E-Supply Chain Management

INSTRUCTOR

Subhas C Misra, Phd (Carleton), PDF (Harvard)

ADVISOR, Indo Canada Education Council
ASSOCIATE PROFESSOR, IME Department,
DUGC, IME, IIT Kanpur

Group 13
Prakhar Agarwal Dhananjay Pathik Chamaria Saransh Chauksi
 Chapter VII
Information Security Risk in the E-Supply Chain
 INTRODUCTION

• Supply chain management attempts to coordinate and combine all value

chain activities into a single seamless process by emphasizing collaboration
and integration across functions and between organizations.
• Facilitating
supply chain management’s development is information
technology (IT), which has enabled integration of information flows
between channel participants thereby reducing uncertainty and risk.
• However, by eliminating traditional layers of internal and external
separation, which once formed protective barriers around organizational
assets and processes, IT-facilitated collaboration has simultaneously
improved the supply chain’s ability to satisfy customer needs while making
it more vulnerable to an array of IT-specific threats.
 COLLABORATION AND IT
• Supply chain collaboration is the confluence of all parties in the supply chain acting
in unison towards common objectives.
• Collaboration does not happens on its own certain incentives or conditions are met
for each party to move towards collaboration then union.
• Share the responsibility of the cooperative outcome to foster continued commitment
• Candidly discuss their operations and practices including information that might otherwise
be deemed proprietary
• Trust and respect the judgments and suggestions of their fellow collaborators
• Have clear expectations of one another
• Solve problems in a unified effort which focuses on solutions, not blame
• Engage in implementing advanced information technology and commit to sustaining this
practice
 COLLABORATION AND IT

Several practices that might impede collaboration:

• Partners could resist change and discard collaborative practices by insisting
on doing things the old way.
• Partners may not have a clear vision of the supply chain and maintain a silo
view of the organizational structure.
• Partners may not “buy in” and fully invest in the collaboration effort.
• Partners may not sufficiently communicate with one another, leading to
potentially damaging effects.
• Partners may betray one another for selfish gains rather than stay steadfast
to the goal of collective gains.
 COLLABORATION AND IT
The effects of the financial benefits are reverberated throughout the supply chain and easily
measurable. The impact of the non-financial benefits, though more subtle and often difficult
to measure, are just as important, as they drive revenue growth. Non-financial gains include:
• Faster speed to market of new products
• Stronger focus on core competencies
• Enhanced public image
• Greater trust and interdependence
• Increased sharing of information, ideas, and technology
• Stronger emphasis on the supply chain as a whole
• Improved shareholder value
• Competitive advantage over other supply chains
 IT SECURITY: A SUPPLY CHAIN ISSUE
With varying levels of relationships and information sharing within supply chains,
especially at the strategic level, greater importance must be placed on information
security. It has been suggested that securing information in the supply chain demands
more attention than it currently receives. In fact, Lee and Whang (2000) consider
identifying the amount of information that can be exchanged between supply chain
partners without increasing the risk of exploitation to be one of the most challenging
and frequently asked questions of the day.
The impact of IT security incidents to IT enabled supply chains became evident as we
analysed the results of several industry surveys conducted to assess the impact of
worldwide computer virus events over the past two years. A number of organizations
specifically commented on various impacts to their supply chain operations after
partners were infected. Several examples of participant comments following four
well-known viruses are included in following Table-
 SQL Slammer, January 2003
“The worm took down two of our data exchange partners.”
“A large part of the impact for us was related to the loss of access to our external trade
partners/ customers.”
Blaster, August 2003
“We were infected when a vendor hooked up his laptop to our network.”
“We were infected by a 3rd party on our network.”
“We got the worm through unpatched customer PCs.”
MyDoom, January 2004
“Our customers and suppliers sent it to us.”
“It originally came in from a partner who we have a direct connection with.”
Sasser, May 2004
16% of participants infected reported a disruption of key corporate computing functions
(payroll, inventory, manufacturing, etc.)
14% of participants infected reported a disruption of partner network connectivity.
 SUPPLY CHAIN RISK
• The potential occurrence of an incident associated with inbound supply from
individual supplier failures or the supply market, in which its outcomes result in the
inability of the purchasing organization to meet customer demand or cause threats
to customer life and safety.
• The key elements of this definition are the identification of sources of risk and their
associated threats. Christopher and Peck (2004) identify five areas that are
potentially vulnerable in supply chains:
• processes, controls, demand, supply, and environment.
• These vulnerabilities fall within three risk categories:
• organizational,
• network, and
• environmental.
 SUPPLY CHAIN RISK

