IJLM

16,1 Supply chain risk management

Understanding the business requirements
from a practitioner perspective
120 Uta Jüttner
Cranfield School of Management, Cranfield University, Cranfield, England, UK

Abstract
Purpose – This paper seeks to understand business requirements for supply chain risk management
(SCRM) from a practitioner perspective.
Design/methodology/approach – Based on the findings from an exploratory quantitative survey
and qualitative focus group discussions with supply chain managers, some issues of SCRM are
derived and structured along the three conceptual levels of “philosophy”, “principles” and “processes”.
Findings – The survey showed that 44 per cent of all eight responding companies expect the
vulnerability of their supply chains to increase in the next five years. However, the concept of SCRM is
still in its infancy.
Originality/value – The paper contributes to our knowledge on SCRM by presenting the business
requirements from a practitioner perspective and by deriving a structure for an integrated approach to
SCRM which can guide further research.
Keywords Supply chain management, Risk management
Paper type Research paper

In recent years the widespread disruptions caused by fuel protests, and then by foot
and mouth disease in the UK, by terrorist attacks and the threat of weapons of mass
destruction in the USA, or by the SARS outbreak in China, Hong Kong and Canada
have transformed perceptions of security across supply chains, and have underlined
their vulnerability. In our technology-entwined global marketplace, an earthquake in
Asia can seriously disrupt business in North America or Europe. In the case of Daimler
Chrysler, it was Hurricane “Floyd” which flooded a plant producing suspension parts
in Greenville, North Carolina. As a result, seven of the company’s other plants across
North America had to be shut down for seven days (McGillivray, 2000). Similarly,
Toyota was forced to shut down 20 of its 40 assembly lines for six weeks following a
fire at its brake-fluid proportioning valve supplier. The costs caused by the disruption
were an estimated $40 million per day (Nelson et al., 1998). In the UK, the insolvency of
chassis manufacturer UPF Thompson at the end of 2001, had sudden and serious
impacts upon its major customer, Land Rover, which faced the possibility of having to
suspend production of the discovery (Jennings, 2002). More recently, the ten-day
shutdown of 29 ports in the US is reputed to have cost the US economy $1 billion a day.
Moreover, because vulnerable Japanese car manufacturers such as Toyota and Nissan
had to halt production, business analysts have predicted that East Asia would have
The International Journal of Logistics slipped into a recession had the dispute gone on for any length of time (Simpson, 2002).
Management
Vol. 16 No. 1, 2005
pp. 120-141 The research reported in this paper is part of a wider UK government-funded programme of
q Emerald Group Publishing Limited
0957-4093
research into Supply Chain Risk and Resilience, undertaken by Cranfield School of Management
DOI 10.1108/09574090510617385 for the Department for Transport (www.cranfield.ac.uk/som/scr).
 These examples demonstrate vividly that a disruption affecting an entity anywhere Supply chain
in the supply chain can have a direct effect on a corporation’s ability to continue risk management
operations, get finished goods to market or provide critical services to customers.
Modern supply chains are very complex, with many parallel physical and information
flows occurring in order to ensure that products are delivered in the right quantities, to
the right place in a cost-effective manner. Consequently, some authors have suggested
that supply networks may be a more accurate term than supply chains (Christopher 121
et al.., 1997). It has also been suggested that the drive towards more efficient supply
chains during recent years has resulted in the supply chains becoming more vulnerable
to disruption (Christopher and Lee, 2004; McGillivray, 2000; Engardio, 2001).
Although awareness is increasing among practitioners, the concepts of supply
chain vulnerability and its managerial counterpart supply chain risk management
(SCRM) are still in their infancy. Many companies have recognised the need to conduct
formal risk audits and to seek to manage that risk but the definition of risk is usually
fairly limited. At an academic level there has emerged a growing body of research into
risk from a number of different perspectives, for example: economics (Kahnemann and
Tversky, 1979; Tversky and Kahnemann, 1992), finance, strategic management (Bettis
and Thomas, 1990; Simons, 1999) and international management (Miller, 1992; Ting,
1988). In addition, more recently a number of contributions are addressing risk
management from a logistics perspective by looking at the single organisations’
inbound and/or outbound vulnerabilities (Svensson, 2000, 2001, 2002; Johnson, 2001;
Zsidisin and Ellram, 1999; Zsidisin et al., 2000). However, a research gap still exists for
investigating risk management with a systemic supply chain perspective and in
identifying important issues of SCRM from a practitioner perspective. Hence, the
purpose of this paper is to fill this gap by understanding the business requirements for
SCRM. Based on the views and experiences expressed by supply chain practitioners in
an exploratory survey as well as focus group discussions, our objectives are: first, to
identify the extent to which organisations are adopting practices to manage risks in
their supply chains; second, to explore the critical issues of supply chain risk
implementation as perceived by the practitioners, and third, to derive and structure the
overarching issues in SCRM. The paper begins with a proposed clarification of the
concept of SCRM and its characteristics. An explication of the research project and
methodology applied follows. Next, the findings are analysed and, finally, the main
issues are derived and structured along the three conceptual levels of SCRM, namely
“philosophy”, “principles” and “processes”. By contrasting the view that emerges from
the fieldwork with the conceptualisations in the literature, we will synthesise the
findings and elicit the overarching issues in SCRM.

Risk management in a supply chain context

Although much discussion on risk awareness, risk management, business continuity
planning and disruption handling can be found in the literature, the basis of most of
this literature is in single organisations. Applying the knowledge gained from a single
company perspective to a supply chain context must be limited because it does not
reflect a supply chain orientation. According to a literature review by Mentzer et al.
(2001), there seems to be a consensus that a supply chain at its simplest degree of
complexity comprises three entities: a company, a supplier and a customer directly
involved in the upstream and downstream flows of products, services, finances and
IJLM information. A key characteristic of supply chain management is the coordination of
16,1 activities between these interdependent organisations and can hence be defined as “the
management of upstream and downstream relationships with suppliers and customers
in order to create enhanced value in the final market place at less cost to the supply
chain as a whole” (Christopher, 1992). Therefore, any approach to managing risks from
a supply chain perspective must have a broader scope than that of a single
122 organisation and provide insights regarding how the key processes have to be
performed across at least three organisations. However, supply chains should not be
thought of as a single organisational entity. Instead, it should be recognised that
coordination and joint effort rely on dependency, bargaining, negotiation and
persuasion across organisation borders and is inhibited by goal incongruence.
An example illustrating the differences between a single company perspective and a
supply chain perspective is the risk analysis process. Identifying and assessing likely
risks and their possible impact on operations is a complex and difficult task for a single
organisation. However, to assess vulnerabilities in a supply chain context, companies
must not only identify direct risks to their operations but also the risks to all other
entities as well as those risks caused by the linkages between the organisations. Gilbert
and Gips (2000) emphasise that while it may be feasible to assess risks at a supplier’s
supplier, it gets less practical and more expensive to analyse the exposure of a supplier
of a supplier. Similarly, Harland et al. (2003), who conducted four case studies in the
electronic sector, came to the conclusion that in the supply chains examined, less than
50 per cent of the risk was visible to a focal company.
With the supply chain as our specific context, we also need to clarify the nature of
risks in the supply chain. Despite a lack of a generally accepted definition of risk (Baird
and Thomas, 1990, p. 26), within its classical concept risk is most commonly conceived
as reflecting “variation in the distribution of possible outcomes, their likelihood’s, and
their subjective values” (March and Shapira, 1987, p. 1404). Risk in the supply chain
centres around the disruption of “flows” between organisations. These flows relate to
information, materials, products and money. They are not independent of each other
but are clearly connected. A key feature of supply chain risk is that, by definition, it
extends beyond the boundaries of the single firm and, moreover, the boundary
spanning flows can become a source of supply chain risks.

Supply chain risk sources

Supply chain risk sources (Figure 1) are any variables which cannot be predicted with
certainty and from which disruptions can emerge. From an inter-organisational supply
chain understanding, Mason-Jones and Towill (1998) suggested five overlapping
categories of supply chain risk sources: environmental risk sources, demand and
supply risk sources, process risk sources and control risk sources. However, we
distinguish between environmental, supply and demand risk sources on the one hand,
and processes and control mechanisms as a risk amplifier or absorber on the other.
Environmental risk sources comprise any external uncertainties arising from the
supply chain such as disruption caused by political (e.g. fuel crisis), natural (e.g. foot
and mouth outbreak, fire, earthquake) or social (e.g. terrorist attacks) uncertainties.
Compared with external, environmental risk sources, demand and supply sources
are internal to the supply chain. Supply risk is the uncertainty associated with supplier
activities and in general supplier relationships, i.e. “the transpiration of significant
 Supply chain
risk management

123

Figure 1.
Supply chain risk sources

and/or disappointing failures with inbound goods and services” (Zsidisin et al., 2000).
Similarly, demand risk is any risk associated with the outbound logistics flows
(Svensson, 2002) and product demand, which can be caused either by inbound
disruptions or, e.g. by seasonality, volatility of fads, new product adoptions or short
product life cycles (Johnson, 2001). Environmental risks can cause supply or demand
risk for the supply chain, which means that the three sources overlap. For example, a
fire caused by lighting in a supplier factory will trigger a supply risk for all parties
further down in the supply chain. A number of empirical and conceptual studies
investigating supply and/or demand risks from the dyadic perspective of the
relationship between a focal company and/or its supplier/customer have been
published (Kraljic, 1983; Smeltzer and Sifert, 1998; Zsidisin et al., 2000; Lamming et al.,
2001) From our supply chain perspective, supply and demand risks describe the
direction of potential disruptive effects (from supplier of raw materials to the end
consumer or vice versa) and are not restricted to dyadic relationships between two
directly related vendor and customer organisations.
Processes can either amplify or absorb the effect of risks in the supply chain and
refer to the design and implementation of processes within and between the entities
in the supply chain. Robust processes are built on a thorough understanding
of variability, e.g. in manufacturing or forecasting, supply chain bottlenecks or
dependencies on IT systems, and may need to have planned process redundancies
or excess capacities where necessary (Mason-Jones and Towill, 1998). For example, the
impact of a supplier insolvency as a supply risk is either amplified or absorbed by the
level of excess capacity held within the chain.
Similarly, supply chain control mechanisms like decision rules and policies
regarding order quantities, batch sizes and safety stocks can either amplify or absorb
risk effects. For example, the effect of a sudden trough in demand is amplified in the
presence of inflexible rules regarding order quantities.
It is suggested here that a characteristic of supply chain risk sources is that they can
be inextricably linked to the supply chain structure. Supply and demand risk sources
are supply chain specific and are likely to affect several interdependent parties in the
IJLM chain. Moreover, demand and supply risks, as internal supply chain risk sources, imply
16,1 that any company in the supply chain can be responsible for SCRM implementation
and become a source of risk to the supply chain at the same time.
Expanding the idea of supply chain risk it can be argued that a supply chains’ risk
exposure determines its vulnerability. Thus, supply chain vulnerability is defined as
“an exposure to serious disturbance arising from supply chain risks and affecting the
124 supply chain’s ability to effectively serve the end customer market”.
The remit of SCRM as a managerial activity can be defined as: “the identification
and management of risks for the supply chain, through a co-ordinated approach
amongst supply chain members, to reduce supply chain vulnerability as a whole”.
This definition is similar to the one proposed by Lindroth and Norrman (2001).
However, they take a more restricted view by stating that SCRM deals with “risks
caused by, or impacting on, logistics-related activities or resources”. By contrast, this
definition adopts the basic tenet of the overarching concept of supply chain
management, that logistics is only one of the functions contained in the concept
(Guinipero and Brand, 1996; Cooper et al., 1997; Ross, 1998; Mentzer et al., 2001). Hence,
SCRM like supply chain management entails the same multiplicity of business
functions and processes.
Based on these characteristics of SCRM the field work described in the next section
was designed to explore the concept from a practitioner perspective.

The research project and methodology

The empirical project outlined in this paper was undertaken by the Cranfield Centre for
Logistics and Supply Chain Management on behalf of the Department for Transport
(DFT) in England. Among the objectives of the overall project were first, to explore the
state of knowledge, and “current”, practice in SCRM and second, to examine the
business requirements for assessing and managing supply chain risks. In order to tap
the “mental” maps and experiences of supply chain managers, a discovery-oriented,
practitioner-based approach was applied (Zaltman et al., 1982). Similar approaches
have been previously used for investigating risk-related research questions because
the managerial perceptions of risks influence the way in which they are dealt with, and
these show much greater variability than that suggested in the literature (Pablo, 1999;
Sitkin and Weingart, 1995; March and Shapira, 1987; Zsidisin, 2002). An exploratory
quantitative survey as well as qualitative focus group discussions with senior level
supply chain management professionals were used as the primary methods of data
collection. Specifically, the fieldwork was designed to answer the following three
questions.
(1) How well are supply chain risks recognised across a network?
(2) What is the current state of practice in SCRM?
(3) What are the perceived critical issues of SCRM implementation?
Survey
The survey was conducted in conjunction with the UK-based Chartered Institute for
Logistics and Transport (CILT), in the form of a postal questionnaire sent to a selected
sample of 1,700 Institute of Logistics members with a special interest in supply chain
management. We obtained the views of 137 managers, which represents a response
rate of 8 per cent. The low response rate has been influenced by the time of the mailings
(over the summer break), the length of the questionnaire as well as the senior level of Supply chain
the managers in the target group. risk management
Despite the low response rate, a wide range of industries were represented in
the sample, with Fast Moving Consumer Goods, Third Party Logistics Service
Providers and Manufacturing/Production companies as the three strongest sectors
(Figure 2).
The survey respondents represent organisations of all sizes with 39 per cent in the 125
category of less than £100m annual sales, 28 per cent with between £100m and £499m
and 33 per cent with more than £500m annual sales. Therefore, the findings do not
only reflect the views of the biggest and most powerful “channel captains”, but
incorporate those of smaller organisations which are often crucial links in many supply
chains. Looking at the organisations’ positions within their supply chains, we also find
that all roles, from retailer, distributor, wholesaler and manufacturer to third party
logistics providers are represented. Again, this suggests that consistent with our
research focus, perspectives from all supply chain roles are captured in the responses
(Figure 3).
Finally, the respondents represent supply chains with differences in the “scope of
operations”. Whereas 45 per cent of the supply chains operate in the UK only, the
majority of the supply chains (55 per cent) operate on an international or global basis.

Focus group discussions

A total of six focus group discussions with seven to eight members each, were
conducted for a period of one hour to ninety minutes during a conference on supply
chain vulnerability. Participants of the focus group discussions were senior level
supply chain management professionals, with some of them having a primary
responsibility for SCRM (e.g. business interruption risk manager, risk assurance
manager). They were drawn from a wide range of companies and industry sectors,
covering the public as well as the private sector with international and national supply
chains (Table I). All focus group discussions were facilitated by researchers with
subject knowledge. Each facilitator was instructed to structure the discussion in line
with the three main questions listed above. All focus group discussions were tape
recorded with the participants’ prior agreement, then transcribed and summarised for

Figure 2.
Industry sectors
IJLM
16,1

126

Figure 3.
Organisations’ positions in
the supply chain

Industry Companies

Consultancy and IT Andersen; SAP

Pharmaceutical Astra Zeneka; Glaxo Smith Kline
Aerospace BAE; Eastern Aeorspace Alliance
Brewing Bellhaven Brewery
Automotive BMW
Fast moving consumer goods Colgate Palmolive; Unilever Bestfoods Nutrica;
McCormick
Retail Waitrose
Logistics Excel
Tobacco Gallaher
Table I. Office equipment Xerox; Pitney Bowes
Selection of companies Banking HSBC
represented in focus Painting ICI Paints
group discussions Military RAF

analysis. To maintain appropriate anonymity, the names of contributing individuals

and companies are omitted and only reference to sector or industry will be made.
The survey sample, as well as the focus group discussions, reflect a diverse set of
organisations and industries and are hence well suited for obtaining a rich set of ideas
and insights. Whilst a case study approach would have allowed the integration of
several parties within the same supply chain (e.g. 2nd and 1st tier suppliers, OEM and
distributors), however, at this exploratory state, we wanted to capture a broad range of
perspectives across industries and supply chains. In addition, it is recognised that the
focus group discussions were dominated by larger companies, which are likely to be in
the position of the channel captain. However, participation in the focus group
discussions was only driven by the members’ interest in the subject, and it can be
assumed that similar to the overarching concept of supply chain management, these Supply chain
channel captains have a primary interest in managing supply chain risks and taking risk management
the lead.

The findings
The following analysis of the findings is structured in line with the main questions of
the fieldwork outlined above. 127
Network effects
In the focus group discussions, many delegates confirmed the importance of risk sources
which are linked to the relationships between the parties in the supply chain. Sometimes
these supply chain risk sources were classified as internal and sometimes as external.
Disruptions from supply or demand risk sources arise from the interactions between the
organisations within the supply chain. There was a consensus that these risk sources
become more important as the complexity of modern supply chains increases.
How do you, within that supply chain, control your network. It’s not a supply chain anymore,
it’s more of a network.
We’ve exposed ourselves to greater risk by spreading ourselves out and by trying to integrate
teams which are multinational and distributed geographically.
You know if you change the network structure, then what’s going to happen is that the
risk profile is going to change which is quite an important issue.
Because supply chain risk sources arise from the interactions between organisations,
they are likely to affect several organisations through rippling effects (Table II). Trying
to identify the rippling effects that a range of events might have caused along the
respondents’ supply chains was an important yet difficult objective of our study. We
asked the respondents to rate the extent to which each of a range of prominent recent
events affected first, their own organisations, second, their suppliers and third, their
customers. If no differences between these scores exist, we can conclude that the crises
had spread across the supply chain and affected all its member organisations equally.
All items were measured on a five-point scale with 1 ¼ no effect at all; and 5 ¼ to a
great extent.

My organisation Our suppliers Our customers Correlation

(mean score) (mean score) (mean score) (Pearson’s r)

The Y2K millenium bug r ¼ 0:5; 0:6; 0:7

affected. . . 1.6 1.7 1.7 (all significant)
The year 2000 fuel protests r ¼ 0:7; 0:7; 0:6
affected. . . 2.9 3.1 3.0 (all significant)
The foot and mouth outbreak r ¼ 0:7; 0:6; 0:7
affected. . . 2.0 2.1 2.3 (all significant)
Transportation infrastructure
failure (e.g. rail disruptions) r ¼ 0:8; 0:8; 0:9
affected. . . 1.9 2.0 2.1 (all significant)
The terrorist attacks of 11th r ¼ 0:7; 0:7; 0:7 Table II.
September affected. . . 2.4 2.2 2.5 (all significant) Rippling effects
IJLM In the analysis, no significant differences between the supplier score, the customer
16,1 score and the score for the respondents’ own organisation was found. On the contrary,
the three scores were significantly correlated for each of the events, providing support
for the rippling effects they caused along the supply chain.
In order to identify whether the global spread, and thus the complexity of the
supply chain structure increases the effect of the disruptions, the scores for the
128 impact of the terrorist attacks of 11th September were compared across the three
groups. The findings confirm that supply chains operating globally ðmean ¼ 2:3Þ
were significantly more seriously affected than supply chains operating
internationally ðmean ¼ 2:0Þ or within the UK only ðmean ¼ 1:6Þ:
Regarding the first question, our preliminary findings from the exploratory field
work seem to support the rippling effects of risks in the supply chain and the linkage
between vulnerability towards supply or demand risks and the supply chain’s structure.

Current state of practice in SCRM

Overall, the debate in the focus groups centred on three issues of SCRM practice: first,
on the adequacy of the risk management tools and processes, second, on the depth of
understanding of those tools within the organisation, and, third, on business continuity
planning in the supply chain.
As a company, we seem to have quite a good set of risk management tools and techniques.
I think in terms of improvement, what we need to do is make sure those risk management
tools and techniques are deployed on a wider base and the people be given the right necessary
training to use them, and there’s some sort of management or control mechanism put in place
at a high level to make sure everybody is using them in an effective manner, because I don’t
believe that’s happening at the moment.

Tools for identifying and assessing supply chain risks. From an initial literature review,
a list of nine process-based tools for identifying and assessing supply chain risks was
proposed. Four of those are derived specifically from a supply chain context (Scott and
Westbrook, 1991) and five are general risk management and/or change management
processes developed in an organisation context (Goldberg et al., 1999). In the survey,
we asked respondents how often each of these processes and/or tools are used in their
organisation (Figures 4 and 5).
The findings show that – with the exception of the Six Sigma method – all
traditional risk assessment processes/tools are being adopted more widely than the
supply chain-specific processes. Within those five processes shown in Figure 5, a trend
towards the less formalised and “softer” tools can be noticed, with brainstorming
leading the list and the Six Sigma method at the bottom. The findings do not reveal
whether this leaning towards less formalised processes and tools is caused by a lack of
understanding and/or from a lack of time commitment and discipline emphasised in
the following quote:
We play the “what if” game with outrageous scenarios but do not formalise our findings
so we try it regularly with quite often different results.
Joint business continuity planning processes. In the focus groups, contingency and
continuity plans were a central issue for discussion. A business continuity or
contingency plan is tailored to an individual company’s needs and entails disaster
 Supply chain
risk management

129

Figure 4.
Supply chain-specific risk
assessment
processes/tools

Figure 5.
Traditional risk
assessment and change
management
processes/tools

recovery planning for the most critical areas. The need for such planning has grown
not only because of the increased complexity of supply chains but also because of the
increased scrutiny by insurance cover providers.
Since September 11th the insurers are going in ever-decreasing circles, insisting everybody
updates their contingency plans and questioning them. . .It’s gone up our list of priorities . . . ”.
Overall, focus group participants shared the view that institutionalising contingency
processes is a good idea, yet they also emphasised the difficulties of implementing
them. A senior representative of a global firm in catalogue-based distribution shared
his company’s experience in a continuity situation:
We got this continuity plan for the supply chain but, we basically ran around like headless
chicken, chucked it out of the way and tried to do it off the cuff, just fire fight it.
IJLM In a supply chain context, the stated need to treat supply chain risks as shared risks
16,1 implies that joint continuity planning processes need to be undertaken.
It’s no good looking at your own patch in isolation, it is a supply chain issue so it’s important
to flow that requirement down to all your suppliers and all your suppliers’ suppliers.
The benefits of joint approaches to planning are illustrated in the quote from a delegate
130 representing the electronics industry.
One of the first things that happened (after September 11th) was we were pounced upon by
customs who decided to pressure test and x-ray lots of our electrical components going direct
to customers. So actually having a good relationship with our transport suppliers we were
able to work with them very closely to try to get that reversed as quickly as possible, because
it was basically strangling the business.
Still, most focus group members admitted that continuity planning was not undertaken
throughout their supply chains.
We don’t as an organisation even recognise some of the supply chain dimensions. So,
although I would say we have plenty of vulnerability tool kits, as to how to apply them down
that extended supply chain, we are still learning.
This is probably the biggest element of risk that we have. We have something like 2000
suppliers and you know our business is always taking care of itself. They have to do their bit
(suppliers) and we have to make sure that it’s done.
In the survey, respondents were asked how often continuity plans are developed jointly
with suppliers and customers and whether or not communication lines between all
organisations are ensured in crisis situations (Figure 6).
The results also show that among the organisations surveyed, a joint approach to
managing risks does not seem to be widespread. Forty percent of the respondents say
that they never or hardly ever develop plans together with suppliers and, for
customers, this applies to 36 per cent of respondents. These findings are in stark

Figure 6.
Joint business continuity
planning
contrast to business cases reported in the practitioner-oriented literature, which Supply chain
illustrate the merits of supply chain continuity plans in crises situations (Hellweg, risk management
2002; Hoffman, 1998).
In addition to the companies’ involvement into joint planning, we also investigated
the extent to which companies knew at least whether their suppliers or customers had
their own business continuity plans. Respondents were asked first, if their own
organisations had formal plans covering a range of contingencies and second, to 131
indicate the percentage of their supplier and customer organisations who they believed
had plans for those contingencies (Table III).
The findings show a significant difference between the respondents’ perception of
their own organisations’ involvement in business continuity planning, compared with
their customers’ and suppliers’ degree of planning. Across all continugencies covered,
less than a third of the respondents believe that the majority of their suppliers and/or
customers have plans. Yet, the percentage of respondents stating that they have plans
within their own organisations, is generally higher. These results indicate a lack of
mutual knowledge on individual companies’ risk management planning activities.
Overall, these initial findings on the current state of practice in SCRM seem to
suggest that companies implement organisation-specific risk management, but there is
little evidence of risk management at the supply chain level. Still, the quotes from the
focus group discussions, as well as our findings on the magnitude of supply chain risks
illustrate that supply chain level tools and practices need to be addressed. With our
third question we aimed to shed light on the critical issues which are seen as enablers
of a supply chain approach to risk management.

Critical issues for SCRM implementation

The findings on the critical issues in SCRM implementation revealed a marked
emphasis on the “soft”, relationship-related aspects on the one hand, and on the
somewhat “harder” strategy-related aspects on the other. The following three issues
were captured and are discussed below: first, an openness to share risk-related

I believe, the majority of I believe, the majority of

Within our own our suppliers (.50 per our customers (.50 per
organisation, we have cent) have business cent) have business
business continuity plans continuity plans continuity plans
covering. . . (per cent) covering. . . (per cent) covering. . . (per cent)

Loss of IT 91 25 32
Fire 68 21 29
Loss of site 62 9 21
Employee health
and safety 52 9 15
Customer health
and product
safety 44 16 15
Industrial action 44 5 11
Loss of suppliers 43 9 14 Table III.
Terrorist damage 37 4 11 Continuity planning
Pressure group within supply chain
protest 22 2 6 organisations
IJLM information along with the willingness to accept supply chain risks as joint risks; third,
16,1 the recognition of the supply chain strategy’s risk implications, and fourth, the notion
of supply chain transparency.
Openness to share risk-related information and acceptance of joint risks. The
overarching belief, which was seen as pivotal for a successful approach to SCRM, was an
openness to share risk-related information and to accept supply chain risks as joint risks.
132 Trust and open communication was generally seen as a precondition for risk sharing.
And if you don’t trust each other you can never start actually exchanging data and doing
something with it, finding what the risks are that are actually in those processes that you
share with each other.
Moreover, many of the participants agreed that risks for the supply chain should be
accepted as joint risks, as they can either have their source in the shared processes and
relationships between the organisations and/or affect them jointly through the rippling
effects.
The thing is that if you want to reduce the vulnerability of your supply chain, you actually
manage the risks that are in these shared processes.
The practitioners also discussed the consequences of pushing risk further down the
chain, if such a joint responsibility for supply chain risks is lacking. Here, it is often the
small and medium suppliers which are affected disproportionately.
You could actually have the SMEs shouldering a significant size of the risk burden and
possibly being the least able to tolerate some of that risk occurring. They are unlikely to have
the financial muscle to be able to do it.
As a consequence, organisations need to develop a common understanding of the risks
surrounding their supply chain.
The pivotal role of the soft, relationship-related aspects was examined more closely
in our survey. The respondents were asked to rate how often organisations in their
supply chains are encouraged to share information on their exposure to specific risks.
The findings in Figure 7 show that while the majority of respondents say that partner
organisations are encouraged to share often, always or at least sometimes risk-related

Figure 7.
Sharing of risk-related
information
information (55.9 per cent), there are still 44 per cent of companies which claim that this Supply chain
never or hardly ever occurs in their supply chains. risk management
The emphasis on the cultural and philosophy-related issues of SCRM is an
important finding of our field work which had not been mentioned previously in the
literature. However, the preliminary and restricted results from a much broader area
need further exploration through future research.
SCRM as an integrated part of the supply chain strategy. Among the focus group 133
participants, risk taking was generally perceived as an inevitable aspect of supply chain
management. Hence, any strategic supply chain principle, be it global sourcing,
postponement or the adoption of a lean approach to supply chain management, has
certain risk implications. Whereas in many industries, these principles provide the
foundation for improving performance or obtaining competitive advantage, they are
also seen as potentially increasing the supply chains’ risk exposure. Consequently,
supply chain strategies are trade-off decisions between supply chain performance and
vulnerability. Especially in today’s marketplace, the rapid pace of change, as well as the
profound nature of change in supply chains have amplified the managerial challenge.
Always start with strategy. From your business strategy determine your objectives and the
things you want to achieve. And then the next step is to assess or identify the risks that are
actually preventing you from achieving those objectives.
. . .when people are starting to design supply chains to start off with, they’re designing them
with risk management in mind, such that it’s already built in.
Globalisation, the move towards lean supply and centralised distribution and stock
holding were among the most frequently mentioned supply chain strategy elements
with severe risk implications.
. . .with stretching out globally – sourcing where there is an opportunity but there’s increased
risk to increase.
Try and get it right, try and be lean but not too lean, the risks increase dramatically.
Centralising distribution and stock holding has made the supply chain in our specific
circumstances vulnerable as the logistics company controlling warehousing picking and
distribution had major problems fulfilling these areas and caused serious customer problems
– in the future we will not be keeping all our eggs in one basket.
Despite these risk implications of supply chain strategy, many focus group delegates
claimed that risk implications of strategies are often sorted out on an ad hoc basis as
their organisations go along. One organisational barrier to a more proactive approach,
where risk implications of supply chain strategies are anticipated at the development
stage, appeared to be a lack of board level appreciation. Several delegates agreed that
the interest of the company board in supply chain management was restricted to cost
cutting, regardless of the consequences for the supply chain’s resilience.
We have got the message into some of the executive boards that they can reduce costs
through supply chain efficiencies. What we haven’t got into them is the message about how,
and where, they haven’t understood it, they’ve just demanded the results rather than going
through the process and we’ve stretched ourselves.
There was an edict from the board that we had to reduce working capital by 25 per cent
last year. That was a fairly arbitrary figure and then the result was that target was met by
IJLM cutting out just purely the safety stock of the business. . .so I know we’ve increased the risk of
our business.
16,1
From these focus group discussions and an initial literature review, a list of six
contemporary supply chain strategy elements – all prevalent over the last decade –
were proposed to have risk implications:
134 (1) the globalisation of supply chains;
(2) reduction of inventory holding;
(3) centralised distribution;
(4) reduction of the supplier base;
(5) outsourcing; and
(6) centralised production.

In the survey, the respondents were asked if they thought that by adopting these
strategies, the vulnerability of the supply chains was increased. The findings are
summarised in Figure 8.
As can be seen from Figure 8, the findings show that for globalisation and the
reduction of inventory holding, more than 50 per cent of the practitioners believe that
these have increased their supply chains’ vulnerability. For the other supply chain
strategy elements, one third or more of the respondents supported the direct link
between the supply chain strategy and risk. Overall, these tentative findings provide
sufficient support for the notion that the consideration of the risk implications of
supply chain strategies is an important issue for SCRM implementation.

Network transparency as the basis for SCRM. There was some consensus among the
delegates in the focus groups that planning for disruptions along the supply chain is
difficult, if not impossible, when the underlying forces are not well understood. With
the opening up of a global economy, supply chains today have become more stretched
out and disparate business cultures are interacting. Part of SCRM is hence to develop a
meaningful understanding of its own operational dynamics by re-examining and
designing the supply chains’ structures and flows.

Figure 8.
Perceived effect on supply
chain vulnerability
However, the participants in the focus group discussions also stressed that in the light Supply chain
of the increasing complexity and dynamics in today’s supply networks, maintaining risk management
visibility becomes a challenging undertaking.
Trying to actually understand the network, particularly within a complex global
organisation, you’ve actually got liabilities now you don’t realise.
Moreover, the visibility appeared to be less for organisations beyond the first tier. 135
I tend to think that we have most difficulties with our second tier, so the first tier supplier
relationships are generally quite good, but sometimes their management of their first tier isn’t.
From our nominated suppliers to their subcontractors, we lose some of the process and stability
and there are some actions which we could take to try and smooth some of those risks.
Given that the importance of supply network visibility was widely acknowledged in
the focus group discussions, we explored in our survey the extent to which supportive
measures are undertaken. Respondents were asked to rate how often they carry out
activities to improve supply chain visibility and understanding amongst all
organisations (Figure 9).
Although the percentage of respondents saying that they never or hardly ever
embark on those activities is still more than 25 per cent, the findings are encouraging.
Nearly 45 per cent state that improving visibility and understanding is almost a
routine and practiced often or always in their supply chains.

Structuring the overarching issues for SCRM

There was a consensus amongst the participants in the focus groups that any approach
to managing risks in the supply chain must be more than a collection of loosely
connected tools and techniques. Instead, dealing with supply chain vulnerability
requires an integrated management approach, based on the culture, structure and
competitive drivers in the supply chain and its industry sector. The following quote
illustrates this view:
I think that sadly people seem to think we can just put systems in you know – let’s put a
system in, let’s do this, but at the end of the day the people dimension is very, very important

Figure 9.
Supply chain visibility
and understanding
IJLM and it’s always going to be a thorny issue. My philosophy is this (supply chain risk
management) is actually a change management project.
16,1
We extend these views and propose that such an integrated approach can be used to
structure the main issues in SCRM implementation. Synthesising the key findings from
the preliminary field work and deriving questions for further research, we suggest a
structure with three layers of abstraction: philosophy, principles and processes.
136
Philosophy
Philosophy in a supply chain context comprises the broad reaching beliefs that drive
change in a consistent manner. The findings from the fieldwork demonstrate that in a
supply chain context, risk-related beliefs determine the risk awareness, which in turn
influences how the organisations respond to the need to manage risk and plan
continuity.
I think that a lot of the assessment of risk is to do with confidence, familiarity, cultural issues.
It’s the soft things which are quite difficult.
Two findings in particular can be related to the philosophy level: the need for an
openness to share risk-related information, and the willingness to accept supply chain
risks as joint risks.
Regarding the openness to share risk-related information, we found that such an
openness exists in some of the companies but not in others. An important issue for
further research is therefore to explore the motivators for companies to share
risk-related information. Major disasters like the terrorist attacks of 11th September or
the foot and mouth outbreak seem to trigger a common view on the importance of
SCRM and could therefore have a positive impact on the willingness to share
information. Interestingly, we got the impression that even the big and powerful
companies did not exert any pressures on their suppliers when seeking information,
but stressed that only encouragement ensures honesty.
The shared view on risks and joint responsibility as the second philosophy-related
issue which came out of the fieldwork also raises some interesting questions for further
research. For example, whilst the need to accept supply chain risks was stressed, some
companies pointed out that they have dealt with suppliers or distribution partners in
the past, which caused an unacceptable risk exposure and therefore, the relationships
were terminated. It is therefore important to find out which risks are accepted as joint
risks and which risks are ascribed to a specific supply chain party.
Finally, any philosophy-related SCRM issues are also likely to be dependent on who
takes the lead in managing supply chain risks. Hence, more research is needed on
developing different leadership models for effective SCRM. An intuitive appeal points
at the most powerful companies because these “channel captains” have the lion’s share
of resources at their disposal as well as the means to ensure other parties’ involvement.
Yet, some successful examples of supply chain continuity planning cited in the
literature, rely on third party logistics companies (3PLs) in the lead role (Hoffman,
1998). In one of the focus groups the potential for an independent industry agency,
which would focus on particular industries and look at whole chains from a risk
perspective, was also discussed.
Based on the business requirements identified in our preliminary field work we
suggest the following philosophy-related questions for further research in SCRM.
 RQ1. What are the motivators or inhibitors for companies to share risk related Supply chain
information? risk management
RQ2. Which risks are accepted by companies as shared supply chain risks?

Principles
Principles are much more explicit than philosophical issues. They build the parameters
for strategic or operational risk management processes and activity undertaken in the
137
supply chain. Based on the findings from the focus group discussions, we suggest that
the views of the participants can be summarised in the following main principle: SCRM
needs to be an integrated part of the supply chain strategy.
Supply chain strategy and supply chain risks can be seen as being a two-sided coin.
The delegates reported that their companies have gone through projects aimed at
defining, optimising and standardising the key processes in the supply chain. However,
risk implications were not taken into consideration and, as our findings show, many of
these restructured processes have increased the supply chains’ risk exposure. This could
be explained by the fact that in the last decade, contemporary supply chain strategies
have predominantly been looked at from an efficiency perspective. Our findings suggest
that there is a need for more research into the risk implications of these contemporary
supply chain management principles and their effective handling. This is in line with the
view expressed in the literature more recently. For example, Engardio (2001) points out
that the “boasts” of lean manufacturing and just-in-time supply chains have disguised
some of the risks involved. In a similar vein, Svensson (2002) stresses that JIT issues
have been explored in many different aspects but vulnerability issues remain largely
unexplored. Sheffi (2002) argues that the consideration of risk implications in supply
chain strategies will inevitably lead to trade-off decisions. Whilst he summarises five of
these trade-off decisions at a highly abstract level, we agree that more research is needed
into how risk/performance trade-offs can be managed and optimised.
The few contributions like those by Lonsdale (1999) or Das and Teng (1998), who
investigate outsourcing and strategic alliances from a risk management perspective,
can provide important guidance for further investigations.
Based on the business requirements identified in our preliminary field work we
suggest the following principle-related question for further research in SCRM.
RQ3. How can the risk performance trade-offs in supply chain strategies be
analysed and minimised?

Processes
Processes at the lowest conceptual level of our proposed structured approach to SCRM
are specific orderings of work activities, techniques and tools across time and place,
with a beginning, an end, clearly identified inputs and outputs, and a structure for
action (Davenport, 1993). Coherence between the philosophy, principles and the
processes is an important but challenging target. Organisations in the supply chain
must establish processes that permit them to act consistently with the philosophy and
principles. The close link between the philosophy or cultural issues and the processes
was highlighted in the following comment by a focus group delegate.
Is it the process that helps to develop the culture or do you need the culture to develop the
processes?
IJLM Our own findings related to the process level suggest that the main issue for future
16,1 research is probably not the development of new tools and techniques. Many of the
tools developed for a single organisation context, e.g. the Six Sigma method or risk
likelihood and impact assessments, can be applied to supply chain contexts. Similarly,
business continuity plans can cover disruptions, which would affect several companies
in the supply chain. In addition, a range of software tools are available which support
138 risk analysis in supply chains. Therefore, future research should place the main
emphasis on the implementation side of risk assessment, management and continuity
planning processes in supply chains.
The principle that supply chain strategy and risk are interdependent implies that
ultimately the board should accept responsibility for SCRM. A question which needs to
be addressed, however, is how to organise the implementation. Implementing these
processes involves multiple organisations, multiple business functions and is typically
based on the coordination of the activities under tight resource constraints. Whilst we
intuitively agree with most of the practitioners in our study, that the implementation
needs to be organised and supervised by all supply chain-related functions, we also
noticed that some of them possessed neither knowledge nor experience in any risk
related matters. Moreover, the sensitive nature of some risk management issues might
suggest that external and independent institutions could facilitate the
inter-organisational implementation of risk management.
Based on the business requirements identified in our preliminary field work we
suggest the following process-related question for further research in SCRM.
RQ4. How can the implementation of SCRM processes be organised within and
across companies?
The structure of an integrated approach to SCRM and the research questions derived
from the business requirements at each level are summarised in Figure 10.

Conclusion
SCRM is a topic which is increasingly receiving attention from both academics and
practitioners. Our survey showed that 44 per cent of all responding companies expect
the vulnerability of their supply chains to increase in the next five years. However, the

Figure 10.
A structure for research
issues in SCRM
concept of SCRM is still in its infancy, and understanding of SCRM is patchy, both in Supply chain
terms of its key issues and its implementation. Thus, while faced with new challenges risk management
of what appears to be an increasingly “uncertain” environment, practitioners have little
guidance on their SCRM approaches. In addition, traditional risk management
approaches derived from a single company perspective are not ideally suited to
accommodate the requirements in a supply chain context.
This paper contributes to our knowledge on SCRM by presenting the business 139
requirements from a practitioner perspective and by deriving a structure for an
integrated approach to SCRM which can guide further research.
The research questions stated at each of the conceptual levels of philosophy,
principle and processes should be tested through further empirical studies. We realise
that they need to be developed into research hypotheses; a task which we felt was too
ambitious in this paper given the exploratory nature of our study. Moreover, the data
presented in this paper reflect “current” practice and point starkly at the need to
explore the SCRM approaches of selected supply chains in greater detail. We have
noticed that much of the literature on SCRM takes a cross-industry perspective
(Zsidisin, 2003; Harland et al., 2003) and, therefore, such “best” practice case studies
could provide a foundation for refining our own proposed structure. Finally, the
research questions at each level derived from our own field work are only a starting
point and in need for further development. We hope that the proposed structure can
guide further research in this important area.

References
Baird, I. and Thomas, H. (1990), “What is risk anyway?”, in Bettis, T. and Thomas, H. (Eds),
Risk, Strategy and Management, JAI Press Inc., Greenwich, CT, pp. 21-52.
Bettis, T. and Thomas, H. (Eds) (1990), Risk, Strategy and Management, JAI Press Inc.,
Greenwich, CT.
Christopher, M. (1992), Logistics and Supply Chain Management, Pitman Publishing, London.
Christopher, M. and Lee, H. (2004), “Mitigating supply chain risk through improved confidence”,
International Journal of Physical Distribution and Logistics Management, Vol. 34 No. 5,
pp. 388-96.
Cooper, M., Lambert, D. and Pagh, J. (1997), “Supply chain management: more than a new name
for logistics”, The International Journal of Logistics Management, Vol. 8 No. 1, pp. 1-14.
Das, T.K. and Teng, B-S. (1998), “Resource and risk management in the strategic alliance-making
process”, Journal of Management, Vol. 24 No. 1, pp. 21-42.
Davenport, T. (1993), Process Innovation, Re-engineering Work Through Information
Technology, Harvard Business School Press, Boston, MA.
Engardio, P. (2001), “Why the supply chain broke down”, Business Week, No. 3724, 19 March
2001, pp. 41.
Gilbert, G. and Gips, M. (2000), “Supply-side contingency planning”, Security Management,
Vol. 44 No. 3, pp. 70-4.
Goldberg, S., Davis, S. and Pegalis, A. (1999), Y2K Risk Management, Wiley, New York, NY.
Guinipero, L. and Brand, R. (1996), “Purchasing’s role in supply chain management”, The
International Journal of Logistics Management, Vol. 7 No. 1, pp. 29-37.
Harland, C., Brenchley, R. and Walker, H. (2003), “Risk in supply networks”, Journal of
Purchasing & Supply Management, Vol. 9 No. 1, pp. 51-62.
IJLM Hellweg, E. (2002), Supply Chain Hero, available at: www.business2.com (accessed January 2002).
16,1 Hoffman, K. (1998), Helping the Supply Chain Cope with the Whims of Nature, the Will of Man,
available at: www.supplychainbrain.com (accessed February 1998).
Jennings, D. (2002), “The best law X 4 X far?”, Supply Management, Vol. 7 No. 6, pp. 40-1.
Johnson, E. (2001), “Learning from toys: lessons in managing supply chain risk from the toy
industry”, California Management Review, Vol. 43 No. 3, pp. 106-24.
140
Kahnemann, D. and Tversky, A. (1979), “Prospect theory: an analysis of decision under risk”,
Econometrica, Vol. 47, pp. 263-91.
Kraljic, P. (1983), “Purchasing must become supply management”, Harvard Business Review,
Vol. 61 No. 5, pp. 109-17.
Lamming, R., Caldwell, N., Harrison, D. and Phillips, W. (2001), “Transparency in supply
relationships: concept and practice”, The Journal of Supply Chain Management, pp. 4-10.
Lindroth, R. and Norrman, A. (2001), “Supply chain risk management: purchasers’ vs. planners
view on sharing capacity investment risks in the telecom industry”, Proceedings of the
IPSERA 11th International Conference, Enschede, 25-27 March, pp. 577-95.
Lonsdale, C. (1999), “Effectively managing vertical supply relationships: a risk management
model for outsourcing”, Supply Chain Management, Vol. 4 No. 4, p. 176.
McGillivray, G. (2000), “Commercial risk under JIT”, Canadian Underwriter, Vol. 67 No. 1,
pp. 26-30.
March, J. and Shapira, Z. (1987), “Managerial perspectives on risk and risk taking”, Management
Science, Vol. 33 No. 11, pp. 1404-18.
Mason-Jones, R. and Towill, D.R. (1998), “Shrinking the supply chain uncertainty cycle”, Control,
pp. 17-22.
Mentzer, J., DeWitt, W., Keebler, J., Min, S., Nix, N., Smith, C. and Zacharia, Z. (2001), “Defining
supply chain management”, Journal of Business Logistics, Vol. 22 No. 2, pp. 1-25.
Miller, K. (1992), “A framework for integrated risk management in international business”,
Journal of International Business Studies, Second Quarter, pp. 311-31.
Nelson, D., Mayo, R. and Moody, P. (1998), Powered by Honda: Developing Excellence in the Global
Enterprise, Wiley, New York, NY.
Pablo, A. (1999), “Managerial risk interpretations: does industry make a difference?”, Journal of
Managerial Psychology, Vol. 14 No. 2, pp. 92-107.
Ross, D. (1998), Competing Through Supply Chain Management, Chapman & Hall, New York, NY.
Scott, C. and Westbrook, R. (1991), “New strategic tools for supply chain management”,
International Journal of Physical Distribution & Logistics Management, Vol. 21 No. 1,
pp. 23-33.
Sheffi, Y. (2002), “Supply chain management under the threat of international terrorism”,
International Journal of Logistics Management, Vol. 12 No. 2.
Simons, R. (1999), “How risky is your company?”, Harvard Business Review, Vol. 77 No. 3,
pp. 85-94.
Simpson, L. (2002), “Docks battle makes worldwide waves”, Supply Management, Vol. 7 No. 23,
pp. 26-8.
Sitkin, S.B. and Weingart, L.R. (1995), “Determinants of risky decision-making behavior: a test of
the mediating role of risk perceptions and propensity”, Academy of Management Journal,
Vol. 38, pp. 1573-92.
Smeltzer, L. and Sifert, S. (1998), “Proactive supply management: the management of risk”, Supply chain
International Journal of Purchasing and Materials Management, Vol. 34 No. 1, pp. 38-45.
Svensson, G. (2000), “A conceptual framework for the analysis of vulnerability in supply chains”,
risk management
International Journal of Physical Distribution & Logistics Management, Vol. 30 Nos 9/10,
p. 731.
Svensson, G. (2001), “The impact of outsourcing on inbound logistics flow”, The International
Journal of Logistics Management, Vol. 12 No. 1, pp. 21-35. 141
Svensson, G. (2002), “A conceptual framework of vulnerability in firms’ inbound and outbound
logistics flows”, International Journal of Physical Distribution & Logistics Management,
Vol. 32 No. 2, pp. 110-34.
Ting, W. (1988), Multinational Risk Assessment and Management, Greenwood Press, Westport, CT.
Tversky, A. and Kahnemann, D. (1992), “Advances in prospect theory: cumulative representation
of uncertainty”, Journal of Risk and Uncertainty, Vol. 5, pp. 297-323.
Zaltman, G., LeMasters, K. and Heffring, K. (1982), Theory Construction in Marketing: Some
Thoughts on Thinking, Wiley, New York, NY.
Zsidisin, G. (2002), “Managerial perceptions of supply risk”, Journal of Supply Chain
Management, Vol. 6 No. 4, pp. 199-213.
Zsidisin, G. (2003), “A grounded definition of supply risk”, Journal of Purchasing & Supply
Management, Vol. 39 Nos 5/6, pp. 217-24.
Zsidisin, G. and Ellram, L. (1999), “Supply risk assessment analysis, practix”, Best Practices in
Purchasing & Supply Chain Management, pp. 9-12.
Zsidisin, G., Panelli, A. and Upton, R. (2000), “Purchasing organization involvement in risk
assessments, contingency plans, and risk management: an exploratory study”, Supply
Chain Management, Vol. 5 No. 4, p. 171.

Further reading
Christopher, M. et al. (2002), Supply Chain Vulnerability, Department for Transport.
Ericson, J. (2001), “Addressing supply chain disruptions”, Line5 – The E-Business Executive
Daily, available at: www.line56.com (accessed 4 October).
Hall, R. (1999), “Rearranging risks and rewards in a supply chain”, Journal of General
Management, Vol. 24 No. 3, pp. 22-32.
Hellweg, E. (2002), Supply Chain Hero, available at: www.business2.com (accessed January 2002).
Lambert, D. and Pohlen, Z. (2001), “Supply chain metrics”, The International Journal of Logistics
Management, Vol. 12 No. 1, pp. 1-19.
Smith, C., Smithson, C. and Wilford, S. (1990), Managing Financial Risk, Harper & Row, New
York, NY.
Souter, G. (2000), “Risks from supply chain also demand attention”, Business Insurance, Vol. 34
No. 20, pp. 26-8.
Zsidisin, G. and Ellram, L. (2003), “An agency theory investigation of supply risk management”,
Journal of Supply Chain Management, Vol. 39 No. 3, pp. 15-27.

(Uta Jüttner is a Senior Research Fellow in the Cranfield Centre for Logistics and Supply Chain
Management, Cranfield University, England. She can be contacted at u.b.juettner@cranfield.ac.uk.)