1. Enterprise Risk Management in Supply Chains
All human endeavors involve uncertainty and risk. Mitroff and Alpaslan (2003) categorized emergencies and crises into three categories: natural disasters, malicious activities, and systemic failures of human systems. noted a number of supply chain disruptions in recent years due to natural causes. In 2007 an earthquake damaged Toyotas major supplier for key parts, leading to shutdown of Toyotas Japanese factories as well as impacting Mitsubishi, Suzuki, and Honda. In 2010 the Icelandic volcanic activity shut down European air space for about a week, massively disrupting global supply chains. In 2011 the tsunami leading to the Fukushima disaster disrupted automakers and electronic supply chains, as well as many others.
While natural disasters come as surprises, we can be prepared. Events such as earthquakes, floods, fires and hurricanes are manifestations of the majesty of nature. In some cases, such as Mount Saint Helens or Hurricane Katrina, we have premonitions to warn us, but we never completely know the extent of what is going to happen. Emergency management is a dynamic process conducted under stressful conditions, requiring flexible and rigorous planning, cooperation, and vigilance.
Some things we do to ourselves, to include revolutions, terrorist attacks and wars. Malicious acts are intentional on the part of fellow humans who are either excessively competitive or who suffer from character flaws. Wars fall within this category, although our perceptions of what is sanctioned or malicious are colored by our biases. Criminal activities such as product tampering or kidnapping and murder are clearly not condoned. Acts of terrorism are less easily classified, as what is terrorism to some of us is expression of political behavior to others. Similar gray categories exist in the business world. Marketing is highly competitive, and positive spinning of your product often tips over to malicious slander of competitor products. Malicious activity has even arisen within the area of information technology, in the form of identity theft or tampering with company records.
The third category is probably the most common source of crises: unexpected consequences arising from overly complex systems .
Unexpected Consequences
Charles Perrow contended that humans are creating technologies that are high risk because they are too complex, involving interactive complexity in tightly coupled systems. Examples include dam systems, which have provided a great deal of value to the American Northwest and Midwest, but which also create potential for disaster when dams might break; mines, which give access to precious metals and other needed materials but which have been known to collapse; and space activities, which demonstrate some of mankinds greatest achievements, as well as some of its most heartbreaking failures. Nuclear systems (power or weapon) and airline systems are designed to be highly reliable, with many processes imposed to provide checks and balances. Essentially, humans respond to high risk by creating redundant and more complex systems, which by their nature lead to a system prone to greater likelihood of systems failure.
Technological innovation is a manifestation of human progress, but efforts in this direction have yielded many issues. In the energy field, nuclear power was considered the solution to electrical supply 50 years ago. While it has proven to be a viable source of energy in France and other European countries, it has had problems in the US (Three Mile Island) and in the former Soviet Union (Chernobyl). There is a reticence on the part of citizens to nuclear power, and the issue of waste disposal defies solution. Even in Europe the trend is away from nuclear. The Federal Government in the US did not license new plants for decades, despite technological advances developed by national laboratories. Coal remains a major source of electrical energy fuel, although there are very strong questions concerning the need to replace it for carbon footprint reasons. Natural gas is one alternative. Wind power is another. Solar energy has been proposed. All of these alternatives can be seen to work physically, if not economically. The question of energy was further complicated with the recent large-scale adoption of fracking . This technique introduces risk and uncertainty not only to itself, but its inclusion changes decision-making regarding all sectors of energy.
All organizations need to prepare themselves to cope with crises from whatever source. In an ideal world, managers would identify everything bad that could happen to them, and develop a contingency plan for each of these sources of crisis. It is a good idea to be prepared. However, crises by definition are almost always the result of nature, malicious humans, or systems catching us unprepared (otherwise there may not have been a crisis). We need to consider what could go wrong, and think about what we might do to avoid problems. We cannot expect to cope with every contingency, however, and need to be able to respond to new challenges.
Enterprise risk management, especially in finance and accounting, is well-covered by many sources. This book will review the types of risks faced within supply chains as identified by recent sources. We will also look at project management, information systems, emergency management, and sustainability aspects of supply chain risk. We will then look at processes proposed to enable organizations to identify, react to, and cope with challenges that have been encountered. This will include looking at risk mitigation options. One option explored in depth will be the application of value-focused analysis to supply chain risk. We will then seek to demonstrate points with cases from the literature. We will conclude this chapter with an overview.
Supply Chain Risk Frameworks
There is a rapidly growing body of literature concerning risk management, to include special issues in Technovation, viewed five major components to a framework in managing supply chain risk.
Risk Context and Drivers
Supply chains can be viewed as consisting of primary and secondary levels. The primary level chain involves those that have major involvement in delivery of goods and services (Wal-Mart itself and its suppliers). At the secondary level participants have a more indirect involvement (those who supply vendors who have contracts with Wal-Mart, or Wal-Marts customers). The primary level participants are governed by contractual relationships, obviously tending to be more clearly stated. Risk drivers can arise from the external environment, from within an industry, from within a specific supply chain, from specific partner relationships, or from specific activities within the organization.
Risk drivers arising from the external environment will affect all organizations, and can include elements such as the potential collapse of the global financial system, or wars. Industry specific supply chains may have different degrees of exposure to risks. A regional grocery will be less impacted by recalls of Chinese products involving lead paint than will those supply chains carrying such items. Supply chain configuration can be the source of risks. Specific organizations can reduce industry risk by the way the make decisions with respect to vendor selection. Partner specific risks include consideration of financial solvency, product quality capabilities, and compatibility and capabilities of vendor information systems. The last level of risk drivers relate to internal organizational processes in risk assessment and response, and can be improved by better equipping and training of staff and improved managerial control through better information systems.