Content uploaded by Stephen Arthur LeMay
Author content
All content in this area was uploaded by Stephen Arthur LeMay on Oct 26, 2015
Content may be subject to copyright.
Supply chain security:
an overview and research agenda
Zachary Williams
Department of Marketing and Hospitality Services Administration,
Central Michigan University, Mount Pleasant, Michigan, USA
Jason E. Lueg
Department of Marketing, Quantitative Analysis, and Business Law,
College of Business and Industry, Mississippi State University, Mississippi State,
Mississippi, USA, and
Stephen A. LeMay
Dalton State College, Dalton, Georgia, USA
Abstract
Purpose – Supply chain security (SCS), as a component of an organization’s overall supply chain risk
management strategy, has become a critical factor for businesses and government agencies since
September 11, 2001, yet little empirical research supports policy or practice for the field. Therefore, this
paper develops and presents a categorization of SCS based on existing research. This categorization of
supply chain literature can help academics and practitioners to better understand SCS and also helps
to identify a research agenda. Setting a research agenda for SCS will help academic and practitioner
research focus on critical issues surrounding SCS.
Design/methodology/approach – The researchers thoroughly reviewed the literature on SCS,
including academic publications, white papers, and practitioner periodicals. The literature was then
categorized according to the approach to SCS and the practical implications of this categorization are
presented. In addition, this categorization was used to identify research gaps.
Findings – This analysis found that SCS needs more attention from the academic community.
Like earlier assessments of this literature, this analysis found it to be mainly normative, with
little research based on primary data. This paper categorizes the literature into four approaches
to SCS: intraorganizational, interorganizational, a combination of intraorganizational and
interorganizational, and ignore. This study develops a focused agenda for future, primary,
empirical research on SCS.
Research limitations/implications – The sources of data for this literature review are secondary.
The review sets a research agenda and calls for future empirical testing.
Practical implications – Practitioners will benefit from the framework presented here by better
understanding approaches to SCS. This comprehensive review discusses the characteristics of SCS in
great depth. As other researchers follow the research agenda, practitioners will benefit from the
empirical findings and theory building.
Originality/value – This paper summarizes the literature on SCS to date, a topic that has grown in
importance, yet received little attention from academics. This is the first comprehensive literature
review of SCS. It includes a categorization of four possible approaches to SCS. It also distinguishes
SCS from supply chain risk, while also recognizing their relationship. It identifies key issues in SCS
research and calls for future research.
Keywords Supply chain management, Risk management, Operations management
Paper type Literature review
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0957-4093.htm
IJLM
19,2
254
The International Journal of Logistics
Management
Vol. 19 No. 2, 2008
pp. 254-281
qEmerald Group Publishing Limited
0957-4093
DOI 10.1108/09574090810895988
Introduction
The events of September 11, 2001 (9/11) have profoundly affected many aspects of
society, including business operations. The effects on supply chain operations are of
special interest to businesses across the globe as supply chains are integrated and
complex, span national borders and great distances, and can involve many
organizations. Because many US-based firms are involved in global supply chains,
the US response to 9/11 has also involved many organizations in many countries.
Whether they choose to or not, supply chain organizations are participating in the
“War on Terror” (Eggers, 2004).
The newly formed US Department of Homeland Security (DHS) has announced that
securing the supply chain is part of a broader strategy for national security (Wilson,
2005). DHS specifically has asked that the business community begin security efforts
in the supply chain (Witt, 2006). Since terrorist cells and rogue governments possibly
view supply chains in the USA as significant targets, DHS suggests that supply chains
are a critical area to begin security measures (Quinn, 2003). These expectations
to improve the security of supply chains have increased pressure on organizations to
meet new requirements and obligations. The obligation being placed on organizations
to protect their supply chains is known as supply chain security (SCS).
The present view of SCS has shifted significantly from its earlier conceptualizations.
Before 9/11, SCS focused primarily on keeping product from leaving the supply chain (i.e.
theft) (Thibault et al., 2006). Post 9/11, the security focus has shifted to preventing
contraband from entering the supply chain. Terrorist contraband entering the supply chain
has the potential to harm more than the supply chain. Thus, private organizations and
public entities must work together to ensure public safety and the efficient flow of goods.
Although these public and private entities have tried to improve SCS, it is difficult
to determine whether current efforts are enough. Wilson (2005) scrutinized the results
of private and public initiatives in SCS. She concluded that vulnerability has not been
ended or even lowered, despite the efforts that have been initiated since 2001. Also,
when it comes to supply chains in a global environment, Barry (2004, p. 695) states:
The shock of 9/11 was to be a wake-up call to the uncertainty of a global environment. It was
instead a snooze button. The world is restored to comfort and complacencies, at least in the
short run.
A primary issue with SCS is that an organization may not know how good its practices
are until they are tested. This fact significantly adds to the difficulty in securing supply
chains.
To date, logistics and SCM literature provide little help in understanding SCS
and/or SCS best practices (Closs and McGarrell, 2004; Hale and Moberg, 2005).
Practitioners have shown more interest in SCS since 9/11, but the academic knowledge
still has many gaps. Therefore, the research presented here reviews and summarizes
the current knowledge base of SCS and also identifies many areas for further research.
Specifically, this research has four goals. First, we discuss what SCS is and how it
relates to the larger construct of risk along with practitioner interest in SCS. Second, we
review the SCS literature and identify four possible categories that organizations can
use to approach SCS. Third, we review the possible links between SCS and
organizational performance. Last, we suggest directions for future research that will
assist in addressing existing SCS knowledge gaps.
Supply chain
security
255
What is supply chain security?
While SCS is considered important and many SCS topics have been studied, few formal
definitions of SCS can be found. For this research, SCS is defined as follows:
The application of policies, procedures, and technology to protect supply chain assets
(product, facilities, equipment, information, and personnel) from theft, damage, or terrorism
and to prevent the introduction or unauthorized contraband, people or weapons of mass
destruction into the supply chain (Closs and McGarrell, 2004, p. 8).
This definition shows that SCS involves efforts to protect against both products
leaving and contraband entering the supply chain. This possible “disruption of flows
between organizations” represents risk to a supply chain ( Ju
¨ttner, 2005, p. 122). More
formally, supply chain risk is the likelihood, the value, and the variance in distribution
of supply chain outcomes ( Ju
¨ttner et al., 2003). Therefore, SCS is a subcomponent of an
organization’s overall risk management strategy. Although the focus of this current
study is specifically on SCS, it is important to appropriately locate the discussion of
SCS in the larger construct of supply chain risk management.
Supply chain risk management is “the identification and management of risks for
the supply chain, through a co-ordinated approach amongst supply chain members, to
reduce vulnerability as a whole” ( Ju
¨ttner et al., 2003, p. 201). Ju
¨ttner et al. (2003) suggest
that there are four interrelated constructs to supply chain risk management:
(1) risk sources;
(2) risk drivers of supply chain strategy;
(3) supply chain risk management strategies; and
(4) outcomes of supply chain risk.
Each is briefly discussed below. (For a comprehensive review of risk management,
please consult Ju
¨ttner et al., 2003).
For the first construct, Ju
¨ttner (2005) suggests that risk sources include any variable
that cannot be accurately predicted which can lead to a supply chain disruption of
some kind. These sources can include:
.accidents (i.e. fire);
.acts of God (i.e. natural disasters); and
.socio-political actions (i.e. terrorist attacks) ( Ju
¨ttner, 2005).
For the second construct, Ju
¨ttner et al. (2003) suggest five primary reasons that risk
within supply chains have increased in recent years:
(1) a stronger focus on efficiency rather than on effectiveness;
(2) supply chain globalization;
(3) focused factories and centralized distribution;
(4) increased outsourcing; and
(5) supply base reduction.
These factors have increased supply chain risk and as a result, have impacted supply
chain strategies.
IJLM
19,2
256
For the third construct, supply chain risk management strategies are the specific
activities that firms partake into reduce the overall level of risk. These include
avoidance, control, co-operation, and flexibility as general supply chain risk mitigation
strategies (Ju
¨ttner et al., 2003). Hence, SCS fits in here as a specific type of supply chain
risk management strategy that helps to reduce overall supply chain risk (Closs et al.,
2008). By focusing efforts on SCS, the likelihood of socio-political actions (i.e. a terrorist
attack) on a supply chain is lowered. So SCS is most concerned with intentional acts to
breach and disrupt a supply chain. Risk may still exist for accidents and acts of God,
but, through SCS efforts, the total risk is lowered.
For the final construct, vulnerability is one of the primary outcomes of supply chain
risk management (Svensson, 2000, 2002, 2004; Wagner and Bode, 2006). Vulnerability
is the exposure to something that could disturb a supply chain (Christopher and Peck,
2004). Another outcome is disruptions. As risk increases, organizations may be more
susceptible to supply chain disruptions which a negative impact on shareholder
value (Hendricks and Singhal, 2003) and operating performance (Hendricks and
Singhal, 2005).
Based on the framework of Ju
¨ttner et al. (2003), we present an updated model
of supply chain risk management (Figure 1). The updated model indicates that SCS
is a specific type of risk mitigation strategy and consists of three primary
approaches: intraorganizational, interorganizational, or a combination of both intra-
and interorganizational. The rest of this discussion will focus on SCS activities as a
primary type of risk mitigation strategy.
