definitions

From Supply Chain Vulnerabilities to Risk - Important Concepts in Supply Chain Risk Management

Daniel Dumke — Mon, 27 Jun 2011 13:43:00 +0000

This blog may be a good starting point for supply chain risk management related research and literature, but even with more than 140 articles reviewed in the blog I still just touched the tip of the iceberg. There are still many basic articles left. Like this one by Helen Peck (2006): “Reconciling supply chain vulnerability, risk and supply chain management”

Terms in SCRM

Today I have a look at, what is basically a literature review concerned with clarifying the confusion with the terms used when talking about risks in supply chains.

There are a wide range of different terms and concepts used in the wider field of supply chain risk management. How do the terms vulnerability and risk correlate and how are those embedded in supply chain management? On another level: How are corporate governance, business continuity management and security and emergency planning relating to SCRM?

Supply Chain

Starting from a “standard” supply chain definition as a system, comprising…

…flows of materials, goods and information (including money), which pass within and between organisations, linked by a range of tangible and intangible facilitators, including relationships processes, activities and integrated (information) systems.

The first definitions for “supply chain management” came up in the early 1980s and developed from a very logistical view on a supply chain towards a network understanding, comprising aspects like marketing or product development as well. There also has to be a clear distinction between a strategic level tasks in SCM and their functional execution.

Vulnerability and resilience

Within SCM there is no clear consensus as to whether supply chain vulnerability is simply a symptom of poor SCM—to be remedied with more effective SCM and the wider adoption of a SCO—or whether it is the unintended downside consequence of its successful application. Perhaps it should rightly be regarded as a combination of all of these.

Supply chain vulnerability can be defined as an “exposure to serious disturbance, arising from risks within the supply chain as well as risks external to the supply chain” and as “a condition that is caused by time and relationship dependencies in a company’s activities in a supply chain”. Vulnerability is therefore seen as a combination of a disturbance and the resulting negative consequence.

The concept of “resilience” is related to risk and vulnerability in so far as it accepts that not all “risks” (hazards or threats) can be avoided, controlled, or eliminated. Instead, resilience focuses on the “ability of the system to return to is original or desired state after being disturbed”, i.e. its ability to absorb or mitigate the impact of the disturbance.

Corporate risk management

Supply chain (risk) management and its counterpart on a corporate level do not share the same origin. Where supply chain management stems from a more comprehensive view on operational management aspects like logistics and operations; corporate risk management originates in a strategic / macroeconomic view on the company.

These roots also lead to a different understanding for risk management. In a case where corporate risk management suggests outsourcing of non-core processes for risk reduction, a supply chain risk management view would imply a larger weight on the negative effects of the reduction in control.

Conclusion

Finally, Peck emphasizes the different aspects of risks in supply chains and highlights the distinctive factors:

Consequently, it is suggested that managerial views of supply chain risk, based on assumptions drawn principally from best practice in manufacturing enterprises, offer a familiar, convenient but incomplete picture of supply chain vulnerability. SCM is an integrative, cross-functional discipline, so it must be recognised that supply chain vulnerability is also a concern for practitioners and academics in other disciplines, including BCM and corporate risk management.

Reference:

Peck, H. (2006). Reconciling supply chain vulnerability, risk and supply chain management International Journal of Logistics, 9 (2), 127-142 DOI: 10.1080/13675560600673578

Rate This:

Tags:

definition

resilience

risk

vulnerability

definitions

Categorization of Supply Chain Risk and Risk Management

Daniel Dumke — Mon, 16 May 2011 14:13:00 +0000

Several questions I receive concern the very basic elements of supply chain risk management. Since reading “Categorization of Supply Chain Risk and Risk Management” by Norrman and Lindroth (2004) I often referred to it, to describe the different aspects.

Framework

Norrman and Lindroth suggest a three dimensional framework to analyze different supply chain risk management issues (figure 1). The dimensions are:

Unit of analysis, describing the levels which are affected by this issue (more local to the company or affecting the whole supply network)

Type of risk or uncertainty, describing if the issue is operational or strategic

Risk and business continuity management process, which shows the stage within the risk management process

Figure 1: Supply Chain Risk Management Framework (Norrman and Lindroth, 2004)

The framework can be applied to many supply chain problems, an example of which can be found in figure 2.

Figure 2: Application of Supply Chain Risk Management Framework (click to enlarge; Norrman and Lindroth, 2004)

Definition of SCRM

Supply chain risk management can be defined as,

… to collaboratively with partners in a supply chain apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources’ (Norrman and Lindroth, 2002)

Since SCRM is dealing with more than the risk from a single company it takes a broader perspective than the traditional risk management approach. It also considers the rippling effects of events connected entities.

