Chapter 4: Predicting and Managing Supply

Chain Risks

Samir Dani

Wolfson School of Mechanical and Manufacturing, Loughborough University,

Loughborough, Leicestershire, LE113TU, UK

4.1 Introduction

Since the start of the new century the world at large has experienced escalating
uncertainty as a result of climate changes, epidemics, terrorist threats and an
increasing amount of economic upheaval. These uncertainties create risks for the
proper functioning of supply chains. This chapter provides an insight into deve-
loping a proactive approach to predict risks and manage uncertainties that may
potentially disrupt the supply chain.
The aim of the chapter is to present a holistic perspective regarding supply
chain risk management and incorporate a methodology to manage supply chain
risks proactively. When discussing supply chain risk issues with industry personnel
it was noticed that post 9/11, the issue of supply disruption had gained importance
within the industry. But the focus on managing these disruptions and sources of
these disruptions has been primarily reactive. Supply chain personnel in some
instances have remarked that they have in the past researched and presented to
their top management proactive risk management solutions which had been
subsequently rejected and no investment provided. There is now, however, an
increasing interest regarding proactive tools and hence this chapter seeks to
present a framework for implementing proactive risk management. The chapter
also suggests some tools which may prove useful in predicting supply chain risks.
The chapter begins by defining and discussing the concepts of Uncertainty and
Risk as suggested in the literature. A discussion regarding supply chain risks and
supply chain risk management leads on to the issues of proactive risk manage-
ment. The chapter then suggests the use of predictive methods for data gathering
54 Samir Dani

and analysis to aid the proactive management of supply chain risks. Such an
approach requires that a thorough understanding of the external and internal
sources of supply chain risks is gained and that systems are put in place in order to
counter these risks. A methodology encapsulating the predictive and proactive
approaches is presented, which will also prove useful for initiating further research
and applications regarding proactive supply chain risk management.

4.2 Uncertainty and Risk

Does Uncertainty generate risk or does Risk beget Uncertainty? This is a

tantalising conundrum. Irrespective of the solution to such a conundrum, either
scenario is not one that any business would find appealing, although most
inevitably encounter in practice. In his influential work “Risk, Uncertainty, and
Profit”, Frank Knight (1965) established the distinction between risk and
uncertainty. According to Knight a phenomenon which is un-measurable is
“Uncertainty” whereas one that is measurable is “Risk”.
Risk is defined as uncertainty based on a well grounded (quantitative)
probability. Formally,
Risk = (the probability that some event will occur) u (the consequences if
it does occur)
Genuine uncertainty, on the other hand, cannot be assigned such a (well
grounded) probability. Furthermore, genuine uncertainty can often not be reduced
significantly by attempting to gain more information about the phenomena in
question and their causes (Lövkvist-Andersen et al. 2004).
Deloach (2000) has defined business risk as the level of exposure to uncer-
tainties that the enterprise must understand and effectively manage as it executes
its strategies to achieve its business objectives and create value. According to the
Royal Society (1992, p. 4) “risk is the chance, in quantitative terms, of a defined
hazard occurring”. Norrman and Jansson (2004) have expressed risk as,
Risk = Probability (of the event) × Business Impact (severity). They mention that
while risks can be calculated, uncertainties are genuinely unknown.
Holton (2004) has attempted to define risk from an operational point of view.
He suggests that risk has two components: exposure and uncertainty. Holton
(2004) also suggests that when operationally defining exposure, uncertainty and
risk it is only a personal perception that we have of the situation. Chiles and
McMackin (1996) observe that a manager’s perspectives of risk are associated
with the notion of economic loss. Spekman and Davis (2004) suggest that,
generally due to the downside effect of the outcome, “risk” tends to have negative
connotations. Hence, what exactly is risk, and, is it possible to quantify the risks
that can only be perceived? One of the ways to define some aspects of perceived
risks may be the development of appropriate risk metrics. The next section will
explore the more specific aspects of supply chain risks.
 Chapter 4: Predicting and Managing Supply Chain Risks 55

