Professional Documents
Culture Documents
Article information:
To cite this document: Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson, (2008),"Supplier risk assessment and
monitoring for the automotive industry", International Journal of Physical Distribution & Logistics Management, Vol. 38 Iss: 2
pp. 143 - 165
Permanent link to this document:
http://dx.doi.org/10.1108/09600030810861215
Downloaded on: 13-01-2013
References: This document contains references to 38 other documents
Citations: This document has been cited by 9 other documents
To copy this document: permissions@emeraldinsight.com
This document has been downloaded 3355 times since 2008. *
Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson, (2008),"Supplier risk assessment and monitoring for the automotive
industry", International Journal of Physical Distribution & Logistics Management, Vol. 38 Iss: 2 pp. 143 - 165
http://dx.doi.org/10.1108/09600030810861215
Jennifer V. Blackhurst, Kevin P. Scheibe, Danny J. Johnson, (2008),"Supplier risk assessment and monitoring for the automotive
industry", International Journal of Physical Distribution & Logistics Management, Vol. 38 Iss: 2 pp. 143 - 165
http://dx.doi.org/10.1108/09600030810861215
Access to this document was granted through an Emerald subscription provided by DALHOUSIE UNIVERSITY
For Authors:
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service.
Information about how to choose which publication to write for and submission guidelines are available for all. Please visit
www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
With over forty years' experience, Emerald Group Publishing is a leading independent publisher of global research with impact in
business, society, public policy and education. In total, Emerald publishes over 275 journals and more than 130 book series, as
well as an extensive range of online products and services. Emerald is both COUNTER 3 and TRANSFER compliant. The organization is
a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive
preservation.
*Related content and download information correct at time of download.
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0960-0035.htm
Supplier risk
Supplier risk assessment assessment and
and monitoring for the monitoring
automotive industry
143
Jennifer V. Blackhurst, Kevin P. Scheibe and Danny J. Johnson
Logistics, Operations and MIS Department, College of Business, Received September 2007
Iowa State University, Ames, Iowa, USA Revised December 2007
Accepted January 2008
Abstract
Purpose – This research aims to develop a supplier risk assessment methodology for measuring,
tracking, and analyzing supplier and part specific risk over time for an automotive manufacturer.
Design/methodology/approach – Supply chain risk literature is analyzed and used in conjunction
with interviews from the automotive manufacturer to identify risks in the supply base. These risks are
incorporated into the development of a temporal risk assessment and monitoring system.
Findings – A framework of risk factors important to the auto manufacturer is presented.
A multi-criteria scoring procedure is developed to calculate part and supplier risk indices. These
indices are used in the development of a risk assessment and monitoring system that allows the
indices to be tracked over time to identify trends towards higher risk levels.
Research limitations/implications – There are a number of operational issues identified in the
paper that could be investigated in future research. One such issue is the development of alternative
risk assessment methods that would increase the sensitivity of the risk analysis.
Practical implications – The framework is implementable in firms interested in understanding and
controlling risk in their supply base. The research stems from an industry project with an automotive
manufacturer. The method is designed to be practical and easy to implement and maintain. The
system also has a visual reporting mechanism designed to provide early warning signals for potential
problems in the supply base and to show temporal changes in risk.
Originality/value – This paper presents a dynamic risk analysis methodology that analyzes and
monitors supplier risk levels over time.
Keywords Supplier chain management, Risk assessment, Supplier relations, Risk management,
Automotive industry, United States of America
Paper type Research paper
1. Introduction
Supply chain disruptions are “unplanned events that may occur in the supply chain
which might affect the normal or expected flow of materials and components”
(Svensson, 2000). The management of supply chain risk has garnered an increased focus
from supply chain managers due to the detrimental impact that supply chain glitches or
disruptions can have on supply chain performance. Supply chain disruptions can result
in a variety of problems such as long lead-times, stock-outs, inability to meet customer
demand, and increases in costs (Levy, 1995; Svensson, 2000; Riddalls and Bennett, 2002; International Journal of Physical
Chopra and Sodhi, 2004). Ultimately, these problems have an adverse effect on the Distribution & Logistics Management
Vol. 38 No. 2, 2008
financial performance of the firm (Hendricks and Singhal, 2003, 2005). While the true pp. 143-165
q Emerald Group Publishing Limited
0960-0035
The authors would like to thank Cliff Ragsdale for his help in improving this manuscript. DOI 10.1108/09600030810861215
IJPDLM costs and financial impact of these disruptions are difficult to quantify, research has
38,2 shown them to be quite large in terms of both time and money. For instance, in 1997
Boeing experienced a supplier delivery failure of two critical parts with an estimated loss
to the company of $2.6 billion (Radjou, 2002). In 2002, less than 100 workers in a
longshoreman union strike disrupted west coast port operations. It took six months for
some containers to be delivered and schedules to return to normal (Cavinato, 2004). In
144 July 2007, Toyota Motor Corporation halted production in all Japanese factories due to
an earthquake that severely damaged Riken Corporation, their major parts supplier for
piston and seal rings. Moreover, the damage to Riken affected other automotive
manufacturers, prompting suspended production at facilities for Mitsubishi Motor
Corporation, Suzuki Motor Corporation and Honda Motor Corporation, all of whom
depend on Riken for engine parts (Hayashi et al., 2007).