Practitioner interest in SCS
Research findings suggest that supply chain executives are worrying more about SCS
than ever before (Spekman and Davis, 2004) and many are saying that security is their
most dire concern (Wilson, 2005). This concern may be justified when considering the
following:
Figure 1.
Updated model of supply
chain risk management
Outcomes of
Supply Chain
Risk
Risk Sources
Source: Jüttner et al. (2003)
Risk Drivers of
Supply Chain Strategy
Supply Chain
Risk Mitigation Strategies
Supply Chain Security:
-Intraorganizational Approach
-Interorganizational Approach
-Combination Approach
Supply chain
security
257
.Over ten million containers were imported to the USA in 2004, representing
about $1.5 billion dollars in goods each day (Wilson, 2005).
.If a supply chain lets a weapon of mass destruction be shipped by container, it
will cost the supply chain about $1 trillion (Eggers, 2004).
.The delays at the USA and Canadian border cost well over $8 billion a year
(Burke, 2005).
.About 30 percent of financial and risk managers said that their firms were not
ready for disruptions to their business (Bradford, 2003).
.About 40 percent of businesses that are affected by terrorism never re-open; of
those that do, 30 percent close within two years of re-opening (Hardy and
Roberts, 2003).
.Rail transportation, which is the mode of choice in some countries, has freight
that is loaded in one location, but usually makes many stops before arriving at
the final location and inspection is not done unless there is a sign of a security
breach (Hess and Wrobleski, 1996.
Although top managers in many organizations are concerned about SCS, they may have
difficulty dedicating resources to implement or bolster SCS initiatives. This is
understandable because of the often heavy cost involved with developing or enhancing
SCS. For example, Booz Allen Hamilton surveyed CEOs in firms with more than
$1 billion in annual revenue (N¼72). About 80 percent of CEOs said SCS is more
important now than before 9/11, but only 33 percent said that they would spend more on
security (Fischer and Green, 2004). Similarly, research conducted by Deloitte found that
57 percent of transportation executives (n¼103) said that physical security is critical to
lowering security threats, yet only 9 percent feel that the industry performance is
excellent (Steinman, 2004). These findings indicate that, although management finds
SCS to be critical, allocating resources to becoming more secure is not easy.
Although it is extremely difficult to estimate the amount spent on SCS, the best
estimates are that it costs US businesses over $150 billion a year. This includes $65
billion directly traced to higher logistics and supply chain costs (Bernasek, 2002). Many
times these costs are difficult to justify as:
.There is often no indication that an organization will be a target.
.It is difficult to quantify the return on investment.
.If SCS efforts are carried out, the failure to link them with performance may
allow many SCS programs to become stale (Quinn, 2003) or be abandoned.
The next section reviews the SCS literature.
SCS literature
This review starts with conceptual perspectives of security and then is followed by this
study’s categorization of organizational SCS approaches into four areas.
What is security?
The origins of security come from individual level theories in sociology and
psychology. Sociological literature defines security as a sense of insurance against
hazard (Fairchild, 1944). Among other things, human security is concerned with
IJLM
19,2
258
personal choice and efficacy, opportunity, and positive outlook on the future (Bajpai,
2003). According to Fischer and Green (2004, p. 21), security “implies a stable,
relatively predictable environment in which an individual or group may pursue its
ends without disruption or harm and without fear of disturbance or inquiry.” Other
common themes from definitions of security include lowering anxiety and fear, and
raising understanding. Further, security is described as the ability to understand and
act in situations without fear because uncertainty has been lowered (Mead, 1937;
Sullivan, 1941; Berne, 1947).
Security as a human psychology is of such importance that Maslow (1943) included
it as a basic human need in his hierarchy of needs model. The average adult has a need
for a safe, orderly, predictable, lawful, organized world, which he can count on and in
which unexpected, unmanageable, chaotic, or other dangerous things do not happen,
and there are protectors from harm (Maslow, 1970). Security is also a critical aspect of
governments or nations as evidenced by political science literature. More recently,
Newman and van Selm (2003) wrote that human security from a governmental
perspective is focused on protecting people from life-threatening dangers, whether
those dangers are from a natural source or made by man.
Although not formalized as it is today, there are also examples of security as an issue
in logistical and supply chain activities has existed for decades. Hess and Wrobleski
(1996) wrote that throughout history it has been necessary to secure goods during
distribution. One notable example is the difficulty that many railroads faced during the
expansion of the USA in the 1800s. The expansion saw the growth of railroads to connect
the east and west coasts. The expansion allowed much more efficient distribution of
goods and people throughout the country. But the railroads also gave thieves a prime
opportunity to stop trains, pillaging their goods and passengers. This resulted in a
strong need for railroad security to protect goods and passengers. Because the
government and law enforcement failed to protect the railroads, the railroads created a
private police force. This is one of the first examples of SCS.
The focus and activities associated with SCS changed with 9/11. During and right
after the attacks, the US Government prohibited air traffic and border crossing. Closing
the borders of the USA kept trucks from delivering parts for JIT operations in
automotive plants in Windsor, Canada (Sheffi, 2001). As this worst case scenario
played out, two key issues emerged. First, it became salient that while supply chains
were extremely efficient, they were also extremely susceptible to being directly or
indirectly affected by terrorism. Second, and probably most disturbing, was that
supply chains could dispense the tools of terrorism.
The events of 9/11 brought to light many issues for modern SCM. Modern supply
chains are at a greater risk than previously noted (Christopher and Peck, 2004). The
difficultly in protecting supply chains comes with their vulnerabilities: goods,
factories, supply chain providers and partners, supply chain facilities, freight carriers,
people and information (Sarathy, 2006). If organizations want to protect customers,
intellectual property, infrastructure, brands, and employees, then they must carry out
SCS programs (Eggers, 2004). As a result, SCS strategy is an essential part of corporate
strategy, similar to marketing or financial strategies (Sarathy, 2006).
Firms are dedicating more time and resources to supply security strategies to
handle security issues (Banomyong, 2005). Given their nature, there is a strong need to
monitor and vigorously maintain these strategies (Quinn, 2003). If they are not
Supply chain
security
259
monitored and maintained, the outcomes could be disastrous. Adopted from Hess and
Wrobleski (1996), Table I illustrates some of the negative outcomes of failing to
approach SCS from a strategic position.
A categorization of organizational approaches to SCS
The academic literature can be categorized to support four organizational approaches
to SCS. These approaches can be incorporated into SCS strategies to prevent and
recover from supply chain breaches. Organizations can approach SCS from:
(1) an intraorganizational perspective;
(2) an interorganizational perspective;
(3) a combination of intra- and interorganizational perspectives; or
(4) an ignore approach, where some firms chose to not adopt security efforts at all.
Each of these approaches to SCS is discussed below.
Intraorganizational approaches to SCS. One of the first conceptualizations of a
supply chain was based on the intraorganizational integrative behaviors between
internal organizational functions such as purchasing, marketing, and distribution
(Harland, 1996). Intraorganizational SCS actions are those activities that a firm
conducts and controls within the organization to secure the supply chain. Closs and
McGarrell (2004) refer to this as the “four-walls” approach to SCS. To create excellent
SCS measures, an organization needs internal dedication (Ritter et al., 2007). This early
approach to supply chains implies that all organizational functions should be fully
integrated to realize the efficient and effective flow of goods. Intraorganizational
activities are often presented as prevention and response measures.
Internal prevention measures suggest that steps can be taken to lower the likelihood
of becoming a victim (Dugan and Apel, 2005). For example, governments have
increasingly used prevention strategies if deterrence does not work or apply (Cha, 2000).
Prevention measures avert security breaches by wearing down the perpetrator (Gopal
and Sanders, 1997). Anecdotes and the popular press suggest that prevention measures
are the most common way to secure a supply chain. For example, in an interview with
Supply Chain Management Review, Barry Brandman of Danbee investigations states
that “it makes far more sense in terms of time, money, resources, and aggravation to
dedicate your efforts to preventing problems from happening” (Quinn, 2003, p. 41).
1 Increased costs of insurance and security protection
2 Costs of internal audit activities to detect crime
3
Costs of investigation and prosecution of suspects measured in terms
of lost time of security and management personnel
4 Increased selling prices and weakened competitive standing
5 Reduced profits
6 Loss of productivity
7 Loss of business reputation
8 Deterioration in quality of service
9 Threat to the survival of the business
Source: Adapted from Hess and Wrobleski (1996)
Table I.
The effects of not
incorporating security
from a strategic
orientation
IJLM
19,2
260
Internal prevention SCS activities by organizations include using positive match
requirements for production and inventory receipt quantities, requiring satellite
tracking of trucks and containers, controlling access to employee parking, employee
badges, performing unannounced inspections on carriers, personnel security, accepted
processes, secure packaging, locking external doors, using security gates and fences,
monitoring everyone who enters facilities, hiring guards, better and emergency
lighting of facilities, and prohibiting visitors and passenger vehicles (Closs and
McGarrell, 2004; Knight, 2003; Rice and Spayd, 2005; Hess and Wrobleski, 1996).
