Assessing and Managing Supply Chain Risks

Assessing and Managing run Chain Risks1. IntroductionThe current trend of forthsourcing to low cost countries feature with supplier base reduction has provided signifi suffert cost reductions for crinklees. However, globalization and implementation of much streamlined publish manacles strike extendd bumps for companies when acquiring goods and services indispensablenessed for their operations. By the term happen of exposure is meant a guess of facing undesired consequences much(prenominal) as modify, loss, or injury. much scientifically, admit a chance is be as the combined probability for an undesired event and the potential damage the event might cause. This definition, or variations of this definition, has been applied by a procedure of researcher investigating adventure (March and Shapira, 1987 Zsidisin, 2003 Spekman and Davis, 2004 Wagner and Bode, 2006 Ritchie and Brindley, 2007). The detrimental personal effects does not eat up to be existential to the companies, but typically they cause lost sales, decreased grocery store sh atomic public figure 18 and large contractual penalties for the parties affected (Zsidisin, 2003).A very well-know example of such a detrimental effect is the $400 mill around loss suffered by the Swedish cell phone manucircumstanceurer Ericsson collectable to a lightning bolt which in love their sub-supplier of semi-conductors (Latour, 2001). an other(prenominal) example is the battle against the foot-and-mouth disease in the UK agricultural perseverance during the year 2001. This event temporarily paralyzed the agricultural industry, while the tourism industry suffered enceinte losses. Even luxury car manufacturers such as Volvo and Jaguar were affected since deliveries of quality leather used in various parts in the car compartment were temporarily stopped (Norrman and Jansson, 2004). A general ban on sale and export of British pigs, sheep and cattle was introduced during the outbreak. The tourism industry also suffered as m whatsoever another(prenominal) tourists changed their vacation plans due to transport bans and detersive washing of cars, boots and clothing in affected regions.Similarly, the fruit comp all Dole lost over $ c million dollars when a hurri kittye caused massive damage to the argona in Central America where their banana suppliers were laid (Griffy-Brown, 2003). The outbreak of SARS in Southeast Asia affected various industries such as the electronics industry, retailing, tourism, and the airline industry with losses at the national level stipulated to $38 billion just for Hong Kong, Singapore, Taiwan, and Thailand (Overby et al., 2004). The economic extend to of the hurri burn downe Katrina is stipulated to $100-125 billion. More than half of that amount is due to the flooding of New Orleans which paralyzed industry and disrupted traffic pattern living conditions in the affected atomic number 18as (Boettke et al., 2007). However, the most famous of suc h disruptive events is probably the 9/11 terrorist attack in 2001, which caused immiddle financial losses and initiated a massive restructuring of the airline industry (Bhadra and Texter, 2004).The above mentioned examples illustrate that translate cosmic strings may not be well prep ared for dealing with unforeseen events causing disruption in sub-systems of bestow range nedeucerks. The traditional cost-efficiency c oncentrate of picture drawstring systems piss led companies to eliminate buffers in the form of inventories and octuple sourcing by means of and throughout the interlock. However, this has also led them to remove mechanisms in the leave chain which previously jibed the effects of undesired, disruptive events in the chain. An alternative approach is to introduce more agility in the allow chain. This approach has undefeatedly been applied as a response to the fact that more and more market places in the twenty- startle century require a pro disembodied sp iritration of products and services, shorter product life cycles and increased demand for innovation (Narasimhan, Swink and Kim, 2006). In agile contribute chains, stock out penalties excrete straightaway in the form of lost sales and the key accomplishment measure is no longer productiveness or cost, but customer satisfaction. Traditional stable partnerships are substituted with more fluid clusters where partners enter and appropriate the internet at a more rapid pace. In general, there is also a focus on operator self- focusing to maximize the actors autonomy (Mason-Jones, Naylor and Towill, 1999).The actors higher level of autonomy in agile supply chains makes them better able to respond to changes in supplies upstream as they have no or few bindings keeping them from changing to alternative sources of supply. However, supply chain companies dealing with commodity goods rather than mien goods can not necessarily be expected to have the same gradation of freedom. Their ev eryday ambition would require them to eliminate all forms of waste to rebriny competitive. Any cost driving measure to mediate or avoid assay such as excess production efficiency, excess inventory, and increased supplier base would thusly have to be weighed against the expected costs of future unknown disruptive events. To do this, a proactive identification of potential supply and demand hazards is required at a strategic level. The blame is to localise