SlideShare a Scribd company logo

The use of pro-active versus re-active risk management practices for managing supply chains

P
Pieterjan Tilleman
1 of 115
Download to read offline
UNIVERSITEIT GENT FACULTEIT ECONOMIE EN BEDRIJFSKUNDE ACADEMIEJAAR 2013 – 2014 The use of pro-active versus re-active risk management practices for managing supply chains Masterproef voorgedragen tot het bekomen van de graad van Master of Science in de Toegepaste Economische Wetenschappen: Handelsingenieur Pieterjan Tilleman onder leiding van Prof. Ann Vereecke Begeleider: Evelyne Vanpoucke
I UNIVERSITEIT GENT FACULTEIT ECONOMIE EN BEDRIJFSKUNDE ACADEMIEJAAR 2013 – 2014 The use of pro-active versus re-active risk management practices for managing supply chains Masterproef voorgedragen tot het bekomen van de graad van Master of Science in de Toegepaste Economische Wetenschappen: Handelsingenieur Pieterjan Tilleman onder leiding van Prof. Ann Vereecke Begeleider: Evelyne Vanpoucke
II CLAUSE OF CONFIDENTIALITY PERMISSION Ondergetekende verklaart dat de inhoud van deze masterproef mag geraadpleegd en/of gereproduceerd worden, mits bronvermelding. Pieterjan Tilleman
III Acknowledgements Vooreerst wil ik Evelyne Vanpoucke van harte bedanken voor de volle steun, de vele raad, de nodige tijd en de snelle beantwoording van vele emails die mij op het goede pad hebben geleid. Vervolgens mag ik een dank aan mijn vriendin Louise uiten voor de hulp met de bibliografie en de steun en toeverlaat wanneer het eens wat minder vlotte. Ook mag ik de medewerking van de vele operations en supply chain managers van de deelgenomen Belgische bedrijven aan dit onderzoek niet vergeten. Al was het soms een niet voor de hand liggende opdracht om een vragenlijst van een dergelijke omvang ingevuld te krijgen, doch zonder deze data zou dit werk niet tot stand gekomen zijn. Tenslotte, dank ik mijn familie voor de volharding en de enorme steun en in het bijzonder mijn vader voor het nalezen van dit werk.
IV Table of Contents Table of Contents ................................................................................................................................. IV List of Tables....................................................................................................................................... VIII List of Formulas.................................................................................................................................. VIII List of Figures .........................................................................................................................................1 1 Introduction ...................................................................................................................................1 2 Literature research.........................................................................................................................3 2.1 Risk Management...................................................................................................................3 2.1.1 The Nature of Supply Chain Risk.....................................................................................3 2.1.2 Risk management .........................................................................................................11 2.2 Supply Chain Management...................................................................................................22 2.3 Supply Chain Risk Management ...........................................................................................27 2.4 Supply Chain Security Management.....................................................................................30 2.5 Conclusion............................................................................................................................32 3 Conceptual framework.................................................................................................................33 3.1 Environment.........................................................................................................................33 3.2 Risk perception or representation of risk .............................................................................35 3.3 Proactive versus Reactive Risk Strategies.............................................................................36 3.4 Moderators and Mediators ..................................................................................................39 3.4.1 Supply chain management practices. ...........................................................................39 3.4.2 Design and complexity of the supply chain...................................................................41 3.4.3 Continental differences ................................................................................................46 3.4.4 Comparison with 3 years ago........................................................................................46 3.5 Model diagram .....................................................................................................................47 4 Data Collection .............................................................................................................................48 4.1 Introduction..........................................................................................................................48 4.2 Results..................................................................................................................................49 4.3 Variables and constructs ......................................................................................................50 4.4 Exploratory factor analysis (EFA)..........................................................................................52 5 Methodology and Analysis ...........................................................................................................53 5.1 General model......................................................................................................................53 5.1.1 Confirmatory Factor Analysis (CFA) of the general model ............................................53 5.1.2 Comparison with alternative frameworks ....................................................................56 5.1.3 Descriptive statistics.....................................................................................................57
V 5.1.4 Hypothesis testing ........................................................................................................58 5.1.5 Multicollinearity ...........................................................................................................59 5.2 Input from mediator variables..............................................................................................60 5.2.1 Framework ...................................................................................................................60 5.2.2 Confirmatory factor analysis.........................................................................................61 5.2.3 Descriptive statistics with mediator variables ..............................................................61 5.2.4 Structural path significance ..........................................................................................62 5.2.5 Mediating effect and hypothesis testing ......................................................................62 5.3 Input from moderator variables ...........................................................................................64 5.3.1 Descriptive statistics and differences for the moderator variables ..............................64 5.3.2 Moderating effect and moderated mediation..............................................................67 5.4 Some comparison with 3 years ago......................................................................................71 5.5 Hypothesis summary............................................................................................................72 6 Overall Conclusion........................................................................................................................73 7 Limitations and possibilities for future research ..........................................................................75 8 References....................................................................................................................................76 9 Appendices...................................................................................................................................80 Appendix 1: PWC results ..................................................................................................................80 Appendix 2: Participated Belgian companies ...................................................................................81 Appendix 3: Internal consistency scale measurement .....................................................................82 Appendix 4: Descriptive statistics.....................................................................................................85 Appendix 5: Different frameworks ...................................................................................................88 Appendix 6: Confirmatory Factor analysis for alternative framework formulations ........................89 Appendix 6: T-statistics for mediators..............................................................................................93 Appendix 7: Sobel test......................................................................................................................94 Appendix 8: Paired Sampled T-statistics...........................................................................................96 Appendix 9: Multi-group moderation and moderated mediation..................................................100 Appendix 10: Statistics for differences with 3 years ago ................................................................102 Variable paired samples t-test....................................................................................................102 Paired sample t-tests for relationships.......................................................................................105
VI Abbreviations list DV: Dependent Variable ERM: Enterprise Risk Management FMEA: Failure Mode and Effect Analysis IV: Independent Variable PEST- variable: variable that signifies Political, Economical, Social & Technological trends in the environment PORTER-variable: variable that takes a look at the company’s competitive forces RM: Risk Management SC: Supply Chain SCD&C: Supply Chain Design and Complexity SCM: Supply Chain Management SCRM: Supply Chain Risk Management SCSM: Supply Chain Security Management SCVM: Supply Chain Vulnerability Map SME: Small and Medium Enterprise TQM: Total Quality Management
VII List of Figures Figure 1: risk aspects .............................................................................................................................5 Figure 2: Dimensions of risk ...................................................................................................................6 Figure 3: risk sources..............................................................................................................................7 Figure 4: vulnerability - efficiency relation (left), vulnerability - simplicity (right)..................................9 Figure 5: risk management framework ................................................................................................11 Figure 6: fault tree analysis for the AVIA example ...............................................................................13 Figure 7: risk matrix for the additional probability of detecting risks...................................................14 Figure 8: risk mitigations strategies......................................................................................................19 Figure 9: the concept of Supply Chain Risk Management (Blos et al., 2009)........................................27 Figure 10: a SCRM framework..............................................................................................................29 Figure 11: PEST anlysis .........................................................................................................................34 Figure 12: Porter's Five Forces Model ..................................................................................................35 Figure 13: Supply Chain........................................................................................................................41 Figure 14: Supply Network ...................................................................................................................42 Figure 15: a more complex and adaptive network...............................................................................42 Figure 16: supply information network................................................................................................44 Figure 17: Model diagram ....................................................................................................................47 Figure 18: proportion of participated industries ..................................................................................49 Figure 19: proportion of participated countries...................................................................................49 Figure 20: General Model.....................................................................................................................53 Figure 21: framework with general SCM mediator between environment and risk perception (first framework) ..........................................................................................................................................60 Figure 22: Framework with general SCM mediator between risk perception and risk management (second framework) .............................................................................................................................61 Figure 23: Mediating effect ..................................................................................................................63 Figure 24: Environmental factors between Europe and Asia ...............................................................64 Figure 25: Risk Probability and Impact for Europe and Asia.................................................................65 Figure 26: calculation for the multi-group moderation t-statistic and p-value.....................................68
VIII List of Tables Table 1: risk criticality matrix ...............................................................................................................14 Table 2: risk management actions........................................................................................................17 Table 3: the business from a biological view........................................................................................43 Table 4: Environmental constructs.......................................................................................................50 Table 5: Risk perception variables........................................................................................................50 Table 6: Proactive and Reactive Management .....................................................................................50 Table 7: Supply Chain Management Practices......................................................................................51 Table 8: Supply Chain design and complexity.......................................................................................52 Table 9: CFA summary table.................................................................................................................54 Table 10: Discriminant validiy ..............................................................................................................55 Table 11: CFA summary table for comparison with other frameworks................................................57 Table 12: outer model T-statistics........................................................................................................58 Table 13: inner model loadings and T-statistics ...................................................................................58 Table 14: Multicollinearity ...................................................................................................................59 Table 15: Risk management for Europe and Asia.................................................................................65 Table 16: Risk management for lower and higher complex networks..................................................66 Table 17: determination coefficients ...................................................................................................67 Table 18: Mean, standard errors and T-statistics for the two groups for moderation .........................70 Table 19: hypothesis summary table....................................................................................................72 List of Formulas Formula 1: Sobel test statistic ..............................................................................................................62 Formula 2: t-test for multi-group moderation and moderated mediation...........................................68
1 1 Introduction In many business environments, networking in supply chains is almost an inevitable solution to help companies respond fast to market changes. A lot of opportunities are accompanied with networking. Examples are lower transaction costs, ability to concentrate on core skills, lower capital investments, sharing sunk costs, greater flexibility and access to key technologies. So the use, the meaning and the practices of the concept supply chain management became important. However, increased network cooperation does increase the dependency between organizations and as a consequence of the advantages above companies become more exposed to the risks of other companies. Hence networking causes transfer of risks between several companies from a supplier- customer viewpoint. It may decrease some risks but unfortunately increase others. Inevitably partners must share their risk among them as a solution to mitigate their risks and to succeed in their operations. Therefore today’s industries must operate under extreme caution and the concept of supply chain risk management was born. The need of the concept became useful after series of crises and catastrophes had attracted public attention like natural disasters, political and economic instabilities, terrorist attacks and many more. Secondly modern supply chains seem to be more vulnerable than ever: increased competitive pressure in the business environment and globalization of markets. Counterfeiting products has increasingly entered the supply chain and harms a company’s product and reputation. The financial crisis has brought companies to be very suspicious and seek to ensure their business and operations continuity. Nowadays they struggle more than ever from facts like supplier insolvency and less access to credit that especially impact the less financially stable companies. There are plenty number of relevant examples. Automobile manufacturer Land Rover found itself in serious trouble after its only supplier of chassis frames, UPF-Thomson, suddenly and unexpectedly folded further supply delivery (Sheffi & Rice Jr, 2005; Wagner & Bode, 2009). Electronic company Ericsson faced dramatic problems with a huge impact, after a fire at a sub-supplier and has implemented an entire new organization with new supplier risk management tools (Norrman & Jansson, 2004). Ford, Toyota and DaimlerChrysler experienced massive disruptions to the flow of materials into their North-American assembly plants within a few days after the terrorist attack of 9/11 due to border shut-downs (Sheffi & Rice Jr, 2005). Globalization compelled firms to make their supply chains more efficient, resilient or more responsive by outsourcing or off shoring activities, sourcing in low-cost countries, collaborations with
2 other partnerships, decreasing inventory and so on. But all these activities can be associated with a higher level of risk and supply chain sensitivity. A report stated that companies suffering from supply chain disruptions experienced 33-40% lower stock returns relative to their industry benchmarks. Consequently it can also negatively impact a firm’s brand image and reputation. In addition severe disruptions like the Fukushima nuclear disaster have healthy and safety risk consequences. So concluded we feel the need for risk management in a relatively unstable world on the one hand and an increasingly flexible supply chain on the other hand. This work gives an introduction into the risk management world. We will discuss the main concepts of risk, the perceptions, the difference between proactive and reactive mitigation strategies, the supply chain practices that are needed to stay resilient and many more on the basis of existing literature. Secondly we will employ our gained knowledge to build and test a framework that make use of several aspects of the environment, risk concepts and supply chain practices and complexity. Data was collected in many industries to achieve this goal. Additionally we will try to do some investigation for progressions in the past three years and compare continents, in particular European and Asian countries. In the end we will come up with some meaningful conclusions that fit with our model and outcomes, give some limitations and suggestions for future research.
3 2 Literature research First we will dig in to the world of risk management with all his facets. Thereafter we will consider supply chain management concept and finally we will end up with the meaning of supply chain risk management and some thoughts of supply chain security management. 2.1 Risk Management 2.1.1 The Nature of Supply Chain Risk Introductory case Consider a random company; named AVIA. AVIA is a manufacturing company that produces metallic aircraft components for the aviation industry. It is operating its activities since a long time. Through these years it has maintained its supplier base, the metal industry and reached its few customers from the aircraft assembly industry. Suppose now that because of tensions in the commodity market, the company that is responsible for the supply on metal parts has defaulted to deliver the needed products. Company AVIA can appeal on a few minor companies but this amount is not sufficient. You as a company decide to produce further your semi-finished goods with the little supply of metal parts. Suppose then a major customer refuse to do further business with you because you have augmented your prices due to your increased variable costs per part produced. Or you are unable anymore to deliver the requested components on time because time goes by until you receive your parts. On top of that a fire caught your plant and a third of your machinery capacity has been demolished. Reinvesting in new assembly equipment is accompanied with a lot of costs. As a consequence you see your benefits declining and you end the year with a very negative profit and loss account for the AVIA Company. Risk Functions which generate the possibility of beneficial effects or profit often include risks. This is certainly the case with business activities. So risk can here be for example: 1) Your supplier fails in delivering the needed metal parts such that you operate under capacity. 2) Problems in fulfilling customer deliveries arise because you cannot deliver your aircraft components on time. 3) Because of cost considerations you increase your prices. Customers quit business with AVIA which results in a too low or inappropriate demand. 4) Due to a fire at the production plant, it is difficult to get back on track which resides in the difficult re-management of its costs, resources, development and flexibility.
4 The above situations are all examples that contain risk. We can already make a first distinction between demand side risks and supply side risks. The third risk is an example of the first category and the first risk is an example of the latter. These are risk categories that are internal to the supply chain whereas the fourth risk is an example of an external to the supply chain risk. But what is risk actually? Risk is a characteristic of decisions that is defined as the extent to which there is uncertainty about whether potentially significant and/or disappointing outcomes of decisions will be realized (Sitkin & Pablo, 1992). So risks suggest variation in the distribution of possible outcomes, their likelihoods and their subjective values (Wagner & Bode, 2008). According to Kahneman & Tversky’s “prospect theory” individual risk behavior is determined how the situation is framed. For example if individuals are protecting prior gains will be more risk averse. In financial risk management, risk is considered as having an upside and downside potential of possible outcomes according to a normal distribution with a two-sided variance. In contrast the aim of this work is to approach risks in supply chains which can be better stated, considering the severe impact of disruptions, as being purely negative. According to several authors, risk is considered in this manner and that corresponds best from a supply chain consideration (Wagner & Bode, 2009). Zsidisin (2003) contains a broad definition of risk applied to the supply chain: the probability of an incident associated with inbound supply from individual supplier failures (quality, delivery, relationships and price) or the supply market occurring, in which its outcomes result in the inability of the purchasing firm to meet customer demand or cause threats to customer life and safety. What is good in this definition is that it mentions the distinction between supply and demand side risks. It mentions some supply risks but these are not exhaustive. Production capacity constraints on the supply market, technological changes with the supplier, product design features, to mention a few can also play a role. It also assesses the risk aspects which are important to understand risk. Risk aspects In the former definition we find 2 important aspects that constitute risk namely the extent or the impact of outcomes and the possibility or potentially significance that may or may not be disappointing of these outcomes. These are convenient aspects of risk because according to the Bayesian theory when you multiply these two figures for each outcome you get the distribution and thus the severity of each possible outcome. Therefore we can split risk in 4 categories shown in figure 1 below. We consider the enterprise’s vulnerability the highest when both the likelihood and the impact of disruption are high whereas rare, low impact events require less action to mitigate. Furthermore disruptions that combine high probability and low impact are part of the daily operations in the normal flow of business. On the other hand risks with low likelihoods but high
5 consequences need a concrete planning and interference that is outside the daily business operations. The fire at our plant is an example of a low probability, high impact risk. A reduced demand of your aircraft assemblies could be an example of high probability low impact risk. It is important that you recognize this risk in function of your company because the probability and impact differs among different corporations. A strike in one plant of the Airbus corporations has a lower impact on a big multinational with several aviation plants than the same strike in our little AVIA plant. Figure 1: risk aspects Kleindorfer and Saad (2005) suggest besides impact and probability, the speed of the possible risk can also play a role. Speed can be understood as the rate at which the event leading to loss happens, the rate at which these losses happen and how quickly the risk event is discovered by the company. Furthermore the frequency or how often a similar kind of risk event happens. In our situation how often will our major supplier fail to deliver our metal parts? If this occurs too frequently our company may lose his reputation, several customers will abandon AVIA and in the long run our company may be even going out of business. At last, Griffis and Whipple (2012)consider the probability of risk detection as an additional aspect of risk and adds a third dimension besides impact and probability. For instance, a high-likelihood/high- impact risk that is also extremely difficult to detect, warrants a substantially different risk management strategy than a high-likelihood/high-impact risk that can be more readily detected (see further). Low impact High probability High impact High probability Low impact Low probability High impact Low probability
6 Figure 2: Dimensions of risk Risk Drivers and Risk Natures At some point you as a manager believe something exists in your business operations environment and will lead to a particular risk event and a serious impact could occur (P. G. Smith & Merritt, 2002). This is what we call risk drivers. Risk drivers can further increase the risk experienced by the supply chain participants (Jüttner, Peck, & Christopher, 2003). The tensions on the commodity market in metal parts supply or serious changes in a foreign currency exchanges rate are examples of risk drivers. They can lead to a serious risk event and it’s important to watch out and keep in mind that such events, although at first sight these seems to be far from your business, can cause problems to your firm. Competition and globalization increase risk indirectly whereas outsourcing which can results in increasing complexity can have a direct effect on risks (Jüttner et al., 2003). In essence, risk drivers are the start of causal pathways that ends up in risks. A further distinction can be made according to Kleindorfer and Saad (2005) on the nature of the risks or risk sources. These are variables (networking, environmental and operational) which cannot be predicted with certainty and which impact on the supply chain outcome variables (Jüttner et al., 2003). We can make a distinction on risks that come from coordinating supply and demand e.g. supplier fails in delivering the needed part, on the one hand. On the other hand risk arises from normal activities. These can be further subdivided in operational risk and risk arising from natural hazard, terrorism or political instability or called disruptive risks. These latter are risks with low probability, high-consequence of outcomes whereas the former has a higher probability of outcomes. However, most of the quantitative models are designed for managing operational risk. So there is a need towards more disruption risk models. Examples of the former are equipment malfunctions or human centered issues from strikes to fraud. An example of the latter is the fire at AVIA Company. A summary of risk sources can be found in the figure taken from Jüttner et al. (2003). Environmental
7 and organizational risk sources have an impact towards the supply chain whereas network risk sources are the risk sources of the supply chain (Jüttner et al., 2003). Figure 3: risk sources Manuj and Mentzer (2008) on the other hand divides the sources of risk in 4 categories (Supply, Demand, Operational and Security Risk) each with their risk event examples. Supply risks can contain besides the above examples supplier opportunism and inbound product quality. Or the supplier can default in flexibility to deliver the metal parts for AVIA just-in-time. Demand risk can be that our aircraft partner’s demand is very variable or a competitor from the assembled aircraft parts industry negotiates a more interesting demand with our metal parts suppliers. Through this AVIA is losing market share. Another example, but occurs more in food products supply chains, is that these products result in a weather-related demand uncertainty. For example, the demand of ice-cream is the highest when it’s a warm weather. The authors, Chen and Yano (2010), suggest a very flexible contracting scheme to optimize the distribution of risks between the manufacturer and retailer. This can be achieved for example through weather related rebate contracts to mitigate demand uncertainty. Next risks can be seen from an operational point of view like the risk on product quality failures. At last security risks or currency risks can also play a role. Melnyk, Rodrigues, and Ragatz (2009) added also information/technology risks (C. S. Tang, 2006), financial risks and legal/regulatory risks (Wagner & Bode, 2008).