Part of SCS prevention literature has specifically focused on inventory levels as an
SCS tactic, probably because inventory serves as a potential target and as a critical
component to remediate a breach. Normative suggestions include segmentation tactics
for inventory, such as groups for international, domestic, dangerous, and high-value
inventories (Knight, 2003). Further, Martha and Subbakrishna (2002) suggest that JIT
operations are dangerous because they rely on organizations to run lean. In the event of
SCS disruptions, JIT organizations may be unable to serve customers, so customers may
defect. But, since more inventory cuts supply chain efficiency, research findings have
suggested alternative ways to address inventory such as alternative supply
arrangements, having alternative transportation available to distribute the inventory,
and managing the right inventory levels (which will be different for every organization)
(Martha and Subbakrishna, 2002). Sheffi (2002) supports a dual inventory system where
some inventory is designated as strategic emergency stock and is held and only used in
extreme situations. Also, decision models can help logistics managers decide on the
equipment and supplies needed during critical times. Finally, location science has been
used by logistics managers to identify the best site for holding inventory. In the interest
of supply chain recovery, Hale and Moberg (2005) suggest using the technology to
specify the best quantity of critical emergency supplies.
A specific type of prevention activity is detection, where SCS personnel are warned of
an impending intrusion or breach so that they can thwart the breach. Specifically,
detecting can be defined as the “process of distinguishing a true problem from the
sometimes considerable variations of normal day-to-day business,” (Sheffi, 2005b, p.
155). A detection-related SCS activity is using closed circuit television (Knight, 2003).
Detection is becoming more possible as firms deploy security teams (Peleg-Gillai et al.,
2006) who compare expectations to behavior (O’Leary, 1992). Researchers in SCS discuss
the detection process as having two facets: training to understand detection strategies
and the detection process itself (Helferich and Cook, 2002). Training helps members of
the supply chain understand what should be considered normal business operations.
Detection is important because when anything in the supply chain falls outside normal
operations, members of the supply chain understand that something is wrong.
Another intraorganizational philosophy for SCS suggests that organizations adopt
concepts from total quality management (TQM) and six sigma to help in SCS.
According to TQM, quality should be built into the manufacturing processes to reduce
inspections. Thus, it is suggested that organizations use preventive measures before
shipments leave the shipper’s dock to thwart tampering and avoid inspections from
the government (Lee and Whang, 2005). The first inspection process would then blend
into ongoing monitoring of the shipments. This would allow detection if something
happened during the movement of goods (Lee and Whang, 2005). For example,
organizations should define what is to be measured, track and monitor using a
Supply chain
security
261
measurement system, and analyze the out-of-control points. Also, RFID tags have been
identified as a means for detection. The technique was originally adopted to help track
inventory to avoid stockouts. But the technology has also improved security. For
example, consumers in Japan can gather information about a cow before purchasing
beef products in the retail outlet (Eggers, 2004). The process allows the consumer to
feel secure and to buy with confidence as a mysterious stop along the supply chain
would send up red flags, prompting an investigation into the supply. Adopting such
intraorganizational practices should have other benefits, such as greater organizational
efficiencies (Lee and Wolfe, 2003).
Even with prevention measures in place, SCS breaches can occur. As a result, other
intraorganizational SCS literature discusses the ability to respond. Research findings
have suggested that firms should have a detailed understanding of their own processes
and security threats, and how these two factors interact (Ritter et al., 2007). This view
of security includes intraorganizational understanding of transportation security,
shipping and storage, facility security, personnel security, and information security.
Besides, understanding current processes, organizations may need to create new
emergency processes to continue operations in the event of a SCS breach (Sheffi, 2001).
This may include activities like documentation, process flow, hierarchy, checklists,
maps, and agreements for critical supplies, materials, and backup communication
(Helferich and Cook, 2002). Also, there is a strong emphasis placed on internal
standardization in this stage as it allows quick recovery after a SCS situation (Sheffi,
2002). All of the discussion on how organizations should respond to security breaches
is related to the idea of resiliency (Rice and Caniato, 2003; Sheffi, 2001, 2005b).
Resiliency is defined as the “ability to react to unexpected disruption and restore
normal supply network operations” (Rice and Caniato, 2003, p. 27).
The most important part of intraorganizational SCS efforts is organizational
culture. Rice and Spayd (2005, p. 43) refer to this as “socializing security”. This is
creating and enhancing a sense of SCS among employees. The main factors involved
with socializing security throughout the organizational culture are the structure of the
firm, leadership, skill sets of the employees, employee education of security issues, and
training. However, Rice and Spayd (2005) posit that potential harm from security
efforts can come from building a false sense of security. As a result, if SCS efforts are
implemented, the failure to link them with performance can allow many security
programs to become stale (Quinn, 2003) or abandoned. As a result, developing and
maintaining an organizational culture that understands the importance and processes
of security is critical for SCS. Other researchers also suggest that the
intraorganizational effort of a SCS culture have benefit to security practices
(Christopher and Peck, 2004; Sheffi, 2005b).
Supply chain management needs security because of the complexity, dependence,
and extensive trust and commitment between supply chain partners (Sarathy, 2006);
and although individual firms have created SCS measures in the firm (i.e.
intraorganizational), these measures fail to address the rest of the supply chain
(Sheffi, 2005a). As a result, organizations have turned to external entities to create SCS.
These practices are known as interorganizational SCS activities.
Interorganizational approaches to SCS. Conceptually, supply chains have shifted from
exclusively intraorganizational coordination to coordination with other organizations
involved in the flow of product, information, and finances from raw material to end
IJLM
19,2
262
consumer – to an external focus. This is known as the interorganizational view of a supply
chain. The interorganizational viewis the process by which all other firms involved in the
supply chain work together to deliver value to the end customer.
At their core, interorganizational supply chain activities are relationships between
organizations. A supply chain that is based on strong relationships will be the supply
chain that is more likely to be effective, efficient, and relevant (Bowersox et al., 1999).
Relationships enable management of the supply chain and create success (Handfield
and Nichols, 1999; Handfield and Nichols, 2002).
Lambert et al. (1996) suggest that six different types of interorganizational
relationships exist and that partnerships are different than relationships as they are
tailored and result in business performance. Because of the complexity of supply
chains, it is suggested that not all relationships or partnerships that organizations have
with other entities require the same level of SCS. For example, Rinehart et al. (2004)
discuss that seven types of relationships exist between suppliers and customers,
including:
(1) non-strategic transaction;
(2) administered relationship;
(3) contractual relationship;
(4) specialty contract relationship;
(5) partnership;
(6) joint venture; and
(7) alliance.
Further, Closs and McGarrell (2004) found that three types of approaches to SCS
relationships can be taken:
(1) basic;
(2) typical; and
(3) advanced.
The SCS interorganizational approach is focused on organizational relationships with:
.other supply chain members;
.public entities (governments and non-government agencies such as Red Cross);
and even
.competitors.
It has been suggested that the only way to succeed is collaborating SCS with others
(Knight, 2003), particularly with upstream and downstream supply chain partners
(Sheffi, 2005b) and the government (Closs and McGarrell, 2004). Further, it
has been suggested that the improved relationships between public and private
entities will be the future of SCS (Sheffi, 2001). In their research, Rice and Spayd (2005)
had one organization suggest that their entire security plan was to become
Customs-Trade Partnership Against Terrorism (C-TPAT) certified, which is a primary
US Government public-private security initiative. This is just one example of an
organization partnering with entities external to the organization to create SCS.
Supply chain
security
263
Like SCM, when an organization acts externally to create SCS, it acts with other
organizations. Specifically, the security relationships could involve anyone who
touches the product, including suppliers, carriers, port operators, customers, and the
government. It is suggested that all members of the supply chain should be thinking in
unison about security efforts (Ritter et al., 2007). The three groups of entities which a
firm may have a SCS relationship with are discussed below.
SCS relationships with other supply chain members. SCS may result from efforts
co-created between organizations and the upstream and downstream members of
the supply chain (Rice and Spayd, 2005). Further, it requires organizations to
develop deep relationships with suppliers and customers (Rice and Caniato, 2003).
This requires more collaboration with suppliers and customers to create a secure
supply chain that can prevent breaches and result in quick response when a
breach does happen. Collaboration between supply chain members has been
discussed as critical to SCS (Sheffi, 2005b). This may be easier said than done, as
many firms are unaware of what their suppliers are doing in security and
continuity (Ritter et al., 2007). In their case study, Norrman and Jansson (2004)
highlight the some of the changing relationships and expectations between supply
chain partners.
Organizations are likely to be part of several supply chains, which may call for
several SCS efforts. This suggests that not all relationships are equal, so not all
security efforts should be equal. As a result, different SCS activities may be required
with different supply chain partners. Therefore, SCS can be implemented as part of
supply chain strategy once an organization understands its relationships with
suppliers (Rinehart et al., 2004). As a result, the first step to creating a secure supply
chain is to understand the varying types of relationships with suppliers. Once a firm
identifies what type of relationship it has with each supplier, it can then begin to focus
on security with that supplier. The security segmentation philosophy is similar to
Giunipero and Eltantawy (2004) who suggest that suppliers whose products need
higher levels of security require more dedication and attention.
