Computers in Industry 57 (2006) 350365

www.elsevier.com/locate/compind

A model for inbound supply risk analysis

Teresa Wu a, Jennifer Blackhurst b,*, Vellayappan Chidambaram a
b

a
Department of Industrial Engineering, Arizona State University, P.O. Box 875906, Tempe, AZ 85287-5906, USA
Department of Logistics, Operations and MIS, Iowa State University, 3131 Gerdin Business Building, Ames, IA 50011-1350, USA

Received 15 October 2004; accepted 24 November 2005

Available online 25 January 2006

Abstract
Managing risk has become a critical component of supply chain management. The implications of supply chain failures can be costly and lead
to significant customer delivery delays. Though, different types of supply chain vulnerability management methodologies have been proposed for
managing supply risk, most offer only point-based solutions that deal with a limited set of risks. This research aims to reinforce inbound supply
chain risk management by proposing an integrated methodology to classify, manage and assess inbound supply risks. The contributions of this
paper are four-fold: (1) inbound supply risk factors are identified through both an extensive academic literature review on supply risk literature
review as well as a series of industry interviews; (2) from these factors, a hierarchical risk factor classification structure is created; (3) an analytical
hierarchy processing (AHP) method with enhanced consistency to rank risk factor for suppliers is created; and (4) a prototype computer
implementation system is developed and tested on an industry example.
# 2006 Elsevier B.V. All rights reserved.
Keywords: Analytical hierarchy process (AHP); Inbound supply risk analysis; Prototype implementation

1. Introduction
Inbound supply risk is defined as the potential occurrence of
an incident associated with inbound supply from individual
supplier failures or the supply market, resulting in the inability
of the purchasing firm to meet customer demand [1] and as
involving the potential occurrence of events associated with
inbound supply that can have significant detrimental effects on
the purchasing firm [2]. These risks or supply chain failures can
be costly and lead to significant delays in customer deliveries.
Therefore, managing supply risk is a critical component of
managing the supply chain. Consequently, it is important to an
organizations success to understand the sources of supply risk
and how to best manage them [3].
A typical supply chain system can be large in scale, having
many tiers of suppliers, where each supplier tier of the supply
chain provides goods or services to the next level supplier tier in
the supply chain. Moreover, each tier may have multiple
components or members, creating a mesh network within the

* Corresponding author. Tel.: +1 515 294 2839; fax: +1 515 294 2534.
E-mail addresses: jvblackh@iastate.edu, jenblackhurst@earthlink.net
(J. Blackhurst).
0166-3615/$ see front matter # 2006 Elsevier B.V. All rights reserved.
doi:10.1016/j.compind.2005.11.001

supply chain where the linear flow of goods is rare [4].

Managing inbound supply risk can be a challenging task due in
part to the complex and dynamic nature of supply chain
systems. Risk is inherent in such systems and can manifest itself
in uncertainty existing in demand requirements, capacity,
delivery time, manufacturing time, and costs [5]. The
detrimental effects of uncertainties may be compounded by
inefficient operations in manufacturing systems, production
policies, and inflexible process changes, which are for most part
controllable by supply chain managers. There are tools for
managing controllable uncertainties such as theory of
constraints (TOC) for improving production efficiencies [6],
accurate response [7] for improving forecasting accuracy and
multi-channel manufacturing [8] for managing demand
fluctuations, to name a few.
Uncertainty also exists due to other factors such as changes
in markets, technology, competitors, political issues, and
governmental regulations [9]. Recent examples include the
2002 US west coast port strike, terrorist attacks such as
September 11, 2001, the 1999 Taiwan earthquake, and most
recently, Hurricane Katrina in 2005. These type of uncertainties, though difficult to control, can be managed through
efficient contingency planning. One such example is Sears, a
US based retail company, who managed the 9/11 crisis by

T. Wu et al. / Computers in Industry 57 (2006) 350365

creating a contingency cell or team at its head quarters

immediately after the incident to control nation-wide truck
traffic [10]. Relatively, there are many failure stories in
managing uncontrollable uncertainties as cited by Martha and
Subbakrishna [11] which are primarily due to lack of
contingency plans or poor execution. One example of poor
contingency planning is as follows: US based auto manufacturer Ford Motor Company shutting down five of its US plants
during the 9/11 incident because components could not be
delivered from Canada [12].
Inbound supply chain risk management has drawn increasing attention from both practitioners and academic researchers.
Different types of supply chain vulnerabilities and management
methodologies have been proposed. Yet, most of them offer
only point-based solution that deals with one particular or a
limited set of risks or may focus on outbound supply risk rather
than inbound [3,1319]. There is a need, therefore, for a general
inbound supply risk management methodology to classify,
manage and assess risks. This research proposes a supply chain
risk management framework concentrating on inbound supply
risk analysis. The contributions of this research are four-fold:
first, risk factors are enumerated through a review of the
literature and industry interviews. Second, a general risk
classification structure is proposed. Third, pair-wise comparison method using analytical hierarchy processing (AHP) with
enhanced consistency is developed to assist supply chain
managers in assessing risks. Fourth, a prototype system is
implemented and tested on an industry example.
This paper is structured as follows. Section 2 reviews exiting
supply chain risk management methods. The proposed
methodology is illustrated in Section 3. Section 4 details the
implementation prototype system followed by an industry
application example in Section 5.
2. Inbound supply risk
The area of risk analysis is a well-researched topic. However,
much of the research on risk and the physical flow of goods in a
supply chain has focused more in the outbound flow rather than
inbound supply risk analysis [20]. Zsidisin and Ellram [3] state
that a suppliers failure to deliver inbound goods or services can
have a detrimental effect throughout the purchasing firm and
subsequently through the supply chain, ultimately reaching the
consumer. Therefore, we focus specifically on research in the
area of inbound supply risk analysis. In this section, an inbound
risk analysis procedure is defined, followed by a review of the
literature in terms of this procedure.
2.1. Inbound risk analysis procedure
Supply risk analysis is a systematic procedure [21] and often
times it is the most detailed component of a risk management
system [22]. Based on review of the literature, the risk analysis
procedure is classified into four components: risk classification,
risk identification, risk calculation and implementation/validation [23]. The methodology developed in this paper is therefore
described in these terms.

