Mitigating supply chain disruptions
faster with less inspection.
While these initiatives could improve security, some scepticshave doubts. First, as reported by Damas (2002), the estimated cost of implementing thesenew security measures is approximately US$150 billion. Second, Rice and Caniato (2003)commented that these initiatives might not guarantee security in the long run because theactual security would depend on the continuous efforts of many parties.The reader is referredto Closs and McGarrell (2004) and Rice and Caniato (2003) for detailed descriptions of theseinitiatives.At the corporate level, Rice and Caniato (2003) reported that few ﬁrms rely on insurance tosecure their supply chains for two key reasons. First, insurance premiums for major disrup-tions are prohibitively expensive. For example, Delta Airlines terrorism insurance premiumsincreased from US$2 million in 2001 to US$152 million in 2002. Second, even though insur-ance can help a ﬁrm to stay aﬂoat ﬁnancially after a major disruption, it cannot protect aﬁrm from losing its customers. Instead of relying on insurance, many ﬁrms have developedvarious risk assessment programmes that are intended to: (1) identify different types of risks;(2) estimate the likelihood of each type of major disruption occurring; (3) assess potential lossdue to a major disruption; and (4) identify strategies to reduce risk. Rice and Caniato (2003)and Zsidisin
(2000, 2004) concluded the following.
Mostcompaniesrecognisetheimportanceofriskassessmentprogrammesandusedifferentmethods, ranging from formal quantitative models to informal qualitative plans, to assesssupply chain risks.
Not only does a supply chain risk assessment programme motivate a ﬁrm to developcontingency plans, it can also be used to meet certain legal requirements such as theSarbanes-OxleyAct of 2002 and KonTraG.
Having multiple suppliers for strategic parts is the most common approach for reducingsupply chain risks.
Owing to few data points, good estimates of the probability of the occurrence of anyparticular disruption and accurate measure of potential impact of each disaster are difﬁcultto obtain.
3. Apprehension without action
Rice and Caniato (2003) and Zsidisin
(2000, 2004) also revealed an interesting phe-nomenon. They commented that most companies invested little time and few resources inmanaging supply chain risks, even though they conducted supply chain risk assessment exer-cises. Two surveys conﬁrm this perplexing dichotomy. First, according to a study conductedby Computer Sciences Corporation in 2003, 43% of 142 companies, ranging from consumergoods to health care, reported that their supply chains are vulnerable to disruptions, and 55%ofthesecompanieshavenodocumentedcontingencyplans(cf.PoireirandQuinn2003).Next,
Lee and Whang (2003) developed a model to show how ﬁrms can reduce inventory due to less inspection time.
The Sarbanes-Oxley Act of 2002 requires US companies to inform shareholders of their risk proﬁle and theirapproach to managing risk. The reader is referred to http:
sarbanes_oxley_summary.htm fordetails. KonTraG is a German law implemented in 1998 that is analogous to the Sarbanes-Oxley Act. The reader isreferred to http:
622 for a detailed description of KonTraG.
Both Shefﬁ (2001) and Kleindorfer and Saad (2005) suggested the use of multiple suppliers as a way to reducesupply chain risk.
(2004)developedasimulationof a stochastic process to estimate the probability distribution of supply chain losses caused by the disruptions.