ArticlePDF Available

House of risk: A model for proactive supply chain risk management

Authors:

Abstract and Figures

Purpose – Increasingly, companies need to be vigilant with the risks that can harm the short-term operations as well as the long-term sustainability of their supply chain (SC). The purpose of this paper is to provide a framework to proactively manage SC risks. The framework will enable the company to select a set of risk agents to be treated and then to prioritize the proactive actions, in order to reduce the aggregate impacts of the risk events induced by those risk agents. Design/methodology/approach – A framework called house of risk (HOR) is developed, which combines the basic ideas of two well-known tools: the house of quality of the quality function deployment and the failure mode and effect analysis. The framework consists of two deployment stages. HOR1 is used to rank each risk agent based on their aggregate risk potentials. HOR2 is intended to prioritize the proactive actions that the company should pursue to maximize the cost-effectiveness of the effort in dealing with the selected risk agents in HOR1. For illustrative purposes, a case study is presented. Findings – The paper shows that the innovative model presented here is simple but useful to use. Research limitations/implications – In the proposed framework, the correlations between risk events are ignored, something that future studies should consider including. Practical implications – The framework is intended to be useful in practice. For the calculation processes, a simple spreadsheet application would be sufficient. However, most of the entries needed in the model are based on subjective judgment and hence cross-functional involvement is needed. Originality/value – The paper adds to the SC management literature, a novel practical approach of managing SC risks, in particular to select a set of proactive actions deemed cost-effective.
Content may be subject to copyright.
House of risk: a model
for proactive supply chain
risk management
I. Nyoman Pujawan and Laudine H. Geraldin
Department of Industrial Engineering,
Sepuluh Nopember Institute of Technology, Surabaya, Indonesia
Abstract
Purpose Increasingly, companies need to be vigilant with the risks that can harm the short-term
operations as well as the long-term sustainability of their supply chain (SC). The purpose of this paper is
to provide a framework to proactively manage SC risks. The framework will enable the company to
select a set of risk agents to be treated and then to prioritize the proactive actions, in order to reduce the
aggregate impacts of the risk events induced by those risk agents.
Design/methodology/approach A framework called house of risk (HOR) is developed, which
combines the basic ideas of two well-known tools: the house of quality of the quality function deployment
and the failure mode and effect analysis. The framework consists of two deployment stages. HOR1 is
used to rank each risk agent based on their aggregate risk potentials. HOR2 is intended to prioritize the
proactive actions that the company should pursue to maximize the cost-effectiveness of the effort in
dealing with the selected risk agents in HOR1. For illustrative purposes, a case study is presented.
Findings The paper shows that the innovative model presented here is simple but useful to use.
Research limitations/implications In the proposed framework, the correlations between risk
events are ignored, something that future studies should consider including.
Practical implications The framework is intended to be useful in practice. For the calculation
processes, a simple spreadsheet application would be sufficient. However, most of the entries needed in
the model are based on subjective judgment and hence cross-functional involvement is needed.
Originality/value The paper adds to the SC management literature, a novel practical approach of
managing SC risks, in particular to select a set of proactive actions deemed cost-effective.
Keywords Supply chain management, Risk management
Paper type Research paper
Introduction
Business communities are facing increasingly more risky environments recently.
Stringent competitions, internal instability caused by employee strikes and technical
failures, changes in macro-economy and politics, as well as natural and man-made
disasters are sources of risks facing business communities nowadays. In the context of
supply chain (SC), the increasing risks are partly due network complexity as a result of
companies outsourcing more activities to outside parties. A study conducted by Finch
(2004) revealed that the inter-organizational networking increased large companies
exposure to risks, especially if the partners are small and medium enterprises. Craighead
et al. (2007) argues that SC structure which includes such factors as density, complexity,
and node criticality could increase the severity of SC disruptions. In addition, factors such
as reduction of supply base, globalization of SC, shortened product life cycles, and capacity
limitation of key components also increase SC risks (Norrman and Jansson, 2004).
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1463-7154.htm
Supply chain
risk management
953
Business Process Management
Journal
Vol. 15 No. 6, 2009
pp. 953-967
q Emerald Group Publishing Limited
1463-7154
DOI 10.1108/14637150911003801
Risk is a function of the level of uncertainty and the impact of an event (Sinha et al.,
2004). As pointed out by Goh et al. (2007) there are two types of SC risks based on their
sources: risks arising from the internal of the SC network and those from the external
environments. Tang (2006a) classified SC risks into operations and disruptions risks. The
operations risks are associated with uncertainties inherent in a SC which include demand,
supply, and cost uncertainties. Disruption risks, on the other hand, are those caused by
major natural and man-made disasters such as flood, earthquake, tsunami, and major
economic crisis. Both operations and disruption risks could seriously disrupt and delay
materials, information, and cash flow, which in the end could damage sales, increase
costs, or both (Chopra and Sodhi, 2004). Analysis conducted by Hendricks and Singhal
(2003, 2005) show that companies experiencing disruption risks were significantly
outperformed by their peers in terms of operating as well as stock performance.
To survive in a risky business environment, it is imperative for companies to have a
proper SC risk management. If poorly handled, disruptions in SC could result in costly
delays causing poor service level and high cost (Blackhurst et al., 2005). According to
Norrman and Jansson (2004), the focus of SC risk management is to understand, and try
to avoid, the devastating effects that disasters or even minor business disruptions can
have in a SC. The aim of SC risk management is to reduce the probability of risk events
occurring and to increase resilience, that is, the capability to recover from a disruption.
Sheffi and Rice (2005) suggest that the SC resilience can be improved by either creating
redundancy or improving flexibility. However, as suggested by Ritchie and Brindley
(2007), classic SC risk management such as maintaining buffer stocks and slack lead
times are becoming less viable nowadays. With the increasing interest in SC
management, where companies no longer focus solely on their own organizations, the SC
risk management should also be managed in relation with inter-organizational view.
Risk in the SC centers around the major flows (materials, information, and cash) between
organizations and hence, SC risks extend beyond the boundaries of a single firm
( Juttner, 2005).
In this paper, we present an innovative model for proactive SC risk management.
The term proactive is used to imply preventive nature of the effort in the sense that we
mostly deal with the risk agents. This is based on the notion that attacking the causes
(or the risk agents) could concurrently prevent one or more risk events from happening.