351

2.1.1. Risk classification

The primary purpose of classifying risk is to get a collective
viewpoint on a group of factors, which will help the managers
to identify the group that contributes the maximum risk. This
can enable supply managers to give the required level of
importance (in the risk management process) for every group/
type of factors. A classification system can be designed to cater
the needs of a particular supply chain or can be chain
independent.
2.1.2. Risk identification
This step entails the enumeration of risk factors, is
performed to be later categorized into appropriate branches
in the classification system. It can be product focused, which
means all the factors generated will focus on a particular
product type, or supplier focused, where all the factors will be
oriented to evaluate a particular supplier, which might be used
as an abstract level risk for all kinds of product types that is
provided by that supplier.
2.1.3. Risk calculation
In general, risk factors identified in the previous step need to
be evaluated to calculate the factors impact on overall risk.
This step can be viewed as a decision support tool for predicting
risk factors.
2.1.4. Implementation/validation
Usability is a factor for implementing a risk analysis system.
It refers to the functionality of the application, as to whether it
can be used only for sourcing decisions or only for
strengthening existing supply base or for both. Validating the
system needs external support from supply chain managers to
provide data and critique the analysis results.
In order to understand the current literature base and more
clearly define gaps in the literature, a comparison of current
inbound risk methodologies is performed based on the four
main components in a risk analysis procedure in the following
section.
2.2. Existing research in inbound risk analysis
Kraljic [13] discusses the need to recognize the extent of
supply weakness and treats the weaknesses with a 4-phase
strategy to manage supply. The strategy presents key risk
factors such as availability, number of suppliers, competitive
demand, and make-buy opportunity. Additional market
oriented aspects of supplier risks are analyzed such as capacity
utilization, break-even stability, and expected demand growth.
Steele and Court [14] address vulnerability management, which
deals with an overall supply risk analysis procedure including
risk identification, and calculation. A list of customary supply
risk evaluation factors has been enumerated and a standard risk
evaluation methodology is recommended by multiplying
probability, consequence and duration of risks. Finnman [16]
proposes a supply risk management framework and a
methodology to evaluate risks to help supplier selection
process. It uses preliminary hazard analysis (PHA) to filter out

352

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table 1
Summary of existing research (inbound supply risk)
Citations

Kraljic [13]

Steele and Court [14]

Zsidisin and Ellram [15]

Finnman [16]

Zsidisin [2]

Risk classification
Risk identification
Risk calculation
Implementation/validation

Chain dependent
Product-focused
No calculation
No

Chain dependent
Product-focused
Weighted sum
No

Chain dependent
Product-focused
Highest factorial risk
Yes

Chain dependent
Supplier-focused
AHP
Yes

Chain dependent
Product-focused
No calculation
Yes

low risk suppliers. The rest of the high-risk suppliers undergo a

second phase risk evaluation using analytical hierarchy
processing (AHP) technique. While it has been proven that
AHP is effective to evaluate the risks, Finnmans work deals
with one level pair-wise comparison risk and the issue of
consistency not considered. Zsidisin and Ellram [15] propose a
10-step approach for risk assessment by giving equal
importance for 8 identified risk factors and using a 5-point
nominal risk scale. The maximum of the factorial risk is
assigned as the overall risk of a project. It implements a
nominal risk scale using a scorecard based on best practice case
study. In 2003, Zsidisin [2] extends his work to propose a new
supply risk classification system and identifies key risk factors
based on case studies and managerial interviews.
Next, the literature is compared based on the four
components discussed in Section 2.1. Table 1 summarizes
the results.
In summary, all of the models are developed not for general
supply chains but are supply chain type dependent. Secondly,
most of existing research relies on a product-focused approach.
While this approach has value, a supplier-focused approach
may be more appropriate from a supply risk identification
perspective. Certainly, it has been recognized that with
approaches such as lean manufacturing, total quality management (TQM) and other initiatives applied to the growing
number of global supply chains, these systems are more than
ever, susceptible to disruptive events [24]. Managing risk from
a supplier perspective in such large global networks can help
companies to identify and manage sources of risk to their
inbound supply. (See Zsidisin et al. [25] for a high level analysis
of inbound supply risk assessment methods found through case
studies of seven firms.) Thirdly, choosing the risk calculation
technique is crucial. A variety of methods including weighted
sum, highest factorial risk and AHP (a basic version that does
not consider consistency) are used. AHP is a promising
technique, which reduces the complex and error-prone risk
assessment process to a series of straightforward one-to-one
comparisons, then synthesizes results. Yet, the consistency
issue in AHP needs to be addressed. Lastly, the system should
be implemented to aid both sourcing decisions and strengthening the existing supply base. Based on these findings, there is a
need for an integrated methodology to address inbound supply
risk that is discussed in the following section.
3. Proposed inbound supply risk methodology
In this research, an inbound supply risk analysis
methodology is proposed, which includes four components:

(1) a supply chain independent risk classification; (2)

supplier-based risk identification; (3) an enhanced AHP
based risk calculation; and (4) a prototype computer implementation system. The first three components are detailed in
this section and the implementation system is explained in
Section 4.
3.1. Risk classification
In this paper, a wide range of inbound supply risk
characteristics have been compiled from reviewing the
literature and conducting industry interviews with supply
chain and purchasing executives to create a new hierarchical
supply risk classification system. Table 2 lists examples of the
risk factors identified from the literature review.
Based upon a literature review and industry interviews a
hierarchical inbound risk classification system is created based
upon internal and external types of risk. Executives from four
different industries were interviewed as a validation method
and were asked to critique the classification. Industries
interviewed included PC manufacturing (assembly and
distribution), PC manufacturing (OEM component manufacturer), information technology and food manufacturing.
Examples of job titles interviewed included Vice President
of Operations, Vice President of Procurement, and Procurement
Manager and Project Manager. Using the literature base and the
interviews, the authors have enumerated and classified inbound
supply risk factors. These factors have been grouped by the
following categories: internal: controllable, partial controllable, and uncontrollable and external: controllable, partial
controllable, uncontrollable. The hierarchical structure of the
risk classification system is based upon the following
categories:

Internal Controllable refers to the internal risk factors that
originate from sources that are most likely controllable by the
company. Examples are the quality and cost of the product.