8 Disruptions “Supply chain disruption is the unintended, anomalous event that materializes somewhere in the supply chain and threatens the normal course of business operations (Wagner & Bode, 2009)”. In other words disruption is anything that unexpectedly affects your supply chain. According to Sheffi (2005) these events follow a disruption profile in a predictable way in terms of its effect on company performance. From this perspective general problems can be roughly divided between deviation, disruption and disaster (Gaonkar & Viswanadham, 2004). Whereas the former can be more seen from an operational view, in essence a variation in lead times or demand within the supply chain from their expected or mean value, the latter two problems deal more on the environmental problems. With a disruption is the structure of a supply chain radically changed and with a disaster is the supply chain shut down temporary or irrecoverable. The authors formulated 2 mathematical optimization models that deal with only deviation and disruption problems because modeling disasters is simply impossible. Random events, land natural disasters like tropical storms and earthquakes can be best estimated from historical data for their possible occurrence. The likelihood of accidents on the other hand can also be estimated from industry data, prior events and the enterprise particular safety programs and implementations. Lastly, the probability of intentional disruptions such as job actions, strikes or sabotage) is the most difficult to estimate because the likelihood is a function of the specific company’s decisions and actions. Then, there is the difference between several kinds of storms according to Altay and Ramirez (2010). The impact of damage from windstorms and floods seem to be dramatically lower from that of an earthquake in terms of operational Cash Flow. The authors give the reason for the better predictability of these former 2 climate events and firm’s ability to prepare their firms in advance for them. Earthquakes damages a lot and makes recovery very slow and do not allow preparation time. In addition they show that the impact of natural disruptions is dependent on the firm’s position in the supply chain. The disasters that can be prepared can be planned for the upstream partners. There stock is accrued in advance and can be sold to downstream partners where these have opposite total asset turnovers. A solution to overcome this problem with the downstream partners is supply-chain wide risk practices because a firm that is not prepared will disrupt the operations of the rest of the supply chain.
9 Melnyk et al. (2009) proposes a discrete event computer simulation model that is based on the decomposition of a supply chain disruption in several facets like for example the quantity loss, time period, periodicity, profile breath & location of a disruption and the output level of its recovery towards the supply chain performance. They concluded that the use of classical statistical analysis is rather limited since they do not deal with the time dimension of disruptions. Because of the transient behavior of the process intervention analysis using time series is more appropriate in their study (Melnyk et al., 2009). A general rule should be to include a combination of methodologies in order to make a comparison. Perry (2007) builds a disaster response model after the 2004 Tsunami in Thailand that is for a part transferable to a business context. They highlight the logistic aspects (expertise and efficiency) and the need for quick information by extensive communication and local knowledge to deal with disasters quickly. This can be the case when some manufacturing activities are outsourced in a distant country. Vulnerability It seems according to Wagner and Bode (2009) that probability of risks are determined by supply chain characteristics (density, complexity, criticality, …) and consequently their vulnerability both as part of as well as across the entire supply chain. Vulnerability is defined according to (Blaikie, 1994;(Wagner & Bode, 2009) ) as a company’s capacity to anticipate, cope with, resist, and recover from the impact of a natural hazard. Several characteristics of the supply chain increase or decrease the vulnerability of the supply chain. For example extreme leanness and efficiency is very effective for a company’s operations and reliability towards their customers but may result in an increasing level of vulnerability. While lean management can provide several advantages in cost reductions and efficiency, it makes companies more hazardous to risk vulnerability and velocity. Consequently establishing back-up systems and maintaining reasonable slack can increase the level of readiness in managing risk. One can make a vulnerability efficiency operations vulnerability simplicity supply network Figure 4: vulnerability - efficiency relation (left), vulnerability - simplicity (right)
10 trade-off between robustness and overall efficiency to cope the level of risk. And because of the supply chain is only as secure as its weakest link minor movements can entail serious disruptions which makes the supply chain very vulnerable. Second, to reach more leanness or customer made products provided to worldwide demand, often this is coupled with an increasing complex network. But this must be paid off towards increasing vulnerability. We shall further see that one can overcome the vulnerability in complex network by being more resilient. Sheffi proposed a supply chain vulnerability map (SCVM) with four quadrants namely financial, strategic, hazard and operational vulnerability. Strategic vulnerability means the vulnerability when a new product is introduced. Hazard vulnerabilities are the internal as well as external risk drivers previously described. Operations vulnerability focus on the supply chain as for example distribution network failures. The framework is constructed in a manner that items of a category placed in the centre are very important and those on the edge less important. The goal of this framework is that each of the categories has a property to find, quantify and minimize risk (Blos, Quaddus, Wee, & Watanabe, 2009). Wagner and Bode (2006) found evidence of the effect of supply chain vulnerability drivers are positive towards more supply chain risk. This is the case for supplier dependence, single and multiple sourcing. So firms must according to Wagner and Bode (2006) avoid dependences and improve the robustness of a company’s chain. Meanwhile the choice of single or global sourcing must be done through a risk-benefit analysis (see further). Vulnerability is not in every industry the same. The aircraft manufacturing industry operates in an extreme risk environment, characterized by high levels of commercial, technological and political risk as well as the inherent product safety issues (Haywood & Peck, 2003). Interviewed companies from the author’s research acknowledged that their supply chain is most vulnerable during times of change as the risk profiles affecting their supply chains were also changing, but also that change is a constant state in their supply chain activities. Aircraft companies never experienced a steady-state resulting in increased supply chain change management (Haywood & Peck, 2003). To reduce a company’s weakness Asbjørnslett (2009) suggest to take a vulnerability analysis. It’s a top down analysis and its main focus is towards the system mission and the survivability of the system (Asbjørnslett, 2009). The essential steps to take this analysis is first to search for possible threats and their consequences, next the company must bring back their system to new stability by aligning adequate resource and last determine the disruption or the time the stability is again established. It gives a complete proactive vulnerability analysis framework that works in two rounds.
11 First the manager tries to understand the threats and risks, analyses and rank the consequent possible scenarios and is left over with a set of critical vulnerable elements in a first round. These require additional specific analysis that needs reduced fragility by adding appropriate resource to mitigate their criticality to them in a second round of investigation. 2.1.2 Risk management Risk management is defined as identifying and assessing the probabilities and consequences of risks, and selecting appropriate risk strategies to reduce the probability of, or losses associated with, adverse events (Manuj & Mentzer, 2008). The execution of an overall risk management process is useful for companies because managers tend to focus solely on critical performance targets, which affect the way they manage risk (C. S. Tang, 2006). The need for more supply chain and risk management has certainly become clear after the PWC investigation (Levi, Vassiladis, & Kyratzoglou, 2013). In their research they categorize enterprises in 4 levels of achievement of supply chain and risk management. They grouped the two lower and two higher levels together to reach some conclusions. Appendix ? gives some results from their study and show the percentage of companies with more than 3 incidents that suffered an impact of 3% or higher on their performance as a result of supply chain disruptions. First companies that invested in an advanced risk and supply chain management level are better equipped towards risks than lower risk management levels. Framework for a general structure of the risk management process Figure 5: risk management framework Supply risk management contains several steps and can be seen on the figure 5 (Hallikas, Karvonen, Pulkkinen, Virolainen, & Tuominen, 2004), (Griffis & Whipple, 2012; Zsidisin, 2003),). The different steps will be discussed successively. Risk Identification Risk Assesment, Evaluation and prioritization Risk Management actions and Mitigation strategies Risk Monitoring and Strategy Sharing
12 Risk Identification Equipment interruptions, quality failures and supply fluctuations. These are common strong signals of risks in manufacturing systems. The main focus of risk identification is to recognize future uncertainties to be able to manage these scenarios proactively in a later stage. Chopra and Sodhi 2004 identified nine broad categories of supply chain risks: disruptions, delays, systems, forecasts, intellectual property, procurement, receivables, inventory and capacity. Furthermore according to Manuj and Mentzer (2008) it is recommend that, once identified, risks should be segmented by specific characteristics in order to create a risk profile. You can categorize them in domestic or global risks. Once you start to investigate and identify risk, a common approach is to start with a brainstorming session with the management team with a diversity of people from sales, marketing, quality and finance if possible of your business. It can be helpful sometimes to get your session accompanied with your supply chain partners or major customers ((P. G. Smith & Merritt, 2002), (Preston G Smith, 2002)). By brainstorming you can base your business on the past as well as you can ask if everyone can think of success factors and wonder themselves what can go wrong? Actions that can be performed to discover risks are for example (Mullai, 2009): - Identify risk generating activities - Identify and formulate problems - Determine the background to determine the context - Define (technical, analytical) boundaries for the study - Collect relevant risk-related data and information Daimler Chrysler had to quit production for several days because of a defective fuel injector that came from their supplier Bosch, so the former company claimed his supplier for delivering the wrong part. Bosch claimed that it didn’t make mistakes but instead pointed at his supplier Federal Mogul for their faulty sockets which in turn found his supplier Dupont guilty for delivering defective granulates (Henke, 2009). A practical approach in finding the origin of disruptions is the use of the Tree model. This allows you to find the underlying root causes for today’s disruptions but also by using “what if” scenarios to get the root cause for future uncertainties (Griffis & Whipple, 2012). Ask yourself “what could go wrong at this point that would prevent us from achieving success”, especially for projects. Ultimately in a later stage this can form the basis for a comprehensive scenario planning approach (Sheffi & Rice Jr, 2005). Also a risk simulation can be done or a sensitivity analysis can be performed to check if some crucial parameters or outputs change in different scenarios. It is important to find
13 the causes because they require different modes of prevention and have also different potential impacts. An example of a fault tree analyses with root causes for our case of AVIA is given below: Figure 6: fault tree analysis for the AVIA example Secondly, we can address the reliability tools from Total Quality Management (TQM) to discover risks. One tool that can be used for Risk Identification is Failure Mode Effects and Criticality Analysis (FMECA). In essence this tool aims at performing bottom-up analyses of processes to determine where systems might fail, and then to either design out or improve detection of these potential failure points. The advantage is that this procedure moves from reactive to a more proactive means of equipment maintenance in an effort to reduce equipment breakdown and failure. But this tool is relatively absent from the supply chain literature because it often lacks the assessment/evaluation factors such as probability and likelihood. A better approach would then be Failure Modes and Effects Analysis (FMEA) in a supply chain context. With this method you have to identify and rank potential failure modes of a design or manufacturing process but its disadvantage is that it does not take criticality into account and thus does not completely address the potential impact of a risk (Griffis & Whipple, 2012). Especially for the identification of possible catastrophic events, Knemeyer, Zinn, and Eroglu (2009) applied this risk management framework for low probability high impact events. Companies have to determine the key supply locations with highest probability of threats and a list of them. Approaches that can help them are “internal assassin” whereby a manager who thinks as a terrorist and thinks Lost sales opportunity with aircraft industry metal part stock out lead time delay tensions in the commodity market lack of alternative sources of supply only minor suppliers available reduced production fire at the plant
14 about how to carry out threats against a firm and the “wheel of crises” whereby certain possible consequences of crises are discussed where the wheel stops. Risk Assessment, evaluation and prioritization Risk analysis or the assessment of a risk event is nothing else then weighting or measuring the subjective probability of a risk event and the potential consequences of it from the viewpoint of the enterprise. In a later stage companies should tailor the responses and strategies will be taken to reduce either their probability or their consequences. These two aspects can be used to develop a risk map or a risk criticality matrix: the probability or sometimes called the criticality index (how critical is a possible risk for your company) and the impact or several severity classifications. Negligible impact Marginal impact Critical impact Catastrophic impact Low Least Emphasis Probability High Most Emphasis Table 1: risk criticality matrix The aim of this matrix is to evaluate each risk on their emphasis and ultimately prioritize this risks to mitigate and map them in the matrix. Griffis and Whipple (2012) notices an incomplete picture and suggest that the probability of detecting these risk factors should be admitted in the traditional two- by-two matrix used by many other authors. (see also risk aspects). How can this additional factor be integrated? This is done again with a two-by-two matrix. Figure 7: risk matrix for the additional probability of detecting risks The manager can, for a specific risk factor, assess the ease in which the occurrence of that risk factor can be monitored (from easy to difficult) on the x-axis. On the y-axis, the lead time, from short to I Least Emphasis II III IV Most Emphasis
15 long, between detection and realization of the risk is depicted. For example if our metal supplies come by ship you have to take care and map several sources of risks. An example of the first quadrant can be a mechanical failure because it may have little to no advance warning of problems but once occurred in most cases the technical staff is capable in solving these kinds of failures. Weather fluctuations like a dangerous storm are immediately detected due to the accurate weather forecasts nowadays such that a vessel is able to take an alternative route and avoid the storm. The risk of piracy at last is difficult to monitor and characterizes with an immediate recognition of the detection, resulting in greater emphasis. Sometimes the firm can draw a tolerance threshold line that divides the risks you will manage actively form those that will not be managed, after which the risks identified are sorted by expected loss (P. G. Smith & Merritt, 2002). In other words, the company selects the maximum risk criteria it can afford. That’s another way of prioritizing risks when the firm has to cope with a lot of risks, especially minor risks. Prioritization is important as firms often focus only on recurring but low- impact risks at the expense of paying attention to high-impact but less-probable risks (Griffis & Whipple, 2012). In a further stage risk can also be compared against the selected risk evaluation criteria (Mullai, 2009) and further be ranked by criticality or severity. For the assessment and estimation of a catastrophe the use of simulation and optimization can be recommended (Knemeyer et al., 2009). Other estimation methods are for example the opinion of experts combined with historical data, suitable for aircraft incidents or with the opinion of decision makers, eligible for other types of catastrophic events like nuclear reactor meltdowns. The game theory whereby an optimal strategy has to be determined between the objective function of the attacker and the constraints of the firm can be used to simulate terrorism. The output of these approaches should be a list of key locations with estimated potential loss values. Risk Management Actions and Mitigation strategies Much research is done about management actions, strategies and action plans against risks. An attempt to give a reasonable overview follows. (Kleindorfer & Saad, 2005) (Manuj & Mentzer, 2008), (C. S. Tang, 2006), (Griffis & Whipple, 2012)) Under risk management actions we understand the general used strategies towards the risks perceived. They are risk taking, risk transfer, risk reduction and risk elimination respectively. Within each risk management action several mitigation strategies can be used in succeeding this action.
16 Firstly managers can choose to take the risk. Reasons therefore can be that the risk may be perceived to be low and the company is willing to accept the risk because of very little consequences for the firm. According to two German researchers, during the financial crises times, a lot of companies accepted their risks in this country. This was more the case with manufacturing companies. But after the crisis these companies shifted towards a more comprehensive approach of risk mitigation. This is in contrast with service companies who despite the crisis stayed to perform more risk acceptance strategies (Blome & Schoenherr, 2011). Alternatively, managers can opt to transfer their risks from one company to another or subdivide their risks over several companies. This may reduce the total risk in the network if the company takes the risk can cope with it better than the company transferring it resulting in having a large supplier network. But the downsides of this risk are the high switching and administrative costs and their availability when changing from supplier. These are therefore part of transaction-specific investments. Furthermore it may decrease opportunities to achieve economies of scale. Furthermore risk can be shared in contracts with the intention of better coordination with channel partners, collaborative forecasting and collective replenishment planning which increase supply chain visibility and encourages further analysis of individual risks. They can be managed generally by developing a common network strategy, sharing best practice modes of action and contract policies. Moreover, several situations exist that there might be some risk but the company takes the needed effort to reduce it as much as possible. A common used mitigation approach could be the use of non- performance penalties built into contracts. If our metal part supplier doesn’t succeed to deliver the demanded parts, price reductions will be used as stated in the contract. Examples of other security mechanisms used to reduce risk include monitoring techniques, such as audits of supplier’s quality checks, inspections of random materials, and tracking of key performance indicators (KPI’s). At last, risk elimination may be appropriate when the firm cannot live further with this risk and must be completely discarded. AVIA decided to quit assembling their aircraft parts with that old machine that produces much defects. Sometimes choosing an appropriate risk strategy means changing current operating models or practices. This means that you systematically review your ‘inventory’ of risk procedures and controls with the aim to improve risk management practices. An example is the centralized versus localized approach of manufacturing to mitigate risks and increase benefits.
17 Table 2: risk management actions To deal with catastrophic events the company can draw a catastrophic risk management matrix which maps the key locations in the same manner as normal risks to detect appropriate risk strategies for each threat on the list like for example move a location, buy insurance, assume risk and so on (Knemeyer et al., 2009). Chaos theory may additionally provide some help to formulate appropriate catastrophic risk strategies. Wagner and Bode (2009) makes a difference between cause and effect oriented supply chain risk management practices. The first are preventive in nature. We think of information security, physical security and freight security. For example AVIA can switch in advance to a more financial stable supplier to reduce the risk of a sudden supplier default. Or the company can relocate their manufacturing plants to safer regions to avoid natural hazards like tropical storms or tsunamis near the coast. The second practice contains measures aiming at minimizing the level of damage in case of a risk event occurrence, e.g. insurance companies. The disadvantage of these companies is that they do not always understand supply chain risks and it’s difficult for them to insure a company’s own facility against disruptions from their suppliers at multiple locations. But there seems to be progress in this field: They are now providing business interruption insurance for disruptions occurring at a supplier’s facilities (Alvarenga & Lehman, 2012) for named suppliers but unfortunately don’t cover the whole network of suppliers and subcontractors. Buffering strategies, financial risk reserves and product redesign are other examples of this practice. Most of the risk handling activities proposed in the literature are rather effect-oriented than cause- oriented. As risk mitigation strategies require costly investments in equipment as well as human resources, it is important to know which mitigation strategies offer the greatest protection from risks in a certain situation. risk taking • ignoring the risk when developing a mitigation strategy risk transfer •large supplier base risk sharing •channel coordination •collaborative forecasting •collective replenishment planning risk reduction •non performance penalties •audits of supplier's quality checks risk elimination •remove machines •stop operate unhealthy production processes
18 A possibility for determining the favorable assessment costs is mapping them against the benefits from risk mitigation strategies, stated in the framework of Shavell (Kleindorfer & Saad, 2005). This results in a tradeoff between the cost of acquiring reliable information on risks and the benefits of mitigation activities. At optimum, a balance must be struck between the marginal costs and benefits of better risk assessment. So when do we have to use these mitigation strategies? Risk identification and assessment give a more specific indication on where to focus the actions. According to Griffis and Whipple (2012), strategies such as monitoring and risk taking can be used when the likelihood and potential impact are low and the ability to detect the risk is easy. When selecting a monitoring strategy, either risk reduction or elimination, you can choose to perform random inspections of products to detect errors or the risk maybe perceived low so that managers could choose to take the risk. When the opposite is true, more aggressive risk mitigation strategies like complete risk elimination need to be considered. Examples here are avoiding dangerous shipping routes or to quit outsourcing and to manufacture the product in-house to have more product and process control. If the likelihood of a risk occurring is low and detection may be easy, but the impact of the risk could be significant, then a postponement strategy may be appropriate if the event causing the risk can be postponed until more control by the focal firm is established. More control can be established through vertical integration or imposing contractual obligations on suppliers (Jüttner et al., 2003). The clearest example of a postponement strategy is producing in modular form. The advantage is that you can push your semi-finished product from surplus to deficit areas. A company that uses a postponement strategy is the computer manufacturer Dell. They produce computer hardware in modular form and let their customers and firms decide which functionalities and properties they must contain. One can also perform a demand postponement strategy and shift the demand across products towards their customers (C. S. Tang, 2006) such as a price strategy. The opposite of postponement is called speculation or also called selective risk taking and is also an option here. When you perform a speculation strategy, you build up inventory to buffer against the specific risk. In cases where impact of a risk may be low, but likelihood of occurrence is high, and the ability to detect the risk in advance is difficult, a firm may select an imitation strategy and source with the same supplier because if one firm is exposed to this risk, all firms are. A flexibility strategy at last could be used when the likelihood of risk occurrence is high and detection is easy. This could be achieved through multiple sourcing. This strategy requires some adaptation for
19 the company because in a general culture where the focus lies more on core competencies and value creation more single sourcing relationships have emerged (Blome & Henke, 2009). Strategic partnerships and alliances are an example of this sourcing strategy. Secondly, companies don’t have always the choice to choose between single and multiple sourcing. For example, when you have the choice of only one supplier, because of intellectual protection, then you have a sole sourcing relationship. This mitigation strategy is sometimes called hedging in a supply chain context because the company has a globally dispersed portfolio of suppliers. Another way to provide flexibility is the adoption of standard processes and the use of interchangeable and generic or modular parts. Finally using simultaneous instead of sequential processes in key areas as production/distribution speeds up the recovery phase after a disruption. Figure 8: risk mitigations strategies Tomlin (2009) determines also the optimal adaptation strategies when probability of supplier and customer failure is high or low. The used strategies are supplier diversification, contingent sourcing, which is adding a supplier which is only used in case the main supplier fails to deliver and demand switching. Diversification should be executed when demand uncertainty increases. Furthermore when the firm faces an increasing supplier failure probability or faces a high level of risk aversion it should opt for a contingency strategy. Demand switching is appropriate in case of a low supply risk. Mitigation strategies can change over time. Suppose company AVIA is plagued with several recalls for their assemblies because of metal parts affected with corrosion in an earlier stage. Because it isn’t always easily detectable, current employed postproduction testing is no longer efficient anymore. Rater than a strategy of control, through frequent testing, a strategy that uses severe penalties with
20 their suppliers for recalled products is more appropriate. Another possibility can be to use an elimination strategy and look for another supplier. After the appropriate mitigation strategies are determined, it is recommend developing prevention and contingency plans to reduce the risk in likelihood of occurrence and impact severity. Wagner and Bode (2009) suggest that continuity or recovery plans are important tools to ex-ante optimize the ‘firefighting’ after a disruption. These contain for example the radical design of products and the layout of the manufacturing processes. As a review to the selected mitigation strategies, some principal criteria can be addressed: efficacy or the degree to which risks are eliminated, feasibility or the aligning of the right mitigation strategy to the appropriate risk and efficiency which relates to the cost-effectiveness which was explained above. Risk Monitoring and Strategy Sharing Monitoring your risks means identifying the potential increasing trends in their probability or consequences in the future. After implementing mitigation strategies you will find that some risks are closed where the risk event has been prevented or other risks remain where the risk event had happened despite the prevention plans implemented (P. G. Smith & Merritt, 2002). Nowadays companies can employ real-time risk monitoring capabilities along with techniques to track key supply chains flows. These tools can speed response in case of numerous unplanned events. A lot of electronic and high-tech companies, who have very dependent supply chains, have integrated these tools into their standard supply chain management practices. Improving the traceability of the supply chain leads to organizations that follow key performance indicators through the entire supply chain and consequently identify risk not only with their first-tier suppliers but also with their sub- contractors ((Alvarenga & Lehman, 2012), see also supply chain security). A company first follows the risk management steps described above and analyzes its network-related risks internally. In the second phase the partners should identify the areas of risk management that require joint effort and where risks strategies should be shared. As enterprises are connected in a network, they are dependent on each other so it can be useful to share entirely or partially risk management processes and to develop collaborative means to manage the risk and communicate their views on risks. It is important that the individual risk management processes are supplemented by a collaborative process. Sheffi (2005) even argues that competitors should collaborate to control common risks.