We modified the well-known failure mode and effect analysis (FMEA) model for risk
quantification and adapt the house of quality (HOQ) model for prioritizing which risk
agents are to be dealt with first and for selecting the most effective actions in order to
reduce the risks potentially posed by the risk agents. In the quantification stage, we first
define basic SC processes based on the supply chain operations reference (SCOR)
terminology. The core SC processes will be analyzed to identify the risks that could
happen and the consequences if it happened. The risk agents and their associated
probabilities are also assessed. We defined aggregate risk potential for each risk agent
as the aggregate severity of impacts caused by a risk agent. To provide an illustration on
how the model works, we present the application of the model to a large fertilizer
company in Indonesia.
Existing models for SC risk assessment and mitigation
Assessing the risk level related to SC under which an organization is operating is a
crucial step in SC risk management (Kull and Closs, 2008). A number of different models
BPMJ
15,6
954
for risk assessment and mitigation have been proposed in the literature. Sinha et al.
(2004) proposed a methodology to mitigate SC risks. The model involves the process of
identifying, assessing, planning and implementing solution, conducting FMEA
analysis, and doing continuous improvement. The five activities were modeled in
IDEF0 where each activity should have an input, an output, a mechanism, and a control.
The model was applied to a supplier in the aerospace industry. In the FMEA stage, the
risk potential number (RPN) of each potential failure mode is a product of the probability
of a failure mode occurring (P) and the associated severity of impacts generated (S )ifit
occurred. Both the P and S were assessed subjectively using a scale of 1-10.
A SC risk management model for Ericsson, a leading telecom company based in
Sweden, was proposed by Norrman and Jansson (2004). The model was developed in the
form of a closed-loop process of risk identification, risk assessment, risk treatment, and
risk control. In parallel to these processes, the model also includes incident handling and
contingency planning.
Kleindorfer and Saad (2005) proposed a methodology in dealing with SC disruption
risks. The methodology includes three general processes, called specifying resources of
risk and vulnerabilities, assessment, and mitigation. To implement the above-three tasks,
the authors proposed ten principles derived from industrial risk and SC management
literatures.
Cucchiella and Gastaldi (2006) presented a real option approach for managing SC
risks. The proposed model include six steps (Harland et al., 2003) to be carried out:
analysis of SC, identify uncertainty sources, examine the subsequent risk, manage risk,
individualize the most adequate real option, and implement SC risk strategy. The real
option types considered in the paper include defer, stage, explore, lease, outsource, scale
down, scale up, abandon switch, and strategic grow.
Analytical hierarchy process (AHP) has also been used to assess risk in a SC
(Gaudenzi and Borghesi, 2006). The AHP was used to prioritize SC objectives,
identifying risk indicators, as well as assessing the potential impact of negative events
and the cause-effects relationships along the chain. The authors suggest that SC risk
management can be considered as a process that supports the achievement of SC
management objectives.
House of risk mode l
Our model is based on the notion that a proactive SC risk management should attempt to
focus on preventive actions, i.e. reducing the probability of risk agents to occur.
Reducing occurrence of the risk agents would typically prevent some of the risk events
to occur. In such a case, it is necessary to identify the risk events and the associated risk
agents. Typically, one risk agent could induce more than one risk events. For example,
problems in a supplier production system could result in shortage of materials and
increased reject rate where the latter is due to switching procurement to other, less
capable, suppliers.
In the well-known FMEA, risk assessment is done through calculation of a RPN as a
product of three factors, i.e. probability of occurrence, severity of impacts, and
detection. Unlike in the FMEA model where both the probability of occurrence and the
degree of severity are associated with the risk events, here we assign the probability to
the risk agent and the severity to the risk event. Since one risk agent could induce a
number of risk events, it is necessary to quantity the aggregate risk potential of a risk
Supply chain
risk management
955
agent. If O
j
is the probability of occurrence of risk agent j, S
i
is the severity of impact if
risk event i occurred, and R
ij
is the correlation between risk agent j and risk event i
(which is interpreted as how likely risk agent j would induce risk event i ) then the ARP
j
(aggregate risk potential of risk agent j) can be calculated as follows:
ARP
j
¼ O
j
i
X
S
i
R
ij
ð1Þ
We adapt the HOQ model to determine which risk agents should be given priority
for preventive actions. A rank is assigned to each risk agent based on the magnitude of the
ARP
j
values for each j. Hence, if there are many risk agents, the company can select first a
few of those considered having large potentials to induce risk events. In this paper, we
propose two deployment models, called HOR, both of which are based on the modified HOQ:
(1) HOR1 is used to determine which risk agents are to be given priority for
preventive actions.
(2) HOR2 is to give priority to those actions considered effective but with reasonable
money and resource commitments.
HOR1
In the HOQ model, we relate a set of requirements (what) and a set of responses (how)
where each response could address one or more requirements. The degree of
correlation is typically classified as none (and given an equivalent value of 0), low (one),
moderate (three), and high (nine). Each requirement has a certain gap to fill and each
response would require some types of resources and funds.
Adopting the above procedure, the HOR1 is developed through the following steps:
(1) Identify risk events that could happen in each business process. This can be
done through mapping SC processes (such as plan, source, deliver, make, and
return) and then identify “what can go wrong” in each of those processes.
Ackermann et al. (2007) provide a systematic way of identifying and assessing
risks. In HOR1 model shown in Table I, the risk events are put in the left
column, represented as E
i
.
Risk
event Risk agents (A
j
)
Severity
of risk
event
Business processes (E
i
) A
1
A
2
A
3
A
4
A
5
A
6
A
7
i (S
i
)
Plan E
1
R
11
R
12
R
13
S
1
E
2
R
21
R
22
S
2
Source E
3
R
31
S
3
E
4
R
41
S
4
Make E
5
S
5
E
6
S
6
Deliver E
7
S
7
E
8
S
8
Return E
9
S
9
Occurrence of agent jO
1
O
2
O
3
O
4
O
5
O
6
O
7
Aggregate risk potential j ARP
1
ARP
2
ARP
3
ARP
4
ARP
5
ARP
6
ARP
7
Priority rank of agent j
Table I.
HOR1 model
BPMJ
15,6
956
(2) Assess the impact (severity) of such risk event (if happened). We use a 1-10 scale
where 10 represents extremely severe or catastrophic impact (see Shahin (2004)
for a detailed verbal description about the scale). The severity of each risk event is
put in the right column of Table I, indicated as S
i
.