SCS relationships with public entities. Another key theme in SCS literature is the
interaction between private and public agencies. Normative research suggests that
organizations should be creating relationships with government agencies in order
to become more secure (Rice and Caniato, 2003). Sheffi (2001) suggests that
terrorism forces all businesses and citizens will have to work closely with the
government in order to battle terrorism. For example, research has evaluated how
importing goods to the USA from Canada has changed due to updated security
measures imposed by the US Government (Prokop, 2004). In this research,
governmental partnerships and working with customs and trade agencies are
stressed as critical components of SCS. Since 9/11, there have been multiple
government and non-government initiatives designed to specifically address SCS.
Some of the most popular programs are:
.Customs-Trade Partnership Against Terrorism (C-TPAT).
.Fast and Secure Trade (FAST).
.Container Security Initiative (CSI).
.Safe and Secure Tradelanes (SST).
.Advanced Manifest Rule (AMR).
IJLM
19,2
264
.Emergency Planning and Community Right to Know Act (EPCRA).
.ISO/PAS 28000: 2005.
As a result, relationships with government agencies are likely a critical piece of SCS.
Organizations should realize that relationships with government organizations are
important and value them as they value other supply chain members.
Academic research has investigated the relationships between some government
programs and private security efforts. For example, Sheu et al. (2006) studied several
cases to examine how C-TPAT certification affects international supply chain
collaboration. Their findings suggested that most organizations (four out of five)
benefited from C-TPAT certification through border inspections, lower costs, and
higher customer satisfaction. All case subjects also reported improved relationships
with supply partners and better security among international partners. One inference
from these findings is that cooperating on security benefits both the public and private
sectors. This notion is supported by Thibault et al. (2006). In their mixed method
research, they interviewed and surveyed top managers from shipping importers and
port authorities. They found that SCS initiatives have benefited most from the
cooperative relationships between the government and industry.
SCS relationships with competitors. The influence and importance of SCS is
evidenced through relationships beyond direct supply chain partners or governments.
Research findings suggest that competitors can sometimes serve as SCS collaborators.
The coordinated efforts of sharing knowledge and creating best practices among
competitors can also be referred to as horizontal integration (Sheffi, 2002) and is
supported by SCS researchers (Sheffi, 2005b). An illustration of this comes from India
where competing manufacturers of circuit boards cooperate to ensure SCS while
ensuring their own continued operations. The organizations investigated import goods
to India, where government security efforts can prohibit the supply from being
released into the country a month or longer. As a result, competing firms work together
and create coping mechanisms to clear customs for imports. Specifically, this involves
sharing inventories with one another. By working with competitors to create SCS, they
have pooled risk and lowered uncertainty (Sawhney and Sumukadas, 2005). Other
research findings have suggested competitors can collectively benefit from cooperation
with one another, if it is managed correctly (Lou et al., 2007).
Combination of intra- and interorganizational approaches to SCS. Although intra-
and interorganizational activities have been presented above as separate philosophies,
at times combinations of internal and external activities are needed to create SCS. For
example, Sheffi (2001) states that SCS can be created from not sharing too much
proprietary information with other organizations (intraorganizational), lowering the
supplier base (intraorganizational), managing inventory in a central location
(intraorganizational), and cooperating with the government and competitors
(interorganizational).
To address the possibility of becoming a medium for administering terrorism,
Russell and Saldanha (2003) suggest five tenets of SCS:
(1) partner with government organizations;
(2) create stronger relationships with suppliers and customers;
(3) create contingency plans and mode-shifting capabilities;
Supply chain
security
265
(4) create communication channels to manage crisis situations; and
(5) adopt a military philosophy of agility, reservists, and pre-positioning.
Within these five tenets, it is evident that intra- and interorganizational themes are
present. The first two tenets suggest organizations need to work with external
organizations (interorganizational) to create SCS, while the last three promote internal
activities for SCS (intraorganizational). Although there are two possible components,
Russell and Saldanha (2003) present these activities as an entire SCS strategy, again
suggesting that SCS is the result of a combination of intra- and interorganizational
activities. Other SCS strategies that focus on a combination of intra- and
interorganizational activities are SCS orientation and total security management
(TSM). These are discussed below.
Research indicates that firms vary in SCS awareness (Autry and Bobbitt, 2008).
This variation in security mindedness is called supply chain security orientation
(SCSO), which is defined as:
A firm’s organization wide propensity to partner, plan, adapt, collaborate, and communicate,
both internally and with external trading partners and governmental entities, toward the dual
goals of strategically preventing and responding to potential security breaches and the
minimization of risk that threaten the performance and/or continuity of supply chain
operations (Autry and Bobbitt, 2008).
So an SCSO can be viewed as an organization’s propensity or intensity to expend
resources to ensure safe supply chain operations. Further, in the decision to expend
resources to create SCS, organizations should assess internal and external activities.
The internal/external focus of SCSO mirrors the intra/interorganizational approaches.
Similar to SCSO, Ritter et al. (2007) suggest adopting the TSM approach to SCS.
The authors define this approach as:
[...] the business practice of developing and implementing comprehensive risk management
and security best practices for a firm’s entire value chain. This includes an evaluation of
suppliers, distribution channels, and internal policies and procedures in terms of
preparedness for disruptive events such as terrorism, political upheaval, natural disasters,
and significant accidents (p. 17).
In the TSM approach, firms are encouraged to engage in internal activities, such as
policies and procedures, and external activities, such as supplier development. For
example, TSM implies using a continuous improvement philosophy for SCS. TSM is
founded on the notion of continuous improvement, TQM, and six sigma philosophies.
To adopt and use these philosophies for SCS, firms must carry them out internally.
Also, Ritter et al. (2007) suggest that to reach total security, all parties in the supply
chain must be involved. This would include upstream suppliers, downstream
customers, logistical providers, and the governmental agencies which are responsible
for overseeing the process. This assertion is focused on the external efforts of the
organization.
SCM researchers have also presented normative measures for handling SCS. For
example, Helferich and Cook (2002) present an SCS framework that is based on Federal
Emergency Management Agency (FEMA) standards. Following this typology, these
researchers suggest that preparedness for disruptions is done in stages through:
planning, mitigation, detection, response, and recovery. This suggests a layered
IJLM
19,2
266
approach to SCS, where as one layer of security is breached, another layer of security
exists to protect the chain. This is supported by other researchers (Sheffi, 2005b;
Sarathy, 2006). Without explicitly stating it, the layered approach to SCS demands the
integration of intra- and interorganizational approaches.
Social behavior and socialization theory may contribute to intra- and
interorganizational approaches to SCS, especially establishing governance
structures, setting and communicating norms, and setting and imposing sanctions.
Supply chains are by nature networks of organizations, so the degree of embeddedness
tends to be high.
Polanyi (1957) argued that pre-capitalist economies were embedded in the social
structure, and so were regulated by it. Capitalist economies lost that embeddedness,
and with it the implicit regulation of the social structure. In capitalist economies, this
leads to “double movement,” the relatively unfettered pursuit of profit followed by
the development of protective mechanisms that can interfere with that pursuit (Turner,
2007). SCS can be one of those mechanisms; that is, it can get in the way of making a
profit.
SCS, in this view, is a means to regulate the movement of conflict goods and the
people associated with them. Since weapons and munitions move routinely around the
world through legitimate supply chains and sponsored by firms in industrialized
nations, SCS attempts in part to deter, prevent, detect, or respond to the introduction of
these same goods for illicit purposes (Turner, 2007).
Governments and firms can sanction nations or organizations that violate SCS
strictures. Government sanctions, and rewards, often involve permitting nations to buy
arms or denying that permission (Lopez, 2007). Effective sanctions are multilateral,
linked to inducements, part of a larger strategy or policy, clear, and credible. Since 9/11,
the US Government has applied targeted sanctions – assets freezes, travel bans, arms
embargoes – to nations and firms that fail to cooperate with the War on Terror (Lopez,
2007), including SCS measures.
Key firms in a supply chain have, in some ways, stronger and more direct means of
reward and sanction. Some supply chain members can withhold future business,
invoke punitive contract provisions, or play fiduciary roles on behalf of governments –
customs brokers, for example. In supply chains, embeddedness can be critical to the
adoption and compliance with norms and policies associated with deterring,
preventing, detecting and responding to breaches of security.
Uzzi (1997) looked at embeddedness as a characteristic of entrepreneurial supply
chains. He identified three levels of embeddedness: insufficient, integrated, and
overembedded. He found that embeddedness at the right level offered four benefits:
economies of time, integrative agreements, Pareto improvements in allocative
efficiency, and complex adaptation. Embedded relationships in the Japanese auto
industry and Italian knitwear industry include strong personal ties and are
characterized by trust and “thick” information exchange (Helper, 1990). Neither agency
theory nor team theory have been able to explain network embeddness. Larson (1992)
found that agency theory could not explain network organizations because they often
lack control and monitoring devices, the roles of principal and agent shift, and
incentives are jointly set. Team theory assumes that members have identical interests,
an unrealistic idea when there is no hierarchy members sometimes compete for
Supply chain
security
267
resources (Cyert and March, 1992). Game theory fails for similar reasons, since social
ties often restrict selfish-endgame behavior in embedded networks (Uzzi, 1997).