21 Moreover in complex network environments mutual risk identification and assessment can be seen as tools for creating the risk profile of the entire network on the basis of the partners' risk profiles (Hallikas et al., 2004). The primary tool employed by the Japanese to implement closer supplier co- ordination and individual supplier development is cross-exchange of staff between buyers and suppliers. This requires the benevolence of the enterprise of exchanging inter-organizational information towards risks & rewards sharing and knowledge transfer. But it gives the firm the possibility to perform a benchmarking exercise and it generates supply-chain wide visibility of vulnerabilities and it should give the firm incentives to identify and implement disruption management systems. Conclusion Now that we have briefly described the risk management process framework, one can argue of its need. As risk mitigation strategies require costly investments in equipment as well as human resources, it is important to know if these strategies pay off towards risks of all kind. As Jüttner et al. (2003) noted, there is a supply chain trade-off decision between delivering high customer value and managing possible risks. A trade-off between extra risk mitigation costs and less costs of delivering high quality and on-time products as a main principle of supply chain management. Kleindorfer and Saad (2005) investigate if investments in risk management activities yield towards frequency or severity of accidents. With the use of variables like regulatory programs, facility characteristics and community demographics, they determined whether observed accidents in the chemical sector decreases with the use of these risk programs as mediator variables as a consequence of more severe regulatory programs, more hazardous facility characteristics or the financial structure of the company. The investigation indeed found evidence of this relationship. Dani (2009) suggests this risk management framework must be an iterative process and should not stop with one investigation of risk but instead repeat the exercise to study new issues and risks identified after the analysis of the event. Furthermore this exercise must be aligned at the strategic level of the company and according to the strategic objectives to have a clear understanding. Concluded, it is important to update the possible risk sources and strategic objectives in line with the risk event or mitigation strategies that may be adapted according to possible new discovered risk issues (Dani, 2009). We will further see that the adoption of a risk management strategy will foster the use of a proactive supply chain approach. Mullai (2009) takes it a step further and claims that the process can start at any point. The major steps of the framework (risk analysis, evaluation and mitigation) are interactive, change-responding, can be accomplished simultaneously and are aligned through risk communication (Mullai, 2009).
22 2.2 Supply Chain Management The first definition of the supply chain management is dated from the early 1980’s and compromises the following: “a ‘standard’ supply chain is a system compromising of materials, goods and information (including money), which pass within and between organizations, linked by a range of tangible and intangible facilitators, including relationships processes, activities and integrated (information) systems” (Peck, 2006) While our approach is not to give a full overview of the supply chain with all his aspects, we will nevertheless give you some information of some practical aspects in this domain that can be linked or have relationships with the risk management domain. Bullwhip effect An important issue for the supply chain is that you have to take into account the major consequences of the Bullwhip effect. Essentially, the bullwhip effect depicts the phenomenon in which the orders exhibit an increase in variability up the supply chain, even when the actual customer demands were fairly stable over time (Sterman 1989; (C. S. Tang, 2006). Cisco systems Inc. wrote off 2.5 billion in inventory due to a lack of communication among its downstream supply chain partners (Spekman and Davis, 2004(C. S. Tang, 2006). The increase in variability of the orders up the supply chain can cause many problems for the upstream partners including higher inventory, lower customer service level, inefficient use of production and transportation capacities, etc. The more distance between suppliers and the final consumer in the supply chain, the more these demand changes are compounded (Fine 1998; Lee, Padmanabhan, and Whang 1997(C. S. Tang, 2006). In order to mitigate the bullwhip effect, one needs to identify the root causes (C. S. Tang, 2006) which can be done in the first step, risk identification, of the risk management process. Secondly, many companies have switched from “local” suppliers to “low cost” and often distant suppliers on the basis of overhead cost optimization, without considering the cost of risks caused by this strategic change. Larger companies now buy from smaller suppliers in very remote areas of the globe. The extended supply chain now has many additional points of potential failure, enlarging the bullwhip effect and requiring new approaches to risk management. Companies face longer logistics lead times as well as new and unfamiliar risk profiles encompassing natural disasters, epidemics, and social, political or monetary instability (Alvarenga & Lehman, 2012).
23 An agency theory perspective The agency theory perspective justifies the differences in the objectives and risk preferences of the two parties: the principal (purchasing organization) and agent (suppliers), as well as information asymmetries. Both parties undergo an agreement with risk sharing (Zsidisin & Ellram, 2003). The aim to consider the relationship in this perspective is to reduce the purchasing firm’s risk of moral hazard and adverse selection. The first means the risk of the lack of the supplier, aware of not by the purchaser, to lever the agreed upon effort to meet customer demand. Adverse selection means the inaccurate assessment or misrepresentation form the purchaser of the sometimes unknown supplier abilities to meet customer requirements (Zsidisin & Ellram, 2003). An example of moral hazard is the unwillingness to further invest in appropriate infrastructure needed to produce the metal parts for AVIA. An example of the latter is that AVIA, unaware of the major investments in new metal production equipment, keeps further purchasing the parts from old machinery that are produced with minor quality. In essence, suppliers and buyers have to be aware of opportunistic behavior risk. This comes down to the breaking of their mutual informal agreements & contracts between the partners within the supply network in the pursuit of competitive advantage and profit (Seiter, 2009). The author proposes action programs like more communication quality, better partner selection and mutual sharing of cost accounting information to reduce opportunistic behavior directly or indirectly through reduced information asymmetry. Make-or buy decision Don’t try to force the manufacturing of complementary assets in-house when you can outsource particular needed competences in a more cost-advantageous way. For many companies, “make or buy” decisions have been chosen in favor of buying, not making. While this reduces manufacturing overhead costs, companies lose oversight of key governance and management competences and strategies. As a consequence this might introduce unknown (new) risks into the supply chain. Periodic risk rebalancing is therefore essential (Alvarenga & Lehman, 2012). Outcome-based versus Behavior-based management techniques In order to align the objectives of both agents and principals several management techniques or practices are available. These can be split in two categories (Celly & Frazier, 1996; Zsidisin & Ellram, 2003). Outcome-based management techniques address the importance of coordination of outcomes and results such as sales growth or sales in relation to targets. According to Zsidisin and Ellram (2003), the
24 use of buffer oriented techniques is an example of that group. Inventories can be held either by the purchasing firm resulting in internal safety stock or by suppliers which is supplier-managed inventory, or both. Rather than reducing the likelihood of a harmful event, firms employ buffers to reduce the disruptive effect of supply risk events. Therefore this approach is short-term oriented. Behavior based management techniques addresses behaviors such as customer education activities or selling techniques with distributers from the supplier personnel thereby signaling important objectives and suggesting specific distributor actions (Celly & Frazier, 1996). It focuses on processes, emphasizing ‘task and activities” that lead to a reduction in supply risk and is therefore long-term oriented. The findings of Celly and Frazier (1996) were that supplier personnel rely too much on outcome- based efforts when coordinating relationships with distributors. Zsidisin and Ellram (2003) on the other hand found that there exists a partially positive relationship for behavior techniques with perceived supply chain risk and this was not supported for buffer oriented techniques. The implementation of buffers is done regardless of the extent of perceived supply risk. Although each of the efforts has its downsides, outcome-based may be sometimes inappropriate in some situations and behavior-bases may be sometimes costly to the firm. An emphasis solely on maintaining buffers to manage supply risks can harm business profitability due to capital devoted to inventories and Celly and Frazier (1996) find the risk of demand fluctuation is being positively related to behavior-based management efforts. On the other hand buffers give you a form of assurance and behavior based contracts facilitates communication and mutual goal alignment. An inclusion of the two efforts will be optimal. Examples of the management techniques are given below: Outcome Buffer Behavior - communication about sales growth, market share, … - managing inventory - supplier certification - quality management programs implementation - target costing - supplier development The advantage of supplier certification is that they reduce the need for the purchasing organization to conduct time-consuming inspections. Implementation of quality management programs is also an
25 option but certification improves already the abilities of the supplier to satisfy the quality expectations of the purchasing firm. Also target costing is interesting where supplier and purchaser determine ways to drive cost out of its products. At last supplier development can meet the purchasing organization’s short or long-term supply needs. Behavior-based efforts may be predominant in franchise channel systems because inter-firm interaction should be relatively high and relationship termination is more difficult. In conventional channel systems, outcome-based efforts may be predominant because of the need to keep coordination costs down. In addition we will find more buffer-oriented approaches within the use of transactional supplier relationships whereas the use of behavior outcome-base approaches is more adopted with cooperative supplier relationships (Blome & Henke, 2009). Making your supply chain redundant versus flexible According to Sheffi and Rice Jr (2005), the following difference can be made. Redundancy activities include safety stock, the deliberately use of multiple suppliers or back-up sites. Adding redundancy is in a way needed for every day’s operability but flexibility strategies on the other hand gives more competitive advantage in the marketplace. Flexibility can be seen from 3 facets: supply, in-house conversion and distribution. It aims first of all on correct alignment of the supplier relationship with the procurement strategy whether you opt for a single supplier or for multiple suppliers or for a single supplier for each critical part. Secondly using standard processes and having multiple locations with built-in inter-operability. This allows a firm to operate in another plant once one is disrupted or the replacement of sick operators. On the customer or distribution side at last, managers face a choice about which customers to serve first after a disruption. Managers can thereby decide on several criteria like the vulnerability, the profitability and costs of all customers. Strategies like postponement or producing semi-finished products, described above, can be used. Managers in addition are often reluctant to invest in flexibility measures because they don’t see directly or hardly can estimate the impact on risk mitigation (C. Tang & Tomlin, 2009). So unlike redundancy, flexibility can also improve the competitive advantage of companies in times without a disruption. Flexibility at last is indeed important when your company executes a lot of projects because the project manager must be able to change or redefine several aspects during project execution. Furthermore projects ensure the coordination between client, contractor and supply chain. Hence, project execution translates into flexible management. But gaining more on flexibility and consequently efficiency implies the risk of losing sight and therefore as we have seen before can increase vulnerability. Companies producing components for the automotive sectors are an example of industries that focus on project management (Gaudenzi, 2009). It provides a risk management framework that is also applicable for projects.
26 C. Tang and Tomlin (2009) investigates how much flexibility is needed to mitigate supply chain risk. On the basis of mathematical models they conclude that only a small amount of flexibility strategies (e.g. multiple suppliers, flexible supplier contracts, postponement, responsive pricing and flexible manufacturing processes) is required to mitigate risk. From their PWC research (Levi et al., 2013), it seems that companies focus on flexibility and customer service levels on the one hand and other companies on cost reduction and efficiency on the other hand. It seems according to their study that those former are better coped against risks (appendix). It’s also worth noting that 80% of the cost-efficient companies face high variable supply chain lead times given that low variability is mostly one of the key drivers of an efficient operating strategy. The resilient supply chain Once gone through all the major risk management steps and approaches the ultimate goal is to build a resilient supply chain. A supply chain that is both able to absorb disruptions and risks, can proactively manage its supply chain and sees a possibility to turn the threats of a disruption in a major advantage can be seen as a resilient enterprise. Resilience is not the same as robustness. The robustness of a company is the ability to resist from an accidental event, retain to its same stable situation as it had before and stick to his initial mission (Asbjørnslett, 2009). In contrast resilience aims at a new stable situation and has the adaptive ability instead of being resistant. Building a resilient enterprise should be seen from a strategic level and changes the way a company operates and increases its competitiveness. Two important aspects determine a company’s resilience (Sheffi & Rice Jr, 2005). First is the market position. Is the industry competitive or has the company a lot of market power? Else it depends on the responsiveness of the supply chain. When companies are not so responsive they might risk losing market share. Responsive companies otherwise can increase market share or once they have a reasonable amount of market power they can lock in their leadership. Corporate culture In the search for the resilient enterprise, it is important not to underestimate the contribution of culture to an organization (Sheffi & Rice Jr, 2005). Empowering front-line employees to take initiative and guide actions is a possible step in building a suited corporate culture. Secondly Japanese lean principles from the Toyota Manufacturing System can be used like Poka Yoke and Hijunka. These concepts are in essence that one must learn from errors and fixe the root causes. Companies can minimize the risk of possible disruptions by paying attention to small problems as indications of major disruptions. At last continuous communication between all layers of a company can foster the good working of the company.
27 To encourage the need and use of risk management a disruption can be simulated and employee reactions are monitored and used in training (Kleindorfer & Saad, 2005; Sheffi & Rice Jr, 2005). This is the exercise of role playing with red and blue teams. The red team represents in most cases competitors, rivals or supply chain experts, equipped with whatever information is available. They attempt to attack the supply chain to cause major disruption. On the other hand you have the blue team who tries to mitigate or countermeasures those actions which are cost effective against the Red Team scenarios. This way of training can enhance the risk culture in the firm. This lacks yet in a lot of firms according to the authors of the paper from Cagliano, De Marco, Grimaldi, and Rafele (2012). Sheffi (2008) proposes that governments can introduce cultural aspects into disruption mitigation. Cultural changes on a societal level happen several times every century so the government should encourage and drive these trends to improve resilience along the chain. 2.3 Supply Chain Risk Management Research in supply chain risk management is still in an early stage and has been around for about a decade now. As a consequence here is a huge diversity in topics, opinions, and research methodologies in the field of supply chain risk management. Furthermore there is still a lot of variation towards the meaning of supply chain risk management according to several established focus groups. According to them, supply chain risk management is seen as a subset of Supply Chain Management (SCM) and also as a subset of Enterprise Risk Management (ERM) which can be seen in the figure below. But what compromises the field of supply chain risk management (Sodhi, Son, & Tang, 2012)? Supply chain operations and risk management processes go hand-in hand and complement one another. Figure 9: the concept of Supply Chain Risk Management (Blos et al., 2009) According to Wagner and Bode (2009), Supply chain risk management (SCRM) contains the field of activity seeking to eliminate, reduce and generally control pure risks in supply chains. But what do
28 these risks contain? According to the focus group from the research from Sodhi et al. (2012), risks in this field should concern majorly with dealing with unknown events or dealing with disruptions or disasters with low probability and high-impact. This was the opinion of almost the half of the researchers. Secondly it should concern dealing with risk within supply chain operations, according to 20% of the researchers (Sodhi et al., 2012). Kajüter, 2003 states: “Supply chain risk management is a collaborative and structured approach to risk management, embedded in the planning and control processes of the supply chain, to handle risks that might adversely affect the achievement of supply chain goals.” In this definition the focus is rather laid on the supply chain. Norrman and Lindroth, 2002 assess the focus of supply chain risk management more on a practical approach. Supply chain risk management can be defined as, “to collaboratively apply risk management process tools with partners in a supply chain to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources” Nevertheless this concept is still missing many pieces that have to be found and linked together to get a comprehensive approach of supply chain risk. SCRM is often not always established as a distinct function or department in companies. Businesses do not agree on how to integrate these risks into their decision-making processes, the risk function is typically “headquarters-centered” and there seems not be a risk regulation that covers the supply chain. However it’s necessary to integrate risk management into operations, strategic and sales planning. The work from Jüttner et al. (2003) summarizes well the concept:” “the identification and management of risks for the supply chain, through a coordinated approach amongst supply chain members, to reduce supply chain vulnerability as a whole.” And can be summarized using the figure from them.
29 Figure 10: a SCRM framework As a consequence it shouldn’t come as a surprise that research in this field leads to often unambiguous conclusions and a large variety of results. But SCRM implementation has brought up: Ericson has implemented a SCRM matrix organization that spans the entire company, from the corporate and strategic level to the functional and finally process-oriented operational level. It’s in addition worth to address the importance of smaller companies. Most SME’s are more exposed to supply chain risks whilst simultaneously disadvantaged by lack of management resources, structures, processes and expertise as opposed to bigger firms (Henke, 2009; Jüttner & Ziegenbein, 2009). In essence, for SME’s the adoption of a comprehensive risk management program can be the same except for some aspects due to their limited possibilities. Whereas larger firms can have the time and the access to control all their supply chain partners not strictly limited to 1st tiers, SME’s are encouraged to select their most important one for further investigation. In most cases information is gathered from their personal network and there is no planned supplier data collection but instead these companies rely more on social interactions with their suppliers (Ellegaard, 2008). It’s not practical for them to map their entire supply chain (Jüttner & Ziegenbein, 2009). Consequently before the risk identification process, Jüttner and Ziegenbein (2009) require the mapping of supply chain vulnerability against their strategic importance to investigate. Furthermore the adoption of expensive risk management tools is not always value adding for them. That is because tools often are designated for specific tasks and are highly sophisticated and therefore not always suitable for SME’s. In summary a 3-phase risk management approach for SME’s is given. The tactics towards the risk aspects are according to a case study from Ellegaard (2008) as follow: probability reduction has the highest priority and effect reduction through multiple sourcing was not
30 practiced at all. Also small companies don’t gather much information from their partners that can help reduce risk. A company must regularly check their activities in a manner that they fulfill their strategic objectives dictated by the firm’s vision. A framework that can aid to measure performance is the Balanced Scorecard of Kaplan and Norton. Their model doesn’t contain only financial objectives but incorporates also internal, customer and innovative & learning perspectives. When dealing with supply chain performance, no primary use of financial performance measures is advised (Sheffi & Rice Jr, 2005).This framework which focuses on performance measurement as a consequence should be integrated with supply chain risk management. Risk and performance are directly related because the higher the risk taken the higher the expectation of suitable returns (Sheffi & Rice Jr, 2005). As more resources and attention is given to supply chain risk management an aligning with performance management is indispensable. Besides the electronic multinational Ericsson (Norrman & Jansson, 2004) another company that has successfully implemented a risk management strategy and accompanying supply chain culture is the Nisan Motor Company (Schmidt & Simchi- Levi, 2013, (Levi et al., 2013)). After serious harmful problems due to an earthquake and Tsunami in Japan, they incur a $ 200 billion loss. “Nissan’s production capacity was perceived to have suffered most from the disaster compared to its competitors.” But the company managed to increase their production with 9.3 % in comparison with an overall decrease with its competitors. How was this company able to manage this? First they implemented an integrative risk management framework with risk identification as early as possible, assessment and performed countermeasures against them. Second the plant has formulated a continuous ready plan with their suppliers. Moreover the team was empowered with local decision management. In addition the company structured its supply chain as flexible as possible. At last, there was extended enterprise visibility and warnings to between internal and external business functions (Levi et al., 2013). 2.4 Supply Chain Security Management Supply Chain Security Management (SCSM) is defined as “the application of policies, procedures and technology to protect supply chain assets from theft, damage, or terrorism and to prevent the introduction of unauthorized people or weapons of mass destruction into the supply chain. Security practices can be control measures implemented in several processes and certainly at several gates throughout the supply chain where products arrive (Voss & Whipple, 2009).
31 The difference with Supply chain risk management is the fact that Supply chain security management focuses more on prevention of contamination, damage or destruction of the supply chain assets and products by policies, procedures and technologies whereas the former investigates more the likelihood of outcomes being susceptible to disruptions that can damage the supply chain (Autry & Sanders, 2009). This paper provides a dynamic capability framework that can be used to implement security practices. These capabilities include processes, technology and human resources. For example the use of radio frequency identification is a technology capability. With the use of the Radio Frequency Identification (RFID) technology and their tracking and tracing capabilities, abilities rise to identify disruptions quickly. Furthermore sensitive control systems often can identify a disruption before its cause is apparent. The management of inventory is an example of a process capability and governmental security initiatives are human resource capabilities. The problem with risk mitigation activities, in particular those that don’t start at the place of original production, is that technical control allows hidden action of participants in the process chain (Mau & Mau, 2009). Therefore a supply chain wide security control system or management is needed. A comprehensive control platform is required to manage supply chain security effectively. The goal for supply chains, those that doesn’t consist of a complex network or single supply chains, is to secure worldwide and realize complete traceability of all involved products and inputs at all the supply chain levels resulting in continuous transaction data in both directions, upstream and downstream. To trace all the necessary information, it is useful to make use of an independent database. In this way effects on the products of your firm can not be overseen thanks to a centralized data management system. The basic thought for implementing security initiatives are basically the same as for the use of risk mitigation strategies. Advanced or high proactive security initiatives pay off and improve security and firm performance but most firms have not progressed beyond basic physical security measures such as infrastructure management and therefore have not derived the service benefits from higher level security measures (Voss & Whipple, 2009). Consequently this creates a dilemma in an optimal tradeoff between cost of implementation and efficiency of the initiatives but also for firms that face greater customer or government requirements. More security improvements sometimes can lead to a decrease of flexibility and firm performance but aim to create a secure supply chain that maintain advanced security processes and procedures.
32 2.5 Conclusion Concluded, risk mitigation measures can be seen and implemented from 3 different levels. The strategic level which focus on for example alternative suppliers, at the tactical level (e.g. improved demand forecast) as well as the operational level (e.g. business continuity plans). Although risk management practices and business continuity planning is left too much to security or insurance professionals in companies, it should be noted as a strategic initiative and must be implemented in an integrated risk framework approach. As a consequence this risk practice helps to build a resilient enterprise and supply chain.
33 3 Conceptual framework The goal of this work is to determine how several environmental aspects (e.g. market size, bargaining power) may have an impact on the managers or the firm’s risk perception by which we mean the probability of risk and their impact. Furthermore we investigate if these perceptions might influence risk mitigation strategies performed by the firm. In particular we will make the distinction between more proactive versus more reactive performance towards risks. At last we want to examine if certain mediators and moderators do play a role in selecting that particular strategy. On the one hand we dive into how varied a firm does perform supply chain management practices and their choice towards risk management. On the other hand we look at the design and the complexity of the supply chain and see if any conclusions can be made with this aspect towards risk. While previous research (Ellis, Henry, & Shockley, 2010) has determined the impact of environment on risk perception, investigation towards the use of proactive versus reactive management is still a gap in the literature that hasn’t been explored yet. Instead Ellis et al. (2010) investigated overall supply disruption risk towards the search of alternative sources of supply. 3.1 Environment Several papers deal with the environment as an important factor for the determination of risk (Ellis et al., 2010) (Ritchie & Brindley, 2009). Ellis et al. (2010) chooses also for the integration of some environmental factors like technological uncertainty and market thinness but also for some company specific characteristics like item customization and item importance. The environmental construct here proposed is as follow: PEST-analysis An exercise for the company in determining the strength of the environment and the external factors can be the adoption of a so called PEST analysis. This analysis contains the macro-environmental aspects of Political forces, Economic forces, Social forces and Technological forces. It’s an environmental scanning component that can help you to determine trends outside the venture. The purpose is to detect driving factors and uncertainties.
34 Figure 11: PEST analysis Porters competitive model and SWOT-analysis A second approach to identify your environment is the so famous Porter’s five forces model. This framework provides you and let you think about you’re major outside forces that come into play with your venture and determines the dynamic tensions between players. The aim of this tool is to perform a competitive analysis because each player may have a sufficient amount of power. It highlights problem areas as well as possible opportunities or whether you have a competitive advantage or you have to accept a reasonable amount of risk. An exercise that can complement this investigation is the SWOT-analysis (Strengths, Weaknesses, Opportunities and Threats). The threat of potential new entrants can limit your own company’s activities but there may be entry barriers that could prevent them to start doing business. Second, suppliers may have bargaining power that impacts your business such as a unique product they deliver to you that requires a high degree of specification and specialization. Customers likewise may have power too over your business for instance if they are able to integrate backwards into the supply chain (e.g. manufacturing your product themselves). In addition there may be a threat from substitute products. Note that this doesn’t contain physically the same products but may also encompass a different transportation mode like for example plane versus car. Substitute products can be more or less attractive depending on for example the switching costs a customer must pay. For example the adoption of a new product would require the customer to buy new equipment or additional software and so on. At last, existing rivalry among industry players can make your environment very turbulent. If there are many •technological pace •adoption cycles •R&D •education •demography •work aspects •financial markets •economic cycle •change of industry and markets • laws & regulations • political (in)stbility • government spending Political Economic TechnologicalSocial
35 competitors and there is little product differentiation, the resulting strategy in your industry will be price competition. Figure 12: Porter's Five Forces Model Market variables At last we introduce some market variables that also can be perceived from the environment and are important for the firm. First we account for the perception of the market size: “is it growing or declining rapidly?“ Moreover has the industry market many or few segments resulting in a company’s market span. In addition, “has the industry many or few competitors?” This describes the market concentration. At last, we can focus on the ease to enter the market. “Is it open to new players or closed to new players?” So concluded, our first hypothesis will be: Hypothesis 1: Environment constructs – Risk perception relationship H1: there is a significant relationship between Market-variables, some PEST-analysis variables & PORTER-analysis variables and the probability of risk and their impact. 3.2 Risk perception or representation of risk Risk perception is defined as the decision maker’s assessment of the risk inherent in a situation (Sitkin & Pablo, 1992). This refers to the assessment stage in the risk management process described earlier.
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains
The use of pro-active versus re-active risk management practices for managing supply chains

