2. Page iRISKIPEDIA™
About Riskipedia
Spearheaded by the Global Supply Chain Resiliency Council (GSCRC), Riskipedia™ is an open-
source project to capture and chronicle the most important Supply Chain Risk Management
(SCRM) and Resiliency terms and concepts, people and organizations, and tools and
technologies.
The resource is a living document that serves as both a glossary and an encyclopedia. In
addition to the interactive online hub, this downloadable PDF can be printed and serve as
support material for reference, education, and training purposes. As it is open to submissions
from the SCRM professional and academic community to foster improvement and help it
grow, an updated PDF will be available for download at the beginning of every month.
Table of Contents
Absolute Risk...............................................................................................................................................................1
Achilles Group Limited.............................................................................................................................................1
Headquartered in the United Kingdom, Achilles Group Limited is a provider of cloud-based
supplier management and supply chain risk management services. ..................................................1
Allocation (“Going on Allocation”)......................................................................................................................1
American National Standards Institute Inc. (ANSI).......................................................................................1
An Empirical Analysis of the Effect of Supply Chain Disruptions on Long-run Stock Price
Performance and Equity Risk of the Firm (Paper) ........................................................................................2
Anna Karenina Principle..........................................................................................................................................2
ANSI/ASIS BSI BCM.01:2010 Business Continuity Standard .....................................................................2
Aronow, Stan .......................................................................................................................................................2
At Your Own Risk (Book).........................................................................................................................................3
Automotive Industry Action Group (AIAG)......................................................................................................3
Barger, Ray....................................................................................................................................................................3
Bill of Materials (BOM).............................................................................................................................................3
Black Swan Events ....................................................................................................................................................4
Bottleneck.....................................................................................................................................................................4
Bowtie Risk Analysis Method................................................................................................................................4
Bullwhip Effect ...........................................................................................................................................................4
Business Continuity Management Institute.....................................................................................................5
ChainLink Research...................................................................................................................................................5
Chartered Institute of Procurement & Supply (CIPS)...................................................................................5
CIPS Risk Index ..........................................................................................................................................................6
Conflict Minerals .......................................................................................................................................................6
Conflict Mineral Compliance.................................................................................................................................6
Contingent Business Interruption (CBI) Insurance .......................................................................................6
Corporate Social Responsibility (CSR)................................................................................................................6
3. Page iiRISKIPEDIA™
Council of Supply Chain Management Professionals (CSCMP)...............................................................7
Crisis Preparation ......................................................................................................................................................7
Crisis Response...........................................................................................................................................................7
Days of Supply (DOS)...............................................................................................................................................7
Diamond-Shaped Supply Chain...........................................................................................................................8
Discrete Event Simulation (DES) ..........................................................................................................................8
Design for Resiliency ...............................................................................................................................................8
Dodd-Frank Act..........................................................................................................................................................8
Elementum...................................................................................................................................................................9
Enterprise Risk Management (ERM) ..................................................................................................................9
End-to-End Visibility (E2E Visibility)....................................................................................................................9
Enterprise Security Risk Management (ESRM)...............................................................................................9
Event Monitoring Services ....................................................................................................................................9
Event Tree Analysis (ETA)......................................................................................................................................10
Failure Modes and Effects Analysis (FMEA) .................................................................................................10
Fault Tree Analysis (FTA).......................................................................................................................................11
FDA Action.................................................................................................................................................................11
Ferrari, Bob................................................................................................................................................................11
Ferretti, Louis............................................................................................................................................................11
Force Majeure .........................................................................................................................................................12
Forrester Research..................................................................................................................................................12
Frontier Graphs........................................................................................................................................................12
Gartner, Inc................................................................................................................................................................13
Gilmore, Dan.............................................................................................................................................................13
Global Supply Chain Resiliency Council (GSCRC).......................................................................................13
Governance, Risk & Compliance (GRC)..........................................................................................................13
Grackin, Ann..............................................................................................................................................................13
Heat Map...................................................................................................................................................................14
Hierarchy of Supply Chain Metrics ..................................................................................................................14
Hurles, William L......................................................................................................................................................14
Initial Risk Register.................................................................................................................................................15
International Organization for Standardization (ISO)...............................................................................15
ISO 31000 .................................................................................................................................................................15
Just-in-Time (JIT).....................................................................................................................................................15
Lean Supply Chain .................................................................................................................................................16
Linton, Thomas........................................................................................................................................................16
Lynch, Gary................................................................................................................................................................16
4. Page iiiRISKIPEDIA™
McBeath, Bill.............................................................................................................................................................16
MetricStream............................................................................................................................................................16
Multi-Sourcing.........................................................................................................................................................17
Multi-Tier ..................................................................................................................................................................17
O’Connor, John........................................................................................................................................................17
Predictive Analytics ...............................................................................................................................................17
Proactive Risk Mitigation.....................................................................................................................................18
Probabilistic Simulation and Modeling .........................................................................................................18
Quarterly Business Reviews (QBR) ..................................................................................................................19
Recovery Time Objectives (RTO).......................................................................................................................19
Redundancy..............................................................................................................................................................19
Relative Risk..............................................................................................................................................................19
Residual Risk Analysis ..........................................................................................................................................19
Resilinc........................................................................................................................................................................19
Rice, James B.............................................................................................................................................................20
Risk Analysis .............................................................................................................................................................20
Risk Appetite and Tolerance ..............................................................................................................................20
Risk Criteria ..............................................................................................................................................................20
Risk Exposure Index (REI).....................................................................................................................................20
Risk Identification ..................................................................................................................................................21
Risk Intelligence .....................................................................................................................................................21
The Risk Management Society (RIMS)............................................................................................................21
riskmethods...............................................................................................................................................................21
Risk Mitigation ........................................................................................................................................................22
Risk Monitoring Dashboard................................................................................................................................22
Risk Monitoring & Response ............................................................................................................................22
Risk Ownership........................................................................................................................................................22
Risk Score ..................................................................................................................................................................22
Risk Treatment..........................................................................................................................................................23
RX360...........................................................................................................................................................................23
Scenario Planning ..................................................................................................................................................23
SCOR Model..............................................................................................................................................................24
SCRM ..........................................................................................................................................................................24
Sheffi, Yossi................................................................................................................................................................24
Single Point of Failure (SPOF) ............................................................................................................................24
Single Point of Failure: 10 Essential Laws of Supply Chain Risk Management (Book)................. 25
Sole-Sourcing ..........................................................................................................................................................25
6. Page 1RISKIPEDIA™
Absolute Risk
Absolute risk measure is a measurement that reflects intrinsic risk within a clearly defined
supply chain based on a specific set of inputs and criteria. It is an aggregate of all mea-
surements of risk taken together with greater emphasis applied to critical elements. If any
element changes, a new absolute risk measure is created for the updated set of inputs. The
score is not comparable to the previous score, and putting two scores side by side will not
yield a meaningful comparison. However the score in and of itself does give a meaningful
indication of the degree of risk in the supply chain.
Achilles Group Limited
Headquartered in the United Kingdom, Achilles Group Limited is a provider of cloud-based
supplier management and supply chain risk management services.
Allocation (“Going on Allocation”)
Allocation refers to a supplier practice of apportioning its reduced output among multiple
suppliers as a result of an event - such as a factory flood or fire - that limits overall capacity/
output below normal production and shipment levels. A supplier may reserve a higher pro-
portion of their limited or reduced output for customers with a more favorable contract or
relationship. A customer that receives a reduced proportion of a supplier’s capacity relative
to its normal volume is said to “go on allocation.”
American National Standards Institute Inc. (ANSI)
American National Standards Institute represents the U.S. standards and conformity assess-
ment system, overseeing the creation, promulgation, and use of the standards and guidelines
that directly impact businesses across sectors. Actively engaged in accreditation, ANSI
assesses the competence of organizations by determining conformity to standards. ANSI is a
valuable resiliency resource to supply chain risk practitioners.