While the ability to manage risk effectively is critical to ensure a smooth flow of
products through the supply chain, this area has only recently received attention in
supply chain research (Jüttner et al., 2003). Traditionally, safety stock and safety lead
time buffers were used to protect against risk and uncertainty in the supply chain.
However, such measures are less attractive than they used to be due to an increased
focus on supply chain agility and responsiveness (Zsidisin et al., 2005). Consequently,
“a new focus on managing and mitigating risk which extends beyond the four walls of
a plant” is required (Peck and Christopher, 2004). This focus includes managing risk in
the supply base and provides the motivation for this study.
A major US-based automotive manufacturer, henceforward called auto
manufacturer for purposes of confidentiality, approached the authors with the
challenge to develop a supplier risk assessment and monitoring methodology that
could be used to track and analyze part and supplier risk over time. The request for
this methodology was motivated by recent disruptive events in the auto
manufacturer’s global supply chain that stopped production at a number of their
facilities. The auto manufacturer’s requirements for the methodology included:
.
it must be practical and not overly burdensome;
.
it must be quick to implement and easy to maintain;
. it must have a visual reporting mechanism; and
.
it must be able to provide early warning signals for potential problems in the
supply base and capture temporal changes in risk.
In summary, the amount of data required must be manageable and relatively easy to
obtain with results that are easy to understand and communicate across the company.
Additionally, the methodology must incorporate predictive and trend analysis
capabilities. Therefore, the focus of this research is the design of a methodology for
measuring, tracking, and analyzing supplier and part specific risk indices over time.
As such, the methodology can be used to improve the prediction and management of
supplier-based disruptive events in the supply chain.
This paper contributes to research in the area of supply chain risk management in three
ways. First, it presents a framework of risk categories and factors that are both important
to the auto manufacturer and based in the current supply chain risk literature. However,
the categories used are flexible and can be adapted to fit the needs of other industry sectors
and companies based on their own specific inherent risks. Second, this research presents a
methodology using a multi-criteria scoring procedure to calculate risk assessment scores Supplier risk
for the supply base. Specifically, the methodology takes raw data and converts it into an assessment and
appropriate form for supply risk managerial decision support for issues such as supply
base reduction, contract awards, or contract renewals. Third, the methodology is designed monitoring
to allow part and supplier risk indices to be tracked in a dynamic nature over time to
identify trends towards higher risk levels. Managers can use this information to develop
risk mitigation strategies in a proactive and preventative manner to help avoid disruptions 145
before they occur or at the very least, lessen their impact.
The remainder of this paper is organized as follows. In the next section, we review the
research literature on managing supply chain risk and supplier risk assessment tools. In
Section 3, we present our proposed multi-attribute risk analysis methodology and describe
its use. Section 4 discusses operational issues related to the proposed methodology. Section
5 serves to detail the auto manufacturer’s feedback of the proposed methodology. Finally,
we present our conclusions, limitations of the methodology, and future work in Section 6.
2. Literature review
In general, a supply risk management process consists of four components:
(1) risk identification;
(2) risk assessment;
(3) risk management decisions and implementation; and
(4) risk monitoring (Hallikas et al., 2004).
Risk identification is a subjective component within this process. Each organization is
responsible for its own risks and must identify them according to the company’s
perspective. In addition to those risks identified by specific organizations, there are
risks common to companies within and across industries. Chopra and Sodhi (2004)
presented a high-level categorization of potential risks in a supply chain, their
associated drivers, and methods for defining appropriate mitigation strategies.
Zsidison (2003) studied managerial perceptions of supply risk and used these to create
a classification of supply risk sources. Johnson (2001) discussed risks specific to the toy
industry (such as very high seasonality and the short life cycle of fad toys).
Once risks are identified, their impact and probability must be assessed. The
risk diagram shown in Figure 1 can be helpful in this respect (Hallikas et al., 2004).
Very high
High
Probability
Medium
Minor
None
Figure 1.
None Minor Medium Serious Catastrophic Risk diagram for risk
identification
Impact
IJPDLM Zsidisin et al. (2004) examined tools and techniques used by purchasing departments
38,2 within organizations to assess supply risk. Sinha et al. (2004) investigated supplier risk
in the aerospace industry and developed an integrated definition for function modeling
(IDEF0) based risk management method. IDEF0 is a structured modeling method for
developing functional or activity models of systems or enterprises (Mayer et al., 1994).
Once the model was developed, they employed failure modes and effect analysis
146 (FMEA) to analyze and prioritize potential failures. Pai et al. (2003) developed a
Bayesian network to assess and analyze supply chain risk. Wu et al. (2006) developed
an analytic hierarchy process (AHP) based supplier risk assessment tool to determine
the relative weights of individual risk factors. Using these weights and the probability
of each risk factor occurring for a supplier, an overall risk index was computed.
