International Journal of Physical Distribution & Logistics Management

Emerald Article: Supplier risk assessment and monitoring for the

automotive industry
Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson

Article information:
To cite this document: Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson, (2008),"Supplier risk assessment and
monitoring for the automotive industry", International Journal of Physical Distribution & Logistics Management, Vol. 38 Iss: 2
pp. 143 - 165
Permanent link to this document:
http://dx.doi.org/10.1108/09600030810861215
Downloaded on: 13-01-2013
References: This document contains references to 38 other documents
Citations: This document has been cited by 9 other documents
To copy this document: permissions@emeraldinsight.com
This document has been downloaded 3355 times since 2008. *

Users who downloaded this Article also downloaded: *

Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson, (2008),"Supplier risk assessment and monitoring for the automotive
industry", International Journal of Physical Distribution & Logistics Management, Vol. 38 Iss: 2 pp. 143 - 165
http://dx.doi.org/10.1108/09600030810861215

Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson, (2008),"Supplier risk assessment and monitoring for the automotive
industry", International Journal of Physical Distribution & Logistics Management, Vol. 38 Iss: 2 pp. 143 - 165
http://dx.doi.org/10.1108/09600030810861215

Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson, (2008),"Supplier risk assessment and monitoring for the automotive
industry", International Journal of Physical Distribution & Logistics Management, Vol. 38 Iss: 2 pp. 143 - 165
http://dx.doi.org/10.1108/09600030810861215

Access to this document was granted through an Emerald subscription provided by DALHOUSIE UNIVERSITY

For Authors:
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service.
Information about how to choose which publication to write for and submission guidelines are available for all. Please visit
www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
With over forty years' experience, Emerald Group Publishing is a leading independent publisher of global research with impact in
business, society, public policy and education. In total, Emerald publishes over 275 journals and more than 130 book series, as
well as an extensive range of online products and services. Emerald is both COUNTER 3 and TRANSFER compliant. The organization is
a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive
preservation.
*Related content and download information correct at time of download.
 The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0960-0035.htm

Supplier risk
Supplier risk assessment assessment and
and monitoring for the monitoring
automotive industry
143
Jennifer V. Blackhurst, Kevin P. Scheibe and Danny J. Johnson
Logistics, Operations and MIS Department, College of Business, Received September 2007
Iowa State University, Ames, Iowa, USA Revised December 2007
Accepted January 2008

Abstract
Purpose – This research aims to develop a supplier risk assessment methodology for measuring,
tracking, and analyzing supplier and part specific risk over time for an automotive manufacturer.
Design/methodology/approach – Supply chain risk literature is analyzed and used in conjunction
with interviews from the automotive manufacturer to identify risks in the supply base. These risks are
incorporated into the development of a temporal risk assessment and monitoring system.
Findings – A framework of risk factors important to the auto manufacturer is presented.
A multi-criteria scoring procedure is developed to calculate part and supplier risk indices. These
indices are used in the development of a risk assessment and monitoring system that allows the
indices to be tracked over time to identify trends towards higher risk levels.
Research limitations/implications – There are a number of operational issues identified in the
paper that could be investigated in future research. One such issue is the development of alternative
risk assessment methods that would increase the sensitivity of the risk analysis.
Practical implications – The framework is implementable in firms interested in understanding and
controlling risk in their supply base. The research stems from an industry project with an automotive
manufacturer. The method is designed to be practical and easy to implement and maintain. The
system also has a visual reporting mechanism designed to provide early warning signals for potential
problems in the supply base and to show temporal changes in risk.
Originality/value – This paper presents a dynamic risk analysis methodology that analyzes and
monitors supplier risk levels over time.
Keywords Supplier chain management, Risk assessment, Supplier relations, Risk management,
Automotive industry, United States of America
Paper type Research paper

1. Introduction
Supply chain disruptions are “unplanned events that may occur in the supply chain
which might affect the normal or expected flow of materials and components”
(Svensson, 2000). The management of supply chain risk has garnered an increased focus
from supply chain managers due to the detrimental impact that supply chain glitches or
disruptions can have on supply chain performance. Supply chain disruptions can result
in a variety of problems such as long lead-times, stock-outs, inability to meet customer
demand, and increases in costs (Levy, 1995; Svensson, 2000; Riddalls and Bennett, 2002; International Journal of Physical
Chopra and Sodhi, 2004). Ultimately, these problems have an adverse effect on the Distribution & Logistics Management
Vol. 38 No. 2, 2008
financial performance of the firm (Hendricks and Singhal, 2003, 2005). While the true pp. 143-165
q Emerald Group Publishing Limited
0960-0035
The authors would like to thank Cliff Ragsdale for his help in improving this manuscript. DOI 10.1108/09600030810861215
IJPDLM costs and financial impact of these disruptions are difficult to quantify, research has
38,2 shown them to be quite large in terms of both time and money. For instance, in 1997
Boeing experienced a supplier delivery failure of two critical parts with an estimated loss
to the company of $2.6 billion (Radjou, 2002). In 2002, less than 100 workers in a
longshoreman union strike disrupted west coast port operations. It took six months for
some containers to be delivered and schedules to return to normal (Cavinato, 2004). In
144 July 2007, Toyota Motor Corporation halted production in all Japanese factories due to
an earthquake that severely damaged Riken Corporation, their major parts supplier for
piston and seal rings. Moreover, the damage to Riken affected other automotive
manufacturers, prompting suspended production at facilities for Mitsubishi Motor
Corporation, Suzuki Motor Corporation and Honda Motor Corporation, all of whom
depend on Riken for engine parts (Hayashi et al., 2007).
While the ability to manage risk effectively is critical to ensure a smooth flow of
products through the supply chain, this area has only recently received attention in
supply chain research (Jüttner et al., 2003). Traditionally, safety stock and safety lead
time buffers were used to protect against risk and uncertainty in the supply chain.
However, such measures are less attractive than they used to be due to an increased
focus on supply chain agility and responsiveness (Zsidisin et al., 2005). Consequently,
“a new focus on managing and mitigating risk which extends beyond the four walls of
a plant” is required (Peck and Christopher, 2004). This focus includes managing risk in
the supply base and provides the motivation for this study.
A major US-based automotive manufacturer, henceforward called auto
manufacturer for purposes of confidentiality, approached the authors with the
challenge to develop a supplier risk assessment and monitoring methodology that
could be used to track and analyze part and supplier risk over time. The request for
this methodology was motivated by recent disruptive events in the auto
manufacturer’s global supply chain that stopped production at a number of their
facilities. The auto manufacturer’s requirements for the methodology included:
.
it must be practical and not overly burdensome;
.
it must be quick to implement and easy to maintain;
. it must have a visual reporting mechanism; and
.
it must be able to provide early warning signals for potential problems in the
supply base and capture temporal changes in risk.