A–H
7. Page 2RISKIPEDIA™
An Empirical Analysis of the Effect of Supply Chain Disruptions on Long-run
Stock Price Performance and Equity Risk of the Firm (Paper)
“An Empirical Analysis of the Effect of Supply Chain Disruptions on Long-run Stock Price
Performance and Equity Risk of the Firm” was published by Vinod R. Singhal and Kevin B.
Hendricks in 2009 during their joint time as professors at Georgia Institute of Technology. As
per the paper’s abstract:
“Supply chain disruptions are significant events for any firm. This paper investigates the long-
term stock price effects and equity risk effects of supply chain disruptions based on a sample
of 827 disruption announcements made during 1989-2000, examining the stock price effects
starting one year before through two years after the disruption announcement date. Over
this time period the average abnormal stock returns of firms that experienced disruptions is
nearly -40%. Much of this underperformance is observed in the year before the announce-
ment, the day of the announcement, and the year after the announcement. Furthermore, the
evidence indicates that firms do not quickly recover from the negative effects of disruptions.
We also find that equity risk (volatility) of the firm significantly increases around the an-
nouncement date. The equity risk in the year after the announcement is 13.50% higher when
compared to the equity risk in the year before the announcement. Increases in the financial
leverage (the ratio of the book value of debt to the sum of the book value of debt and the
market value of equity) and asset risk are partly driving the increase in the equity risk. The
increase in equity risk is not temporary as firms stay at the higher risk level for at least the
next year.”
Anna Karenina Principle
As per the Anna Karenina Principle, every disruption has its unique set of causes and
cascade of effects. In the context of supply chains, the Anna Karenina Principle is critical to
understanding supply chain risk because unique supply chain disruptions will require unique
treatments and mitigations.
ANSI/ASIS BSI BCM.01:2010 Business Continuity Standard
The standard provides auditable criteria for developing and implementing a business conti-
nuity management system that improves an organization’s ability to prepare for, respond
to, and recover from a disruptive event. The ASIS/BSI Business Continuity Management
Standard specifies requirements for planning, establishing, implementing, operating,
monitoring, reviewing, exercising, maintaining, and improving a Business Continuity
Management System.
Aronow, Stan
Stan Aronow is a Vice President of Gartner’s Supply Chain Research group
and manager of the Supply Chain Top 25 global ranking research port-
folio. Mr. Aronow publishes research in the areas of high-tech industrial
value chain management, supply chain cost-to-serve, risk management
and complexity management.
8. Page 3RISKIPEDIA™
At Your Own Risk (Book)
At Your Own Risk was written by Gary S. Lynch and published in 2008. At
Your Own Risk is structured as an essential guide and methodology to
identify and manage a range of risks faced in a newly globalized world of
changing market dynamics and complex high-tech value networks.
Automotive Industry Action Group (AIAG)
Headquartered in Southfield, Michigan, AIAG is a not-for-profit association where profes-
sionals from a diverse group of stakeholders (including retailers, suppliers of all sizes,
automakers, manufacturers, service providers, academia, and government) work collabo-
ratively to streamline industry processes via global standards development & harmonized
business practices, and discuss industry issues and best practices including supply chain risk
management.
Barger, Ray
Ray Barger is a Research Director working in the Gartner Supply Chain
Research group with a focus on supply management, including sourcing
and procurement best practices such as supplier segmentation, supplier
relationship management, supplier performance management, supplier
visibility and risk management, and outsourced manufacturing. Mr. Barger
also supports other cross-industry supply chain topics including cost
management and product lifecycle management.
Bill of Materials (BOM)
Bill of Materials is a complete list of raw materials, components, and assemblies needed to
produce or manufacture a product. A bill of materials follows a hierarchical format - the
topmost level represents the end product and the bottom level illustrates the materials and
individual components needed to manufacture the product. Manufacturer BOMs are critical
to materials requirement planning (MRP) and enterprise resource planning (ERP) processes. A
well managed and streamlined bill of material has a large impact on mitigating risks and cost
factors associated with innacurate part information and product/part changes. BOMs are
critical to calculating value-at-risk by showing the relationship between various components
and the sold product. BOMs in conjunction with material requirements planning help supply
chain risk managers determine the sufficient lead time to avoid risk.
9. Page 4RISKIPEDIA™
Black Swan Events
Black Swan Events are typified as unprecedented, unexpected disasters/disruptions which
can greatly impair a business’s supply chain operations. Black swan events go beyond regular
expectations of a typical disruption, are extremely impactful and typically explained after the
event’s occurrence. Black Swan Events can range from natural disasters to man-made events
that can affect any node of a supply chain. Although Black Swan Events are often unex-
pected, analysts can determine in hindsight that the event was bound to happen, shedding
light on preexisting supply chain vulnerabilities. Black swan events can range from natural
disasters to severe man-made incidents.
Bottleneck
Bottleneck refers to a point of congestion in a supply chain whereby its limited capacity
reduces the capacity of the whole supply chain. The results of bottlenecks can be stalls in
production, supply overstock, or customer dissatisfaction, among other impacts. Bottlenecks
occur when input at a supply chain node comes in faster than the speed of the process.
Identifying both short-term and long-term bottlenecks in an end-to-end supply chain
reduces accumulation risks and throughput risks. For example, a lack of smelter and refinery
supply can cause upstream bottlenecks and effectively limit production.
Bowtie Risk Analysis Method
The Bowtie Risk Analysis Method is a cause-and-effect analysis method that provides a
simple, qualitative approach to help fully understand the multidimensional characteristics of
a risk event. A bowtie diagram illustrates three elements: hazards (specified risks), top events
(specified event/moment when control is lost), and consequences. Bowtie diagrams help
distill complex risk scenarios into simple visualizations of risk that would otherwise be more
difficult to explain. This method applies treatment actions to each dimension of a risk event,
and is a useful way of visualizing and communicating the effectiveness of the implemented
risk treatment methods.
Bullwhip Effect
The Bullwhip Effect is a distribution channel phenomenon that exemplifies how demand vari-
ability and demand surges are inherent risks to multi-tiered supply chains. It demonstrates
how minor changes in consumer demand can lead to large variations in orders placed
10. Page 5RISKIPEDIA™
upstream, presenting potentially impactful supplier capacity risks. The bullwhip effect posits
demand variability increases as one moves up the supply chain away from the retail level of
distribution.
Business Continuity Management Institute
BCM Institute is a global Business Continuity (BC) & Disaster Recovery (DR) Institute which
promotes and develops the disciplines of BCM and Disaster Recovery Planning (DRP) for a
variety of industries and clients around the world.
Business Continuity Planning (BCP)
Business Continuity Planning is a form of contingency planning that ensures production and
product delivery continues in the event of a supply chain disruption - either uninterrupted
or with minimal financial, competitive or customer impact. It aims to prepare a business and
its network of supply chain partners so that performance continues regardless of where and
when a supply chain disruption occurs.
ChainLink Research
Chainlink Research is a supply chain research, thought leadership, and advisory firm taking
a holistic perspective to supply chain transformation through its 3Pe model, which looks at
such key dimensions as policies, process, performance and enablers.
Chartered Institute of Procurement & Supply (CIPS)
Headquartered in the United Kingdom, The Chartered Institute of Procurement & Supply is
an education and qualification body representing purchasing and supply chain professionals
that aims to promote and develop high standards of professional skill, ability, and integrity
among all those engaged in supply chain management and procurement. The international
organization is the producer of the CIPS Risk Index.
