Computers in Industry 57 (2006) 350365 www.elsevier.

com/locate/compind

A model for inbound supply risk analysis

Teresa Wu a, Jennifer Blackhurst b,*, Vellayappan Chidambaram a
b a Department of Industrial Engineering, Arizona State University, P.O. Box 875906, Tempe, AZ 85287-5906, USA Department of Logistics, Operations and MIS, Iowa State University, 3131 Gerdin Business Building, Ames, IA 50011-1350, USA

Received 15 October 2004; accepted 24 November 2005 Available online 25 January 2006

Abstract Managing risk has become a critical component of supply chain management. The implications of supply chain failures can be costly and lead to signicant customer delivery delays. Though, different types of supply chain vulnerability management methodologies have been proposed for managing supply risk, most offer only point-based solutions that deal with a limited set of risks. This research aims to reinforce inbound supply chain risk management by proposing an integrated methodology to classify, manage and assess inbound supply risks. The contributions of this paper are four-fold: (1) inbound supply risk factors are identied through both an extensive academic literature review on supply risk literature review as well as a series of industry interviews; (2) from these factors, a hierarchical risk factor classication structure is created; (3) an analytical hierarchy processing (AHP) method with enhanced consistency to rank risk factor for suppliers is created; and (4) a prototype computer implementation system is developed and tested on an industry example. # 2006 Elsevier B.V. All rights reserved.
Keywords: Analytical hierarchy process (AHP); Inbound supply risk analysis; Prototype implementation

1. Introduction Inbound supply risk is dened as the potential occurrence of an incident associated with inbound supply from individual supplier failures or the supply market, resulting in the inability of the purchasing rm to meet customer demand [1] and as involving the potential occurrence of events associated with inbound supply that can have signicant detrimental effects on the purchasing rm [2]. These risks or supply chain failures can be costly and lead to signicant delays in customer deliveries. Therefore, managing supply risk is a critical component of managing the supply chain. Consequently, it is important to an organizations success to understand the sources of supply risk and how to best manage them [3]. A typical supply chain system can be large in scale, having many tiers of suppliers, where each supplier tier of the supply chain provides goods or services to the next level supplier tier in the supply chain. Moreover, each tier may have multiple components or members, creating a mesh network within the

* Corresponding author. Tel.: +1 515 294 2839; fax: +1 515 294 2534. E-mail addresses: jvblackh@iastate.edu, jenblackhurst@earthlink.net (J. Blackhurst). 0166-3615/$ see front matter # 2006 Elsevier B.V. All rights reserved. doi:10.1016/j.compind.2005.11.001

supply chain where the linear ow of goods is rare [4]. Managing inbound supply risk can be a challenging task due in part to the complex and dynamic nature of supply chain systems. Risk is inherent in such systems and can manifest itself in uncertainty existing in demand requirements, capacity, delivery time, manufacturing time, and costs [5]. The detrimental effects of uncertainties may be compounded by inefcient operations in manufacturing systems, production policies, and inexible process changes, which are for most part controllable by supply chain managers. There are tools for managing controllable uncertainties such as theory of constraints (TOC) for improving production efciencies [6], accurate response [7] for improving forecasting accuracy and multi-channel manufacturing [8] for managing demand uctuations, to name a few. Uncertainty also exists due to other factors such as changes in markets, technology, competitors, political issues, and governmental regulations [9]. Recent examples include the 2002 US west coast port strike, terrorist attacks such as September 11, 2001, the 1999 Taiwan earthquake, and most recently, Hurricane Katrina in 2005. These type of uncertainties, though difcult to control, can be managed through efcient contingency planning. One such example is Sears, a US based retail company, who managed the 9/11 crisis by

T. Wu et al. / Computers in Industry 57 (2006) 350365

351

creating a contingency cell or team at its head quarters immediately after the incident to control nation-wide truck trafc [10]. Relatively, there are many failure stories in managing uncontrollable uncertainties as cited by Martha and Subbakrishna [11] which are primarily due to lack of contingency plans or poor execution. One example of poor contingency planning is as follows: US based auto manufacturer Ford Motor Company shutting down ve of its US plants during the 9/11 incident because components could not be delivered from Canada [12]. Inbound supply chain risk management has drawn increasing attention from both practitioners and academic researchers. Different types of supply chain vulnerabilities and management methodologies have been proposed. Yet, most of them offer only point-based solution that deals with one particular or a limited set of risks or may focus on outbound supply risk rather than inbound [3,1319]. There is a need, therefore, for a general inbound supply risk management methodology to classify, manage and assess risks. This research proposes a supply chain risk management framework concentrating on inbound supply risk analysis. The contributions of this research are four-fold: rst, risk factors are enumerated through a review of the literature and industry interviews. Second, a general risk classication structure is proposed. Third, pair-wise comparison method using analytical hierarchy processing (AHP) with enhanced consistency is developed to assist supply chain managers in assessing risks. Fourth, a prototype system is implemented and tested on an industry example. This paper is structured as follows. Section 2 reviews exiting supply chain risk management methods. The proposed methodology is illustrated in Section 3. Section 4 details the implementation prototype system followed by an industry application example in Section 5. 2. Inbound supply risk The area of risk analysis is a well-researched topic. However, much of the research on risk and the physical ow of goods in a supply chain has focused more in the outbound ow rather than inbound supply risk analysis [20]. Zsidisin and Ellram [3] state that a suppliers failure to deliver inbound goods or services can have a detrimental effect throughout the purchasing rm and subsequently through the supply chain, ultimately reaching the consumer. Therefore, we focus specically on research in the area of inbound supply risk analysis. In this section, an inbound risk analysis procedure is dened, followed by a review of the literature in terms of this procedure. 2.1. Inbound risk analysis procedure Supply risk analysis is a systematic procedure [21] and often times it is the most detailed component of a risk management system [22]. Based on review of the literature, the risk analysis procedure is classied into four components: risk classication, risk identication, risk calculation and implementation/validation [23]. The methodology developed in this paper is therefore described in these terms.