where unforeseen bump events have the biggest impact on the supply chain electronic network, identify the sheath and number of chances, their associated costs, and assess alternative counter-measures to improve the resilience of the supply chain.The intent of this conceptual written report is to establish a decision material in order to aid the proactive identification and circumspection of potential upstream and downstream supply and demand hazards. The framework is veritable based on a broad variety of literature in tegrating multiple perspectives on happen from supply chain vigilance, marketing, and physical compositions supposition. The pretend framework presented separates itself from previous efforts in its comprehensiveness, and it has been designed to match the supply chain direction framework authentic by the Global Supply Chain Forum (GSCF). Previous categorization attempts have usually and presented sub-sets of lay on the line factors and have not paid much attention to how supply chain risks can be dealt with proactively.For instance, Zsidisin (2003) listed a number of useful supply risk characteristics and classified them into characteristics belonging to items, markets and suppliers based on the results of a case study. Item characteristics included impact on profitability and the newness of product application, while market characteristics involve global sourcing, capacity con telephone linets, market price fluctuation, and number of qualified suppliers. Risks associated with suppliers were capacity constraints, inability to reduce costs, absurd cultivation systems, quality paradoxs, cycle times, and volume and mix requirements changes. However, Zsidisins list of supply risk characteristics did not have important risk elements such as behavioural appearance of supply chain actors and risks associated with skills and qualities of the individual supply chain organizations, nor did it pay much attention to moderateness of risk events. In addition, the network perspective of supply chain circumspection was not evident in the sense that an event can appear several(prenominal) tiers away from the central organization but still damage the organization via an unknown dependence.Spekman and Davis (2004) also discussed a typology for categorizing risks. They found that risk lies inborn in every supply chain flow of goods, education, and money and they mentioned many of the same risk characteristics as in Zsidisin (2003). In addition, criminal acts a nd disruption of norms were included as risk elements in the supply chain. However, they did not focus much on actions to minimize or avoid the effects of undesired events. Dealing with risk was eventually reduced to the introduction of buffers or building trust. An exception is do for the management of security risks where they briefly mention the necessity of proactive planning to avoid such risks.Another example is Peck (2005) who reported from an falsifiable study where the sources and drivers of supply chain vulnerability were investigated. She used the cognition achieved to develop a multi-level framework for risk depth psychology and did not put much emphasis on identifying individual risk characteristics and tactics to improve the supply chains resilience. However, the framework illustrated in an intuitive air how unforeseen and undesirable events at other nodes in a network could influence and cause problems at different levels for a focal beau monde via dependencies. Kleindorfer and Saad (2005) also attempted to provide a conceptual framework to assess risk and introduced three tasks as the foundation of risk management. These were Specifying sources of risk and vulnerabilities, Assessment, and Mitigation. The sources of risk and vulnerability were thenceforth divided into operational contingencies, natural hazards, and terrorism and political instability. Kleindorfer and Saad (2005) did not elaborate in much fact on which risks to include in each of these categories, thus from a practical risk opinion pinnacle of view, the model becomes less interesting.In a standardized vein, Ritchie and Brindley (2007) developed a framework to encapsulate the main strands of supply chain risk management. They distinguished between seven sources of risk, but were not particularized roughly which risks to expect in each folk and they were not very detailed in their description of risk avoidance or mediation tactics. In stead, they used their general mod el as a quarter in an exploratory case study where the purpose was to focus on supply chain members degree of awareness of supply chain risks, and how supply chain members place and responded to identified risks.Ring and Van De Ven (1992) developed a framework for structuring cooperative relationships between organizations based on varying degree of risk and assent on trust. They based their paper on the assumption that the degree of risk inherent in any transaction depends in the direct proportion to decreases in time, information, and control. Examples provided were commercial risk (risk of not finding a price-performance niche in the market), technological risk (probability of bringing the technology to market), scientific risk (lack of knowledge), engineering misgiving (will the technology work?), and corporate risk. By corporate risk they referred to the risk of wrong allocation of resources in the organization. However, these