APICS is the premier professional association for supply chain management.

Perceptions of Peril

By Richard E. Crandall, PhD, CFPIM, CIRM, CSCP | March/April 2012 | 22 | 2

Evaluating risk management in supply chains

Supply chain risk management has become a concern for all types of organizations. As businesses move to loosely coupled networks of customers and suppliers spread over wide geographic areas and diverse business environments, the likelihood of potential disruptions increases.

Organization leaders have a responsibility to manage these risks and minimize the negative effects. However, as reported in a recent APICS study, “Supply chain risk management is still at an early stage of maturity and … there are gaps at the organizational management level and the supply chain and operations management level” (APICS 2011). The study found that 72 percent of organizations do not have a risk management role or position, and almost one-third have practiced risk management for no more than five years.

Another survey found that 85 percent of surveyed companies suffered at least one supply chain disruption during 2011, with the following being the major causes: adverse weather (51 percent), unplanned information technology or telecommunications outage (41 percent), transport network disruption (21 percent), and earthquake or tsunami (21 percent) (Veysey 2011).

General categories of risk

The number of articles on risk management has increased rapidly over the past decade, which is typical of new programs. The literature provides a variety of discussions about risk management in supply chains. Writers present specific, but somewhat limited, snapshots of the total supply chain risk management mosaic. Spekman and Davis (2004) looked at the dimensions of risk, which included

  • flow of goods and services
  • flow of information
  • flow of money
  • security of internal information systems
  • risks with relationships forged among supply chain partners
  • corporate social responsibility and the extent to which supply chain members’ reputations and images can be tainted by actions of another member engaging in improper activities.

At about the same time, Cavinato (2004) identified risks and uncertainties in supply chains as

  • physical—the actual movements and flows within and between firms
  • financial—the flows of cash between organizations
  • informational—the processes and electronic systems, data movement, access to key information, and capture and use of data
  • relational—the appropriate relationships between a supplier, the organization, and its customers for maximum benefit
  • innovative—the processes and linkages across the firm, its customers, and its suppliers, as well as resource parties for discovering and bringing to market product, service, and process opportunities.

Supply risks. George A. Zsidisin (2003) organized risks in supply chains in a classification scheme that considers elements along the supply chain: the internal product, the market, and suppliers. He included three types of supply risks—item, market, and supplier characteristics—and compared how they are affected by higher- and lower-perceived risk.

Hunter et al. (2004) examined the importance and probability of risk. They extracted strategies as shown in Table 1.

New product development risks. While creating new products is usually viewed as an opportunity to enhance a company’s competitive position, it also carries with it a number of risks, as shown in Table 2 (Khan, Christopher, and Burnes 2008).

Outsourcing risks. Kremic (2006) compiled a list of risks that could result from outsourcing activities, which include

  • unrealized savings or hidden costs
  • less flexibility
  • poor contract or poor selection of partner
  • loss of knowledge, skills, or corporate memory
  • loss of control of core competencies
  • power shifts to suppliers
  • supplier problems (poor performance or bad relations, opportunistic behavior, not giving access to best talent or technology, and so on)
  • loss of customers, opportunities, or reputation
  • uncertainty or changing environment
  • poor morale or other employee issues.

Turbulent environments risks. In an expanded perspective of supply chain risks, Trkman and McCormack (2009) developed the following classification scheme. Supplier attributes include financial performance, human resource factors, operational factors, culture, and relationship factors. Supply chain strategy and structure involves supply chain type (lean, agile, or hybrid), supplier types, business structure, and geographic location. Endogenous uncertainty encompasses market turbulence, new products, price sensitivity, level of competition, demand swings, new customers versus repeat, and technology turbulence. And exogenous uncertainty deals with continuous items (interest rates, gross domestic product, commodity prices, and the like) and discrete events (such as terrorism, disasters, and strikes).

Risk management paradigms

That risk management is becoming more important in most organizations is exemplified in an article in Strategic Finance, the journal for management accounting. The author summarized the difference between traditional financial risks and contemporary business risks. (See Table 3.)

The involvement of management accountants in risk management should help integrate the allocation of the necessary resources to prevent or mitigate risks, with operations management formulating their identification and strategy. The variety of risk categories described shows the wide range of risks in supply chains.