In summary, the amount of data required must be manageable and relatively easy to
obtain with results that are easy to understand and communicate across the company.
Additionally, the methodology must incorporate predictive and trend analysis
capabilities. Therefore, the focus of this research is the design of a methodology for
measuring, tracking, and analyzing supplier and part specific risk indices over time.
As such, the methodology can be used to improve the prediction and management of
supplier-based disruptive events in the supply chain.
This paper contributes to research in the area of supply chain risk management in three
ways. First, it presents a framework of risk categories and factors that are both important
to the auto manufacturer and based in the current supply chain risk literature. However,
the categories used are flexible and can be adapted to fit the needs of other industry sectors
and companies based on their own specific inherent risks. Second, this research presents a
methodology using a multi-criteria scoring procedure to calculate risk assessment scores Supplier risk
for the supply base. Specifically, the methodology takes raw data and converts it into an assessment and
appropriate form for supply risk managerial decision support for issues such as supply
base reduction, contract awards, or contract renewals. Third, the methodology is designed monitoring
to allow part and supplier risk indices to be tracked in a dynamic nature over time to
identify trends towards higher risk levels. Managers can use this information to develop
risk mitigation strategies in a proactive and preventative manner to help avoid disruptions 145
before they occur or at the very least, lessen their impact.
The remainder of this paper is organized as follows. In the next section, we review the
research literature on managing supply chain risk and supplier risk assessment tools. In
Section 3, we present our proposed multi-attribute risk analysis methodology and describe
its use. Section 4 discusses operational issues related to the proposed methodology. Section
5 serves to detail the auto manufacturer’s feedback of the proposed methodology. Finally,
we present our conclusions, limitations of the methodology, and future work in Section 6.

2. Literature review
In general, a supply risk management process consists of four components:
(1) risk identification;
(2) risk assessment;
(3) risk management decisions and implementation; and
(4) risk monitoring (Hallikas et al., 2004).
Risk identification is a subjective component within this process. Each organization is
responsible for its own risks and must identify them according to the company’s
perspective. In addition to those risks identified by specific organizations, there are
risks common to companies within and across industries. Chopra and Sodhi (2004)
presented a high-level categorization of potential risks in a supply chain, their
associated drivers, and methods for defining appropriate mitigation strategies.
Zsidison (2003) studied managerial perceptions of supply risk and used these to create
a classification of supply risk sources. Johnson (2001) discussed risks specific to the toy
industry (such as very high seasonality and the short life cycle of fad toys).
Once risks are identified, their impact and probability must be assessed. The
risk diagram shown in Figure 1 can be helpful in this respect (Hallikas et al., 2004).

Very high

High
Probability

Medium

Minor

None
Figure 1.
None Minor Medium Serious Catastrophic Risk diagram for risk
identification
Impact
IJPDLM Zsidisin et al. (2004) examined tools and techniques used by purchasing departments
38,2 within organizations to assess supply risk. Sinha et al. (2004) investigated supplier risk
in the aerospace industry and developed an integrated definition for function modeling
(IDEF0) based risk management method. IDEF0 is a structured modeling method for
developing functional or activity models of systems or enterprises (Mayer et al., 1994).
Once the model was developed, they employed failure modes and effect analysis
146 (FMEA) to analyze and prioritize potential failures. Pai et al. (2003) developed a
Bayesian network to assess and analyze supply chain risk. Wu et al. (2006) developed
an analytic hierarchy process (AHP) based supplier risk assessment tool to determine
the relative weights of individual risk factors. Using these weights and the probability
of each risk factor occurring for a supplier, an overall risk index was computed.
Methods for assessing risk are also contained in the growing literature bases on
supplier assessment and selection (see Talluri and Narasimhan, 2002 for an overview
of these methods).
Once the risks are assessed, a number of strategies can be used to manage the risk.
These include: transferring risk, taking risk, eliminating risk, reducing risk and
subdividing risk into individual levels for further analysis (Hallikas et al., 2004). Rice
and Caniato (2003) classified mitigation techniques by failure mode in a supply chain.
Zsidisin et al. (2005) examined how and why firms created business continuity plans to
manage risk in the supply chain. Zsidisin and Smith (2005) performed case study
research focused on managing supply risk through early supplier involvement.
Johnson (2001) presented strategies for dealing with risks related to toys. Faisal et al.
(2006, 2007) used graph theory and matrix methods to mitigate supply chain risk.
Finally, Nagurney et al. (2005) used multi-criteria decision-making to manage risk of
manufacturers and distributors.
The last step, risk monitoring, has received the least attention by supply chain risk
researchers and the literature has shown little focus on the tools necessary for temporal
risk monitoring. While Hendricks and Singhal (2005) have noted an increased focus on
developing tools to prevent or mitigate supply chain disruptions, we found only two
papers that actually developed prototype methods. The first methodology developed
by Humphreys et al. (2005) is a supplier assessment tool designed for new product
development processes. While the methodology does include a risk index as a part of
the measurement system, its focus is on supplier capability to meet customer
requirements. The second methodology developed by Wu et al. (2006) is an AHP-based
supplier risk assessment tool. While the method is comprehensive in its enumeration of
risk types, it becomes more difficult to use as the number of suppliers being evaluated
grows large. In addition, AHP is designed to take into account judgment and personal
values and has widespread applications for making decisions such as allocation of
resources, analyzing the impact of a policy, and resolving a conflict (Saaty, 1990).
However, it is not designed to be a temporal monitoring tool and consequently, does
not focus on assessing supplier risk over time. This same difficulty applies to the
analytic network process (ANP). ANP is used to aid decision makers in making a
choice from a myriad of options. ANP has been successful in decision making in energy
policy planning, product design, equipment replacement (Sarkis, 1998) and for
selecting a logistics service provider (Jharkharia and Shankar, 2007).
In summary, most supplier risk assessment research to date has concentrated on
categorizing and assessing risk and/or provided general insights on mitigating risks.
Of the two methodologies we did find to monitor risks, neither addresses measuring, Supplier risk
assessing and monitoring supplier risk over time. In addition, research that has assessment and
examined supplier evaluation models has indicated that most methods are too
mathematically complex to implement and understand, require excessive amounts of monitoring
data, or are too subjective (Humphreys et al., 2005; Verma and Pullman, 1998). The
system described in this paper gives managers an easy to use temporal methodology to
measure, track, and analyze supplier and part specific risk indices. This information 147
can be used in a proactive fashion to manage and monitor risk and to develop
strategies to mitigate potential supply disruptions.