Uzzi (1997) notes the heuristic character of trust. The idea that trust in a supply
chain or supply chain partner saves search time, investigation time, and decision time.
In SCS, this can be especially important. A firm acting under the rubric of SCS will
search not only for the best product at the best price, but also for partners who will not
open them to serious supply chain breaches. Embeddedness facilitates joint-problem
solving on the fly, saving time and reaching good decisions. These decisions may give
up immediate economic gain, but allow them to pool resources and share information
at levels that insufficiently embedded networks cannot match. This includes
establishing joint norms and sanctions (Uzzi, 1997).
Ignore. Some firms have shown reluctance to adopt SCS initiatives (Eggers, 2004).
For example, many ports based in the USA have taken a meager approach and carried
out no SCS initiatives (Thibault et al., 2006). The reluctance to carry out security efforts
is probably for two primary reasons: cost and risk. Organizations expend enormous
resources trying to secure their supply chains. The best estimate for costs of security in
SCM is $65 billion (Bernasek, 2002). That estimate excludes excessive indirect costs.
As a result, some firms do not or cannot justify the costs of SCS efforts. Rather, they
choose to speculate that their supply chains will not be breached.
Leading global shippers and carriers have indicated that few to no security efforts
have been taken in their organizations (Rice and Spayd, 2005). These firms assume
that an attack to the supply chain will affect all firms equally. This view suggests that
breaches to supply chains are going to happen and everyone will be impacted and, as a
result, SCS is futile.
The impact of SCS on organizational performance
Supply chain strategies and their links to performance are important areas of research
(Lynch et al., 2000; Morash, 2006). Successful SCM has been shown to be positively
correlated with organizational performance (Tracey, 1998; Slater and Narver, 2000;
D’Avanzo et al., 2003), which is often viewed as return on investment, profits as a
percentage of sales, market share, and net income (Anderson and Katz, 1998; Tan et al.,
1998; Carr and Pearson, 2002). Further, Mentzer et al. (2001) propose that successfully
carrying out SCM not only improves the performance for each party, but also the
performance of the entire supply chain. Empirical testing has supported this link (Min
and Mentzer, 2004). As a result, organizations are dedicating vast resources to develop
and enhance supply chain efforts.
Given the resources and efforts dedicated to securing supply chains, research has
extended from the SCM-performance link to investigating if the same link exists for
SCS and organizational performance. Investments in security can be hard to justify by
top management as security efforts are expensive and when organizations get into
difficult budget situations, SCS is an easy way to cut spending (Quinn, 2003). For
example, 80 percent of transportation executives indicated that homeland security
measures would demand more spending on security initiatives by their firms
(Steinman, 2004). But if those security dollars are illustrated as positively impacting
performance, the likelihood of maintaining and dedicating resources toward SCS rises
greatly. Thibault et al. (2006) suggest that firms that provide higher security are likely
to raise their rates, thus jeopardizing their relationships with customers. So there is a
IJLM
19,2
268
great need to better understand the impact that SCS has and can have on various
organizational performance measures. Conceptual research findings suggest that
supply chain efforts toward security will lower total system cost, raise visibility,
improve shipment data and tracking, raise customer satisfaction, raise profitability
(Sarathy, 2006), protect the brand, and preserve market share (Eggers, 2004).
To date, little empirical research has been conducted on the relationship between
SCS activities and organizational performance. Consulting firm BearingPoint found a
relationship between security initiatives and financial benefits. They studied the
Asia-Pacific Economic Cooperation, where RFID technology and electronic seals were
used to track containers from Thailand to distribution centers in Seattle, WA. The
security efforts led to financial benefits, including improvements in visibility, avoiding
cost on imports, reductions in safety stock, improved customer service, greater profit,
and reduced theft, with overall estimates savings between $150 and 2,000 per
container. Similarly, Eggers (2004) reports that participating in SCS government
initiatives, such as C-TPAT, has resulted in a cost savings of $378-462 per container for
firms importing into the USA. The savings were result of lower transaction costs,
higher labor productivity, less theft, lower inventory, and lower overhead. Specifically,
Hasbro provides an example of significant cost savings from C-TPAT certification,
which is the result of fewer importation inspections that have been valued at nearly
$550,000 per year (Gonzalez, 2004).
In their comprehensive research supported by IBM and The Manufacturing
Institute, Peleg-Gillai et al. (2006) studied how innovative manufacturing companies
approach security efforts. Their research was conducted on the premise that most
companies view SCS from a negative perspective. That is, most companies view
security as an expense without benefit, which makes them reluctant to invest in SCS
efforts. As a result, their research focused on illustrating the point that SCS measures
can lead to positive performance for organizations, if SCS is approached in a proactive
manner. The researchers compiled five areas that could be potentially impacted by
security efforts that included:
(1) inventory management and customer service;
(2) visibility;
(3) efficiency;
(4) resilience; and
(5) customer relationships.
These researchers concluded that the innovative firms surveyed had positive benefits
from their SCS efforts. They found that security efforts lead to improvements in
profitability, relationships, and internal operations. Specific findings for manufacturers
are listed in Table II.
Security efforts may benefit firms in specific terms like profitability, but they may
also get more. Rice and Spayd (2005) investigated how greater efforts in security may
lead to collateral benefits. Security collateral benefits include becoming less prone to
disruption and better able to bounce back when disruptions occur. In other words,
resources dedicated to securing the supply chain may benefit firms in ways that go
well beyond better security. Further, these collateral benefits may create competitive
advantages. The researchers found 11 security initiatives in which organizations could
Supply chain
security
269
Improvement area Specific reductions
Improved product safety 38 percent reduction in theft 37 percent reduction in tampering
Improved inventory management 14 percent reduction in excess inventory 12 percent increase in on-time delivery
Improved supply chain visibility 50 percent increase in access to supply chain data 30 percent increase in timeliness of shipping data
Improved product handling 43 percent increase in automated handling of goods
Process improvements 30 percent reduction in process deviations
More efficient customs clearance process 49 percent reduction in cargo delays 48 percent reduction in cargo inspections
Speed improvements 29 percent reduction in transit time 28 percent reduction in delivery time
Resilience Close to 30 percent reduction in problem
identification time
Close to 30 percent reduction in response time and
problem resolution time
Higher customer satisfaction 26 percent reduction in customer attrition rate 20 percent increase in the number of new customers
Source: Adapted from Peleg-Gillai et al. (2006)
Table II.
Significant benefits from
security efforts for
manufacturers
IJLM
19,2
270
participate in those collateral benefits. A summary of those investments and benefits
are illustrated in Table III.
Table IV summarizes and categorizes the literature on SCS.
A SCS research agenda
In assessing SCS literature, Rice and Spayd (2005) suggest that SCS research can be
summarized as:
.mainly normative, offering little empirical evidence;
.offering many examples of reaction to past instances and events; and
.no investigations into current corporate responses.
An examination of Table IV reveals four primary themes. First, little research is
focused on intraorganizational activities. While the predominant perspective on SCS
SCS investment option Collateral benefit
Asset visibility and tracking Reduce theft
Reduce delays in shipping
Protection of brand name
Personnel security Higher employee commitment
Increased sales, customer loyalty, and market share
Physical security Reduced equipment damage
Fewer safety incidents
Customer loyalty
Standards development Improved efficiency
Reduce non-security losses
Overall higher performance
Supplier selection and investment Lower inspection costs
Faster throughput
Improved relationships and collaboration
Transportation and conveyance security Reduce crime and vandalism
Reduced transportation cycle time
Fewer supply chain disruptions
Org infrastructure awareness and capabilities Increased problem prevention
Increased early intervention
Improved ability to respond
Collaboration among supply chain parties Platform for broader alignment
Creation of secure supply chain network
Improved communication
Proactive technology investments Ability to customize application
Increase process efficiency
Provide real-time awareness
TQM investments Reduction in safety stock
Higher levels of performance
Greater visibility to discern bottlenecks
Voluntary security compliance Faster border throughput times
Develop mandatory standards
Higher levels of process performance
Source: Adapted from Rice and Spayd (2005)
Table III.
SCS investment options
and collateral benefits
Supply chain
security
271
Author(s) Nature of study Focus on Findings and/or conclusions
Intraorganizational
Hale and Moberg (2005) Conceptual The location of critical supplies in preparation
for supply chain disasters
Suggests that location science can lead to
optimized locations for secure locations for
critical supplies during disasters
Interorganizational
Giunipero and Eltantawy
(2004)
Conceptual Situational factors that impact the level of risk
management activities
Coordinated efforts are needed with the supply
base in order to mitigate risk and create SCS
Prokop (2004) Conceptual Governmental security measures for inbound
cargo to the USA
True cross-border security is not the
responsibility of the government; it is the
responsibility of the supply chain partners
Rinehart et al. (2004) Conceptual Developing secure supplier relationships Different supplier relationships require
different security efforts
Banomyong (2005) Conceptual Understanding the impact of new government
programs on maritime supply chains
There should be organizational benefits, such
as reduced transport costs, from investing in
maritime security efforts
Sawhney and Sumukadas
(2005)
Qualitative Interactions between competitor firms for risk
reduction and abiding by governmental
regulations
Buyer-buyer relationships may be required to
reduce supply chain risk
Zsidisin et al. (2005) Conceptual Lean supply chains can be at higher risk Supply continuity planning can lead to
reduced risk. Quick response to disasters is
needed
Combination
Sheffi (2001) Conceptual Challenges of dealing with disasters and
operating in a security focused environment
Security will take much effort, including:
working with the government, prevention
measures, creating redundancies, and
changing organizational processes for security
Martha and Subbakrishna
(2002)
Conceptual The need for supply chain redesign for
disasters
Risk needs to be mitigated throughout the
supply chain because disasters are
unpredictable
Helferich and Cook (2002) Conceptual Present framework for supply chain plans for
prevention and response to disasters
Organizations should plan for disasters using
proven planning guides, such as the FEMA
approach
(continued)
Table IV.