There are several definitions for risk. The Royal Society defined it in 1992 as:

risk is the chance, in quantitative terms, of a defined hazard occurring. It therefore combines a probabilistic measure of the occurrence of the primary event(s) with a measure of the consequences of that/those event(s)

An important dimension of risk is its contextual association, which can be strategic, financial, operational, commercial or technical:

Strategic: the risk of plans failing or succeeding, e.g. marketing strategy, changes in consumer behavior or political/regulatory changes.

Financial: the risk of financial control failing or succeeding.

Operational: the risk of human error or achievement, e.g. design mistakes, unsafe behavior, employee practices risk, sabotage.

Commercial: the risk of relationships failing or succeeding, e.g. business interruption due to loss of key executive, supplier failure or lack of legal compliance.

Technical: the risk of physical assets failing/being damaged or enhanced, e.g. equipment breakdown, infrastructure failure, fires, explosion, pollution, etc.

But the locational source of the risk is as important and can be divided into (a) externally-driven or environmental risk, (b) internally-driven or process risk, © decision-driven or information risk.

Risk Management Process

After highlighting some basic aspects of SCRM and risks in the supply chain context, the authors present their risk management process, which contains three elements: Risk Analysis and Assessment, Risk Management and Business Continuity Management (BCM).

The process starts with a listing of the risks affecting the supply chain using Fault Tree Analysis (FTA) and assessing the effects of those events in case they happen on the supply chain using Event Tree Analysis (ETA). As the second step, the decision has to be made if the risk can be accepted or if the risks can be mitigated by reducing the likelihood or impact.

Thirdly, one can argue if BCM (see figure 3) has to be part of a risk management process, nonetheless it is related, since it covers the aspect of planning for when an adverse event happens.

Figure 3: Business Continuity Management (Norrman and Lindroth, 2004)

Conclusion

The framework combines several important aspects of risk management in general and specifically supply chain management. It is therefore very suitable for an introductory purpose on supply chain risk management.

Reference:

Norrman, A., & Lindroth, R. (2004). Categorization of Supply Chain Risk and Risk Management Supply Chain Risk (Ed. Clare Brindley), 14-27

Rate This:

Tags:

Supply Chain Risk Sources, Consequences, Drivers and Mitigation

Daniel Dumke — Wed, 23 Feb 2011 09:35:00 +0000

I just stumbled upon one of the articles I already read about a year ago, shortly after I started my research. Beside indication of a future research agenda (see as well here), Jüttner et al. (2003) also explain some fundamental concepts of supply chain risk management.

How to get there?

Jüttner et al. decided to conduct a exploratory study with practitioner interviews and compare these results with a literature review. Four basic concepts for Supply Chain Risk Management evolved from this, namely Risk Sources, Risk Consequences, Risk Drivers and Risk Mitigation Strategies.

Risk Sources

[are] environmental, organisational or supply chain-related variables which cannot be predicted with certainty and which impact on the supply chain outcome variables

So there are three categories for risk sources: Environmental, Network and Organization.

Environmental risk sources may for example be the result of accidents (eg. fire), socio-political actions (eg. terrorist attacks) or force majeure (like hurricanes or earthquakes)
Network-related risk sources unfold from interactions between organisations within the supply chain, examples are: Lack of Ownership (unclear responsibilites between supply chain partners eg. due to increased concentration and outsourcing), Chaos can result from missing trust or badly communicated information, finally Inertia describes a lack of flexibility within the supply chain.
The interviews showed
a consensus that network-related risks are an important and so far neglected source of risk.
Organisational risk sources can be found within one of the participants of the supply chain in focus and can be found within the production factors like labour (strikes), machines (failure), etc.

To conclude: From the point of view of the links within the supply chain, environmental and organizational uncertainties can be seen as risks “to” the links in the supply chain whereas network-related uncertainties are risk sources “of” the links.

Risk Consequences

Risk can have consequences can be measured ex post by the performance indicators used. Ex ante they are contained within the variances of the indicators. Three different consequences can be named:

Financial consequences
Reputation damage
Health and safety concerns

Risk Drivers

Risk drivers further increase the risk experienced by the supply chain participants (examples: competition increases the risk indirectly, outsourcing (increased complexity) has a direct effect on risks)

The major drivers for risk are: focus on efficiency rather than effectiveness, globalization of supply chains, focussed factories and centralized distribution, the trend to outsourcing and the reduction of the supplier base.

Risk Mitigating Strategies

… can be defined as

strategic moves organisations deliberately undertake to mitigate the uncertainties identified from the various risk sources (Miller, 1992)

Conclusion

The results of this article experienced a widespread use and are accepted by many researchers. The definitions mentioned can be used as basis for further research in the supply chain risk management field.

Reference:

Juttner, U., Peck, H., & Christopher, M. (2003). Supply Chain Risk Management: Outlining an Agenda for Future Research International Journal of Logistics Research and Applications, 6 (4), 197-210 DOI: 10.1080/13675560310001627016

Rate This:

Tags:

definition

risk

definitions

Definition of Risk

Daniel Dumke — Wed, 05 Jan 2011 12:59:00 +0000

What is risk anyway?
I read this paper already some time ago. It is very important to have a clear definition of the terms used in research. But from my previous experience I know that also in business a clear understanding of the different aspects of risks is important to stay consistent.