3. Proposed risk assessment methodology

To aid in understanding our proposed supplier risk assessment methodology, consider
the disk brake system and related components for a car shown in Figure 2. This brake
system contains three primary components: the caliper assembly, the brake rotor, and
the hub assembly. The rotor and the wheel (not shown) are mounted on the hub
assembly. The hub assembly is attached to the suspension system of the car, and it
contains bearings that allow the hub and rotor to freely turn when the car is moving.
The caliper assembly is also mounted on the suspension system, and when the brakes
are applied, it squeezes the rotor between the brake pads causing the car to stop.
Our supplier risk assessment and monitoring methodology uses a multi-criteria
scoring procedure (also called a factor weighting procedure, see for example, Ragsdale,
2001) to develop risk indices for parts and suppliers. Multi-criteria scoring models are
often used for decision making in situations where a number of different factors must
be considered, making it appropriate for use in this situation. The disk brake system
just described will be used in the following sections to illustrate the scoring procedure
and our proposed methodology.
3.1 Categories of risk
In order to assess supplier risk, the risk categories must first be specified. The
categories included in our methodology are based on those proposed by Chopra and
Hydraulic
Brake Hose
Bleeder Disc Brake
Screw Rotor
Hub/Bearing
Assembly

Disc Brake
Caliper Hardware
Assembly
Figure 2.
Brake Pads Brake Pad Typical hub assembly,
Disc Pad Wear Shim rotor, and caliper
Brake (Typical) Sensor assembly for a disk
Source: www.midas.com/midas_u/brakes_howitworks.aspx
brake system
IJPDLM Sodhi (2004), as well as other supply chain risk assessment research (Zsidisin and
38,2 Ellram, 1999; Zsidisin et al., 2004; Zsidisin and Smith, 2005), and interviews with the
auto manufacturer. Chopra and Sodhi’s (2004) framework contained nine risk
categories: disruptions, delays, systems, forecast, intellectual property, procurement,
receivables, inventory, and capacity. Because their risk assessment framework was
general and not specific to the automotive industry, it was necessary to expand or add
148 categories to address the specific risks for this research. For example, in the Chopra
and Sodhi framework there was a risk category called delays. While this is a
reasonable category in general terms to describe delays in material flows, it is
insufficient to capture the necessary detail of risk elicited through our interviews with
the auto manufacturer. Consequently, we expanded delays into logistics, supplier
dependence, and quality. Another addition to Chopra and Sodhi’s framework was the
legal category. While intellectual property captures one aspect of legal issues, it does
not address such things as legislative action related to importing/global sourcing
(Zsidisin et al., 2004). We also changed the systems category to information systems to
remove ambiguity. Lastly, two new risk categories – management and security – were
added for completeness as necessitated by our interviews with the auto manufacturer
and the supply chain risk literature.
Table I shows the categories of risk for the auto manufacturer and whether they are
internal or external to the supplier firm. The risk categories presented in Table I
incorporate and summarize current supply chain risk research, as well as additional
risks elicited from the auto manufacturer. Each category is broken down into
individual risk factors called subcategories. These subcategories are then classified as
either an internal or external risk. An internal risk is one over which the supplier firm
has control. In contrast, a supplier firm has limited or no control over external risk.
For instance, in the disruptions/disaster category, the potential for a fire can be
controlled by safety measures the supplier firm puts in place while political unrest in a
region is generally uncontrollable. While some risks are external, the firm can and
should account for them in risk mitigation plans. For example, firms in the
Southeastern USA cannot control hurricanes; but they can certainly develop mitigation
strategies to deal with the potential consequences of such storms. While all of the risk
categories shown in Table I ought to be considered in practice, due to space limitations,
our example considers only the categories of quality and disruptions/disasters.
Finally, it should be noted that while this research presents a categorization of risk
specific to the auto manufacturer based on the needs of the firm as well as supply chain
risk literature, other firms adopting a supplier risk assessment and monitoring
methodology will need to define risk categories based upon their own needs, industry
type, supply chain type, etc. In other words, there is no “one size fits all” approach to
assessing risk.

3.2 Data requirements

In our proposed methodology, weights are used to indicate how important each risk
category is with respect to disruptions affecting the company. The weights can be
based on the probability of each category of disruption occurring, the relative impact
that each category of disruption has on supply, or any other factor considered
important to the company. The sum of all of the category weights must equal
100 percent. In this example, quality was more important than disruptions/disasters

Subcategories
Category of risk Internal risks
Disruptions/disasters Labor dispute
Disaster events in plant such
as fire
Labor availability
Logistics On-time delivery to customers
Transportation and shipping
Delivery responsiveness
Supplier dependence
Quality Ease of problem resolution
Value of product
Defects/million
Timeliness of corrective actions
Information systems Information infrastructure
breakdown
Level of system integration
Forecast Inaccurate forecast
Lead time variance
Legal
Intellectual property Vertical integration of supply
chain
Procurement Part price
Percentage of a key component
or raw material
procured from a single source
Long-term versus short-term
contracts
Contract compliance
Receivables Number of customers
(accounting) Responsiveness
Inventory Inventory holding cost
Storage requirements
Product value
Packing requirements and part
size
Capacity Cost of capacity
Capacity flexibility
Management Lack of visibility
Security IS system security
Supplier risk
External risks assessment and
Natural disaster such as earthquake, fire, monitoring
flood, storm
Labor dispute
Supplier bankruptcy
War and terrorism 149
Political issues/unrest
Border crossing and customs regulations
Number of brokers
Number of transfer points
Vessel capacity and channel overload
Port issues and infrastructure
Product uniqueness
On-time delivery from vendors Supplier
location
Supplier manufacturing capacity Flexibility
of supply source
Dependency on a single source of supply
Product complexity
Ability to share information with suppliers
Product demand variations
Legislative action related to importing/
global sourcing
Global outsourcing and markets
Proprietary technology
Exchange rate risk
Financial strength of customers
Rate of product obsolescence
Communications Table I.
Theft Categories of
IT Hacking supply chain

and we assigned a weight of 60 and 40 percent, respectively. The individual factors

that comprise each risk category (termed subcategories in Table I) and their relative
weights must also be defined. The weights indicate how important each subcategory is
to the parent risk category. The weights can also be based the subcategory’s likelihood
IJPDLM to disrupt the supply of material coming to the plant, or the disruption severity.
38,2 The subcategory weights for a given category must also sum to 100 percent.
Once the risk categories and subcategories are defined, a rating must be established
for the performance of each supplier on each subcategory. For example, in the case of
the quality category, the rating given to a particular supplier on each subcategory
would be part specific since defects per million, product complexity, value of product,
150 etc. will vary from part to part. In this situation, separate ratings must be entered for
each part purchased from a particular supplier. In contrast, ratings for each
subcategory for the disruption/disaster category are unlikely to vary for different parts
from the same supplier unless the parts come from different plants owned by the
supplier. In other words, the disruption/disaster category is plant specific rather than
part specific. Thus, ratings for plant specific categories only need to be entered once for
a given supplier (unless they have multiple plants).
In our methodology, the rating for each subcategory was based on a scale from 0 to
100, with a higher number indicating the supplier performs worse on that subcategory.
For example, suppose under the quality category that defects for different parts
generally range from 0 to 500 parts per million and that defect ranges above this
amount substantially increase the probability of reducing the output of the assembly
line or potentially shutting it down. If the data indicate the hub from Supplier 2 has
approximately 650 defects per million, a rating of 70 might be assigned to that
subcategory, indicating the supplier quality is poor on that part. The last item of data
needed to begin the risk assessment calculations is the percent of total volume of each
part purchased from a given supplier. These data are calculated from transactional
information contained in a database.