11. Page 6RISKIPEDIA™
CIPS Risk Index
Produced by the Chartered Institute of Procurement & Supply, the CIPS Risk Index is a quar-
terly report for sourcing professionals to explore the evolving risks to which supply chains are
exposed. The CIPS Risk Index Quarterly Report - composed of multiple assessments of 132
countries across nine categories, on a monthly basis - is utilized by supply chain profession-
als for early warnings of changes in the macro/global environment that may affect suppliers
and your supply chain.
Conflict Minerals
The term “conflict minerals” refers to minerals including tantalum, tin, tungsten, and gold
– also referred to as “3TG” – that are utilized in the production of various products, predom-
inantly consumer electronics. The world’s largest reserves of the 3TG exist in the Democratic
Republic of Congo, Africa. Due to concerns that the exploitation and trade of these minerals
by armed groups is helping finance conflict in the Democratic Republic of Congo, the United
States Congress passed the Dodd-Frank Act in 2010, requiring certain companies to disclose
their use of conflict minerals.
Conflict Mineral Compliance
Conflict Mineral Compliance is the ongoing set of disclosures required by certain companies
and manufacturers utilizing tin, tungsten, tantalum, or gold as a necessary component of
their product, as stipulated by the final rule of the Dodd-Frank Act. Although consumer
electronics companies are primarily affected by Conflict Minerals Compliance regulations,
conflict minerals are used in a wide spectrum of end-products. Outside the legal implications
of non-compliance, a company may face pressure from human rights activists, NGOs,
consumers or other market forces to prove they are in fact conflict free. Thus, conflict min-
erals non-compliance can be a tremendous brand risk to an organization. (See: Dodd-Frank
Act; Conflict Minerals)
Contingent Business Interruption (CBI) Insurance
Contingent Business Interruption Insurance is a type of business insurance that provides
holistic insurability beyond physical damage coverage. CBI is a risk mitigation option and
a form of risk transference, in which risk is transferred to a third party. CBI reimburses lost
profits and further expenses resulting from a business interruption at the premises of a
customer or supplier, softening the financial impact of events outside of a business’s control.
CBI combined with sturdy supply chain risk management strategy is a supply chain resilience
measure, especially for businesses that rely on an extensive multi-tier supply chain.
Corporate Social Responsibility (CSR)
A form of corporate self-regulation, Corporate Social Responsibility (CSR) is a mechanism in
which a business monitors and assures full compliance with laws, ethical standards, and
national and global norms. Companies who do not adhere to accepted CSR standards can
face brand risks, legal risks, and associated financial risks.
12. Page 7RISKIPEDIA™
Council of Supply Chain Management Professionals (CSCMP)
CSCMP is a worldwide professional association dedicated to the advancement and dissemi-
nation of research and knowledge on supply chain management. With over 8,500 members
representing nearly all industry sectors, CSCMP members represent leading practitioners
and authorities in the fields of logistics and supply chain management. Headquartered in
Lombard, Illinois, USA, the organization is led by an elected group of global officers.
Crisis Preparation
Crisis Preparation is a process for a business to ready itself for future crises, which may
include the following elements:
• Determine a crisis team’s roles, responsibilities, and governance
• Define communication channels
• Establish event response-level triggers
• Develop and document playbooks
• Map and develop IT/application/system recovery processes
• Develop a post-crises assessment and continuous improvement process
• Define and test the basic processes
Crisis Response
Crisis Response refers to the various protocol implemented by a company to mitigate
business impacts following a major disaster. Companies’ first priority following a crisis is to
assis first responders in the affected area (which may include firefighters, medical personel,
or event plant employees that are responsible for performing emergency procedures to
prevent further damages). Simultaneously, companies begin efforts to minimize business
impact from the disruption to expedite recovery, which requires: designating special recovery
teams, creating ad hoc supply chains, communicating the crisis to stakeholders, and collabo-
ration with other entities (possibly even competitors).
Days of Supply (DOS)
Days of Supply (DOS) refers to the measurement of inventory available for a company to
maintain normal operations for some period of time after a supply chain disruption event
occurs. Each additional day of supply equates to one fewer day of lost production, sales, and
profits. Days of supply represents the inventory present at any node in the supply chain that
can be used to delay the time from when a product’s component becomes unavailable and
affects customers. These locations include supplier warehouses, back up stocks of inbound
components, works-in-process, and finished goods. The duration of normal operations
afforded by these inventories before customers are impacted is the Time-to-Impact (TTI).
13. Page 8RISKIPEDIA™
Diamond-Shaped Supply Chain
A diamond-shaped supply chain is a supply chain configuration in which a manufacturer
has multiple sources for a particular component whereby all of those sources rely on a same
single deep-tier supplier. In a diamond-shaped supply chain scenario, the manufacturer be-
lieves it has diversified its sources when in fact there is a single point of failure (SPOF) in the
system. A diamond-shaped supply chain is prone to risk because capacity issues at a single
deep-tier supplier can effectively impact numerous companies and even entire industries.
Typical supply chains, based on their bill of materials (BOM), have a tree-like structure that
branches out at each sub-tier level. However, diamond-shaped supply chain risks can arise
when a critical component/material has very few original suppliers, or when Tier-2 suppliers/
manufacturers in a given industry rely on a sole tier-3 supplier or a limited set of clustered
tier-3 suppliers nestled deep in the supply chain. Diamond shaped supply chains highlight
the benefits of supply chain visibility because often companies are unaware of the deep-tier
bottlenecks or SPOFs that can disrupt supply chains, especially following a disruptive event.
Discrete Event Simulation (DES)
In the context of supply chains, Discrete Event Smulation is a modeling process that identifies
how specified supply chain configurations will behave under different operating conditions
and circumstances. Discrete event simulation codifies the behavior of a complex supply chain
as an ordered sequence of defined events, and renders a long-term view of how a supply
chain will perform when different potential disruptions and risks are applied to it.
Design for Resiliency
Design for Resiliency, coined by Bindiya Vakil, is a supply chain best-practice that identifies
opportunities in the design and development phase of a supply chain risk management
program to drive resiliency upstream in the product development process by identifying
known or potential supply chain risks to product plans such as dependence on a high-risk
component or supplier.
Dodd-Frank Act
The Dodd-Frank Act is a US law passed by Congress in 2010 which authorizes the SEC to is-
sue rules requiring certain companies to disclose their use of conflict minerals (tin, tungsten,
tantalum or gold) if those minerals are “necessary to the functionality or production of a
product” manufactured by those companies. The final rule of the Dodd-Frank Act is applica-
ble to a company using tantalum, tin, tungsten, or gold if: the company files reports with the
14. Page 9RISKIPEDIA™
SEC under the Exchange Act; the minerals are “necessary to the functionality or production”
of a product manufactured or contracted to be manufactured by the company.
Elementum
Headquartered in Mountain View, California, Elementum is a provider of cloud-based supply
chain management services for supplier management, logistics management, and
manufacturing operations.
Enterprise Risk Management (ERM)
Enterprise Risk Management (ERM) is a strategic business discipline addressing the full
spectrum of an enterprise’s risks and managing the combined impact of those risks as an
interrelated risk portfolio.
End-to-End Visibility (E2E Visibility)
(See: Supply Chain Visibility)
Enterprise Security Risk Management (ESRM)
Enterprise Security Risk Management (ESRM) is a progressive practice which, when combined
with security convergence, can help organizations set up comprehensive SCRM processes.
Aspects of enterprise security risk management can include:
• Supply chain risk management
• Physical asset protection
• Human resource security
• Information security
• Communications security
• Continuity management
Event Monitoring Services
Supply chain event monitoring services provide real-time event detection, impact analysis,
and the ability to view disruption zones and pinpoint supplier sites, products, parts, and
customers potentially impacted by an event. Event Monitoring services are valuable supply
chain visibility measures that enable swifter responses to disruptions and other supply chain
risks.