Internal Partially Controllable refers to the internal risk
factors that originate from sources that are partially
controllable by the company. For example, fire accident in
the company.

Internal Uncontrollable refers to the internal risk factors
that originate from sources that are uncontrollable by the
company.

External Controllable refers to the external risk factors
that originate from sources that are most likely controllable
by the supplier company. For example, selection of the next
tier suppliers.

T. Wu et al. / Computers in Industry 57 (2006) 350365

353

Table 2
Risk factors identified by literature review
Source

Factors

Cooke [26]

Risks of supplying market from or over-dependence on a foreign plant,

especially during times of political tension, and risk stemming from
increased regulation
Quality, delivery, price, production facilities and capacity, technical capability,
financial position, management and organization, performance history,
warranties and claim policies
Procedural compliance, communication system, operating controls, and
labor relation record
Personnel lacking knowledge and ability to manage/absorb new processes
Lockout or shutdown of transportation hubs such as docks, impacts of
conflicts between employer management and labor groups, and
reaction of employers in the form of work slowdowns to changes such
as deployment of information technology
Natural accidents, normal accidents (system overloads), and abnormal
accidents (deliberate evil intentions)
Impacts of labor law and trade policy, and different corporate cultures
and complex management structures between vendor and supplier
Terrorism, cyber-vandalism, other criminal activity, natural disasters
Natural disaster and technology failure
Natural events like earthquake, floods, or summer heat wave
Price, inventories and schedule, technology, and quality
Changes in markets, products, technology, competitors and
governmental regulations.
Availability, configuration, and currencies
Supplier integration and communication
Capacity constraints, cycle time, disasters, financial health of suppliers,
legal liabilities, currency fluctuations, management vision, market price
increases, incompatible information systems, and product design changes
Unanticipated changes in the volume requirements and mix of items needed,
production or technological changes, price increases, product unavailability,
and product quality problems

Dickson [27]

Gooley [28]
Machalaba and Kim [29]

Mitroff and Alpalsan [30]

Seaman and Stodghill [31]
Simpson [20]
Stafford et al. [32]
Terhune [33]
Treleven and Schweikhart [34]
van der Vorst and Beulens [9]
Virolainen and Tuominen [35]
Wagner [36]
Zsidisin [2]

Zsidisin and Ellram [3]

External Partially Controllable refers to the external risk

factors that originate from sources that are partially controllable
by the supplier company. For example, customer demand can be
partially impacted by companys promotion plan.

External Uncontrollable refers to the external risk factors
that originate from sources that are uncontrollable by the
supplier company. Examples are nature disasters such as
earthquake, tsunami.
The system is based upon a difference of internal versus
external type of risks. This helps the manager get a clear idea of
where the risks are located. Controllable versus partial
controllable versus uncontrollable again helps the manager
clearly identify the type of risk factors in order to better
determine how to handle avoid or mitigate each type. The
industry executives interviewed are confirmed and fine-tuned
this classification through series of interviews.
The proposed classification structure addresses all the key
aspects of a classification system. It gives a collective
viewpoint of factor groups. From a tactical perspective, it
will enable supply managers to identify the group of factors that
contributes the maximum level risk. This will enable supply
managers to classify the importance (in the risk management
process) for every group of factors. In a strategic perspective it
will enable the ability to outline long-term plans.

3.2. Risk identification

Risk identification is an important component in the risk
analysis procedure. The procedure followed in this research
included: (1) developing a set of risk factors based upon a
review of the relevant supply risk literature; (2) creating a
prototype classification system for supplier based risk; (3)
validating the classification system with industry managers: an
electronics distributor, a food services manufacturer, an
electronics manufacturer, and a PC manufacturer; (4) finalizing
the risk classification system (using both the literature review
and the industry interviews) comprised of 54 individual factors;
and (5) consolidating these factors into 19 supply risk groups.
Fig. 1 shows the consolidated factors. Definitions of each factor
group are presented in Appendix A.
3.3. Risk calculation
The key aspects of this phase are: (1) calculate the relative
weights of the risk factors at two levels of the classification
system; (2) evaluate the probability of the occurrence of each
risk factor; (3) calculate the risk (the weight of the risk factor *
the probability of the risk factor). In this research, the
occurrence probability is collected from industry manager and
is given. Therefore, techniques to compute the relative weights

354

T. Wu et al. / Computers in Industry 57 (2006) 350365

Fig. 1. Identified risk factors fitted into the new classification system.