3.3 Part risk assessment calculations

The data for the risk assessment calculations used in this example are shown in Table II.
As illustrated, Suppliers 1 and 2 each supply 50 percent of the caliper assembly, Suppliers
2 and 3 supply 90 and 10 percent, respectively, of the hub assembly, and Suppliers 2 and 4
supply 40 and 60 percent, respectively, of the rotor. The relative weights assigned to the
categories and subcategories are shown, as are the ratings for each supplier for each part
on each subcategory (as previously mentioned, due to space limitations, our example
considers only the categories of quality and disruptions/disasters).
A multi-criteria scoring procedure is used to calculate all risk assessment scores.
For each part, the risk assessment score for each subcategory is found by first
multiplying each supplier’s rating on that subcategory by the percent of production
purchased from that supplier to get the individual supplier score on that part
subcategory. The subcategory suppliers’ scores are then added together to get the
overall score for that part and subcategory. For example, the calculation for the caliper
assembly on the defects per million subcategory is (30 £ 50 percent) þ (90 £ 50
percent) ¼ 60 (see Appendix for the mathematical notation used for all risk
calculations). Similarly, the calculation for the hub assembly on the timeliness of
corrective action subcategory is (85 £ 90 percent) þ (15 £ 10 percent) ¼ 78. All
scores will range from a minimum of zero to a maximum of 100, with a higher score
indicating a worse risk assessment. All scores are rounded off to one decimal place.
In order to quickly and easily visualize all of the risk assessment scores, the scores
for each part and subcategory are shown on a heat graph (Figure 3). This heat graph
 Caliper assembly Hub assembly Rotor
Supplier Supplier 1 Supplier 2 Supplier 2 Supplier 3 Supplier 2 Supplier 4
Percentage of supply 50 50 90 10 40 60
Category/subcategory Weight (percent) Rating Rating Rating Rating Rating Rating

Quality 60
Defects/million 30 30 90 70 15 60 10
Ease of problem resolution 25 20 70 85 10 75 15
Product complexity 15 20 20 30 30 15 15
Timeliness of corrective action 25 20 90 85 15 70 15
Value of product 5 30 30 35 35 25 25
Total weights 100
Overall supplier quality rating for each part 23.5 71.5 69.8 17.0 57.8 14.0
Disruptions/disasters 40
Earthquake 5 15 35 35 5 35 65
Fire 30 15 80 80 70 80 30
Flooding 5 5 35 35 20 35 40
Labor availability 15 15 70 70 20 70 35
Labor dispute 10 20 85 85 35 85 25
Political issues 10 20 60 60 15 60 40
Supplier bankruptcy 15 5 10 10 35 10 35
War and terrorism 10 25 60 60 25 60 30
Total weights 100
Overall supplier disruption rating for each part 15.0 60.0 60.0 38.0 60.0 34.3
Overall supplier rating for each part 20.1 66.9 65.9 25.4 58.7 22.1

calculations
Data for risk assessment
monitoring
assessment and
Supplier risk

151

Table II.
 38,2

152

Figure 3.
IJPDLM

Part heat graph

Quality Disturption / Disasters
Critical
High Risk
Medium Risk
Low Risk

Defects/Million
Ease of Problem Resolution
Product Complexity
Timeliness of Corrective Action
Value of Product
Quality Mean
Earthquake
Flooding
Labor Availability
Labor Dispute
Political Issues
Supplier Bankruptcy
War and Terrorism
Distribution/Disasters Mean
Overall Rating

Fire
Category Weighting 60% 40%

Sub-Category Weighting 30% 25% 15% 25% 5% 100% 5% 30% 5% 15% 10% 10% 15% 10% 100%
Caliper Assembly 60.0 45.0 20.0 55.0 30.0 47.5 25.0 47.5 20.0 42.5 52.5 40.0 7.5 42.5 37.5 43.5
Hub Assembly 64.5 77.5 30.0 78.0 35.0 64.5 32.0 79.0 33.5 65.0 80.0 55.5 12.5 56.5 57.8 61.8
Rotot 30.0 39.0 15.0 37.0 25.0 31.5 53.0 50.0 38.0 49.0 49.0 48.0 25.0 42.0 44.6 36.7
concept is similar to that used by Norrman and Jansson (2004) for supply chain risk Supplier risk
analysis. Heat graphs use different colors to highlight the severity of a particular assessment and
risk category or subcategory. For example, in our proposed methodology, a critical risk
score is one that is greater than 75 and is shown in red (black in Figure 3), a high-risk monitoring
score is greater than 50 and less than or equal to 75 and shown in orange (diagonal
lines in Figure 3), a medium risk score is greater than 25 and less than or equal to 50
and shown in yellow (horizontal lines in Figure 3), and a low-risk score is less than or 153
equal to 25 and shown in white. Thus, ease of problem resolution for the hub assembly
falls in the critical risk range, defects/million for the caliper assembly falls in the
high-risk range, etc. Heat graphs of this type allow the analyst to focus quickly on
the critical few (hopefully) high scores.
The heat graph also shows the mean score for each part within each category. This
mean is calculated by multiplying the scores for each subcategory for a particular part
by the weight assigned to that subcategory and then summing the resulting products
within that category. For example, the quality mean calculation for the hub assembly is
(64.5 £ 30 percent) þ (77.5 £ 25 percent) þ (30.0 £ 15 percent) þ (78.0 £ 25
percent) þ (35 £ 5 percent) ¼ 64.5. All mean scores range from a minimum of zero
to a maximum of 100, with a higher score indicating a worse risk assessment.
The overall score for each part across all categories is shown on the heat graph.
This score is computed by multiplying the category mean for each part by the weight
for that category and then summing these products across all categories. For example,
the overall rotor risk assessment score is (31.5 £ 60 percent) þ (44.6 £ 40
percent) ¼ 36.7. As before, these overall mean scores will range from a minimum of
zero to a maximum of 100, with a higher score indicating a worse risk assessment.

3.4 Supplier risk assessment calculations

While the previous section illustrated how to analyze the risk for each part, it is also
useful to analyze the risk for each supplier. These calculations are slightly different
than the calculations for each part. If a supplier only supplies a single part, the risk
assessment calculation for that supplier on any given subcategory is simply the
supplier’s rating on that part and subcategory. For example, the risk assessment for
Supplier 4 on product complexity is 15. In contrast, if a supplier provides multiple
parts, the score is more heavily weighted towards those parts to which the supplier
provides a greater percentage. At the same time, the overall score must be normalized
such that the minimum score is zero and the maximum score is 100. To achieve this
objective, a supplier’s rating on a particular subcategory is first multiplied by the
percentage of that part provided by the supplier, these products are summed across all
parts supplied by that supplier, and the resulting sum is divided by the sum of all the
percentages of parts supplied. For example, Supplier 2 supplies all three parts of the
brake assembly. The ease of problem resolution calculation for this supplier is
[(70 £ 50 percent) þ (85 £ 90 percent) þ (75 £ 40 percent)]/(50 percent þ 90
percent þ 40 percent) ¼ 78.6. All supplier risk assessment calculations for each
subcategory are shown on a heat graph (Figure 4).
The heat graph also shows the mean for each supplier within each category, in
addition to the overall mean across all categories. These calculations are performed in
the same fashion as for the part heat graph.
 38,2

154

Figure 4.
IJPDLM

Supplier heat graph

Quality Disrptions/ Disasters
Critical
High Risk
Medium Risk
Low Risk

Defects/Million
Ease of Problem Resolution
Product Complexity
Timeliness of Corrective Action
Value of product
Quality Mean
Earthquake
Flooding
Labor Availability
Labor Dispute
Political Issues
Supplier Bankruptcy
War and Terrorism
Disruptions/Disasters Mean
Overall Rating