(3) Identify risk agents and assess the likelihood of occurrence of each risk agent. Here,
a scale of 1-10 is also applied where 1 means almost never occurred and a value of
10 means almost certain to happen. The risk agents (A
j
) are placed on top row of the
table and the associated occurrence is on the bottom row, notated as O
j
.
(4) Develop a relationship matrix, i.e. relationship between each risk agent and
each risk event, R
ij
{0, 1, 3, 9} where 0 represents no correlation and 1, 3, and 9
represent, respectively, low, moderate, and high correlations.
(5) Calculate the aggregate risk potential of agent j (ARP
j
) which is determined as the
product of the likelihood of occurrence of the risk agent j and the aggregate impacts
generated by the risk events caused by the risk agent j as in equation (1) above.
(6) Rank risk agents according to their aggregate risk potentials in a descending
order (from large to low values).
HOR2
HOR2 is used to determine which actions are to be done first, considering their
differing effectiveness as well as resources involved and the degree of difficulties in
performing. The company should ideally select set of actions that are not so difficult to
perform but could effectively reduce the probability of risk agents occurring.
The steps are as follows:
(1) Select a number of risk agents with high-priority rank, possibly using Pareto
analysis of the ARP
j
, to be dealt with in the second HOR. Those selected will be
placed in the left side (what) of HOR2 as depicted in Table II. Put the
corresponding ARP
j
values in the right column.
(2) Identify actions considered relevant for preventing the risk agents. Note that
one risk agent could be tackled with more than one actions and one action could
simultaneously reduce the likelihood of occurrence of more than one risk agent.
The actions are put on the top row as the “How” for this HOR.
Preventive action (PA
k
) Aggregate risk potentials
To be treated risk agent (A
j
)PA
1
PA
2
PA
3
PA
4
PA
5
(ARP
j
)
A
1
E
11
ARP1
A
2
ARP2
A
3
ARP3
A
4
ARP4
Total effectiveness of action k TE
1
TE
2
TE
3
TE
4
TE
5
Degree of difficulty performing
action kD
1
D
2
D
3
D
4
D
5
Effectiveness to difficulty ratio ETD
1
ETD
2
ETD
3
ETD
4
ETD
5
Rank of priority R
1
R
2
R
3
R
4
R
5
Table II.
HOR2 model
Supply chain
risk management
957
(3) Determine the relationship between each preventive action and each risk agent,
E
jk
. The values could be {0, 1, 3, 9} which represents, respectively, no, low,
moderate, and high relationships between action k and agent j. This
relationship (E
jk
) could be considered as the degree of effectiveness of action k in
reducing the likelihood of occurrence of risk agent j.
(4) Calculate the total effectiveness of each action as follows:
TE
k
¼
j
X
ARP
j
E
jk
;k ð2Þ
(5) Assess the degree of difficulties in performing each action, D
k
, and put those
values in a row below the total effectiveness. The degree of difficulties, which
can be represented by a scale (such as Likert or other scale), should reflect the
fund and other resources needed in doing the action.
(6) Calculate the total effectiveness to difficulty ratio, i.e. ETD
k
¼ TE
k
=D
k
.
(7) Assign rank of priority to each action (R
k
) where Rank 1 is given to the action
with the highest ETD
k
.
Case examp le
Brief company background
We applied the above models to a large government-owned fertilizer company in
Indonesia. The company has three production plants and produces a wide range of
fertilizer, including Urea, TSP, and ZA. The raw materials used in these plants include
natural gas and a number of chemical substances such as sulfur and potassium
chloride. The aggregate capacity of the three plants is above 3 million tons per year.
The main products are distributed to all regions in Indonesia which are divided into
two distribution areas. As a government-owned company, the pricing, marketing, and
distribution of the products should comply with the government regulations. Although
most of the information presented in this case study has been based on our field study
with the company, for some reasons, some of the results have been modified by the
authors.
Identification of risk events and assessment of their severity
The risk events were identified through breakdown of major business processes into
sub-processes and then asking the question of “what can go wrong?” in each of the
sub-processes. We followed the five major SC processes according to SCOR
terminologies defined by the SC council. The company has already documented risk
events before this study was carried out so we included many of already defined risk
events in this study. Some of other risk events were identified during the study, through
interview and brainstorming with relevant managers, which then led us to have a total of
22 risk events (four of which are associated with plan, six with source, five with make,
five with deliver, and two with return). Some of the identified risk events are presented in
Table III.
The next step is the assessment of severity of each risk event. This was accomplished
by distributing questionnaire to relevant managers. They were asked to fill in a number
(between 1 and 10) next to each risk event where a value of 1 means almost no impact
if the associated risk event occurred while a value of 10 means hazardous impact (see
BPMJ
15,6
958
Shahin (2004) for a more detailed description of the scales). Numbers in the parentheses
in Table III represent the severity of the associated risk events.
Identification of risk agents
Many of the risk agents had also been documented by the company. However, we did
make clarification and suggest some other possible risk agents not included in their
list. Finally, we ended up with a total of 22 risk agents as presented in Table IV along
with their respective degree of occurrence. The occurrence represents the probability of
each of those risk agents happening. The values range from one to ten where a value of
1 means almost never occurred and a value of 10 means almost certain to happen
(Shahin, 2004). The values of occurrence were also obtained through questionnaire
distributed to relevant managers.
Identification of correlation between risk agents and risk events
The relationship between the risk agents and risk events were identified and a value
of 0, 1, 3, or 9 was assigned in each combination. We obtain, for example, a value of
Major
processes Sub-processes Risk events (severity) Code
Plan Demand forecasting Large forecast error (four) E
1
Production planning Sudden changes in production plans (six) E
2
Inventory control for
materials
Discrepancy between recorded and available stocks
(five)
E
3
Inaccurate ordering parameters (four) E
4
Source Procurement process Purchase requisition (PR) is not received by
procurement department (six)
E
5
Delay in sending RFQ/RFP documents (five) E
6
Delay in evaluating RFP/RFP (five) E
7
Wrong items sent by the suppliers (seven) E
8
Inaccurate owner estimate (three) E
9
Supplier evaluation and
development
Supplier breach contract agreement (seven) E
10
Make Production execution and
control
Damaged products E
11
Shortage of materials (seven)
Available inventory cannot be utilized (four) E
12
Forced plant shut down (nine) E
13
Delay in production execution (six) E
14
Packaging process Leakage of package items (four) E
15
Deliver Selection of shipping
companies
Shortage of shipment capacity during farming season
(six)
E
16
Warehousing of finished
products
Shortage of products in distribution center (seven) E
27
Delivery of products to
customers
Wrong products delivered to customer (seven) E
18
Products delivered to wrong destination (five) E
19
Delay in delivery to customer (six) E
20
Return Returning rejected items
to supplier
Delay in return process to supplier (two) E
21
Handling return from
customers
Delay in return process from customer (five) E
22
Table III.