15. Page 10RISKIPEDIA™
Event Tree Analysis (ETA)
Event trees are visual diagrams that identify and quantify the potential outcomes following
an initial supply chain disruption. An inductive investigatory process, event tree analysis
follows forward, bottom-up logic through a causal chain to model risk. Unlike fault tree
analyses which deduce the causes of an event through backward logic, event tree analyses
induce the consequences of an event.
Failure Modes and Effects Analysis (FMEA)
Failure modes and effects analysis is a step-by-step approach for identifying all possible
risks/failures in a design, a manufacturing/assembly process, or a product or services.
“Failure modes” refers to the ways in which something might fail. An “effects analysis” studies
the consequences of the failure. FMEA analyses prioritize risks/failures according to the
seriousness of their consequences, their frequencies, and how easily they can be detected.
FMEA analyses document the current and applicable knowledge and treatments of risk, and
can be implemented during design to prevent failures.
16. Page 11RISKIPEDIA™
Fault Tree Analysis (FTA)
Fault Tree Analysis is a deductive procedure used to determine the various combinations of
failures and human errors that could cause supply chain disruptions at a system level. An
FTA uses a general conclusion to determine specific causes of a supply chain disruption,
following a top-down approach. Unlike event tree analyses which induce the consequences
of an event, fault tree analyses deduce the causes of an event to identify the potential causes
of supply chain failures before risks can materialize.
FDA Action
The FDA oversees the integrity of pharmaceutical supply chains through initiatives that help
protect consumers from exposure to substandard drugs and ensure that safe and effective
drugs reach U.S. consumers. However, FDA actions can present a complex set of supply chain
risks and business interruptions, particularly to pharmaceutical supply chains sourcing
ingredients from outside the United States. For example, FDA actions may prevent drugs
from entering the US if a sub-tier ingredients supplier is in violation of FDA standards.
Ferrari, Bob
Bob Ferrari is the Vice President and Managing Director of The Ferrari
Consulting and Research Group LLC, and Founder and Executive Editor of
Supply Chain Matters. As a recognized thought leader in the supply chain
space, Mr. Ferrari’s writing has been published across numerous industry,
web, and business publications. His focus spans global supply chain trans-
formation and enabling information technology strategies.
Ferretti, Louis
Louis (Lou) Ferretti is Project Executive and Director of Environmental
Compliance at IBM (IBM Integrated Supply Chain). Mr. Ferretti is responsi-
bile for IBM’s Product Environmental Compliance, Supply Chain Social
Responsibility, supply chain risk management, and all of IBM’s Global
Supply sustainability programs.
17. Page 12RISKIPEDIA™
Force Majeure
Literally “superior force,” Force Majeure is a common clause in supply chain business con-
tracts that exonerates both parties from liability and obligation following an unexpected,
unavoidable event described by the legal term “act of God.” Force majeure events can
prevent one or both parties from fulfilling their contractual obligations. Force Majeure events
can include supply shortages, natural disasters, strikes, riots, to name a few. Due to the
unexpected and interruptive nature of Force Majeure events, they present an inherent risk to
supply chains.
Forrester Research
Forrester Research is a research and advisory firm that works with business and technology
leaders to develop customer-centric strategies that drive growth. Forrester’s insights are
grounded in annual surveys of more than 500,00 consumersand business leaders worldwide,
rigorous and objective methodologies, and shared knowledge from its most innovative
clients.
Frontier Graphs
Frontier graphs are risk visualization metrics that help delineate conceptualize the boundar-
ies between acceptable and unacceptable risks, based on likelihood and consequences. The
curved line in a frontier graph represents the optimal combination of risk and return.
18. Page 13RISKIPEDIA™
Gartner, Inc.
Gartner, Inc. is a global information technology research and advisory company which deliv-
ers technology research to global technology business leaders to make informed decisions
on key initiatives.artner’s Supply Chain Research group is an active resource for supply chain
practitioners to gain insights and current best practices. Gartner publishes the annual Supply
Chain Top 25 which identifies companies that best demonstrate leadership in applying de-
mand-driven principles to drive business results. (See Aronow, Stan)
Gilmore, Dan
Dan Gilmore is the Chief Editor of Supply Chain Digest and recognized
as a knowledgeable thought leader within the supply chain industry and
community. (See Supply Chain Digest)
Global Supply Chain Resiliency Council (GSCRC)
Global Supply Chain Resiliency Council is a non-profit professional community and network
for supply chain risk management practitioners, leaders, and stakeholders. With more than
1,000 general members, the Council brings together SCRM and resiliency practitioners with
luminaries and thought leaders to advance the discipline through opportunities to collabo-
rate, share best practices, and be recognized for innovation and leadership.
Governance, Risk & Compliance (GRC)
A discipline that synchronizes information and activity across governance, risk management
and compliance responsibilities in order to operate more efficiently, enable effective informa-
tion sharing, more effectively report activities and avoid wasteful overlaps.
Grackin, Ann
Ann Grackin is Chief Executive Officer, partner and co-founder of Chain-
Link Research. With more than two decades of supply chain experience,
Grackin is responsible for leading ChainLink Research’s supply chain
strategy.
19. Page 14RISKIPEDIA™
Heat Map
Heat maps are visual diagrams which can be used to assess and visualize risks by categoriz-
ing risks on a scale of event likelihood and consequence. Heat maps provide a holistic view
for strategic decisions, improved management of risks and governance, increased focus on
the risk appetite and risk tolerance of a company, identification of gaps in the risk manage-
ment and control process, and greater integration of risk management across the enterprise
and embedding of risk management in operations.
Hierarchy of Supply Chain Metrics
First published by AMR Research (now Gartner) in 2004, the Hierarchy of Supply Chain
Metrics is a set of inter-related metrics that assist in the assessment, diagnosis, and imple-
mentation of corrective actions towards managing supply chain performance. The Hierarchy
of Supply Chain Metrics delineates 3 key performance indicators: demand forecasting,
perfect order/customer service, and supply management cost.
Hurles, William L.
William L. (Bill) Hurles is the Executive Director of the Global Supply Chain
Resiliency Council (GSCRC) and one of its founding members. Prior, Mr.
Hurles was the Executive Director of Supply Chain at General Motors
where he led the global operation of over 159 assembly and component
plants, as well as GM’s Global Supply Chain Leadership Team. Having
joined GM in 1977, his positions and responsibilites have spanned all
manufacturing plant and supply chain headquarters functions including
operations, purchasing, production control, logistics, and global supply
chain management.
20. Page 15RISKIPEDIA™
Initial Risk Register
A master document, compiled upon completion of a risk management plan, which records
identified risks, their severities, and the action steps to be taken. The document can take
several forms, though the most effective format is a table – risk register tables can present
a great amount of information in just a couple of pages. To project stakeholders, Initial risk
registers confirm that risks are being addressed and dealt with. Risk registers collect infor-
mation that identifies baseline supply chain risks at the global and regional levels. The most
effective risk registers include the following:
• Risk identification dates
• Target and completion dates
• Risk descriptions
• Risk types/classification
• Likelihood of occurrence
International Organization for Standardization (ISO)
ISO is an independent, non-governmental membership organization that has published
more than 19,500 international standards across such industries as technology, food safety,
agriculture and healthcare to ensure that products and services are safe, reliable and of good
quality. ISO’s proactive resiliency standards inform numerous businesses on how to better
modify businesses processes to avoid risk. (See ISO 31000)
ISO 31000
ISO 31000 is an industry standard for risk management which helps businesses improve the
identification of opportunities and threats and effectively allocate and use resources for risk
treatment. (See International Organization for Standardization)
Just-in-Time (JIT)
Just-in-Time is a manufacturing and supply chain inventory management method designed
to reduce inventory along the supply chain while increasing product quality and service
levels. JIT involves shipping goods in smaller, more frequent lots - usually just before
the products and services are needed. JIT methodology helps reduce flow times within
production as well as response times from suppliers and customers; however, Just-in-Time
manufacturing increases the potential of supplier capacity risks from demand surges, which
can result in the associated financial risk of understock.