Summary and
categorization of the
literature on SCS
IJLM
19,2
272
Author(s) Nature of study Focus on Findings and/or conclusions
Sheffi (2002) Conceptual New challenges for supply chain management
after the terrorist attacks on 9/11
Many trade-offs and decisions have to be made
for SCS. Suggests the adoption of a chief
security officer and security minded culture
Knight (2003) Conceptual Guidelines for SCS gathered from many
government agencies
More collaboration on security is needed; firms
cannot approach security with the “four-walls”
approach
Lee and Wolfe (2003) Conceptual Using TQM philosophy for SCS TQM philosophy applied to SCS can lead to
efficiency, effectiveness, and mitigates risk
Quinn (2003) Qualitative Discussion of loss prevention and security
programs
SCS can lead to profitability
Rice and Caniato (2003) Qualitative Understanding how supply chains have
responded to the threat of global terrorism
SCS and resiliency have been created by
organizations through the use of many
different security-related activities
Rice and Spayd (2005) Conceptual Need to build secure supply chains that also
exhibit resiliency
SCS and resiliency can have benefits to the
organizations that implement these activities
Russell and Saldanha (2003) Conceptual Building a security best practice list for
organizational business plans
Firms need to work with all levels of
governments and supply chain partners, have
mode shifting capabilities, implement better
communication, create contingency plans, and
approach SCS as the military would
Closs and McGarrell (2004) Qualitative Creating synergy between supply chain
management and security efforts
Offers four primary recommendations for SCS:
(1) leadership, (2) public-private partnerships,
(3) more research on SCS, and (4) education
and training
Lee and Whang (2005) Conceptual Quality improvement programs that can be
used for SCS
Prevention, TQM, source inspection, process
control, and continuous improvement should
lead to risk mitigation and higher SCS
Sheffi (2005a) Conceptual Describing organizational resiliency in the
event of disasters
Resiliency has much to do with organizational
culture
Sheffi (2005b) Conceptual Explaining how firms can prevent and recover
from disasters
Resiliency will help firms respond to disasters
and should benefit supply chains in other
ways, such as increasing flexibility
(continued)
Table IV.
Supply chain
security
273
Author(s) Nature of study Focus on Findings and/or conclusions
Sarathy (2006) Conceptual Examining the threats to global supply chains Firms should design security into the overall
supply chain strategy, which will mitigate
disruptions
Sheu et al. (2006) Qualitative/Quantitative Examining affect of C-TPAT on supply chain
collaboration
Voluntary government programs, particularly
C-TPAT, should lead to better collaboration
with supply chain partners
Thibault et al. (2006) Qualitative Understanding maritime industry response to
new government security programs
New SCS requirements have created stronger
public-private collaborative efforts
Ritter et al. (2007) Conceptual Presenting the concept of TSM Firms should be managing transportation
security in a holistic manner, which should
result in value for the firm
Closs et al. (2008) Conceptual Developing a SCS framework for protection Firms should implement security institutive
into their culture, their strategy, and their
supply chains
Autry and Bobbitt (2008) Qualitative Developing the notion of organizational SCSO SCSO is an intra- and interorganizational
propensity to secure supply chains, which
likely results in performance outcomes
SCS and performance
Bearing Point (2003) Quantitative Understanding the outcomes of the
Asia-Pacific Economic Cooperation security
project named STAR-BEST
Firms importing to the USA should gain
financial benefits from SCS
Eggers (2004) Conceptual Suggesting firms are at the forefront of the war
on terrorism
SCS can have positive performance outcomes
for firms. Needs to be cooperation with the
public sector
Gonzalez (2004) Conceptual SCS activities and their impact on performance SCS should be viewed and implemented
holistically. If SCS is approached in this
manner, performance should be impacted
positively
Rice and Spayd (2005) Conceptual Additional “collateral” benefits to
organizations that invest in SCS
Many other benefits exist for organizations
who invest in the correct SCS programs and
activities
Peleg-Gillai et al. (2006) Quantitative The impact of SCS on organizational
performance
Firms who are innovative in SCS should
realize organizational benefits
Table IV.
IJLM
19,2
274
would be that organizations need to take an interorganizational approach,
intraorganizational activities also need to be understood. Some intraorganizational
efforts are also discussed in the SCS approaches categorized as combination. However,
many questions remain about intraorganizational efforts. For example, a primary
intraorganizational activity discussed above is a SCS culture. Many questions around
this intraorganizational activity remain: how does a company create this type of
culture? What are employee attitudes toward a SCS culture? How does a firm hire for a
SCS culture. Examples of other intraorganizational questions include: what are best
practices for internal efforts? What is the role of the internal security department?
Future research should address these types of questions.
The second theme that emerges from Table IV is that very little quantitative
research on SCS exists. Quantitative assessments are needed to better understand what
is causing firms to initiate SCS, dyadic SCS relationships and outcomes, and the role of
the government in SCS, to name a few. By conducting quantitative research,
practitioners could benefit from understanding how SCS can affect their firms, and
importantly, may be able to better justify the expenditures that accompany expensive
SCS efforts.
The third theme is that the linkage between SCS and organizational performance
remains relatively unknown. Much of the SCS literature suggests that SCS should lead
to improved organizational performance. Two quantitative studies listed in the table
suggest that this relationship does exist; however, those studies are not without
limitations. One is a white paper from a consulting firm (Bearing Point, 2003) and the
other only focuses on firms they deem to be SCS innovators (Peleg-Gillai et al., 2006).
As a result, many questions remain concerning the impact that SCS has on
organizational performance. Also, the link between SCS and performance is difficult to
assess. SCS was imposed on practitioners suddenly, so most have not explicitly tracked
the costs of these efforts, let alone their impact on performance measures. As a result,
this is a critical area for academic researchers to pursue. This research is likely to first
be inductive, then deductive. Also, researchers may have to study many supply chains
in depth to truly understand this link.
Finally, as the table indicates, SCS can include a myriad of activities, including
intra- and interorganizational. Yet, there is little insight into the types of strategies that
firms use. Strategy is at the heart of supply chain and logistics research (Christopher
et al., 2006; Tokman et al., 2007). Advances need to be made in better understanding
strategic typologies being deployed by all types of supply chain members (e.g.
manufacturers, 3PLs, and retailers). Similarly, SCS efforts need to be incorporated and
linked to overall organizational strategy (Sarathy, 2006; Ritter et al., 2007). More
research is needed in this area to better understand if those activities and strategies can
lead to organizational performances. Specifically, future research should be conducted
to answer these primary questions that remain: What are SCS strategies? How do SCS
align with overall organizational strategy?
While not explicitly illustrated in Table IV, other research gaps for SCS should be
pursued. One possible explanation for the normative nature of SCS research is that
security is secure by nature (i.e. it is something that is not easily researched because
not everyone will share details about it). So, one of the difficulties researchers are likely
to face is reluctance from organizations to participate in research on SCS. As a
result, academic researchers will be challenged with gaining knowledge in this area.
Supply chain
security
275
This requires academics to use innovative qualitative and quantitative research
methods to research this topic. This is not to discourage research in this area; SCS is an
emerging field and is in need of more empirical studies of all facets.
To date, research has viewed SCS in individual part of the supply chain. For
example, Deloitte researched transportation company executives about security
threats (Steinman, 2004). As a result, research findings have created a fragmented
understanding of SCS issues. Future research needs to evaluate SCS from a more global
perspective that includes many entities of the supply chain, including: transportation
carriers, 3PLs, wholesalers and distributors, retailing, and manufacturers. Case studies
with several supply chains would help provide insight to holistic view of SCS. Further,
more research should evaluate the role of consulting firms, or other firms who do not
physically handle goods, in helping to create SCS. For instance, SCS also should
encompass information flow. The information accompanying supply chain activities
and members may be as critical to SCS as physical security.
Because of the complexity and scope of SCS, the literature has yet to develop SCS
best practices and strategies (Closs and McGarrell, 2004; Hale and Moberg, 2005).
Future research should address this need. Public and private entities will benefit from
understanding how firms succeed in developing SCS. Further, research should also
take the public sector point of view for SCS.