Organizational risks Network risks Environmental risks

• Organizational risks are those found • Network risks occur due to • Environmental risks, the most
entirely within the boundaries of an interactions between organizations encompassing category, can affect the
organization; these risks include labor, linked in a supply chain. four prior sources of risk within their
production, and IT system Organizations must procure materials root categories. They are any
uncertainties. The most common from upstream suppliers and sell uncertainties that occur as a result of
types of organizational risks are finished goods through a distribution an interaction between supply chain
process and control risks. Disruption network. Unexpected events may participants and the environment.
to the execution of these processes is occur during acquisition, Environmental risks could result from
known as process risk. transportation, and employment of socio-political actions, accidents, or
Misapplication or misuse of these goods and services that negatively acts of God
controls is known as control risk. affect an organization’s ability to serve
its customers.
 IT SECURITY THREATS
• The National Institute of Standards and Technology (NIST) defines three basic components
of an IT system interconnection: two IT systems and an interconnecting ‘pipe’ through
which information is made available.
• IT risk is defined as the product of the frequency of potential threats, the likelihood of their
success, and their impacts to the organization. Categorizing IT threats from both the IT and
SCM literature resulted in the selection of six general IT security threat categories.
• Malicious Code and Programs
• Malicious Hacking & Intrusion Attempts
• Fraud and Deception
• Misuse and Sabotage
• Errors and Omissions
• Physical and Environmental Hazards
 IT SECURITY VULNERABILITIES
• The likelihood that any threat will be successful is largely dependent on the
vulnerability of an organization’s IT assets, including systems, software,
information, personnel, and equipment. .
• If no vulnerabilities are present, the likelihood of a threat’s success is zero
and thus IT risk is eliminated. Unfortunately, it is difficult and cost-
prohibitive, if not impossible, to eliminate an organization’s vulnerability to
all IT threats.
• Therefore, the aim of IT risk management is to minimize vulnerability by
implementing managerial, operational, and technical controls in an efficient
and effective manner and, in the event that IT security control measures are
not effective, to mitigate the negative consequences to the firm.
 IT SECURITY IMPACTS

• The practice of IT risk management has traditionally classified these impacts in

terms of loss or degradation of any of the following primary security goals:
confidentiality, integrity, and availability.
• Confidentiality requires that information be secure from unauthorized disclosure,
• while integrity refers to its reliability and protection from improper modification.
• The goal of availability mandates that IT systems, interconnections, and
information remain accessibly and uninterrupted.
• With these IT system impacts come numerous secondary and downstream
consequences that ripple not only through the organization in which they originate
but the entire supply chain.
 IT SECURITY & SUPPLY CHAIN RISK

• Smith, Watson, Baker, and Pokorski (2006) incorporated these informational

linkages (information flows between and within organizations)and establish
a full categorical identification of supply chain risk sources.
 GENERAL RECOMMENDATIONS
• The recommendations offered here are of a general nature, applicable and serviceable to most
firms operating in a modern IT-enabled supply chain:
• The open and seamless lines of communication that often exist between supply chain partners
tend to have a leveling effect on the IT security posture of all involved. Treat interconnected IT
systems as a “special case” of the untrusted network. Audit and protect it accordingly.
• Before integrating IT systems and begin collaborating, plan diligently and only share the
minimum assets necessary to achieve a goal.
• Audit supply chain partners before, during, and after establishing a collaborative relationship.
• Have a detailed contract (as opposed to just a policy) that clearly spells out the duties partners
owe one another. These duties include personnel responsibilities and accountabilities, corrective
action plans, enforceable provisions for restitution, and so forth.
• Trust is extremely critical within the supply chain, and it should not be a transferable property.
Make ardent strides to limit the downstream exposure of sensitive assets and systems.
• Do not fixate solely on threats entering the organization via IT interconnections. Do not neglect
the physical, human, and social dimensions of risk.
 Chapter VIII
The Use of Collaboration Tools in Supply Chain: Implications
and Challenges
 SUPPLY CHAIN COLLABORATION
The supply chain environment today is a collaborative business environment in which
the members of supply chains are interlinked with each other. Hence the
collaboration extends in supply chains to inter- and intra-enterprise applications.
Collaboration in Supply Chain context is :
• Networking refers mainly to exchanging
information for mutual benefit,
• Coordination in this respect includes networking
and goes a step further by including the
alteration of activities in order to achieve a
common purpose, and
• Cooperation steps further in that it shares the
resources.
• Collaboration can be seen as an overarching
Collaboration as an umbrella term
term that encapsulates and enhances the
capacity of another organization and vice versa
 NEED FOR COLLABORATION TOOLS

