vulnerability

An Empirical Investigation into Supply Chain Vulnerability

Daniel Dumke — Tue, 05 Jun 2012 06:30:56 +0000

One basic assumption in risk-aware supply chain design is the notion that the design of the supply chain actually has an impact on the vulnerability of the supply chain.
This question has been analyzed about six years ago in a broad empirical study by Wagner and Bode.

Method

The authors use a rather large sample of companies in Germany. Overall nearly 5000 supply chain professionals were asked to participate and 760 actually took part in the study.
Most sample companies had an industrial focus (72% versus service (20%) and trade (9%)).
This study is founded on a similar sample as this other study by Wagner and Bode analyzing the impact of risks on supply chain performance.

Model

The author focus on some supply chain design variables, which supposedly increase supply chain vulnerabilities. Figure 1 shows the assumed relationship between those drivers of supply chain vulnerability and three supply chain risk categories.

Figure 1: Concept: Relationship between Design and Risk

The authors propose the following hypothesis, which are then tested using the empirical data:

H1: The higher the drivers of supply chain vulnerability, the higher the level of demand side risk a firm faces.

H2: The higher the drivers of supply chain vulnerability, the higher the level of supply side risk a firm faces.

H3: The higher the drivers of supply chain vulnerability, the higher the level of catastrophic side risk a firm faces.

Results

The results show that all hypothesis are supported by the findings of the authors. However the design factors/vulnerabilities only explain part of the observed supply chain risks (7% for H1, 13% for H2, 3% for H3).
Demand side risk was influenced by strong customer dependence and strong supplier dependence.
Supply side risk was influenced by supplier dependence, single sourcing and global sourcing.
Lastly, catastrophic risk was impacted by the degree of global sourcing.

The authors draw the following conclusions:

First, the supply chain vulnerability variables in our model explain a rather small portion of the variance in the risk arising from demand side risk sources. It is a low but not astonishing value since the majority of the vulnerability variables focuses on the upstream supply chain. However, the results reveal that customer dependence increases demand side risk. This finding indicates that firms that are dependent on some customers are exposed to a higher risk of suffering from the detrimental effects of demand volatility and poor downstream information. This could be because of order batching or limited possibilities of demand pooling. […] This leads to the hypothesis that, beyond the investigated variables, there are several additional aspects both internal and external to the supply chain that determine a firm’s exposure to supply chain risk.

Second, risk derived from supply side risk sources is elevated by supplier dependence, single sourcing and global sourcing. Supplier dependence obviously amplifies the threat from poor quality, supply shortages, sudden demise of one of these suppliers, and poor logistics performance. Although this argumentation also applies to single sourcing, the single sourcing approach seems to be less hazardous than general dependence on some suppliers. This is because single sourcing is usually aligned with a closer relationship that might absorb some of the supply side risk.

Third, when it comes to risk from catastrophic risk sources it has to be taken into consideration that the sample data was collected in Germany which has been a very “calm” place with regard to disasters. Here, it is solely global sourcing that is a significant factor that exposes firms to higher risk from catastrophes. The implementation of a global sourcing strategy stretches the supply chain geographically which ultimately means more peril points for the information and material flow. The robustness and resilience of regional or national supply chains is usually higher. Surprisingly, the study shows that supplier dependence decreases the risk exposure to catastrophes. Again we would argue that this is because of lack in supply flexibility. Firefighting against the consequences of catastrophic events might be more successful with the ability to quickly adjust the supply.

Conclusion

I would argue that it is always hard to measure risk consistently in a qualitative study. People are likely to evaluate the same risk quite differently, which might lead to unclear results.
Furthermore the low impact of these specific design variables emphasizes the view that there are many more factors (internal and external) that impact the exposure to supply chain risk.

Reference:

Wagner, S.M., & Bode, C. (2006). An Empirical Investigation into Supply Chain Vulnerability Experienced by German Firms Erich Schmidt Verlag, 79-96

Rate This:

Tags:

design

vulnerability

exposure

Assessment of Supply Chain Vulnerabilities

Daniel Dumke — Mon, 02 Apr 2012 14:34:31 +0000

This is a review of another chapter of the book by Zsidisin and Ritchie (Supply Chain Risk). The book can be bought at amazon.com, if you are interested in reading more.