4.3 Risks in the Supply Chain

In today’s business world a supply chain may be stretched out across the globe in
order to provide the customer with the product at the lowest cost and highest
quality. The supply chains are thus exposed to a whole new set of factors, which
can create chaos and disruption. Local political turmoil, the ever increasing
complexity and uncertainty of weather conditions, terrorism, counterfeiting, and a
plethora of other such issues create external risks in the supply chain. But this
does not mean that the supply chain is devoid of any risks internally. Supplier
issues, strikes, quality problems, and logistics issues are more internal operational
risks, which need a different level of mitigation. Zsidisin (2003) suggested that
risk in a supply chain context can be defined as the potential occurrence of an
incidence associated with inbound supply in which the result is the inability of the
purchasing organization to meet customer demand.
Christopher and Peck (2003), taking inspiration from Mason-Jones and Towill
(1998), have categorised supply chain risk into five categories:
1. Internal to the firm: Process, Control
2. External to the firm but Internal to the Supply network: Demand, Supply
3. External to the network: Environmental
Peck (2005, 2006) suggests that the sources and drivers of supply chain risk
operate at several different levels. These are intricately linked as elements of a
system, and are described within four discrete levels of analysis:
1. Level 1 – value stream/product or process.
2. Level 2 – assets and infrastructure dependencies.
3. Level 3 – organisations and inter-organisational networks.
4. Level 4 – the environment.
Each level reflects quite different perspectives but together these levels cover
elements of a supply chain and the environment within which they are embedded
(Peck 2005). This has also been suggested by Faisal et al. (2006) that risk sources
are the environmental, organizational or supply chain related variables that cannot
be predicted with certainty and that affect the supply chain-outcome variables.
Spekman and Davis (2004) suggested dimensions for understanding supply
chain risks incorporating:
1. Physical movement of goods
2. Flow of information
3. Flow of money
4. Security of the firm’s internal information systems
5. Relationship between supply chain partners
6. Corporate social responsibility and the effect on a firm’s reputation.
These dimensions were also resonated by Cavinato (2004) when identifying
risks and uncertainties in supply chains, focussing on five sub-chains/networks for
every supply chain:
56 Samir Dani

1. Physical network
2. Financial network
3. Informational network
4. Relational network
5. Innovational network
In LaFonde (2007 www.manufacturing.net) one of the respondents has
mentioned that “It really is almost impossible to predict when most emergencies
will happen... Many companies think, ‘It can’t happen here’ or ‘We would never
have that problem in our plant,’ but then when something does occur, they are
caught off-guard and not prepared ”. The concept of “resilience” is related to risk
and vulnerability in a perspective that not all “risks” (hazards or threats) can be
avoided, controlled, or eliminated. Instead, resilience focuses on the ability of the
system to return to its original or desired state after being disturbed, e.g., its ability
to absorb or mitigate the impact of the disturbance (Peck 2006).

4.4 Supply Chain Risk Management

Efficient risk management can provide value to various stakeholders of a firm.

The compliance with appropriate procedures and corporate governance policies
can help to reduce or avoid crisis situations. Risk management entails identifying
operational risks and developing mitigation procedures for maintaining operational
performance. Along with considering supply chain risk management from an
operational viewpoint, it is also beneficial to consider supply chain risk management
from a strategic management perspective. Developing the appropriate corporate
governance policies to tackle issues of sustainability and ethical sourcing leads to
a better corporate reputation and also helps in risk management. Rice and Caniato
(2003) report that many firms have developed various risk assessment program-
mes that are intended to:
1. Identify different types of risks;
2. Estimate the likelihood of each type of major disruption occurring;
3. Assess potential loss due to a major disruption; and
4. Identify strategies to reduce risk.
In considering the risks primarily in the supply chain, Rice and Caniato (2003)
and Zsidisin et al. (2000, 2004) suggested that a supply chain risk assessment
programme motivates a firm to develop contingency plans, which thus can also be
used to meet certain legal requirements such as the Sarbanes-Oxley Act of 2002
and KonTraG.
Research in this area has primarily focussed on the supplier side. Spekman and
Davis (2004) have suggested that interdependency carries risk in the supply chain,
but these can be managed. Zsidisin et al. (2000) and Zsidisin (2003) present
suggestions for minimising risk:
 Chapter 4: Predicting and Managing Supply Chain Risks 57