of risk factor and carry out the risk calculation are the focus of
this research.
3.3.1. AHP with enhanced consistency
AHP is a multi attribute decision-making (MADM)
technique [37]. It enables a decision maker to structure a
MADM problem visually in an attribute hierarchy. Dey [38]
states that as risks are subjective by nature and AHP is an
effective tool for predicting risk. AHP provides a flexible and
easy to understand way of analyzing complicated problems. It
allows for both subjective and objective factors to be
considered. Additionally many risk factors are conflicting
where achieving success in one factor lead to sacrificing
another. Therefore, AHP gives managers a rational basis for
decision-making.
AHP depends on a hierarchy where the top level drives the
focus of the problem and the bottom level consists of the
decision options. Dey [38] states that once a hierarchy is
constructed, the decision-maker begins a prioritization procedure to determine the relative importance of the elements in
each level of the hierarchy. The elements in each level are
compared as pairs with respect to their importance in making

the decision under consideration. A verbal scale is used in AHP

that enables the decision-maker to incorporate subjectivity,
experience, and knowledge in an intuitive and natural way.
After comparison matrices are created, relative weights are
derived for the various elements. The relative weights of the
elements of each level with respect to an element in the adjacent
upper level are computed as the components of the normalized
eigenvector associated with the largest eigenvalue of their
comparison matrix. Composite weights are then determined by
aggregating the weights through the hierarchy. This is done by
following a path from the top of the hierarchy to each
alternative at the lowest level, and multiplying the weights
along each segment of the path. The outcome of this
aggregation is a normalized vector of the overall weights of
the options. A comprehensive understanding of AHP can be
found in Saaty [37].
The methodology presented in this paper is an integrated
approach to risk management utilizing an enhanced AHP. To
effectively utilize AHP, a two level risk classification
structure is developed. After the classification, enhanced
AHP is applied to quantify the risk to give the manager a
measure of the robustness or the vulnerability of the supply

T. Wu et al. / Computers in Industry 57 (2006) 350365

355

Fig. 2. AHP consistency algorithm [43].

chain. As stated earlier, AHP is applied hierarchically. Here,

AHP is used for first level, to rank how important one
category is over another category. Next is a comparison of
important one factor is over another factor in the same
category. Therefore, two weights exist. Additionally, a
subjective measure of the probability of occurrence is
considered for each risk so that the measure includes not
only its importance but also probability of occurrence. AHP
has been applied to a variety of research issues including:
supplier selection [39], design of automated cellular
manufacturing systems [40], sourcing decisions [41], and
software selection [42], just to name a few. While traditional
AHP proven effective in decision-making, inconsistency can
be an issue. AHP consistency is also known as the consistency
ratio (CR). This consistency ratio simply reflects the
consistency of the pair-wise judgments. For example,
judgments should be transitive in the sense that if A is
considered more important than B, and B more important than
C, then A should be more important than C. If, however, the
user rates A is as important as C, the comparisons
are inconsistent and the user should revisit the assessment.
Saaty [37] explains that CR is calculated by using the
equation in (1), where x stands for the maximum eigenvalue
of the pair-wise matrix, and n is the size of the pair-wise
matrix, RI is the random index value recommended by
Saaty [36].
CR

x  n=n  1
RI

(1)

AHP has some tolerance for inconsistency, but comparisons

with a consistency index that exceeds 0.1 should be
reconsidered [43]. A number of methods were examined that
deal with inconsistency including Peters and Zelewski [44],
Ishizaka and Lusti [45], and Wedley et al. [46]. The method by
Peters and Zelewski [44] was chosen based upon its ability to
convert an inconsistent matrix into a consistent matrix as it

tends to lead to smaller Euclidean distance (the measure of

inconsistency by measuring eigenvector values in a matrix) in
comparison experiments on a small dataset. The detailed
consistency algorithm is explained in Fig. 2.
3.3.2. Enhanced AHP for risk calculation
In general, AHP reduces complex decisions to a series of oneto-one comparisons, then synthesizes results based on hierarchical structure. In this research, AHP is applied to calculate the
weights, a factor indicating how important the particular risk is.
First, comparison among six risk types Internal Controllable,
Internal Partially Controllable, Internal Uncontrollable,
External Controllable, External Partially Controllable and
External Uncontrollable is conducted with Wi (i = 1, . . ., # of
risk types) calculated. Second, the comparison within each risk
type is conducted with RWij calculated (i = 1, . . ., # of risk
types, j = 1, . . ., # of factors in the ith risk type). With the
probability of each Level II factors provided by manager, termed
Pij (i = 1, . . ., # of risk types, j = 1, . . ., # of factors in the ith risk
type), the risk can be quantified by:
IUF

n X
m
X

Wi  RWij  Pij

i1 j1
n X
m
X
Pij 1

(2)

i1 j1

i 1; 2; . . . n
j 1; 2; . . . m
where IUF stands for integrated uncertainty factor, which is
overall risk value for a supplier. Note that given six types of
risks discussed above, n is set to 6.
The detailed procedure is as follows: first, the original pairwise comparison matrix MI is obtained from the supply chain
manager. MI is 6  6 matrix indicating the comparison between
6 Level I factors (categories). The consistency algorithm
(Fig. 2) is then called to get Wi (i = 1, . . ., 6). Second, the supply

356

T. Wu et al. / Computers in Industry 57 (2006) 350365

Fig. 3. Implementation system architecture.

chain manager sets the original pair-wise comparison matrices

MII(1), MII(2), MII(3), MII(4), MII(5), MII(6), where MII(1) is
12  12 matrix, MII(2) is 4  4 matrix, MII(5) is 3  3 matrix
and MII(6) is 3  3 matrix indicating the comparison between
the Level II factors under each category. Note there is no need to
retrieve MII(3) and MII(4) due to the fact that MII(3) has no
factor specified and MII(4) has only one factor. Again, the
consistency algorithm (Fig. 2) is called to generate RWij (i =
1, . . ., 6, j = 1, . . ., # of factors in the ith risk type). Third, the
supply chain manager sets the probability of occurrence of each
level II factors (i = 1, . . ., 6, j = 1, . . ., # of factors in the ith risk
type). Eq. (2) is then used to calculate IUF for each risk factor.
Introducing Wi helps to evaluate a group of risk factors as a
single entity, and to evaluate peer risk factors of similar origin.
Introducing RWij helps to evaluate consequence or impact-onbusiness due to a risky event caused by that factor, and gives
required level of importance depending on the impact of that
risk factor. Pij defines the probability of occurrence of each risk
factor, which helps to evaluate likelihood of a risky event
occurring due to that risk factor. Note Wi and RWij are
calculated from AHP and Pij is provided by the supply chain
manager. Though, subjectivity might be introduced as the
probability of occurrence is input by manager, the method is
based upon getting the inputs for AHP matrices. This can be
certainly improved by plugging in a module to compute the
probability based on collected historical data, which will be
conducted in future research.
4. Prototype system implementation
It is interesting to note that some commercial software
packages, such as Expert Choice, Super Decision Software,
have been developed in an attempt to address supply risk
management. Yet, the unique two level structure and risk
calculation proposed by this research cannot be conducted
solely by such commercial software. Therefore, a prototype
system is developed and implemented in a case application to
validate the proposed framework. The application is implemented in .NET programming environment using VB.NET and
SQL Server 2000. The data can be pooled from a SQL database
server. VB.NET is used to build up forms as the front end user
interfaces. The system can be easily extended with Web forms

