Categorization of Supply Chain Risk and Risk Management
Several questions I receive concern the very basic elements of supply chain risk management. Since reading “Categorization of Supply Chain Risk and Risk Management” by Norrman and Lindroth (2004) I often referred to it, to describe the different aspects.
Norrman and Lindroth suggest a three dimensional framework to analyze different supply chain risk management issues (figure 1). The dimensions are:
- Unit of analysis, describing the levels which are affected by this issue (more local to the company or affecting the whole supply network)
- Type of risk or uncertainty, describing if the issue is operational or strategic
- Risk and business continuity management process, which shows the stage within the risk management process
The framework can be applied to many supply chain problems, an example of which can be found in figure 2.
Definition of SCRM
Supply chain risk management can be defined as,
… to collaboratively with partners in a supply chain apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources’ (Norrman and Lindroth, 2002)
Since SCRM is dealing with more than the risk from a single company it takes a broader perspective than the traditional risk management approach. It also considers the rippling effects of events connected entities.
There are several definitions for risk. The Royal Society defined it in 1992 as:
risk is the chance, in quantitative terms, of a defined hazard occurring. It therefore combines a probabilistic measure of the occurrence of the primary event(s) with a measure of the consequences of that/those event(s)
An important dimension of risk is its contextual association, which can be strategic, financial, operational, commercial or technical:
- Strategic: the risk of plans failing or succeeding, e.g. marketing strategy, changes in consumer behavior or political/regulatory changes.
- Financial: the risk of financial control failing or succeeding.
- Operational: the risk of human error or achievement, e.g. design mistakes, unsafe behavior, employee practices risk, sabotage.
- Commercial: the risk of relationships failing or succeeding, e.g. business interruption due to loss of key executive, supplier failure or lack of legal compliance.
- Technical: the risk of physical assets failing/being damaged or enhanced, e.g. equipment breakdown, infrastructure failure, fires, explosion, pollution, etc.
But the locational source of the risk is as important and can be divided into (a) externally-driven or environmental risk, (b) internally-driven or process risk, © decision-driven or information risk.
Risk Management Process
After highlighting some basic aspects of SCRM and risks in the supply chain context, the authors present their risk management process, which contains three elements: Risk Analysis and Assessment, Risk Management and Business Continuity Management (BCM).
The process starts with a listing of the risks affecting the supply chain using Fault Tree Analysis (FTA) and assessing the effects of those events in case they happen on the supply chain using Event Tree Analysis (ETA). As the second step, the decision has to be made if the risk can be accepted or if the risks can be mitigated by reducing the likelihood or impact.
Thirdly, one can argue if BCM (see figure 3) has to be part of a risk management process, nonetheless it is related, since it covers the aspect of planning for when an adverse event happens.
The framework combines several important aspects of risk management in general and specifically supply chain management. It is therefore very suitable for an introductory purpose on supply chain risk management.
Norrman, A., & Lindroth, R. (2004). Categorization of Supply Chain Risk and Risk Management Supply Chain Risk (Ed. Clare Brindley), 14-27