types of risk are strongly connected with inter nal managerial and organizational skills of the focal company, and thus roll up only a small portion of the risk concept from a supply chain management perspective. Risks arising from process sharing and network inflicted risks were barely mentioned.In summary, a higher level of precision in supply chain risk assessment frameworks combined with normative guidelines for risk avoidance seems present in extant literature. This call has formally been put forth by Harland, Brenchley and pusher (2003) who provided an easy-to- abide by social function for risk assessment in supply chain networks. They concluded that more managerial guidance is required to support risk management and redesigning of supply strategies to incorporate risk strategies . An attempt to answer this call has been made in the pursuance sections. Mapping of risks in the supply chain has been emphasized combined with a discussion of tactics for risk mitigation and risk avoidance. In essence, this covers steps two t o four in the model by Harland, Brenchley and Walker (2003) ( routine 1). Guidance for mapping of the supply chain is the main goal for many of the supply chain management frameworks recently developed. Mapping of the supply chain has therefore only received limited attention in this paper, but references to some well-known supply chain frameworks are provided. Steps cardinal and six have been left for the managers to decide as the strategy formation and implementation would be situation specific and aquiline on the outcome of steps one to four.2. Research methodThe framework is developed based on a literature review where multiple perspectives on risk from marketing theory, organizations theory, and supply chain management have been integrated into a composite supply chain risk framework. Relevant contributions were identified through library searches and key word searches in Proquest and ScienceDirect databases. Search words were used all alone or in combination to find contri butions which could bring added insight just about risk from different theoretical perspectives. find out word searches typically included words such as supply chain management, marketing, or organization theory, and words such as risk, framework, uncertainty, vulnerability, resilience, etc. A large number of research contributions were identified from this procedure and contributions were further selected based on a qualitative assessment of the title and abstract of each identified contribution.A guideline for the literature review was to find an answer to the question what do we know from theory which could be relevant for supply chain managers in their efforts to identify and reduce the level of risk in their supply chains? The emphasis on theory was decided since an exploratory empirical investigation would be descriptive of current practices which would not fit with the normative purpose of this investigation. Ex post empirical test of the entire framework in a single stud y were also confacered surd to accomplish due to the amount of risk factors included. However, a varying degree of empirical validity is offered through the previous empirical testing performed by the researchers referenced. Some empirical guidance and initial face validity was also provided through discussions with the general director of a sub-supplier to the Norwegian oil and gas industry.3. Supply chain management and riskThe term supply chain management (SCM) has primarily been linked to the study of either internal supply chains integrating internal business functions, the management of two caller relationships with tier one suppliers, the management of a chain of businesses or with the management of a network of interconnected businesses (Harland, 1996). Transaction cost analysis (TCA), organization theory (OT) and relational marketing (RM) literature have contributed substantially to the development of SCM research (Croom, Romano and Giannakis, 2000). However, a definition of SCM given by the members of the Global Supply Chain Forum states that Supply chain management is the integration of key business processes from end user through original suppliers that provides products, services, and information that add range for customers and other stakeholders. This distinguishes SCM from the previous mentioned theories since it is the network or chain perspective which is emphasized (Lambert, make and Pagh, 1998).3.1. Mapping the supply chainIn order to be able to assess risk in a focal companys supply chain, a positive insight is required about how the supply chain is configured. A number of frameworks have been developed for the purpose of achieving such knowledge, but Lambert, Garca-Dastugue and Croxton (2005) identified only five frameworks which recognized the need to implement business processes among supply chain actors. Such implementation is considered a key area where supply chain management can offer improvement to supply chain actors (Hammer, 2001). However, only two of the five frameworks provided sufficient details to be implemented in practice (Lambert, Garca-Dastugue and Croxton, 2005). On the other hand, these two frameworks are both supported by major corporations which indicate a high level of face validity.The first framework is the SCOR model developed by the Supply-Chain Council (SCC, 2008). The SCOR model focuses on five different