The Emerald Research Register for this journal is available at The current issue and full text archive

ve of this journal is available at

www.emeraldinsight.com/researchregister www.emeraldinsight.com/0960-0035.htm

Supply risk
An analysis of supply risk assessment
assessment techniques techniques
George A. Zsidisin
Department of Marketing and Supply Chain Management, 397
Michigan State University, East Lansing, Michigan, USA
Lisa M. Ellram and Joseph R. Carter Received July 2003
Department of Supply Chain Management, W.P Carey School of Business Revised December 2003
Accepted February 2004
Administration, Arizona State University, Tempe, Arizona, USA, and
Joseph L. Cavinato
Thunderbird (The American Graduate School of International Management),
Glendale, Arizona, USA

Keywords Supply chain management, Purchasing, Case studies, Risk assessment

Abstract Purchasing organizations are exposed to risk in their interactions with suppliers,
whether it is recognized and managed, addressed in a cursory manner, or altogether ignored. In
order to understand the supply risk that exists, purchasing organizations can proactively assess the
probability and impact of supply risk in advance, or reactively discover risk after a detrimental
event occurs. The purpose of this study is to explore, analyze, and derive common themes on supply
risk assessment techniques. Findings from this research indicate that purchasing organizations
can assess supply risk with techniques that focus on addressing supplier quality issues, improving
supplier processes, and reducing the likelihood of supply disruptions. From an agency theory
perspective, these risk assessment techniques facilitate the obtaining of information by purchasing
organizations to verify supplier behaviors, promoting goal congruence between buying and selling
firms, and reducing outcome uncertainty associated with inbound supply.

Introduction
Every organization needs to obtain goods and services in order to carry out its
objectives and goals. Risk exists in obtaining these items, whether it is explicitly
acknowledged and managed, investigated in a cursory manner, or ignored altogether.
However, there has been minimal research conducted on how purchasing
organizations assess the risk that exists with inbound supply. This paper focuses on
inbound supply risk, which we define in this research as “the potential occurrence of an
incident associated with inbound supply from individual supplier failures or the
supply market, in which its outcomes result in the inability of the purchasing firm to
meet customer demand or cause threats to customer life and safety”. Two explicit
concepts within this definition of inbound supply risk are probability and impact.
Probability, within a supply management context, is a measure of how often a
detrimental event that results in a loss occurs. Impact, on the other hand, refers to the International Journal of Physical
significance of that loss to the organization. Therefore, as discussed in prior research, Distribution & Logistics Management
Vol. 34 No. 5, 2004
(Hallikas et al., 2002; Luce and Raiffa, 1957; Shapira, 1995; Yates and Stone, 1992) risk pp. 397-413
is perceived to exist when there is a relatively high likelihood that a detrimental event q Emerald Group Publishing Limited
0960-0035
can occur and that event has a significant associated impact or cost. DOI 10.1108/09600030410545445
IJPDLM It is critical to an organization’s success to understand the supply risk that exists. A
34,5 supplier’s failure to deliver inbound purchased goods or services can have a
detrimental effect for the purchasing firm and subsequently throughout the
downstream supply chain. The purchasing firm will usually suffer immediate
damage from production delays when a loss associated with critical supplies occurs, or
when a supplier provides supplies or components that do not meet quality
398 specifications. For example, the quality problems discovered with the Wilderness AT
tire in 2000 resulted in 174 reported deaths and an estimated cost of $2.1B for their
recall (Truett, 2001).
Assessing supply risk, including appraising its likelihood of occurrence, stage in the
product life cycle, exposure, likely triggers, and likely loss, is a critical step in
managing the risk inherent in a firm’s overall supply network (Harland et al., 2003).
Therefore, the purpose of this research is to examine tools and techniques that
purchasing organizations implement for assessing supply risk. The paper begins with
a review of prior research on supply risk and supply risk assessment within an agency
theory context. Next, case study findings on supply risk assessment techniques are
summarized. This is followed by a discussion of the research findings, conclusions, and
future research directions.

Prior studies on supply risk assessment

In general terms, organizational risk assessments involve identifying potential losses,
establishing the extent of losses, understanding the likelihood of potential losses,
assigning significance to potential losses, and appraising overall risk (Yates and Stone,
1992). Within a supply management context, such assessments are considered as an
important buying activity for purchasing personnel and organizations (Bunn, 1993;
Moon and Tikoo, 2002). Prior frameworks for assessing supply risk are discussed,
followed by a theoretical grounding for understanding supply risk assessment. A
linkage between research gaps and this study is then provided.