I–P
21. Page 16RISKIPEDIA™
Lean Supply Chain
Lean Supply Chain refers to an organizational approach whereby inventory across the supply
chain is minized for cost-reduction purposes. With the understanding that holding excess
inventory, or redundant inventory, can be costly, Lean processes aim to reduce costs and
bolster supply chain efficiency and facilitate Just-in-Time manufacturing procedures. How-
ever, lean supply chains may pose business continuity risks to an organization in the event
of a demand surge. Since Lean processes seek to minimize inventory, there is the risk an
organization may have insufficient inventory to service demand fluctuations.
Linton, Thomas
Thomas (Tom) K. Linton is the Chief Procurement and Supply Chain Officer
at Flextronics International Ltd. Mr. Linton currently serves as the Chairman
of the Board for the Institute of Supply Management (ISM) and serves
on the World Economic Forum’s Global Agenda Council for Logistics and
Supply Chain.
Lynch, Gary
Gary Lynch is Founder and Chief Executive Officer of The Risk Project
(TRP), also serving as a management consultant and advisor to risk
startups. He is the Executive Director for Strategic Risk Initiatives Lab at
Rutgers.
McBeath, Bill
Bill McBeath is the Chief Research Officer and co-founder of ChainLink
Research. Mr. McBeath leads ChainLink’s research efforts, as well as the
procurement, strategic sourcing, design collaboration, and online market-
place practices. With over 20 years of experience as a business technology
and research consultant, high-tech executive, and software architect, Mr.
McBeath is a recognized expert in extended-enterprise business models.
MetricStream
MetricStream is a market provider of enterprise-wide Governance, Risk, Compliance (GRC)
and Quality Management Solutions.
22. Page 17RISKIPEDIA™
Multi-Sourcing
Multi-sourcing is an approach whereby an enterprise chooses to procure a certain component/
material from multiple, different suppliers. The advantages and risks of multi-sourcing depend
on a product’s Bill of Materials (BOM), complexity, and the unique material availability.
Multi-sourcing can have numerous supply chain risk factors associated with it due to the
involvement of many independent suppliers in different locations, each with their own
propensity to disruption. Since business volume per transaction is lower for each individual
supplier, there is less incentive for the supplier to analyze its own efficiency and bottlenecks,
thus increasing performance risks to the buying company. As opposed to single-sourcing,
overseeing a multi-sourced supply chain can require further supplier relationship
management in order to reduce risk of disruption.
The most important advantage of multi-sourcing is that it allows for enterprises to have
alternate suppliers when a particular supplier faces a disruption. Multi-sourcing helps mitigate
supply risks and reduces a buying company’s reliance on one supplier. It also helps reduce
inherent supply chain risk of demand variability, as demand is spread across numerous
suppliers that together would collectively have more capacity and be more responsive to the
buying company. Many businesses utilize multi-sourcing to foster competitive bidding among
suppliers, which can provide pricing advantages.
Multi-Tier
Multi-Tier refers to the different levels or nodes of a company’s supply chain. Multi-tier
supply chains are multiple single-tier collaborations, which leads to multiple supplier-buyer
relations within one supply chain. From materials sourcing to manufacturing to assembly,
multi-tier supply chains enable high-scale production, but due to increased interdepencies,
there is increased supply chain risk. For example, a manufacturer may contract with a Tier-1
supplier, who may in turn work with Tier 2 suppliers. While the risks facing the different tiers
are not always definite, a supply chain disruption at the Tier 2 level would most likely impact
the Tier 1 level and potentially the manufacturer.
O’Connor, John
John O’Connor is Cisco’s Director of Global Supply Chain and leads the
company’s Supply Chain Risk Management (SCRM) program at Cisco.
O’Connor’s team is responsible for Cisco’s supply chain risk analytics, crisis
management program, business continuity planning program, and the
supply chain and product resiliency program. O’Connor is also the chair-
person for the Supply Chain Risk Leadership Council, a forum of supply
chain and risk management practitioners from best-practice firms.
Predictive Analytics
In the context of supply chain risk, predictive analytics use various analytical and statistical
techniques to build a mathematical models that gauge the future outcome of a certain
scenario of study. Predictive analytics are used in the supply chain risk management space to
help businesses anticipate risks before they occur.
23. Page 18RISKIPEDIA™
Proactive Risk Mitigation
Advanced, preventive measures a company can take beyond simple disaster recovery plan-
ning or crisis response, to avert risks that could impact their businesses and supply chains.
Risk-reduction objectives may include:
• Quality
• On-time delivery
• Responsiveness
• Diversity
• Supplier viability.
Probabilistic Simulation and Modeling
In the context of supply chain risk, probabilistic simulation and modeling is a supplier
location-based analysis of high-risk and consequence nodes based on maximum loss value
or revenue at risk. Success of this approach depends on clearly articulated end goals/
objectives, expected outcomes and application of results, reliable probability data, and
well understood impact and severity scenarios. It is a SCRM best practice limited to direct
manufacturing and/or outsourced manufacturing locations, and typically recommended for
sophisticated practitioners of stochastic simulations.
24. Page 19RISKIPEDIA™
Quarterly Business Reviews (QBR)
For supply chain risk practitioners, quarterly business reviews (QBR) are opportunities to
engage with critical suppliers to drive improvements in BCP, supplier visibility, coverage, and
change notification management. QBR’s are also opportunities to engage with critical
customers to proactively present supply chain resiliency capabilities. Quarterly business
reviews help prevent long-term miscommunications between customer and supplier.
Recovery Time Objectives (RTO)
Recovery Time Objectives refer to business objectives that account for the time to recover
a service after a disruption or outage. Criteria for developing RTO include: starting from
the point of disaster, the time before a disaster is declared; the time to perform tasks to the
point of business resumption whereby the data which was lost, up to the point of disaster, is
restored.
Redundancy
In the context of supply chains, redundancy is a supply chain resilience measure that involves
keeping excess capacity and back-up systems throughout the supply chain that enables the
maintenance of materials flow and supply chain functionality in the event of disruptions.
Redundancy reduces the likelihood of an organization to experience inventory shortages
following a disruption or demand fluctuation.
Relative Risk
Relative risk is the score of one risk element vs. another. For example, the natural disaster
score of one location vs another can be easily compared to gain meaningful insights.
Residual Risk Analysis
Residual Risk Analysis services measure numerous supplier elements such as: their ability
to handle demand surges; supplier preparedness and time-to-recovery; security; or brand
risk. Residual risk analysis is used to evaluate risks before and after a risk mitigation. If the
likelihood and consequence of residual risk is greater than the established risk tolerance,
further risk mitigation will be required. Assessing risk tolerance can be facilitated by using a
risk frontier graph, which plots the likelihood of events by their consequences.
Resilinc
Resilinc is a cloud provider of supply chain resilience, supply chain visibility and supply chain
risk management intelligence and analytics.
Q–Z
25. Page 20RISKIPEDIA™
Rice, James B.
James B. (Jim) Rice is the Deputy Director of the MIT Center of Transpor-
tation and Logistics and Director of the MIT Integrated Supply Chain
Management program.
