of customers, technology and the strategies of suppliers and competitors, among others, to enable quick reaction to events; and proactively, to identify risks and implement actions to prevent them or minimize their impacts. The basic risk management process consists of identifying, evaluating, mitigating and controlling risks. The objective of this paper is to analyze how a carmaker identifies and manages the risk factors in its supply chain. To achieve this aim, we performed a qualitative, applied and exploratory field study of a Brazilian automaker. The data were collected by structured interviews, and the analytic hierarchy process was applied to rank the risk factors, resulting in a risk matrix that can be an instrument for making decisions by the company studied.