Recommended

Karin-DArcy05-MorganCanon
Karin-DArcy05-MorganCanonKarin-DArcy05-MorganCanon
Karin-DArcy05-MorganCanonRosalyn Karin-DArcy
 
Entrepreneurship flattens_the_world
Entrepreneurship flattens_the_worldEntrepreneurship flattens_the_world
Entrepreneurship flattens_the_worldJason Shikomba
 
leinster senior club of the year
leinster senior club of the year leinster senior club of the year
leinster senior club of the year Dennis Bowes
 
Germany
GermanyGermany
GermanyJarita01
 
Richard Filion english
Richard Filion englishRichard Filion english
Richard Filion englishRichard Filion
 
30 Mind-blowing Stats on Internet of Things: Market Estimates and Forecasts
30 Mind-blowing Stats on Internet of Things: Market Estimates and Forecasts30 Mind-blowing Stats on Internet of Things: Market Estimates and Forecasts
30 Mind-blowing Stats on Internet of Things: Market Estimates and ForecastsAmit Rao
 
multimedia-y_educacion
multimedia-y_educacionmultimedia-y_educacion
multimedia-y_educacionalexitangel
 
d000163_Institutional_research_Cronje_Jun2008
d000163_Institutional_research_Cronje_Jun2008d000163_Institutional_research_Cronje_Jun2008
d000163_Institutional_research_Cronje_Jun2008Marthie Cronje
 

Recommended

Karin-DArcy05-MorganCanon
Karin-DArcy05-MorganCanonKarin-DArcy05-MorganCanon
Karin-DArcy05-MorganCanonRosalyn Karin-DArcy
 
Entrepreneurship flattens_the_world
Entrepreneurship flattens_the_worldEntrepreneurship flattens_the_world
Entrepreneurship flattens_the_worldJason Shikomba
 
leinster senior club of the year
leinster senior club of the year leinster senior club of the year
leinster senior club of the year Dennis Bowes
 
Germany
GermanyGermany
GermanyJarita01
 
Richard Filion english
Richard Filion englishRichard Filion english
Richard Filion englishRichard Filion
 
30 Mind-blowing Stats on Internet of Things: Market Estimates and Forecasts
30 Mind-blowing Stats on Internet of Things: Market Estimates and Forecasts30 Mind-blowing Stats on Internet of Things: Market Estimates and Forecasts
30 Mind-blowing Stats on Internet of Things: Market Estimates and ForecastsAmit Rao
 
multimedia-y_educacion
multimedia-y_educacionmultimedia-y_educacion
multimedia-y_educacionalexitangel
 
d000163_Institutional_research_Cronje_Jun2008
d000163_Institutional_research_Cronje_Jun2008d000163_Institutional_research_Cronje_Jun2008
d000163_Institutional_research_Cronje_Jun2008Marthie Cronje
 
honors_paper
honors_paperhonors_paper
honors_paperJason Kholodnov
 
Norton tech support number
Norton tech support numberNorton tech support number
Norton tech support numberrahulkundu08
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniqueseditor1knowledgecuddle
 
Z's Podcasts Tips
Z's Podcasts TipsZ's Podcasts Tips
Z's Podcasts TipsZat Granados
 
Social Media
Social MediaSocial Media
Social Mediacharlesshamar
 
History of cricket
History of cricketHistory of cricket
History of cricketKhush Ramani
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
 
Tti basic electricity level 1
Tti basic electricity level 1Tti basic electricity level 1
Tti basic electricity level 1liniprasad
 
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...FGVcenn
 
Global Energy Savings from High Efficiency Distribution Transformers
Global Energy Savings from High Efficiency Distribution TransformersGlobal Energy Savings from High Efficiency Distribution Transformers
Global Energy Savings from High Efficiency Distribution TransformersLeonardo ENERGY
 
TPM and the effect of health and safety
TPM and the effect of health and safetyTPM and the effect of health and safety
TPM and the effect of health and safetyMartin Munsie
 
Productivity in the Container Port Business - Focus on the Mediterranean Range
Productivity in the Container Port Business - Focus on the Mediterranean RangeProductivity in the Container Port Business - Focus on the Mediterranean Range
Productivity in the Container Port Business - Focus on the Mediterranean RangeFeliciana Monteiro
 
The application of VSM to NPD
The application of VSM to NPDThe application of VSM to NPD
The application of VSM to NPDEdoardo Bruno
 
Original
OriginalOriginal
Originaldiazdavidh
 
Fingerprint Biometrics vulnerabilities
Fingerprint Biometrics vulnerabilitiesFingerprint Biometrics vulnerabilities
Fingerprint Biometrics vulnerabilitiesFarhan Liaqat
 
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...eraser Juan José Calderón
 
FRM - U.P.S. Sirisena
FRM - U.P.S. SirisenaFRM - U.P.S. Sirisena
FRM - U.P.S. SirisenaSaddha thissa
 
Rad Tech Handbook 2012
Rad Tech Handbook 2012Rad Tech Handbook 2012
Rad Tech Handbook 2012Moultrie Technical College
 
Cict6640 sandis wanjala wamalwa
Cict6640 sandis wanjala wamalwaCict6640 sandis wanjala wamalwa
Cict6640 sandis wanjala wamalwaSandisWanjala
 
Thesis
ThesisThesis
Thesiskevin roche
 
Mémoire M1
Mémoire M1Mémoire M1
Mémoire M1Olivier Pasquier
 
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...IMP³rove Academy
 

More Related Content

Viewers also liked

Norton tech support number
Norton tech support numberNorton tech support number
Norton tech support numberrahulkundu08
 
History of cricket
History of cricketHistory of cricket
History of cricketKhush Ramani
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
 

Viewers also liked (7)

honors_paper
honors_paperhonors_paper
honors_paper
 
Norton tech support number
Norton tech support numberNorton tech support number
Norton tech support number
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
 
Z's Podcasts Tips
Z's Podcasts TipsZ's Podcasts Tips
Z's Podcasts Tips
 
Social Media
Social MediaSocial Media
Social Media
 
History of cricket
History of cricketHistory of cricket
History of cricket
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 