Risk Analysis
Risk analysis produces a register of vetted risks, evaluation parameters/metrics, risk thresh-
olds, and priorities for risk treatment. Risk analysis evaluates those risks against a set of risk
criteria and risk appetite/tolerance thresholds to generate risk scores. Risk scores are then
used to prioritize risk treatment activities and investments. Risk analysis is a multi-pronged
process comprised of:
• Risk identification
• Risk criteria
• Risk appetite/tolerance
• Risk scoring
Risk Appetite and Tolerance
Risk Appetite and Tolerance refer to the amount of risk an organization is willing to take in
order to meet its strategic objectives. Risk appetite and tolerance specifies the boundaries
for the appropriate amount of risk taking within an appropriate level of authority. It drives
the decision regarding whether or not a risk should be accepted, treated, and re-treated as a
result of residual risks.
Risk Criteria
Risk Criteria are principles which establish an organization’s approach and parameters for
assessing, accepting, pursuing, retaining or treating risk. Risk criteria establishes the basis
for a supply chain’s risk scope and serves as the benchmark of scales for the evaluation and
measurement of risk consequences and likelihood. Examples of risk criteria include impacts
to key business metrics such as : revenue, costs, customer satisfaction; or post-specific risks
to supply chain continuinity and operations such as supplier financial, location, recovery, or
capacity vulnerabilities. Considerations for risk criteria can include the: reliability and degree
of uncertainty of information; assumptions that may influence results; risk triggers or its root
causes; supply chain relationships; risk weaknesses; and the interactions between threat,
criticality and vulnerability.
Risk Exposure Index (REI)
Risk Exposure Index, developed by David Simchi-Levi, is a supplier segmentation method
that enables business to focus mitigation efforts on the most important suppliers and risk
areas rather than ignoring them or using an exhaustive approach. It assesses the cost of a
26. Page 21RISKIPEDIA™
potential major disruption based on the Time to Recovery (TTR) for each level or node in the
supply chain, and the resulting Financial Impact (FI).
Risk Identification
Risk Identification is a prerequisite to the risk scoring phase which determines and segments
the broad categories of risks, threats, and vulnerabilities across a global supply chain
network. Risk identification speculates the various setbacks of a specified supply chain. The
segmentation of different risk types includes:
• Strategy risks
• Product/part/component risks
• Supplier risks
• Supply network risks
• Incident type risks
• Geographic supply chain risks
• Demand volatility risks.
Risk Intelligence
Risk Intelligence increases supplier visibility by the collection, validation and maintenance of
supplier data via surveys and other supplier-information collaboration tools. Risk intelligence
is developed by the ongoing processes of supply chain mapping and supplier data retrieval.
The Risk Management Society (RIMS)
The Risk Management Society (RIMS) is a global not-for-profit organization dedicated to
advancing the practice of risk management, representing more than 3,500 industrial, service,
nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS
brings networking, professional development and education opportunities to its membership
of more than 11,000 risk management professionals located in more than 60 countries.
riskmethods
Headquartered in Munich, Germany, riskmethods is a SaaS, cloud-based supply chain risk
management solution provider which focuses primarily on SMEs and large businesses across
all industries.
27. Page 22RISKIPEDIA™
Risk Mitigation
Risk mitigation refers to both the proactive and responsive risk management scenarios and
approaches. Proactive risk mitigation measures anticipate future potential events and their
impact, while responsive measures are characterized by actions taken to reduce an incurred
impact. The proactive measures taken to remedy identified, assessed, and prioritized risks
during the risk analysis phase. These measures include:
• Setting mitigation targets
• Receiving approval for incurred costs
• Tracking mitigation activities in progress and reporting their statuses
• Timely closing-out of mitigation processes.
Risk Monitoring Dashboard
Risk monitoring dashboard tools provide data integration, risk reporting, and progress
monitoring to help define and visualize the risk management decision-making process. Data
in the risk monitoring dashboard can address threats, biggest risk exposures, how exposures
behave over time, and what progress is reportable.
Risk Monitoring & Response
Risk Monitoring & Response is a supply chain risk mitigation process characterized by
24/7 event/disruption monitoring, supplier monitoring, and tactical risk responses. Utilizing
risk monitoring and response services, businesses can receive real-time alerts, supplier visit/
audit data, part change notifications, war room mobilization, and post-crisis response post-
mortems.
Risk Ownership
Risk Ownership is the process of assigning risks to the most appropriate person or agency
with the understanding that “unowned” risks often go unmanaged. The subtext of risk own-
ership is that people work on behalf of organizations yet maintain personal responsibilities
to manage particular risks. Risk ownership is determined by acknowledging a source of risk
and identifying the person best suited to understand that risk and its required mitigation
protocol.
Risk Score
Risk scores signify the likelihood, frequency, and consequence of risks facing a company. The
information obtained from risk scoring prioritizes risk exposures for mitigation by inspecting
suppliers, sites/locations, products, and parts. Risk scores allow businesses to focus on the
efficient, rapid allocation of investment dollars against these potential risks. Risk scores may
consider:
• The quality or financial condition of a supplier
• Technology leadership
• Price competitiveness
• Location risk exposure
• Shipping modes
• Routes exposure
28. Page 23RISKIPEDIA™
Risk Treatment
Risk Treatment is a set of risk-modification processes that include:
• Discontinuing activities that give rise to risk;
• Removing risk sources
• Changing the likelihood of risks
• Modifying risk consequences
• Sharing the risk with another party/parties
• Retaining the risk through informed choice.
RX360
RX360 is a not-for-profit consortium led by volunteers from the Pharmaceutical and Biotech
industries, including both manufacturers and suppliers. The purpose of the organization is to
enhance the security of the pharmaceutical supply chain and assure the quality and
authenticity of the products moving through the supply chain. The organization’s mission
is to protect patient safety by sharing information and developing processes related to the
integrity of the healthcare supply chain.
Scenario Planning
In the context of supply chain risk, scenario planning is a process that
models complex supply chains, stress-tests the cause-and-effects of “what-
if” scenarios within the supply chain, and yields a dashboard of prioritized
scenarios and associated risk response plans.
29. Page 24RISKIPEDIA™
SCOR Model
The SCOR (Supply Chain Operations Reference) Model is one of the world’s leading supply
chain frameworks that links business processes, performances metrics, and practices into a
unified structure. The SCOR Model lifecycle is described as Source-Make-Deliver-Return,
encompassing all the phases of an supply chain risk management program and providing a
unique set of risks that can be mapped to each of these phases. Such phases can include
product design and development, sourcing and manufacturing, delivery logistics, and
customer support.
SCRM
(See: Supply Chain Risk Management)
Sheffi, Yossi
Dr. Yossi Sheffi serves as Director of the MIT Center for Transportation &
Logistics (MIT CTL). He is an expert in systems optimization, risk analysis,
and supply chain management - subjects he teaches and researches at
MIT. He is also an author of two supply chain-focused books, “The Power
of Resilience: How the Best Companies Manage the Unexpected,” and
“Logistics Clusters: Delivering Value and Driving Growth.”
Single Point of Failure (SPOF)
A single point of failure is a system component whose failure can render an entire system
unavailable or unreliable. It is invariably singular in a physical or virtual location and can have
repercussions which extend far beyond an individual organization, for example to unsus-
pecting stakeholders such as an organization within that industry or the economic and social
well-being of an entire country.
30. Page 25RISKIPEDIA™
Single Point of Failure: 10 Essential Laws of Supply Chain Risk Management
(Book)
Single Point of Failure: 10 Essential Laws of Supply Chain Risk Management was written
by Gary S. Lynch and published in 2009. Structured into 10 parts, each chapter explores a
different Supply Chain Risk Management law critical to a supply chain risk management
practitioner’s methodology.
Single-Sourcing
Single-sourcing is an approach whereby a buying organization relies on a single supplier
for a particular component, even when other suppliers are available. A company’s particular
Bill of Materials (BOM) will dictate whether a single-source supplier is an appropriate pro-
curement decision, as single sourcing can provide numerous benefits such as reduction in
product variability, streamlined logistics, and cost-reduction. Single-sourcing is often opted
for to reduce material costs, as higher volume purchasing requirements to a single supplier
can make it possible to negotiate better purchasing conditions. Single-sourcing can allow for
collaboration and innovation between enterprise and supplier, especially when the buying
organization and supplier are mutually dependent on one another.