1. Carrying buffer stock and improving inventory management;

2. Using alternative sources of supply;
3. Use of contracts to manage price fluctuations; and
4. Quality initiatives.
These suggestions reinforce research conducted by Smeltzer and Siferd (1998)
who concluded that risks associated with poor selection of suppliers can be
reduced by developing quality certification programs and auditing the suppliers to
assure that they meet the required standards. Lee and Whang (2003) developed a
model to show how firms can reduce inventory due to less inspection time.
Another aspect of the research conducted around minimising supplier related risk
is concerned with the number of suppliers. Both Sheffi (2001) and Kleindorfer
and Saad (2005) suggested the use of multiple suppliers as a way to reduce certain
supply chain risks.
Since the beginning of the current century, companies are increasingly recogni-
sing the importance of risk assessment programs and are using different methods,
ranging from formal quantitative models to informal qualitative plans, to assess
supply chain risks. Some of the enablers for better supply chain risk management
include Lean, Six Sigma and Agile philosophies (Christopher and Rutherford
2004; Chapell and Peck 2005); Event Management software (Malykhina 2005);
and Radio Frequency Identification (RFID) (Niemeyer et al. 2003). These provide
better visibility, velocity and more effective process control (Christopher and Lee
2001).
According to Norrman and Jansson (2004), the stages of the risk management
process can vary from risk identification/analysis (or estimation) via risk assess-
ment (or evaluation) to different ways of risk management. Juttner et al. (2003)
suggest that supply chain risk management is the process of identifying and
managing risks in the supply chain through a co-ordinated approach amongst
supply chain members in order to achieve the supply chain objectives. Researchers
have considered supply chain risk management from various perspectives
(Gaudenzi and Borghesi 2006): financial and corporate governance perspective
(Meulbroek 2002), perspective of business continuity and crisis management
(Adams et al. 2002), the ability to react quickly to ensure continuity (van Hoek
2003; Rowbottom 2004), reputation management perspective (O’Rourke 2004),
perspective oriented towards the goal of reliability (Moore 2002), and the
achievement of the best trade-off between quality controls (through inspections)
and process self-control (Svensson 2002), often utilising the Six Sigma approach
and tools (Eckes 2001).
Some other approaches to supply chain risk management involve managing
risks affecting: specific supply chain levels (Cavinato 2004), systems inside and
outside the chain, such as the Information system (Finch 2004), specific projects
(Halman and Keizer 1994) with an aim to identify and manage risks that threaten
the project’s success (Ramgopal 2003) and causes of project failure (Spekman and
Davis 2004).
58 Samir Dani

4.5 Proactive Supply Chain Risk Management

Supply chain risk management strategies can be described as being reactive or

proactive. Being reactive is a default position when a risk materialises. This is in
effect necessary when a supply chain operates without worrying about risks on a
day to day basis but reacts to mitigate when the difficulty or disruption strikes.
This impacts the supply chain members until the situation is resolved, which needs
to be done quickly as a delay can cause serious damage even to a large corporation
as per the Philips/Ericsson case (Sheffi 2005). To overcome the need to react after
the occurrence of an event, a proactive strategy has been proposed by researchers
Norrman and Jansson (2004).
In a proactive strategy, potential risks are identified at the supply chain design
stage, their probability and impact are assessed and they are ranked in terms of
importance. The focus of this exercise is to target the identified risks in order to
avoid them. This may not be possible in all cases and hence there is a need to
develop and implement contingency plans to minimise the impact if and when the
risk occurs.
This process sounds the most logical thing to do for supply chain managers, but
it needs resources upfront in terms of investment and people. Hence, if a risk
never materializes, it becomes very difficult to justify the time spent on risk
assessments, contingency plans, and risk management (Zsidisin et al. 2000). This
also leads to evaluating the total cost of an undesirable event occurring against the
benefits realized from having strategies in place that significantly reduce the
chance and/or effects of detrimental events with supply. Also, it is not always
possible to obtain good estimates of the probability of the occurrence of any
particular disruption and accurate measurement of the potential impact of each
disaster.
Although the process of proactively managing the risks looks to be fairly
familiar to most of the risk management/mitigation strategies, it is not explicitly
cited in the supply chain risk management literature. Preston and Smith (2002)
have developed a proactive risk management process for controlling the
uncertainty in product development. This process uses the following variables in a
process map for identifying a proactive risk management strategy:
1. The probability of risk occurring
2. Risk event drivers
3. Risk events
4. The probability of the impact
5. Impact drivers
Norrman and Jansson (2004) describe how Ericsson, the company affected by a
fire at a sub-supplier has implemented a new organisation and new processes and
tools for SCRM by developing a proactive risk management strategy. These
incorporate the inclusion of supply chain management and sourcing functions
under the corporate risk management function, development of a risk management
 Chapter 4: Predicting and Managing Supply Chain Risks 59