Case Study

At a client I was involved in a company wide risk assessment. The participating middle managers were required to list and assess relevant risks using an Excel sheet. There were predefined categories for impact (eg. less than €1m, between €1m and €10m and above €10m) and probability (eg. p 50%).
The survey was therefore aimed at high impact, low probability events. One of the biggest tasks during this assignment was to train the managers on how these categories should be interpreted. But honestly, this categorization does not make this task very easy. Suppose the following disruption: missing employees due to an outbreak of the swine flu. The line in Excel might look like this:

Swine Flu: p But if you think about it, this task is not very straight forward, the following questions remain:

There is of course also a more remote chance that the outbreak cannot be contained so quickly as assumed here and the loss might be larger than € 1m. How should you account for this? Add another line, with p Risks can be differentiated into different kinds like business risk, social risk, economic risk, safety risk

Risk and uncertainty
There is a difference between risk and uncertainty, where risk is when you know about the probabilities and uncertainties when you don’t. So most real life situations (beside the Casino) you are in the realm of uncertainty. If you are using uncertainty, then you have to think about the probabilities of the probability, how likely is it that your estimated probabilities are correct?

Relativity of risks
There is usually no objective measure for risk, only perceived risks.
The notion of absolute risk always ends up being somebody else’s perceived risk quantitative definition of risk

Risk should be view using the following triplet
Scenario, Likelihood and Consequence

There are different types of damage
There is no continuous measure which you can use for loss of life vs. loss of property

Conclusion

Kaplan shows several important factors of risks that are relevant when applying the concept of risk in a business setting. Several other researchers have built on his work, and for example extended the definition of the consequence of risk, to not only contain a single digit for the impact but also aspects as duration, etc.

Reference:

Kaplan, S., & Garrick, B. (1981). On The Quantitative Definition of Risk Risk Analysis, 1 (1), 11-27 DOI: 10.1111/j.1539-6924.1981.tb01350.x

Rate This:

Tags:

Topology of Supply Chain Risks

Daniel Dumke — Sat, 27 Feb 2010 18:55:00 +0000

S. Rao and T.J. Goldsby’s published an article in 2009 on the topic of “Supply chain risks: a review and typology”.

The article is devided into three sections. Definition of Risk / supply chain risk, overview of supply chain risk literature and identifying risks in the supply chain.Rao and Goldsby first summarize some of the definitions for risk. After a short introduction of the origin of risk in the research they start with the question if you should look at risk either as only the adverse effects of a possible event or as negative and positive consequences (so not only the risk but also the opportunities).

Managers tend to interpret risk as only the downside part so the authors decide to concentrate on this as well. To support their point they summarize eight definitions for risk starting in the 1950s with the definition by Markowitz, two of those define “risk” as risk and opportunity.

Building on this Rao and Goldsby go on summarizing current definitions of supply chain risk management, starting with Christopher (2002) to Manuj and Mentzer (2008). Concluding that “any approach to SCRM needs to look at understanding and reducing vulnerability to the supply chain as a whole, rather than at a focal firm level. In other words, the quest is for a global optimum rather than a local one.”

In the next part the authors summarize the key contributions of 55 selected papers on SCRM in one sentence.

In part three they develop a framework to identify risks in the supply chain.

Risk Framework as suggested in Rao and Goldsby (2009)

Each risk (beside “problem specific risk” and “decision maker risk”) is discussed and explained in detail.

Conclusion

The paper appears as three very distinct parts. The parts are only loosely connected and each one could have made separate papers as well.

Part One: The risk definition is to short and very one sided to be used for a discussion of what risk or supply chain risk management really is or should be. For example, there is no differentiation between risk and uncertainty and the terms are used for each other without consideration. Furthermore the argument for only taking the downside of risk into account, neglecting opportunities, is discussed, but result is not satisfying, since in many cases optimal decisions can only be meet when both sides are taken into account.

Part Two: Overall Rao and Goldsby deliver a good and broad review of the SCRM literature, even though it is only indicative and not exhaustive as they note.

Part Three: Here the authors try to define a new risk framework for managing supply chain risks. After reading the definitions for supply chain risk management (Quote: “…collaborative risk management…”) I was expecting nothing less than a framework which includes risks not only of the individual supply chain actors, but also the supply chain as a whole. But it seems that the presented framework is a collection of several already known risk sources for a single company, the two new aspects in their framework (“problem specific risk” and “decision maker risk”) are not discussed and left for further research.

Reference:

Rao, S., & Goldsby, T. (2009). Supply chain risks: a review and typology The International Journal of Logistics Management, 20 (1), 97-123 DOI: 10.1108/09574090910954864

Rate This:

Tags:

categorization

risk

definitions