as user interfaces to get inputs, which most existing software is

not capable of. The overall architecture of the application with
three components identified is presented in Fig. 3. The
respective process flow charts of each component are illustrated
in Fig. 4.
4.1. Risk classification and identification
The main functionality of this component is to establish the
basic risk classification structure and fit the identified risk
factors in appropriate categories in the classification system. As
discussed in Section 3, the proposed model recommends a twolevel classification system with six-types in the second level. A
feature of this component is to let the managers customize risk
classification system. Similarly, the proposed model in Section
3, recommends a set of 19 risk factors that falls in either one of
the six risk types. Note that the managers can create their own
customized set of risk factors by adding new factors, dropping
existing factors or modifying existing factors.
The process flow of risk classification component is
represented as the first branch in Fig. 5. Steps include
customization of the risk factors, identification of the factors
and a finalized conformation.
4.2. Data input and comparison
The main functionality of this component is to obtain user
input data for pair-wise comparison matrices and the
probability of occurrence for each risk factor. As discussed
in Section 3, there would be a total of n + 1 pair-wise
comparison matrices, where n is the total number of risk types.
The first matrix will always compare risk types and the
following matrices will compare risk factors within each risk
type. As the main purpose of pair-wise comparison is to obtain
relative weights for risk types and risk factors within each risk
type, this component is designed to do the calculation for
relative weights and consistency ratio using the data inputted
from pair-wise matrices.
The process flow of data input component is represented as
the second branch in Fig. 5. There are two sub-branches in this
component. The first sub-branch is for pair-wise data input
while the second sub-branch is for probability data input. In the

T. Wu et al. / Computers in Industry 57 (2006) 350365

357

Fig. 4. Process flow.

first sub-branch, the first form would be to obtain pair-wise

inputs for risk types and depending on how many risk types are
chosen in the risk classification component, there would be that
many number of pair-wise forms for risk factors. Immediately
after obtaining user input for each pair-wise matrix, the
consistency ratio will be calculated and if it is above threshold
value established by Saaty [36], then the consistency
improvement algorithm will be executed and the matrix scores
will be modified so that the matrix is turned into a consistent
matrix. Finally, after the matrix is reconfigured, the relative
weights will be calculated and displayed. In the second subbranch, the first form is to add new supplier information or
choose a particular supplier to proceed further to the next form
to enter probability of occurrence for each risk factor.

4.3. Risk analysis and summary measure

This component calculates the overall and factor-wise risk
for each supplier. The main functionality of this component is
to calculate risk based on the formula given in Section 3. The
risk calculation utilizes relative weights calculated from the
previous component. The risk value is calculated for every
risk factor and is also summed up to give the overall risk
value.
The third branch of the process flow chart in Fig. 5 represents
this component. The first form is for choosing a particular
supplier from the list of existing suppliers. The second form is
to calculate factor-wise and overall risk for that supplier and
display it in a use-friendly manner.

Fig. 5. Customize risk classification category/sub-categories.

358

T. Wu et al. / Computers in Industry 57 (2006) 350365

Fig. 6. Risk calculation data input.

5. Industry application of the prototype system

5.4. Step 4: risk analysis

In this section, the inbound supply risk analysis model is

applied to a major US PC manufacturer. The company termed
PC manufacturer (PCM) designs, develops, manufactures and
supports a wide range of computer systems to custom
requirements. PCM relies heavily of its supply base and
therefore, managing inbound supply risk is of interest to PCM.
The model was applied to two key suppliers to test the
application system and the results were discussed with supply
chain managers for validation of the results.

The PCM case was implemented and the final results were
obtained from the risk analysis component of the application.
Two suppliers (denoted as Supplier-1 and Supplier-2) were
analyzed to estimate the level-of-risk they pose to the inbound
supply of PCM. It was found that Supplier-2 was riskier than
Supplier-1. In a risk scale of 01, the risk values were
determined to be 0.31 for Supplier-2 and 0.17 for Supplier-1. In
other words, Supplier-2 is almost 80% more risky than
Supplier-1. Refer Fig. 8 for details. As a word of caution, this
risk value is just an indicator of which zone is riskier than the
other, but it does not necessarily give an absolute value.
Fig. 9(a) provides detail of Supplier-1s risk among the 4 risk
types. It is interesting to note that 89% of the risk is caused due
to internal factors and 11% is due to external factors. This might
sound a caution to assign more resources to managing internal
risks. Among external factors, risks due to uncontrollable
factors are higher than partially controllable factors. This infers
that though uncontrollable factors generally have less probability-of-occurrences it still has a large consequence-ofoccurrence. Similarly, Fig. 9(b) provides detail of Supplier-2s

5.1. Step 1: risk classification

The proposed model offers 6 risk types and 19 risk factors in
each risk type. The implementation system allows the manager
to customize the model by only picking the factors that are
applicable to their supply base (shown in Fig. 5). In this case,
four types of risk are considered: Internal Controllable,
Internal Partially Controllable, External Partial Controllable and External Uncontrollable. Thus, the pair-wise
comparison matrix MI is 4  4 matrix.
5.2. Step 2: input data
As shown in Fig. 6, the data for pair-wise matrices and
probability of occurrence are entered in this component. The
first part deals with calculating relative weights for risk types
and risk factors. There is one matrix for comparing 4 risk types
and four matrices for comparing risk factors within each risk
type. The second part handles the probability of occurrence of
each risk factor. See Tables A.6A.11 in the appendix for
detailed data input from the PCM supply chain manager.
5.3. Step 3: risk calculation
After all the information is entered, the AHP consistency
algorithm (Fig. 2) is first applied to the matrices gathered from
Step 2 to get Wi (i = 1, 2, 3, 4) and RWij (i = 1, . . ., 4, j = 1, . . ., #
of factors in the ith risk type). Given probability information,
Eq. (2) is then used to calculate the integrated risk value
(Fig. 7).