However, single-sourcing has its own supply chain risks. It can increase the dependence of
the buying organization on the supplier, potentially developing a lopsided trading partner
relationship. Supplier capacity risks are another downside of single-sourcing, as failures at
the supplier level can disrupt the supply chain and flow of inventory. Demand variability
can greatly impact the performance of a single supplier: a spike in demand may prove unten-
able to the supplier, whilst a significant drop in demand can make it difficult for the supplier
to remain financially viable. Overdependence on a supplier can make a buying organization
vulnerable to price increases, supplier complacency, reduced level of quality, inventory
shortages, and late deliveries.
Sole-Sourcing
A sole-source purchase occurs when only one supplier for a required component/part/
material is available. In some cases, a sole-source supplier may hold a patent for a particular
component used in the buying company’s final product. Though alike, sole-sourcing should
not be confused with single-sourcing, as single-sourcing implies the buying company weighs
its options and chooses to partner with a single provider. With sole-sourcing, buying com-
panies do not have a choice but to rely on that particular supplier. However, sole-sourcing is
similar to single-sourcing in that supplier failures can result in acute business interruptions.
Sourcemap Inc.
Headquartered in New York, New York, Sourcemap Inc. is a provider of supply chain visibility
solutions.
31. Page 26RISKIPEDIA™
Spend Matters
Spend Matters is a global online content community and network dedicated to examining a
range of procurement and supply chain issues.
Supplier Audit
Supplier audits are a risk mitigation approach whereby organizations identify supplier
non-compliance and evaluate the performance of suppliers throughout an end-to-end
supply chain.
Supplier Capacity Management
Supplier Capacity Management is a proactive management process that ensures businesses
have the necessary supplier capacity at a part-level to meet fluctuating demand forecasts.
With the understanding that capacity, in its simplest terms, is the volume of work that can be
completed within a specified timeframe, the objective of supplier capacity management is to
ensure that the available capacity can meet the required demand for a particular good or
service.
Supplier Capacity Risk
Supplier Capacity Risks encompass the full spectrum of capacity issues that can occur at a
production, distribution or transportation tier of the supply chain. In modern, globalized
supply chains, capacity failures at any point of the supply chain can produce damaging ripple
effects which can result in businesses not being able to meet customer demand. In this
regard, capacity can be defined as the volume of work that can be completed within a speci-
fied timeframe, or the ability for a supplier/manufacturer to provide the specified amount of
goods and materials necessary for the proper functionality of a supply chain.
Supplier Criticality Analysis
Supplier Criticality Analysis identifies and prioritizes suppliers whose failure to deliver prod-
ucts or services in accordance with an agreement would affect the receiving organization’s
ability to conduct its business. The identification of critical suppliers can help prevent supply
chain risk and bolster a business’s resilience.
Supplier Performance
Supplier Performance refers to the ongoing execution of supplier actions/processes as
outlined in SLAs with their hiring companies. Factors used to assess supplier performance
can include:
• Product quality
• Mean Time between Failure (MTBF)
• Delivery accuracy
• Warranty claims
• Customer service response time
• Account management.
32. Page 27RISKIPEDIA™
Supplier Performance Monitoring
Supplier Performance Monitoring involves the measurement, analysis and management of a
supplier’s ability to comply with, and preferably exceed, their contractual obligations. Proper
supplier monitoring involves collaboration processes and tools, supplier audits, metrics
tracking, and adherence to contractual terms.
Supplier Relationship Management
Supplier Relationship Management is the practice and process for interacting with suppliers
with an organized approach to produce positive sourcing results. Improperly managed sup-
plier relationships can result in non-compliance, late shipments, and further sourcing risks.
Supplier Risk Information Repository
A Supplier Risk Information Repository centralizes supplier intelligence to facilitate risk
mitigation planning, incident response, and supplier collaboration. Supplier risk information
repositories can track additional supply chain initiatives such as conflict minerals compliance,
business continuity planning, capacity management, responsible sourcing, and security. A
comprehensive supplier risk information repository may also include:
• Suppliers, locations, and activities tracking
• Subcontractors, locations, and activities tracking
• Multi-tier (2nd, 3rd, etc.) locations and activities tracking
• Alternate sites and recovery times tracking
• Third-party emergency contact information tracking
Supplier Segmentation
Supplier Segmentation involves grouping and classifying suppliers by their impact to a given
business. It incorporates reviewing supplier segments, identifying supplier opportunities,
developing product and service agreements, measuring performance, and creating supplier/
cost profitability reports. Suppliers are often grouped into one of four categories: commodi-
ty, standard, strategic, or key.
Supplier Sourcing
Supplier Sourcing refers to the regular screening and monitoring of current and potential
suppliers through self-assessment templates/surveys or internally developed risk scoring
methods to identify potential disruptors for use in the request for quotation (RFQ) process.
Supplier Transparency
Supplier Transparency is the process of acheiving a clear vision into supplier environments
critical for managing rising risk levels in a global environment where corporate supply chain
practices are attracting increasing legal, regulatory, and consumer scrutiny.
Supply Base Management (SBM)
Supply Base Management (SBM) is a systemic, dynamic approach for strategically managing
the whole supply base (current suppliers, minor suppliers, and potential suppliers), the scout-
33. Page 28RISKIPEDIA™
ing of new suppliers, and the transition of suppliers between groups. There are four major
elements to SBM: management of major suppliers, management of minor suppliers, scouting
and vetting potential suppliers, and the onboarding and integration of new suppliers into a
company’s supply chain. Supply base management is a long-term supply chain risk mitiga-
tion strategy which not only oversees the performance of current suppliers, but ensures that
backup ad scouted suppliers can be integrated as seamlessly as possible. SBM also involves
the ongoing evaluation of potential supplier replacements. Akin to sports recruiting, supplier
scouting is a continuous process aimed at providing a robust, compliant supplier pool.
SupplyChainBrain
SupplyChainBrain (supplychainbrain.com) is a comprehensive online supply chain man-
agement information resource. In addition to providing coverage of fundamental supply
chain principles, SupplyChainBrain identifies emerging trends, strategies and best practices,
forward thinking ideas, cutting-edge solutions, and the latest innovations within the supply
chain space.
Supply Chain Digest
Supply Chain Digest is a supply chain management and logistics publication delivering news,
opinions, and information to help end users understand supply chain processes and identify
relevant supply chain technology solutions.
Supply Chain Disruption
Supply Chain Disruptions are events or actions at any level of a company’s internal or
external supply chain that cause business interruptions affecting production, manufacturing,
shipping or inventory.
Supply Chain Management (SCM) Business Process Outsourcing (BPO)
SCM BPO is the strategic outsourcing of one or more supply chain processes to an external
service provider. The scope of SCM BPO includes supply chain planning (SCP) and analytics,
direct material sourcing and procurement, manufacturing management, and logistics man-
agement.
Supply Chain Management Review (SCMR)
Supply Chain Management Review (SCMR) is a U.S.-based business management magazine
34. Page 29RISKIPEDIA™
and online resource that covers supply chain management analyses and trends. SCMR
primarily publishes columns and features contributed by business school professors, supply
chain management practitioners and industry analysts. Topics covered by SCMR include
sourcing and procurement, software and technology, transportation and logistics, supply
chain education, and other topics relating to the supply chain.