Risk assessment frameworks

The nature of risk assessments can be formal to informal, as well as quantitative or
qualitative. In one example, Steele and Court (1996) provide a conceptual approach for
supply risk assessment. The first step in their supply risk assessment approach is
determining the probability of a risk event occurring, which can be classified as high,
medium, and low chance. The second step consists of estimating the likely problem
duration, which can be based on past experience. The third step is investigating the
business impact of the risk event. Use of a multi-functional team is recommended to
quantify the size of the potential problem and its effect on business profitability.
A second example of a supply risk assessment process is the comprehensive
outsource risk evaluation (CORE) system, which is a tool developed by Microsoft and
Arthur Anderson to prevent supply problems from arising (Michalski, 2000). This
assessment process identifies 19 risk factors categorized into four families:
(1) Infrastructure.
(2) Business controls.
(3) Business value.
(4) Relationships.
Each family is weighted based on its importance to the company’s long-term business Supply risk
strategies. Risk is analyzed objectively through measures such as financial data, assessment
subjectively with measures such as the strength of the relationship between the firms,
or through a combination of objective and subjective measures. techniques
The Defense Contract Management Agency (DCMA) of the US federal government
has also developed a supply risk assessment tool that is disseminated throughout its
agency (http://www.dcma.mil/onebook/0.0/0.6/RiskMgmt.htm). The risk assessment is 399
performed for all suppliers, and includes three key areas of performance, schedule, and
cost. A risk rating is assigned by an operations team or functional specialist based on
data such as product audits, system evaluations, and performance. Each system or key
process is classified as a high, moderate, or low risk.
Several common themes emerge from reviewing the risk assessment techniques
previously described. First, all of the supply risk assessments consist of procedures to
investigate the probability and impact of detrimental events that can occur with
inbound supply. This concurs with findings from Harland et al. (2003), Hallikas et al.
(2002), and Yates and Stone (1992). A second commonality among these assessment
tools concerns purchasing organization use of techniques for obtaining risk
information associated with suppliers or the supplier market. Within the framework
presented by Harland et al. (2003), risk assessment is a necessary and critical facet for
purchasing organizations to prioritize the usage of resources for managing the risk
inherent with inbound supply. Because effective supply risk management deals with
the interface between the buyer and supplier firm, one theory that is appropriate for
understanding the implications of assessing supply risk is agency theory.

Supply risk assessment and agency theory

Several principles of agency theory can provide a theoretical foundation for
understanding how and why organizations conduct supply risk assessments. Agency
theory applies to the study of problems arising when one party, the principal, delegates
work to another party, the agent (Eisenhardt, 1989a; Lassar and Kerr, 1996). The unit
of analysis is the metaphor of a contract between the agent and the principal. In the
buyer-supplier relationship, the purchasing organization serves as the principal and
the supplier as the agent. Some of the variables that influence the “contract” or
relationship between the buyer and supplier include information systems, outcome
uncertainty, goal conflict, relationship length, adverse selection and moral hazard
(Eisenhardt, 1989a; Logan, 2000). Descriptions and citations for these variables can be
found in Table I.
Each of the agency theory variables may have an influence on the extent to which
purchasing organizations need to assess supply risk. For example, supply risk
assessments can be used by purchasing organizations for monitoring the activities of
supplier organizations. This monitoring can lead to a clearer understanding by
purchasing organizations into the likelihood and impact of supplier risk from moral
hazard and adverse selection. Likewise, the relationship length between a supplier and
purchasing organization can influence the extent to which supply risk assessment
processes are implemented. Assessing supply risk may be vital when sourcing from
new suppliers or when evaluating potential supplier firms that provide critical inbound
supply (Kraljic, 1983). On the other hand, the extensive implementation of risk
IJPDLM Variable Description Citations
34,5
Information systems that Mechanisms to inform the Eisenhardt (1989a); Wasti and
monitor supplier performance purchasing organization of Liker (1997)
supplier activities
Outcome uncertainty Degree of uncertainty about Eisenhardt (1989a); Wasti and
400 obtaining desired results Liker (1997), Droge et al. (1999);
Koufteros et al. (2001); Koufteros
et al. (2002)
Goal conflict Some degree of conflict exists Eisenhardt (1989a);
between the goals of the Hartley et al. (1997); Wynstra
purchasing organization and et al. (2001)
those of the supplier
Relationship length The engagement in a long-term Eisenhardt (1989a)
relationship where the
purchasing organization will
learn about the supplier and
therefore be able to assess
behavior more readily
Adverse selection The misrepresentation of a Eisenhardt (1989a); Kannan and
supplier’s abilities that results in Tan (2002); Baiman et al. (2000)
its selection
Moral hazard Occurs when an agent (supplier) Eisenhardt (1989a); Kannan and
fails to expend the required Tan (2002); Baiman et al. (2000)
Table I. efforts to meet the principal’s
Agency theory variables (purchasing organization)
in supply risk assessment requirements

assessment for established supplier alliance partners can result in inefficient resource
allocation.

The need for research on assessing supply risk

As presented above, several frameworks have been proposed to guide purchasing
organizations in their assessment of the risk that exists with inbound supply. However,
few studies exist that explore the key constructs necessary for assessing supply risk. In
addition, these prior frameworks focus on formalized tools for supply risk assessment.
Additional tools may also exist in purchasing organizations that are not classified as
“risk assessment,” but nonetheless provide those organizations insight for
understanding the risk inherent with inbound supply. To address this gap in the
literature, the researchers in this study derived a case study research protocol and
conducted multiple case studies for understanding how and why purchasing
organizations assess supply risk.