Fig. 7. Risk calculation for one supplier.

T. Wu et al. / Computers in Industry 57 (2006) 350365

Fig. 8. Comparative analysis of overall risk values.

risk among the 4 risk types. Supplier-2 gets most of its risk from
internal factors. Note that within internal factors; partially
controllable risk is higher than it was in Supplier-1s case. This
means that factors like suppliers market strength, and
continuity of supply needs to be monitored more carefully
than it was in Supplier-1.
A detailed treatment of risk factors will help to gain insights
on prioritizing future risk management activities. A Pareto
analysis of relative weights among risk factors revealed that the
top 5 factors garnered 80% of PCMs attention among a total of

359

18 risk factors. Cost, quality, on-time delivery, continuity of

supply, and engineering/production were the 5 risk key factors
for PCM.
The graph in Fig. 10 shows a comparative analysis between
Supplier-1 and Supplier-2 on each of the top-10 risk factors.
The risk factors are arranged as per PCMs preference level
from left to right. It is clearly seen that Supplier-2 considerably
exceeds Supplier-1 in almost all risk factors. In examining the
top-5 factors it is clear that Supplier-2 is riskier than Supplier-1
in quality, on-time delivery, and continuity of supply. Therefore, emphasis must be laid on Supplier-2s management to
reduce risk in top-5 factors especially the 3 factors mentioned
above.
Supplier-1 should also continuously work to bring down the
probability of occurrence on its key risk factors, which will help
to reduce its overall risk. Table 3 gives the exact risk scores for
the top-10 risk factors for Supplier-1 and Supplier-2.
In another analysis conducted separately for Supplier-1 and
Supplier-2, it was found that Supplier-1 and Supplier-2 had
different sets of top-5 risk factors. Though, Supplier-1 and
Supplier-2s top-5 factors are more similar to PCMs top-5
factors they were ordered in a different manner. The top 5 risky
factors for Supplier-1 were cost, on-time delivery, quality,

Fig. 9. Percentage of total risk by risk categories for Supplier-1 and Supplier-2.

Fig. 10. Comparative analysis of suppliers.

360

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table 3
Comparative analysis of suppliers on PCMs top10 risk factors
Risk factors

PCMs
preference (%)

Risk of
Supplier-1

Risk of
Supplier-2

Cost
Quality
On-time delivery
Continuity of supply
Engineering/production
II Tier supplier
Demand
Internal legal issues
Natural/man-made disasters
Politics/economics
Others

23.153
21.727
18.838
11.767
3.978
2.979
2.832
2.589
2.414
2.414
7.305

0.046
0.021
0.037
0.011
0.015
0.008
0.002
0.002
0.009
0.002
0.018

0.046
0.065
0.075
0.058
0.019
0.011
0.011
0.002
0.007
0.002
0.017

engineering/production and continuity of supply. These 5

factors contribute to 80% of total risk value for Supplier1. The
top 5 risky factors for Supplier-2 were on-time delivery, quality,
continuity-of-supply, cost, and engineering/production. These
5 factors contribute to 87% of total risk value for Supplier-2.
6. Conclusion and future research
Managing risk in inbound supply chain operations has
become increasingly important in todays competitive and
globally dispersed environment. Supply chain managers spend
a significant amount of time and resources to manage inbound
supply risk. Some methods include implementing safety
mechanisms such as expediting orders, frequent checking of
order status, and buffer inventories. Recent events such as 9/11
and labor strikes have brought the issue of risk to the forefront
and while risk management is listed on agenda of many

companies, the implementation is disjointed and inconsistent.

In fact, in many cases it is up to the managers experience to
assess and evaluate the risk. In addition, the major research gaps
identified are analyzing the risks from root cause, generating
comprehensive list of risk factors and fitting into a suitable risk
classification system to strengthen the risk management
methodologies. There is, therefore, a need for an integrated,
systematic approach to assess and manage inbound supply risk.
This paper has presented an inbound supply risk analysis
methodology to classify, manage and assess the risks. This
methodology classifies the risk factors in a hierarchical
structure that, identifies supplier-oriented risk factors collectively through both literature review and managerial interviews,
and applies analytical hierarchy processing technique to
calculate weight of risk factors, which is an indicator how
important the risk factor is. A scalable, customizable
implementation presented for ease of use.
The model developed was built to address the key aspects of
a risk analysis procedure and proved to be promising. However,
there are some recommendations for further developments.
First, the scope of the model is limited to a single-tier
environment. It could be extended to multi-tier supply chain.
Secondly, the risk calculation equation in the current model did
not consider the length of time a particular risk exists but just
considers the probability and consequence of occurrence. It can
be improved by including a time parameter while calculating
the risk. Thirdly, the probability of the factors is collected from
industry; this can be improved by computing the probability
based on historical data.
Appendix A
See Tables A.1A.11.