Actions to mitigate or prevent risk disruptions

There are also myriad actions to mitigate or prevent risk disruptions.

Matching mitigation strategies with category of risk. In addition to identifying types of risks, it is important to develop some actions to prevent or mitigate the extent of the risk effect. Chopra and Sodhi (2004) explained this as follows:

  • Disruptions—driven by natural disaster, labor dispute, supplier bankruptcy, war, terrorism, or dependency on a single source of supply
  • Delays—resulting from high capacity use at the supplier, inflexibility of supply source, poor quality or yield, excessive handling at border crossings, or change in transportation modes
  • Systems—caused by breakdown of information infrastructure, system integration or extensive systems networking, or e-commerce
  • Forecast—due to inaccurate forecasts as a result of long lead times, seasonality, product variety, short life cycles, small customer base, or information distortion
  • Intellectual property—driven by vertical integration of supply chain and global outsourcing and markets
  • Procurement—the result of exchange rate risk, percentage of a key component from a single source, industry-wide capacity constraint, and length of contracts
  • Receivables—affected by the number of customers and financial strength of customers
  • Inventory—because of the rate of product obsolescence, inventory holding cost, product value, and demand and supply uncertainty
  • Capacity—resulting from cost of capacity and capacity flexibility.

The authors recommend that companies use stress testing to understand and prioritize supply chain risks. This involves what-if scenarios that enable people to focus on the supply chain one link at a time and identify possible disruptions. As a result of the analysis, companies will be better able to design mitigation responses should the disruption occur.

Chopra and Sodhi also identified a number of strategies to mitigate the effects of risks:

  • Increase capacity. Focus on low-cost, decentralized capacity for predictable demand; build centralized capacity for unpredictable demand; increase decentralization as cost of capacity drops.
  • Acquire redundant suppliers. Favor more redundant supply for high-
    volume products and less redundancy for low-volume products, and centralize redundancy for low-volume product in a few flexible suppliers.
  • Increase responsiveness. Choose cost over responsiveness for commodity products and responsiveness over cost for short life cycle products.
  • Increase inventory. Decentralize inventory of predictable, lower-value products and centralize inventory of less predictable, highest-value products.
  • Increase flexibility. Support cost over flexibility for predictable, high-volume products and flexibility for low-volume, unpredictable products; centralize flexibility in a few locations if it is expensive.
  • Pool or aggregate demand. Increase aggregation as unpredictability grows.
  • Capability. Select capability over cost for high-volume, high-risk products and cost over capability for low-value commodity products; centralize high capability in flexible sources if possible.

The need for strategy

In one of the early articles about the need to develop stronger supply management, Peter Kraljic (1983) outlined an approach to shaping the supply strategy.

Phase 1. Classification of purchased items:

  • Strategic (high profit impact, high supply risk)
  • Bottleneck (low profit impact, high supply risk)
  • Leverage (high profit impact, low supply risk)
  • Noncritical (low profit impact, low supply risk)

Phase 2. Market analysis:

  • The company compares its own bargaining power with that of its suppliers by assessing the supply market, the availability of strategic materials, and the relative strengths of existing suppliers.

Phase 3. Strategic positioning:

  • Consider the areas of strengths and vulnerability, using the following strategies:
  • Where the company is stronger than its suppliers, exploit that strength.
  • Where the suppliers are stronger than the company, diversify supplier base.
  • Where the company is equal to its suppliers, balance the relationship.

Phase 4. Action plan:

  • Based on the foregoing analysis, a company should develop strategies for dealing with volume, price, contractual coverage, new suppliers, inventories, production, substitution, value engineering, and logistics.

Kraljic cautions: “Few companies today can allow purchasing to be managed in isolation from the other elements of their overall business systems. Greater integration, stronger cross-functional relations, and more top-management involvement are all necessary.” While he was writing before the surge of interest in supply chains, it is apparent that he anticipated the evolution from an internally focused procurement to an external dependence on widespread supply partners.

Building confidence through collaboration

Spekman and Davis (2004) stressed the need for trust building among supply chain partners to reduce risk. Christopher and Lee (2004) echo this theme and point out that lack of confidence can lead companies into a risk spiral, where the risk increases and confidence erodes. With increased confidence, companies are able to substitute information for inventory, thereby reducing costs and creating a positive reduced risk spiral.