tool “Ericsson risk management evaluation tool (ERMET)” and involving its
supply network in the risk management process.
One of the most important enablers for a proactive risk management strategy is
the presence of a culture and attitude that provides resources and motivates
employees to develop risk contingency plans. Smeltzer and Siferd (1998) suggested
that the formation of a risk management culture to encompass proactive risk
management is extremely necessary as:
1. Employees may feel that no steps are taken towards managing risks
identified and reported, but more is done after the impact,
2. Employees feel that top management would look upon them negatively if
they are involved in proactively identifying risks,
3. Depicting risks to shareholders may have an adverse effect on the value of
the firm.

4.6 Predicting Supply Chain Risks

One of the main requirements for an effective proactive risk management process
is to obtain good estimates of the probability of the occurrence of any particular
disruption and accurately measure the potential impact. Good estimates of
probabilities are obtained by risk prediction techniques. Predicting the occurrence
of the risk will vary according to the uncertainty and complexity. It may be
possible to predict an occurrence based on historical data but perhaps not possible
to predict a one-off environmental event. In supply chains, risk prediction and
identification is being helped by early warning systems or satellite tracking
systems, and smart containers, for example. Once a risk or a potential risk has
been identified it is necessary to do a cost-benefit analysis to ascertain the effect of
the risk. This will lead to the selection of the appropriate proactive methods for
mitigating the risk.

4.6.1 Tools for Risk Prediction

There are various tools for risk prediction, ranging from complex mathematical
models to a less complicated Event Tree Analysis. The following section provides
a description of two types of risk prediction tools: “Data Mining” and “Failure
Mode Effect Analysis (FMEA)”

4.6.1.1 Data Mining

Risk in general is a term attributable to future loss, and risk management is
attributed to the process and resources utilised in order to control the loss
(Haimowitz and Key 2002). Hence, the more relevant issue is to ascertain whether
the future predictable losses are controllable. In order to predict the losses and
reduce the uncertainty it is necessary to be able to look into the future based upon
60 Samir Dani

the past capabilities of the system. Data mining is a process that has the ability to
use pertinent data to uncover sources of risk exposure that may otherwise remain
obscure or unnoticed before prior to the risk being realised. Haimowitz and Key
(2002) suggest that a proactive data miner will use their understanding of risk for
enterprise advantage through competitive gain or innovation (product, process or
service).
There are two dimensions of risk: frequency is the rate at which undesirable
events exhibit themselves, while severity is the magnitude of the loss, once
exhibited. According to Haimowitz and Key (2002), data mining generally applies
to risk problems in the high frequency and low severity scenario. Data mining can
help in making more severe risks less frequent and more frequent risks less severe.
The risk or severity is lessened by identifying controllable drivers of severity or
risk frequency.
The role of data mining is to analyse historical data, to improve prediction
capability. Some of the common analytic approaches used by data miners are:
1. Estimation of the parameters of past performance: Means, Standard deviations,
Correlations, and Associations for hypothesis testing
2. Classification: Segmentation, or Clustering of data units to facilitate the
modelling process
3. Construction of a functional relationship: or model between responses and
explanatory variables.
While the strategic goal of the data mining and modelling exercise is to predict
the key phenomenon, the operational goal is to gather and understand the relevant
data with the aim of discovering patterns to provide business intelligence. Berry
and Linoff (1997) have suggested some specific tools used by data miners for
analysis:
(a) Estimation: Tools useful for exploratory data analysis. These tools will
not lead to patterns but are more useful in analysing the data to identify
the most relevant sets of data to concentrate further analysis. These
include the use of statistical tools, Pareto analysis, and graphical analysis.
(b) Clustering/segmentation: This approach is used to logically group
observations on the basis of similarity in their characteristics, reducing
the level of heterogeneity in the data. These are a precursor to the
modelling phase, such as K-means and Distance matrices (Euclidean/
non-Euclidean).
(c) Classification/discrimination: The process of assigning observations to a
predetermined number of classes. This is performed by dividing the
dataset into mutually exclusive groups such that the members of each
group are as “close” as possible to one another, and different groups are
as “far” as possible from one another. The distance between the groups is
measured with respect to specific variable(s) required for prediction such
as chi-squared automatic induction, classification and regression trees
(Breiman et al. 1993), regression analysis, discriminant analysis, and rule
induction.
 Chapter 4: Predicting and Managing Supply Chain Risks 61