Research method
The case study research method was chosen in this research due to the newness of the
topic of supply risk and to obtain insights into how and why organizations assess
supply risk (Eisenhardt, 1989b; Ellram, 1996; Strauss and Corbin, 1998; Yin, 1994).
Multiple sources of evidence were gathered in the research, to include archival records
such as supplier development checklists and supplier certification standards, and Supply risk
interviews with key personnel from supply management, materials management, assessment
engineering, quality, and corporate strategy.
The researchers contacted organizations with strong reputations for having techniques
proactive supply management functions, as recommended by knowledgeable
purchasing professionals and found in the popular press. Purchasing professionals
were contacted via telephone or e-mail and asked several questions about their 401
involvement in supply risk assessment and supply risk management. Respondents
from approximately ten organizations that either did not engage in any management
activities related to supply risk, or that did not want to participate in the study were
removed from the contact list. However, several of the initial contacts that were unable
to participate in the study provided the researchers with additional leads.
Data generated in the case studies was subject to open, axial, and selective coding
analysis, as per the guidelines set by Miles and Huberman (1984), Strauss and Corbin
(1998), and Yin (1994). In addition, construct, internal and external validity, and
reliability, were addressed throughout the investigation by creating and utilizing a
case study research protocol (Ellram, 1996; Yin, 1994). Brief descriptions of each of the
case study firms can be found in the Appendix.

Research findings
The following section provides a synthesis of how the purchasing departments of the
organizations discover supply risk. The cases included two computer manufacturers
(Comp1 and Comp2), two suppliers in the aerospace industry (Aero1 and Aero2), two
semi-conductor manufacturers (Chip1 and Chip2), and a cellular phone manufacturer
(Cell). The unit of analysis was at the corporate level for the computer manufacturers,
and the business unit level for the remainder of the cases. Two of the firms, Chip1 and
Cell, have formal, stand-alone supply risk assessment processes in place. The other
firms do not have specific, stand-alone risk assessment processes established, but
instead use a variety of proactive supply management techniques to assess supply
risk, as shown in Table II. The formal risk assessment tools are discussed first,
followed by the supply management techniques that facilitate supply risk assessment
analysis.

Formal risk assessment techniques

Two of the firms studied in this research have standardized, formal risk assessment
techniques in place at their firms. The first firm, Cell, has had a formal risk assessment
process in place since February 2000. There are two factors that influenced the decision
to create a formal assessment tool. First, the supply risk assessment and measurement
process was created to meet the legal requirements of “KonTraG,” which is a German
law implemented in May 1998 to make investors aware of corporate risk (Kirk, 1999).
This amendment to German corporate law requires companies to treat risk
management information similar to financial information. KonTraG specifically
requires companies to inform shareholders of the steps they take to manage risk. The
second reason for initiating the supply risk assessment process is to achieve greater
control of inbound supply and proactively reduce the occurrence and impact of that
supply risk. The supply risk measurement process is one facet reported to top
management as part of an overall “balanced scorecard.”
IJPDLM Cell Chip1 Aero1 Comp1 Comp2 Aero2 Chip2
34,5
Formal risk assessment process £ £
Quality
Using Malcolm Baldrige National Quality
Award criteria £
402 Creating supplier interlock matrices £
Completing supplier scorecards £ £ £
Having suppliers conduct self-assessments £
Certifying designated quality representatives £
Conducting supplier self-release audits £
Supplier improvement
Communicating with suppliers £ £
Conducting process maturity path analyses £
Developing and certifying suppliers £ £
Table II. Supply interruption
Supply risk assessments Creating business interruption plans £
used by the case study Developing demand forecasts £
firms Modeling supply processes £