Perception versus reality

Zsidisin and Wagner (2010) ask: Do perceptions become reality? They believe operations managers have a good understanding of risks and their potential impact on the business. If managers perceive risks exist, they are likely to take actions to prevent or minimize the impact if those risks actually occur. If they take appropriate action, the negative impact of the risks will be reduced.

The authors write: “Understanding the source of risk is important for creating a tailored strategy for reducing the occurrence of supply disruptions, such as the use of flexibility in order to create resiliency from risk that originates from extended supply chains. When risk stems from forces outside the control of supply chain participants, it is imperative to insulate themselves, at least in the short-term, from the effects of a disruption occurrence by using practices that create redundancy in the supply chain” (Zsidisin and Wagner 2010).

Figure 1 provides an overview of a proposed model. The horizontal axis shows a progression from internal causes on the left to external causes in the center to natural disasters on the right. The vertical axis shows a progression from low impact at the bottom to medium impact in the center to high impact at the top. Internal risks of disruption carry a high frequency of occurrence but a low potential impact. Natural disasters have a very low frequency of occurrence but a very high potential impact. Disruptions from external sources fall somewhere between internal and natural disaster disruptions in both frequency and impact.

Internal risks can be described as follows.

Low-impact, high-frequency, expected, minor disruptions. In normal operations, more closely linked supply chains are designed to minimize disruptions. However, they may also be the most adversely affected should a disruption occur. If lean production practices are used throughout, there is little buffering with inventory or excess capacity. Therefore, a disruption will have a greater negative impact. Disruptions during normal operations can be identified and planned for; therefore, they should have limited effect on the supply chain’s operation.

Medium-impact, moderate-frequency, anticipated, moderate disruptions. The introduction of new projects or major events can introduce greater risk. The mandate by Walmart to use radio frequency identification by suppliers introduced disruptions that probably could have been anticipated, but which represented more deliberate planning to accommodate.

High-impact, low-frequency, low-predictability, major disruptions. A final category of risk in supply chains occurs when participants opt to remove themselves from the supply chain. A customer may find another supplier or a supplier may go out of business. Product recalls or noncompliance with government regulations also can represent unanticipated, major disruptions.

Operating in an open system environment also presents an array of external supply chain disruptions. While some of these changes can be anticipated, their timing and magnitude often cannot. Their disruptive impact can range from minimal to major. While they represent uncertainty, a firm must consider their potential impact and develop flexible processes in order to cope with their eventuality.

Competitors. Competitors introduce new products, change prices, launch major advertising initiatives, and buy suppliers. Operations management professionals should identify the most likely moves by a competitor and plan an appropriate response.

Economy. Recent fluctuations in the United States and global economies caused many companies to rethink their strategies about outsourcing, new product launches, investment in added capacity, and other resource-intensive decisions. These are “new normal” times; decisions that worked well during growth periods no longer do.

Technology. Technology continues to be a source of progress; unfortunately, it also introduces disruptions in normal supply chain operations. Information technology can be especially disruptive when it introduces major changes in processes and interorganizational communications, such as electronic data interchange on the internet or cloud computing.

Government. Federal governments can change tax incentives for environmentally friendly investment; strengthen the enforcement of product tracking; or require health care insurance for all employees. State or local governments can change the sales tax rate, restrict waste disposal, heighten recycling requirements, or increase incentives for new business startups. Governments move slowly and in somewhat uncertain paths, but their impact can be significant.

Environment. The direction and timing of the environmental sustainability movement are uncertain. However, it appears that its impact will be a major opportunity or threat to many establishments.

Society. Cultural and generational differences abound. Buying habits, especially in the e-business age, are changing rapidly. Decisions about investments in brick-and-mortar retail stores and malls are brain-twisting in their variations. Executives know the future will not be like the past, but are struggling to determine how to use that knowledge.

Natural disasters

Yuva (2010) provides a summary of natural disasters occurring throughout the world during the last decade, using data from the Center for Research on Epidemiology of Disasters, as shown in Table 4.

