Supply Risk Management
Waters (2007) define Supply Chain Risk Management (SCRM) as the process of systematically identifying, analyzing and dealing with risks in supply chain. Risk management is one of the most significant challenges faced by nearly every supply chain in the 21st century. As information and communication technologies have revolutionized the availability and exchange of information, global competition has allowed companies to offer increased product variety and even the outsourcing of core operational activities as manufacturing. These initiatives make supply chains more vulnerable to disruptions caused by multiple factors, such as uncertain economic cycles, consumer demands, and natural and man-made disasters. On the other hand, supply chains are more exposed to stakeholder scrutiny which also create vulnerability to reputation damage, access to capital and to regulatory compliance.
These are the terms and definitions that are frequently used in supply chain risk management studies:
Risk is the probability and severity of adverse effects (Ravindran et al. 2010).
Hazard is any source of potential damage, harm or adverse effects on something or someone under certain conditions (Vazquez-Brust et al. 2012).
Vulnerability refers to the conditions determined by physical, social, economic and environmental factors or processes which increase the susceptibility of a community to the impact of hazards (The United Nations Office of Disaster Reduction (UNISDR) 2014).
Exposure refers to the degree to which a group, property and goods could be materially affected by a dangerous phenomenon. It is a consequence of the relationship between hazard and vulnerability, and in turn it influences both (Vazquez-Brust et al. 2012).
Commonly, business risks are understood as the product of two risk factors: the likelihood of a hazard occurring and the impact it would have on business objectives; where impact is understood as the severity of the harm caused. There exist more comprehensive definitions in the literature. For instance, Ayyub et al. (2007) define risk as the product of three terms: consequence, vulnerability and threat; where consequence is the maximum possible loss, vulnerability is total weakness of the system over all hazard scenarios and threat is the rate of hazard occurrence for period. Bilsel (2008) considers detection as another component of risk. Vazquez-Brust et al. (2012) considers potential risk dependent on the potential hazard, the system vulnerability and its exposure, while managed risks result from combining uncertainty and governability.
Therefore, in its simplest form, risk is given by the hazard potential of something under certain conditions. An extended view may consider not only the conditions (causes) for risk but also the degree of harm (consequences) on the specific group or system.
On the other hand, the risk brought by outside suppliers, or supply risk, can be grouped in two broad categories: internal risks and external risks (Ravindran and Warsing 2013). Figure 1 exemplifies these types of risks.
Figure 1 Supply risks according to their origin.
Internal risks are risks within the supply chain which arise from the interaction between constituent organizations across the supply chain. They are caused by sub-optimal interaction and co-operation between the entities along the chain. Such supply chain risks result from a lack of visibility, lack of ‘ownership’, self-imposed ‘chaos’, just-in-time practices and inaccurate forecasts.
External risks arise from interactions between the supply chain and its environment. Such interactions include disruptions caused by strikes, terrorism and natural catastrophes. Any disruption at any stage in a supply chain that can be linked to environmental causes is ascribable to external risks.
According to the School of Management at Cranfield University (2002), internal supply chain risks and external risks impact the vulnerability of the supply chain. Although both supply chain and external risks have independent sources, simultaneous occurrence of both risks and interactions between them intensifies the damage to the supply chain. Thus, supply chain vulnerability can be defined as “an exposure to serious disturbance, arising from risks within the supply chain as well as risks external to the supply chain”. Consequently, Supply chain risk management aims at identifying the areas of potential risk and implementing appropriate actions to contain that risk. Therefore, it can also be defined as: “the identification and management of risks within the supply chain and risks external to it through a coordinated approach amongst supply chain members to reduce supply chain vulnerability as a whole.”
The usual approach to Risk management is the following:
1. Identify hazards.
2. Analyze or asses the risk associated with that hazard.
3. Mitigate risks or determine appropriate ways to eliminate or control the hazard.
Hazard identification is defining all potential risks, both internal and external, that organizations may face. Risk analysis or assessment is narrowing the list of potential risks by assessing their importance to the supply chain operations. Risk mitigation is taking appropriate actions to reduce risk once they are identified and evaluated.
In a recent survey conducted for The Chartered Institute of Purchasing & Supply among purchasing and supply professionals from firms in various sectors in the UK, when asked to indicate the approach that best described their organizations’ policy towards risk assessments with respect to their tier 1 suppliers, over a third reported that risk assessment was part of routine supplier selection activities, and that it was applied to all suppliers. Moreover, customer requirements, changes in business strategy and corporate social responsibility were considered the three most important factors influencing awareness of purchasing and supply risk within their organizations (Peck 2006).
Quantitative Approaches to Risk Management in Supply Chains
Translation of risk to quantitative terms has been challenging but it is a critical task for successful business applications. The following are some of the major work done in this area:
- Supplier selection: Tang (2006) reviewed various quantitative models for managing supply chain risks. While most of the supplier selection models are deterministic, there are few articles dealing with operational risk at this stage. Micheli (2008) uses a risk efficiency-based supplier selection approach for critical items which allows the consideration of procurement and investment related risks. Kouvelis and Gutierrez (1997) presents a supplier selection model that captures the stochastic nature of exchange rate. In his model, the buyer needs to decide which suppliers to select and the quantity to be sourced from each selected supplier.