In conclusion, this SCS literature review supports the work of Rice and Spayd
(2005), who suggest that the literature surrounding SCS is mostly normative. As
security measures continue to affect organizations, researchers should help them to
better understand how SCS is impacting business. Security issues are likely to continue
to influence supply chains, relationships, and the efficient movement of goods. But
even with the security measures that are taken, attacks on supply chains will occur and
supply chains will suffer (Sheffi, 2002). As a result, planning for disruptions to
the supply chain is a necessity (Hale and Moberg, 2005). Firms should integrate
preventive security measures (Zsidisin et al., 2005) and be ready to respond to the
disruption when it occurs (Sheffi, 2002; Hale and Moberg, 2005; Zsidisin et al., 2005).
References
Anderson, M.G. and Katz, P.B. (1998), “Strategic sourcing”, International Journal of Logistics
Management, Vol. 9 No. 1, pp. 1-13.
Autry, C.W. and Bobbitt, L.M. (2008), “Supply chain security orientation: conceptual
development and a proposed framework”, The International Journal of Logistics
Management, Vol. 19 No. 1, pp. 42-64.
Bajpai, K. (2003), “The idea of human security”, International Studies, Vol. 40 No. 3, pp. 195-228.
Banomyong, R. (2005), “The impact of port and trade security initiatives on maritime supply
chain management”, Maritime Policy and Management, Vol. 32 No. 1, pp. 3-13.
Barry, J. (2004), “Supply chain risk in an uncertain global supply chain environment”,
International Journal of Physical Distribution & Logistics Management, Vol. 34 No. 9,
pp. 695-7.
Bearing Point (2003), “Asia-Pacific economic cooperation STAR-BEST project cost-benefit
analysis”, White Paper, available at: www.bearingpoint.com
Bernasek, A. (2002), “The friction economy”, Fortune, Vol. 145 No. 4, pp. 104-12.
Berne, E. (1947), The Mind in Action, Simon and Schuster, New York, NY.
IJLM
19,2
276
Bowersox, D.J., Closs, D.J. and Stank, T.P. (1999), 21st Century Logistics: Making Supply Chain
Integration a Reality, Council of Logistics Management, Oak Brook, IL.
Bradford, M. (2003), “Keeping risks from breaking organizations’ supply chains: complex
exposure to suppliers: keeping chain intact suppliers: fewer vendors is better”, Business
Insurance, Vol. 37 No. 31, p. 9.
Burke, R.J. (2005), “International terrorism and threats to security: implications for organizations
and management”, Disaster Prevention and Management, Vol. 14 No. 5, pp. 639-43.
Carr, A.S. and Pearson, J.N. (2002), “The impact of purchasing and supplier involvement on
strategic purchasing and its impact on firm’s performance”, International Journal of
Operations & Production Management, Vol. 22 No. 9, pp. 1032-53.
Cha, V.D. (2000), “Globalization and the study of international security”, Journal of Peace
Research, Vol. 37 No. 3, pp. 391-403.
Christopher, M. and Peck, H. (2004), “Building the resilient supply chain”, International Journal of
Logistics Management, Vol. 15 No. 2, pp. 1-14.
Christopher, M., Peck, H. and Towill, D. (2006), “A taxonomy for selecting global supply chain
strategies”, International Journal of Logistics Management, Vol. 17 No. 2, pp. 277-87.
Closs, D.J. and McGarrell, E.F. (2004), “Enhancing security throughout the supply chain”, Special
Report Series, IBM Center for The Business of Government, available at: www.
businessofgovernment.org
Closs, D.J., Speier, C., Whipple, J. and Voss, M.D. (2008), “A framework for protecting your
supply chain”, Supply Chain Management Review, Vol. 12 No. 2, pp. 38-45.
Cyert, R. and March, J. (1992), A Behavioral Theory of the Firm, Blackwell, New York, NY.
D’Avanzo, R., von Lewinski, H. and van Wassenhove, L.N. (2003), “The link between supply
chain and financial performance”, Supply Chain Management Review, Vol. 7 No. 6, pp. 40-7.
Dugan, L. and Apel, R. (2005), “The differential risk of retaliation by relational distance: a more
general model of violent victimization”, Criminology, Vol. 43 No. 3, pp. 697-730.
Eggers, W.D. (2004), “Prospering in the secure economy”, A Deloitte Research Study, Deloitte
Touche Tohmatsu, New York, NY, available at: www.deloitte.com
Fairchild, H.P. (1944), Dictionary of Sociology, Philosophy Library, New York, NY.
Fischer, R.J. and Green, G. (2004), Introduction to Security, 7th ed., Butterworth-Heinemann,
Boston, MA.
Giunipero, L.C. and Eltantawy, R.A. (2004), “Securing the upstream supply chain: a risk
management approach”, International Journal of Physical Distribution & Logistics
Management, Vol. 34 No. 9, pp. 698-713.
Gonzalez, A. (2004), “Linking supply chain security with Sarbanes-Oxley and the bottom line”,
ARC Advisory Group White Paper, available at: www.ctl.ca
Gopal, R.D. and Sanders, G.L. (1997), “Preventive and deterrent controls for software piracy”,
Journal of Management Information Systems, Vol. 13 No. 4, pp. 29-47.
Hale, T. and Moberg, C.R. (2005), “Improving supply chain disaster preparedness: a decision
process for secure site selection”, International Journal of Physical Distribution & Logistics
Management, Vol. 35 No. 3, pp. 195-207.
Handfield, R.B. and Nichols, E.L. (1999), Introduction to Supply Chain Management,
Prentice-Hall, Englewood Cliffs, NJ.
Handfield, R.B. and Nichols, E.L. (2002), Supply Chain Redesign: Transforming Supply Chains
Into Integrated Value Systems, Prentice-Hall, Englewood Cliffs, NJ.
Supply chain
security
277
Hardy, V. and Roberts, P. (2003), “International emergency planning for facilities management”,
Journal of Facilities Management, Vol. 2 No. 1, pp. 7-24.
Harland, C.M. (1996), “Supply chain management: relationships, chains, and networks”, British
Journal of Management, Vol. 7, pp. 63-80 (special Issue).
Helferich, O.K. and Cook, R.L. (2002), Securing the Supply Chain, Council of Logistics
Management, Oak Brook, IL.
Helper, S. (1990), “Comparative supplier relations in the US, Japanese industries: an exit/voice
approach”, Business and Economic History, Vol. 19, pp. 153-62.
Hendricks, K.B. and Singhal, V.R. (2003), “The effect of supply chain glitches on shareholder
wealth”, Journal of Operations Management, Vol. 21 No. 5, pp. 501-22.
Hendricks, K.B. and Singhal, V.R. (2005), “Association between supply chain glitches and
operation performance”, Management Science, Vol. 51 No. 5, pp. 695-711.
Hess, K.M. and Wrobleski, H.M. (1996), Introduction to Private Security, 4th ed., West Publishing
Company, Saint Paul, MN.
Ju
¨ttner, U. (2005), “Supply chain risk management: understanding the business requirements
from a practitioner perspective”, International Journal of Logistics Management, Vol. 16
No. 1, pp. 120-41.
Ju
¨ttner, U., Peck, H. and Christopher, M. (2003), “Supply chain risk management: outlining an
agenda for future research”, International Journal of Logistics: Research and Applications,
Vol. 6 No. 4, pp. 197-210.
Knight, P. (2003), “Supply chain security guidelines”, White Paper, IBM, available at: www.ibm.com
Lambert, D.M., Emmelhainz, M.A. and Gardner, J.T. (1996), “Developing and implementing
supply chain partnerships”, International Journal of Logistics Management, Vol. 7 No. 2,
pp. 1-18.
Larson, A. (1992), “Network dyads in entrepreneurial settings: a study of governance of exchange
processes”, Administrative Science Quarterly, Vol. 37, pp. 76-104.
Lee, H.L. and Whang, S. (2005), “Higher supply chain security with lower cost: lessons from total
quality management”, International Journal of Production Economics, Vol. 96 No. 3,
pp. 289-300.
Lee, H.L. and Wolfe, M.L. (2003), “Supply chain security without tears”, Supply Chain
Management Review, Vol. 7 No. 1, pp. 12-20.
Lopez, G.A. (2007), “Effective sanctions”, Harvard International Review, Vol. 29 No. 3, pp. 50-4.
Lou, W., Rindfleisch, A. and Tse, D. (2007), “Working with rivals; the impact of competitor
alliances on financial performance”, Journal of Marketing Research, Vol. 44 No. 1, pp. 73-83.
Lynch, D.E., Keller, S.B. and Ozment, J. (2000), “The effects of logistics capabilities and strategy
on firm performance”, Journal of Business Logistics, Vol. 21 No. 2, pp. 47-67.
Martha, J. and Subbakrishna, S. (2002), “Targeting a just-in-case supply chain for the inevitable
next disaster”, Supply Chain Management Review, Vol. 6 No. 5, pp. 18-23.
Maslow, A.H. (1943), “A theory of human motivation”, Psychological Review, Vol. 50, pp. 370-96.
Maslow, A.H. (1970), Motivation and Personality, 2nd ed., Harper & Row, New York, NY.
Mead, M. (1937), Cooperation and Competition Among Primitive Peoples, McGraw-Hill,
New York, NY.
Mentzer, J.T., DeWitt, W., Keebler, J.S., Min, S., Nix, N.W., Smith, C.D. and Zacharia, Z.G. (2001),
“Defining supply chain management”, Journal of Business Logistics, Vol. 22 No. 2, pp. 1-25.