(d) Prediction: Formal mathematical models are built for the purpose of
predicting the occurrence of the phenomenon. Techniques used for this
purpose are: Linear/nonlinear regression, Classification and Regression
trees (Breiman et al. 1993), Multiple adapted regression splines, artificial
neural nets, genetic algorithms, time – series regression models, and
stochastic models.
Data mining activities are generally divided into two main types: Predictive
data mining and Descriptive data mining. Prediction involves using attributes of
the data to predict unknown future values of the dependent variables. Operational
data in its raw form is of limited business value when it is mainly used for
reporting what has happened. However, if this data is analysed and modelled using
Predictive data mining tools it can transform the data into actionable decisions.
Predictive data mining is a powerful tool for recognizing patterns and proacti-
vely predicting what will happen. Descriptive data mining, however, focuses on
trying to obtain insight into the data by finding patterns before trying to predict.
Both methods use some of the following core data mining tasks: Classification,
Regression, Clustering, Summarization, Dependency, Modelling, Link analysis and
Sequence analysis. To conduct a data mining process effectively it is important to
ascertain:
1. The fit between the data mining technique and the task, and
2. Conditions under which the identified relationships are valid

4.6.1.2 Failure Mode Effect Analysis (FMEA)

A Failure Mode Effect Analysis can be described as a systematic group of
activities intended to
1. Recognise and evaluate the potential failures of a product or process and the
effects of that failure.
2. Identify actions, which could eliminate or reduce the chance of the potential
failure occurring.
3. Document the entire process.
The fundamentals of an FMEA process are
1. Define scope, functional requirements, design parameters and process steps.
2. Identify potential failure modes: Failure modes indicate the loss of at least
one functional requirement. It is the manner in which a failure occurs. This
step in the process takes into account a foresight view (based on past
experience and any new information) of what could cause a failure to the
system or process.
3. Potential failure effect: This step investigates the effect the failure will have
on other entities or processes.
4. Severity: “How bad” or “serious” the effect of the failure mode is. Usually
severity is rated on a discrete scale from 1 (no effect) to 10 (hazardous
effect). Severity ratings of 9 and 10 indicate a potential effect of high
62 Samir Dani

importance and this could typically be a safety or government regulation

issue. Critical effects need deeper study for all causes to the lowest level,
using a method of Fault Tree Analysis.
5. Potential causes: These are the causes of the failure. In this step, all causes
that can be attributed to the failure occurring are investigated.
6. Occurrence: This is the likelihood of the event happening (i.e. failure in the
system) on the basis that “the cause occurs”. FMEA assumes that if the
cause occurs, failure will occur too. The probability of occurrence is ranked
from 1 to 10, where 1 signifies a remote probability of occurrence and 10 a
very high probability of occurrence.
7. Current controls: The objective of the controls is to identify and detect the
deficiencies and vulnerabilities as early as possible. This step looks at the
current processes in place to mitigate the failures (if already known).
8. Detection: A subjective rating is assessed corresponding to the likelihood
that the detection method will detect the first-level failure of a potential
failure mode. This is ranked from 1 to 10, where 1 signifies that it is
unlikely to detect and 10 signifies a very high detection potential.
9. Risk Priority Number (RPN): These are used to prioritise the potential
failures and are calculated as “Severity u Occurrence u Detection ranking”.
10. Actions Recommended: The team should then select and manage
subsequent actions needed to locate and control the situation.