Fire
Category Weighting 60% 40%

Sub-Category Weighting 30% 25% 15% 25% 5% 100% 5% 30% 5% 15% 10% 10% 15% 10% 100%

Supplier 1 30.0 20.0 20.0 20.0 30.0 23.5 15.0 15.0 5.0 15.0 20.0 20.0 5.0 25.0 15.0 20.1

Supplier 2 73.3 78.6 23.9 83.1 31.4 67.6 35.0 80.0 35.0 70.0 85.0 60.0 10.0 60.0 60.0 64.5

Supplier 3 15.0 10.0 30.0 15.0 35.0 17.0 5.0 70.0 20.0 20.0 35.0 15.0 35.0 25.0 38.0 25.4

Supplier 4 10.0 15.0 15.0 15.0 25.0 14.0 65.0 30.0 40.0 35.0 25.0 40.0 35.0 30.0 34.3 22.1
3.5 Sensitivity of the methodology and critical part and supplier analysis Supplier risk
In creating the proposed methodology for the auto manufacturer, one issue we needed assessment and
to address was the sensitivity of the methodology for large and complex supply chains
with potentially hundreds of suppliers and thousands of parts. In order to address this monitoring
issue, we propose focusing the tool on those suppliers and parts that have the potential
to shut the supply chain down. Such classification systems exist in the literature. For
example, Norrman and Jansson (2004) discussed how Ericsson classifies thousands of 155
components used in their products into four categories of sourcing strategies:
(1) product has multiple suppliers;
(2) product has one supplier but others are on standby if needed;
(3) product has one supplier but others are approved (but not ready to produce
parts) if needed; and
(4) product is sole sourced.

This theme towards understanding critical suppliers and parts is found in other recent
supply chain risk literature as well. Craighead et al. (2007) discussed the need to
identify critical parts and their suppliers (such as parts that are procured from a single
supplier) so that critical nodes in the supply chain can be found. Once found, plans can
be developed to deal with potential supply chain disruptions in these nodes.
While the heat graphs illustrated in the previous two sections provide a summary of
the risk assessment for parts and suppliers as a whole, the part heat graph is averaged
over all suppliers and the supplier heat graph is averaged over all parts provided by a
particular supplier. They do not indicate the cause of particular risk assessment
averages, and a risk assessment analyzer would be unable to determine the causes of
the risk from the heat graphs per se. In addition, since the heat graphs are averaged,
they may hide risk levels for particular subcategories that are unacceptably high. What
is needed is a way to “drill down” further in the data to determine what risk factors are
at unacceptable limits.
Any risk assessment methodology should be able to develop a list of rank ordered
critical parts (whether pre-specified or determined by the assessment tool); with critical
risk parts at the top and low-risk parts at the bottom (Figure 5). Users can then drill
down by clicking on the “ þ ” by the part in question to show suppliers for that part.
Each supplier should also be expandable to show the categories and subcategories, all
with their respective risk levels. This allows the user to determine the categories and
subcategories that cause the high-risk rating. For example, Figure 3 shows the hub
assembly has a high-risk level. Figure 5 shows this is primarily caused by high-risk
ratings on several subcategories in both the quality and disruptions/disaster categories
by Supplier 2.
In a similar fashion, suppliers can be rank ordered according to their risk levels
(Figure 6). To drill down, the user would click on the “ þ ” by the supplier in question
and the list would expand to show the parts provided by that supplier. Each part
should also be expandable to show the categories and subcategories and their
respective risk levels. For example, Figure 4 shows Supplier 2 has the highest risk
level. As shown in Figure 6, when Supplier 2 is expanded it reveals that the caliper
assembly has the highest overall risk level for the parts supplied by Supplier 2.
This was not evident when looking at either the part or supplier heat graphs alone.
IJPDLM Part Risk Level Part + Supplier + Category + Subcategory Risk Level
38,2 + Hub Assembly 61.8 – Hub Assembly 61.8

+ Caliper Assembly 43.5 – Supplier 2 65.9

+ Rotor 36.7 – Quality 69.8

156 Ease of Problem Resolution 85.0

Timeliness of Corrective Action 85.0

Defects/Million 70.0

Value of Product 35.0

Product Complexity 30.0

– Disruptions/Disasters 60.0

Labor Dispute 85.0

Fire 80.0

Labor Availability 70.0

Political Issues 60.0

War and Terrorism 60.0

Earthquake 35.0

Flooding 35.0

Supplier Bankruptcy 10.0

+ Supplier 3 25.4
Figure 5.
+ Caliper Assembly 43.5
Critical parts list with drill
down capabilities + Rotor 36.7

Further expansion of the caliper assembly shows the categories and subcategories
responsible for this rating. As illustrated, defects/million, timeliness of corrective
action, labor disputes, and fire are at critical levels and these areas require attention.
Thus, the ability to drill down into the data provides essential information to decision
makers in a very manageable fashion by aggregating and ordering a very large
amount of information graphically.

3.6 Predictive risk analysis

One of the biggest challenges posed by the auto manufacturer was the need for the risk
analysis methodology to predict disruptive events prior to their occurrence. This was
prompted by frustration on the part of the auto manufacturer having to shut down
manufacturing lines due to unexpected disruptions in the supply chain. The auto
manufacturer wanted to change from a reactive supply risk management mode to one
that was proactive. To do this, risk ratings and/or risk indices must be tracked over
 Supplier risk
assessment and
Supplier Risk Level Supplier + Part + Category + Subcategory Risk Level monitoring
+ Supplier 2 64.5 – Supplier 2 64.5

+ Supplier 3 25.4 – Caliper Assembly 66.9

157
+ Supplier 4 22.1 – Quality 71.5

+ Supplier 1 20.1 Defects/Million 90.0

Timeliness of Corrective Action 90.0

Ease of Problem Resolution 70.0

Value of Product 30.0

Product Complexity 20.0

– Disruptions/Disasters 60.0

Labor Dispute 85.0

Fire 80.0

Labor Availability 70.0

Political Issues 60.0

War and Terrorism 60.0

Flooding 35.0

Earthquake 35.0

Supplier Bankruptcy 10.0

– Hub Assembly 65.9

+ Quality 69.8

+ Disruptions/Disasters 60.0

– Rotor 58.7

+ Disruptions/Disasters 60.0

+ Quality 57.8

+ Supplier 3 25.4

+ Supplier 4 22.1

+ Supplier 1 20.1 Figure 6.

Critical supplier list with
drill down capabilities
IJPDLM time and trends monitored to determine if they are reaching unacceptable levels. In this
38,2 way, the user can predict a problem before it occurs and offer mitigation strategies. For
instance, if a supplier is still within acceptable risk levels on a particular risk category
but time-based data show a trend towards unacceptable risk levels, the supplier or part
can be flagged, root causes identified by drilling down through the data as described in
the previous section, and disruption mitigation strategies can be developed before the
158 disruption occurs. Figure 7 shows proactive risk analysis by looking at the overall risk
for suppliers over time, while Figure 8 looks at overall risk for different parts over time.
Troublesome supplier and part risk trends could be flagged by:
.
Specifying the maximum percentage change in risk allowed over a specified
period.
.
Establishing control limits within which risk indices, individual risk
subcategories, etc. are allowed to fluctuate before corrective action is taken.