Similar to The use of pro-active versus re-active risk management practices for managing supply chains

Tti basic electricity level 1
Tti basic electricity level 1Tti basic electricity level 1
Tti basic electricity level 1liniprasad
 
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...FGVcenn
 
Global Energy Savings from High Efficiency Distribution Transformers
Global Energy Savings from High Efficiency Distribution TransformersGlobal Energy Savings from High Efficiency Distribution Transformers
Global Energy Savings from High Efficiency Distribution TransformersLeonardo ENERGY
 
TPM and the effect of health and safety
TPM and the effect of health and safetyTPM and the effect of health and safety
TPM and the effect of health and safetyMartin Munsie
 
Productivity in the Container Port Business - Focus on the Mediterranean Range
Productivity in the Container Port Business - Focus on the Mediterranean RangeProductivity in the Container Port Business - Focus on the Mediterranean Range
Productivity in the Container Port Business - Focus on the Mediterranean RangeFeliciana Monteiro
 
The application of VSM to NPD
The application of VSM to NPDThe application of VSM to NPD
The application of VSM to NPDEdoardo Bruno
 
Fingerprint Biometrics vulnerabilities
Fingerprint Biometrics vulnerabilitiesFingerprint Biometrics vulnerabilities
Fingerprint Biometrics vulnerabilitiesFarhan Liaqat
 
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...eraser Juan José Calderón
 
FRM - U.P.S. Sirisena
FRM - U.P.S. SirisenaFRM - U.P.S. Sirisena
FRM - U.P.S. SirisenaSaddha thissa
 
Cict6640 sandis wanjala wamalwa
Cict6640 sandis wanjala wamalwaCict6640 sandis wanjala wamalwa
Cict6640 sandis wanjala wamalwaSandisWanjala
 
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...IMP³rove Academy
 
DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...
DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...
DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...Morven Gannon
 
Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...
Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...
Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...University of Pretoria
 
Getting started-in-endoscopic-ear-surgery
Getting started-in-endoscopic-ear-surgeryGetting started-in-endoscopic-ear-surgery
Getting started-in-endoscopic-ear-surgeryPrasanna Datta
 
Project on a Business Plan for the Solar system installation on Residential b...
Project on a Business Plan for the Solar system installation on Residential b...Project on a Business Plan for the Solar system installation on Residential b...
Project on a Business Plan for the Solar system installation on Residential b...Rifat Abdul Rahiman
 
eair-2013-organisation-and-practical-use-of-nse-paper
eair-2013-organisation-and-practical-use-of-nse-papereair-2013-organisation-and-practical-use-of-nse-paper
eair-2013-organisation-and-practical-use-of-nse-paperWil Kwinten
 

Similar to The use of pro-active versus re-active risk management practices for managing supply chains (20)

Tti basic electricity level 1
Tti basic electricity level 1Tti basic electricity level 1
Tti basic electricity level 1
 
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...
Vanderstraeten 2013 ph d - studies on the strategy and performance of busi...
 
Global Energy Savings from High Efficiency Distribution Transformers
Global Energy Savings from High Efficiency Distribution TransformersGlobal Energy Savings from High Efficiency Distribution Transformers
Global Energy Savings from High Efficiency Distribution Transformers
 
TPM and the effect of health and safety
TPM and the effect of health and safetyTPM and the effect of health and safety
TPM and the effect of health and safety
 
Productivity in the Container Port Business - Focus on the Mediterranean Range
Productivity in the Container Port Business - Focus on the Mediterranean RangeProductivity in the Container Port Business - Focus on the Mediterranean Range
Productivity in the Container Port Business - Focus on the Mediterranean Range
 
The application of VSM to NPD
The application of VSM to NPDThe application of VSM to NPD
The application of VSM to NPD
 
Original
OriginalOriginal
Original
 
Fingerprint Biometrics vulnerabilities
Fingerprint Biometrics vulnerabilitiesFingerprint Biometrics vulnerabilities
Fingerprint Biometrics vulnerabilities
 
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...
Blockchain in Education. Alexander Grech & Anthony F. Camilleri. Editor Andre...
 
FRM - U.P.S. Sirisena
FRM - U.P.S. SirisenaFRM - U.P.S. Sirisena
FRM - U.P.S. Sirisena
 
Rad Tech Handbook 2012
Rad Tech Handbook 2012Rad Tech Handbook 2012
Rad Tech Handbook 2012
 
Cict6640 sandis wanjala wamalwa
Cict6640 sandis wanjala wamalwaCict6640 sandis wanjala wamalwa
Cict6640 sandis wanjala wamalwa
 
Thesis
ThesisThesis
Thesis
 
Mémoire M1
Mémoire M1Mémoire M1
Mémoire M1
 
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...
IMP³rove – A European Project with Impact – 50 Success Stories on Innovation ...
 
DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...
DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...
DT003a Final Report - The Design and Build of a Non-contact Extensometer for ...
 
Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...
Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...
Faculty of Engineering, Built Environment and Information Technology:/Ebit pa...
 
Getting started-in-endoscopic-ear-surgery
Getting started-in-endoscopic-ear-surgeryGetting started-in-endoscopic-ear-surgery
Getting started-in-endoscopic-ear-surgery
 
Project on a Business Plan for the Solar system installation on Residential b...
Project on a Business Plan for the Solar system installation on Residential b...Project on a Business Plan for the Solar system installation on Residential b...
Project on a Business Plan for the Solar system installation on Residential b...
 
eair-2013-organisation-and-practical-use-of-nse-paper
eair-2013-organisation-and-practical-use-of-nse-papereair-2013-organisation-and-practical-use-of-nse-paper
eair-2013-organisation-and-practical-use-of-nse-paper
 

The use of pro-active versus re-active risk management practices for managing supply chains