processes which should eventually be connected across firms in the supply chain. These are the plan, source, make, deliver, and return processes. The second framework was developed by the Global Supply Chain Forum in 1996 and was presented in the literature in 1997 and 1998 (Cooper, Lambert and Pagh, 1997 Lambert, Cooper and Pagh, 1998). Similar to the SCOR model, the GSCF model focuses on a set of distinct business processes to be divided among business organizations. However, a main difference between the two supply chain frameworks is their linkage to corporate strategy. spell the SCOR framework emphasizes operations strategy, little reference is made to organizations corporate strategies. The GSCF framework, on the other hand, directly cogitate with the corporate and functional strategies of the companies and thus offers a wider scope (Lambert, Garca-Dastugue and Croxton, 2005). Since risk is inherent at every level of an organization, and should be considered also at the strategic level, the GSCF framework was chosen as a starting point for our development of a supply chain risk management framework.3.2. Identify risk and its locationIn the GSCF framework, supply chain management consists of three inter-related elements 1) the structure of the supply chain network, 2) the management components governing the shared supply chain processes, and 3) the different types of processes linked among supply chain actors. Who to link with, which processes to link, and what level of integration and management should be applied are considered key decisions for succe ssful management of supply chains (Lambert, Cooper and Pagh, 1998).From a supply chain risk management perspective, these managerial questions make way for three promptings regarding risk and the focal company. The first proposition concerns the unpredictability of human nature when processes are shared with others. The second concerns the vulnerabilities created because of dependencies between multiple network actors, and the third refers to the skills and qualities of the different supply chain actors organization and management. Stated formallyP1 A focal companys exposure to supply chain risk depends on the level of human manner unpredictability in the supply chain and the impact such unpredictability can have on the companys supply chain.P2 A focal companys exposure to risk depends on the number and strength of dependencies in its supply chain and the impact an external risk event may have on the company.P3 A focal companys exposure to risk depends on the supply chain actors s kills and qualities to identify potential risks in advance and to solve risk situations once they occur.Although they address different aspects of risk to a focal company, the propositions are closely related. For instance, without the existence of network dependencies, behavioral unpredictability at another supply chain actor becomes irrelevant. Similarly, the focal company does not have to worry about the skills and qualities of other supply chain actors because there is always another alternative to select. Also, an increase in the supply chain actors skills and qualities will indirectly reduce the level of human unpredictability since it rules out some of the mistakes humans can make however, it does not rule out the focal companys uncertainty about other supply chain actors intended strategic actions. The relationship between the propositions has been outlined as arrows in Figure 2. Each category between the arrows refers to a more precise definition of the risks mentioned in the propositions. The categories follow the naming convention in the GSCF framework, and together, they constitute a holistic representation of supply chain risks relevant for successful supply chain management.The formal definitions for the three types of supply chain risk in Figure 2 are provided below and explained in the subsequent sectionsSupply chain processes risk refers to the perceived risk of other companies in the supply chain behaving intentionally or unintentionally in a appearance which could be harmful to the company.Supply chain structure risk is closely linked with the total number and type of dependencies in the network. It is a measure for the level of significant detrimental effects an undesired and unanticipated event can have on a companys supply chain network. This event can occur externally or internally to a local market or industry and affect either a single node or a multitude of nodes simultaneously.Supply chain components risk refers to the technical , managerial and organizational abilities each supply chain actor has developed in order to embrace opportunities, detect and avoid potential supply chain disruptions, and to mediate the effects of a disruption once it has occurred.3.3. Supply chain processes riskA focal companys exposure to supply chain risk will, according to proposition one, depend on the level of human behavior unpredictability and the impact such unpredictability can have on the companys supply chain. When companies begin to explore the competitive advantage of accessing and managing processes belonging to other companies in the chain, they therefore need to identify how the sharing of a process can change its vulnerability to unanticipated events and agree on strategic actions to reduce the processes vulnerability. The main factors to consider when processes are shared with