Supply Chain Network Design
Supply chain network design is an operational practice that relies on risk evaluation and
mitigation at the network level, focusing on:
• Node locations
• Transportation routes
• Capacity thresholds
• Number of suppliers
Supply Chain Network Mapping
Supply Chain Network Mapping is a process to create an end-to-end map that yields the
connections, relationships, and dependencies between internal manufacturing and partner
supplier sites. It is a critical factor in acheiving supply chain visibility by identifying the
multiple sub-tiers of an end-to-end supply chain. Supply chain network mapping should
document the factors that can affect operations such as:
• Supply chain partners with the highest spending levels affecting major value flows
• Dependencies and interdependencies (including utilities and other critical infrastructure)
• Single source suppliers
• Upstream and downstream partners
• Logistics, storage and transportation
• Labor suppliers
• Contractual and compliance requirements
• Visibility
• Sensitive internal information
Supply Chain Resilience
Supply Chain Resilience, or Supply Chain resiliency Management (SCrM), refers to the
capability of a supply chain network and individual suppliers to recover quickly and cost-ef-
fectively from an event with minimal to no impact to the normal flow of supplies.
Supply Chain Risk:
Supply Chain Risk is the likelihood and consequence of an event, at any point in the end-to-
end supply chain, to disrupt the normal flow of supplies and/or result in negative impacts to
downstream channel product flows and supporting infrastructure and services. Supply chain
risks can manifest in an innumerable amount of ways; however, for practical purposes, supply
chain risks can be distilled into the following categories:
• Process-oriented risks at production sites
35. Page 30RISKIPEDIA™
• Supplier-oriented risks at direct or indirect supplier sites
• Upstream and downstream transportation/logistics risks
• Operational risks at the agency, department, division, branch, unit or corporate level;
• Regulatory risks (i.e., legislative, compliance, intellectual property, sovereign) at the coun-
try or regional level for multinational enterprises.
Supply Chain Risk Management (SCRM)
Supply Chain Risk Management (SCRM) is a growing business discipline for global busi-
nesses with multi-tier supply chains to anticipate, prevent, protect, mitigate respond to and
recover from undesirable and disruptive events. It is the practice of managing the risk of any
factor or event that can materially disrupt a supply chain whether within a single company or
spread across multiple companies. The main objective of SCRM is to enable cost avoidance,
customer service, and market position.An organization’s approach to SCRM should be tai-
lored to meet its needs, context of operation, risk appetite, risk criteria and its unique supply
chain characteristics.
Supply Chain Variability
Supply Chain Variability is an inherent risk to supply chains characterized by variations in
supply and demand that can negatively impact a business’s supply chain. Examples of supply
chain variability may include:
• Changes in consumers’ tastes
• Changes to product portfolios
• Differences in manufacturing, transportation and distribution lead times
• Changes in procurement processes
• Imbalances in parts production or distribution
Supply Chain Visibility
Supply Chain Visibility is the ability for a company’s leadership to look into their suppliers’
global footprint, site locations, sub-contractor and sub-tier dependencies, site activities, part
origins, alternate sites, recovery times, emergency contacts, and business continuity planning
information. Allows the profiling of suppliers and how they are connected at the first, second
and third tiers. Supply chain visibility helps a company’s leadership make informed decisions
and take proactive measures to prevent and mitigate supply chain risks.
Supply Chain Volatility
Supply Chain Volatility refers to the inherent instability of key business parameters that
modern supply chains are forced to adapt to on a regular basis. Using the coefficient of vari-
ation (CoV) as a scale-free measurement of volatility, supply chain practitioners can measure
the ups and downs of a supply chain in tandem with shifts in commodity prices, commodity
availability, and other factors which may impede the flow of materials and products through
a supply chain.
Supply Chain Vulnerability
The susceptibility of an end-to-end supply chain towards the harm of a particular supply
chain disruption.
36. Page 31RISKIPEDIA™
Supply & Demand Chain Executive (SDCE)
A business technology magazine for supply chain executives at manufacturing and non-
manufacturing companies and organizations, as well as public sector agencies, covering
solutions and services for improving supply chain operations and efficiencies.
Supply Risk Solutions
Headquartered in Redwood City, California, Supply Risk Solutions is a supply chain risk data,
analytics and mitigation service provider.
The Risk Project, LLC
Headquartered in Mendham, New Jersey, The Risk Project, LLC (TRP) uses perfor-
mance-based approaches to help businesses and other clients identify, assess, and manage
exposures.
The Power of Resilience (Book)
The Power of Resilience was written by Dr. Yossi Sheffi and published
in 2015. The Power of Resilience focuses on deep-tier risks, corporate
responsibility, cybersecurity, long-term disruptions, business continuity
planning, emergency operations centers, detection, and systemic disrup-
tions. In the book, Dr. Sheffi shows how Supply Chain Risk Management is
a balancing act between taking on the risks involved in new products, new
markets, and new processes – all necessary for growth – and the resilience
created by advanced supply chain risk management.
37. Page 32RISKIPEDIA™
The Resilient Enterprise (Book)
The Resilient Enterprise was written by Dr. Yossi Sheffi and published in
2005. In The Resilient Enterprise, Dr. Sheffi makes the case for corporate
resilience, asserting that resilience investments can be turned into
competitive advantage. Through numerous case studies and stories, Dr.
Sheffi explores high-impact/low-probability disruptions and the tools for
companies to reduce the vulnerability of their supply chains.
Time-to-Recovery (TTR)
Time-to-Recovery is the gap in time between when a disruptive event happens and when the
company can restart normal production. It signifies the time for a supply chain tier to fully
recover after a particular disruption. TTR includes: the duration of recovery efforts to restart
production and delieveries at the disrupted supplier; the time taken to locate, qualify, buy,
and use parts from an alternate source; the duration of reengineering processes to utilize
other types of available components and capacities.
Identifying the Time to Recovery for each node in a supply chain is a critical component in
planning for unexpected disruptions. By inspecting supply chain nodes individually, one can
calculate the financial impact of each node. Determining the TTR for each node requires a
complete analysis of a product’s Bill of Materials (BOM), multi-tier supplier data, and trans-
portation routes. Comprehensive TTR intelligence reduces the overall risk for manufacturers
and the businesses they supply.
Titze, Christian
Christian Titze is a Research Director at Gartner with more than two
decades of professional experience in general IT, supply chain manage-
ment (SCM) and enterprise resource planning (ERP). Part of the SCM
analyst team, Titze covers the IT/supply chain alignment from a
technological perspective, with attention to architecture, technology
enablement and wider application topics.
Upstream
Upstream is the direction in a supply chain opposite to the flow of materials. The furthest
upstream point of a supply chain is the collection of raw materials and sourcing, whilst the
furthest point downstream in a supply chain is the customer.
38. Page 33RISKIPEDIA™
Vakil, Bindiya
Bindiya Vakil is the Chief Executive Officer and founder of Resilinc. A
recognized thought leader in the area of supply chain risk management,
Vakil has been a practitioner in the high-tech supply chain management
space with companies including Flextronics, Cisco and Broadcom. She
holds a Master’s degree in Supply Chain Management from MIT and an
MBA in Finance. She is a published author and frequent speaker at top
supply chain conferences and universities on the topic of supply chain
resiliency. Vakil’s concept of “Design for Resiliency” is being widely adopted as a best practice
in the industry. She was named a Top Female Supply Chain Executive in 2013 by Supply &
Demand Chain Executive magazine.
Value-at-Risk (VAR)
A category of risk metrics that describe, in terms of probability, the market risk of a trading
portfolio over a given period of time. Rather than an expected value of loss, VaR is a condi-
tional estimate of loss. Widely used by banks, securities firms and commodities merchants,
VAR can also be used to evaluate and manage risk in the supply chain. VAR is the sum of
the probability of disruptive events multiplied by the financial impact of the events for a
specific process, supplier, product or customer. The calculation of VaR for different types of
disruptions helps companies prioritize proactive risk mitagation efforts and reactive recovery
efforts during crisis response.