- Hazard exposure: On the other hand, Yang (2007) proposed methods for risk classification and quantification considering the manufacturer´s hazard and exposure factors. The risk’s severity of impact and the frequency of occurrence are modeled using two different types of risks. Value-at-risk (VaR) type risks are used to model less frequent events which disrupt operations at suppliers and can bring severe impacts to buyers (e.g. labor strike, terrorist attack, natural disaster, etc.). Miss-the-target (MtT) type risks, on the other hand, are used to model events that might happen more frequently at suppliers with lesser damage to buyers (e.g. late delivery, missing quality requirements, etc.). Using these concepts, Ravindran et al. (2010) model the risk-adjusted supplier selection model and solve it in two phases using real data. Bilsel and Ravindran (2011) present a multi-objective stochastic sequential supplier allocation model to help in supplier
selection under uncertainty. Probability distributions are used to model demand for products, capacities at suppliers as well as transportation and other variable costs which are the main sources of uncertainty.
- Disruption risks: Bilsel and Ravindran (2012) use analytical methods to model and quantify disruption risks. Here, disruption risks are broken down into four components: impact, occurrence, detectability and recovery. Kanokporn (2013) presents an alternative disruption risk management framework which focuses on assessing disruption risks due to natural and man-made disasters that may occur at facilities or transportation links. The main contributions of this work relate to the assessment of vulnerability and availability of risk management practices as well as to the explicit assessment of transportation disruptions. The framework is designed to address both supply chain robustness and resiliency. Robustness is addressed by first applying a disruption risk assessment which considers hazard, vulnerability and risk management practice. Hazard is the result of aggregating predictability, occurrence and impact scores. Vulnerability aggregates factors related to both
facilities and transportation.
- Sustainability risk: Finally, Torres-Ruiz (2015) proposed an ambitious supply risk assessment which attempted to incorporate the difference between potential risk and managed risk as described by Vazquez-Brust et al. (2012). Potential risk is measured as the product of hazard and vulnerability while managed risk is measured in terms of management practices. Here is how she does it:
- The first risk factor is Hazard. Hazards are identified based on their potential impact to business objectives, which go beyond those usually considered in the literature, namely efficiency, productivity and supply security. In addition, we include impact on reputation, compliance with regulations and access to capital. In this manner we facilitate the internalization of the entire spectrum of impacts from the perspective of all stakeholders.
- The second risk factor is Vulnerability. Here, the supply chain’s susceptibility to the impacts of hazards is measured. For this, decision makers are asked to identify and assess internal and external indicators related to the triple bottom line.
- The third risk factor is Risk Management Practice, which refers to institutional activities that act as a “buffer” moderating the other dimensions of risk. This factor is measured in terms of the implementation of mitigation and monitoring practices.
- The first risk factor is Hazard. Hazards are identified based on their potential impact to business objectives, which go beyond those usually considered in the literature, namely efficiency, productivity and supply security. In addition, we include impact on reputation, compliance with regulations and access to capital. In this manner we facilitate the internalization of the entire spectrum of impacts from the perspective of all stakeholders.
Alternatively, we can think of solutions depending on the several types of `operational risks faced by supply chains:
Uncertain demands: Moinzadeh and Nahmias (1988) analyze an (s1, s2, Q1, Q2) ordering policy for a continuous time model with regular and emergency demand supply. Specifically, when the inventory reaches s1, a regular order of size Q1 is placed. If the inventory reaches s2 within the lead time of the regular order, an emergency order Q2 is placed. Janssen and de Kok (1999) analyze a different ordering policy in which the buyer will always order Q units from one supplier in each period, and will order [S — Q]+ units from the second supplier so as to bring the inventory position to S.
Uncertain supply yields: When a buyer receives a random fraction of the order quantity from the supplier, Wang and Gerchak (1996) analyze a periodic review environment with variable production capacity, random yields, and uncertain demand and show that the solution for the finite-horizon problem converges to that of the infinite-horizon problem.
Uncertain supply lead times: When both suppliers have identical lead time distributions, Ramasesh et al. (1991) consider an (s, Q) ordering policy, where the order quantity Q is evenly split between two suppliers. Due to the complexity of the analysis, the optimal values for the reorder point s and the order quantity Q are determined numerically. Alternatively, Sawik (2011) considers the problem of multi-period supplier selection and order allocation in a make-to-order environment in the presence of supply chain disruption and delay risks. In a scenario analysis, the low-probability and high-impact supply disruptions are combined with the high probability and low impact supply delays.
Uncertain supply costs: For models that examine the issue of uncertain supply cost imposed by an upstream supply chain partner, Gurnani and Tang (1999) analyze a situation in which a retailer has two instances to order a seasonal product from a wholesaler prior to the beginning of a single selling season.
Note: The bibliography cited above can be found in my article: Multiple criteria framework for the sustainability risk assessment of a supplier portfolio