4.7 The Predictive – Proactive Methodology

Figure 4.1, depicts the “predictive-proactive” methodology for managing supply

chain risks. The methodology is represented by a process map associated with
undertaking risk management and, specifically, supply chain risk management.
The methodology assumes that for proactively managing risks, it is important to
have sufficient information regarding the impending situation to aid the decision
process on developing a mitigation plan. The predictive mode is hence reliant on
the ability of the organisation to provide sufficient and appropriate information.
Predictive Mode: In the predictive mode the focus is on acquiring data and
analysing it to discover meaningful patterns which will aid in identifying risks.
The data gathering phase will engage with both the reactive and proactive
approaches, as in accessing legacy data for a particular situation and projecting
probable future scenarios. Various tools can be used in this phase. Data Mining as
described earlier will be used to study legacy data for generating patterns of
behaviour causing risk whereas FMEA will be used to project the probable
situations for risk. These two tools together will provide sufficient data for the
next phase. This is a very important phase as the analysis conducted in this phase
will provide the necessary information for risk identification. The predictive mode
enables the risk management agencies to form proactive solutions based on
quantitatively analysed data.
 Chapter 4: Predicting and Managing Supply Chain Risks 63

Proactive Mode: Once the data is analysed in the predictive mode, this data is
fed into the proactive phase of the risk management process to enable the
identification and quantification (effect) of the risk scenarios. As seen in Fig. 4.1,
“strategic objectives” or objectives for the supply chain are at the centre of
the process and form the most important part of the complete risk management
process. This depicts that the strategic objectives will control the risk management
process and will also influence the solutions that will be developed for mitigating
the risk. Referring to Fig. 4.1, the event or the performance of the mitigating
solution has an impact on the strategic objective for further scenarios of risk
management and will also influence the information that the risk management
team has regarding sources of risk. This process is an iterative process as the cycle
will repeat by studying new issues and risks identified after the analysis of the
event. The new data will then be analysed using tools identified in the predictive
mode.
In a proactive mode, there are two options for working with a supply chain:
(i) Designing a new supply chain,
(ii) Updating an existing supply chain
When designing a new supply chain or updating an existing one, the proactive
mode will benefit in managing risks associated with the new situation. The predic-
tive mode will provide sufficient analysis for identifying risks and quantifying
their probability of occurrence and the impact. Also, information regarding the
external and internal sources of risk in the form of security issues related to supply

Predictive mode
Gather and Discover relationship Create
understand Data patterns Intelligence

Risk Identification
Sources of Strategic Objectives and
risk Quantification
External Risk Reduction
and
Internal Risk Level
Management
tools

Event/ Performance Proactive mode

Fig. 4.1 The “predictive-proactive” supply chain risk management methodology © Samir
Dani, 2007
64 Samir Dani

chain members, risk profiles for countries in which the chain operates, and risk
profiles for individual members in the supply chain will be considered. These sets
of information will then be used to determine the strategic objectives for the chain
and risk reduction and mitigation plans will be put together to meet these
objectives. This, however, does not limit the existence of uncertainty and there
will be cases in which the mitigation plan will not be as efficient as required, or
that a completely different scenario has materialised. Hence, it is necessary to
update the strategic objectives and the data set of risk sources in line with the
unexpected event or performance of the mitigation/risk reduction plan.

4.8 Conclusion

This chapter has provided a discussion related to proactive management of supply

chain risk. It has been suggested that to be proactive in risk management it is
necessary to have an efficient predictive process for data gathering and analysis.
The proposed risk management methodology has strategic objectives as a focal
point in the process. This will hopefully make it easier for top management to
follow the methodology and be more in control of the process.
The methodology as shown in Fig. 4.1 may look simplistic, but it does provide
a process map for risk management. The focus of the methodology is to structure
the two processes of data analysis and decision making. The stress on including
the strategic objectives reflects the importance of providing benchmarks for the
firm to base their future risk mitigation plans and to measure the performance of
their plan against the possible event. Data Mining as explained previously, can be
used as a predictive analysis tool for risks with high frequency and low severity
(Haimotwitz and Key 2002), supplemented by other tools (e.g., FMEA) which
would be utilised to get an insight into future scenarios of risk having a low
frequency of occurrence.
The chapter has sought to generate interest in developing and using proactive
strategies for managing supply chain risks. The methodology will be validated in
industry in the future. In its current form the methodology can be used as a
guiding tool for companies to implement a proactive risk management strategy.