Some of risk events
identified through
breakdown of business
processes
Supply chain
risk management
959
9 between A14 (interrupted gas supply) and E
13
(forced plant shut down), indicating
that the interrupted gas supply would certainly result in forced plant shut down. The
relationships between each risk agent and each risk event is shown in HOR1 in Table V.
Aggregate risk potentials
With the three inputs above, we can calculate the aggregate risk potentials of each risk
agent. As an illustration, consider risk agent 1 (significant increase in demand). The
likelihood of this agent occurring is 6 in the 1-10 scale. This risk agent has a high
correlation (scored 9) with four risk events, each with degree of severity of 4, 4, 7, and 7,
a moderate correlation with one risk event with an associated severity of 6, and a low
correlation with an associated severity of 6. Hence, the ARP of this risk agent is
calculated as follows:
ARP1 ¼ 6 £ ½9ð4 þ 4 þ 7 þ 7Þþ3ð6Þþ1ð6Þ ¼ 1; 332
As can be seen from Table V, the calculated values range from 56 to 1,539. The Pareto
diagram of the aggregate risk potentials for all 22 risk events is shown in Figure 1. The
results show that there is only one risk agent with an ARP value of more than 1,500;
four risk agents with an ARP value between 1,000 and 1,500; six risk agents with an
ARP value between 500 and 1,000; and the rests (11) have an ARP value below 500.
Further analysis shows that the first five risk agents contribute to about 50 percent of
the total ARP values and ten risk agents contribute to 75 percent of the total ARP.
Identification and prioritizing proactive actions
The above-Pareto diagram indicates that the degree of importance of reducing the
probability of occurrence of each risk agent differs widely. Naturally, a company
Code Risk agent Occurrence
A
1
Significant increase in a demand Six
A
2
Shortage in supply capacity Two
A
3
Inaccurate price reference Six
A
4
Urgent PR from user Six
A
5
PR does not include clear specification Five
A
6
Technical evaluation requires long time Eight
A
7
Dependence on one supplier Four
A
8
Natural disaster Two
A
9
Seasonality factor Five
A
10
No or limited information visibility across the SC Four
A
11
Labor strike Two
A
12
Exchange rate fluctuation Two
A
13
Supplier bankruptcy One
A
14
Interrupted gas supply Five
A
15
Interrupted electricity supply Four
A
16
Problems of custom clearance Six
A
17
Changes in sales plans Nine
A
18
Messiness in the storage area Ten
A
19
Report on stock mutation is not received on time by the central office Nine
A
20
Vessels do not arrive on schedule Eight
A
21
Breakdown of IT system Four
A
22
Package items do no meet specification Seven
Table IV.
Some of risk agents and
their occurrence
BPMJ
15,6
960
Risk agents
Risk events A
1
A
2
A
3
A
4
A
5
A
6
A
7
A
8
A
9
A
10
A
11
A
12
A
13
A
14
A
15
A
16
A
17
A
18
A
19
A
20
A
21
A
22
S
i
E
1
93314
E
2
33136
E
3
19 3 5
E
4
911 4
E
5
336
E
6
399 3 1 9 5
E
7
339 3 1 3 5
E
8
9 7
E
9
333 3393 3
E
10
97
E
11
99 313333 13 9 1 3 4
E
12
33 31 7
E
13
939199 6
E
14
93333193 9
E
15
96
E
16
39194
E
17
93 1 3933 3 1 3 9 7
E
18
13 3 7
E
19
136
E
20
13 1 3133 31 9 7
E
21
111 1 7
E
22
111 1 5
O
j
6266 584254221 5466910 9 84
ARP
j
1,332 510 126 180 1,070 776 168 320 800 560 358 56 99 1,200 396 180 426 630 870 1,539 1,032 216
P
j
2 11 20 17 4 8 19 15 7 10 14 22 21 3 13 18 12 9 6 1 5 16
Note: E
i
and A
j
refers to the definition in Tables III and IV, respectively
Table V.
HOR1 of the case
company
Supply chain
risk management
961
should prioritize those with high-aggregate risk potentials. For illustrative purposes,
we picked the ten risk agents which contribute to about 75 percent of the total ARP.
The second HOR framework in the section three can be used to identify and prioritize
proactive actions that the company should do in order to maximize the effectiveness of
effort with acceptable resource and financial commitments. The HOR2 which presents
the ten risk agents with the ten proposed actions is depicted in Table VI. The difficulty
of performing each action is classified into three categories: low with a score of 3,
medium with a score of 4, and high with a score of 5. As pointed out above, the degree
of difficulty should also reflect the money and other resources needed to perform the
corresponding action. Hence, the ratio would indicate the cost effectiveness of each
action. However, we should aware that the use of different scale in measuring the
degree of difficulty may result in changes of the ranks, indicating the need to perform
sensitivity analysis when applying this framework in a real case.
The priority for each action is obtained based on the values of the effectiveness to
difficulty ratio of action k (ETD
k
). The higher the ratio, the more cost effective is the
proposed action. From Table VI, we see that the most cost effective action would be to
improve the cross functional team within the organization.
In general, the actions could be strategic or tactical in nature. Juttner et al. (2003)
suggest that mitigation actions could be in the form of avoidance, control, cooperation,
and flexibility. Risk avoidance could be done by, for example, dropping specific
products/geographical markets. Risk control can be done by vertical integration and
increasing the inventory buffer, while cooperation can be in the form of sharing risk
information and jointly develop a contingency plan with suppliers. A number of efforts
to increase flexibility, as another form of risk mitigation strategies, can be done
through postponing activities deemed risky to be done before receiving orders from
customers and establishing multiple suppliers. Similarly, Tang (2006b) provides a list
Figure 1.