  • 1. UNIVERSITEIT GENT FACULTEIT ECONOMIE EN BEDRIJFSKUNDE ACADEMIEJAAR 2013 – 2014 The use of pro-active versus re-active risk management practices for managing supply chains Masterproef voorgedragen tot het bekomen van de graad van Master of Science in de Toegepaste Economische Wetenschappen: Handelsingenieur Pieterjan Tilleman onder leiding van Prof. Ann Vereecke Begeleider: Evelyne Vanpoucke
  • 2.
  • 3. I UNIVERSITEIT GENT FACULTEIT ECONOMIE EN BEDRIJFSKUNDE ACADEMIEJAAR 2013 – 2014 The use of pro-active versus re-active risk management practices for managing supply chains Masterproef voorgedragen tot het bekomen van de graad van Master of Science in de Toegepaste Economische Wetenschappen: Handelsingenieur Pieterjan Tilleman onder leiding van Prof. Ann Vereecke Begeleider: Evelyne Vanpoucke
  • 4. II CLAUSE OF CONFIDENTIALITY PERMISSION Ondergetekende verklaart dat de inhoud van deze masterproef mag geraadpleegd en/of gereproduceerd worden, mits bronvermelding. Pieterjan Tilleman
  • 5. III Acknowledgements Vooreerst wil ik Evelyne Vanpoucke van harte bedanken voor de volle steun, de vele raad, de nodige tijd en de snelle beantwoording van vele emails die mij op het goede pad hebben geleid. Vervolgens mag ik een dank aan mijn vriendin Louise uiten voor de hulp met de bibliografie en de steun en toeverlaat wanneer het eens wat minder vlotte. Ook mag ik de medewerking van de vele operations en supply chain managers van de deelgenomen Belgische bedrijven aan dit onderzoek niet vergeten. Al was het soms een niet voor de hand liggende opdracht om een vragenlijst van een dergelijke omvang ingevuld te krijgen, doch zonder deze data zou dit werk niet tot stand gekomen zijn. Tenslotte, dank ik mijn familie voor de volharding en de enorme steun en in het bijzonder mijn vader voor het nalezen van dit werk.
  • 6. IV Table of Contents Table of Contents ................................................................................................................................. IV List of Tables....................................................................................................................................... VIII List of Formulas.................................................................................................................................. VIII List of Figures .........................................................................................................................................1 1 Introduction ...................................................................................................................................1 2 Literature research.........................................................................................................................3 2.1 Risk Management...................................................................................................................3 2.1.1 The Nature of Supply Chain Risk.....................................................................................3 2.1.2 Risk management .........................................................................................................11 2.2 Supply Chain Management...................................................................................................22 2.3 Supply Chain Risk Management ...........................................................................................27 2.4 Supply Chain Security Management.....................................................................................30 2.5 Conclusion............................................................................................................................32 3 Conceptual framework.................................................................................................................33 3.1 Environment.........................................................................................................................33 3.2 Risk perception or representation of risk .............................................................................35 3.3 Proactive versus Reactive Risk Strategies.............................................................................36 3.4 Moderators and Mediators ..................................................................................................39 3.4.1 Supply chain management practices. ...........................................................................39 3.4.2 Design and complexity of the supply chain...................................................................41 3.4.3 Continental differences ................................................................................................46 3.4.4 Comparison with 3 years ago........................................................................................46 3.5 Model diagram .....................................................................................................................47 4 Data Collection .............................................................................................................................48 4.1 Introduction..........................................................................................................................48 4.2 Results..................................................................................................................................49 4.3 Variables and constructs ......................................................................................................50 4.4 Exploratory factor analysis (EFA)..........................................................................................52 5 Methodology and Analysis ...........................................................................................................53 5.1 General model......................................................................................................................53 5.1.1 Confirmatory Factor Analysis (CFA) of the general model ............................................53 5.1.2 Comparison with alternative frameworks ....................................................................56 5.1.3 Descriptive statistics.....................................................................................................57
  • 7. V 5.1.4 Hypothesis testing ........................................................................................................58 5.1.5 Multicollinearity ...........................................................................................................59 5.2 Input from mediator variables..............................................................................................60 5.2.1 Framework ...................................................................................................................60 5.2.2 Confirmatory factor analysis.........................................................................................61 5.2.3 Descriptive statistics with mediator variables ..............................................................61 5.2.4 Structural path significance ..........................................................................................62 5.2.5 Mediating effect and hypothesis testing ......................................................................62 5.3 Input from moderator variables ...........................................................................................64 5.3.1 Descriptive statistics and differences for the moderator variables ..............................64 5.3.2 Moderating effect and moderated mediation..............................................................67 5.4 Some comparison with 3 years ago......................................................................................71 5.5 Hypothesis summary............................................................................................................72 6 Overall Conclusion........................................................................................................................73 7 Limitations and possibilities for future research ..........................................................................75 8 References....................................................................................................................................76 9 Appendices...................................................................................................................................80 Appendix 1: PWC results ..................................................................................................................80 Appendix 2: Participated Belgian companies ...................................................................................81 Appendix 3: Internal consistency scale measurement .....................................................................82 Appendix 4: Descriptive statistics.....................................................................................................85 Appendix 5: Different frameworks ...................................................................................................88 Appendix 6: Confirmatory Factor analysis for alternative framework formulations ........................89 Appendix 6: T-statistics for mediators..............................................................................................93 Appendix 7: Sobel test......................................................................................................................94 Appendix 8: Paired Sampled T-statistics...........................................................................................96 Appendix 9: Multi-group moderation and moderated mediation..................................................100 Appendix 10: Statistics for differences with 3 years ago ................................................................102 Variable paired samples t-test....................................................................................................102 Paired sample t-tests for relationships.......................................................................................105
  • 8. VI Abbreviations list DV: Dependent Variable ERM: Enterprise Risk Management FMEA: Failure Mode and Effect Analysis IV: Independent Variable PEST- variable: variable that signifies Political, Economical, Social & Technological trends in the environment PORTER-variable: variable that takes a look at the company’s competitive forces RM: Risk Management SC: Supply Chain SCD&C: Supply Chain Design and Complexity SCM: Supply Chain Management SCRM: Supply Chain Risk Management SCSM: Supply Chain Security Management SCVM: Supply Chain Vulnerability Map SME: Small and Medium Enterprise TQM: Total Quality Management
  • 9. VII List of Figures Figure 1: risk aspects .............................................................................................................................5 Figure 2: Dimensions of risk ...................................................................................................................6 Figure 3: risk sources..............................................................................................................................7 Figure 4: vulnerability - efficiency relation (left), vulnerability - simplicity (right)..................................9 Figure 5: risk management framework ................................................................................................11 Figure 6: fault tree analysis for the AVIA example ...............................................................................13 Figure 7: risk matrix for the additional probability of detecting risks...................................................14 Figure 8: risk mitigations strategies......................................................................................................19 Figure 9: the concept of Supply Chain Risk Management (Blos et al., 2009)........................................27 Figure 10: a SCRM framework..............................................................................................................29 Figure 11: PEST anlysis .........................................................................................................................34 Figure 12: Porter's Five Forces Model ..................................................................................................35 Figure 13: Supply Chain........................................................................................................................41 Figure 14: Supply Network ...................................................................................................................42 Figure 15: a more complex and adaptive network...............................................................................42 Figure 16: supply information network................................................................................................44 Figure 17: Model diagram ....................................................................................................................47 Figure 18: proportion of participated industries ..................................................................................49 Figure 19: proportion of participated countries...................................................................................49 Figure 20: General Model.....................................................................................................................53 Figure 21: framework with general SCM mediator between environment and risk perception (first framework) ..........................................................................................................................................60 Figure 22: Framework with general SCM mediator between risk perception and risk management (second framework) .............................................................................................................................61 Figure 23: Mediating effect ..................................................................................................................63 Figure 24: Environmental factors between Europe and Asia ...............................................................64 Figure 25: Risk Probability and Impact for Europe and Asia.................................................................65 Figure 26: calculation for the multi-group moderation t-statistic and p-value.....................................68
  • 10. VIII List of Tables Table 1: risk criticality matrix ...............................................................................................................14 Table 2: risk management actions........................................................................................................17 Table 3: the business from a biological view........................................................................................43 Table 4: Environmental constructs.......................................................................................................50 Table 5: Risk perception variables........................................................................................................50 Table 6: Proactive and Reactive Management .....................................................................................50 Table 7: Supply Chain Management Practices......................................................................................51 Table 8: Supply Chain design and complexity.......................................................................................52 Table 9: CFA summary table.................................................................................................................54 Table 10: Discriminant validiy ..............................................................................................................55 Table 11: CFA summary table for comparison with other frameworks................................................57 Table 12: outer model T-statistics........................................................................................................58 Table 13: inner model loadings and T-statistics ...................................................................................58 Table 14: Multicollinearity ...................................................................................................................59 Table 15: Risk management for Europe and Asia.................................................................................65 Table 16: Risk management for lower and higher complex networks..................................................66 Table 17: determination coefficients ...................................................................................................67 Table 18: Mean, standard errors and T-statistics for the two groups for moderation .........................70 Table 19: hypothesis summary table....................................................................................................72 List of Formulas Formula 1: Sobel test statistic ..............................................................................................................62 Formula 2: t-test for multi-group moderation and moderated mediation...........................................68
  • 11. 1 1 Introduction In many business environments, networking in supply chains is almost an inevitable solution to help companies respond fast to market changes. A lot of opportunities are accompanied with networking. Examples are lower transaction costs, ability to concentrate on core skills, lower capital investments, sharing sunk costs, greater flexibility and access to key technologies. So the use, the meaning and the practices of the concept supply chain management became important. However, increased network cooperation does increase the dependency between organizations and as a consequence of the advantages above companies become more exposed to the risks of other companies. Hence networking causes transfer of risks between several companies from a supplier- customer viewpoint. It may decrease some risks but unfortunately increase others. Inevitably partners must share their risk among them as a solution to mitigate their risks and to succeed in their operations. Therefore today’s industries must operate under extreme caution and the concept of supply chain risk management was born. The need of the concept became useful after series of crises and catastrophes had attracted public attention like natural disasters, political and economic instabilities, terrorist attacks and many more. Secondly modern supply chains seem to be more vulnerable than ever: increased competitive pressure in the business environment and globalization of markets. Counterfeiting products has increasingly entered the supply chain and harms a company’s product and reputation. The financial crisis has brought companies to be very suspicious and seek to ensure their business and operations continuity. Nowadays they struggle more than ever from facts like supplier insolvency and less access to credit that especially impact the less financially stable companies. There are plenty number of relevant examples. Automobile manufacturer Land Rover found itself in serious trouble after its only supplier of chassis frames, UPF-Thomson, suddenly and unexpectedly folded further supply delivery (Sheffi & Rice Jr, 2005; Wagner & Bode, 2009). Electronic company Ericsson faced dramatic problems with a huge impact, after a fire at a sub-supplier and has implemented an entire new organization with new supplier risk management tools (Norrman & Jansson, 2004). Ford, Toyota and DaimlerChrysler experienced massive disruptions to the flow of materials into their North-American assembly plants within a few days after the terrorist attack of 9/11 due to border shut-downs (Sheffi & Rice Jr, 2005). Globalization compelled firms to make their supply chains more efficient, resilient or more responsive by outsourcing or off shoring activities, sourcing in low-cost countries, collaborations with
  • 12. 2 other partnerships, decreasing inventory and so on. But all these activities can be associated with a higher level of risk and supply chain sensitivity. A report stated that companies suffering from supply chain disruptions experienced 33-40% lower stock returns relative to their industry benchmarks. Consequently it can also negatively impact a firm’s brand image and reputation. In addition severe disruptions like the Fukushima nuclear disaster have healthy and safety risk consequences. So concluded we feel the need for risk management in a relatively unstable world on the one hand and an increasingly flexible supply chain on the other hand. This work gives an introduction into the risk management world. We will discuss the main concepts of risk, the perceptions, the difference between proactive and reactive mitigation strategies, the supply chain practices that are needed to stay resilient and many more on the basis of existing literature. Secondly we will employ our gained knowledge to build and test a framework that make use of several aspects of the environment, risk concepts and supply chain practices and complexity. Data was collected in many industries to achieve this goal. Additionally we will try to do some investigation for progressions in the past three years and compare continents, in particular European and Asian countries. In the end we will come up with some meaningful conclusions that fit with our model and outcomes, give some limitations and suggestions for future research.
  • 13. 3 2 Literature research First we will dig in to the world of risk management with all his facets. Thereafter we will consider supply chain management concept and finally we will end up with the meaning of supply chain risk management and some thoughts of supply chain security management. 2.1 Risk Management 2.1.1 The Nature of Supply Chain Risk Introductory case Consider a random company; named AVIA. AVIA is a manufacturing company that produces metallic aircraft components for the aviation industry. It is operating its activities since a long time. Through these years it has maintained its supplier base, the metal industry and reached its few customers from the aircraft assembly industry. Suppose now that because of tensions in the commodity market, the company that is responsible for the supply on metal parts has defaulted to deliver the needed products. Company AVIA can appeal on a few minor companies but this amount is not sufficient. You as a company decide to produce further your semi-finished goods with the little supply of metal parts. Suppose then a major customer refuse to do further business with you because you have augmented your prices due to your increased variable costs per part produced. Or you are unable anymore to deliver the requested components on time because time goes by until you receive your parts. On top of that a fire caught your plant and a third of your machinery capacity has been demolished. Reinvesting in new assembly equipment is accompanied with a lot of costs. As a consequence you see your benefits declining and you end the year with a very negative profit and loss account for the AVIA Company. Risk Functions which generate the possibility of beneficial effects or profit often include risks. This is certainly the case with business activities. So risk can here be for example: 1) Your supplier fails in delivering the needed metal parts such that you operate under capacity. 2) Problems in fulfilling customer deliveries arise because you cannot deliver your aircraft components on time. 3) Because of cost considerations you increase your prices. Customers quit business with AVIA which results in a too low or inappropriate demand. 4) Due to a fire at the production plant, it is difficult to get back on track which resides in the difficult re-management of its costs, resources, development and flexibility.
  • 14. 4 The above situations are all examples that contain risk. We can already make a first distinction between demand side risks and supply side risks. The third risk is an example of the first category and the first risk is an example of the latter. These are risk categories that are internal to the supply chain whereas the fourth risk is an example of an external to the supply chain risk. But what is risk actually? Risk is a characteristic of decisions that is defined as the extent to which there is uncertainty about whether potentially significant and/or disappointing outcomes of decisions will be realized (Sitkin & Pablo, 1992). So risks suggest variation in the distribution of possible outcomes, their likelihoods and their subjective values (Wagner & Bode, 2008). According to Kahneman & Tversky’s “prospect theory” individual risk behavior is determined how the situation is framed. For example if individuals are protecting prior gains will be more risk averse. In financial risk management, risk is considered as having an upside and downside potential of possible outcomes according to a normal distribution with a two-sided variance. In contrast the aim of this work is to approach risks in supply chains which can be better stated, considering the severe impact of disruptions, as being purely negative. According to several authors, risk is considered in this manner and that corresponds best from a supply chain consideration (Wagner & Bode, 2009). Zsidisin (2003) contains a broad definition of risk applied to the supply chain: the probability of an incident associated with inbound supply from individual supplier failures (quality, delivery, relationships and price) or the supply market occurring, in which its outcomes result in the inability of the purchasing firm to meet customer demand or cause threats to customer life and safety. What is good in this definition is that it mentions the distinction between supply and demand side risks. It mentions some supply risks but these are not exhaustive. Production capacity constraints on the supply market, technological changes with the supplier, product design features, to mention a few can also play a role. It also assesses the risk aspects which are important to understand risk. Risk aspects In the former definition we find 2 important aspects that constitute risk namely the extent or the impact of outcomes and the possibility or potentially significance that may or may not be disappointing of these outcomes. These are convenient aspects of risk because according to the Bayesian theory when you multiply these two figures for each outcome you get the distribution and thus the severity of each possible outcome. Therefore we can split risk in 4 categories shown in figure 1 below. We consider the enterprise’s vulnerability the highest when both the likelihood and the impact of disruption are high whereas rare, low impact events require less action to mitigate. Furthermore disruptions that combine high probability and low impact are part of the daily operations in the normal flow of business. On the other hand risks with low likelihoods but high
  • 15. 5 consequences need a concrete planning and interference that is outside the daily business operations. The fire at our plant is an example of a low probability, high impact risk. A reduced demand of your aircraft assemblies could be an example of high probability low impact risk. It is important that you recognize this risk in function of your company because the probability and impact differs among different corporations. A strike in one plant of the Airbus corporations has a lower impact on a big multinational with several aviation plants than the same strike in our little AVIA plant. Figure 1: risk aspects Kleindorfer and Saad (2005) suggest besides impact and probability, the speed of the possible risk can also play a role. Speed can be understood as the rate at which the event leading to loss happens, the rate at which these losses happen and how quickly the risk event is discovered by the company. Furthermore the frequency or how often a similar kind of risk event happens. In our situation how often will our major supplier fail to deliver our metal parts? If this occurs too frequently our company may lose his reputation, several customers will abandon AVIA and in the long run our company may be even going out of business. At last, Griffis and Whipple (2012)consider the probability of risk detection as an additional aspect of risk and adds a third dimension besides impact and probability. For instance, a high-likelihood/high- impact risk that is also extremely difficult to detect, warrants a substantially different risk management strategy than a high-likelihood/high-impact risk that can be more readily detected (see further). Low impact High probability High impact High probability Low impact Low probability High impact Low probability
  • 16. 6 Figure 2: Dimensions of risk Risk Drivers and Risk Natures At some point you as a manager believe something exists in your business operations environment and will lead to a particular risk event and a serious impact could occur (P. G. Smith & Merritt, 2002). This is what we call risk drivers. Risk drivers can further increase the risk experienced by the supply chain participants (Jüttner, Peck, & Christopher, 2003). The tensions on the commodity market in metal parts supply or serious changes in a foreign currency exchanges rate are examples of risk drivers. They can lead to a serious risk event and it’s important to watch out and keep in mind that such events, although at first sight these seems to be far from your business, can cause problems to your firm. Competition and globalization increase risk indirectly whereas outsourcing which can results in increasing complexity can have a direct effect on risks (Jüttner et al., 2003). In essence, risk drivers are the start of causal pathways that ends up in risks. A further distinction can be made according to Kleindorfer and Saad (2005) on the nature of the risks or risk sources. These are variables (networking, environmental and operational) which cannot be predicted with certainty and which impact on the supply chain outcome variables (Jüttner et al., 2003). We can make a distinction on risks that come from coordinating supply and demand e.g. supplier fails in delivering the needed part, on the one hand. On the other hand risk arises from normal activities. These can be further subdivided in operational risk and risk arising from natural hazard, terrorism or political instability or called disruptive risks. These latter are risks with low probability, high-consequence of outcomes whereas the former has a higher probability of outcomes. However, most of the quantitative models are designed for managing operational risk. So there is a need towards more disruption risk models. Examples of the former are equipment malfunctions or human centered issues from strikes to fraud. An example of the latter is the fire at AVIA Company. A summary of risk sources can be found in the figure taken from Jüttner et al. (2003). Environmental
  • 17. 7 and organizational risk sources have an impact towards the supply chain whereas network risk sources are the risk sources of the supply chain (Jüttner et al., 2003). Figure 3: risk sources Manuj and Mentzer (2008) on the other hand divides the sources of risk in 4 categories (Supply, Demand, Operational and Security Risk) each with their risk event examples. Supply risks can contain besides the above examples supplier opportunism and inbound product quality. Or the supplier can default in flexibility to deliver the metal parts for AVIA just-in-time. Demand risk can be that our aircraft partner’s demand is very variable or a competitor from the assembled aircraft parts industry negotiates a more interesting demand with our metal parts suppliers. Through this AVIA is losing market share. Another example, but occurs more in food products supply chains, is that these products result in a weather-related demand uncertainty. For example, the demand of ice-cream is the highest when it’s a warm weather. The authors, Chen and Yano (2010), suggest a very flexible contracting scheme to optimize the distribution of risks between the manufacturer and retailer. This can be achieved for example through weather related rebate contracts to mitigate demand uncertainty. Next risks can be seen from an operational point of view like the risk on product quality failures. At last security risks or currency risks can also play a role. Melnyk, Rodrigues, and Ragatz (2009) added also information/technology risks (C. S. Tang, 2006), financial risks and legal/regulatory risks (Wagner & Bode, 2008).