Similar graphs may be constructed to track risk for individual parts coming from
individual suppliers as well.

100
Supplier 1 Supplier 2 Supplier 3 Supplier 4
90
80
70
Risk Score

60
50
40
30
20
10
Figure 7.
Supplier risk trends over 0
1 2 3
time
Time Period

100
90 Caliper Assembly Hub Assembly Rotor
80
70
Risk Score

60
50
40
30
20
10
Figure 8. 0
1 2 3
Part risk trends over time
Time Period
4. Operational issues Supplier risk
There are a number of operational issues that must be addressed when using the risk assessment and
assessment and monitoring methodology presented in this paper. First, the number of
categories and subcategories used becomes a balancing act. Firms adopting this monitoring
methodology should carefully assess which categories and subcategories of risk are
most important for measuring problem areas in the supply base that can lead to supply
disruption risk. As more subcategories are added to a particular category, the relative 159
impact each subcategory has on the score of the overall category declines. Similarly, as
more categories are added to the risk assessment and monitoring tool, the relative
weight each category contributes to the overall risk index of a supplier or part declines.
In both cases, the risk indices become less sensitive to a large risk rating on any one
factor. As a result, the riskiness of a supplier can become “lost” in the morass of factors
measured. While the firm needs enough categories and subcategories to accurately
measure risk, the number should be kept to a minimum. Owing to the importance each
category and subcategory has on the overall risk assessment, they should be
established by higher-level management decision makers most familiar with assessing
supplier risk and the factors that contribute to that risk.
Second, weights need to be established for each category and subcategory. The
relative weights indicate how important each category or subcategory is with respect
to disruptions affecting the supply base of the firm. A higher weight on a particular
factor will cause that factor to have more impact on the calculated risk index. As
previously mentioned, the weights can be based on the probability of each category of
disruption occurring, the relative impact each category of disruption has on supply, or
any other factor considered important to the company. Given the importance of the
weights to the overall assessment process, they should also be established by
higher-level management decision makers familiar with risk assessment.
Third, each subcategory must be rated. Some factors such as war and terrorism,
political issues/unrest, information infrastructure breakdown, level of system
integration, etc. are quite subjective and ratings on these factors should be made by
higher level managers familiar with assessing these factors. In contrast, factors such as
on-time delivery, defects/million, value of the product, etc. are more quantitative and
definitive in nature. Provided appropriate data entry forms are created (by upper level
decision makers familiar with risk assessment) that allow the user to pick from a menu
of available options, ratings for these factors can be made by purchasing agents,
production control personnel, quality inspectors, production level employees, etc.
Depending on the relationships a firm has with its suppliers, some of these ratings may
even be filled in by the individual suppliers via a web-based methodology. To help
prevent rating bias from occurring, the individuals rating each factor should not be
able to view the weights applied to each category or subcategory.
Fourth, in order to use the methodology in a proactive manner, the ratings on each
subcategory must be updated on a periodic basis and the data analyzed for patterns,
high-risk levels, or trends that indicate potential problems. If the methodology is
updated too frequently, the job becomes too onerous and it will be difficult to get the
employees, suppliers, etc. to buy in and to use the methodology. In contrast, if the
methodology is updated too infrequently, too much time can elapse and the predictive
capability of the methodology is reduced. While the time interval between updates will
vary from firm to firm, daily updates are likely too often, while monthly updates are
IJPDLM probably not often enough. Somewhere between these two periods is most likely to be
38,2 effective. Moreover, some subcategories should be updated more often than others. For
example, defects per million would be updated with each batch received, whereas
earthquakes or other natural disasters would (hopefully) occur much less frequently.
Therefore, the time interval between updates will also vary from subcategory to
subcategory.
160 As the operational issues just discussed indicate, the methodology described in this
paper is capable of integrating information from a variety of individuals at various
levels – both within the company and between the company and its suppliers. The
categories, subcategories, weights, and ratings for subjective factors would be made by
decision makers at higher managerial levels in the organization, while the actual
recording of ratings for more quantitative and definitive factors such as defects/million
could be made by purchasing managers, production level employees, etc. Each of these
data entry points can be secured to prevent unauthorized access. Thus, the risk
assessment and monitoring tool is capable of securely capturing and integrating risk
information at varying levels, both within the organization and between the
organization and its suppliers. This is especially noteworthy since past research has
primarily focused on risk analysis at the highest levels in the firm.
Next, if the company changes the weighting of a particular category or subcategory, it
is not necessary to re-enter the specific data values. This makes it easy to perform what-if
analysis to investigate how different scenarios affect the riskiness of a supplier or a part. It
also makes it easy for managers to adjust the tool so that a particular risk index is sensitive
to changes in categories which have the most impact on risk levels. For example, a
manager might want to increase the weight of the quality category to make the overall risk
measure more sensitive to quality measures due to recent problems with a particular part.
Finally, the use of the tool as a cross-functional risk monitoring process must be
considered. Through our interviews with the auto manufacturer, the challenge is to
have supply chain risk management become a part of the job responsibility across
different functions with all functions involved collaborating and communicating
effectively. This is called for in the literature as well. For example, Kiser and Cantrell
(2006) stated that communication in effective supply risk management cannot be
overemphasized. Use of the supplier risk methodology in this paper allows for the
understanding of risky parts of the supply base and provides a tool to better predict
where disruptions have the potential to shut down portions of the supply chain.

5. Feedback from the auto manufacturer

The auto manufacturer needed the supply chain risk methodology to be practical, quick to
implement, not overly burdensome, and easy to understand and maintain. Risk managers
at the company indicated that the methodology must be implementable by a variety of
supply chain analysts without a steep learning curve or specialized skill set and it must be
independently effective (i.e. not dependent on the user). It was also requested that the
methodology have a visual reporting mechanism, provide early warning signals for
potential problems in the supply base, and capture changes in risk over time. The visual
reporting mechanism is important to quickly identify risk without requiring complex
analysis or sifting through large amounts of report data. Moreover, the ability to view
changes in risk over time would help identify early warning signs of potential disruptive
events before the events disabled a portion of the supply chain.
 After reviewing the methodology proposed in this paper, the auto manufacturer was Supplier risk
pleased with the result and indicated the methodology had met the criteria laid out at the assessment and
start of the research project. The straightforward and flexible manner of the methodology
was well received and the auto manufacturer stated that “it is too early to use overly monitoring
sophisticated and brittle methods. We need an easily employable and understandable
method such as this.” The focus on operational risks rather than strategic risks was
discussed and the auto manufacturer indicated an appreciation for that focus, saying “we 161
are looking at our existing supply chain and supply base for this method in order to better
manage material flow on a daily basis.” They also indicated the methodology was an
effective tool for managing “current operational risk rather than future or strategic
long-term risk.” The auto manufacturer discussed plans to implement a pilot version of the
methodology on a small group of select parts and suppliers, but these plans have not yet
been implemented.
The auto manufacturer was pleased that the foundation of the risk framework was
based on current supply chain risk research. They were satisfied with the risk
categories, noting that the risks critical to their company were included. They also
agreed that the risk categories needed to be kept to a minimum so as not to dilute the
power of the each category and subcategory.
The auto manufacturer discussed several ideas pertaining to the development of the risk
weights and subcategory ratings. They indicated the weights and ratings could be based on:
.
information contained in a detailed event log of supply chain disruptions they
maintain that can help determine how often risk events occur and how difficult
they are to resolve;
.
the number of people needed to resolve the problem, the number of days to fix the
problem and how frequent the risks occurred; and
.
the development of a method to measure leadership risk appetite to help
determine acceptable levels of risk.