Pareto diagram
of aggregate risk
potentials of all risk
agents
0
200
400
600
800
1,000
1,200
1,400
1,600
1,800
A20
A1
A14
A5
A21
A19
A9
A6
A18
A10
A2
A17
A15
A11
A8
A22
A4
A16
A7
A3
A13
A12
Risk agent
0.0
20.0
40.0
60.0
80.0
100.0
120.0
ARP
j
Cum. ARP
j
BPMJ
15,6
962
Description
of risk agents
Better
coordination
with
shipping
company
Multi-carrier
transportation
Strategic
stock at
DC
Lateral
shipment
at DC
Strategic
negotiation
with gas
supplier
Better
cross
functional
integration
Standardization
of coding for
purchased
items
Outsourcing
IT
maintenance
Implementation
of 5S
Empowerment
of ERP
systems
Code (A
j
)PA
1
PA
2
PA
3
PA
4
PA
5
PA
6
PA
7
PA
8
PA
9
PA
10
ARP
j
A
20
Vessels do
not arrive on
schedule 9 3 3 3 1,539
A
1
Significant
increase in
demand 9 3 1 1,332
A
14
Interrupted
gas supply 9 1,200
A
5
PR does not
include clear
specification 9 9
1
3 1,070
A
21
Breakdown
of IT system 3
9
3 1,032
A
19
Report on
stock
mutation is
not received
on time by
the central
office 9
3
9 870
A
9
Seasonality
factor 9 3 800
A
6
Technical
evaluation
requires long
time 3 3
3
3 776
A
18
Messiness in
the storage
area 1
9
630
A
10
No or limited
information
visibility
across the SC 3 3
9
9 560
(continued)
Table VI.
HOR2 of the case
company
Supply chain
risk management
963
Description
of risk agents
Better
coordination
with
shipping
company
Multi-carrier
transportation
Strategic
stock at
DC
Lateral
shipment
at DC
Strategic
negotiation
with gas
supplier
Better
cross
functional
integration
Standardization
of coding for
purchased
items
Outsourcing
IT
maintenance
Implementation
of 5S
Empowerment
of ERP
systems
Code (A
j
)PA
1
PA
2
PA
3
PA
4
PA
5
PA
6
PA
7
PA
8
PA
9
PA
10
ARP
j
Total
effectiveness
of proactive
action k
(TE
k
) 15,531 4,617 23,805 6,396 10,800 31,143 11,958 20,336 5,670 21,504
Difficulty of
performing
action k (D
k
) L(3) H(5) M(4) M(4) H(5) L(3) M(4) M(4) M(4) M(4)
Effectiveness
to difficulty
ratio of
action k
(ETD
k
) 5,177 923 5,951 1,599 2,160 10,381 2,989 5,084 1,417 5,376
Rank of
proactive
action k (R
k
)4 10 2 8 7 1 6 5 9 3
Table VI.
BPMJ
15,6
964
of possible strategies for designing a robust SC. These include postponement, strategic
stock, flexible supply base, flexible transportation, and silent product rollover. Sodhi
and Lee (2007) present various possible strategies to mitigating SC risk, in particular
within the consumer electronic industry sector.
Discussions and concluding remarks
We presented a model for proactive risk management in this paper. We adapted the
well-known HOQ model to determine which risk actions to be tackled first and to select
a set of proactive actions deemed cost-effective to be prioritized. The proposed model is
different from the previous models in the sense that we select the risk agents having
large aggregate risk potentials, i.e. those with high probability of occurring and
causing many risk events with severe impacts. In HOR2 model, we prioritize the
actions based on the ratio of the total effectiveness to the degree of difficulty. Since the
degree of difficulty includes such considerations as money and other resources needed,
the ratio would reflect the cost effectiveness of each action.
To the best of our knowledge, the HOR model presented in this paper has never
been proposed in any previous literature on SC risk management. As an illustration
of the application of the model, we present a case study of a large fertilizer company
in Indonesia. The model is intended to be generic in nature, so that it can be
implemented to any type of companies without much changes needed. The procedure
would still be the same, although the types of risk events, the risk agents, and the
strategies to mitigate the risks would vary from case to case.
While the model can be easily implemented in practice, where a simple spreadsheet
can be used to do the calculation needed in the two HOR models, the input to the model
requires significant data collection and brainstorming within the organization. A good
cross-functional team would be required to arrive at the identification and definition of
the risk events and risk agents, their associated degree of severity and rate of occurrence
as well as the correlation between each risk agent and each risk event. Reference to
previous works in the relevant industry sector would certainly be useful in the
brainstorming process.
In this paper, we ignored the dependence between risk events. In reality such
dependencies could happen. For example, if there is a large forecast error, the values
of the ordering parameters such as safety stock and reorder point tend to be less
accurate. Likewise, delivery delay to customers would increase the chance of having a
shortage at the distribution center. In future studies, such dependencies should be
taken into account. The use of analytical network process in determining the relative
severity of risk event could be considered as a way to handle dependencies between
risk events.
References
Ackermann, F., Eden, C., Williams, T. and Howick, S. (2007), “Systematic risk assessment: a case
study”, Journal of the Operational Research Society, Vol. 58 No. 1, pp. 39-51.
Blackhurst, J., Craighead, C.W., Elkins, D. and Handfield, R.B. (2005), “An empirically derived
agenda of critical research issues for managing supply chain disruptions”, International
Journal of Production Research, Vol. 43 No. 19, pp. 4067-81.
Chopra, S. and Sodhi, S.M. (2004), “Managing risk to avoid supply-chain breakdown”, Sloan
Management Review, Vol. 46 No. 1, pp. 53-61.
Supply chain
risk management
965
Craighead, C.W., Blackhurst, J., Rungtusanatham, M.J. and Handfield, R.B. (2007), “The severity
of supply chain disruptions: design characteristics and mitigation capabilities”, Decision
Sciences, Vol. 38 No. 1, pp. 131-56.
Cucchiella, F. and Gastaldi, M. (2006), “Risk management in supply chain: a real
option approach”, Journal of Manufacturing Technology Management, Vol. 17 No. 6,
pp. 700-20.
Finch, P. (2004), “Supply chain risk management”, Supply Chain Management: An International
Journal, Vol. 9 No. 2, pp. 183-96.
Gaudenzi, B. and Borghesi, A. (2006), “Managing risk in the supply chain using the AHP
method”, The International Journal of Logistics Management, Vol. 17 No. 1, pp. 114-36.
Goh, M., Lim, J.Y.S. and Meng, F. (2007), “A stochastic model for risk management in
global supply chain networks”, European Journal of Operational Research, Vol. 182,
pp. 164-73.