IJLM
19,2
278
Min, S. and Mentzer, J.T. (2004), “Developing and measuring supply chain management
concepts”, Journal of Business Logistics, Vol. 25 No. 1, pp. 63-99.
Morash, E.E. (2006), “Supply chain strategies, capabilities, and performance”, Transportation
Journal, Vol. 41 No. 1, pp. 37-54.
Newman, E. and van Selm, J. (2003), Refugees and Forced Displacement: International Security,
Human Vulnerability, and the State, United Nations University Press, Geneva.
Norrman, A. and Jansson, U. (2004), “Ericsson’s proactive supply chain risk management
approach after a serious sub-supplier accident”, International Journal of Physical
Distribution & Logistics Management, Vol. 34 No. 5, pp. 434-56.
O’Leary, D.E. (1992), “Intrusion-detection systems”, Journal of Information Systems, Vol. 6 No. 1,
pp. 63-74.
Peleg-Gillai, B., Bhat, G. and Sept, L. (2006), “Innovators in supply chain security: better security
drives business value”, The Manufacturing Innovation Series, available at: www.ibm.com
Polanyi, K. (1957), The Great Transformation: The Political and Economic Origins of Our Time,
Beason Press, Boston, MA.
Prokop, D. (2004), “Smart and safe borders: the logistics of inbound cargo security”,
The International Journal of Logistics Management, Vol. 15 No. 2, pp. 65-75.
Quinn, F.J. (2003), “Security matters”, Supply Chain Management Review, Vol. 7 No. 4, pp. 38-45.
Rice, J.B. Jr and Caniato, F. (2003), “Building a secure and resilient supply network”, Supply Chain
Management Review, Vol. 7 No. 5, pp. 22-30.
Rice, J.B. Jr and Spayd, P.W. (2005), “Investing in supply chain security: collateral benefits”,
Special Report Series, IBM Center for The Business of Government, available at:
www.ibm.com.
Rinehart, L.M., Myers, M.B. and Eckert, J.A. (2004), “Supplier relationships: the impact on
security”, Supply Chain Management Review, Vol. 8 No. 6, pp. 52-9.
Ritter, L.J., Barrett, M. and Wilson, R. (2007), Securing Global Transportation Networks: A Total
Security Management Approach, McGraw-Hill, New York, NY.
Russell, D.M. and Saldanha, J.P. (2003), “Five tenets of security-aware logistics and supply chain
operation”, Transportation Journal, Vol. 42 No. 4, pp. 44-54.
Sarathy, R. (2006), “Security and the global supply chain”, Transportation Journal, Vol. 45 No. 4,
pp. 21-8.
Sawhney, R. and Sumukadas, N. (2005), “Coping with customs clearance uncertainties in global
sourcing”, International Journal of Physical Distribution & Logistics Management, Vol. 35
No. 4, pp. 278-95.
Sheffi, Y. (2001), “Supply chain management under the threat of international terrorism”,
International Journal of Logistics Management, Vol. 12 No. 2, pp. 1-11.
Sheffi, Y. (2002), “Supply chains and terrorism”, in Kausel, E. (Ed.), The Towers Lost and Beyond,
A Collection of Essays on the WTC, Massachusetts Institute of Technology, available at:
http://web.mit.edu/civenv/wtc/
Sheffi, Y. (2005a), “Preparing for the big one”, IEE Manufacturing Engineer, Vol. 84 No. 5,
pp. 12-15.
Sheffi, Y. (2005b), The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage,
The MIT Press, Cambridge, MA.
Sheu, C., Lee, L. and Niehoff, B. (2006), “A voluntary logistics security program and international
supply chain partnership”, Supply Chain Management: An International Journal, Vol. 11
No. 4, pp. 363-74.
Supply chain
security
279
Slater, S.F. and Narver, J.C. (2000), “Intelligence generation and superior value”, Journal of the
Academy of Marketing Science, Vol. 28 No. 1, pp. 120-7.
Spekman, R.E. and Davis, E.W. (2004), “Risky business: expanding the discussion on risk and the
extended enterprise”, International Journal of Physical Distribution & Logistics
Management, Vol. 34 No. 5, pp. 414-33.
Steinman, C. (2004), “The unfinished agenda – transportation security survey”, Deloitte Services
LP, Aviation and Transport Services Industry, available at: www.deloitte.com
Sullivan, H.S. (1941), “Psychiatric aspects of morale”, American Journal of Sociology, Vol. 47 No. 3,
pp. 227-301.
Svensson, G. (2000), “A conceptual framework for the analysis of vulnerability in supply chains”,
International Journal of Physical Distribution & Logistics Management, Vol. 30 No. 9,
pp. 731-50.
Svensson, G. (2002), “A conceptual of vulnerability in firms’ inbound and outbound logistics
flows”, International Journal of Physical Distribution & Logistics Management, Vol. 32
Nos 1/2, pp. 110-24.
Svensson, G. (2004), “Key areas, causes and contingency planning of corporate vulnerability in
supply chains: a qualitative approach”, International Journal of Physical Distribution &
Logistics Management, Vol. 34 No. 9, pp. 728-48.
Tan, K.C., Kannan, V.R. and Handfield, R.B. (1998), “Supply chain management: supplier
performance and firm performance”, International Journal of Purchasing & Materials
Management, Vol. 34 No. 3, pp. 2-9.
Thibault, M., Brooks, M.R. and Button, K.J. (2006), “The response of the US maritime industry to
the new container security initiatives”, Transportation Journal, Vol. 45 No. 1, pp. 5-15.
Tokman, M., Richey, G.R. and Marina, L.D. (2007), “Exploration, exploitation, and satisfaction in
supply chain portfolio strategy”, Journal of Business Logistics, Vol. 28 No. 1, pp. 57-81.
Tracey, M. (1998), “The importance of logistics efficiency to customer satisfaction and firm
performance”, International Journal of Logistics Management, Vol. 9 No. 2, pp. 65-71.
Turner, M. (2007), “Society must be protected”, Journal of Corporate Citizenship, No. 26, pp. 85-99.
Uzzi, B. (1997), “Social structure and competition in interfirm networks: the paradox of
embeddedness”, Administrative Science Quarterly, Vol. 42 No. 1, pp. 35-67.
Wagner, S.M. and Bode, C. (2006), “An empirical investigation into supply chain vulnerability”,
Journal of Purchasing & Supply Management, Vol. 12 No. 6, pp. 301-12.
Wilson, R. (2005), “Security report card – not making the grade; 16th annual state of logistics
report”, White Paper, Council of Supply Chain Management Professionals, Lombard, IL,
available at: www.cscmp.org
Witt, C.E. (2006), “Supply chain security update”, Modern Handling Management, Vol. 61 No. 11,
pp. 40-1.
Zsidisin, G.A., Ragatz, G.L. and Melnyk, S.A. (2005), “The dark side of supply chain
management”, Supply Chain Management Review, Vol. 9 No. 2, pp. 46-52.
About the authors
Zachary Williams is an Assistant Professor of Logistics at Central Michigan University. His
current research and consulting interests include SCS, truck driver retention and satisfaction,
and shipper segmentation. He has published articles in the International Journal of Physical
Distribution & Logistics Management, and Marketing Management Journal, among others.
He also has a forthcoming piece in the Journal of Business Logistics, among others. His
dissertation research on SCS was recognized as the 2007 Dissertation Award Winner by the
IJLM
19,2
280
Supply Chain Management Research Center in the Sam Walton College of Business at the
University of Arkansas. Zachary Williams is the corresponding author and can be contacted at:
zac.williams@cmich.edu
Jason E. Lueg is an Associate Professor of Marketing at Mississippi State University.
He holds a PhD and MBA from The University of Alabama. His professional experience includes
positions in the banking industry in both operations/compliance and commercial lending. His
research interests are in the areas of retailing and strategy.
Stephen A. LeMay is an Associate Professor of Marketing at Dalton State College and
Professor Emeritus of marketing and logistics at Mississippi State University. He earned his
MBA in operations management and DBA in transportation at the University of Tennessee,
Knoxville. His undergraduate degree is in magazine journalism from Northwestern University.
He has been a research, speaker, and consultant in marketing and logistics for over 25 years.
His work has appeared in the Journal of Business Logistics,Transportation Journal,
Transportation and Logistics Review,Journal of Global Business Issues,Journal of Business &
Economic Research,Journal of Personal Selling and Sales Management, Journal of Marketing
Theory and Practice,Transportation Law Journal,The International Journal of Logistics
Management,Journal of Transportation Management,Transportation Research Record, and
many trade publications. He coauthored one textbook, Logistics, with David Bloomberg and
Joe Hanna. He was the lead researcher and author on the Council of Supply Chain Management
Professionals sponsored projects The Growth and Development of Logistics Personnel and the
CLM Toolbox: Logistics Education Materials.
Supply chain
security
281
To purchase reprints of this article please e-mail: reprints@emeraldinsight.com
Or visit our web site for further details: www.emeraldinsight.com/reprints
Reproducedwithpermissionofthecopyrightowner.Furtherreproductionprohibitedwithoutpermission.