Finally, the auto manufacturer mentioned that a change of culture was necessary to
implement the methodology and that the company needed to develop a culture of cross
functionally managing risk on a daily basis.

6. Conclusions and future work

This paper has presented the design of a proposed supplier risk assessment and monitoring
methodology based upon a project with a US-based automotive manufacturer. In the
growing literature base on supply chain risk, researchers have presented supply chain risk
management methodologies that emphasize the need for risk monitoring (Hallikas et al.,
2004; Norrman and Jansson, 2004; Zsidisin and Ellram, 1999). In fact, Hallikas et al. (2004)
noted that risk is not a static measure and called for tools to identify trends. This research is
a first step towards filling that need. The proposed methodology calculates part and
supplier specific risk indices, can be used to analyze critical parts and suppliers to determine
if and why they might be a cause for concern, and allows part and supplier risk indices to be
tracked over time to identify trends towards higher risk levels. This information can be used
by the firm to proactively develop risk mitigation strategies to handle potential disruptions
before they occur. Additionally, the methodology proposed in this paper can serve a key
function in a supply risk management process, namely risk monitoring, which has only
received limited attention in the supply chain risk management research.
IJPDLM The proposed methodology in this paper is a first step in the development of
38,2 methodologies to assess and monitor supply chain risk, especially in a temporal fashion.
As such, future research should concentrate on the following issues. First, practical
methods for determining risk weights need to be evaluated and examined. For example,
the feasibility of using the multi-attribute risk assessment (MARA) method should be
considered (Butler and Fishbeck, 2002). The methodology is an additive-value model for
162 use in multi-objective, compensatory decision problems. Within the methodology, risk
categories and levels are elicited from stakeholders, modeled, and simulated to
determine tacit thresholds for threat levels that may differ from those explicitly stated
by the stakeholders. The multi-objective nature of MARA accommodates risks that may
not be easily captured by financial measures (e.g. diminished reputation). While Butler
and Fischbeck use the MARA methodology to determine information technology risks,
its feasibility for use in assessing supplier risk should be examined. Second, given the
comment about the culture changed needed to properly implement our methodology,
technology acceptance models such as TAM (Davis, 1989) could be used to investigate
the willingness of stakeholders to adopt and use the model. Third, working prototypes
should be developed and tested in a number of different companies to assess the viability
and usefulness of the proposed methodology. This would likely involve developing and
using simulation models based on data from the company to determine how well the
methodology predicts the riskiness of suppliers and parts over time. Fourth, further
work must be done to determine how best to operationalize the methodology. Finally,
due to the time and resource requirements to enter data into our methodology, future
research should explore the use of intelligent agents to automatically collect and enter
some of the data required to use the model.

References
Butler, S.A. and Fishbeck, P. (2002), “Multi-attribute risk assessment”, Proceedings of the
Symposium on Requirements Engineering for Information Security, Raleigh, NC.
Cavinato, J.L. (2004), “Supply chain logistics risk”, International Journal of Physical Distribution
& Logistics Management, Vol. 34 No. 5, pp. 383-7.
Chopra, S. and Sodhi, M. (2004), “Managing risk to avoid supply-chain breakdown”, MIT Sloan
Management Review, Vol. 46 No. 1, pp. 53-61.
Craighead, C., Blackhurst, J., Rungtusanatham, M. and Handfield, R. (2007), “The severity of
supply chain disruptions: design characteristics and mitigation capabilities”, Decision
Sciences Journal, Vol. 38 No. 1, pp. 131-56.
Davis, F.D. (1989), “Perceived usefulness, perceived ease of use, and user acceptance of
information technology”, MIS Quarterly, Vol. 13 No. 3, pp. 319-40.
Faisal, M.N., Banwet, D.K. and Shankar, R. (2006), “Mapping supply chains on risk and customer
sensitivity dimensions”, Industrial Management & Data Systems, Vol. 106 No. 6,
pp. 878-95.
Faisal, M.N., Banwet, D.K. and Shankar, R. (2007), “Quantification of risk mitigation environment
of supply chains using graph theory and matrix methods”, European Journal of Industrial
Engineering, Vol. 1 No. 1, pp. 22-39.
Hallikas, J., Karvonen, I., Pulkkinen, U., Virolainen, V-M. and Tuominen, M. (2004), “Risk
management processes in supplier networks”, International Journal of Production
Economics, Vol. 90, pp. 47-58.
Hayashi, Y., Smith, R. and Chozick, A. (2007), “Quake bring safety issue to fore; plant standard in Supplier risk
focus after radioactive leak; Japan’s auto output hit”, Wall Street Journal, Vol. 19, p. A.4,
(Eastern Edition). assessment and
Hendricks, K. and Singhal, V. (2003), “The effect of supply chain glitches on shareholder wealth”, monitoring
Journal of Operations Management, Vol. 21 No. 5, pp. 501-22.
Hendricks, K. and Singhal, V. (2005), “An empirical analysis of the effect of supply chain
disruptions on long run stock price performance and equity risk of the firm”, Production 163
and Operations Management, Vol. 14 No. 1, pp. 35-52.
Humphreys, P., Huang, G. and Cadden, T. (2005), “A web-based supplier evaluation tool for the
product development process”, Industrial Systems and Data Management, Vol. 105
Nos 1/2, pp. 147-63.
Jharkharia, S. and Shankar, R. (2007), “Selection of logistics service provider: an analytic network
process (ANP) approach”, Omega, Vol. 35 No. 3, pp. 274-89.
Johnson, M.E. (2001), “Learning from toys: lessons in managing supply chain risk from the toy
industry”, California Management Review, Vol. 43 No. 3, pp. 106-26.
Jüttner, U., Peck, H. and Christopher, M. (2003), “Supply chain risk management: outlining an
agenda for future research”, International Journal of Logistics: Research and Applications,
Vol. 6 No. 4, pp. 197-209.
Kiser, J. and Cantrell, G. (2006), “Six step to managing risk”, Supply Chain Management Review,
April, pp. 12-17.
Levy, D. (1995), “International sourcing and supply chain stability”, Journal of International
Business Studies, Vol. 26 No. 2, pp. 343-60.
Mayer, R.J., Painter, M.K. and de Witte, P.S. (1994), IDEF Family of Methods for Concurrent
Engineering and Business Re-engineering Applications, Technical report, Knowledge
Based Systems Inc., College Station, TX.
Nagurney, A., Cruz, J., Dong, J. and Zhang, D. (2005), “Supply chain networks, electronic
commerce, and supply side and demand side risk”, European Journal of Operational
Research, Vol. 164, pp. 120-42.
Norrman, A. and Jansson, U. (2004), “Ericsson’s proactive supply chain risk management
approach after a serious sub-supplier accident”, International Journal of Physical
Distribution & Logistics Management, Vol. 34 No. 5, pp. 434-56.
Pai, R.R., Kallepalli, V.R., Caudill, R.J. and Zhou, M. (2003), IEEE International Conference on
Systems, Man and Cybernetics, Vol. 5, IEEE, Piscataway, NJ, pp. 4560-5.
Peck, H. and Christopher, M. (2004), “The five principles of supply chain resilience”, Logistics
Europe, February, pp. 17-21.
Radjou, N. (2002), Adapting to Supply Network Change, Forrester Research Tech Strategy Report,
Cambridge, MA.
Ragsdale, C.T. (2001), Spreadsheet Modeling and Decision Analysis, South-Western College
Publishing, Cincinnati, OH.
Rice, J. and Caniato, F. (2003), “Building a secure and resilient supply chain”, Supply Chain
Management Review, Vol. 7 No. 5, pp. 22-30.
Riddalls, C. and Bennett, S. (2002), “Production-inventory system controller design and supply
chain dynamics”, International Journal of Systems Science, Vol. 33 No. 3, pp. 181-95.
Saaty, T. (1990), Decision Making for Leaders: The Analytic Hierarchy Process for Decisions in a
Complex World, RWS Publications, Pittsburg, PA.
IJPDLM Sarkis, J. (1998), “Evaluating environmentally conscious business practices”, European Journal
of Operational Research, Vol. 107, pp. 59-174.
38,2 Sinha, P., Whitman, L. and Malzahn, D. (2004), “Methodology to mitigate supplier risk in an
aerospace supply chain”, Supply Chain Management: An International Journal, Vol. 9 No. 2,
pp. 154-68.
Svensson, G. (2000), “A conceptual framework for the analysis of vulnerability in supply chains”,
164 International Journal of Physical Distribution & Logistics Management, Vol. 30 No. 9,
pp. 731-49.
Talluri, S. and Narasimhan, R. (2002), “Vendor evaluation with performance variability: a
max-min approach”, European Journal of Operational Research, Vol. 146, pp. 543-52.
Verma, R. and Pullman, M. (1998), “An analysis of the supplier selection process”, Omega, Vol. 26
No. 6, pp. 739-50.
Wu, T., Blackhurst, J. and Chidambaram, V. (2006), “A model for inbound supply risk analysis”,
Computers in Industry, Vol. 57 No. 4, pp. 350-65.
Zsidison, G. (2003), “Managerial perceptions of supply risk”, Journal of Supply Chain
Management, Vol. 39 No. 1, pp. 14-26.
Zsidisin, G. and Ellram, L. (1999), “Supply risk assessment analysis”, PRACTIX: Best Practices
in Purchasing & Supply Management, Vol. 2 No. 4, pp. 9-12.
Zsidisin, G. and Smith, M. (2005), “Managing supply risk with early supplier involvement: a case
study and research propositions”, Journal of Supply Chain Management, Vol. 41 No. 4,
pp. 44-57.
Zsidisin, G., Melnyk, S. and Ragatz, G. (2005), “An institutional theory perspective of business
continuity planning for purchasing & supply management”, International Journal of
Production Research, Vol. 43 No. 16, pp. 3401-20.
Zsidisin, G., Ellram, L., Carter, J. and Cavinato, J. (2004), “An analysis of supply chain assessment
techniques”, International Journal of Physical Distribution & Logistics Management,
Vol. 34 No. 5, pp. 397-413.