Harland, C., Brenchley, R. and Walker, H. (2003), “Risk in supply networks”, Journal of
Purchasing and Supply Management, Vol. 9 No. 2, pp. 51-62.
Hendricks, K.B. and Singhal, V.R. (2003), “The effect of supply chain glitches on shareholder
wealth”, Journal of Operations Management, Vol. 21, pp. 501-22.
Hendricks, K.B. and Singhal, V.R. (2005), “An empirical analysis of the effect of supply chain
disruptions on long-run stock price performance and equity risk of the firm”, Production
and Operations Management, Vol. 14 No. 1, pp. 35-52.
Juttner, U. (2005), “Supply chain risk management: understanding the business requirements
from a practitioner perspective”, International Journal of Logistics Management, Vol. 16
No. 1, pp. 120-41.
Juttner, U., Peck, H. and Christopher, M. (2003), “Supply chain risk management: outlining an
agenda for future research”, International Journal of Logistics: Research and Application,
Vol. 6 No. 4, pp. 197-210.
Kleindorfer, P.R. and Saad, G.H. (2005), “Managing disruption risks in supply chains”,
Production and Operations Management, Vol. 14 No. 1, pp. 53-68.
Kull, T. and Closs, D. (2008), “The risk of second-tier supplier failures in serial supply chains:
implications for order policies and distributor autonomy”, European Journal of
Operational Research, Vol. 186 No. 3, pp. 1158-74.
Norrman, A. and Jansson, U. (2004), “Ericsson’s proactive supply chain risk management
approach after a serious sub-supplier accident”, International Journal of Physical
Distribution & Logistics Management, Vol. 34 No. 5, pp. 434-56.
Ritchie, B. and Brindley, C. (2007), “An emergent framework for supply chain risk management
and performance measurement”, Journal of the Operational Research Society , Vol. 58 No. 11,
pp. 1398-411.
Shahin, A. (2004), “Integration of FMEA and the Kano model: an exploratory examination”,
International Journal of Quality & Reliability Management, Vol. 21 No. 7, pp. 731-46.
Sheffi, Y. and Rice, J.B. Jr (2005), “A supply chain view of the resilient enterprise”, MIT Sloan
Management Review, Vol. 47 No. 1, pp. 41-8.
Sinha, P.R., Whitman, L.E. and Malzahn, D. (2004), “Methodology to mitigate supplier risk in an
aerospace supply chain”, Supply Chain Management: An International Journal, Vol. 9 No. 2,
pp. 154-68.
Sodhi, M.S. and Lee, S. (2007), “An analysis of sources of risk in the consumer electronics
industry”, Journal of the Operational Research Society, Vol. 58 No. 11, pp. 1430-9.
BPMJ
15,6
966
Tang, C.S. (2006a), “Perspectives in supply chain risk management: a review”, International
Journal of Production Economics, Vol. 103, pp. 451-8.
Tang, C.S. (2006b), “Robust strategies for mitigating supply chain disruptions”, International
Journal of Logistics: Research and Application, Vol. 9 No. 1, pp. 33-45.
Corresponding author
I. Nyoman Pujawan can be contacted at: pujawan@ie.its.ac.id
Supply chain
risk management
967
To purchase reprints of this article please e-mail: reprints@emeraldinsight.com
Or visit our web site for further details: www.emeraldinsight.com/reprints
... d. Assessing degree of difficulty of proactive action Degree of difficulty is a scale for determining the level of difficulty that reflects the costs and other resources required to perform a proactive action [18]. Degree of difficulty assessment is conducted by assigning a value from a scale of 3, 4, and 5 where 3 indicates mitigation actions are not too difficult to implement and the costs incurred are considered quite affordable, 4 indicates mitigation is quite difficult to implement and the costs incurred are considered quite high, and 5 indicates mitigation actions are difficult to implement and the costs incurred are considered high [18]. ...
... Assessing degree of difficulty of proactive action Degree of difficulty is a scale for determining the level of difficulty that reflects the costs and other resources required to perform a proactive action [18]. Degree of difficulty assessment is conducted by assigning a value from a scale of 3, 4, and 5 where 3 indicates mitigation actions are not too difficult to implement and the costs incurred are considered quite affordable, 4 indicates mitigation is quite difficult to implement and the costs incurred are considered quite high, and 5 indicates mitigation actions are difficult to implement and the costs incurred are considered high [18]. e. Calculate the Total Effectiveness (TE) value Total effectiveness is uses to know how effective the proactive action to mitigate risk agent. ...
... The next stage is risk analysis. The risk analysis stage includes consideration of the impact of the risk, the causes of the risk, the probability for the risk to occur and determine the Aggregate Risk Potential (ARP) [18]. From Table 4 above, it is known that there are 20 risk events are identified in XYZ and its severity. ...
... The study results indicate that potential risks in the Oil Field Development Project can be found and identified to formulate a mitigation strategy. Pujawan and Geraldin (2009) proposed a supply chain risk management method by developing a House of Quality (HOQ) model with the calculation of Failure Mode Effect Analysis. It aims to rank the mitigation strategies based on the calculation results so that certain mitigation strategies can be prioritised based only on the effectiveness-to-difficulty ratio. ...
... Several more recent contributions are addressing risk management from the logistics perspective, such as managing risk with Supply Chain Risk Management Process (Tummala & Schoenherr, 2011), risk analysis for the supplier using FMEA (Li & Chen, 2014), supply chain risk evaluation based on FUZZY TOPSIS (Sun et al., 2015), risk management in oil field development project using Fishbone Analysis (Hamid et al., 2017), and risk management using House of Risk (Pujawan & Geraldin, 2009). ...
... This study applied the House of Risk approach proposed by Pujawan and Geraldin (2009). First, the risk is identified and assessed; then, the risk mitigation strategy is formulated. ...
Article
Full-text available
Currently, every company is competing to improve the performance of their supply chain, and the efforts include loss mitigation, which requires risk management. This study aims to identify risks and develop risk mitigation strategies for Indonesia’s “PT. SPLP” company. First, this study identifies every risk in the Supply Chain Operation Reference to determine the causes. A mitigation strategy is formulated based on the criteria. According to the study results, each division faced specific risks, and the best mitigation strategy was a briefing at the beginning of each shift. The results indicate that different data processing methods used by companies lead to various risks and mitigation strategy results. Risk management is carried out and evaluated at “PT. SPLP” regularly.