The supply risk evaluation process for Cell begins with an annual meeting between the
coordinator of the supply risk assessment process and each commodity manager. The
risk associated with all commodities are evaluated for their impact on “earnings before
interest and taxes” (EBIT) and reported on a quarterly basis to the coordinator of the
risk assessment process.
There are 13 categories that are evaluated within the supply risk assessment and
measurement process:
(1) Additional costs for cancellation due to lack of planning.
(2) Additional costs for transportation due to lack of planning.
(3) Additional costs for material obsolescence.
(4) Unexpected material price increase due to allocation.
(5) Unexpected material price increase due to yield problems.
(6) Unexpected material price increase due to change of specification.
(7) Missing parts due to late delivery.
(8) Missing parts due to supplier quality defects.
(9) Missing parts due to instability of supplier’s country.
(10) Additional material costs due to single sourcing during ramp-up phase.
(11) Contractual risk.
(12) Investing in supplier improvement.
(13) Currency risk.
Each supply risk category is assessed using an 11-step process:
(1) What is the impact on EBIT in e millions (before management implementation)
for the current fiscal year?
 (2) What is the probability of occurrence before risk management implementation Supply risk
(in percent) during the current fiscal year? assessment
(3) What is the impact on EBIT in e millions for the next fiscal year? techniques
(4) What is the probability of occurrence before risk management implementation
(in percent) for the next fiscal year?
(5) Insert explanations for the key risk factors. 403
(6) List risk handling measures to avoid the risk.
(7) Rate the implementation status of risk management: 1 ¼ very low (0-20
percent); 2 ¼ low (20-40 percent); 3 ¼ medium (40-60 percent); 4 ¼ high (60-80
percent); 5 ¼ very high (80-100 percent).
(8) What is the impact on EBIT in e millions (after risk management
implementation) for the current fiscal year?
(9) What is the probability of occurrence after risk management implementation (in
percent) during the current fiscal year?
(10) What is the impact on EBIT in e millions for the next fiscal year?
(11) What is the probability of occurrence after risk management implementation (in
percent) for the next fiscal year?
Commodity managers assess their suppliers based on past experience and anticipated
supply trends. The eleven steps focus on estimating the expected impact on EBIT, the
probabilities of risk events occurring, and the measures or activities to be implemented
for reducing risk. Estimates are made for both the current and upcoming fiscal year.
Within the process there is a trade-off between accuracy and speed. More accurate
probabilities and the effects on earnings can be derived if additional information is
obtained. However, deriving more exact data means that a significant degree of
managerial effort would be required by commodity managers that may not be offset by
the benefits from engaging in supply risk assessment and measurement processes. In
addition, the purpose of estimating supply risk is not to determine exact probabilities
or effects on earnings. Instead, the process facilitates the communication of possible
supply failures between the commodity and supply line managers, and the risk
manager. In addition, the process prioritizes supply risk that warrants managerial
attention and provides guidance for proactively reducing the chance that those risk
events transpire. The commodity and supply line managers are responsible for
managing supply risk, and headquarters is responsible for reporting incidents and
providing additional resources when required.
The second case study firm that has a formal supply risk assessment process in
place is Chip1. The supply risk assessment tool was implemented in 1996 to ensure
that potential supply issues are addressed early in the material’s life cycle. This
technique has recently been introduced to key suppliers for their use to better assess
and manage the supply risk encountered with second-tier suppliers and, eventually,
their supply chains.
The risk assessment process involves a detailed, ten-step procedure:
(1) Identify the materials/services to be assessed.
(2) Identify the owner of the material/service who will be responsible for the risk
assessment.
IJPDLM (3) Start the risk assessment scorecard.
34,5 (4) Review success criteria for each of the risk factors.
(5) Collect data.
(6) Determine risk level by comparing data to criteria on the risk assessment
scorecard.
404 (7) Conduct impact analysis.
(8) Document risk level analysis and risk reduction plans.
(9) Track progress.
(10) Determine when to cease performing risk assessments.
The risk assessment process measures eight factors that are deemed critical to having
a reliable, predictable, cost effective supply of materials and services. These factors are:
(1) Design.
(2) Cost.
(3) Legal.
(4) Availability.
(5) Manufacturability.
(6) Quality.
(7) Supply base.
(8) Environmental, health and safety impacts.
Definitions for the eight attributes are shown in Table III. A commodity manager
evaluates each of these factors. In addition, there are sub-categories within each factor
that are assigned risk scores on a scale from 1 to 5, where “1”, labeled “show stopper”,
is the highest risk and “5”, labeled “qualified”, is the lowest risk.
Even though only two of the case study firms have formal supply risk assessment
tools in place, all of the other five firms in this study utilize various proactive supply
management practices for assessing supply risk. Each of these practices is described
below.

Supply management tools that facilitate supply risk assessment

An initial question asked of the respondents was whether they had a formal
assessment tool. If the firm did not have a formal risk assessment tool, we asked if they
had supply management tools that also facilitate the assessment of supply risk. These
tools, shown in Table II, focus on addressing supplier quality issues, improving
supplier processes, and reducing the likelihood of supply disruptions.

Addressing supplier quality issues

There are six tools related to quality that case study organizations implement to assist
purchasing professionals in assessing supply risk. These tools are:
(1) Using the Malcolm Baldrige National Quality Award (MBNQA) criteria.
(2) Creating supplier interlock matrices.
(3) Completing supplier scorecards.
Risk Definition Supply risk
assessment
Design Ability to complete the design, follow design for manufacturing goals,
validate the design, assess the materials interactions, and manufacture techniques
the item. This refers to both company and supplier design as well as
statements for work for service to outsourcing suppliers
Quality The direct and indirect materials, service, or product consistently 405
meets requirements, and supporting processes are in place to ensure
control
Cost Determined by target costs from the customer, industry
benchmarking, should-cost models, and make-or-buy decisions where
appropriate
Availability Assessing the risk of the sourcing, unit volume requirements, and the
material tooling (where applicable)
Manufacturability Risk associated with manufacturing’s ability to produce when
material specifications are met. If the material has not yet been
received, this may entail anticipating potential future problems, such
as materials that meet specifications but do not meet design for
manufacturing goals
Supplier Assessing and choosing suppliers of good financial health and
manufacturing in politically stable or low-risk natural disaster areas.
It also refers to instances when Semi becomes too large a percentage of
a supplier’s business, either through capacity or corporate revenue
Legal Risk associated with the substantive legal status of the material,
product, or service, such as import/export restrictions and tax issues.
Additional risk factors include legally enforceable restrictions or
commitments relating to the use of the material, product, or service
Environmental, health and Issues such as the handling and use of hazardous materials and Table III.
safety compliance with EPA, OSHA, and other governmental agency policies Risk assessment
by suppliers as well as this firm attributes – Chip1

(4) Having suppliers conduct self-assessments.