I already reviewed chapter 15 on Behavioral Risks in Supply Networks.

The title of this weeks article is “Assessing the Vulnerability of Supply Chains” and since the author works for a consulting firm you can expect a more practice oriented approach to risk analysis.

Goals and definitions

There are three main questions to be answered in this article:

Understand the nature and types of factors that may pose threats and risks to the achievement of the supply chain system’s short and long term mission.

Understand the scenarios (processes and mechanisms) through which these threats, risks and vulnerabilities may evolve.

Understand how through the use of vulnerability scenarios, the likelihood and consequences of such threats may be reduced and managed in a cost- and service effective manner, whilst achieving an acceptable vulnerability level.

A vulnerability of a supply chain in this context is defined as

the properties of a supply chain system; its premises, facilities, and equipment, including its human resources, human organization and all its software, hardware, and net-ware, that may weaken or limit its ability to endure threats and survive accidental events that originate both within and outside the system boundaries.

Vulnerability analysis is seen as an extension to risk analysis.

Risk analysis is focused towards the human, environmental and property impacts of an accidental event, while a vulnerability analysis is focused towards the system mission and the survivability of the system.

In a risk analysis three questions make up the basis of the analysis: (i) what can go wrong, (ii) how likely is it to happen, and (iii) what are the consequences.

A vulnerability analysis, on the other hand, focuses upon (a) an extended set of threats and consequences, (b) adequate resources to mitigate and bring the system back to new stability, and © the disruption time before new stability is established [figure 1].

Figure 1: Disruption Sequence (Asbjornslett, 2009)

Vulnerability Analysis

Based on this definitions the author builds his approach on a generic approach for risk assessment. The flow chart in figure 2 highlights the seven steps.

Figure 2: Vulnerability Analysis Process (Asbjornslett, 2009)

These steps fall into three categories:

Understanding the context-specific threat and risk picture of the given supply chain and SCM context, and structure this into a taxonomy of the vulnerability factors [steps 1 to 3].

Analyse and rank the vulnerability scenarios, resulting in a criticality ranking of the scenarios [steps 4 and 5].

Handling of the vulnerability through cost- or service-effective likelihood or consequence reducing measures, bringing the vulnerability down to an acceptable level [steps 6 and 7].

The goal of the first step is to have a common understanding of the specific objectives of the vulnerability analysis, the level of analysis and setting the levels of acceptable risk.

In the second step the processes and infrastructure has to be mapped. Flows of money, information and goods are highlighted. Here, “it is recommended not to make the context description too fine-grained, but rather make notes of how the context could further be detailed if required.”

In the third step factors which lead to vulnerabilities are collected in a structured manner. Figure 3 shows a fishbone diagram with several different categories which can lead to vulnerabilities.

Figure 3: Example of Factors Contributing to Vulnerabilities (Asbjornslett, 2009)

Based on these vulnerabilities adverse scenarios are developed in the next step.

A scenario is a sequence of possible events, originating from an accidental event, where the events may be separated in time and space, and where barriers to prevent the sequence are part of the scenario.

In the next step the mentioned scenarios have to be documented. The author suggests the worksheet in figure 4.

Figure 4: Template for Scenario Documentation (Asbjornslett, 2009)

To get a better grasp of the actual criticality of the revealed vulnerabilities, each scenario has to be evaluated according to its likelihood and consequences (step 5). Figure 5 has a sample sheet.

Figure 5: Assessment of the Scenario’s Criticality (Asbjornslett, 2009)

Step 6 is about ranking the different vulnerabilities to best align risk mitigation efforts (figure 6).

Figure 6: Likelihood/Consequence Diagramm (Asbjornslett, 2009)

As such we have ‘low-criticality’ scenarios in the lower left corner (white), and ‘high-criticality’ scenarios in the upper right corner (dark grey shading). The ‘criticality areas’ should be based on the acceptance criteria developed in step one, both for the un-mitigated and the mitigated consequences.

The last step deals with finding mitigation strategies for selected scenarios. Figure 7 shows the template.