References

Adams, T. J., Austin, S. P., Soprano, R S. and Stiene, L. M. (2002). “Assessing the
transition to production risk”, Program Manager, September, pp. 10–21.
Berry, M. J. A. and Linoff, G. (1997) Data Mining Techniques for Marketing, Sales and
Customer Support, Wiley, New York.
Breiman, L., Friedman, J. H., Olshen, R. A. and C. J. Stone (1984) Classification and
regression trees, Wadsworth Inc., Monterey, CA, USA.
Cavinato, J.L. (2004) “Supply chain logistics risks”, International Journal of Physical
Distribution & Logistics Management, Vol. 34, No. 5, pp. 383–388.
 Chapter 4: Predicting and Managing Supply Chain Risks 65

Chapell, A. and Peck, H. (2005) The application of a six sigma methodology to military
supply chain processes, in Operations and Global Competitiveness: Proceedings of the
Euroma Conference, pp. 809–818.
Chiles, T. H. and McMackin, J. F. (1996) “Integrating variable risk preferences, trust, and
transaction cost economics”, Academy of Management Review, Vol. 21, No. 1, pp. 73–99.
Christopher, M. and Peck, H. (2003) “Building the Resilient Chain”, The International
Journal of Logistics Management, Vol. 15, No. 2.
Christopher, M. and Rutherford, C. (2004) Creating Supply Chain Resilience Through
Agile Six Sigma. Critical Eye, Jun–Aug, pp. 24–28.
Christopher, M. and Lee, H. L. (2001) “Supply chain confidence: the key to effective
supply chains through improved visibility and reliability”, Global Trade Management,
November, pp. 1–10.
Deloach, J. W. (2000) Enterprise-Wide Risk Management: Strategies for Linking Risk and
Opportunity, Financial Times Prentice Hall, 284pp.
Eckes, G. (2001) Six Sigma Revolution, Wiley, New York, pp. 29–41.
Faisal, M. N., Banwet, D. K. and Shankar R. (2006) “Supply chain risk mitigation:
modelling the enablers”, Business Process Management Journal, Vol. 12, No. 4, pp.
535–552.
Finch, P. (2004) “Supply chain risk management”, Supply Chain Management: An
International Journal, Vol. 9 No. 2, pp. 183–196.
Gaudenzi, B. and Borghesi, A. (2006) “Managing risks in the supply chain using the AHP
method”, The International Journal of Logistics Management, Vol. 17, No. 1, pp. 114–136.
Haimowitz, I. J. and Keyes, T. K. (2002) “Risk Analysis”, Handbook of Data Mining and
Knowledge Discovery, Klösgen, W. and ĩytkow, J.M. (eds.), Oxford University Press.
Halman, J. M. and Keizer, J. A. (1994) “Diagnosing risks in product-innovation project”,
International Journal of Project Management, Vol. 12, No. 2, pp. 75–81.
Holton, G. A. (2004) “Defining risk”, Financial Analysts Journal, Vol. 60, No. 6, CFA
Institute.
Juttner, U., Peck, H. and Christopher, M. (2003) “Supply chain risk management: outlining
an agenda for future research”, International Journal of Logistics: Research and
Applications, Vol. 6, No. 4, pp. 199–213.
Kleindorfer, P. and Saad, G. (2005) “Managing disruption risks in supply chains”,
Production and Operations Management, Vol. 14, pp. 53–68.
Knight, F. (1965) Risk, Uncertainty and Profit. Harper & Row, New York (first published
1921).
LaFonde, A. (2007) “Coping with Disaster,”Manufacturing.net, Advantage Business
Media, January 30, viewed 14 September 2007, http://www.manufacturing.net/article.
aspx?id=138176&terms=coping%20with%20disaster
Lee, H. and Whang, S. (2003) “Higher supply chain security with lower cost: lessons from
total quality management”, Working paper, Graduate School of Business, Stanford
University.
Lövkvist-Andersen, A., Olsson, R., Ritchey, T. and Maria Stenström, M. (2004)
Developing a Generic Design Basis (GDB) Model for Extraordinary Societal Events
using Computer-Aided Morphological Analysis, presented in SRA (Society for Risk
Analysis) Conference in Paris 15–17 November, available from http://www.swemorph.
com
Malykhina, E. (2005) “The real time imperative”, Information Week, 3 January 2005, pp.
1020, 43.
Mason-Jones, R. and Towill, D. R. (1998) “Shrinking the supply chain uncertainty circle”,
Control, pp. 17–22.
66 Samir Dani