(5) Certifying designated quality representatives.
(6) Conducting supplier self-release audits.
Chip2 uses segments of the Malcolm Baldrige National Quality Award (MBNQA)
criteria as a tool to assess supply risk from key suppliers. Specifically, the support
processes subsection (6.3) under the process management criteria of the MBNQA is
used for assessing risk at supplier organizations. This includes understanding key
processes for supporting daily operations, determining key support process
requirements, analyzing performance measures for controlling and improving
processes, and minimizing cost associated with inspections, tests, and audits.
Comp1 completes a supplier interlock analysis during product testing to determine
whether a combination of items works together properly to meet performance
requirements. From this analysis, Comp1 determines which suppliers to use and which
ones may create technical problems in the final product. The supplier interlock
analysis is similar to the first part of a Failure Mode and Effects Analysis (FMEA) in
IJPDLM determining where failures can arise within the finished product. This analysis is
34,5 usually performed when a new supplier is selected, or when an existing supplier
provides an item that it has not previously supplied to Comp1.The supplier interlock
matrix helps purchasing professionals assess the technical risk of interaction among
components. This is important because items analyzed and tested in isolation may
meet stringent quality and durability requirements, but can create quality and
406 technical problems when coupled with other components in finished products.
Two case study organizations noted that a secondary use of their supplier
scorecards is to assess supply risk. Aero1 employs supplier scorecards completed at its
manufacturing sites to measure performance in areas such as parts per million defects,
late deliveries, and capacity. The supplier scorecard information is used for
understanding the problems that may exist with specific suppliers.
Aero2 requires core supplier organizations to conduct self-assessments as an initial
technique for assessing supply risk. The self-analysis allows Aero2 to quickly identify
supplier “red flags” or problems. Any issues or problems, such as those arising from
packaging and shipping, are followed up for correction and may lead to actions such as
initiating supplier development activities.
Aero2 provides extensive training in certifying designated quality representatives
from supplier organization personnel. These supplier quality representatives alert
Aero2 to issues within their operations that might create supply risk for Aero2 and are
responsible for ensuring that products meet stringent quality requirements. Certifying
designated quality representatives at key suppliers is part of the supplier self-release
audit system at Aero2, which is discussed next.
Self-release audits, under the auspices of a designated quality representative, also
facilitate the assessment of supply risk for Aero2. This process eliminates the need for
Aero2 to inspect the finished products at the suppliers’ facilities prior to shipment. All
suppliers that apply for self-release must be audited. The survey is lengthy and
considers many business processes, such as implementing a contract review, meeting
quality system requirements, inspecting and testing procedures, and packaging and
shipping. In addition to eliminating the long-term need for inspecting inbound supply,
the self-release audit provides Aero2 information about factors that can present supply
risk from supplier facilities and processes. The training of designated quality
representatives, the self-release process and supplier self-assessments contribute to the
overall strategy of Aero2 for understanding supplier organization processes.

Supplier improvement
Case study participants stated that there are several tools focusing on supplier process
improvement that are also used to assess supply risk. The supplier process
improvement tools noted include:
.
communicating with suppliers;
.
conducting process maturity path analyses; and
.
developing and certifying suppliers.
Aero2 often discovers supply risk based on its communications with suppliers.
Discussions with supplier organization personnel can reveal issues such as suppliers
requesting faster payments, supplier organization cash flow problems, and the
supplier’s performance history. These issues are often an indicator of potential supplier
problems that could lead to risk incidents. In addition, Comp1 holds individual Supply risk
quarterly meetings with suppliers to assess risk from supplier capacity constraints and assessment
market shortages. One of the goals of the quarterly meetings is to discover supplier
plant capacity and the suppliers’ manufacturing plans to understand potential capacity techniques
constraints.
Aero1 conducts maturity path analyses for long-term suppliers, supplier
transitions, and those suppliers that are considered at risk. A questionnaire is first 407
sent to the suppliers, who rate themselves on a scale from 1-5 on various processes.
This is followed by a site visit from a team from Aero1 to validate the supplier’s
self-assessment. Teams usually consist of a commodity engineer, a procurement
specialist, and other appropriate individuals, such as supply chain or finance experts.
These analyses ensure that suppliers are capable of meeting the purchasing firm’s
requirements early in the product life cycle, and provide input for improving supplier
processes when necessary.
Supplier development and certification have multiple objectives with regard to
supply risk. For example, Comp1 and Comp2 use a formalized supplier development
process for both assessing and managing supply risk. The supplier development
checklist at Comp1 is a five-step process that leads to supplier certification. Process
sub-steps include an analysis of corporate materials, design engineering, production
processes, and capacity analysis. The final step is supplier certification, where the
supplier is considered to be “like Comp1” in terms of meeting quality standards and
delivery performance. However, few suppliers ever achieve this status due to constant
product changes. The supplier development process is considered a risk assessment
tool because it provides insights into a supplier’s processes including supplier capacity,
technical expertise, and ability to make volume and mix changes.

