From Supply Chain Vulnerabilities to Risk - Important Concepts in Supply Chain Risk Management

Rate This: 
Fivestar rating field for readers to rate the content.

This blog may be a good starting point for supply chain risk management related research and literature, but even with more than 140 articles reviewed in the blog I still just touched the tip of the iceberg. There are still many basic articles left. Like this one by Helen Peck (2006): “Reconciling supply chain vulnerability, risk and supply chain management”

Terms in SCRM

Today I have a look at, what is basically a literature review concerned with clarifying the confusion with the terms used when talking about risks in supply chains.

There are a wide range of different terms and concepts used in the wider field of supply chain risk management. How do the terms vulnerability and risk correlate and how are those embedded in supply chain management? On another level: How are corporate governance, business continuity management and security and emergency planning relating to SCRM?

Supply Chain

Starting from a “standard” supply chain definition as a system, comprising…

…flows of materials, goods and information (including money), which pass within and between organisations, linked by a range of tangible and intangible facilitators, including relationships processes, activities and integrated (information) systems.

The first definitions for “supply chain management” came up in the early 1980s and developed from a very logistical view on a supply chain towards a network understanding, comprising aspects like marketing or product development as well. There also has to be a clear distinction between a strategic level tasks in SCM and their functional execution.

Vulnerability and resilience

Within SCM there is no clear consensus as to whether supply chain vulnerability is simply a symptom of poor SCM—to be remedied with more effective SCM and the wider adoption of a SCO—or whether it is the unintended downside consequence of its successful application. Perhaps it should rightly be regarded as a combination of all of these.

Supply chain vulnerability can be defined as an “exposure to serious disturbance, arising from risks within the supply chain as well as risks external to the supply chain” and as “a condition that is caused by time and relationship dependencies in a company’s activities in a supply chain”. Vulnerability is therefore seen as a combination of a disturbance and the resulting negative consequence.

The concept of “resilience” is related to risk and vulnerability in so far as it accepts that not all “risks” (hazards or threats) can be avoided, controlled, or eliminated. Instead, resilience focuses on the “ability of the system to return to is original or desired state after being disturbed”, i.e. its ability to absorb or mitigate the impact of the disturbance.

Corporate risk management

Supply chain (risk) management and its counterpart on a corporate level do not share the same origin. Where supply chain management stems from a more comprehensive view on operational management aspects like logistics and operations; corporate risk management originates in a strategic / macroeconomic view on the company.

These roots also lead to a different understanding for risk management. In a case where corporate risk management suggests outsourcing of non-core processes for risk reduction, a supply chain risk management view would imply a larger weight on the negative effects of the reduction in control.


Finally, Peck emphasizes the different aspects of risks in supply chains and highlights the distinctive factors:

Consequently, it is suggested that managerial views of supply chain risk, based on assumptions drawn principally from best practice in manufacturing enterprises, offer a familiar, convenient but incomplete picture of supply chain vulnerability. SCM is an integrative, cross-functional discipline, so it must be recognised that supply chain vulnerability is also a concern for practitioners and academics in other disciplines, including BCM and corporate risk management.


Peck, H. (2006). Reconciling supply chain vulnerability, risk and supply chain management International Journal of Logistics, 9 (2), 127-142 DOI: 10.1080/13675560600673578

Add new comment