2.1.1. Risk classication The primary purpose of classifying risk is to get a collective viewpoint on a group of factors, which will help the managers to identify the group that contributes the maximum risk. This can enable supply managers to give the required level of importance (in the risk management process) for every group/ type of factors. A classication system can be designed to cater the needs of a particular supply chain or can be chain independent. 2.1.2. Risk identication This step entails the enumeration of risk factors, is performed to be later categorized into appropriate branches in the classication system. It can be product focused, which means all the factors generated will focus on a particular product type, or supplier focused, where all the factors will be oriented to evaluate a particular supplier, which might be used as an abstract level risk for all kinds of product types that is provided by that supplier. 2.1.3. Risk calculation In general, risk factors identied in the previous step need to be evaluated to calculate the factors impact on overall risk. This step can be viewed as a decision support tool for predicting risk factors. 2.1.4. Implementation/validation Usability is a factor for implementing a risk analysis system. It refers to the functionality of the application, as to whether it can be used only for sourcing decisions or only for strengthening existing supply base or for both. Validating the system needs external support from supply chain managers to provide data and critique the analysis results. In order to understand the current literature base and more clearly dene gaps in the literature, a comparison of current inbound risk methodologies is performed based on the four main components in a risk analysis procedure in the following section. 2.2. Existing research in inbound risk analysis Kraljic [13] discusses the need to recognize the extent of supply weakness and treats the weaknesses with a 4-phase strategy to manage supply. The strategy presents key risk factors such as availability, number of suppliers, competitive demand, and make-buy opportunity. Additional market oriented aspects of supplier risks are analyzed such as capacity utilization, break-even stability, and expected demand growth. Steele and Court [14] address vulnerability management, which deals with an overall supply risk analysis procedure including risk identication, and calculation. A list of customary supply risk evaluation factors has been enumerated and a standard risk evaluation methodology is recommended by multiplying probability, consequence and duration of risks. Finnman [16] proposes a supply risk management framework and a methodology to evaluate risks to help supplier selection process. It uses preliminary hazard analysis (PHA) to lter out

352

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table 1 Summary of existing research (inbound supply risk) Citations Risk classication Risk identication Risk calculation Implementation/validation Kraljic [13] Chain dependent Product-focused No calculation No Steele and Court [14] Chain dependent Product-focused Weighted sum No Zsidisin and Ellram [15] Chain dependent Product-focused Highest factorial risk Yes Finnman [16] Chain dependent Supplier-focused AHP Yes Zsidisin [2] Chain dependent Product-focused No calculation Yes

low risk suppliers. The rest of the high-risk suppliers undergo a second phase risk evaluation using analytical hierarchy processing (AHP) technique. While it has been proven that AHP is effective to evaluate the risks, Finnmans work deals with one level pair-wise comparison risk and the issue of consistency not considered. Zsidisin and Ellram [15] propose a 10-step approach for risk assessment by giving equal importance for 8 identied risk factors and using a 5-point nominal risk scale. The maximum of the factorial risk is assigned as the overall risk of a project. It implements a nominal risk scale using a scorecard based on best practice case study. In 2003, Zsidisin [2] extends his work to propose a new supply risk classication system and identies key risk factors based on case studies and managerial interviews. Next, the literature is compared based on the four components discussed in Section 2.1. Table 1 summarizes the results. In summary, all of the models are developed not for general supply chains but are supply chain type dependent. Secondly, most of existing research relies on a product-focused approach. While this approach has value, a supplier-focused approach may be more appropriate from a supply risk identication perspective. Certainly, it has been recognized that with approaches such as lean manufacturing, total quality management (TQM) and other initiatives applied to the growing number of global supply chains, these systems are more than ever, susceptible to disruptive events [24]. Managing risk from a supplier perspective in such large global networks can help companies to identify and manage sources of risk to their inbound supply. (See Zsidisin et al. [25] for a high level analysis of inbound supply risk assessment methods found through case studies of seven rms.) Thirdly, choosing the risk calculation technique is crucial. A variety of methods including weighted sum, highest factorial risk and AHP (a basic version that does not consider consistency) are used. AHP is a promising technique, which reduces the complex and error-prone risk assessment process to a series of straightforward one-to-one comparisons, then synthesizes results. Yet, the consistency issue in AHP needs to be addressed. Lastly, the system should be implemented to aid both sourcing decisions and strengthening the existing supply base. Based on these ndings, there is a need for an integrated methodology to address inbound supply risk that is discussed in the following section. 3. Proposed inbound supply risk methodology In this research, an inbound supply risk analysis methodology is proposed, which includes four components:

(1) a supply chain independent risk classication; (2) supplier-based risk identication; (3) an enhanced AHP based risk calculation; and (4) a prototype computer implementation system. The rst three components are detailed in this section and the implementation system is explained in Section 4. 3.1. Risk classication In this paper, a wide range of inbound supply risk characteristics have been compiled from reviewing the literature and conducting industry interviews with supply chain and purchasing executives to create a new hierarchical supply risk classication system. Table 2 lists examples of the risk factors identied from the literature review. Based upon a literature review and industry interviews a hierarchical inbound risk classication system is created based upon internal and external types of risk. Executives from four different industries were interviewed as a validation method and were asked to critique the classication. Industries interviewed included PC manufacturing (assembly and distribution), PC manufacturing (OEM component manufacturer), information technology and food manufacturing. Examples of job titles interviewed included Vice President of Operations, Vice President of Procurement, and Procurement Manager and Project Manager. Using the literature base and the interviews, the authors have enumerated and classied inbound supply risk factors. These factors have been grouped by the following categories: internal: controllable, partial controllable, and uncontrollable and external: controllable, partial controllable, uncontrollable. The hierarchical structure of the risk classication system is based upon the following categories:  Internal Controllable refers to the internal risk factors that originate from sources that are most likely controllable by the company. Examples are the quality and cost of the product.  Internal Partially Controllable refers to the internal risk factors that originate from sources that are partially controllable by the company. For example, re accident in the company.  Internal Uncontrollable refers to the internal risk factors that originate from sources that are uncontrollable by the company.  External Controllable refers to the external risk factors that originate from sources that are most likely controllable by the supplier company. For example, selection of the next tier suppliers.

T. Wu et al. / Computers in Industry 57 (2006) 350365 Table 2 Risk factors identied by literature review Source Cooke [26] Factors

353

Dickson [27]

Gooley [28] Machalaba and Kim [29]

Mitroff and Alpalsan [30] Seaman and Stodghill [31] Simpson [20] Stafford et al. [32] Terhune [33] Treleven and Schweikhart [34] van der Vorst and Beulens [9] Virolainen and Tuominen [35] Wagner [36] Zsidisin [2]

Zsidisin and Ellram [3]

Risks of supplying market from or over-dependence on a foreign plant, especially during times of political tension, and risk stemming from increased regulation Quality, delivery, price, production facilities and capacity, technical capability, nancial position, management and organization, performance history, warranties and claim policies Procedural compliance, communication system, operating controls, and labor relation record Personnel lacking knowledge and ability to manage/absorb new processes Lockout or shutdown of transportation hubs such as docks, impacts of conicts between employer management and labor groups, and reaction of employers in the form of work slowdowns to changes such as deployment of information technology Natural accidents, normal accidents (system overloads), and abnormal accidents (deliberate evil intentions) Impacts of labor law and trade policy, and different corporate cultures and complex management structures between vendor and supplier Terrorism, cyber-vandalism, other criminal activity, natural disasters Natural disaster and technology failure Natural events like earthquake, oods, or summer heat wave Price, inventories and schedule, technology, and quality Changes in markets, products, technology, competitors and governmental regulations. Availability, conguration, and currencies Supplier integration and communication Capacity constraints, cycle time, disasters, nancial health of suppliers, legal liabilities, currency uctuations, management vision, market price increases, incompatible information systems, and product design changes Unanticipated changes in the volume requirements and mix of items needed, production or technological changes, price increases, product unavailability, and product quality problems

 External Partially Controllable refers to the external risk factors that originate from sources that are partially controllable by the supplier company. For example, customer demand can be partially impacted by companys promotion plan.  External Uncontrollable refers to the external risk factors that originate from sources that are uncontrollable by the supplier company. Examples are nature disasters such as earthquake, tsunami. The system is based upon a difference of internal versus external type of risks. This helps the manager get a clear idea of where the risks are located. Controllable versus partial controllable versus uncontrollable again helps the manager clearly identify the type of risk factors in order to better determine how to handle avoid or mitigate each type. The industry executives interviewed are conrmed and ne-tuned this classication through series of interviews. The proposed classication structure addresses all the key aspects of a classication system. It gives a collective viewpoint of factor groups. From a tactical perspective, it will enable supply managers to identify the group of factors that contributes the maximum level risk. This will enable supply managers to classify the importance (in the risk management process) for every group of factors. In a strategic perspective it will enable the ability to outline long-term plans.

3.2. Risk identication Risk identication is an important component in the risk analysis procedure. The procedure followed in this research included: (1) developing a set of risk factors based upon a review of the relevant supply risk literature; (2) creating a prototype classication system for supplier based risk; (3) validating the classication system with industry managers: an electronics distributor, a food services manufacturer, an electronics manufacturer, and a PC manufacturer; (4) nalizing the risk classication system (using both the literature review and the industry interviews) comprised of 54 individual factors; and (5) consolidating these factors into 19 supply risk groups. Fig. 1 shows the consolidated factors. Denitions of each factor group are presented in Appendix A. 3.3. Risk calculation The key aspects of this phase are: (1) calculate the relative weights of the risk factors at two levels of the classication system; (2) evaluate the probability of the occurrence of each risk factor; (3) calculate the risk (the weight of the risk factor * the probability of the risk factor). In this research, the occurrence probability is collected from industry manager and is given. Therefore, techniques to compute the relative weights

354

T. Wu et al. / Computers in Industry 57 (2006) 350365

Fig. 1. Identied risk factors tted into the new classication system.

of risk factor and carry out the risk calculation are the focus of this research. 3.3.1. AHP with enhanced consistency AHP is a multi attribute decision-making (MADM) technique [37]. It enables a decision maker to structure a MADM problem visually in an attribute hierarchy. Dey [38] states that as risks are subjective by nature and AHP is an effective tool for predicting risk. AHP provides a exible and easy to understand way of analyzing complicated problems. It allows for both subjective and objective factors to be considered. Additionally many risk factors are conicting where achieving success in one factor lead to sacricing another. Therefore, AHP gives managers a rational basis for decision-making. AHP depends on a hierarchy where the top level drives the focus of the problem and the bottom level consists of the decision options. Dey [38] states that once a hierarchy is constructed, the decision-maker begins a prioritization procedure to determine the relative importance of the elements in each level of the hierarchy. The elements in each level are compared as pairs with respect to their importance in making

the decision under consideration. A verbal scale is used in AHP that enables the decision-maker to incorporate subjectivity, experience, and knowledge in an intuitive and natural way. After comparison matrices are created, relative weights are derived for the various elements. The relative weights of the elements of each level with respect to an element in the adjacent upper level are computed as the components of the normalized eigenvector associated with the largest eigenvalue of their comparison matrix. Composite weights are then determined by aggregating the weights through the hierarchy. This is done by following a path from the top of the hierarchy to each alternative at the lowest level, and multiplying the weights along each segment of the path. The outcome of this aggregation is a normalized vector of the overall weights of the options. A comprehensive understanding of AHP can be found in Saaty [37]. The methodology presented in this paper is an integrated approach to risk management utilizing an enhanced AHP. To effectively utilize AHP, a two level risk classication structure is developed. After the classication, enhanced AHP is applied to quantify the risk to give the manager a measure of the robustness or the vulnerability of the supply

T. Wu et al. / Computers in Industry 57 (2006) 350365

355

Fig. 2. AHP consistency algorithm [43].

chain. As stated earlier, AHP is applied hierarchically. Here, AHP is used for rst level, to rank how important one category is over another category. Next is a comparison of important one factor is over another factor in the same category. Therefore, two weights exist. Additionally, a subjective measure of the probability of occurrence is considered for each risk so that the measure includes not only its importance but also probability of occurrence. AHP has been applied to a variety of research issues including: supplier selection [39], design of automated cellular manufacturing systems [40], sourcing decisions [41], and software selection [42], just to name a few. While traditional AHP proven effective in decision-making, inconsistency can be an issue. AHP consistency is also known as the consistency ratio (CR). This consistency ratio simply reects the consistency of the pair-wise judgments. For example, judgments should be transitive in the sense that if A is considered more important than B, and B more important than C, then A should be more important than C. If, however, the user rates A is as important as C, the comparisons are inconsistent and the user should revisit the assessment. Saaty [37] explains that CR is calculated by using the equation in (1), where x stands for the maximum eigenvalue of the pair-wise matrix, and n is the size of the pair-wise matrix, RI is the random index value recommended by Saaty [36]. CR x n=n 1 RI (1)

tends to lead to smaller Euclidean distance (the measure of inconsistency by measuring eigenvector values in a matrix) in comparison experiments on a small dataset. The detailed consistency algorithm is explained in Fig. 2. 3.3.2. Enhanced AHP for risk calculation In general, AHP reduces complex decisions to a series of oneto-one comparisons, then synthesizes results based on hierarchical structure. In this research, AHP is applied to calculate the weights, a factor indicating how important the particular risk is. First, comparison among six risk types Internal Controllable, Internal Partially Controllable, Internal Uncontrollable, External Controllable, External Partially Controllable and External Uncontrollable is conducted with Wi (i = 1, . . ., # of risk types) calculated. Second, the comparison within each risk type is conducted with RWij calculated (i = 1, . . ., # of risk types, j = 1, . . ., # of factors in the ith risk type). With the probability of each Level II factors provided by manager, termed Pij (i = 1, . . ., # of risk types, j = 1, . . ., # of factors in the ith risk type), the risk can be quantied by: IUF
n X m X i 1 j 1

Wi RWij Pij (2)

n X m X Pij 1 i1 j1

i 1; 2; . . . n j 1; 2; . . . m where IUF stands for integrated uncertainty factor, which is overall risk value for a supplier. Note that given six types of risks discussed above, n is set to 6. The detailed procedure is as follows: rst, the original pairwise comparison matrix MI is obtained from the supply chain manager. MI is 6 6 matrix indicating the comparison between 6 Level I factors (categories). The consistency algorithm (Fig. 2) is then called to get Wi (i = 1, . . ., 6). Second, the supply

AHP has some tolerance for inconsistency, but comparisons with a consistency index that exceeds 0.1 should be reconsidered [43]. A number of methods were examined that deal with inconsistency including Peters and Zelewski [44], Ishizaka and Lusti [45], and Wedley et al. [46]. The method by Peters and Zelewski [44] was chosen based upon its ability to convert an inconsistent matrix into a consistent matrix as it

356

T. Wu et al. / Computers in Industry 57 (2006) 350365

Fig. 3. Implementation system architecture.

chain manager sets the original pair-wise comparison matrices MII(1), MII(2), MII(3), MII(4), MII(5), MII(6), where MII(1) is 12 12 matrix, MII(2) is 4 4 matrix, MII(5) is 3 3 matrix and MII(6) is 3 3 matrix indicating the comparison between the Level II factors under each category. Note there is no need to retrieve MII(3) and MII(4) due to the fact that MII(3) has no factor specied and MII(4) has only one factor. Again, the consistency algorithm (Fig. 2) is called to generate RWij (i = 1, . . ., 6, j = 1, . . ., # of factors in the ith risk type). Third, the supply chain manager sets the probability of occurrence of each level II factors (i = 1, . . ., 6, j = 1, . . ., # of factors in the ith risk type). Eq. (2) is then used to calculate IUF for each risk factor. Introducing Wi helps to evaluate a group of risk factors as a single entity, and to evaluate peer risk factors of similar origin. Introducing RWij helps to evaluate consequence or impact-onbusiness due to a risky event caused by that factor, and gives required level of importance depending on the impact of that risk factor. Pij denes the probability of occurrence of each risk factor, which helps to evaluate likelihood of a risky event occurring due to that risk factor. Note Wi and RWij are calculated from AHP and Pij is provided by the supply chain manager. Though, subjectivity might be introduced as the probability of occurrence is input by manager, the method is based upon getting the inputs for AHP matrices. This can be certainly improved by plugging in a module to compute the probability based on collected historical data, which will be conducted in future research. 4. Prototype system implementation It is interesting to note that some commercial software packages, such as Expert Choice, Super Decision Software, have been developed in an attempt to address supply risk management. Yet, the unique two level structure and risk calculation proposed by this research cannot be conducted solely by such commercial software. Therefore, a prototype system is developed and implemented in a case application to validate the proposed framework. The application is implemented in .NET programming environment using VB.NET and SQL Server 2000. The data can be pooled from a SQL database server. VB.NET is used to build up forms as the front end user interfaces. The system can be easily extended with Web forms

as user interfaces to get inputs, which most existing software is not capable of. The overall architecture of the application with three components identied is presented in Fig. 3. The respective process ow charts of each component are illustrated in Fig. 4. 4.1. Risk classication and identication The main functionality of this component is to establish the basic risk classication structure and t the identied risk factors in appropriate categories in the classication system. As discussed in Section 3, the proposed model recommends a twolevel classication system with six-types in the second level. A feature of this component is to let the managers customize risk classication system. Similarly, the proposed model in Section 3, recommends a set of 19 risk factors that falls in either one of the six risk types. Note that the managers can create their own customized set of risk factors by adding new factors, dropping existing factors or modifying existing factors. The process ow of risk classication component is represented as the rst branch in Fig. 5. Steps include customization of the risk factors, identication of the factors and a nalized conformation. 4.2. Data input and comparison The main functionality of this component is to obtain user input data for pair-wise comparison matrices and the probability of occurrence for each risk factor. As discussed in Section 3, there would be a total of n + 1 pair-wise comparison matrices, where n is the total number of risk types. The rst matrix will always compare risk types and the following matrices will compare risk factors within each risk type. As the main purpose of pair-wise comparison is to obtain relative weights for risk types and risk factors within each risk type, this component is designed to do the calculation for relative weights and consistency ratio using the data inputted from pair-wise matrices. The process ow of data input component is represented as the second branch in Fig. 5. There are two sub-branches in this component. The rst sub-branch is for pair-wise data input while the second sub-branch is for probability data input. In the

T. Wu et al. / Computers in Industry 57 (2006) 350365

357

Fig. 4. Process ow.

rst sub-branch, the rst form would be to obtain pair-wise inputs for risk types and depending on how many risk types are chosen in the risk classication component, there would be that many number of pair-wise forms for risk factors. Immediately after obtaining user input for each pair-wise matrix, the consistency ratio will be calculated and if it is above threshold value established by Saaty [36], then the consistency improvement algorithm will be executed and the matrix scores will be modied so that the matrix is turned into a consistent matrix. Finally, after the matrix is recongured, the relative weights will be calculated and displayed. In the second subbranch, the rst form is to add new supplier information or choose a particular supplier to proceed further to the next form to enter probability of occurrence for each risk factor.

4.3. Risk analysis and summary measure This component calculates the overall and factor-wise risk for each supplier. The main functionality of this component is to calculate risk based on the formula given in Section 3. The risk calculation utilizes relative weights calculated from the previous component. The risk value is calculated for every risk factor and is also summed up to give the overall risk value. The third branch of the process ow chart in Fig. 5 represents this component. The rst form is for choosing a particular supplier from the list of existing suppliers. The second form is to calculate factor-wise and overall risk for that supplier and display it in a use-friendly manner.

Fig. 5. Customize risk classication category/sub-categories.

358

T. Wu et al. / Computers in Industry 57 (2006) 350365

Fig. 6. Risk calculation data input.

5. Industry application of the prototype system In this section, the inbound supply risk analysis model is applied to a major US PC manufacturer. The company termed PC manufacturer (PCM) designs, develops, manufactures and supports a wide range of computer systems to custom requirements. PCM relies heavily of its supply base and therefore, managing inbound supply risk is of interest to PCM. The model was applied to two key suppliers to test the application system and the results were discussed with supply chain managers for validation of the results. 5.1. Step 1: risk classication The proposed model offers 6 risk types and 19 risk factors in each risk type. The implementation system allows the manager to customize the model by only picking the factors that are applicable to their supply base (shown in Fig. 5). In this case, four types of risk are considered: Internal Controllable, Internal Partially Controllable, External Partial Controllable and External Uncontrollable. Thus, the pair-wise comparison matrix MI is 4 4 matrix. 5.2. Step 2: input data As shown in Fig. 6, the data for pair-wise matrices and probability of occurrence are entered in this component. The rst part deals with calculating relative weights for risk types and risk factors. There is one matrix for comparing 4 risk types and four matrices for comparing risk factors within each risk type. The second part handles the probability of occurrence of each risk factor. See Tables A.6A.11 in the appendix for detailed data input from the PCM supply chain manager. 5.3. Step 3: risk calculation After all the information is entered, the AHP consistency algorithm (Fig. 2) is rst applied to the matrices gathered from Step 2 to get Wi (i = 1, 2, 3, 4) and RWij (i = 1, . . ., 4, j = 1, . . ., # of factors in the ith risk type). Given probability information, Eq. (2) is then used to calculate the integrated risk value (Fig. 7).

5.4. Step 4: risk analysis The PCM case was implemented and the nal results were obtained from the risk analysis component of the application. Two suppliers (denoted as Supplier-1 and Supplier-2) were analyzed to estimate the level-of-risk they pose to the inbound supply of PCM. It was found that Supplier-2 was riskier than Supplier-1. In a risk scale of 01, the risk values were determined to be 0.31 for Supplier-2 and 0.17 for Supplier-1. In other words, Supplier-2 is almost 80% more risky than Supplier-1. Refer Fig. 8 for details. As a word of caution, this risk value is just an indicator of which zone is riskier than the other, but it does not necessarily give an absolute value. Fig. 9(a) provides detail of Supplier-1s risk among the 4 risk types. It is interesting to note that 89% of the risk is caused due to internal factors and 11% is due to external factors. This might sound a caution to assign more resources to managing internal risks. Among external factors, risks due to uncontrollable factors are higher than partially controllable factors. This infers that though uncontrollable factors generally have less probability-of-occurrences it still has a large consequence-ofoccurrence. Similarly, Fig. 9(b) provides detail of Supplier-2s

Fig. 7. Risk calculation for one supplier.

T. Wu et al. / Computers in Industry 57 (2006) 350365

359

Fig. 8. Comparative analysis of overall risk values.

risk among the 4 risk types. Supplier-2 gets most of its risk from internal factors. Note that within internal factors; partially controllable risk is higher than it was in Supplier-1s case. This means that factors like suppliers market strength, and continuity of supply needs to be monitored more carefully than it was in Supplier-1. A detailed treatment of risk factors will help to gain insights on prioritizing future risk management activities. A Pareto analysis of relative weights among risk factors revealed that the top 5 factors garnered 80% of PCMs attention among a total of

18 risk factors. Cost, quality, on-time delivery, continuity of supply, and engineering/production were the 5 risk key factors for PCM. The graph in Fig. 10 shows a comparative analysis between Supplier-1 and Supplier-2 on each of the top-10 risk factors. The risk factors are arranged as per PCMs preference level from left to right. It is clearly seen that Supplier-2 considerably exceeds Supplier-1 in almost all risk factors. In examining the top-5 factors it is clear that Supplier-2 is riskier than Supplier-1 in quality, on-time delivery, and continuity of supply. Therefore, emphasis must be laid on Supplier-2s management to reduce risk in top-5 factors especially the 3 factors mentioned above. Supplier-1 should also continuously work to bring down the probability of occurrence on its key risk factors, which will help to reduce its overall risk. Table 3 gives the exact risk scores for the top-10 risk factors for Supplier-1 and Supplier-2. In another analysis conducted separately for Supplier-1 and Supplier-2, it was found that Supplier-1 and Supplier-2 had different sets of top-5 risk factors. Though, Supplier-1 and Supplier-2s top-5 factors are more similar to PCMs top-5 factors they were ordered in a different manner. The top 5 risky factors for Supplier-1 were cost, on-time delivery, quality,

Fig. 9. Percentage of total risk by risk categories for Supplier-1 and Supplier-2.

Fig. 10. Comparative analysis of suppliers.

360

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table 3 Comparative analysis of suppliers on PCMs top10 risk factors Risk factors Cost Quality On-time delivery Continuity of supply Engineering/production II Tier supplier Demand Internal legal issues Natural/man-made disasters Politics/economics Others PCMs preference (%) 23.153 21.727 18.838 11.767 3.978 2.979 2.832 2.589 2.414 2.414 7.305 Risk of Supplier-1 0.046 0.021 0.037 0.011 0.015 0.008 0.002 0.002 0.009 0.002 0.018 Risk of Supplier-2 0.046 0.065 0.075 0.058 0.019 0.011 0.011 0.002 0.007 0.002 0.017

engineering/production and continuity of supply. These 5 factors contribute to 80% of total risk value for Supplier1. The top 5 risky factors for Supplier-2 were on-time delivery, quality, continuity-of-supply, cost, and engineering/production. These 5 factors contribute to 87% of total risk value for Supplier-2. 6. Conclusion and future research Managing risk in inbound supply chain operations has become increasingly important in todays competitive and globally dispersed environment. Supply chain managers spend a signicant amount of time and resources to manage inbound supply risk. Some methods include implementing safety mechanisms such as expediting orders, frequent checking of order status, and buffer inventories. Recent events such as 9/11 and labor strikes have brought the issue of risk to the forefront and while risk management is listed on agenda of many

companies, the implementation is disjointed and inconsistent. In fact, in many cases it is up to the managers experience to assess and evaluate the risk. In addition, the major research gaps identied are analyzing the risks from root cause, generating comprehensive list of risk factors and tting into a suitable risk classication system to strengthen the risk management methodologies. There is, therefore, a need for an integrated, systematic approach to assess and manage inbound supply risk. This paper has presented an inbound supply risk analysis methodology to classify, manage and assess the risks. This methodology classies the risk factors in a hierarchical structure that, identies supplier-oriented risk factors collectively through both literature review and managerial interviews, and applies analytical hierarchy processing technique to calculate weight of risk factors, which is an indicator how important the risk factor is. A scalable, customizable implementation presented for ease of use. The model developed was built to address the key aspects of a risk analysis procedure and proved to be promising. However, there are some recommendations for further developments. First, the scope of the model is limited to a single-tier environment. It could be extended to multi-tier supply chain. Secondly, the risk calculation equation in the current model did not consider the length of time a particular risk exists but just considers the probability and consequence of occurrence. It can be improved by including a time parameter while calculating the risk. Thirdly, the probability of the factors is collected from industry; this can be improved by computing the probability based on historical data. Appendix A See Tables A.1A.11.

T. Wu et al. / Computers in Industry 57 (2006) 350365 Table A.1 Internal controllable risk factors

361

362 Table A.2 Internal partially controllable risk factors

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table A.3 External controllable risk factors

Table A.4 External partially controllable risk factors

T. Wu et al. / Computers in Industry 57 (2006) 350365 Table A.5 External uncontrollable risk factors

363

Table A.6 Pair-wise matrix for risk types

Table A.7 Pair-wise matrix for risk factors in Internal Controllable

Table A.8 Pair-wise matrix for risk factors in Internal Partially Controllable

364

T. Wu et al. / Computers in Industry 57 (2006) 350365

Table A.9 Pair-wise matrix for risk factors in External Partially Controllable

Table A.10 Pair-wise matrix for risk factors in external uncontrollable

Table A.11 Probability for risk factors No. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Risk factors Quality Cost On-time delivery Engineering/production Technical/knowledge resources Financial and insurance issues Management related issues Accidents Market strength Internal legal issues Continuity of supply II Tier supplier External legal issues Demand Security Natural/man-made disasters Political/economical stability Market characteristics Probability for Supplier 1 1 2 2 4 3 7 6 1 2 1 1 3 2 1 2 4 1 1 (010% Probability) (1020% Probability) (1020% Probability) (3040% Probability) (2030% Probability) (6070% Probability) (5060% Probability) (010% Probability) (1020% Probability) (010% Probability) (010% Probability) (2030% Probability) (1020% Probability) (010% Probability) (1020% Probability) (3040% Probability) (010% Probability) (010% Probability) Probability for Supplier 2 3 2 4 5 4 2 4 2 3 1 5 4 1 4 2 3 1 3 (2030% Probability) (1020% Probability) (3040% Probability) (4050% Probability) (3040% Probability) (1020% Probability) (3040% Probability) (1020% Probability) (2030% Probability) (010% Probability) (4050% Probability) (3040% Probability) (010% Probability) (3040% Probability) (1020% Probability) (2030% Probability) (010% Probability) (2030% Probability)

References
[1] G.A. Zsidisin, Dening supply risk: a grounded theory approach, in: Proceedings from the Decision Sciences Institute Annual Meeting, San Diego, CA, 2002. [2] G.A. Zsidisin, Managerial perceptions of supply risk, Journal of Supply Chain Management 39 (1) (2003) 1425. [3] G.A. Zsidisin, L.M. Ellram, An agency theory investigation of supply risk management, Journal of Supply Chain Management 39 (3) (2003) 1529. [4] C. Riddalls, S. Bennett, N. Tipi, Modeling the dynamics of supply chains, International Journal of Systems Science 31 (8) (2000) 969976. [5] D. Taylor, D. Brunt, Manufacturing Operations and Supply Chain Management: The Lean Approach, Thomson International Business Press, London, England, 2001. [6] E.M. Goldratt, J. Cox, The Goal: A Process of Ongoing Improvement, North River Press, Great Barriton, Mass, 1992. [7] L.M. Fisher, J.H. Hammond, W.R. Obermeyer, A. Raman, Making Supply Meet Demand in an Uncertain World, Harvard Business Review, May 1994. [8] D.J. Kulonda, Managing erratic demand: the multi-channel manufacturing approach, Journal of Textile and Apparel Technology and Management 2 (3) (2002).

[9] J. Van der Vorst, A. Beulens, Identifying sources of uncertainty to generate supply chain redesign strategies, International Journal of Physical Distribution and Logistics Management 33 (6) (2002) 409430. [10] E. Hellweg. Supply-chain hero. Business 2.0 [Online], available: https:// www.business2.com/subscribers/articles/mag/0,1640,35883,00.html, January 2002. [11] J. Martha, S. Subbakrishna, Targeting a just-in-case supply chain for the inevitable next disaster, Supply Chain Management Review 6 (5) (2002) 1824. [12] J. Martha, Just-in-case operations, Warehousing Forum 17 (2) (2002). [13] P. Kraljic, Purchasing must become supply management, Harvard Business Review (September 2001) 407415. [14] P.T. Steele, B.H. Court, Protable Purchasing Strategies: A Managers Guide for Improving Organizational Competitiveness through the Skills of Purchasing, McGraw-Hill Press, London, 1996. [15] G.A. Zsidisin, L.M. Ellram, Supply risk assessment analysis, Practix 2 (4) (1999) 912. [16] F. Finnman, Supplier Selection when Considering Risks for Disturbances in the Inbound Flow to ScaniaA Model for Supply Chain Risk Management, M.S. thesis, Dept. of Industrial Management and Logistics, Division of Engineering Logistics, Lund Institute of Technology, Lund, Sweden, 2002.

T. Wu et al. / Computers in Industry 57 (2006) 350365 [17] J. Hallikas, V.-M. Virolainen, M. Tuominen, Risk analysis and assessment in network environments: a dyadic case study, International Journal of Production Economics 78 (2002) 4555. [18] J.H.M. Tah, V. Carr, Towards a framework for project risk knowledge management in the construction supply chain, Advances in Engineering Software 32 (2002) 835846. [19] P.N. Sharratt, P.M. Choong, A life-cycle framework to analyze business risk in process industry project, Journal of Cleaner Production 10 (2002) 479493. [20] G.A. Zsidisin, A. Panelli, R. Upton, Purchasing organization involvement in risk assessments, contingency plans, and risk management: an exploratory study, Supply Chain Management: An International Journal 5 (4) (2000) 187197. [21] C. Chapman, S. Ward, Project Risk Management, Wiley Europe Press, West Sussex, UK, 1996. [22] E.H. Conrow, Effective Risk Management: Some Keys to Success, AIAA Press, Reston, VA, 2000. [23] V. Chidambaram, Supply Chain Risk Management: A Study on Inbound Supply Risk Analysis, MS Thesis, Arizona State University, Department of Industrial Engineering, 2003. [24] G. Zsidisin, S. Melnyk, G. Ragatz, An institutional theory perspective of business continuity planning for purchasing and supply management, International Journal of Production Research 43 (16) (2005) 34013420. [25] G. Zsidisin, L. Ellram, J. Carter, J. Cavinato, An analysis of supply risk assessment techniques, International Journal of Physical Distribution and Logistics Management 34 (5) (2004) 97413. [26] J.A. Cooke, Brave new world, Logistics Management & Distribution Report 41 (1) (2002) 3134. [27] G.W. Dickson, An analysis of vendor selection: systems and decisions, Journal of Purchasing 2 (1) (1996) 517. [28] T.B. Gooley, Take charge of change! Logistics Management & Distribution Report 38 (8) (1999). [29] D. Machalaba, Q.S. Kim, West coast docks are shut down after series of work disruptions, The Wall Street Journal (Eastern Edition) A.2. (September 30) (2002). [30] I. Mitroff, M. Alpasan, Preparing for evil, Harvard Business Review (April 2003) 109115. [31] B. Seaman, B. Stodghill, Here comes the road test: the Daimler-Chrysler deal, Time 151 (19) (1998) 6669. [32] G. Stafford, L. Yu, A.K. Armoo, Crisis management and recovery: how Washington, DC, hotels responded to terrorism, Cornell Hotel and Restaurant Administration Quarterly 43 (5) (2002) 2740. [33] C. Terhune, Coke sees 12% increase in earnings. Problems in Japan, India are offset by lower taxes and brisk sales in Europe, The Wall Street Journal (Eastern edition) B5 (17) (2003). [34] M. Treleven, S.B. Schweikhart, A risk/benet analysis of sourcing strategies: single vs. multiple sourcing, Journal of Operations Management 7 (4) (1988) 93114. [35] V. Virolainen, M. Tuominen, Hankintatoimeen liittyvat riskit teollisuusyrityksessaK, in: H. Kuusela, R. Ollikainen (Eds.), Riskit ja Riskienhallinta, University Press, Nancy, 1998, pp. 164178. [36] S. Wagner, Intensity and managerial scope of supplier integration, Journal of Supply Chain Management 39 (4) (2003). [37] T.L. Saaty, The Analytic Hierarchy Process, McGraw-Hill Press, New York, 1980. [38] P. Dey, Decision support system for inspection and maintenance: a case study of oil pipelines, IEEE Transactions on Engineering Management 15 (1) (2004) 4756. [39] C. Kahraman, U. Cebeci, Z. Ulukan, Multi-criteria supplier selection using fuzzy AHP, Logistics Information Management 16 (6) (2003). [40] F. Chan, K. Abhary, Design and evaluation of automated cellular manufacturing systems with simulation modelling and AHP approach: a case study, Integrated Manufacturing Systems 7 (6) (1996).

365

[41] R.P. Mohanty, S.G. Deshmukh, Use of analytic hierarchic process for evaluating sources of supply, International Journal of Physical Distribution and Logistics Management 23 (3) (1993). [42] H. Min, Selection of software: the analytic hierarchy process, International Journal of Physical Distribution and Logistics Management 22 (1) (1992). [43] G.R. Finnie, G.E. Wittig, An intelligent web tool for collection of comparative survey data with an application to IS curriculum design, in: Proceedings of the 10th Australasian Conference on Information Systems, Wellington, New Zealand, December 13, 1999. [44] M.L. Peters, S. Zelewski, A heuristic algorithm to improve the consistency t Duisburgof judgments in the analytical hierarchy process. Universita Essen,Essen,Germany [Online], available: http://www.pim.uni-essen.de/ publikationen/peters/bericht18.pdf, 2003. [45] Ishizaka, M. Lusti, An expert module to improve the consistency of AHP matrices, in: Proceedings of the 9th International Conference on Operational Research KOI 2002, Trogir, Croatia, (2003), pp. 215 223. [46] W.C. Wedley, B. Schoner, T.S. Tang, Starting rules for incomplete comparisons in the analytic hierarchy process, in: V. Luis, M.Z. Fatemeh (Eds.), Analytic Hierarchy Process, Mathematical and Computer Modeling, 17, 45, Pergamon Press, Oxford, 1993, pp. 93100. Tong (Teresa) Wu (teresa.wu@asu.edu) is an assistant professor in Industrial Engineering Department of Arizona State University. Teresa has published papers in International Journal of Concurrent Engineering: Research and Application, International Journal of Agile Manufacturing, International Journal of Product Research. She received her PhD from the University of Iowa. Her main areas of interests are in supply chain management, multi-agent system, data mining, computer integrated manufacturing. Jennifer Blackhurst, PhD is Assistant Professor of Logistics and Supply Chain Management in the College of Business at Iowa State University. She received her doctorate in Industrial Engineering from the University of Iowa in 2002. Her research interests include: Distributed Systems/Supply Chain Modeling and Design; Supply Chain Disruption Modeling and Management; and Collaborative Product Development. Her publications have appeared or been accepted in such journal as Journal of Operations Management, International Journal of Production Research, Supply Chain Management Review and ASME Transactions: Journal of Computing and Information Science in Engineering. She is a member of POMS, INFORMS and DSI. Vellay Chidambaram specializes in the elds of manufacturing and warehouse operations, and supply chain management. He currently works for a high-tech computer manufacturing and services company located at Austin, TX. This paper is a masters thesis work pursued by Vellay at Arizona State University in 2003. He graduated with a BE in Mechanical Engineering from Bharathiar University, India and a MS in Industrial Engineering from Arizona State University. Contact address: Vellay Chidambaram, 12001 Dessau Road #1624, Austin, TX 78754, USA. E-mail: vellaychiddu@yahoo.com. Tel.: +1 512 294 8818.