• High importance as the competitive advantage remains in linking all trading

partners to ensure the timely delivery of goods and services to the final consumer
efficiently and effectively
• For successful collaborations by taking measures based on behavioural changes;
increase in long-term financial success; economic value, shareholder value, and
organizational capacity; increase in performance levels; and on how well
collaborations across organizations are managed and monitored
• To solve the problem of information distortion even after creation of interfaces for
integration of heterogeneous IT systems within the multiple
independent/interdependent organizational units of SCM
• Collaboration tools used for IT management in SCM will bridge the technological
and organizational gaps between its participants. This development in return
would ease the IT and information transfer and its dissemination
 ROLE OF E-BUSINESS TECHNOLOGIES
• The new forms of collaborations are a response to global competition and the
strategic need of supply chains and their ability to generate collaboration through
the use of the following characteristics can be summarized as :
• Systems and channel integration, which leads to the empowerment of supply chain
participants as they can use a common database that is available to larger
constituencies. Thus, this can enable the compression of time-to-market, while
enhancing the speed of response to the final customer.
• Openness and transparency, which can be achieved through low-cost connectivity
between the supply chain participants. Infrastructures without expensive
investments such as the use of Internet-mediated applications lead to use of
collaboration tools. However, the initial investments to upgrade the systems and
learning activities, and resistance to change towards the new application became
main problems at the initial stage of implementation.
 ROLE OF E-BUSINESS TECHNOLOGIES

• Explicit cooperation between wealth-creating agents—The supply chain members,

shareholders, employees, and external publics need to contribute resources to the
successful running of the business over a longer term.
• Learning process and effort is needed to assimilate and/or internalize the
transferred knowledge through collaborations. Learning also includes the sharing
of knowledge, which is linked to embrace a collaborative relationship built on trust.
This constituted a problem as “after many years of operating in a system in which
trust was the last thing that they expected”.
• Knowledge transfer needs to be considered in some cases of collaboration wherein
the knowledge is not easily replicable and transferable(Kessler et al., 2000). The “
stickiness ” nature of the valuable knowledge demands time, effort, and cost to
transfer.
 LEVELS OF COLLABORATION

Level 1 : Supply Chain Level 2 : Strategic Business Unit (SBU) Level 3 : Individual Employee Level
At this level collaboration between At this level the knowledge is At this level the individual employees or

•
and within the SCM takes place. incorporated into an organization’s members save time through the use of
SCM Collaborations
headquarters receivesoffer
real- many
businessvalue-added capabilities
unit by integrating to the supply
across collaboration chain.
tools when The and
transferring
impact
time updates on of use ofcross-
day-to-day collaboration tools canThebefocus
functional departments. described at threeinformation
is on transmitting levels: and associated
functional operations. This continually using technology to improve knowledge. As the information can be easily
information can be distorted unless efficiency and support existing business attained, the employees or members can
there is an integrated system processes. Competitive advantage is react and respond to an incident quickly and
between the participants and achieved through the integrated links with independently, as the system can give the
common strategic intent between its suppliers and customers in the logistics information and the employees or members
entities. and purchasing functions. The do not need to wait for other individuals to
compatibility of collaboration here stems complete the task at hand. Thus, trust and
from the close relationship between the empowerment have become the key
cross-functional departments. components of collaboration.
LEVELS & IMPACT OF THE COLLABORATION
TOOLS
 CASE STUDY – AUTOMOTIVE SECTOR
• Purpose : To examine the impact of two collaboration tools/e-business
applications namely extranet and B2B in an automotive SCM strategic
business unit.
• This collaboration was studied retrospectively as the collaboration took
place between the SCM and its 12 national suppliers.
• This procurement collaboration stems from two main stages.
• The first stage involved the installation and updating of the current
equipment and software for the local company to facilitate its operation.
• The second stage incorporated the training of the employees of the
suppliers.
 DATA COLLECTION & RESEARCH

Data Collection Objectives

1) four-and-a-half months of participant 1) The set of reasons behind the
observation over two projects, emergence of collaborations in the
2) 10 hours of semi-structured interviews, automotive sector
3) 30 individually taken interviews, 2) The motivations behind the
4) official meeting notes, and document receptiveness of the supplier and
analysis original equipment manufacturer
5) The formal semi-structured interviews were (OEM) towards investments in
carried out with eight interviewees and collaborative tools.
lasted for between one and two hours. 3) What has persuaded the supplier to use
These interviews were taped and the collaborative tools?
transcribed, then entered into N6 software 4) In what respect do the new forms of
for analysis. These interviews were partnerships reflect the concept of
conducted during and after the participant collaboration?
observation, in order to ascertain that the 5) What are the key benefits and
issues were covered adequately. limitations to collaboration?
 DISCUSSION