Meulbroek, L. (2002), “The promise and challenge of integrated risk management”, Risk
Management and Insurance Review, Vol. 5, No. 1.
Moore, K. G. (2002) “Six sigma: driving supply at Ford”, Supply Chain Management
Review, July/August, pp. 38–43.
Niemeyer, A., Pak, M. and Ramaswamy, S. (2003) Smart tags for your supply chain.
McKinsey Q., Vol. 4. Available online at: http://premium.mckinseyquarterly.com
Norrman, A. and Jansson, U. (2004) “Ericsson’s proactive supply chain risk management
approach after a serious sub-supplier accident”, International Journal of Physical
Distribution & Logistics Management, Vol. 34, No. 5, pp. 434–456.
O’Rourke, M. (2004) “Protecting your reputation”, Risk Management, April.
Peck, H. (2006) “Reconciling supply chain vulnerability, risk and supply chain
management”, International Journal of Logistics: Research and Applications, Vol. 9,
No. 2, pp. 127–142.
Peck, H. (2005) “Drivers of supply chain vulnerability: an integrated framework”,
International Journal of Physical Distribution and Logistics Management, Vol. 35, pp.
210–232.
Ramgopal, M. (2003) “Project uncertainty management”, Cost Engineering, Vol. 45, No.
12, pp. 21–24.
Rice, J. and Caniato, F. (2003) “Building a secure and resilient supply network”. Supply
Chain Management review, Vol. 7, pp. 22–30.
Rowbottom, U. (2004) “Managing risk in global supply chains”, Supply Chain Practice,
Vol. 6, No. 2, pp. 16–23.
Royal Society (1992) Risk Analysis, Perception and Management, 1992 (Royal Society:
London).
Sheffi, Y. (2001) “Supply chain management under the threat of international terrorism”
International Journal of Logistics Management, Vol. 12, No. 2, pp. 1–11.
Sheffi, Y. (2005) The Resilient Enterprise: Overcoming Vulnerability for Competitive
Advantage, The MIT Press, 2007
Smeltzer, L. R. and Siferd, S.P. (1998) “Proactive supply management: the management of
risk”, International Journal of Purchasing and Materials Management, Vol. 34, No. 1,
pp. 38–45.
Smith, P. G., Merritt G. M. (2002) Proactive Risk Management, Productivity Press, New
York, USA
Spekman, R. E. and Davis, E. W. (2004) “Risky business: expanding the discussion on risk
and the extended enterprise”, International Journal of Physical Distribution & Logistics
Management, Vol. 34, No. 5, pp. 414–433.
Svensson, G. (2002) “A conceptual framework of vulnerability in firms’ inbound and
outbound logistics flows”, International Journal of Physical Distribution & Logistics
Management, Vol. 32, pp. 110–134.
van Hoek, R. (2003) “Are you ready? Risk readiness tactics for the supply chain”, Logistics
Research Network, Institute of Logistics and Transport, London.
Zsidisin, G. (2003) “Managerial perceptions of risk”, Journal of Supply Chain
Management, Vol. 39, pp. 14–25.
Zsidisin, G. A., Ellram, L. M., Carter, J. R. and Cavinato, J. L. (2004) “An Analysis of
Supply Risk Assessment Techniques”, International Journal of Physical Distribution
and Logistics Management, Vol. 34, No. 5, pp. 397–413.
Zsidisin, G. A., Panelli, A. and Upton, R. (2000) “Purchasing organization involvement in
risk assessments, contingency plans, and risk management: an exploratory study”,
Supply Chain Management, Vol. 5, No. 4, p. 187.