  • 18. 8 Disruptions “Supply chain disruption is the unintended, anomalous event that materializes somewhere in the supply chain and threatens the normal course of business operations (Wagner & Bode, 2009)”. In other words disruption is anything that unexpectedly affects your supply chain. According to Sheffi (2005) these events follow a disruption profile in a predictable way in terms of its effect on company performance. From this perspective general problems can be roughly divided between deviation, disruption and disaster (Gaonkar & Viswanadham, 2004). Whereas the former can be more seen from an operational view, in essence a variation in lead times or demand within the supply chain from their expected or mean value, the latter two problems deal more on the environmental problems. With a disruption is the structure of a supply chain radically changed and with a disaster is the supply chain shut down temporary or irrecoverable. The authors formulated 2 mathematical optimization models that deal with only deviation and disruption problems because modeling disasters is simply impossible. Random events, land natural disasters like tropical storms and earthquakes can be best estimated from historical data for their possible occurrence. The likelihood of accidents on the other hand can also be estimated from industry data, prior events and the enterprise particular safety programs and implementations. Lastly, the probability of intentional disruptions such as job actions, strikes or sabotage) is the most difficult to estimate because the likelihood is a function of the specific company’s decisions and actions. Then, there is the difference between several kinds of storms according to Altay and Ramirez (2010). The impact of damage from windstorms and floods seem to be dramatically lower from that of an earthquake in terms of operational Cash Flow. The authors give the reason for the better predictability of these former 2 climate events and firm’s ability to prepare their firms in advance for them. Earthquakes damages a lot and makes recovery very slow and do not allow preparation time. In addition they show that the impact of natural disruptions is dependent on the firm’s position in the supply chain. The disasters that can be prepared can be planned for the upstream partners. There stock is accrued in advance and can be sold to downstream partners where these have opposite total asset turnovers. A solution to overcome this problem with the downstream partners is supply-chain wide risk practices because a firm that is not prepared will disrupt the operations of the rest of the supply chain.
  • 19. 9 Melnyk et al. (2009) proposes a discrete event computer simulation model that is based on the decomposition of a supply chain disruption in several facets like for example the quantity loss, time period, periodicity, profile breath & location of a disruption and the output level of its recovery towards the supply chain performance. They concluded that the use of classical statistical analysis is rather limited since they do not deal with the time dimension of disruptions. Because of the transient behavior of the process intervention analysis using time series is more appropriate in their study (Melnyk et al., 2009). A general rule should be to include a combination of methodologies in order to make a comparison. Perry (2007) builds a disaster response model after the 2004 Tsunami in Thailand that is for a part transferable to a business context. They highlight the logistic aspects (expertise and efficiency) and the need for quick information by extensive communication and local knowledge to deal with disasters quickly. This can be the case when some manufacturing activities are outsourced in a distant country. Vulnerability It seems according to Wagner and Bode (2009) that probability of risks are determined by supply chain characteristics (density, complexity, criticality, …) and consequently their vulnerability both as part of as well as across the entire supply chain. Vulnerability is defined according to (Blaikie, 1994;(Wagner & Bode, 2009) ) as a company’s capacity to anticipate, cope with, resist, and recover from the impact of a natural hazard. Several characteristics of the supply chain increase or decrease the vulnerability of the supply chain. For example extreme leanness and efficiency is very effective for a company’s operations and reliability towards their customers but may result in an increasing level of vulnerability. While lean management can provide several advantages in cost reductions and efficiency, it makes companies more hazardous to risk vulnerability and velocity. Consequently establishing back-up systems and maintaining reasonable slack can increase the level of readiness in managing risk. One can make a vulnerability efficiency operations vulnerability simplicity supply network Figure 4: vulnerability - efficiency relation (left), vulnerability - simplicity (right)
  • 20. 10 trade-off between robustness and overall efficiency to cope the level of risk. And because of the supply chain is only as secure as its weakest link minor movements can entail serious disruptions which makes the supply chain very vulnerable. Second, to reach more leanness or customer made products provided to worldwide demand, often this is coupled with an increasing complex network. But this must be paid off towards increasing vulnerability. We shall further see that one can overcome the vulnerability in complex network by being more resilient. Sheffi proposed a supply chain vulnerability map (SCVM) with four quadrants namely financial, strategic, hazard and operational vulnerability. Strategic vulnerability means the vulnerability when a new product is introduced. Hazard vulnerabilities are the internal as well as external risk drivers previously described. Operations vulnerability focus on the supply chain as for example distribution network failures. The framework is constructed in a manner that items of a category placed in the centre are very important and those on the edge less important. The goal of this framework is that each of the categories has a property to find, quantify and minimize risk (Blos, Quaddus, Wee, & Watanabe, 2009). Wagner and Bode (2006) found evidence of the effect of supply chain vulnerability drivers are positive towards more supply chain risk. This is the case for supplier dependence, single and multiple sourcing. So firms must according to Wagner and Bode (2006) avoid dependences and improve the robustness of a company’s chain. Meanwhile the choice of single or global sourcing must be done through a risk-benefit analysis (see further). Vulnerability is not in every industry the same. The aircraft manufacturing industry operates in an extreme risk environment, characterized by high levels of commercial, technological and political risk as well as the inherent product safety issues (Haywood & Peck, 2003). Interviewed companies from the author’s research acknowledged that their supply chain is most vulnerable during times of change as the risk profiles affecting their supply chains were also changing, but also that change is a constant state in their supply chain activities. Aircraft companies never experienced a steady-state resulting in increased supply chain change management (Haywood & Peck, 2003). To reduce a company’s weakness Asbjørnslett (2009) suggest to take a vulnerability analysis. It’s a top down analysis and its main focus is towards the system mission and the survivability of the system (Asbjørnslett, 2009). The essential steps to take this analysis is first to search for possible threats and their consequences, next the company must bring back their system to new stability by aligning adequate resource and last determine the disruption or the time the stability is again established. It gives a complete proactive vulnerability analysis framework that works in two rounds.
  • 21. 11 First the manager tries to understand the threats and risks, analyses and rank the consequent possible scenarios and is left over with a set of critical vulnerable elements in a first round. These require additional specific analysis that needs reduced fragility by adding appropriate resource to mitigate their criticality to them in a second round of investigation. 2.1.2 Risk management Risk management is defined as identifying and assessing the probabilities and consequences of risks, and selecting appropriate risk strategies to reduce the probability of, or losses associated with, adverse events (Manuj & Mentzer, 2008). The execution of an overall risk management process is useful for companies because managers tend to focus solely on critical performance targets, which affect the way they manage risk (C. S. Tang, 2006). The need for more supply chain and risk management has certainly become clear after the PWC investigation (Levi, Vassiladis, & Kyratzoglou, 2013). In their research they categorize enterprises in 4 levels of achievement of supply chain and risk management. They grouped the two lower and two higher levels together to reach some conclusions. Appendix ? gives some results from their study and show the percentage of companies with more than 3 incidents that suffered an impact of 3% or higher on their performance as a result of supply chain disruptions. First companies that invested in an advanced risk and supply chain management level are better equipped towards risks than lower risk management levels. Framework for a general structure of the risk management process Figure 5: risk management framework Supply risk management contains several steps and can be seen on the figure 5 (Hallikas, Karvonen, Pulkkinen, Virolainen, & Tuominen, 2004), (Griffis & Whipple, 2012; Zsidisin, 2003),). The different steps will be discussed successively. Risk Identification Risk Assesment, Evaluation and prioritization Risk Management actions and Mitigation strategies Risk Monitoring and Strategy Sharing
  • 22. 12 Risk Identification Equipment interruptions, quality failures and supply fluctuations. These are common strong signals of risks in manufacturing systems. The main focus of risk identification is to recognize future uncertainties to be able to manage these scenarios proactively in a later stage. Chopra and Sodhi 2004 identified nine broad categories of supply chain risks: disruptions, delays, systems, forecasts, intellectual property, procurement, receivables, inventory and capacity. Furthermore according to Manuj and Mentzer (2008) it is recommend that, once identified, risks should be segmented by specific characteristics in order to create a risk profile. You can categorize them in domestic or global risks. Once you start to investigate and identify risk, a common approach is to start with a brainstorming session with the management team with a diversity of people from sales, marketing, quality and finance if possible of your business. It can be helpful sometimes to get your session accompanied with your supply chain partners or major customers ((P. G. Smith & Merritt, 2002), (Preston G Smith, 2002)). By brainstorming you can base your business on the past as well as you can ask if everyone can think of success factors and wonder themselves what can go wrong? Actions that can be performed to discover risks are for example (Mullai, 2009): - Identify risk generating activities - Identify and formulate problems - Determine the background to determine the context - Define (technical, analytical) boundaries for the study - Collect relevant risk-related data and information Daimler Chrysler had to quit production for several days because of a defective fuel injector that came from their supplier Bosch, so the former company claimed his supplier for delivering the wrong part. Bosch claimed that it didn’t make mistakes but instead pointed at his supplier Federal Mogul for their faulty sockets which in turn found his supplier Dupont guilty for delivering defective granulates (Henke, 2009). A practical approach in finding the origin of disruptions is the use of the Tree model. This allows you to find the underlying root causes for today’s disruptions but also by using “what if” scenarios to get the root cause for future uncertainties (Griffis & Whipple, 2012). Ask yourself “what could go wrong at this point that would prevent us from achieving success”, especially for projects. Ultimately in a later stage this can form the basis for a comprehensive scenario planning approach (Sheffi & Rice Jr, 2005). Also a risk simulation can be done or a sensitivity analysis can be performed to check if some crucial parameters or outputs change in different scenarios. It is important to find
  • 23. 13 the causes because they require different modes of prevention and have also different potential impacts. An example of a fault tree analyses with root causes for our case of AVIA is given below: Figure 6: fault tree analysis for the AVIA example Secondly, we can address the reliability tools from Total Quality Management (TQM) to discover risks. One tool that can be used for Risk Identification is Failure Mode Effects and Criticality Analysis (FMECA). In essence this tool aims at performing bottom-up analyses of processes to determine where systems might fail, and then to either design out or improve detection of these potential failure points. The advantage is that this procedure moves from reactive to a more proactive means of equipment maintenance in an effort to reduce equipment breakdown and failure. But this tool is relatively absent from the supply chain literature because it often lacks the assessment/evaluation factors such as probability and likelihood. A better approach would then be Failure Modes and Effects Analysis (FMEA) in a supply chain context. With this method you have to identify and rank potential failure modes of a design or manufacturing process but its disadvantage is that it does not take criticality into account and thus does not completely address the potential impact of a risk (Griffis & Whipple, 2012). Especially for the identification of possible catastrophic events, Knemeyer, Zinn, and Eroglu (2009) applied this risk management framework for low probability high impact events. Companies have to determine the key supply locations with highest probability of threats and a list of them. Approaches that can help them are “internal assassin” whereby a manager who thinks as a terrorist and thinks Lost sales opportunity with aircraft industry metal part stock out lead time delay tensions in the commodity market lack of alternative sources of supply only minor suppliers available reduced production fire at the plant
  • 24. 14 about how to carry out threats against a firm and the “wheel of crises” whereby certain possible consequences of crises are discussed where the wheel stops. Risk Assessment, evaluation and prioritization Risk analysis or the assessment of a risk event is nothing else then weighting or measuring the subjective probability of a risk event and the potential consequences of it from the viewpoint of the enterprise. In a later stage companies should tailor the responses and strategies will be taken to reduce either their probability or their consequences. These two aspects can be used to develop a risk map or a risk criticality matrix: the probability or sometimes called the criticality index (how critical is a possible risk for your company) and the impact or several severity classifications. Negligible impact Marginal impact Critical impact Catastrophic impact Low Least Emphasis Probability High Most Emphasis Table 1: risk criticality matrix The aim of this matrix is to evaluate each risk on their emphasis and ultimately prioritize this risks to mitigate and map them in the matrix. Griffis and Whipple (2012) notices an incomplete picture and suggest that the probability of detecting these risk factors should be admitted in the traditional two- by-two matrix used by many other authors. (see also risk aspects). How can this additional factor be integrated? This is done again with a two-by-two matrix. Figure 7: risk matrix for the additional probability of detecting risks The manager can, for a specific risk factor, assess the ease in which the occurrence of that risk factor can be monitored (from easy to difficult) on the x-axis. On the y-axis, the lead time, from short to I Least Emphasis II III IV Most Emphasis
  • 25. 15 long, between detection and realization of the risk is depicted. For example if our metal supplies come by ship you have to take care and map several sources of risks. An example of the first quadrant can be a mechanical failure because it may have little to no advance warning of problems but once occurred in most cases the technical staff is capable in solving these kinds of failures. Weather fluctuations like a dangerous storm are immediately detected due to the accurate weather forecasts nowadays such that a vessel is able to take an alternative route and avoid the storm. The risk of piracy at last is difficult to monitor and characterizes with an immediate recognition of the detection, resulting in greater emphasis. Sometimes the firm can draw a tolerance threshold line that divides the risks you will manage actively form those that will not be managed, after which the risks identified are sorted by expected loss (P. G. Smith & Merritt, 2002). In other words, the company selects the maximum risk criteria it can afford. That’s another way of prioritizing risks when the firm has to cope with a lot of risks, especially minor risks. Prioritization is important as firms often focus only on recurring but low- impact risks at the expense of paying attention to high-impact but less-probable risks (Griffis & Whipple, 2012). In a further stage risk can also be compared against the selected risk evaluation criteria (Mullai, 2009) and further be ranked by criticality or severity. For the assessment and estimation of a catastrophe the use of simulation and optimization can be recommended (Knemeyer et al., 2009). Other estimation methods are for example the opinion of experts combined with historical data, suitable for aircraft incidents or with the opinion of decision makers, eligible for other types of catastrophic events like nuclear reactor meltdowns. The game theory whereby an optimal strategy has to be determined between the objective function of the attacker and the constraints of the firm can be used to simulate terrorism. The output of these approaches should be a list of key locations with estimated potential loss values. Risk Management Actions and Mitigation strategies Much research is done about management actions, strategies and action plans against risks. An attempt to give a reasonable overview follows. (Kleindorfer & Saad, 2005) (Manuj & Mentzer, 2008), (C. S. Tang, 2006), (Griffis & Whipple, 2012)) Under risk management actions we understand the general used strategies towards the risks perceived. They are risk taking, risk transfer, risk reduction and risk elimination respectively. Within each risk management action several mitigation strategies can be used in succeeding this action.
  • 26. 16 Firstly managers can choose to take the risk. Reasons therefore can be that the risk may be perceived to be low and the company is willing to accept the risk because of very little consequences for the firm. According to two German researchers, during the financial crises times, a lot of companies accepted their risks in this country. This was more the case with manufacturing companies. But after the crisis these companies shifted towards a more comprehensive approach of risk mitigation. This is in contrast with service companies who despite the crisis stayed to perform more risk acceptance strategies (Blome & Schoenherr, 2011). Alternatively, managers can opt to transfer their risks from one company to another or subdivide their risks over several companies. This may reduce the total risk in the network if the company takes the risk can cope with it better than the company transferring it resulting in having a large supplier network. But the downsides of this risk are the high switching and administrative costs and their availability when changing from supplier. These are therefore part of transaction-specific investments. Furthermore it may decrease opportunities to achieve economies of scale. Furthermore risk can be shared in contracts with the intention of better coordination with channel partners, collaborative forecasting and collective replenishment planning which increase supply chain visibility and encourages further analysis of individual risks. They can be managed generally by developing a common network strategy, sharing best practice modes of action and contract policies. Moreover, several situations exist that there might be some risk but the company takes the needed effort to reduce it as much as possible. A common used mitigation approach could be the use of non- performance penalties built into contracts. If our metal part supplier doesn’t succeed to deliver the demanded parts, price reductions will be used as stated in the contract. Examples of other security mechanisms used to reduce risk include monitoring techniques, such as audits of supplier’s quality checks, inspections of random materials, and tracking of key performance indicators (KPI’s). At last, risk elimination may be appropriate when the firm cannot live further with this risk and must be completely discarded. AVIA decided to quit assembling their aircraft parts with that old machine that produces much defects. Sometimes choosing an appropriate risk strategy means changing current operating models or practices. This means that you systematically review your ‘inventory’ of risk procedures and controls with the aim to improve risk management practices. An example is the centralized versus localized approach of manufacturing to mitigate risks and increase benefits.
  • 27. 17 Table 2: risk management actions To deal with catastrophic events the company can draw a catastrophic risk management matrix which maps the key locations in the same manner as normal risks to detect appropriate risk strategies for each threat on the list like for example move a location, buy insurance, assume risk and so on (Knemeyer et al., 2009). Chaos theory may additionally provide some help to formulate appropriate catastrophic risk strategies. Wagner and Bode (2009) makes a difference between cause and effect oriented supply chain risk management practices. The first are preventive in nature. We think of information security, physical security and freight security. For example AVIA can switch in advance to a more financial stable supplier to reduce the risk of a sudden supplier default. Or the company can relocate their manufacturing plants to safer regions to avoid natural hazards like tropical storms or tsunamis near the coast. The second practice contains measures aiming at minimizing the level of damage in case of a risk event occurrence, e.g. insurance companies. The disadvantage of these companies is that they do not always understand supply chain risks and it’s difficult for them to insure a company’s own facility against disruptions from their suppliers at multiple locations. But there seems to be progress in this field: They are now providing business interruption insurance for disruptions occurring at a supplier’s facilities (Alvarenga & Lehman, 2012) for named suppliers but unfortunately don’t cover the whole network of suppliers and subcontractors. Buffering strategies, financial risk reserves and product redesign are other examples of this practice. Most of the risk handling activities proposed in the literature are rather effect-oriented than cause- oriented. As risk mitigation strategies require costly investments in equipment as well as human resources, it is important to know which mitigation strategies offer the greatest protection from risks in a certain situation. risk taking • ignoring the risk when developing a mitigation strategy risk transfer •large supplier base risk sharing •channel coordination •collaborative forecasting •collective replenishment planning risk reduction •non performance penalties •audits of supplier's quality checks risk elimination •remove machines •stop operate unhealthy production processes
  • 28. 18 A possibility for determining the favorable assessment costs is mapping them against the benefits from risk mitigation strategies, stated in the framework of Shavell (Kleindorfer & Saad, 2005). This results in a tradeoff between the cost of acquiring reliable information on risks and the benefits of mitigation activities. At optimum, a balance must be struck between the marginal costs and benefits of better risk assessment. So when do we have to use these mitigation strategies? Risk identification and assessment give a more specific indication on where to focus the actions. According to Griffis and Whipple (2012), strategies such as monitoring and risk taking can be used when the likelihood and potential impact are low and the ability to detect the risk is easy. When selecting a monitoring strategy, either risk reduction or elimination, you can choose to perform random inspections of products to detect errors or the risk maybe perceived low so that managers could choose to take the risk. When the opposite is true, more aggressive risk mitigation strategies like complete risk elimination need to be considered. Examples here are avoiding dangerous shipping routes or to quit outsourcing and to manufacture the product in-house to have more product and process control. If the likelihood of a risk occurring is low and detection may be easy, but the impact of the risk could be significant, then a postponement strategy may be appropriate if the event causing the risk can be postponed until more control by the focal firm is established. More control can be established through vertical integration or imposing contractual obligations on suppliers (Jüttner et al., 2003). The clearest example of a postponement strategy is producing in modular form. The advantage is that you can push your semi-finished product from surplus to deficit areas. A company that uses a postponement strategy is the computer manufacturer Dell. They produce computer hardware in modular form and let their customers and firms decide which functionalities and properties they must contain. One can also perform a demand postponement strategy and shift the demand across products towards their customers (C. S. Tang, 2006) such as a price strategy. The opposite of postponement is called speculation or also called selective risk taking and is also an option here. When you perform a speculation strategy, you build up inventory to buffer against the specific risk. In cases where impact of a risk may be low, but likelihood of occurrence is high, and the ability to detect the risk in advance is difficult, a firm may select an imitation strategy and source with the same supplier because if one firm is exposed to this risk, all firms are. A flexibility strategy at last could be used when the likelihood of risk occurrence is high and detection is easy. This could be achieved through multiple sourcing. This strategy requires some adaptation for
  • 29. 19 the company because in a general culture where the focus lies more on core competencies and value creation more single sourcing relationships have emerged (Blome & Henke, 2009). Strategic partnerships and alliances are an example of this sourcing strategy. Secondly, companies don’t have always the choice to choose between single and multiple sourcing. For example, when you have the choice of only one supplier, because of intellectual protection, then you have a sole sourcing relationship. This mitigation strategy is sometimes called hedging in a supply chain context because the company has a globally dispersed portfolio of suppliers. Another way to provide flexibility is the adoption of standard processes and the use of interchangeable and generic or modular parts. Finally using simultaneous instead of sequential processes in key areas as production/distribution speeds up the recovery phase after a disruption. Figure 8: risk mitigations strategies Tomlin (2009) determines also the optimal adaptation strategies when probability of supplier and customer failure is high or low. The used strategies are supplier diversification, contingent sourcing, which is adding a supplier which is only used in case the main supplier fails to deliver and demand switching. Diversification should be executed when demand uncertainty increases. Furthermore when the firm faces an increasing supplier failure probability or faces a high level of risk aversion it should opt for a contingency strategy. Demand switching is appropriate in case of a low supply risk. Mitigation strategies can change over time. Suppose company AVIA is plagued with several recalls for their assemblies because of metal parts affected with corrosion in an earlier stage. Because it isn’t always easily detectable, current employed postproduction testing is no longer efficient anymore. Rater than a strategy of control, through frequent testing, a strategy that uses severe penalties with
  • 30. 20 their suppliers for recalled products is more appropriate. Another possibility can be to use an elimination strategy and look for another supplier. After the appropriate mitigation strategies are determined, it is recommend developing prevention and contingency plans to reduce the risk in likelihood of occurrence and impact severity. Wagner and Bode (2009) suggest that continuity or recovery plans are important tools to ex-ante optimize the ‘firefighting’ after a disruption. These contain for example the radical design of products and the layout of the manufacturing processes. As a review to the selected mitigation strategies, some principal criteria can be addressed: efficacy or the degree to which risks are eliminated, feasibility or the aligning of the right mitigation strategy to the appropriate risk and efficiency which relates to the cost-effectiveness which was explained above. Risk Monitoring and Strategy Sharing Monitoring your risks means identifying the potential increasing trends in their probability or consequences in the future. After implementing mitigation strategies you will find that some risks are closed where the risk event has been prevented or other risks remain where the risk event had happened despite the prevention plans implemented (P. G. Smith & Merritt, 2002). Nowadays companies can employ real-time risk monitoring capabilities along with techniques to track key supply chains flows. These tools can speed response in case of numerous unplanned events. A lot of electronic and high-tech companies, who have very dependent supply chains, have integrated these tools into their standard supply chain management practices. Improving the traceability of the supply chain leads to organizations that follow key performance indicators through the entire supply chain and consequently identify risk not only with their first-tier suppliers but also with their sub- contractors ((Alvarenga & Lehman, 2012), see also supply chain security). A company first follows the risk management steps described above and analyzes its network-related risks internally. In the second phase the partners should identify the areas of risk management that require joint effort and where risks strategies should be shared. As enterprises are connected in a network, they are dependent on each other so it can be useful to share entirely or partially risk management processes and to develop collaborative means to manage the risk and communicate their views on risks. It is important that the individual risk management processes are supplemented by a collaborative process. Sheffi (2005) even argues that competitors should collaborate to control common risks.