Supply interruptions
The third classification of risk discovery tools focuses on supply interruptions. The
techniques used by the case study firms to avoid the effects of supply disruptions
include:
.
creating business interruption plans;
.
developing demand forecasts; and
.
modeling supply processes.
Chip2 and Comp2 use business interruption plans as a tool for assessing supply risk on
a global scale by commodity. An example of one of Chip’s business interruption plans
can be found in Table IV. If significant risk is discovered, detailed recovery plans are
implemented. These plans include input and information from design support,
engineering support, supply management, supplier quality engineers, factory
manufacturing support, the factory quality department, and supplier(s).
Comp1 transmits demand forecast information via EDI from all production sites to
suppliers on a weekly basis. One purpose for creating demand forecasts is to assess
supply risk from supplier capacity constraints. Demand forecast information is usually
sent to suppliers on Monday, with supplier responses regarding the fulfillment of that
demand due back by Wednesday. Any discrepancies in the ability to handle demand
forecasts are addressed at the commodity level via telephone conferences with
IJPDLM Primary source
34,5 location Recovery
Commodity Product(s) (Supplier) Vulnerability time Action plan

Type K L A Sole source on 2-12 Sole sourced parts can

wafers B several second tier months take 12 months for
C parts qualification
408 Mold M, N, O D Sole source Four Low risk, multiple
compound months manufacturing sites and
new supplier can be
developed
Bonding P, Q E Sole source Two Moderate risk, supplier
Table IV. wire months only one factory;
Business interruption different product can be
plan example from Chip2 used

suppliers. This process provides Comp1 information about suppliers’ abilities to meet
near-term and long-term demand in order to avoid supply disruptions.
Comp2 has an internal corporate organization that provides consulting and models
supply processes for the various business units and location sites. The internal
management-consulting group creates simulation models that evaluate market
fluctuations and determine optimal inventory quantities while simultaneously
buffering the organization from stockouts. The internal consulting group not only
looks at supply risk, but provides managers with insightful guidance for managing the
risk that exists throughout the supply chains to which Comp2 belongs.

Discussion and managerial implications

The firms in this study use a multitude of techniques to assess supply risk. Two of the
firms have stand-alone techniques specifically designed for assessing supply risk,
while the other firms utilize various proactive supply management tools that also
facilitate supply risk assessment. These supply management tools focus on addressing
supplier quality issues, improving supplier performance, and preventing supply
interruptions. When supply risk is assessed as part of performing other supply
management activities, these organizations are able to obtain initial insights into the
likelihood and impact of that risk.
The research findings provide supply managers with insights into techniques their
firms can implement to assess supply risk. It is not necessary to implement costly
programs specifically to assess supply risk. Many organizations glean supply risk
information from existing supplier programs. However, risk assessment should only
be one step within an organization’s overall risk management strategy. These supply
risk assessment techniques can help firms go beyond simply recognizing supply risk
by providing purchasing professionals early warning indicators of potential supply
problems. This allows purchasers to create contingency plans as supply risk increases.
For example, a thorough supply risk assessment might have identified the potential for
a shutdown of the USA’s West Coast ports during October, 2002, around the time the
labor contract was due for renewal. This work slowdown represented a significant risk
of supply interruption for many firms. Some companies, such as Ralph Lauren and
Tommy Hilfiger anticipated this risk, and began re-routing their shipments through
the east coast months in advance (Wolk, 2002). Others, like Nummi, while aware of the Supply risk
potential for problems, continued using the West Coast ports, but stockpiled an extra assessment
six days of inventory. Unfortunately, Nummi still ran out of parts and had to shut
down for several days. Nummi is currently working with its supplier base to set up techniques
contingency plans to prevent this situation in the future (Jacobs, 2002).
Several managerial implications emerged from analyzing the case study data. From
an agency theoretic perspective, these managerial implications can be see in terms of 409
obtaining information to verify supply chain activities; promoting goal congruence;
and reducing outcome uncertainty.

Obtaining information to verify supplier activity

Supply risk assessment tools can help purchasing organizations obtain and
communicate potential supply risk issues with management and suppliers to ensure
that adequate resources can be provided for managing that risk. As a result, the
information obtained from the supply risk assessment tools can be used to create
supply strategies that reduce the probability that supply risk occurs, as in the case of
Ralph Lauren and Tommy Hilfiger and/or reduce the impact that supply risk has on
the purchasing organization, as in the case of Nummi. For example, supply risk
assessments by cross-function teams can provide purchasing organizations
information regarding critical performance areas for supplier improvement that lead
to the elimination of supplier deficiencies.

Promoting goal congruence

Many of the supply risk assessment tools facilitate goal congruence at different links
within the upstream supply chain. For example, Aero2 certifies supplier personnel in
order for those firms to meet quality requirements. The supplier representative
training program instructs supplier personnel to the standards set by Aero2. The
process integrates supplier quality personnel into the philosophies and expectations of
Aero2.
Another example of goal congruence exists at Cell with regard to the director of risk
management and commodity managers. Quarterly updates are required in part to
ensure that the commodity managers’ goals in risk assessment and management are in
line with the overall corporate direction. For example, one of the most significant risk
factors identified by Cell is currency risk. The risk assessment process ensures that
each commodity manager addresses the risk of currency fluctuations when pursuing a
corporate-wide global sourcing strategy.

Reducing outcome uncertainty

Uncertainty has been defined as “the difference between the amount of information
required to perform the task and the amount of information already possessed by the
organization” (Galbraith, 1973, p. 5). The purchasing organizations in this study are
able to reduce the level of uncertainty associated with inbound supply through the use
of formal assessment tools and proactive supply management techniques. The
likelihood of “surprises” with supply occurring is significantly reduced. One of the
most critical goals of purchasing and supply management is ensuring the continuity of
supply (Burt et al., 2003). By utilizing proactive supply management tools, purchasing
IJPDLM organizations can reduce the gap between the amount of information required and
34,5 information already obtained for ensuring inbound supply continuity.