• The differences at each level can also cause distortion at collaboration levels.
Similarly this conflict was found on the statements of SCM employees :
• “One of the limitation was the technical restructuring of our existing relationships
with suppliers/distributors.”
• “Suppliers who participated in this network needed also new investment.”
• “The setting up of a new collaboration tool created a need for standardization of
workflow, structure.”
• “The change happened at supply chain level, meaning from the initial supplier to
initial customer.”
• “Each employee needed to acquire new skills, knowledge.”
 RESULTS
Level 1 Level 2 Level 3
Multinational Corporation Strategic Business Unit (SBU) Individual
(SCM)
Scope  An integrated supply chain,  The interdependency resulted  Function orientation rather than
What does it meaning from initial supplier to in the bargaining power of SCM individual capabilities and
include? the final customer, was creating complications in areas learning capabilities
introduced as the vision of the of trust, commitment to change assessment
SCM  Cross-functional department  Gaps are defined by SCM and
 The involvement of SCM as participation SBU level rather than at
coordinator role individual level
 Control mechanism was at  Difference in strategic goal
SCM level attainment

Focus  Enables real-time information  Supports the strategic business  Suppliers, employees in the
What is the sharing within and between unit strategy process are overloaded with
main purpose SCM members  Additional resources and work, resulting in high pressure
of the  Reduces the control points competencies needed (i.e., the  Transferability problems: it is
collaboration?  Condenses the time-to- market employees in some instances not possible to transfer different
period needed to fulfill two job tasks to different employees, as
 E-business applications have descriptions for a smooth this would require additional
been used as a backbone for change process) time, training, and investment
collaborative planning
 Level 1 Level 2 Level 3
Multinational Corporation Strategic Business Unit Individual
(SCM) (SBU)

Levers  Technological  Change of internal workflows  People, distinctive knowledge

What is the infrastructure and sub-processes sharing limits to a certain employee
extent of the  Organizational  New job descriptions and or group of employees
impact of this infrastructure tasks  Confidentiality, how to create
collaboration?  New ways of operating/  Different level of impact on transparency without losing the
introducing different departments competitive edge in line with
product/service to market depending on the need for intellectual capital and relationships
sophistication of e-business
applications

Enhancements  Revenue, customer  Strategic business unit  Depending upon individual

What are the service, and existing coordination support employee and tasks
benefits of this business enhancement  SBU can also control and  Employees are empowered
collaboration?  Overall attainment of supervise the through the visibility and
control throughout the supplier/distributor base attainability of the data and related
supply chain information whenever needed
 Enhancement at individual level
depends on the individual
employee capabilities and learning
capacity
 CONCLUSION

• The case study in this collaboration enabled an in-depth insight into its
characteristics, such as
• technological capability and competence of supplier,
• suppliers’ level of independency or interdependency,
• openness of processes in line with confidentiality.

• The case study also introduced a three-stage approach, wherein to achieve

a smooth transition towards collaboration, the transition should include the
three levels from the SCM level to SBU level to individual level and strive to
create a common aim /strategic goal at each level.
 Chapter IX
Experience Management, Negotiation and Trust in E-Supply
Chains
 Experience Management

The experience processing mainly consists of the following process stages

• Discover experience • Adapt experience

• Capture, gain, and collect experience • Reuse experience
• Model experience • Transform experience into knowledge
• Store experience • Use experience-based reasoning
• Evaluate experience • Maintain experience
 Framework to manage customer experience

• Analyzing the experiential world of the customer

• Building the experiential platform
• Designing the brand experience
• Structuring the customer interface
• Engaging in continuous innovation
Integration of Experience Management with
experience processing
 Negotiation in E supply Chain

• Negotiation in e-SC is a process where two parties (customers and suppliers)

bargain resources for an intended gain
• In order to adequately support customers, an e-SC system should possess
negotiation capability
• The approaches to negotiation in e-SC can be classified into two classes:
1. Cooperative approach
2. Competitive approach
 Stakeholders in Negotiation

• Buyer
• Buyer Manager
• Supplier
• Supplier Manager
• Seller Agent
 Advantages of Multi-agent System

• Multi-agent system approach provides a suitable architecture for rapid and

agile response to any event
• MCNES is scalable, as there is no overall controller
• Each organization in the chain or network will have its own agent
management structure
Framework of Trust in E supply chain
Management
 Trust in E supply Chain