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table A.1
Internal controllable risk factors

361

362
Table A.2
Internal partially controllable risk factors

Table A.3
External controllable risk factors

Table A.4
External partially controllable risk factors

T. Wu et al. / Computers in Industry 57 (2006) 350365

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table A.5
External uncontrollable risk factors

Table A.6
Pair-wise matrix for risk types

Table A.7
Pair-wise matrix for risk factors in Internal Controllable

Table A.8
Pair-wise matrix for risk factors in Internal Partially Controllable

363

364

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table A.9
Pair-wise matrix for risk factors in External Partially Controllable

Table A.10
Pair-wise matrix for risk factors in external uncontrollable

Table A.11
Probability for risk factors
No.

Risk factors

Probability for Supplier 1

Probability for Supplier 2

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.

Quality
Cost
On-time delivery
Engineering/production
Technical/knowledge resources
Financial and insurance issues
Management related issues
Accidents
Market strength
Internal legal issues
Continuity of supply
II Tier supplier
External legal issues
Demand
Security
Natural/man-made disasters
Political/economical stability
Market characteristics

1
2
2
4
3
7
6
1
2
1
1
3
2
1
2
4
1
1

3
2
4
5
4
2
4
2
3
1
5
4
1
4
2
3
1
3

References
[1] G.A. Zsidisin, Defining supply risk: a grounded theory approach, in:
Proceedings from the Decision Sciences Institute Annual Meeting, San
Diego, CA, 2002.
[2] G.A. Zsidisin, Managerial perceptions of supply risk, Journal of Supply
Chain Management 39 (1) (2003) 1425.
[3] G.A. Zsidisin, L.M. Ellram, An agency theory investigation of supply risk
management, Journal of Supply Chain Management 39 (3) (2003) 1529.
[4] C. Riddalls, S. Bennett, N. Tipi, Modeling the dynamics of supply chains,
International Journal of Systems Science 31 (8) (2000) 969976.
[5] D. Taylor, D. Brunt, Manufacturing Operations and Supply Chain Management: The Lean Approach, Thomson International Business Press,
London, England, 2001.
[6] E.M. Goldratt, J. Cox, The Goal: A Process of Ongoing Improvement,
North River Press, Great Barriton, Mass, 1992.
[7] L.M. Fisher, J.H. Hammond, W.R. Obermeyer, A. Raman, Making Supply
Meet Demand in an Uncertain World, Harvard Business Review, May
1994.
[8] D.J. Kulonda, Managing erratic demand: the multi-channel manufacturing
approach, Journal of Textile and Apparel Technology and Management 2
(3) (2002).

(010% Probability)
(1020% Probability)
(1020% Probability)
(3040% Probability)
(2030% Probability)
(6070% Probability)
(5060% Probability)
(010% Probability)
(1020% Probability)
(010% Probability)
(010% Probability)
(2030% Probability)
(1020% Probability)
(010% Probability)
(1020% Probability)
(3040% Probability)
(010% Probability)
(010% Probability)

(2030% Probability)
(1020% Probability)
(3040% Probability)
(4050% Probability)
(3040% Probability)
(1020% Probability)
(3040% Probability)
(1020% Probability)
(2030% Probability)
(010% Probability)
(4050% Probability)
(3040% Probability)
(010% Probability)
(3040% Probability)
(1020% Probability)
(2030% Probability)
(010% Probability)
(2030% Probability)

[9] J. Van der Vorst, A. Beulens, Identifying sources of uncertainty to generate

supply chain redesign strategies, International Journal of Physical
Distribution and Logistics Management 33 (6) (2002) 409430.
[10] E. Hellweg. Supply-chain hero. Business 2.0 [Online], available: https://
www.business2.com/subscribers/articles/mag/0,1640,35883,00.html,
January 2002.
[11] J. Martha, S. Subbakrishna, Targeting a just-in-case supply chain for the
inevitable next disaster, Supply Chain Management Review 6 (5) (2002)
1824.
[12] J. Martha, Just-in-case operations, Warehousing Forum 17 (2) (2002).
[13] P. Kraljic, Purchasing must become supply management, Harvard
Business Review (September 2001) 407415.
[14] P.T. Steele, B.H. Court, Profitable Purchasing Strategies: A Managers
Guide for Improving Organizational Competitiveness through the Skills of
Purchasing, McGraw-Hill Press, London, 1996.
[15] G.A. Zsidisin, L.M. Ellram, Supply risk assessment analysis, Practix 2 (4)
(1999) 912.
[16] F. Finnman, Supplier Selection when Considering Risks for Disturbances
in the Inbound Flow to ScaniaA Model for Supply Chain Risk Management, M.S. thesis, Dept. of Industrial Management and Logistics, Division
of Engineering Logistics, Lund Institute of Technology, Lund, Sweden,
2002.