Conclusions and suggestions for future research

The purpose of this study is to provide a summary of prior studies of how purchasing
organizations assess supply risk, and provide new empirical data to extend the
410 understanding of supply risk assessment approaches. Findings from prior research
suggest that supply risk assessments involve a proactive approach by purchasing
organizations for understanding the impact and likelihood that detrimental events can
have on inbound supply. This, in turn, provides firms with insight for best managing
that risk. Findings from this research reveal supply risk assessment may also occur as
a secondary benefit of the implementation of proactive supply management tools,
particularly those that focus on addressing supplier quality issues, improving supplier
performance, and preventing supply interruptions.
Areas of future research opportunity include developing and conducting a survey of
supply risk assessment techniques to triangulate the initial case study research
findings (Wacker, 1998). In addition, longitudinal research can be conducted to
determine whether supply risk assessment and proactive supply management have a
significant effect on organizational performance. This type of research would analyze
when and what steps organizations take when a supply risk is discovered (a priori),
and collect that data over time, to garner insights into how supply risk is best
addressed.
All purchasing organizations are exposed to some degree of supply risk, as risk is
inherent in every link within a firm’s supply chain (Lee et al., 1997; Svensson, 2000). By
understanding the sources of risk through its assessment, purchasing firms can take a
proactive, long-term view for reducing and managing that risk. As summarized by
Smeltzer and Siferd (1998, p. 38), “proactive purchasing management is risk
management”.

References
Baiman, S., Fischer, P. and Rajan, M. (2000), “Information, contracting, and quality costs”,
Management Science, Vol. 46 No. 6, pp. 776-89.
Bunn, M. (1993), “Taxonomy of buying decision approaches”, Journal of Marketing, Vol. 57 No. 1,
pp. 38-56.
Burt, D., Dobler, D. and Starling, S. (2003), World-Class Supply Management: The Key to Supply
Chain Management, 7th ed., McGraw-Hill-Irwin, New York, NY.
Droge, C., Jayaram, J. and Vickery, S. (1999), “The ability to minimize the timing of new product
development and introduction: an examination of antecedent factors in the North
American automobile supplier industry”, Journal of Product Innovation Management,
Vol. 17 No. 1, pp. 24-40.
Eisenhardt, K. (1989a), “Agency theory: an assessment and review”, Academy of Management
Review, Vol. 14 No. 1, pp. 57-74.
Eisenhardt, K. (1989b), “Building theories from case study research”, Academy of Management
Review, Vol. 14 No. 4, pp. 532-50.
Ellram, L.M. (1996), “The use of the case study method in logistics research”, Journal of Business
Logistics, Vol. 17 No. 2, pp. 93-138.
Galbraith, J. (1973), Designing Complex Organizations, Addison-Wesley, Reading, MA. Supply risk
Hallikas, J., Virolainen, V. and Tuominen, M. (2002), “Risk analysis and assessment in network assessment
environments: a dyadic case study”, International Journal of Production Economics, Vol. 78
No. 1, pp. 45-55.
techniques
Harland, C., Brenchley, R. and Walker, H. (2003), “Risk in supply networks”, Journal of
Purchasing & Supply Management, Vol. 9 No. 1, pp. 51-62.
411
Hartley, J., Meredith, J., McCutcheon, D. and Kamath, R. (1997), “Suppliers’ contribution to
product development: an exploratory survey”, IEEE Transactions on Engineering
Management, Vol. 44 No. 3, pp. 258-67.
Jacobs, D. (2002), “Wake-up call”, Supply Chain Technology News, Vol. 4 No. 9.
Kannan, V. and Tan, K. (2002), “Supplier selection and assessment: their impact on business
performance”, Journal of Supply Chain Management, Vol. 38 No. 4, pp. 11-21.
Kirk, D.L. (1999), “Enforcement time nears for German law”, Business Insurance, Vol. 33 No. 36,
pp. 19-20.
Koufteros, X., Vonderembse, M. and Doll, W. (2001), “Concurrent engineering and its
consequences”, Journal of Operations Management, Vol. 19 No. 1, pp. 97-115.
Koufteros, X., Vonderembse, M. and Doll, W. (2002), “Integrated product development practices
and competitive capabilities: the effects of uncertainty, equivocality, and platform
strategy”, Journal of Operations Management, Vol. 20 No. 4, pp. 331-55.
Kraljic, P. (1983), “Purchasing must become supply management”, Harvard Business Review,
Vol. 61 No. 5, pp. 109-17.
Lassar, W.M. and Kerr, J.L. (1996), “Strategy and control in supplier-distributor relationships: an
agency perspective”, Strategic Management Journal, Vol. 17 No. 8, pp. 613-32.
Lee, H., Padmanabhan, V. and Whang, S. (1997), “Information distortion in a supply chain: the
bullwhip effect”, Management Science, Vol. 43 No. 4, pp. 546-58.
Logan, M.S. (2000), “Using agency theory to design successful outsourcing relationships”,
International Journal of Logistics Management, Vol. 11 No. 2, pp. 21-32.
Luce, R. and Raiffa, H. (1957), Games and Decisions, John Wiley & Sons, New York, NY.
Michalski, L. (2000), “How to identify vendor risk”, Pharmaceutical Technology, Vol. 24 No. 10,
pp. 180-4.
Miles, M. and Huberman, A. (1984), Qualitative Data Analysis: A Sourcebook of New Methods,
Sage, Beverly Hills, CA.
Moon, J. and Tikoo, S. (2002), “Buying decision approaches of organizational buyers and users”,
Journal of Business Research, Vol. 55 No. 4, pp. 293-9.
Shapira, Z. (1995), Risk Taking: A Managerial Perspective, Russell Sage Foundation, New York,
NY.
Smeltzer, L. and Siferd, S. (1998), “Proactive supply management: the management of risk”,
International Journal of Purchasing and Materials Management, Vol. 34 No. 1, pp. 38-45.
Steele, P. and Court, B. (1996), Profitable Purchasing Strategies: A Manager’s Guide for Improving
Organizational Competitiveness through the Skills of Purchasing, McGraw-Hill, London.
Strauss, A. and Corbin, J. (1998), Basics of Qualitative Research: Techniques and Procedures for
Developing Grounded Theory, 2nd ed., Sage, Thousand Oaks, CA.
IJPDLM Svensson, G. (2000), “A conceptual framework for the analysis of vulnerability in supply chains”,
International Journal of Physical Distribution & Logistics Management, Vol. 30 No. 9,
34,5 pp. 731-49.
Truett, R. (2001), “Tire-related costs mount for Ford”, Automotive News, Vol. 75 No. 5936, p. 45.
Wacker, J. (1998), “A definition of theory: research guidelines for different theory-building
research methods in operations management”, Journal of Operations Management, Vol. 16
412 No. 4, pp. 361-85.
Wasti, S. and Liker, J. (1997), “Risky business or competitive power? Supplier involvement in
Japanese product design”, Journal of Product Innovation Management, Vol. 14 No. 5,
pp. 337-55.
Wolk, M. (2002), “Behind the West Coast port lockout” MSNBC, 8 October, available at:
www.msnbc.com/news
Wynstra, F., Van Weele, A. and Weggemann, M. (2001), “Managing supplier involvement in
product development: three critical issues”, European Management Journal, Vol. 19 No. 2,
pp. 157-67.
Yates, J. and Stone, E. (1992), “The risk construct”, in Yates, J.F. (Ed.), Risk Taking Behavior, John
Wiley & Sons, New York, NY, pp. 1-25.
Yin, R.K. (1994), Case Study Research: Design and Methods, Sage, Thousand Oaks, CA.