  • 31. 21 Moreover in complex network environments mutual risk identification and assessment can be seen as tools for creating the risk profile of the entire network on the basis of the partners' risk profiles (Hallikas et al., 2004). The primary tool employed by the Japanese to implement closer supplier co- ordination and individual supplier development is cross-exchange of staff between buyers and suppliers. This requires the benevolence of the enterprise of exchanging inter-organizational information towards risks & rewards sharing and knowledge transfer. But it gives the firm the possibility to perform a benchmarking exercise and it generates supply-chain wide visibility of vulnerabilities and it should give the firm incentives to identify and implement disruption management systems. Conclusion Now that we have briefly described the risk management process framework, one can argue of its need. As risk mitigation strategies require costly investments in equipment as well as human resources, it is important to know if these strategies pay off towards risks of all kind. As Jüttner et al. (2003) noted, there is a supply chain trade-off decision between delivering high customer value and managing possible risks. A trade-off between extra risk mitigation costs and less costs of delivering high quality and on-time products as a main principle of supply chain management. Kleindorfer and Saad (2005) investigate if investments in risk management activities yield towards frequency or severity of accidents. With the use of variables like regulatory programs, facility characteristics and community demographics, they determined whether observed accidents in the chemical sector decreases with the use of these risk programs as mediator variables as a consequence of more severe regulatory programs, more hazardous facility characteristics or the financial structure of the company. The investigation indeed found evidence of this relationship. Dani (2009) suggests this risk management framework must be an iterative process and should not stop with one investigation of risk but instead repeat the exercise to study new issues and risks identified after the analysis of the event. Furthermore this exercise must be aligned at the strategic level of the company and according to the strategic objectives to have a clear understanding. Concluded, it is important to update the possible risk sources and strategic objectives in line with the risk event or mitigation strategies that may be adapted according to possible new discovered risk issues (Dani, 2009). We will further see that the adoption of a risk management strategy will foster the use of a proactive supply chain approach. Mullai (2009) takes it a step further and claims that the process can start at any point. The major steps of the framework (risk analysis, evaluation and mitigation) are interactive, change-responding, can be accomplished simultaneously and are aligned through risk communication (Mullai, 2009).
  • 32. 22 2.2 Supply Chain Management The first definition of the supply chain management is dated from the early 1980’s and compromises the following: “a ‘standard’ supply chain is a system compromising of materials, goods and information (including money), which pass within and between organizations, linked by a range of tangible and intangible facilitators, including relationships processes, activities and integrated (information) systems” (Peck, 2006) While our approach is not to give a full overview of the supply chain with all his aspects, we will nevertheless give you some information of some practical aspects in this domain that can be linked or have relationships with the risk management domain. Bullwhip effect An important issue for the supply chain is that you have to take into account the major consequences of the Bullwhip effect. Essentially, the bullwhip effect depicts the phenomenon in which the orders exhibit an increase in variability up the supply chain, even when the actual customer demands were fairly stable over time (Sterman 1989; (C. S. Tang, 2006). Cisco systems Inc. wrote off 2.5 billion in inventory due to a lack of communication among its downstream supply chain partners (Spekman and Davis, 2004(C. S. Tang, 2006). The increase in variability of the orders up the supply chain can cause many problems for the upstream partners including higher inventory, lower customer service level, inefficient use of production and transportation capacities, etc. The more distance between suppliers and the final consumer in the supply chain, the more these demand changes are compounded (Fine 1998; Lee, Padmanabhan, and Whang 1997(C. S. Tang, 2006). In order to mitigate the bullwhip effect, one needs to identify the root causes (C. S. Tang, 2006) which can be done in the first step, risk identification, of the risk management process. Secondly, many companies have switched from “local” suppliers to “low cost” and often distant suppliers on the basis of overhead cost optimization, without considering the cost of risks caused by this strategic change. Larger companies now buy from smaller suppliers in very remote areas of the globe. The extended supply chain now has many additional points of potential failure, enlarging the bullwhip effect and requiring new approaches to risk management. Companies face longer logistics lead times as well as new and unfamiliar risk profiles encompassing natural disasters, epidemics, and social, political or monetary instability (Alvarenga & Lehman, 2012).
  • 33. 23 An agency theory perspective The agency theory perspective justifies the differences in the objectives and risk preferences of the two parties: the principal (purchasing organization) and agent (suppliers), as well as information asymmetries. Both parties undergo an agreement with risk sharing (Zsidisin & Ellram, 2003). The aim to consider the relationship in this perspective is to reduce the purchasing firm’s risk of moral hazard and adverse selection. The first means the risk of the lack of the supplier, aware of not by the purchaser, to lever the agreed upon effort to meet customer demand. Adverse selection means the inaccurate assessment or misrepresentation form the purchaser of the sometimes unknown supplier abilities to meet customer requirements (Zsidisin & Ellram, 2003). An example of moral hazard is the unwillingness to further invest in appropriate infrastructure needed to produce the metal parts for AVIA. An example of the latter is that AVIA, unaware of the major investments in new metal production equipment, keeps further purchasing the parts from old machinery that are produced with minor quality. In essence, suppliers and buyers have to be aware of opportunistic behavior risk. This comes down to the breaking of their mutual informal agreements & contracts between the partners within the supply network in the pursuit of competitive advantage and profit (Seiter, 2009). The author proposes action programs like more communication quality, better partner selection and mutual sharing of cost accounting information to reduce opportunistic behavior directly or indirectly through reduced information asymmetry. Make-or buy decision Don’t try to force the manufacturing of complementary assets in-house when you can outsource particular needed competences in a more cost-advantageous way. For many companies, “make or buy” decisions have been chosen in favor of buying, not making. While this reduces manufacturing overhead costs, companies lose oversight of key governance and management competences and strategies. As a consequence this might introduce unknown (new) risks into the supply chain. Periodic risk rebalancing is therefore essential (Alvarenga & Lehman, 2012). Outcome-based versus Behavior-based management techniques In order to align the objectives of both agents and principals several management techniques or practices are available. These can be split in two categories (Celly & Frazier, 1996; Zsidisin & Ellram, 2003). Outcome-based management techniques address the importance of coordination of outcomes and results such as sales growth or sales in relation to targets. According to Zsidisin and Ellram (2003), the
  • 34. 24 use of buffer oriented techniques is an example of that group. Inventories can be held either by the purchasing firm resulting in internal safety stock or by suppliers which is supplier-managed inventory, or both. Rather than reducing the likelihood of a harmful event, firms employ buffers to reduce the disruptive effect of supply risk events. Therefore this approach is short-term oriented. Behavior based management techniques addresses behaviors such as customer education activities or selling techniques with distributers from the supplier personnel thereby signaling important objectives and suggesting specific distributor actions (Celly & Frazier, 1996). It focuses on processes, emphasizing ‘task and activities” that lead to a reduction in supply risk and is therefore long-term oriented. The findings of Celly and Frazier (1996) were that supplier personnel rely too much on outcome- based efforts when coordinating relationships with distributors. Zsidisin and Ellram (2003) on the other hand found that there exists a partially positive relationship for behavior techniques with perceived supply chain risk and this was not supported for buffer oriented techniques. The implementation of buffers is done regardless of the extent of perceived supply risk. Although each of the efforts has its downsides, outcome-based may be sometimes inappropriate in some situations and behavior-bases may be sometimes costly to the firm. An emphasis solely on maintaining buffers to manage supply risks can harm business profitability due to capital devoted to inventories and Celly and Frazier (1996) find the risk of demand fluctuation is being positively related to behavior-based management efforts. On the other hand buffers give you a form of assurance and behavior based contracts facilitates communication and mutual goal alignment. An inclusion of the two efforts will be optimal. Examples of the management techniques are given below: Outcome Buffer Behavior - communication about sales growth, market share, … - managing inventory - supplier certification - quality management programs implementation - target costing - supplier development The advantage of supplier certification is that they reduce the need for the purchasing organization to conduct time-consuming inspections. Implementation of quality management programs is also an
  • 35. 25 option but certification improves already the abilities of the supplier to satisfy the quality expectations of the purchasing firm. Also target costing is interesting where supplier and purchaser determine ways to drive cost out of its products. At last supplier development can meet the purchasing organization’s short or long-term supply needs. Behavior-based efforts may be predominant in franchise channel systems because inter-firm interaction should be relatively high and relationship termination is more difficult. In conventional channel systems, outcome-based efforts may be predominant because of the need to keep coordination costs down. In addition we will find more buffer-oriented approaches within the use of transactional supplier relationships whereas the use of behavior outcome-base approaches is more adopted with cooperative supplier relationships (Blome & Henke, 2009). Making your supply chain redundant versus flexible According to Sheffi and Rice Jr (2005), the following difference can be made. Redundancy activities include safety stock, the deliberately use of multiple suppliers or back-up sites. Adding redundancy is in a way needed for every day’s operability but flexibility strategies on the other hand gives more competitive advantage in the marketplace. Flexibility can be seen from 3 facets: supply, in-house conversion and distribution. It aims first of all on correct alignment of the supplier relationship with the procurement strategy whether you opt for a single supplier or for multiple suppliers or for a single supplier for each critical part. Secondly using standard processes and having multiple locations with built-in inter-operability. This allows a firm to operate in another plant once one is disrupted or the replacement of sick operators. On the customer or distribution side at last, managers face a choice about which customers to serve first after a disruption. Managers can thereby decide on several criteria like the vulnerability, the profitability and costs of all customers. Strategies like postponement or producing semi-finished products, described above, can be used. Managers in addition are often reluctant to invest in flexibility measures because they don’t see directly or hardly can estimate the impact on risk mitigation (C. Tang & Tomlin, 2009). So unlike redundancy, flexibility can also improve the competitive advantage of companies in times without a disruption. Flexibility at last is indeed important when your company executes a lot of projects because the project manager must be able to change or redefine several aspects during project execution. Furthermore projects ensure the coordination between client, contractor and supply chain. Hence, project execution translates into flexible management. But gaining more on flexibility and consequently efficiency implies the risk of losing sight and therefore as we have seen before can increase vulnerability. Companies producing components for the automotive sectors are an example of industries that focus on project management (Gaudenzi, 2009). It provides a risk management framework that is also applicable for projects.
  • 36. 26 C. Tang and Tomlin (2009) investigates how much flexibility is needed to mitigate supply chain risk. On the basis of mathematical models they conclude that only a small amount of flexibility strategies (e.g. multiple suppliers, flexible supplier contracts, postponement, responsive pricing and flexible manufacturing processes) is required to mitigate risk. From their PWC research (Levi et al., 2013), it seems that companies focus on flexibility and customer service levels on the one hand and other companies on cost reduction and efficiency on the other hand. It seems according to their study that those former are better coped against risks (appendix). It’s also worth noting that 80% of the cost-efficient companies face high variable supply chain lead times given that low variability is mostly one of the key drivers of an efficient operating strategy. The resilient supply chain Once gone through all the major risk management steps and approaches the ultimate goal is to build a resilient supply chain. A supply chain that is both able to absorb disruptions and risks, can proactively manage its supply chain and sees a possibility to turn the threats of a disruption in a major advantage can be seen as a resilient enterprise. Resilience is not the same as robustness. The robustness of a company is the ability to resist from an accidental event, retain to its same stable situation as it had before and stick to his initial mission (Asbjørnslett, 2009). In contrast resilience aims at a new stable situation and has the adaptive ability instead of being resistant. Building a resilient enterprise should be seen from a strategic level and changes the way a company operates and increases its competitiveness. Two important aspects determine a company’s resilience (Sheffi & Rice Jr, 2005). First is the market position. Is the industry competitive or has the company a lot of market power? Else it depends on the responsiveness of the supply chain. When companies are not so responsive they might risk losing market share. Responsive companies otherwise can increase market share or once they have a reasonable amount of market power they can lock in their leadership. Corporate culture In the search for the resilient enterprise, it is important not to underestimate the contribution of culture to an organization (Sheffi & Rice Jr, 2005). Empowering front-line employees to take initiative and guide actions is a possible step in building a suited corporate culture. Secondly Japanese lean principles from the Toyota Manufacturing System can be used like Poka Yoke and Hijunka. These concepts are in essence that one must learn from errors and fixe the root causes. Companies can minimize the risk of possible disruptions by paying attention to small problems as indications of major disruptions. At last continuous communication between all layers of a company can foster the good working of the company.
  • 37. 27 To encourage the need and use of risk management a disruption can be simulated and employee reactions are monitored and used in training (Kleindorfer & Saad, 2005; Sheffi & Rice Jr, 2005). This is the exercise of role playing with red and blue teams. The red team represents in most cases competitors, rivals or supply chain experts, equipped with whatever information is available. They attempt to attack the supply chain to cause major disruption. On the other hand you have the blue team who tries to mitigate or countermeasures those actions which are cost effective against the Red Team scenarios. This way of training can enhance the risk culture in the firm. This lacks yet in a lot of firms according to the authors of the paper from Cagliano, De Marco, Grimaldi, and Rafele (2012). Sheffi (2008) proposes that governments can introduce cultural aspects into disruption mitigation. Cultural changes on a societal level happen several times every century so the government should encourage and drive these trends to improve resilience along the chain. 2.3 Supply Chain Risk Management Research in supply chain risk management is still in an early stage and has been around for about a decade now. As a consequence here is a huge diversity in topics, opinions, and research methodologies in the field of supply chain risk management. Furthermore there is still a lot of variation towards the meaning of supply chain risk management according to several established focus groups. According to them, supply chain risk management is seen as a subset of Supply Chain Management (SCM) and also as a subset of Enterprise Risk Management (ERM) which can be seen in the figure below. But what compromises the field of supply chain risk management (Sodhi, Son, & Tang, 2012)? Supply chain operations and risk management processes go hand-in hand and complement one another. Figure 9: the concept of Supply Chain Risk Management (Blos et al., 2009) According to Wagner and Bode (2009), Supply chain risk management (SCRM) contains the field of activity seeking to eliminate, reduce and generally control pure risks in supply chains. But what do
  • 38. 28 these risks contain? According to the focus group from the research from Sodhi et al. (2012), risks in this field should concern majorly with dealing with unknown events or dealing with disruptions or disasters with low probability and high-impact. This was the opinion of almost the half of the researchers. Secondly it should concern dealing with risk within supply chain operations, according to 20% of the researchers (Sodhi et al., 2012). Kajüter, 2003 states: “Supply chain risk management is a collaborative and structured approach to risk management, embedded in the planning and control processes of the supply chain, to handle risks that might adversely affect the achievement of supply chain goals.” In this definition the focus is rather laid on the supply chain. Norrman and Lindroth, 2002 assess the focus of supply chain risk management more on a practical approach. Supply chain risk management can be defined as, “to collaboratively apply risk management process tools with partners in a supply chain to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources” Nevertheless this concept is still missing many pieces that have to be found and linked together to get a comprehensive approach of supply chain risk. SCRM is often not always established as a distinct function or department in companies. Businesses do not agree on how to integrate these risks into their decision-making processes, the risk function is typically “headquarters-centered” and there seems not be a risk regulation that covers the supply chain. However it’s necessary to integrate risk management into operations, strategic and sales planning. The work from Jüttner et al. (2003) summarizes well the concept:” “the identification and management of risks for the supply chain, through a coordinated approach amongst supply chain members, to reduce supply chain vulnerability as a whole.” And can be summarized using the figure from them.
  • 39. 29 Figure 10: a SCRM framework As a consequence it shouldn’t come as a surprise that research in this field leads to often unambiguous conclusions and a large variety of results. But SCRM implementation has brought up: Ericson has implemented a SCRM matrix organization that spans the entire company, from the corporate and strategic level to the functional and finally process-oriented operational level. It’s in addition worth to address the importance of smaller companies. Most SME’s are more exposed to supply chain risks whilst simultaneously disadvantaged by lack of management resources, structures, processes and expertise as opposed to bigger firms (Henke, 2009; Jüttner & Ziegenbein, 2009). In essence, for SME’s the adoption of a comprehensive risk management program can be the same except for some aspects due to their limited possibilities. Whereas larger firms can have the time and the access to control all their supply chain partners not strictly limited to 1st tiers, SME’s are encouraged to select their most important one for further investigation. In most cases information is gathered from their personal network and there is no planned supplier data collection but instead these companies rely more on social interactions with their suppliers (Ellegaard, 2008). It’s not practical for them to map their entire supply chain (Jüttner & Ziegenbein, 2009). Consequently before the risk identification process, Jüttner and Ziegenbein (2009) require the mapping of supply chain vulnerability against their strategic importance to investigate. Furthermore the adoption of expensive risk management tools is not always value adding for them. That is because tools often are designated for specific tasks and are highly sophisticated and therefore not always suitable for SME’s. In summary a 3-phase risk management approach for SME’s is given. The tactics towards the risk aspects are according to a case study from Ellegaard (2008) as follow: probability reduction has the highest priority and effect reduction through multiple sourcing was not
  • 40. 30 practiced at all. Also small companies don’t gather much information from their partners that can help reduce risk. A company must regularly check their activities in a manner that they fulfill their strategic objectives dictated by the firm’s vision. A framework that can aid to measure performance is the Balanced Scorecard of Kaplan and Norton. Their model doesn’t contain only financial objectives but incorporates also internal, customer and innovative & learning perspectives. When dealing with supply chain performance, no primary use of financial performance measures is advised (Sheffi & Rice Jr, 2005).This framework which focuses on performance measurement as a consequence should be integrated with supply chain risk management. Risk and performance are directly related because the higher the risk taken the higher the expectation of suitable returns (Sheffi & Rice Jr, 2005). As more resources and attention is given to supply chain risk management an aligning with performance management is indispensable. Besides the electronic multinational Ericsson (Norrman & Jansson, 2004) another company that has successfully implemented a risk management strategy and accompanying supply chain culture is the Nisan Motor Company (Schmidt & Simchi- Levi, 2013, (Levi et al., 2013)). After serious harmful problems due to an earthquake and Tsunami in Japan, they incur a $ 200 billion loss. “Nissan’s production capacity was perceived to have suffered most from the disaster compared to its competitors.” But the company managed to increase their production with 9.3 % in comparison with an overall decrease with its competitors. How was this company able to manage this? First they implemented an integrative risk management framework with risk identification as early as possible, assessment and performed countermeasures against them. Second the plant has formulated a continuous ready plan with their suppliers. Moreover the team was empowered with local decision management. In addition the company structured its supply chain as flexible as possible. At last, there was extended enterprise visibility and warnings to between internal and external business functions (Levi et al., 2013). 2.4 Supply Chain Security Management Supply Chain Security Management (SCSM) is defined as “the application of policies, procedures and technology to protect supply chain assets from theft, damage, or terrorism and to prevent the introduction of unauthorized people or weapons of mass destruction into the supply chain. Security practices can be control measures implemented in several processes and certainly at several gates throughout the supply chain where products arrive (Voss & Whipple, 2009).
  • 41. 31 The difference with Supply chain risk management is the fact that Supply chain security management focuses more on prevention of contamination, damage or destruction of the supply chain assets and products by policies, procedures and technologies whereas the former investigates more the likelihood of outcomes being susceptible to disruptions that can damage the supply chain (Autry & Sanders, 2009). This paper provides a dynamic capability framework that can be used to implement security practices. These capabilities include processes, technology and human resources. For example the use of radio frequency identification is a technology capability. With the use of the Radio Frequency Identification (RFID) technology and their tracking and tracing capabilities, abilities rise to identify disruptions quickly. Furthermore sensitive control systems often can identify a disruption before its cause is apparent. The management of inventory is an example of a process capability and governmental security initiatives are human resource capabilities. The problem with risk mitigation activities, in particular those that don’t start at the place of original production, is that technical control allows hidden action of participants in the process chain (Mau & Mau, 2009). Therefore a supply chain wide security control system or management is needed. A comprehensive control platform is required to manage supply chain security effectively. The goal for supply chains, those that doesn’t consist of a complex network or single supply chains, is to secure worldwide and realize complete traceability of all involved products and inputs at all the supply chain levels resulting in continuous transaction data in both directions, upstream and downstream. To trace all the necessary information, it is useful to make use of an independent database. In this way effects on the products of your firm can not be overseen thanks to a centralized data management system. The basic thought for implementing security initiatives are basically the same as for the use of risk mitigation strategies. Advanced or high proactive security initiatives pay off and improve security and firm performance but most firms have not progressed beyond basic physical security measures such as infrastructure management and therefore have not derived the service benefits from higher level security measures (Voss & Whipple, 2009). Consequently this creates a dilemma in an optimal tradeoff between cost of implementation and efficiency of the initiatives but also for firms that face greater customer or government requirements. More security improvements sometimes can lead to a decrease of flexibility and firm performance but aim to create a secure supply chain that maintain advanced security processes and procedures.
  • 42. 32 2.5 Conclusion Concluded, risk mitigation measures can be seen and implemented from 3 different levels. The strategic level which focus on for example alternative suppliers, at the tactical level (e.g. improved demand forecast) as well as the operational level (e.g. business continuity plans). Although risk management practices and business continuity planning is left too much to security or insurance professionals in companies, it should be noted as a strategic initiative and must be implemented in an integrated risk framework approach. As a consequence this risk practice helps to build a resilient enterprise and supply chain.
  • 43. 33 3 Conceptual framework The goal of this work is to determine how several environmental aspects (e.g. market size, bargaining power) may have an impact on the managers or the firm’s risk perception by which we mean the probability of risk and their impact. Furthermore we investigate if these perceptions might influence risk mitigation strategies performed by the firm. In particular we will make the distinction between more proactive versus more reactive performance towards risks. At last we want to examine if certain mediators and moderators do play a role in selecting that particular strategy. On the one hand we dive into how varied a firm does perform supply chain management practices and their choice towards risk management. On the other hand we look at the design and the complexity of the supply chain and see if any conclusions can be made with this aspect towards risk. While previous research (Ellis, Henry, & Shockley, 2010) has determined the impact of environment on risk perception, investigation towards the use of proactive versus reactive management is still a gap in the literature that hasn’t been explored yet. Instead Ellis et al. (2010) investigated overall supply disruption risk towards the search of alternative sources of supply. 3.1 Environment Several papers deal with the environment as an important factor for the determination of risk (Ellis et al., 2010) (Ritchie & Brindley, 2009). Ellis et al. (2010) chooses also for the integration of some environmental factors like technological uncertainty and market thinness but also for some company specific characteristics like item customization and item importance. The environmental construct here proposed is as follow: PEST-analysis An exercise for the company in determining the strength of the environment and the external factors can be the adoption of a so called PEST analysis. This analysis contains the macro-environmental aspects of Political forces, Economic forces, Social forces and Technological forces. It’s an environmental scanning component that can help you to determine trends outside the venture. The purpose is to detect driving factors and uncertainties.
  • 44. 34 Figure 11: PEST analysis Porters competitive model and SWOT-analysis A second approach to identify your environment is the so famous Porter’s five forces model. This framework provides you and let you think about you’re major outside forces that come into play with your venture and determines the dynamic tensions between players. The aim of this tool is to perform a competitive analysis because each player may have a sufficient amount of power. It highlights problem areas as well as possible opportunities or whether you have a competitive advantage or you have to accept a reasonable amount of risk. An exercise that can complement this investigation is the SWOT-analysis (Strengths, Weaknesses, Opportunities and Threats). The threat of potential new entrants can limit your own company’s activities but there may be entry barriers that could prevent them to start doing business. Second, suppliers may have bargaining power that impacts your business such as a unique product they deliver to you that requires a high degree of specification and specialization. Customers likewise may have power too over your business for instance if they are able to integrate backwards into the supply chain (e.g. manufacturing your product themselves). In addition there may be a threat from substitute products. Note that this doesn’t contain physically the same products but may also encompass a different transportation mode like for example plane versus car. Substitute products can be more or less attractive depending on for example the switching costs a customer must pay. For example the adoption of a new product would require the customer to buy new equipment or additional software and so on. At last, existing rivalry among industry players can make your environment very turbulent. If there are many •technological pace •adoption cycles •R&D •education •demography •work aspects •financial markets •economic cycle •change of industry and markets • laws & regulations • political (in)stbility • government spending Political Economic TechnologicalSocial
  • 45. 35 competitors and there is little product differentiation, the resulting strategy in your industry will be price competition. Figure 12: Porter's Five Forces Model Market variables At last we introduce some market variables that also can be perceived from the environment and are important for the firm. First we account for the perception of the market size: “is it growing or declining rapidly?“ Moreover has the industry market many or few segments resulting in a company’s market span. In addition, “has the industry many or few competitors?” This describes the market concentration. At last, we can focus on the ease to enter the market. “Is it open to new players or closed to new players?” So concluded, our first hypothesis will be: Hypothesis 1: Environment constructs – Risk perception relationship H1: there is a significant relationship between Market-variables, some PEST-analysis variables & PORTER-analysis variables and the probability of risk and their impact. 3.2 Risk perception or representation of risk Risk perception is defined as the decision maker’s assessment of the risk inherent in a situation (Sitkin & Pablo, 1992). This refers to the assessment stage in the risk management process described earlier.