Figure 6: Mitigation Activities to Reduce Likelihood or Consequences of a Vulnerability (Asbjornslett, 2009)

Conclusion

This article presented a really business oriented approach to vulnerability analysis. In a similar manner how it could be found in a presentation of a business consultant.

This business orientation can be also seen in the structure of the article: A conclusive derivation of the process is missing completely at least the definitions are mentioned.

Nonetheless, from experience I can tell that this process contains several important steps which are also known from scientific literature. And it really is immediately applicable.

Why not include some of the insights and steps presented here in your next risk-management-meeting?

If you want to have a more scientific view on vulnerability analysis have a look at this article.

Reference:

Asbjornslet, B. E. (2009). Assessing the Vulnerability of Supply Chains Supply Chain Risk - A Handbook of Assessment, Management, and Performance, 15-33 DOI: 10.1007/978-0-387-79934-6_2

Rate This:

Tags:

vulnerability

analysis

Assessing Vulnerability of a Supply Chain

Daniel Dumke — Mon, 10 Oct 2011 14:42:00 +0000

At this year’s HICL conference in Hamburg, I was able to present some of my own research. In the follow-up discussions several points were highlighted, especially focussing on the viability of supply chain wide cooperation and collaboration efforts and on the difficulties of doing a realistic quantification of supply chain risks.

I already read a great paper on this topic some time ago: “Assessing the vulnerability of supply chains using graph theory” by Stephan M. Wagner and Nikrouz Neshat (2010), which I present you today.

Disruptions and vulnerabilities

Several authors argue that several factors help increase the vulnerabilities of today’s supply chains. When supply chain complexity increases (e.g. supply chain length, higher division of labor, …), the vulnerabilities also rise. Furthermore there is evidence that natural and man-made disasters are on the rise as well (figure 1).

Figure 1: History of Disasters (Wagner and Neshat, 2010)

Figure 2 shows the links between supply chain vulnerability drivers and disruptions.
So, since natural- and man-made-disaster most often cannot be influenced directly, the authors argue that the focus has to be on reducing the vulnerabilities themselves.

Figure 2: Connections between Vulnerabilities, Disruptions and Risks (Wagner and Neshat, 2010)

Assessment of vulnerabilities

Wagner and Neshat suggest a four step algorithm based on graph theory, which is used to calculate a Supply Chain Vulnerability Index (SCVI). The algorithm is based on graph theory (which has been part of another study here). Key to the understanding of the SCVI is the risk driver mentioned above. Figure 3 shows an abstract example with three vulnerability drivers (D1 to D3) and their links.

Figure 3: Vulnerability Drivers and their Links with the corresponding Matrix (Wagner and Neshat, 2010)

To calculate the SCVI the supply chain risk manager has to create a map / graph of the current risk drivers (step 1), find the corresponding relations between the risk drivers (step 2), calculate the “influence matrix” (step 3) and deduce the SCVI. As a forth step SCVIs of different companies can be compared to gain further insights for optimization and risk reduction.

Figure 4 shows the main drivers of supply chain vulnerability.

Figure 4: Selection of Vulnerability Drivers in Structure, Demand and Supply (Wagner and Neshat, 2010)

Using graph theory makes it possible for the risk manager to get an overview of the influencing factors of supply chain risks. It also enables him to act on this knowledge. Figure 5 shows a possible simplification / vulnerability reduction.

Figure 5: Reduction of Supply Chain Vulnerability Drivers leads to a Simplification of the respective Graphs (Wagner and Neshat, 2010)

D3 in figure 5 “is called a ‘sink’ – which means that D3 can only be influenced by three other drivers and cannot influence others. Considering the graph nodes and edges, supply chain managers can apply risk management methods and implement mitigation strategies to omit or alleviate some of the vulnerability drivers. Figure 5 shows the graph after D3 has been omitted. As one can see, the resulting graph contains less vulnerability than it did prior to implementing the measures.”

Empirical data for the SCVI

The authors also conduct a survey with over 700 participants from different industries. Based on their feedback the authors assess the Supply Chain Vulnerability Index for eight different industries. The results are summarized in figure 5. And give support to the hypothesis that the automotive industry has one of the highest risk levels.