... HOR is combination House of Quality and Failure Modes and Effects Analysis (FMEA) method that is often used in the process of risk assessment [11]. The model of FMEA used to identify potential failure in products or services with the purpose of to eliminate or minimize the risk of failure [12]. ...
... The approach of HOR compute by defining the value Aggregate Risk Potential (ARP) that classified decision making process to execute. The output of HOR is categorized into several steps as follow [11]: • Stage 1, Identify supply chain activities based on the SCOR model, in order to facilitate the detection process in which risks may arise. • Stage 2, Identify the total risk of failure that could occur in any activity in the supply chain. ...
... Fuzzy ANP method is used to divide priority risk categories in the supply chain, while the VIKOR method is used to determine the most prioritized risk sequences. In other study, (Pujawan & Geraldin, 2009) conduct supply chain risk management research in the petrochemical industry using SCOR models such as plan, source, make, delivery, and return combined by the HOR. HOR 1 is used to determine priority risk and design risk handling while HOR 2 is used to determine the weight of risk management that will be prioritized. ...
... The House of Risk (HOR) method is the development of the FMEA method (Failure Mode and Effect Analysis) and House of Quality (HOQ) tools on the Qualtiy Function Deployment (QFD). Adopting the procedure above, HOR I was developed through the following steps (Pujawan & Geraldin, 2009): 1. Identifying risk events that can occur in every business process. This can be done through the supply chain mapping process (plan, source, make, deliver, and return) and then identify "what can be wrong" in each of these processes. ...
Article
This paper the risk of supply chain systems using the method of Supply Chain Operation Reference (SCOR), House of Risk (HOR) and Fuzzy Analytical Network Process (FANP). The SCOR method is used to identify risks that will appear in the supply chain flow by dividing into five processes, namely plan, source, make, deliver, and return. Furthermore, the HOR method is used to identify risk sources so as to obtain the aggregate risk potential (ARP). As for designing risk handling, the FANP method is used so that it produces a sequence of weights from risk handling. A case in a paralon pipe company was used for the application of research. From this study, 25 risk events and 25 risk sources were identified to get 25 Aggregate Risk Potential (ARP). The Pareto chart is used to get 10 Risk agents. The HOR method is used to obtain 23 alternative risk controls. Furthermore, the FANP method is used to determine the priority of 23 risk controls. And with a table, we get the priority order of risk control.
... Wu et al. [32] used AHP to rank suppliers' risk factors and develop a method for hierarchically classifying inbound supply risk factors. Pujawan and Geraldin [33] developed a framework for actively managing SCRs using HOR and presented a combination of core ideas from two well-known house of quality tools and FMEA. Moeinzadeh and Hajfathaliha [34] employed a combination of fuzzy sets, ANP and VIKOR for SCR assessment. ...
Article
Full-text available
Health systems are recognised as playing a potentially important role in many risk management strategies; however, there is strong evidence that health systems themselves have been the victims of unanticipated risks and have lost their functionality in providing reliable services. Existing risk identification and assessment tools in the health sector, particularly in the blood supply chain, address and evaluate risks without taking into account their interdependence and a holistic perspective. As a result, the aim of this paper is to develop a new systemic framework based on a semi-quantitative risk assessment approach to measure supply chain risks, which will be implemented through a case study on the Iranian BSC. This paper identifies and assesses supply chain risks (SCRs) by employing a novel systemic process known as SSM-SNA-ISM (SSI). First, the supply chain and its risks are identified using Soft Systems Methodology (SSM). Then, given the large number of risks, the second stage uses Social Network Analysis (SNA) to identify the relationships between the risks and select the most important ones. In the third stage, risk levelling is performed with a more in-depth analysis of the selected risks and the application of Interpretive Structural Modelling (ISM), and further analysis is performed using the Cross-Impact Matrix Multiplication Applied to Classification (MICMAC). The study found that by using the new proposed approach, taking into account risk relationships, and taking a holistic view, various supply chain risks could be assessed more effectively, especially when the number of risks is large. The findings also revealed that resolving the root risks of the blood supply chain frequently necessitates management skills. This paper contributes to the literature on supply chain risk management in two ways: First, a novel systemic approach to identifying and evaluating risks is proposed. This process offers a fresh perspective on supply chain risk modelling by utilising systems thinking tools. Second, by identifying Iranian BSC risks and identifying special risks.
Chapter
Risk management is known as a complex process both for business and education organizations. In order to organize the risk management process in accordance with standards and requirements, it is necessary to identify risks, the causes of their occurrence, determine the consequences of possible damage and define corrective actions aimed at reducing the risk situations occurrence. The purpose of this study is to develop a risk management model for the development of an educational organization based on the integration of some tools of standardization, digitalization and lean production. The integration model will improve the decision-making process through quantitative and qualitative analysis at each stage of uncertainty. The key advantage of the study is the risk management model, which allows establishing a causal relationship between the causes of risks and their consequences. The model is simulated in accordance with the requirements of the international standard ISO 31000-2018.
Book
Full-text available
Uluslararası Ticarette Lojistik Riskleri ve Maliyetleri
Article
Full-text available
Many companies leave risk management and business continuity to security professionals, business continuity planners or insurance professionals. However, the authors argue, building a resilient enterprise should be a strategic initiative that changes the way a company operates and increases its competitiveness. Reducing vulnerability means both reducing the likelihood of a disruption and increasing resilience. Resilience, in turn, can be achieved by either creating redundancy or increasing flexibility. Redundancy is the familiar concept of keeping some resources in reserve to be used in case of a disruption. The most common forms of redundancy are safety stock, the deliberate use of multiple suppliers even when the secondary suppliers have higher costs, and deliberately low capacity utilization rates. Although necessary to some degree, redundancy represents pure cost with no return except in the eventuality of disruption. The authors contend that significantly more leverage, not to mention operational advantages, can be achieved by making supply chains flexible. Flexibility requires building in organic capabilities that can sense threats and respond to them quickly. Drawing on ongoing research at the MIT Center for Transportation and Logistics involving detailed studies of dozens of cases of corporate disruption and response, the authors describe how resilient companies build flexibility into each of five essential supply chain elements: the supplier, conversion process, distribution channels, control systems and underlying corporate culture. Case examples of Land Rover, Aisin Seiki Co. (a supplier to Toyota), United Parcel Service, Dell, Baxter International, DHL and Nokia, among others, are offered to illustrate how building flexibility in these supply chain elements not only bolsters the resilience of an organization but also creates a competitive advantage in the marketplace.