Appendix
This appendix provides the mathematical notation for the calculations provided within the text
of the paper.
To formally describe the risk assessment formulation for both parts and suppliers, let:
.
rijkl ¼ the risk rating for category i, subcategory j, part k, from supplier l;
.
vkl ¼ the percent of production purchased for part k from supplier l;
. sij ¼ the subcategory weight for category i and subcategory j; and
.
ci ¼ the category weight for category i.

We then define PRLijk, the part risk assessment score for category i, subcategory j, and part k
across all suppliers as:
X
PRLijk ¼ ðr £ vkl Þ;
l ijkl
and PRSik, the part risk assessment score for category i and part k across all subcategories as:
X
PRSik ¼ j
ðPRLijk £ sij Þ;
and PRCk, the part risk assessment score for part k across all categories as:
X
PRCk ¼ i
ðPRSik £ ci Þ:
The risk assessment score for suppliers is derived in much the same way as for parts. We define Supplier risk
LRPijl, the supplier risk assessment score for category i, subcategory j, and supplier l across all
parts as: assessment and

P 
k ðr £ vkl Þ monitoring
LRPijl ¼ Pijkl ;
k vkl
and LRSil, the supplier risk assessment score for category i and supplier l across all
subcategories as:
X
165
LRSil ¼ j
ðLRPijl £ sij Þ;
and LRCl, the supplier risk assessment score for supplier l across all categories as:
X
LRCl ¼ i
ðLRSil £ ci Þ:

About the authors

Jennifer V. Blackhurst is an Assistant Professor of Logistics and Supply Chain Management at
Iowa State University. She received her PhD in Industrial Engineering from the University of
Iowa. Her current research interests include: supply chain risk and disruptions; supply chain
coordination; and supplier assessment. Blackhurst has articles published (or accepted) in such
journals as Production and Operations Management Journal, Decision Sciences Journal, Journal
of Operations Management, International Journal of Production Research, Omega, and Supply
Chain Management Review. She serves on the Editorial Review Board for Decision Sciences and
is a member of DSI and POMS. Jennifer V. Blackhurst is the corresponding author and can be
contacted at: jvblackh@iastate.edu
Kevin P. Scheibe is an Assistant Professor in Management Information Systems at Iowa State
University. His research interests include supply chain risk, spatial decision support systems,
wireless telecommunications, IT outsourcing, and IT privacy and security. He is a member of the
Association for Information Systems and the Decision Sciences Institute. Scheibe has published in
journals such as Decision Support Systems, Journal of Information Privacy and Security, and
Computers in Human Behavior. He received a PhD from Virginia Polytechnic Institute and State
University.
Danny J. Johnson is an Associate Professor of Operations and Supply Chain Management at
the College of Business at Iowa State University. He holds a BS in Business Administration from
Moorhead State University, and an MBA and a PhD in Operations Management from
the University of Wisconsin-Madison. Prior to obtaining his BS, he worked for eight years in the
service sector. His research interests are in the design, implementation, operation, and
management of quick response manufacturing and supply chain systems and the problems faced
by firms as they attempt to develop and use these systems to improve key performance
measures. His research has been published in Production and Operations Management,
International Journal of Production Research, Journal of Manufacturing Systems, and as case
studies in two books on cellular manufacturing. He is certified in production and inventory
management by The Association for Operations Management (APICS), and is a member of The
Association for Operations Management, the Decision Sciences Institute, and the Production and
Operations Management Society.

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com

Or visit our web site for further details: www.emeraldinsight.com/reprints