Appendix. Descriptions of case study firms

Cell
Cell is a division of a global high technology firm that manufactures cellular phones. The cell
phone industry is characterized as highly competitive with low profit margins that are often
derived from the accessories and package plans that accompany the phone, rather than from the
phones themselves. In addition, there is a great degree of reliance on suppliers, where
approximately 80 percent of the total cost of goods is from purchased parts. The significant
increase in consumer use of cellular phones has had a subsequent effect on annual purchases. In
the past year, annual purchases were approximately e 2 billion (US$1.73 billion), and more than
doubled to e 5 billion (US$4.33 billion) this year. The significant market growth requires
proactive supply management to remain competitive, in part by managing supply risk.

Chip1
Chip1 is a Fortune 500 manufacturing firm that is a major supplier of semi-conductors. The two
primary issues for Chip1 are the existence of a relatively new competitor taking away market share
and an overall economic and business slowdown for its products. Supply risk assessments and
management are considered strategic activities that provide a competitive advantage for Chip1.

Aero1
Aero1 is a strategic business unit of a large, multinational Fortune 500 company in the aerospace
industry that focuses on engines and systems. The key issues and competitive challenges facing
Aero1 are lead time and cost reductions for its customers. The firm has been going through a
major supplier reduction effort for the past five years in order to leverage purchases with premier
suppliers and select suppliers that share its vision.

Comp1
Comp1 is a corporate headquarters for a Fortune 500 company that is a worldwide supplier of
computer systems. This firm designs, develops, manufactures, and markets hardware, software,
business solutions, and services. Comp1 considers engineering its core competency and Supply risk
participates in a great deal of outsourcing activities.
assessment
Comp2 techniques
Comp2 is the corporate headquarters for a Fortune 500 high-technology computer and
electronics firm. The purchasing and supply management function has approximately 2,200
employees worldwide, with many of those personnel located outside the USA in locations such as
China, Singapore, and Korea. Comp2 respondents believe they are just beginning to understand 413
and manage supply risk, even though the corporation has extensive experience using
quantitative modeling techniques for analyzing business processes and designing its supply
chains.

Aero2
Aero2 is a division of a Fortune 500 company that manufactures aircraft engine components in
the aerospace industry. The division that was studied designs and manufactures fuel injection
components for both aerospace and power generation turbine engines. The purchasing and
supply management group for this division is relatively small and is dispersed over several
different sites. Most items are outsourced. Therefore, there is a significant reliance on supplier
organizations for business success. The focus of Aero2’s supply risk management strategy is on
building strong relationships with suppliers.

Chip2
Chip2 provides integrated communications and electronics products to a wide array of industrial
and consumer customers. Product applications include software-enhanced wireless telephones,
embedded semiconductors, and electronics systems. The business unit studied within Chip2
offers multiple technologies that enable its customers to create products and new business
opportunities in the computer networking, transportation, and wireless communication markets.