other actors are shown in Figure 3 and explained below.In general, the sharing of processes across tiers in a network can be problematic s ince it simultaneously makes the focal company more unguarded to risk. Under working market conditions, each actor is free to choose its trading partner for every transaction. A natural hash out effect on risk therefore exists since there is no dependency on other specific actors in the network. However, when companies begin to integrate processes, as prescribed by supply chain management literature, they aloofness themselves from the market by creating lock-in effects with selected partners due to the specificity of tangible and intangible assets deployed.From a transaction cost theory point-of-view (Williamson, 1975, 1985), specific investments in shared processes must be protected against the risk of possible opportunistic behavior from the other actor in each partnership. Opportunistic behavior refers to actors self-interest seeking with ruse (Williamson, 1975) where guile means lying, stealing, cheating, and calculated efforts to mislead, distort, disguise, obfuscate, or ot herwise confuse (Williamson, 1985). In practice, this type of supplier behavior would bump in hazards like broken promises, production delays, increased costs, production shortcuts, and masking of inadequate or shortsighted quality (Provan and Skinner, 1989 Wathne and Heide, 2000). Any uncertainty of whether the suppliers behave, or would attempt to behave, opportunistically therefore increases the impression of risk to the actor playacting the risk assessment1. However, transaction cost theory has been criticized for its assumption of opportunistic decision makers.Critics argue that it is a as well simplistic and pessimistic assumption about human behavior, and that opportunism represents the exception rather than the rule (Macneil, 1980 Granovetter, 1985 Chisholm, 1989). buns (1984) also argued that undesired attitude such as hard bargaining, intense and frequent disagreements, and similar conflictual behaviors do not constitute opportunism unless an agreement has been reached of not to do so. In addition, even well-meant behavioral actions by one company may have negative effects for another party in the supply chain. The perception of risk linked with human behavior where processes are shared can therefore not be restricted to a matter of opportunism alone, but needs to include any kind of undesired human behavior whether it is opportunistic, undesirable or well-intended, but still potentially harmful.It has been suggested that behavioral uncertainty can be reduced with the introduction of formal and informal safeguards to the relationship. In a successful relationship, relational rules of conduct work to enhance the well-being of the relationship as a whole and take explicit account for the historical and social context within which an exchange takes place (Heide and John, 1992). Flexibility among the parties, solidarity, information exchange, and long-term orientation are norms typically associated with, and referred to, as relational safeguarding m echanisms in contemporary research (Ivens, 2002). The front of these norms in a relationship has been found to improve the efficiency of relationships and to reduce parties behavioral uncertainty (Heide and John, 1992).Alternatively, ownership, or some form of contractual command-obedience authority structure can be used to protect against inherent behavioral uncertainty. Vertical integration has traditionally been prescribed by transaction cost literature as an answer to wangle uncertainty in repeated transactions when there are specific investments knotty (Williamson, 1975, 1985). However, Stinchcombe (1985) found that the safeguarding features of hierarchical relationships can be built into contracts as well. These features included authority systems, incentive systems, stock operating procedures, dispute resolution procedures, and non-market internal pricing. It should be noted that advanced pricing mechanisms used can include agreed risk sharing and paying an insurance premi um to a third party to protect against the financial consequences of a business interruption (Li and Kouvelis, 1999 Doherty and Schlesinger, 2002). However, a prerequisite for risk transfer mitigation to work is the ability to clearly define the type, cause and boundaries for when the agreed risk transfer applies. Also, well defined standard operating procedures are particularly important since they indirectly describe the non-conformance cases. Breaches in quality performance or EHS procedures, shipment inaccuracies, delivery times, etc. by the focal company or another party are indications of reduced control over the supply chain. Hence, an increased frequency of such incidents in other nodes in the network will lead to an impression of greater behavioral uncertainty and supply chain risk.The impression of risk when processes are shared would naturally depend on the degree of lock-in which exists between two parties. A second risk factor in supply chain processes risk therefore re fers to the criticalness of specific nodes in the network (Craighead et al., 2007). More precisely, critical nodes are actors in the supply chain responsible for(p) for delivery of critical components or important subsystems where the number of supplier choices is limited. However, a node can be critical even