Article
Full-text available
While the literature related to supply-chain disruptions is informative, it has primarily focused on supply-chain disruptions from a general or high-level view of the phenomenon (e.g. supply-chain uncertainty, risk perceptions). Additionally, although most would agree that disruptions are present in all supply chains, there is a limited amount of information on how to deal with them from a practical perspective in both the short term and long term. Because of the importance of and research needs within this area, we launched a major multi-industry, multi-methodology empirical study on supply-chain disruptions. The study is multi-faceted in that it seeks insights into many issues within the broad area of global sourcing and supply-chain disruptions. Throughout our various interactions with industry, we found that several common themes and issues surfaced as being critical to successful disruption analysis and mitigation as well as resilient supply-chain design. Within this paper, we report on these key issues and discuss the needs within the supply-chain research to contribute to them.
Article
Full-text available
Purpose – The aim of the research is to provide a method to evaluate supply chain risks that stand in the way of the supply chain objectives. Design/methodology/approach – An analytical hierarchy process model is proposed to identify supply chain risk factors with a view to improving the objective of customer value. The two phases of the method are the prioritization of supply chain objectives; and the selection of risk indicators. A case study is also presented. Findings – The appreciation of the most critical supply chain risks comes from careful evaluations of the impacts and a consideration of the cause-effect relationships. The involvement of key managers is essential. In the case study the two most divergent evaluations were from the logistics manager and the sales manager. Research limitations/implications – Further application in various companies and industry sectors would be helpful to compare different cases and findings. Practical implications – The model allows for flexibility in using (and the frequent monitoring of) a panel of indicators by management. The dashboard is composed of only a few indicators and helps in ensuring a synthesis among different perspectives. For these reasons it gives an useful contribution to practitioners. Originality/value – The model seems helpful in creating awareness of supply chain risk. The involvement of managers from different areas is essential in establishing a thorough consideration of critical issues and interdependencies in determining a complete risk analysis. The method can support managers in setting up a priority hierarchy for risk treatment.
Article
Full-text available
Project Risk Registers have been used extensively for many years. However, they do not account for the interaction between risks, for example, the occurrence of one risk exacerbating other risks or portfolios of risks being more significant than the sum of the individual risks. This leads to the need to consider 'risk systemicity' as a part of risk analysis. This paper reports on a specific case for a large multinational project based organization, one that the authors had been involved with in the analysis of a number of projects that had massive cost overruns. Following these analyses the organization was persuaded of the importance of risk systemicity. The organization therefore engaged the authors to develop a 'Risk Filter'. This filter is a tool for identifying areas of risk exposure on future projects and creating a framework for their investigation. The 'Risk Filter' is now used on all projects ever since its introduction; by the end of May 2003 it had been used by nine divisions, on over 60 major projects, and completed by 450 respondents. It is also used at several stages during the life of a project to aid in the risk assessment and management of each project, and contributes to a project database.
Article
Full-text available
Natural disasters, labor disputes, terrorism and more mundane risks can seriously disrupt or delay the flow of material, information and cash through an organization's supply chain. The authors assert that how well a company fares against such threats will depend on its level of preparedness, and the type of disruption. Each supply-chain risk - to forecasts, information systems, intellectual property, procurement, inventory and capacity - has its own drivers and effective mitigation strategies. To avoid lost sales, increased costs or both, managers need to tailor proven risk-reduction strategies to their organizations. Managing supply-chain risk is difficult, however. Dell, Toyota, Motorola and other leading manufacturers excel at identifying and neutralizing supply-chain risks through a delicate balancing act: keeping inventory, capacity and related elements at appropriate levels across the entire supply chain in a rapidly changing environment. Organizations can prepare for or avoid delays by "smart sizing" their capacity and inventory. The manager serves as a kind of financial portfolio manager, seeking to achieve the highest achievable profits (reward) for varying levels of supply-chain risk. The authors recommend a powerful what if? team exercise called stress testing to identify potentially weak links in the supply chain. Armed with this shared understanding, companies can then select the best mitigation strategy: holding "reserves," pooling inventory, using redundant suppliers, balancing capacity and inventory, implementing robust backup and recovery systems, adjusting pricing and incentives, bringing or keeping production in-house, and using Continuous Replenishment Programs (CRP), Collaborative Planning, Forecasting and Replenishment (CPFR) and other supply-chain initiatives.
Article
There are two broad categories of risk affecting supply chain design and management: (1) risks arising from the problems of coordinating supply and demand, and (2) risks arising from disruptions to normal activities. This paper is concerned with the second category of risks, which may arise from natural disasters, from strikes and economic disruptions, and from acts of purposeful agents, including terrorists. The paper provides a conceptual framework that reflects the joint activities of risk assessment and risk mitigation that are fundamental to disruption risk management in supply chains. We then consider empirical results from a rich data set covering the period 1995-2000 on accidents in the U.S. Chemical Industry. Based on these results and other literature, we discuss the implications for the design of management systems intended to cope with supply chain disruption risks.
Supply chain risk management (SCRM) is of growing importance, as the vulnerability of supply chains increases. The main thrust of this article is to describe how Ericsson, after a fire at a sub-supplier, with a huge impact on Ericsson, has implemented a new organization, and new processes and tools for SCRM. The approach described tries to analyze, assess and manage risk sources along the supply chain, partly by working close with suppliers but also by placing formal requirements on them. This explorative study also indicates that insurance companies might be a driving force for improved SCRM, as they now start to understand the vulnerability of modern supply chains. The article concludes with a discussion of risk related to traditional logistics concepts (time, cost, quality, agility and leanness) by arguing that supply chain risks should also be put into the trade-off analysis when evaluating new logistics solutions – not with the purpose to minimize risks, however, but to find the efficient level of risk and prevention.
Article
This article presents a secondary analysis of the literature, supplemented by case studies to determine if large companies increase their exposure to risk by having small- and medium-size enterprises (SMEs) as partners in business critical positions in the supply chain, and to make recommendations concerning best practice. A framework defining the information systems (IS) environment is used to structure the review. The review found that large companies’ exposure to risk appeared to be increased by inter-organisational networking. Having SMEs as partners in the supply chain further increased the risk exposure. SMEs increased their own exposure to risk by becoming partners in a supply chain. These findings indicate the importance of undertaking risk assessments and considering the need for business continuity planning when a company is exposed to inter-organisational networking.