The total indicates some type of natural disaster occurs on the average daily. While some have greater impact, any could be disruptive to a supply chain. The recent earthquake in Japan and flooding in Thailand and the Philippines are dramatic evidence that these kinds of natural disasters can have a significant effect on supply chains. Firms must be agile enough to quickly adapt to these unpredictable, yet not unexpected, occurrences.


Designing and implementing an effective supply chain is difficult, even without the threat of disruptive risks. However, good risk management is a requirement in this age of extended and complex supply chains.


  1. APICS 2011 Supply Chain Risk Challenges and Practices. 2011. APICS The Association for Operations Management, Chicago, IL.
  2. Cavinato, Joseph L. 2004. “Supply chain logistics risks: From the back room to the board room,” International Journal of Physical Distribution & Logistics Management 34 (5), 383.
  3. Chopra, Sunil and ManMohan S. Sodhi. 2004. “Managing risk to avoid supply chain breakdown,” MIT Sloan Management Review 46 (1), 53.
  4. Christopher, Martin and Hau Lee. 2004. “Mitigating supply chain risk through improved confidence,” International Journal of Physical Distribution & Logistics Management 34 (5), 388.
  5. Hillman, Mark (2006). Strategies for managing supply chain risk, Supply Chain Management Review 10 (5), 11.
  6. Hunter, Lisa M., Chickery J. Kasouf, Kevin G. Celuch, and Kathryn A. Curry. 2004. “A classification of business-to-business buying decisions: Risk importance and probability as a framework for e-business benefits,” Industrial Marketing Management 33 (2), 145.
  7. Khan, Omera, Martin Christopher, and Bernard Burnes. 2008. “The impact of product design on supply chain risk: A case study,” International Journal of Physical Distribution & Logistics Management 38 (5), 412.
  8. Kraljic, Peter. 1983. “Purchasing must become supply management,” Harvard Business Review 61 (5), 109.
  9. Kremic, Tibor, Ova Lcmeli Tukel, and Walter O. Rom. 2006. “Outsourcing decision support: A survey of benefits, risks, and decision factors,” Supply Chain Management 11 (6), 467.
  10. Spekman, Robert E., and Edward W. Davis. 2004. “Risky business: expanding the discussion on risk and the extended enterprise,” International Journal of Physical Distribution & Logistics Management 34 (5), 414.
  11. Thomson, Jeffrey C. 2010. “Staying on track in a turnaround,” Strategic Finance December 2010, 43.
  12. Trkman, Peter, and Kevin McCormack. 2009. “Supply chain risk in turbulent environments—A conceptual model for managing supply chain network risk,” International Journal of Production Economics. 119 (2), 247.
  13. Veysey, Sarah. 2011. “Majority of companies suffered supply chain disruption in 2011: Survey,” businessinsurance.com, accessed November 8, 2011.
  14. Yuva, John. 2010. “Assess your vulnerability to natural disasters,” Inside Supply Management 21 (9), 28–31.
  15. Zsidisin, George A. and Stephan M. Wagner. 2010. “Do perceptions become reality? The moderating role of supply chain resiliency on disruption occurrence,” Journal of Business Logistics 31 (2), 1.
  16. Zsidisin, George A. 2003. “Managerial perceptions of supply risk,” Journal of Supply Chain Management. 39 (1), 14.

For a free bibliography of more than 60 articles on this subject, contact the author at crandllre@appstate.edu.

Richard E. Crandall, PhD, CFPIM, CIRM, CSCP, is a professor at Appalachian State University in Boone, North Carolina. He may be contacted at crandllre@appstate.edu.

All comments will be published pending approval. Read the APICS Comment Policy.


  1. RadEditor - HTML WYSIWYG Editor. MS Word-like content editing experience thanks to a rich set of formatting tools, dropdowns, dialogs, system modules and built-in spell-check.
    RadEditor's components - toolbar, content area, modes and modules
    Toolbar's wrapper 
    Content area wrapper
    RadEditor's bottom area: Design, Html and Preview modes, Statistics module and resize handle.
    It contains RadEditor's Modes/views (HTML, Design and Preview), Statistics and Resizer
    Editor Mode buttonsStatistics moduleEditor resizer
    RadEditor's Modules - special tools used to provide extra information such as Tag Inspector, Real Time HTML Viewer, Tag Properties and other.