Methods for assessing risk are also contained in the growing literature bases on
supplier assessment and selection (see Talluri and Narasimhan, 2002 for an overview
of these methods).
Once the risks are assessed, a number of strategies can be used to manage the risk.
These include: transferring risk, taking risk, eliminating risk, reducing risk and
subdividing risk into individual levels for further analysis (Hallikas et al., 2004). Rice
and Caniato (2003) classified mitigation techniques by failure mode in a supply chain.
Zsidisin et al. (2005) examined how and why firms created business continuity plans to
manage risk in the supply chain. Zsidisin and Smith (2005) performed case study
research focused on managing supply risk through early supplier involvement.
Johnson (2001) presented strategies for dealing with risks related to toys. Faisal et al.
(2006, 2007) used graph theory and matrix methods to mitigate supply chain risk.
Finally, Nagurney et al. (2005) used multi-criteria decision-making to manage risk of
manufacturers and distributors.
The last step, risk monitoring, has received the least attention by supply chain risk
researchers and the literature has shown little focus on the tools necessary for temporal
risk monitoring. While Hendricks and Singhal (2005) have noted an increased focus on
developing tools to prevent or mitigate supply chain disruptions, we found only two
papers that actually developed prototype methods. The first methodology developed
by Humphreys et al. (2005) is a supplier assessment tool designed for new product
development processes. While the methodology does include a risk index as a part of
the measurement system, its focus is on supplier capability to meet customer
requirements. The second methodology developed by Wu et al. (2006) is an AHP-based
supplier risk assessment tool. While the method is comprehensive in its enumeration of
risk types, it becomes more difficult to use as the number of suppliers being evaluated
grows large. In addition, AHP is designed to take into account judgment and personal
values and has widespread applications for making decisions such as allocation of
resources, analyzing the impact of a policy, and resolving a conflict (Saaty, 1990).
However, it is not designed to be a temporal monitoring tool and consequently, does
not focus on assessing supplier risk over time. This same difficulty applies to the
analytic network process (ANP). ANP is used to aid decision makers in making a
choice from a myriad of options. ANP has been successful in decision making in energy
policy planning, product design, equipment replacement (Sarkis, 1998) and for
selecting a logistics service provider (Jharkharia and Shankar, 2007).
In summary, most supplier risk assessment research to date has concentrated on
categorizing and assessing risk and/or provided general insights on mitigating risks.
Of the two methodologies we did find to monitor risks, neither addresses measuring, Supplier risk
assessing and monitoring supplier risk over time. In addition, research that has assessment and
examined supplier evaluation models has indicated that most methods are too
mathematically complex to implement and understand, require excessive amounts of monitoring
data, or are too subjective (Humphreys et al., 2005; Verma and Pullman, 1998). The
system described in this paper gives managers an easy to use temporal methodology to
measure, track, and analyze supplier and part specific risk indices. This information 147
can be used in a proactive fashion to manage and monitor risk and to develop
strategies to mitigate potential supply disruptions.
Disc Brake
Caliper Hardware
Assembly
Figure 2.
Brake Pads Brake Pad Typical hub assembly,
Disc Pad Wear Shim rotor, and caliper
Brake (Typical) Sensor assembly for a disk
Source: www.midas.com/midas_u/brakes_howitworks.aspx
brake system
IJPDLM Sodhi (2004), as well as other supply chain risk assessment research (Zsidisin and
38,2 Ellram, 1999; Zsidisin et al., 2004; Zsidisin and Smith, 2005), and interviews with the
auto manufacturer. Chopra and Sodhi’s (2004) framework contained nine risk
categories: disruptions, delays, systems, forecast, intellectual property, procurement,
receivables, inventory, and capacity. Because their risk assessment framework was
general and not specific to the automotive industry, it was necessary to expand or add
148 categories to address the specific risks for this research. For example, in the Chopra
and Sodhi framework there was a risk category called delays. While this is a
reasonable category in general terms to describe delays in material flows, it is
insufficient to capture the necessary detail of risk elicited through our interviews with
the auto manufacturer. Consequently, we expanded delays into logistics, supplier
dependence, and quality. Another addition to Chopra and Sodhi’s framework was the
legal category. While intellectual property captures one aspect of legal issues, it does
not address such things as legislative action related to importing/global sourcing
(Zsidisin et al., 2004). We also changed the systems category to information systems to
remove ambiguity. Lastly, two new risk categories – management and security – were
added for completeness as necessitated by our interviews with the auto manufacturer
and the supply chain risk literature.
Table I shows the categories of risk for the auto manufacturer and whether they are
internal or external to the supplier firm. The risk categories presented in Table I
incorporate and summarize current supply chain risk research, as well as additional
risks elicited from the auto manufacturer. Each category is broken down into
individual risk factors called subcategories. These subcategories are then classified as
either an internal or external risk. An internal risk is one over which the supplier firm
has control. In contrast, a supplier firm has limited or no control over external risk.
For instance, in the disruptions/disaster category, the potential for a fire can be
controlled by safety measures the supplier firm puts in place while political unrest in a
region is generally uncontrollable. While some risks are external, the firm can and
should account for them in risk mitigation plans. For example, firms in the
Southeastern USA cannot control hurricanes; but they can certainly develop mitigation
strategies to deal with the potential consequences of such storms. While all of the risk
categories shown in Table I ought to be considered in practice, due to space limitations,
our example considers only the categories of quality and disruptions/disasters.
Finally, it should be noted that while this research presents a categorization of risk
specific to the auto manufacturer based on the needs of the firm as well as supply chain
risk literature, other firms adopting a supplier risk assessment and monitoring
methodology will need to define risk categories based upon their own needs, industry
type, supply chain type, etc. In other words, there is no “one size fits all” approach to
assessing risk.
Quality 60
Defects/million 30 30 90 70 15 60 10
Ease of problem resolution 25 20 70 85 10 75 15
Product complexity 15 20 20 30 30 15 15
Timeliness of corrective action 25 20 90 85 15 70 15
Value of product 5 30 30 35 35 25 25
Total weights 100
Overall supplier quality rating for each part 23.5 71.5 69.8 17.0 57.8 14.0
Disruptions/disasters 40
Earthquake 5 15 35 35 5 35 65
Fire 30 15 80 80 70 80 30
Flooding 5 5 35 35 20 35 40
Labor availability 15 15 70 70 20 70 35
Labor dispute 10 20 85 85 35 85 25
Political issues 10 20 60 60 15 60 40
Supplier bankruptcy 15 5 10 10 35 10 35
War and terrorism 10 25 60 60 25 60 30
Total weights 100
Overall supplier disruption rating for each part 15.0 60.0 60.0 38.0 60.0 34.3
Overall supplier rating for each part 20.1 66.9 65.9 25.4 58.7 22.1
calculations
Data for risk assessment
monitoring
assessment and
Supplier risk
151
Table II.
38,2
152
Figure 3.
IJPDLM
Defects/Million
Ease of Problem Resolution
Product Complexity
Timeliness of Corrective Action
Value of Product
Quality Mean
Earthquake
Flooding
Labor Availability
Labor Dispute
Political Issues
Supplier Bankruptcy
War and Terrorism
Distribution/Disasters Mean
Overall Rating
Fire
Category Weighting 60% 40%
Sub-Category Weighting 30% 25% 15% 25% 5% 100% 5% 30% 5% 15% 10% 10% 15% 10% 100%
Caliper Assembly 60.0 45.0 20.0 55.0 30.0 47.5 25.0 47.5 20.0 42.5 52.5 40.0 7.5 42.5 37.5 43.5
Hub Assembly 64.5 77.5 30.0 78.0 35.0 64.5 32.0 79.0 33.5 65.0 80.0 55.5 12.5 56.5 57.8 61.8
Rotot 30.0 39.0 15.0 37.0 25.0 31.5 53.0 50.0 38.0 49.0 49.0 48.0 25.0 42.0 44.6 36.7
concept is similar to that used by Norrman and Jansson (2004) for supply chain risk Supplier risk
analysis. Heat graphs use different colors to highlight the severity of a particular assessment and
risk category or subcategory. For example, in our proposed methodology, a critical risk
score is one that is greater than 75 and is shown in red (black in Figure 3), a high-risk monitoring
score is greater than 50 and less than or equal to 75 and shown in orange (diagonal
lines in Figure 3), a medium risk score is greater than 25 and less than or equal to 50
and shown in yellow (horizontal lines in Figure 3), and a low-risk score is less than or 153
equal to 25 and shown in white. Thus, ease of problem resolution for the hub assembly
falls in the critical risk range, defects/million for the caliper assembly falls in the
high-risk range, etc. Heat graphs of this type allow the analyst to focus quickly on
the critical few (hopefully) high scores.
The heat graph also shows the mean score for each part within each category. This
mean is calculated by multiplying the scores for each subcategory for a particular part
by the weight assigned to that subcategory and then summing the resulting products
within that category. For example, the quality mean calculation for the hub assembly is
(64.5 £ 30 percent) þ (77.5 £ 25 percent) þ (30.0 £ 15 percent) þ (78.0 £ 25
percent) þ (35 £ 5 percent) ¼ 64.5. All mean scores range from a minimum of zero
to a maximum of 100, with a higher score indicating a worse risk assessment.
The overall score for each part across all categories is shown on the heat graph.
This score is computed by multiplying the category mean for each part by the weight
for that category and then summing these products across all categories. For example,
the overall rotor risk assessment score is (31.5 £ 60 percent) þ (44.6 £ 40
percent) ¼ 36.7. As before, these overall mean scores will range from a minimum of
zero to a maximum of 100, with a higher score indicating a worse risk assessment.
154
Figure 4.
IJPDLM
Defects/Million
Ease of Problem Resolution
Product Complexity
Timeliness of Corrective Action
Value of product
Quality Mean
Earthquake
Flooding
Labor Availability
Labor Dispute
Political Issues
Supplier Bankruptcy
War and Terrorism
Disruptions/Disasters Mean
Overall Rating
Fire
Category Weighting 60% 40%
Sub-Category Weighting 30% 25% 15% 25% 5% 100% 5% 30% 5% 15% 10% 10% 15% 10% 100%
Supplier 1 30.0 20.0 20.0 20.0 30.0 23.5 15.0 15.0 5.0 15.0 20.0 20.0 5.0 25.0 15.0 20.1
Supplier 2 73.3 78.6 23.9 83.1 31.4 67.6 35.0 80.0 35.0 70.0 85.0 60.0 10.0 60.0 60.0 64.5
Supplier 3 15.0 10.0 30.0 15.0 35.0 17.0 5.0 70.0 20.0 20.0 35.0 15.0 35.0 25.0 38.0 25.4
Supplier 4 10.0 15.0 15.0 15.0 25.0 14.0 65.0 30.0 40.0 35.0 25.0 40.0 35.0 30.0 34.3 22.1
3.5 Sensitivity of the methodology and critical part and supplier analysis Supplier risk
In creating the proposed methodology for the auto manufacturer, one issue we needed assessment and
to address was the sensitivity of the methodology for large and complex supply chains
with potentially hundreds of suppliers and thousands of parts. In order to address this monitoring
issue, we propose focusing the tool on those suppliers and parts that have the potential
to shut the supply chain down. Such classification systems exist in the literature. For
example, Norrman and Jansson (2004) discussed how Ericsson classifies thousands of 155
components used in their products into four categories of sourcing strategies:
(1) product has multiple suppliers;
(2) product has one supplier but others are on standby if needed;
(3) product has one supplier but others are approved (but not ready to produce
parts) if needed; and
(4) product is sole sourced.
This theme towards understanding critical suppliers and parts is found in other recent
supply chain risk literature as well. Craighead et al. (2007) discussed the need to
identify critical parts and their suppliers (such as parts that are procured from a single
supplier) so that critical nodes in the supply chain can be found. Once found, plans can
be developed to deal with potential supply chain disruptions in these nodes.
While the heat graphs illustrated in the previous two sections provide a summary of
the risk assessment for parts and suppliers as a whole, the part heat graph is averaged
over all suppliers and the supplier heat graph is averaged over all parts provided by a
particular supplier. They do not indicate the cause of particular risk assessment
averages, and a risk assessment analyzer would be unable to determine the causes of
the risk from the heat graphs per se. In addition, since the heat graphs are averaged,
they may hide risk levels for particular subcategories that are unacceptably high. What
is needed is a way to “drill down” further in the data to determine what risk factors are
at unacceptable limits.
Any risk assessment methodology should be able to develop a list of rank ordered
critical parts (whether pre-specified or determined by the assessment tool); with critical
risk parts at the top and low-risk parts at the bottom (Figure 5). Users can then drill
down by clicking on the “ þ ” by the part in question to show suppliers for that part.
Each supplier should also be expandable to show the categories and subcategories, all
with their respective risk levels. This allows the user to determine the categories and
subcategories that cause the high-risk rating. For example, Figure 3 shows the hub
assembly has a high-risk level. Figure 5 shows this is primarily caused by high-risk
ratings on several subcategories in both the quality and disruptions/disaster categories
by Supplier 2.
In a similar fashion, suppliers can be rank ordered according to their risk levels
(Figure 6). To drill down, the user would click on the “ þ ” by the supplier in question
and the list would expand to show the parts provided by that supplier. Each part
should also be expandable to show the categories and subcategories and their
respective risk levels. For example, Figure 4 shows Supplier 2 has the highest risk
level. As shown in Figure 6, when Supplier 2 is expanded it reveals that the caliper
assembly has the highest overall risk level for the parts supplied by Supplier 2.
This was not evident when looking at either the part or supplier heat graphs alone.
IJPDLM Part Risk Level Part + Supplier + Category + Subcategory Risk Level
38,2 + Hub Assembly 61.8 – Hub Assembly 61.8
Defects/Million 70.0
– Disruptions/Disasters 60.0
Fire 80.0
Earthquake 35.0
Flooding 35.0
+ Supplier 3 25.4
Figure 5.
+ Caliper Assembly 43.5
Critical parts list with drill
down capabilities + Rotor 36.7
Further expansion of the caliper assembly shows the categories and subcategories
responsible for this rating. As illustrated, defects/million, timeliness of corrective
action, labor disputes, and fire are at critical levels and these areas require attention.
Thus, the ability to drill down into the data provides essential information to decision
makers in a very manageable fashion by aggregating and ordering a very large
amount of information graphically.
– Disruptions/Disasters 60.0
Fire 80.0
Flooding 35.0
Earthquake 35.0
+ Quality 69.8
+ Disruptions/Disasters 60.0
– Rotor 58.7
+ Disruptions/Disasters 60.0
+ Quality 57.8
+ Supplier 3 25.4
+ Supplier 4 22.1
Similar graphs may be constructed to track risk for individual parts coming from
individual suppliers as well.
100
Supplier 1 Supplier 2 Supplier 3 Supplier 4
90
80
70
Risk Score
60
50
40
30
20
10
Figure 7.
Supplier risk trends over 0
1 2 3
time
Time Period
100
90 Caliper Assembly Hub Assembly Rotor
80
70
Risk Score
60
50
40
30
20
10
Figure 8. 0
1 2 3
Part risk trends over time
Time Period
4. Operational issues Supplier risk
There are a number of operational issues that must be addressed when using the risk assessment and
assessment and monitoring methodology presented in this paper. First, the number of
categories and subcategories used becomes a balancing act. Firms adopting this monitoring
methodology should carefully assess which categories and subcategories of risk are
most important for measuring problem areas in the supply base that can lead to supply
disruption risk. As more subcategories are added to a particular category, the relative 159
impact each subcategory has on the score of the overall category declines. Similarly, as
more categories are added to the risk assessment and monitoring tool, the relative
weight each category contributes to the overall risk index of a supplier or part declines.
In both cases, the risk indices become less sensitive to a large risk rating on any one
factor. As a result, the riskiness of a supplier can become “lost” in the morass of factors
measured. While the firm needs enough categories and subcategories to accurately
measure risk, the number should be kept to a minimum. Owing to the importance each
category and subcategory has on the overall risk assessment, they should be
established by higher-level management decision makers most familiar with assessing
supplier risk and the factors that contribute to that risk.
Second, weights need to be established for each category and subcategory. The
relative weights indicate how important each category or subcategory is with respect
to disruptions affecting the supply base of the firm. A higher weight on a particular
factor will cause that factor to have more impact on the calculated risk index. As
previously mentioned, the weights can be based on the probability of each category of
disruption occurring, the relative impact each category of disruption has on supply, or
any other factor considered important to the company. Given the importance of the
weights to the overall assessment process, they should also be established by
higher-level management decision makers familiar with risk assessment.
Third, each subcategory must be rated. Some factors such as war and terrorism,
political issues/unrest, information infrastructure breakdown, level of system
integration, etc. are quite subjective and ratings on these factors should be made by
higher level managers familiar with assessing these factors. In contrast, factors such as
on-time delivery, defects/million, value of the product, etc. are more quantitative and
definitive in nature. Provided appropriate data entry forms are created (by upper level
decision makers familiar with risk assessment) that allow the user to pick from a menu
of available options, ratings for these factors can be made by purchasing agents,
production control personnel, quality inspectors, production level employees, etc.
Depending on the relationships a firm has with its suppliers, some of these ratings may
even be filled in by the individual suppliers via a web-based methodology. To help
prevent rating bias from occurring, the individuals rating each factor should not be
able to view the weights applied to each category or subcategory.
Fourth, in order to use the methodology in a proactive manner, the ratings on each
subcategory must be updated on a periodic basis and the data analyzed for patterns,
high-risk levels, or trends that indicate potential problems. If the methodology is
updated too frequently, the job becomes too onerous and it will be difficult to get the
employees, suppliers, etc. to buy in and to use the methodology. In contrast, if the
methodology is updated too infrequently, too much time can elapse and the predictive
capability of the methodology is reduced. While the time interval between updates will
vary from firm to firm, daily updates are likely too often, while monthly updates are
IJPDLM probably not often enough. Somewhere between these two periods is most likely to be
38,2 effective. Moreover, some subcategories should be updated more often than others. For
example, defects per million would be updated with each batch received, whereas
earthquakes or other natural disasters would (hopefully) occur much less frequently.
Therefore, the time interval between updates will also vary from subcategory to
subcategory.
160 As the operational issues just discussed indicate, the methodology described in this
paper is capable of integrating information from a variety of individuals at various
levels – both within the company and between the company and its suppliers. The
categories, subcategories, weights, and ratings for subjective factors would be made by
decision makers at higher managerial levels in the organization, while the actual
recording of ratings for more quantitative and definitive factors such as defects/million
could be made by purchasing managers, production level employees, etc. Each of these
data entry points can be secured to prevent unauthorized access. Thus, the risk
assessment and monitoring tool is capable of securely capturing and integrating risk
information at varying levels, both within the organization and between the
organization and its suppliers. This is especially noteworthy since past research has
primarily focused on risk analysis at the highest levels in the firm.
Next, if the company changes the weighting of a particular category or subcategory, it
is not necessary to re-enter the specific data values. This makes it easy to perform what-if
analysis to investigate how different scenarios affect the riskiness of a supplier or a part. It
also makes it easy for managers to adjust the tool so that a particular risk index is sensitive
to changes in categories which have the most impact on risk levels. For example, a
manager might want to increase the weight of the quality category to make the overall risk
measure more sensitive to quality measures due to recent problems with a particular part.
Finally, the use of the tool as a cross-functional risk monitoring process must be
considered. Through our interviews with the auto manufacturer, the challenge is to
have supply chain risk management become a part of the job responsibility across
different functions with all functions involved collaborating and communicating
effectively. This is called for in the literature as well. For example, Kiser and Cantrell
(2006) stated that communication in effective supply risk management cannot be
overemphasized. Use of the supplier risk methodology in this paper allows for the
understanding of risky parts of the supply base and provides a tool to better predict
where disruptions have the potential to shut down portions of the supply chain.
Finally, the auto manufacturer mentioned that a change of culture was necessary to
implement the methodology and that the company needed to develop a culture of cross
functionally managing risk on a daily basis.
References
Butler, S.A. and Fishbeck, P. (2002), “Multi-attribute risk assessment”, Proceedings of the
Symposium on Requirements Engineering for Information Security, Raleigh, NC.
Cavinato, J.L. (2004), “Supply chain logistics risk”, International Journal of Physical Distribution
& Logistics Management, Vol. 34 No. 5, pp. 383-7.
Chopra, S. and Sodhi, M. (2004), “Managing risk to avoid supply-chain breakdown”, MIT Sloan
Management Review, Vol. 46 No. 1, pp. 53-61.
Craighead, C., Blackhurst, J., Rungtusanatham, M. and Handfield, R. (2007), “The severity of
supply chain disruptions: design characteristics and mitigation capabilities”, Decision
Sciences Journal, Vol. 38 No. 1, pp. 131-56.
Davis, F.D. (1989), “Perceived usefulness, perceived ease of use, and user acceptance of
information technology”, MIS Quarterly, Vol. 13 No. 3, pp. 319-40.
Faisal, M.N., Banwet, D.K. and Shankar, R. (2006), “Mapping supply chains on risk and customer
sensitivity dimensions”, Industrial Management & Data Systems, Vol. 106 No. 6,
pp. 878-95.
Faisal, M.N., Banwet, D.K. and Shankar, R. (2007), “Quantification of risk mitigation environment
of supply chains using graph theory and matrix methods”, European Journal of Industrial
Engineering, Vol. 1 No. 1, pp. 22-39.
Hallikas, J., Karvonen, I., Pulkkinen, U., Virolainen, V-M. and Tuominen, M. (2004), “Risk
management processes in supplier networks”, International Journal of Production
Economics, Vol. 90, pp. 47-58.
Hayashi, Y., Smith, R. and Chozick, A. (2007), “Quake bring safety issue to fore; plant standard in Supplier risk
focus after radioactive leak; Japan’s auto output hit”, Wall Street Journal, Vol. 19, p. A.4,
(Eastern Edition). assessment and
Hendricks, K. and Singhal, V. (2003), “The effect of supply chain glitches on shareholder wealth”, monitoring
Journal of Operations Management, Vol. 21 No. 5, pp. 501-22.
Hendricks, K. and Singhal, V. (2005), “An empirical analysis of the effect of supply chain
disruptions on long run stock price performance and equity risk of the firm”, Production 163
and Operations Management, Vol. 14 No. 1, pp. 35-52.
Humphreys, P., Huang, G. and Cadden, T. (2005), “A web-based supplier evaluation tool for the
product development process”, Industrial Systems and Data Management, Vol. 105
Nos 1/2, pp. 147-63.
Jharkharia, S. and Shankar, R. (2007), “Selection of logistics service provider: an analytic network
process (ANP) approach”, Omega, Vol. 35 No. 3, pp. 274-89.
Johnson, M.E. (2001), “Learning from toys: lessons in managing supply chain risk from the toy
industry”, California Management Review, Vol. 43 No. 3, pp. 106-26.
Jüttner, U., Peck, H. and Christopher, M. (2003), “Supply chain risk management: outlining an
agenda for future research”, International Journal of Logistics: Research and Applications,
Vol. 6 No. 4, pp. 197-209.
Kiser, J. and Cantrell, G. (2006), “Six step to managing risk”, Supply Chain Management Review,
April, pp. 12-17.
Levy, D. (1995), “International sourcing and supply chain stability”, Journal of International
Business Studies, Vol. 26 No. 2, pp. 343-60.
Mayer, R.J., Painter, M.K. and de Witte, P.S. (1994), IDEF Family of Methods for Concurrent
Engineering and Business Re-engineering Applications, Technical report, Knowledge
Based Systems Inc., College Station, TX.
Nagurney, A., Cruz, J., Dong, J. and Zhang, D. (2005), “Supply chain networks, electronic
commerce, and supply side and demand side risk”, European Journal of Operational
Research, Vol. 164, pp. 120-42.
Norrman, A. and Jansson, U. (2004), “Ericsson’s proactive supply chain risk management
approach after a serious sub-supplier accident”, International Journal of Physical
Distribution & Logistics Management, Vol. 34 No. 5, pp. 434-56.
Pai, R.R., Kallepalli, V.R., Caudill, R.J. and Zhou, M. (2003), IEEE International Conference on
Systems, Man and Cybernetics, Vol. 5, IEEE, Piscataway, NJ, pp. 4560-5.
Peck, H. and Christopher, M. (2004), “The five principles of supply chain resilience”, Logistics
Europe, February, pp. 17-21.
Radjou, N. (2002), Adapting to Supply Network Change, Forrester Research Tech Strategy Report,
Cambridge, MA.
Ragsdale, C.T. (2001), Spreadsheet Modeling and Decision Analysis, South-Western College
Publishing, Cincinnati, OH.
Rice, J. and Caniato, F. (2003), “Building a secure and resilient supply chain”, Supply Chain
Management Review, Vol. 7 No. 5, pp. 22-30.
Riddalls, C. and Bennett, S. (2002), “Production-inventory system controller design and supply
chain dynamics”, International Journal of Systems Science, Vol. 33 No. 3, pp. 181-95.
Saaty, T. (1990), Decision Making for Leaders: The Analytic Hierarchy Process for Decisions in a
Complex World, RWS Publications, Pittsburg, PA.
IJPDLM Sarkis, J. (1998), “Evaluating environmentally conscious business practices”, European Journal
of Operational Research, Vol. 107, pp. 59-174.
38,2 Sinha, P., Whitman, L. and Malzahn, D. (2004), “Methodology to mitigate supplier risk in an
aerospace supply chain”, Supply Chain Management: An International Journal, Vol. 9 No. 2,
pp. 154-68.
Svensson, G. (2000), “A conceptual framework for the analysis of vulnerability in supply chains”,
164 International Journal of Physical Distribution & Logistics Management, Vol. 30 No. 9,
pp. 731-49.
Talluri, S. and Narasimhan, R. (2002), “Vendor evaluation with performance variability: a
max-min approach”, European Journal of Operational Research, Vol. 146, pp. 543-52.
Verma, R. and Pullman, M. (1998), “An analysis of the supplier selection process”, Omega, Vol. 26
No. 6, pp. 739-50.
Wu, T., Blackhurst, J. and Chidambaram, V. (2006), “A model for inbound supply risk analysis”,
Computers in Industry, Vol. 57 No. 4, pp. 350-65.
Zsidison, G. (2003), “Managerial perceptions of supply risk”, Journal of Supply Chain
Management, Vol. 39 No. 1, pp. 14-26.
Zsidisin, G. and Ellram, L. (1999), “Supply risk assessment analysis”, PRACTIX: Best Practices
in Purchasing & Supply Management, Vol. 2 No. 4, pp. 9-12.
Zsidisin, G. and Smith, M. (2005), “Managing supply risk with early supplier involvement: a case
study and research propositions”, Journal of Supply Chain Management, Vol. 41 No. 4,
pp. 44-57.
Zsidisin, G., Melnyk, S. and Ragatz, G. (2005), “An institutional theory perspective of business
continuity planning for purchasing & supply management”, International Journal of
Production Research, Vol. 43 No. 16, pp. 3401-20.
Zsidisin, G., Ellram, L., Carter, J. and Cavinato, J. (2004), “An analysis of supply chain assessment
techniques”, International Journal of Physical Distribution & Logistics Management,
Vol. 34 No. 5, pp. 397-413.
Appendix
This appendix provides the mathematical notation for the calculations provided within the text
of the paper.
To formally describe the risk assessment formulation for both parts and suppliers, let:
.
rijkl ¼ the risk rating for category i, subcategory j, part k, from supplier l;
.
vkl ¼ the percent of production purchased for part k from supplier l;
. sij ¼ the subcategory weight for category i and subcategory j; and
.
ci ¼ the category weight for category i.
We then define PRLijk, the part risk assessment score for category i, subcategory j, and part k
across all suppliers as:
X
PRLijk ¼ ðr £ vkl Þ;
l ijkl
and PRSik, the part risk assessment score for category i and part k across all subcategories as:
X
PRSik ¼ j
ðPRLijk £ sij Þ;
and PRCk, the part risk assessment score for part k across all categories as:
X
PRCk ¼ i
ðPRSik £ ci Þ:
The risk assessment score for suppliers is derived in much the same way as for parts. We define Supplier risk
LRPijl, the supplier risk assessment score for category i, subcategory j, and supplier l across all
parts as: assessment and
P
k ðr £ vkl Þ monitoring
LRPijl ¼ Pijkl ;
k vkl
and LRSil, the supplier risk assessment score for category i and supplier l across all
subcategories as:
X
165
LRSil ¼ j
ðLRPijl £ sij Þ;
and LRCl, the supplier risk assessment score for supplier l across all categories as:
X
LRCl ¼ i
ðLRSil £ ci Þ: