Category Archives: Supply Chain

What You Need to Know About Supply Chain Risk

#3 in  series by Matthew Liotine, Ph.D. , Strategic Advisor, Business Intelligence and Operations, Professor University of Illinois

In our previous articles, we discussed how disruptions to a supply chain can originate from a multitude of sources. According to some current trends, it is apparent that there is continued rise in measured losses from disruptions such as natural events and business volatility. Traditionally, supply chains are designed for lean operational efficiency wherever possible, yet such efficiency requires the minimization of excess capacity, inventory and redundancy – the very things that are needed to create resiliency against disruptive risks. Risk assessment tools and methodologies help decision-makers to identify the most cost effective controls that can strike the right balance between cost and risk reduction to protect against disruption. Typically, the most cost effective controls are those that can minimize the common effects arising from multiple disruptive threats. In order to understand the kind of controls that could be effective, one must recognize the risk outcomes from common supply chain vulnerabilities, which is the focus of this article.

What is Risk?

Before continuing, it would be worthwhile to revisit some of the terminology that we have been using in previous discussion, in order to understand how risk is derived. Fundamentally, risk is the chance (or the probability) of a loss or unwanted negative consequence. For decision purposes, it is often calculated numerically as a function of probability and impact (sometimes called single loss expectancy), and quantitatively expressed as an “expected” loss in monetary value or some other units. A common flaw with using risk values is that they mask the effects of impact versus probability. For example, an expected loss of $100 does not reflect whether high impact is overwhelming low probability, or high probability is overwhelming low impact. Thus, it is not clear whether this value is the expected loss due to an event that occurs 10% of the time and causes $1000 in damages when it occurs, or due to an event that occurs 20% of the time and causes $500 in damages when it occurs. For this very reason, risk values must be used in conjunction with probability and damage values, along with many other metrics, in order for the decision maker to compare the one risk against another. Risk values are not precise and are usually not to be used as standardized values for business management. Nevertheless, risk values can be used to provide decision makers with a means to distinguish risks and control options on a relative basis. Figure 1 illustrates the fundamental parameters that are used to construct risk values, and how they relate to each other.

SC 3 graphic

Figure 1 – Fundamental Components of Risk

Hazards, conditions and triggers are situations that increase or cause the likelihood of an adverse event (sometimes referred to as a peril). In our last article, we examined numerous sources of hazards that can threaten a supply chain. Vulnerabilities are factors that can make a system, in our case a supply chain, susceptible to hazards.  They are usually weaknesses that can be compromised by a hazardous condition, resulting in a threat. The likelihood, or probability, of a threat circumstance occurring must be considered, for reasons discussed above. If it occurs, failures can take place, whose effects are quantified as impacts. When impacts are weighed against the likelihood of the threat, the result is a risk that poses an expected loss. Controls are countermeasures that a firm can use to offset expected losses.

With respect to a supply chain, there are many ways to classify risk. Academics have made many attempts to try to classify risks according to some kind of ontology or framework (Harland, Brenchley and Walker 2003) (Gupta, Kumar Sahu and Khandelwal 2014) (Tummala and Schoenherr 2011) (Peck 2005) (Monroe, Teets and Martin 2012) (Chopra and Sodhi 2004). Some of the more common supply chain risk classifications include:

Recurring risks – These risks arise within the operational environment due to the inability to match supply and demand on a routine basis. The ensuing effects are lower service levels and fill rates.

Disruptive risk – These risks result from loss of supply or supplier capacity, typically driven by some disruptive event.

Exogenous risk – These risks arise within the operational environment and are process driven (e.g. poor quality control, design flaws, etc.), usually within the direct influence of the firm. They typically require the use of preventive mechanisms for control.

Endogenous risk – These risks originate externally, either from the supply side or demand side, which may not necessarily be under a firm’s direct influence. They typically involve the use of responsive mechanisms for control.

While many classification attempts have been noble in nature, in the end it is difficult to classify risks according to a single scheme, for a variety of reasons. First, the lines of demarcation between risk categories can be blurred and there could be overlap between them. For example, from the above categories, one can easily argue about the differences between exogenous and recurring risks. Second, every firm is different, and thus one framework may not fit all. Finally, risk methodology approaches may differ somewhat across various industries, as evidenced by different industry best practices and standards for risk analysis.

Supply chains can exhibit many kinds of vulnerabilities, but quite often these can be viewed as either structural or procedural in nature. Structural vulnerabilities stem from deficiencies in how the supply chain is organized, provisioned and engineered. Single points of failure can arise when there is insufficient diversity across suppliers, product sources or the geographical locations of sources. Inadequate provisioning can create shortages in inventory or capacity to meet customer demands. Procedural vulnerabilities stem from deficiencies in business or operational processes. Gaps and oversights in planning, production or transport processes could adversely affect a firm’s ability to respond to customer needs. Insufficient supply chain visibility could render a firm blind to oversights in supplier vetting and management practices, quality assurance and control, or demand planning.

Such kinds of vulnerabilities, combined with an aforementioned hazardous condition, results in the supply chain failing in some fashion. Table 1 illustrates some of the more common modes of supply chain failure.

Table 1 – Common Supply Chain Failure Modes

Degraded fill rate

Degraded service level

High variability of consumption

Higher product cost

Inaccurate forecasts

Inaccurate order quantity

Information distortion

Insufficient order quantities

Longer lead times/delays

Loss of efficiency

Lower process yields

Operational disruption

Order fulfillment errors


Poor quality supplied

Supplier stock out


Ultimately, such supply chain failures result in increased costs, loss of revenue, loss of assets, or combination thereof. Common risks are typically assessed as increases in ordering costs, product costs, or safety stock costs. Product stock out losses can be assessed as backorder costs or loss of sales and business revenue. Different kinds of firms will be prone to different types of risks. For example, a manufacturing firm with long supply chains will be more susceptible to ordering variability (or bullwhip) types of effects versus a shorter retail supply chain which would be more sensitive to fill rate and service level variability. Understanding and characterizing these risks is necessary in order to develop strategies to control or manage them. Quantifying risks provides the decision maker with a gauge to assess risk before and after a control is applied, thereby assessing the prospective benefit of a potential control. Using quantified risk values, in combination with other parameters, enables a decision maker to prioritize potential control strategies according to their cost-effectiveness.


Risk is the chance or the probability of a loss or unwanted negative consequence. Inherent supply chain weaknesses such as sole sourcing, process gaps or lack of geographical sourcing diversity can render a supply chain more vulnerable to some hazardous, unforeseen condition or trigger event, such as a strike or major storm, resulting in undesirable increases in costs, asset loss or revenue loss. Such risks can be quantified to some extent, quite often in monetary units, and can be used to facilitate cost-benefit analysis of potential control strategies. In our next article, we will take a look some of the most favored strategies to control supply chain risk.


Chopra, S., and M. Sodhi. “Managing Risk to Avoid Supply-Chain Breakdown.” MIT Sloan Management Review, 2004: 53-61.

Gupta, G., V. Kumar Sahu, and A. K. Khandelwal. “Risks in Supply Chain Management and its Mitigation.” IOSR Journal of Engineering, 2014: 42-50.

Harland, C., R. Brenchley, and H. Walker. “Risk in Supply Networks.” Journal of Purchasing & Supply Management, 2003: 51-62.

Monroe, R. W., J. M. Teets, and P. R. Martin. “A Taxonomy for Categorizing Supply Chain Events: Strategies for Addressing Supply Chain Disruptions.” SEDSI 2012 Annual Meeting Conference Proceedings. Southeast Decision Sciences Institute, 2012.

Peck, H. “Drivers of Supply Chain Vulnerability.” International Journal of Physical Distribution & Logistics Management, 2005: 210-232.

Tummala, R., and T. Schoenherr. “Assessing and Managing Risks Using the Supply Chain Risk Management Process (SCRMP).” Supply Chain Management: An International Journal, 2011: 474-483.



The Nature of Supply Chain Risk

Contributed by Matthew Liotine, PHD

In our last article, we looked at the magnitude of the supply chain risk problem and how it is a major concern for most companies – large or small. Studies have shown that most companies experience one or few supply chain disruptions annually, each resulting in some significant loss. Many of these disruptions involve key suppliers or those below Tier 1. Never the less, many firms still lack commitment to controlling supply chain risk for the reasons of the costs and complexity involved. Consequently, many firms will tend to favor short term ROI solutions versus longer-term solutions that involve investing capital to improve both their supply chain infrastructure and operational resilience. Larger firms will manage risk more strategically using a combination of executive governance and/or data driven approaches. While operational data is increasingly becoming more available, much work is still needed in leveraging such data for strategic risk management. The nature of risk in the supply chain lies with a firm’s exposure to potential disturbances to the supply chain operation. Many of these disturbances can be manifested in various ways, usually in the form of single, multiple or recurring events, conditions or phenomena. In this article, we will examine what kinds of hazards, events or triggers can possibly compromise supply chain weaknesses and can ultimately threaten supply chain operations.

The Changing Nature of Threats

When one thinks about threats to a supply chain, natural disasters usually first come to mind. Figure 1 shows the trend in major U.S. disaster declarations as reported from the Federal Emergency Management Administration (FEMA, 2011). While it is clear that there has been a rising trend in declarations, the reasons may vary from the increase in severe weather events due to climate change, to political influences. Figure 2 shows a trend in worldwide natural catastrophes (Munich RE, 2014).

SC chart 1

Figure 1 – Trend in U.S. Disaster Declarations

SC chart 2

Figure 2 – Trend in Worldwide Natural Catastrophic Losses

As evident in the Figure, there’s an ever growing trend in measured losses. While natural catastrophes have been occurring since the beginning of time, their effects over the years have been more far reaching due to population growth and insurability trends. These trends, combined with human created disruptions, together have created an environment of increased volatility for supply chains, as depicted in Figure 3 (Martin & Howleg, 2011).

SC Chart 3

Figure 3 – Trend in Supply Chain Volatility

This Figure shows the annual volatility in a composite set of key business parameters such as exchange rates, interest rates, shipping costs and raw material prices. They are combined into a single volatility index using the coefficient of variation (CoV) of the business indices representing these parameters to produce a normalized volatility metric. While in the far past there has been a timely return to supply chain stability following adverse events, the recent increase in volatility bandwidth questions whether this trend would likely continue. The high collective swings (versus individual swings) in key business parameters, which may be correlated with each other, suggests that an alternative approach to designing supply chains and managing supply chain risk might be preferred.

Volatility can arise from many possible undesirable hazards, conditions or trigger events. The likelihood of such events compromising a supply chain’s vulnerability is regarded as a threat. Table 1 lists categories of possible threat sources and examples within each category. The list was compiled from several studies and is not meant to be all-inclusive (Tummala & Schoenherr, 2011) (World Economic Forum, 2012) (Accenture and World Economic Forum, 2013) (Chopra & Sodhi, 2004).


Table 1 – Supply Chain Threat Sources


  • Natural disasters
  • Terrorism and wars
  • Labor disputes/shortage
  • Single source of supply
  • Insufficient supplier capacity or responsive
  • Extreme Weather


  • Capacity inflexibility
  • Capacity cost increase
  • Geographical concentration
  • Insufficient capacity

Information System

  • Over-reliance on systems
  • Information infrastructure outages
  • Insufficient system/network integration
  • Incompatible IT platforms
  • Unavailable data/information
  • Inaccurate data/information

Sovereign Regional instability

  • Conflict & political unrest
  • Government regulations
  • Loss of control
  • Intellectual property breaches
  • Corruption
  • Export/import restrictions
  • Illicit trade & organized crime
  • Ownership/investment restrictions

Strategy & Operations

  • Lean processes

  • Frequent changes in demand
  • Sudden unforeseen demand surges/dips

Process Design changes

  • Communication gaps
  • Inaccurate specifications
  • Supplier non-compliance

Procurement Unqualified supplier

  • Inflexibility of supplier
  • Poor supplier quality or process yield
  • Supplier insolvency
  • Rate of exchange
  • Flawed supplier’s sourcing
  • Commodity price volatility
  • Global energy shortages
  • Lack of supplier transparency

Transportation Paperwork and scheduling

  • Strikes
  • Port capacity/congestion
  • Higher costs of transportation
  • Piracy
  • Infrastructure failures
  • Excessive handling
  • Custom clearances at ports
  • Border delays
  • Transportation breakdowns

Structural Fragmentation along the supply chain

  • Extensive subcontracting
  • Dependency on a single source of supply
  • Extensive outsourcing
  • Extensive offshoring
  • Product/supply network complexity



The Changing Course in Risk Management

Many supply chains are designed under the assumption of operating in stable environment (Martin C. H., 2011). While approaches such as Just-in-Time (JIT) and product-focused production are designed to minimize variation, maximize efficiency and ultimately reduce costs, they require a more rigid command-control management strategy which may not necessarily respond well in a volatile environment. In addition, the effects of volatility can be further amplified in a rigid supply chain that lacks resiliency. Building supply chain resiliency may counter the notion of an efficient operation, since it requires the addition and re-allocation of capacity, inventory and other resources that could serve as shock absorbers to withstand disruption. Since these controls will entail added costs, the use of a risk analysis methodology would be an effective tool in helping firms identify, evaluate and prioritize the most cost-effective risk-control options. It was clearly evident in Table 1 that there can be numerous sources of threats to a supply chain. However, since many threats can have similar outcomes on a supply chain operation, control options can be devised using an “all hazards” philosophy, which entails implementing controls to minimize the common effects of multiple threats or threat categories.


Supply chain disruptions can arise from many sources, both natural and man-made. Current trends indicate a continued rise in measured losses from natural events and increased business volatility in response to man-made events. Traditional supply chain structures designed for operational efficiency may not necessarily be able to withstand disruptions arising from numerous threat sources. Creating a more resilient supply chain may require the use of risk assessment tools and methods to help decision-makers identify the most cost effective controls that could minimize the common effects arising from multiple threats. In the next article, we will examine some common supply chain vulnerabilities and their ensuing risks.


Accenture and World Economic Forum. (2013). Building Resilience in Supply Chains. Accenture.

Chopra, S., & Sodhi, M. S. (2004). Managing Risk To Avoid Supply-Chain Breakdown. MIT Sloan Management Review, 46(1), 53-61.

FEMA. (2011). Democratic Blog News. Retrieved from

Martin, C. H. (2011). Supply Chain 2.0: Managing Supply Chains in the Era of Turbulence. International Journal of Physical Distribution & Logistics Management, 41(1), 63-82.

Martin, C., & Howleg, M. (2011). Supply Chain 2.0: Managing Supply Chains in the Era of Turbulence. International Journal of Physical Distribution & Logistics Management, 41(1), 63-82.

Munich RE. (2014, January). Topics Geo: After the Floods. Munchen: Munich RE.

Tummala, R., & Schoenherr, T. (2011). Assessing and Managing Rrisks Using the Supply Chain Risk Management Process (SCRMP). Supply Chain Management: An International Journal, 16(6), 474–483.

World Economic Forum. (2012). New Models for Addressing Supply Chain and Transport Risk. World Economic Forum.

How Real a Problem is Supply Chain Risk?

by Matthew Liotine, PHD

Operations Management and Planning Expert

 Professor at University of Illinois

 Amick Brown Strategic Advisor

Risk is a pervasive force in business, and consequently, in the supply chain operations that are necessary to support business. Supply chains will always be exposed to some level of risk, and thus firms must have the ability to manage and live with continuous risk. Despite the plethora of adverse events that have occurred around the world in the past ten years, the nature of supply chain risk has not really changed. Such risk can be very complex in nature, but invariably, most risk is linked to the possibility of some level of disruption in the supply chain. A disruption is created when some kind of interruption occurs and ends when operations are restored as they were prior to the disruption. Depending on the type of disruption, effects can be usually interpreted in many ways such as time, cost, unserved demand, financial and reputational damages.

Supply chain disruptions indicate that there is a problem and that existing plans and operations require some kind of improvement. To specify any kind of improvement, a firm must understand the root causes of disruption and develop measures to reduce either the likelihood of the disruption or its impact. In this article, we will explore the extent of the problem of risk in today’s supply chain. This article is the first of a series of articles in supply chain risk – in future articles we will explore the definition and sources of risk in the supply chain, the current best practices that deal with this problem, the process of analyzing risk in the supply chain, and forward looking approaches on identifying and controlling such risk.

supply chain icons

How big is the problem?

The supply chain risk problem is widespread.

  • More than 80% of companies are now concerned about supply chain resilience (World Economic Forum 2013).
  • 76% of companies surveyed had experienced a supply chain incident that caused disruption to their organization (The Business Continuity Institute 2014).
  • In 23% of the organizations, the cost of a disruption was more than $1.4 million
  •  80% of the respondents reported at least one supply chain disruption in a single year, while 42% experienced 1 to 5 disruptions per year (Alacantra 2015).
  • 52% of organizations reported having at least 21 key suppliers and 50% of the disruptions involved a supplier below Tier 1.
  • 75% of the firms studied do not have full supply chain visibility and 34% did not even record supply chain disruptions in 2014.
  • 32% of the firms showed little or no commitment towards improving supply chain resilience and 53% did not even validate supplier assurance.
  • 72% of participants did not even bother to assess supply chain vulnerabilities (IBM 2012).

The reason for this kind of neglect is rooted in the traditional clash between profitability and the costs of preparedness. In one study, 47% of procurement decision makers identified the most important key process indicators (KPIs) as being all cost related, with realized cost savings as the most important  (Xchanging 2015). The respondents also reported that preparedness and resiliency to manage risks and disruption can constitute about 20% of costs. In general, most firms will try to manage risk from two distinct perspectives, using either strategic risk management or more tactical, field level practices, or both. Larger companies with greater revenues are more sensitive to risk and liability, and invest in more sophisticated enterprise-wide risk governance programs to manage risk from a strategic perspective. Some of the available approaches used for strategic risk management include using an executive level risk board to govern enterprise risk, a shared risk registry or online database, a real time dashboard or control mechanism, or a supply chain risk management plan (University of Maryland 2010). While about half of major firms employ these approaches, less than 20% of smaller companies use them. Studies have shown that only 50% of companies have written business continuity plans and only 41% have a recovery plan to rebound after a major disaster (Travelers May 2015).

Where are the deficiencies?

A key deficiency highlighted in the aforementioned studies was a lack of collaboration between firms and key suppliers (University of Maryland 2010). Nearly half of the companies surveyed did not use any collaborative platforms and less than a third did not joint monitor disruptions. In fact, the study showed that firms tend to collaborate more with their customers than suppliers in regards to monitoring and reporting disruptions. While part of the problem are time and costs, as alluded to earlier, enterprise risk management also involves risk identification and quantification, which requires the use of empirical data. It is evident that many firms will favor information sharing with customers versus suppliers. Enterprise Resource Planning (ERP) Systems can provide a foundation for obtaining operational data that can be utilized to gauge supplier risk. However, even with such data, the ability to utilize it for the purposes of strategic risk management is lacking. There has been much research into the nature of supply chain risk, but little in evaluating strategic risk in complex supply chains, since supply chains have grown increasingly complex and dynamic due to product variety and complexity, technology, e-business, globalized outsourcing, among other factors. Altogether, there is still a need for methodologies and tools to aid firms in evaluating and managing strategic supply chain risk.

supply chain light bulb


It has been established that concerns about supply chain risk not only still persist, but are ever growing due to the changing nature of supply chains. Several industry studies have made the following evident:

  • Supply chain risk is a major concern for most companies, large and small;
  • Most companies experience one or a few supply chain disruptions annually, each with a significant loss;
  • Many disruptions involve key suppliers or those below Tier 1;
  • Many firms still lack commitment to controlling supply chain risk for the reasons of the costs and complexity involved;
  • Larger firms will manage risk more strategically using a combination of executive governance and/or data driven approaches;
  • While operational data is increasingly becoming available, there is yet much work to be done in leveraging such data for strategic risk management.

In the next article, we will discover what supply chain risk really means, and the leading threats giving rise to supply chain vulnerability.

Please Join the Discussion by Replying Below


Alacantra, Patrick. Supply Chain Trends: Past, Present and Future. The Business Continuity Institute, 2015.

IBM. IBM Index Reveals Key Indicators of Business Continuity Exposure and Maturity. IBM Global Technology Services, 2012.

The Business Continuity Institute. Supply Chain Resilience 2014 – 6th Annual Survey. The Business Continuity Institute, 2014.

Travelers. Travelers 2015 Business Risk Index: Findings from a Survey of U.S. Business Risk Decision Makers. Travelers Insurance, May 2015.

University of Maryland. Assessing SCRM Capabilities and Perspectives of the IT Vendor Community: Toward a Cyber Supply Chain Code of Practice. University of Maryland, Robert H. Smith School of Business, 2010.

World Economic Forum. Buidling Resilience in Supply Chains. World Economic Forum, 2013.

Xchanging. Xchanging 2015 Global Procurment Study. Xchanging, Inc., 2015.