Figure 6: Supply Chain Vulnerability within several Industries compared (Wagner and Neshat, 2010)

Conclusion

I really like the graph approach to assessing supply chain vulnerabilities. And I think it is a great method to support the understanding of a complex system like the supply chain. The article combines two very interesting aspects of it: the practical implementation and the assessment of supply chain vulnerability and a survey to compare different vulnerability levels across industries. The complete article, where you find more details on the survey results and the algorithm for calculating the index, can be downloaded here.
From a business and research point of view this article should direct the supply chain risk management efforts especially in the industries with the highest risk levels, Automotive and ICT.

Reference:

Wagner, S.M., & Neshat, N. (2010). Assessing the vulnerability of supply chains using graph theory International Journal of Production Economics, 126, 121-129

Rate This:

Tags:

From Supply Chain Vulnerabilities to Risk - Important Concepts in Supply Chain Risk Management

Daniel Dumke — Mon, 27 Jun 2011 13:43:00 +0000

This blog may be a good starting point for supply chain risk management related research and literature, but even with more than 140 articles reviewed in the blog I still just touched the tip of the iceberg. There are still many basic articles left. Like this one by Helen Peck (2006): “Reconciling supply chain vulnerability, risk and supply chain management”

Terms in SCRM

Today I have a look at, what is basically a literature review concerned with clarifying the confusion with the terms used when talking about risks in supply chains.

There are a wide range of different terms and concepts used in the wider field of supply chain risk management. How do the terms vulnerability and risk correlate and how are those embedded in supply chain management? On another level: How are corporate governance, business continuity management and security and emergency planning relating to SCRM?

Supply Chain

Starting from a “standard” supply chain definition as a system, comprising…

…flows of materials, goods and information (including money), which pass within and between organisations, linked by a range of tangible and intangible facilitators, including relationships processes, activities and integrated (information) systems.

The first definitions for “supply chain management” came up in the early 1980s and developed from a very logistical view on a supply chain towards a network understanding, comprising aspects like marketing or product development as well. There also has to be a clear distinction between a strategic level tasks in SCM and their functional execution.

Vulnerability and resilience

Within SCM there is no clear consensus as to whether supply chain vulnerability is simply a symptom of poor SCM—to be remedied with more effective SCM and the wider adoption of a SCO—or whether it is the unintended downside consequence of its successful application. Perhaps it should rightly be regarded as a combination of all of these.

Supply chain vulnerability can be defined as an “exposure to serious disturbance, arising from risks within the supply chain as well as risks external to the supply chain” and as “a condition that is caused by time and relationship dependencies in a company’s activities in a supply chain”. Vulnerability is therefore seen as a combination of a disturbance and the resulting negative consequence.

The concept of “resilience” is related to risk and vulnerability in so far as it accepts that not all “risks” (hazards or threats) can be avoided, controlled, or eliminated. Instead, resilience focuses on the “ability of the system to return to is original or desired state after being disturbed”, i.e. its ability to absorb or mitigate the impact of the disturbance.

Corporate risk management

Supply chain (risk) management and its counterpart on a corporate level do not share the same origin. Where supply chain management stems from a more comprehensive view on operational management aspects like logistics and operations; corporate risk management originates in a strategic / macroeconomic view on the company.

These roots also lead to a different understanding for risk management. In a case where corporate risk management suggests outsourcing of non-core processes for risk reduction, a supply chain risk management view would imply a larger weight on the negative effects of the reduction in control.

Conclusion

Finally, Peck emphasizes the different aspects of risks in supply chains and highlights the distinctive factors:

Consequently, it is suggested that managerial views of supply chain risk, based on assumptions drawn principally from best practice in manufacturing enterprises, offer a familiar, convenient but incomplete picture of supply chain vulnerability. SCM is an integrative, cross-functional discipline, so it must be recognised that supply chain vulnerability is also a concern for practitioners and academics in other disciplines, including BCM and corporate risk management.

Reference:

Peck, H. (2006). Reconciling supply chain vulnerability, risk and supply chain management International Journal of Logistics, 9 (2), 127-142 DOI: 10.1080/13675560600673578

Rate This:

Tags: