Managing Supply Chain Risks

It is hence obvious that in this work, risk and uncertainty are not seen being synonymous. The understanding of both keywords is essential for the understanding of the following Supply Chain Risk Assessment (SCRA). Since clarification about the keywords’ meanings is provided, the question of what is meant by Supply Chain Risk Management (SCRM) arises.

Definitions SCRM

(Jüttner, Peck, &

Christopher, 2003)

“Supply chain risk management aims to identify the potential sources of risk and implement appropriate actions to avoid or contain supply chain vulnerability. Consequently, it can be defined as: “the identification and management of risks for the supply chain, through a co-ordinated approach amongst supply chain members, to reduce supply chain vulnerability as a whole.”

(Norrman &

Jansson, 2004)

“The focus of supply chain risk management (SCRM) is to understand, and try to avoid, the devastating ripple effects that disasters or even minor business disruptions can have in a supply chain.”

(Jüttner, 2005)

“Risk in supply chain centres around the disruption of ‘flows’ between organisations. These flows relate to information, materials, products and money. They are not independent of each other but clearly connected. A key feature of supply chain risk is that, by definition, it extends beyond the boundaries of the single firm and, moreover, the boundary spanning flows can become a source of supply chain risks.”, Jüttner, 2005b

“The remit of SCRM as a managerial activity can be defined as: ‘the identification and management of risks for the supply chain, through a co-ordinated approach amongst supply chain members, to reduce supply chain vulnerability as a whole.”

Jüttner, 2005b

“SC vulnerability is defined as ‘an exposure to serious disturbance arising from supply chain risks and affecting the supply chain’s ability to effectively serve the end customer market.”

(Gaudenzi &

Borghesi, 2006)

“The aim of risk management is the protection of the business from adverse events and their effects (Borghesi, 1985)”

(Gaudenzi &

Borghesi, 2006)

“[…] a process that supports the achievement of supply chain management objectives. In this sense, risk management is “an integral part of supply chain management” (Christopher, 2004).”

(Tang, 2006)

“The management of supply chain risks through coordination or collaboration among the supply chain partners so as to ensure profitability and continuity. […] one can address the issue of SCRM along two dimensions:

Supply Chain Risk - operational risks or disruption risks.

Mitigation Approach - supply management, demand management, product management, or information management.”

(Berg, Knudsen, &

Norrman, 2008)

“The core of supply chain risk management is to understand, and try to avoid, the devastating ripple effects that disasters or even minor business disruptions can have in a supply chain.”

(Wagner & Bode, 2009)

“If anything can go wrong, it will” says Murphy’s Law. If this holds true, a good risk management approach is to avoid activities that are risky and “can go wrong.”

(Essig, Hülsmann, Kern, & Klein- Schmeink, 2013)

“SCRM aims at reducing a supply chain’s vulnerability as a whole and can be divided into several process-oriented steps. In this regard, conclusions can be drawn from various theoretical approaches.”

Table 21 – Definitions: Supply Chain Risk Management

The SCRM can be seen as a process aiming at reducing all the deviations from the normal or expected (Svensson, 2002). Effective management of risks became one of the main concerns for any company in order to survive and succeed in a rival business environment. The SCRM has thus risen as a natural enhancement of SCM. To implement such a SCRM process many companies use the Six Sigma approach and other tools they are familiar with (Eckes, 2001). To assess potential risks, it is crucial to understand not only the considered SC’s processes and nodes but it is also essential to understand the risk itself. In fact, the risk needs to be evaluated so that it may be reduced afterwards. A manager needs to be aware that a risk can always be reduced to a minimum but it is not possible to eliminate it entirely. Some events – such as accidents, strikes or ‘force majeure’ events – are beyond the control of the company. In other words, while an ex- ante estimation of SC vulnerabilities is extremely difficult in nowadays’ complex global economy, it is becoming increasingly important too (Sheffi, 2005). Christopher (2003) indicated that the different risk factors could be yield by asking the right questions, namely ‘What drives the risk?’, ‘Where is the risk?’, and ‘What is the risk associated with?’. In addition, he pointed out that Supply Chain Risks (SCR) and their inherent factors may be identified in various ways, depending on the managers’ perspective. Potential risks are thus identified during the design phase of a supply chain and the issue’s probability as well as its possible impact are estimated and ranked in terms of significance. In a second step, managers try to find remedies before the concerned issue occurred so that it may be avoided. As this is not always possible emergency plans are elaborated to minimise the impact’s importance. However, “if a risk never materializes, it becomes very difficult to justify the time spent on risk assessments, contingency plans, and risk management. The probabilities of many of these events [risks] occurring can be difficult, if not impossible, to derive with any precision” (Zsidisin et al., 2000). Hence, many companies will weigh the financial loss if damage occurs against the investment of money, time, and labour required to prepare a contingency plan minimising the damages.

On the other hand, “despite recent unprecedented challenges, it appears that many supply chain executives have done very little to formally manage supply chain risk”

(Dittmann, 2014). In fact, Dittmann (2014) explained that none of the surveyed companies used outside expertise in evaluating risks for their SCs, and that most of them did not quantify risks when they outsourced their production. In addition the majority of the companies surveyed had risk managers employed, either in their legal or compliance departments, but rather all of those internal functions ignored SCR. His most surprising finding was that “100 percent of [the questioned] supply chain executives acknowledged insurance as a highly effective risk mitigation tool, but it was not on their radar screen nor in their purview” (Dittmann, 2014). Dittmann (2014) concludes that the heart of the problem consists in the fact that only few managers are compensated or promoted in their daily business to rigorously manage risks

To manage their risks, companies are supported by international standards like ISO31000 or ISO28000. The ISO 31000:2009 standard provides fundamentals, a framework as well as a process for managing risks. Its advantage is that is can be used by any company, no matter what size it has or what sector it serves. It provides guidance for internal and external audits by assisting in increasing the likelihood of achieving predetermined aims or by supporting the improvement of opportunities’ and threats’

identification. Managers may allocate the given resources for risk treatment in a more pertinent manner (ISO 31000 - 2009). In the same logic, the ISO 28000:2007 standard

aspects need to be considered immediately once they have an influence on the SC’s security management. Just as the former described ISO 31000, the ISO 28000 may be used by any enterprise or LSP. The main objective of this norm is to support companies in creating, implementing, and improving their security management procedures. In addition, since the use of this norm is attested by an accredited audit company through a certificate, a company using this norm can demonstrate that it is significantly involved to the SC’s security (ISO 28000 - 2007).

Conclusion and Definition

The very first step of the development of a risk management process consists in identifying the internal and external environments. After that, eventual risks need to be detected (Manuj & Mentzer, 2008). Nevertheless, despite this fact there is only limited literature addressing the issue of risk identifications in SCs, although the field of Supply Chain Risk Management (SCRM) has evolved (Kouvelis et al., 2006). According to Neely et al. (2002) a measurement system should always be linked to the specific objectives of the SC, taking into account the importance of the fact that the measures used need to be focused on their respective achievements. In addition, we agree with Dittmann (2014) suggesting that “once a risk management plan is developed, it can become a competitive advantage because so few firms have one”. It is determining that all the different members working on the SCRM process have a common understanding of not only the SC and its inherent risks, but also of the measures and actions to be taken. To clarify, we define SCRM as follows:

It is important to indicate that we will neglect the risks emerging on a daily business in our SCRM model. Those risks should definitely be considered within a company, but the model is supposed to assess the risks occurring in case of a SC’s re-design which is performed in order to increase the SC’s overall degree of sustainability. In this manner, the risks emerging on a daily business are considered being redundant within this work.

3.2.3 The inherent risks of (Re-) Designing a Supply Chain in Sustainability Matters