• Trust can be grouped into six conceptual paradigms shown in the table below
• Reliability: Time and experience are critical elements in evaluating trust
• Competence: Experience and wisdom displayed by partner
• Goodwill (openness): Confidence you can share information or problems with the
other party
• Goodwill (benevolence): Accepted duty to protect the rights of your partner
• Vulnerability: Being unprotected or exposed while including an element of
uncertainty or risk
• Loyalty: A partner is not just reliable but performs well in extraordinary situations
 Chapter X
Trading E-Coalition Modelling
for Supply Chain
 E-Coalition

• The emergence of the Internet has brought an appropriate media to expand

markets and enable collaboration with partners in all stages of product
manufacturing, testing, and delivering through electronic commerce.

• Support for these collaborations over the Internet, called e-coalition

 CRUX

• An approach for e-coalition modeling

• A typical scenario of usage where e-coalitions involving a travel agency and
its partners for supplying flighttickets is considered
 BASICS OF SUPPLY CHAIN

• A production supply chain involves getting a smooth and efficient flow of

goods, services, and information from raw materials through to finished
goods in the hands of the ultimate customer
 Key supply chain activities

• Production planning
• Purchasing materials
• Management
• Distribution
• Customer service
• Traditional Supply-Push Model
• E-commerce Supply-Pull Model
 Electronic commerce Requirements

• Computing and communication platforms for end-to-end electronic transfer

of messages
• Electronicdata interchange (EDI) structures and protocols for common
understanding of messages between enterprises
• Enterprise models that reflect market activities, relationships among
partners, as well as coalition for supply chain
 EDI SYSTEM

• Electronic Data Interchange (EDI) is the electronic interchange of business

information using a standardized format; a process which allows one
company to send information to another company electronically rather than
with paper.
• Motivations of the first EDI system
• extend the business scope of enterprises
• Paper flow among partners and shorten time needed for transaction execution
 Methodology for Modelling
e-coalition and Processes

• An example of a transaction that involves electronic fund transfer is when a

traveler, usually from home, sends electronic information on the checking
account of a travel agency to purchase tickets.
• We present the different types of components, parts of chain supplies that
make up the trading community, before developing the model for
supporting their e-business relationships.
 Components of Supply chain

• Customer
• Supplier
• Bank
• Delivery
 Interacting Components
• Customers- families and individuals that make reservations for packages.
• A package has three elements:
• round-trip flight
• accommodation
• car rental
• Travel agencies- (TAs) that interact with customers, flight companies, hotels, and car rental
companies for travel arrangements
• Flight companies (FCs) for traveling
• Car rental companies (CRCs) for transportation at arrival;
• Hotels to provide accommodation;
• Banks for managing payments;
• Shipping companies (SCs) for delivering tickets.
 MODELING E-COALITION AND
e-BUSINESS PROCESSES
• Precisely one role is assigned to an activity. An agent will perform this role.
• A product can form an input to an activity, an output from an activity, or an
intermediate result of an activity.
• An agent is a model entity that performs roles in the trading community, therefore
carrying out activities.
• Competence is a model entity that defines the function a component must satisfy
before involvement in a coalition. A coalition involves several competences
• An event is a model entity that defines objects of any nature
• Enactment of an e-coalition allows establishing and maintaining trading
collaboration.
 A trading e-coalition
• Adopted and adapted from the organizational model (Tiako, 1999)
presented in Figure below, is composed of a name and relationships with
entities events, direction, tool, competence, and eventually its sub-
alliances.
 Validation of trading e-coalition
• A travel agency makes a B2B inquiry for booking flights.
• A flight company responds by performing a process for supplying tickets as follows.
• Activity Availability checks flight availability before performing Reject for rejecting the inquiry if there
is no flight.
• If available, Booking is performed to book flights and notify the travel agency. Tickets can then be
delivered to the travel agency electronically or by mail.
• Then activity Cash is started to send an invoice to the travel agency with the bank account to be
credited. Before closing the process, the flight company starts activity Flight to transport Traveler, for
a check-in and check-out will be necessary.
• The trading e-coalition coordinating interactions between the travel agency and the flight company is
defined as follows in Figure in the next slide.
• Activity Inquiry for asking prices and flights availability
• Notification for informing the travel agency to flights availability
• Ordering to order flights for the travel agency
• Confirmation to notify that flights are booked.
• The travel agency also makes
B2B inquiries to reserve
rooms for accommodation at
the destination.
• The basic process for
supplying a room and its
activities are defined in the
component Hotel of Figure
below. This process is about
the same as the one used by
the flight company to supply
tickets to the travel agency.
Thank you