though there may be little dependence in day-to-day operations. The increased popularity of outsourcing to third parties necessarily increases other actors involvement in the companys material and information flow. But, since both information and materials represent a form of capital investment, this also means that other actors in some cases handle large parts of a companys tied-up capital either in the form of information or in the form of goods. This risk is called degree of capital seizure in the framework.For instance, it is generally not very difficult to switch from one supplier of IT-server capacity to another, but the dependence on the supplier of server capacity ca n prove severe if sloppy routines at the supplier destroy the electronic database stored. A similar logic applies for other actors with control over much of the companys information and material flow. Large distribution centers are one example. A typical risk event would be a fire causing damage to much of the companys goods stored however, such an event would not be attributable to the processes shared and is therefore not a supply chain process risk. Instead, such a risk event has been characterized as external to the network and described under supply chain structure risk. However, another example would be the distribution center on not informing the focal company of a changed general staff leave. This would be a breach in the supplier relationship management process because it is a deviation from expected service levels in that particular period.3.4. Supply chain structure riskThe decision of who to link with in a network requires an explicit knowledge and understanding of the supply chain network configuration. According to proposition two, this includes a thorough comprehension of the risk inflicted upon the company because of dependencies established in relationship with other network actors. Therefore, the supply chain manager needs to assess how vulnerable the company is to unanticipated changes in the network and its exogenous environment.Dependencies are created with individual partners in the network and the level of dependency must therefore be assessed for each node. However, attributes of the network configuration itself may increase or reduce the impression of risk. A field risk category and a network complexness risk category have been created to reflect this duality. Field risk includes risk factors which are exogenous to the network, and not endogenously created as in supply chain process risk. Field risk is assessed for each node, but supply chain structure risk must also take the complexity of the network into consideration. For instance, geographically dense nodes within a network may represent a great risk to a company even though each actor itself may not be very important. This is similar to the Dole example mentioned in the introduction where a hurricane destroyed the banana harvest time in the area where Dole had most of its suppliers (Griffy-Brown, 2003).Network complexity risk refers to decision makers perceiving large networks as more uncertain since the involvement of more actors and more people implicitly includes more things which can go wrong (Craighead et al., 2007). This perception naturally becomes even stronger when the number and strength of identified critical nodes under supply chain processes risk is high. However, if a focal company is engaged in several sub-networks of supply and demand, this would moderate the perception of risk similar to the basic idea of diversification in modern portfolio theory. The reason is that the company can rest on several independent business pillars and prosper with the remaining pillars while the problem in the failing supply chain is sorted out.Field risk factors such as cash fluctuations, political or legal changes, environmental, and social risks are external to the supply chain network, and refer to the bucolic or region where suppliers, or clusters of suppliers, are located (Jtner, Peck and Christopher, 2002). Climate changes, in particular in combination with population growth, should receive attention since such changes may alter and threaten the living conditions in large regions of the world with serious effects on both the supply side and demand side to companies (Gilland, 2002 Yea, 2004 Leroy, 2006).An undesirable side-effect of global trade is that supply chains have become significantly more vulnerable to both organized and unorganized crime. Although cargo thefts have not yet caused major supply chain disruptions, the extent of such crime is steadily increasing and should receive attention from a proactive risk management perspective particularly if shipment of critical components is part of the day-to-day operations (Caton, 2006 Barnett, 2007).Another type of crime is abduction of key personnel for ransom money. Kidnappings are mentally challenging to the abducted and the organizations they work for, and can strain organizational resources for a substantial amount of time after a kidnapping incident. In addition, if a decision to pay ransom money is made, the amount required could be financially problematic to smaller companies. This type of crime has generally been associated with Latin America however, experts have anticipated that such kidnappings will shell out to other parts of the world (O Hare, 1994). Although no scientific follow-up study has been identified