T. Wu et al. / Computers in Industry 57 (2006) 350365

[17] J. Hallikas, V.-M. Virolainen, M. Tuominen, Risk analysis and assessment
in network environments: a dyadic case study, International Journal of
Production Economics 78 (2002) 4555.
[18] J.H.M. Tah, V. Carr, Towards a framework for project risk knowledge
management in the construction supply chain, Advances in Engineering
Software 32 (2002) 835846.
[19] P.N. Sharratt, P.M. Choong, A life-cycle framework to analyze business
risk in process industry project, Journal of Cleaner Production 10 (2002)
479493.
[20] G.A. Zsidisin, A. Panelli, R. Upton, Purchasing organization involvement
in risk assessments, contingency plans, and risk management: an exploratory study, Supply Chain Management: An International Journal 5 (4)
(2000) 187197.
[21] C. Chapman, S. Ward, Project Risk Management, Wiley Europe Press,
West Sussex, UK, 1996.
[22] E.H. Conrow, Effective Risk Management: Some Keys to Success, AIAA
Press, Reston, VA, 2000.
[23] V. Chidambaram, Supply Chain Risk Management: A Study on Inbound
Supply Risk Analysis, MS Thesis, Arizona State University, Department
of Industrial Engineering, 2003.
[24] G. Zsidisin, S. Melnyk, G. Ragatz, An institutional theory perspective of
business continuity planning for purchasing and supply management,
International Journal of Production Research 43 (16) (2005) 34013420.
[25] G. Zsidisin, L. Ellram, J. Carter, J. Cavinato, An analysis of supply risk
assessment techniques, International Journal of Physical Distribution and
Logistics Management 34 (5) (2004) 97413.
[26] J.A. Cooke, Brave new world, Logistics Management & Distribution
Report 41 (1) (2002) 3134.
[27] G.W. Dickson, An analysis of vendor selection: systems and decisions,
Journal of Purchasing 2 (1) (1996) 517.
[28] T.B. Gooley, Take charge of change! Logistics Management & Distribution Report 38 (8) (1999).
[29] D. Machalaba, Q.S. Kim, West coast docks are shut down after series of
work disruptions, The Wall Street Journal (Eastern Edition) A.2. (September 30) (2002).
[30] I. Mitroff, M. Alpasan, Preparing for evil, Harvard Business Review (April
2003) 109115.
[31] B. Seaman, B. Stodghill, Here comes the road test: the Daimler-Chrysler
deal, Time 151 (19) (1998) 6669.
[32] G. Stafford, L. Yu, A.K. Armoo, Crisis management and recovery: how
Washington, DC, hotels responded to terrorism, Cornell Hotel and Restaurant Administration Quarterly 43 (5) (2002) 2740.
[33] C. Terhune, Coke sees 12% increase in earnings. Problems in Japan, India
are offset by lower taxes and brisk sales in Europe, The Wall Street Journal
(Eastern edition) B5 (17) (2003).
[34] M. Treleven, S.B. Schweikhart, A risk/benefit analysis of sourcing
strategies: single vs. multiple sourcing, Journal of Operations Management 7 (4) (1988) 93114.
[35] V. Virolainen, M. Tuominen, Hankintatoimeen liittyvat riskit teollisuusyrityksessaK, in: H. Kuusela, R. Ollikainen (Eds.), Riskit ja Riskienhallinta, University Press, Nancy, 1998, pp. 164178.
[36] S. Wagner, Intensity and managerial scope of supplier integration, Journal
of Supply Chain Management 39 (4) (2003).
[37] T.L. Saaty, The Analytic Hierarchy Process, McGraw-Hill Press, New
York, 1980.
[38] P. Dey, Decision support system for inspection and maintenance: a case
study of oil pipelines, IEEE Transactions on Engineering Management 15
(1) (2004) 4756.
[39] C. Kahraman, U. Cebeci, Z. Ulukan, Multi-criteria supplier selection
using fuzzy AHP, Logistics Information Management 16 (6) (2003).
[40] F. Chan, K. Abhary, Design and evaluation of automated cellular manufacturing systems with simulation modelling and AHP approach: a case
study, Integrated Manufacturing Systems 7 (6) (1996).

365

[41] R.P. Mohanty, S.G. Deshmukh, Use of analytic hierarchic process for
evaluating sources of supply, International Journal of Physical Distribution and Logistics Management 23 (3) (1993).
[42] H. Min, Selection of software: the analytic hierarchy process, International Journal of Physical Distribution and Logistics Management 22 (1)
(1992).
[43] G.R. Finnie, G.E. Wittig, An intelligent web tool for collection of
comparative survey data with an application to IS curriculum design,
in: Proceedings of the 10th Australasian Conference on Information
Systems, Wellington, New Zealand, December 13, 1999.
[44] M.L. Peters, S. Zelewski, A heuristic algorithm to improve the consistency
of judgments in the analytical hierarchy process. Universitat DuisburgEssen,Essen,Germany [Online], available: http://www.pim.uni-essen.de/
publikationen/peters/bericht18.pdf, 2003.
[45] Ishizaka, M. Lusti, An expert module to improve the consistency of
AHP matrices, in: Proceedings of the 9th International Conference
on Operational Research KOI 2002, Trogir, Croatia, (2003), pp. 215
223.
[46] W.C. Wedley, B. Schoner, T.S. Tang, Starting rules for incomplete
comparisons in the analytic hierarchy process, in: V. Luis, M.Z. Fatemeh
(Eds.), Analytic Hierarchy Process, Mathematical and Computer Modeling, 17, 45, Pergamon Press, Oxford, 1993, pp. 93100.
Tong (Teresa) Wu (teresa.wu@asu.edu) is an assistant professor in Industrial Engineering Department
of Arizona State University. Teresa has published
papers in International Journal of Concurrent Engineering: Research and Application, International
Journal of Agile Manufacturing, International Journal of Product Research. She received her PhD from
the University of Iowa. Her main areas of interests
are in supply chain management, multi-agent system,
data mining, computer integrated manufacturing.
Jennifer Blackhurst, PhD is Assistant Professor of
Logistics and Supply Chain Management in the
College of Business at Iowa State University. She
received her doctorate in Industrial Engineering
from the University of Iowa in 2002. Her research
interests include: Distributed Systems/Supply Chain
Modeling and Design; Supply Chain Disruption
Modeling and Management; and Collaborative Product Development. Her publications have appeared
or been accepted in such journal as Journal of
Operations Management, International Journal of Production Research,
Supply Chain Management Review and ASME Transactions: Journal of
Computing and Information Science in Engineering. She is a member of
POMS, INFORMS and DSI.
Vellay Chidambaram specializes in the fields of
manufacturing and warehouse operations, and
supply chain management. He currently works for
a high-tech computer manufacturing and services
company located at Austin, TX. This paper is a
masters thesis work pursued by Vellay at Arizona
State University in 2003. He graduated with a BE in
Mechanical Engineering from Bharathiar University,
India and a MS in Industrial Engineering from
Arizona State University. Contact address: Vellay
Chidambaram, 12001 Dessau Road #1624, Austin, TX 78754, USA. E-mail:
vellaychiddu@yahoo.com. Tel.: +1 512 294 8818.