Applying the CRAVE Framework to Strategic Decisions in SCM, with a Container Security

System Example

Girish Gujar and Hong Yan1

Kranti Toraskar2*

1
The Hong Kong Polytechnic University, Hong Kong.
2
University of Macau, Macau, China.
*
( Corresponding Author)

Abstract

This paper systematically argues how the CRAVE (Costs, Risks and Values Evaluation) framework,
developed for global technology deployment (GTD) decisions is equally relevant in the specific
context of strategic decisions related to container security. Specifically, we demonstrate how
CRAVE could be applied to a novel Smart Container-based system for supply chain security. The
paper is inspired by the fundamentals of cost-benefit analysis (CBA) literature in Business
Information Systems (BIS, or IS/IT), and resulting macro observations about today’s SCM scenario.
To be precise , these observations are in terms of major similarities, a déjà vu, between the BIS
scenario of the 1980s, the GTD scenario of the 1990s, and today’s SCM revolution fuelled by the
forces of globalization and resulting global competition. Finally, the paper concludes by illustrating
these general ideas in the specific context of strategic decisions for container security, by applying
CRAVE to a Smart Container-based system for maritime supply chain security.

Keywords: SCM, Container Security, CBA methodology, CRAVE framework

1. Introduction

As the popularity and importance of supply chain management (SCM) systems continues to grow
(Naslund and Williamson, 2010), today it is tempting to put aside any questions related to their cost-
benefits analysis (CBA) (Rothenberg, 2005) for future research to worry about. However, based on
the humongous research available on Business Information Systems (BIS), especially in cost-benefits
related research on IT investment decisions, it seemed reasonable to ask whether cost-benefits related
research on SCM was keeping up with their current popularity and growth! This initial concern is

1
reinforced by recent observations of contagion effects (McFarland et al., 2008) and inflexion points
(Holmes, 2012) in SCM. Because, it was precisely at such contagion-like critical stages of growth in
the BIS (Business-IS/IT), during the 1980s, that MIS/BIS research community began paying serious
attention to cost-benefit analysis (CBA) of business IS/IT, and associated methodological challenges
(Kaplan, 1986). Even a priori, in the absence of any major developments related to cost-benefits of
SCM systems, researchers should wonder whether the currently implicit competition-based need for
SCM and the ever-advancing power of IT, alone can justify all investments in SCM, and for how
long? Second, as is evident from the currently growing attention to the challenges of SCM projects,
their high downside risks as well as their value-adding potential, suggests that it is time SCM
researchers look for more formalized, theoretically sound, analysis/evaluation approaches applicable
to SCM projects of today and tomorrow.

Following the above research rationale, this paper is aimed at contributing to this Conference at two
conceptually important levels: (a) Showing how a unique cost-benefit style evaluation framework,
named CRAVE (Costs, Risks And Values Evaluation) (Joglekar and Toraskar, 1994), is indeed
highly applicable and valuable in today’s SCM arena, and (b) Demonstrating such application in the
specific context of strategic decisions related to Container Security. Briefly, we believe the CRAVE
framework is unique because it was originally tailor-made for the global technology deployment
(GTD) decisions in the manufacturing context of multinational corporations (MNCs), and as we
show in this paper today’s SCM decisions hold many similarities with GTD decisions, thus
increasing CRAVE’s applicability to SCM. Secondly, CRAVE is unique because, not only is it very
comprehensive, formal or explicit, and multi-perspective in character, but that these features of
CRAVE actually emerged as various drawbacks and limitations of the then CBA-practice were
revealed in the context of GTD decisions. Thus, in the first place CRAVE was tailor-made for the
complexities of GTD decisions, and in this paper we show how today’s SCM decisions are so similar
to GTD decisions. It follows that applying CRAVE to SCM decisions should be very promising! In
short, this paper systematically argues how and why the CRAVE (Costs, Risks And Values
Evaluation) framework, originally developed for global technology deployment (GTD) decisions in
multinational corporations (MNCs) in the 1990s, indeed applies equally to today’s supply chain
management (SCM) decisions in general, and then attempts to apply it in the specific context of
strategic decisions related to container security. Specifically, we demonstrate how CRAVE could be
applied to a novel, Smart-Container-based, system for supply chain security.

2
The paper is organized as follows. Section 1 sets the stage by presenting our overarching research
rationale, and what the paper is trying to accomplish in the context of this Conference. Section 2
briefly outlines the major challenges and risks, as well the costs and benefits, associated with the
SCM systems/projects pointing to the need for methodologically strong and sound approaches and
frameworks for evaluating them. Section 3 presents a compact summary of the tough cost-benefit
challenges of global technology deployment (GTD) decisions of the 1990s and the CBA-related
methodological arguments, which led to Joglekar and Toraskar’s (1994) CRAVE framework. We
highlight how CRAVE was indeed tailor-made to handle the special GTD decision characteristics,
i.e. multi-phased, high uncertainty, multi-party, controversial, etc. Knowing these evolutionary
methodological developments (which led to CRAVE rather logically) helps reader to appreciate the
“built-in” logical rigor of CRAVE. CRAVE itself can then be presented rather simply in terms of its
major Principles, Requirements and Guidelines. Section 4 first prepares us for applying CRAVE to
SCM by discussing how today’ SCM decisions share crucial major characteristics with GTD
decisions, and how various stakeholders of SCM (shipping companies, governments, vendors and
regulators) could use CRAVE to make more effective SCM project decisions in general. Finally,
Section 5 illustrates this general idea in the specific context of strategic decisions for container
security; by applying CRAVE to a Smart Container-based system for maritime supply chain security.

2. SCM Today: A Bewildering Mix of Costs, Benefits, Challenges and Risks

Before we can appreciate the CRAVE (Costs, Risks and Values Evaluation) framework and its
methodological strengths in evaluating today’s SCM systems, it helps to first recognize what the
SCM evaluators are up against vis-à-vis the costs, benefits, challenges and risks of such systems.
Given the primarily methodological aim of this paper (i.e. to show how CRAVE is well-suited for
evaluating today’s SCM systems), and the limitations of space, we need not enumerate the detailed
costs or benefits (e.g. training costs, and container examination benefits) of SCM here. All we need
here is an overall appreciation for the rather bewildering variety (i.e. number of types) of costs,
benefits and risks that one must take into account when evaluating today’s SCM systems. Therefore,
only a bird’s eye-view of the vast landscape of the major categories of SCM costs, benefits and risks
is attempted here.

Today, benefits of SCM are popularly described using major categories such as: increased supply-
chain (SC) visibility, better SC coordination, and reduced uncertainty, resulting in a wide variety of
cost-reductions and overall improved SC performance, customer satisfaction and so on (Business-

3
software.com) (Eresourceerp.com). However, for a truly systematic and formalized type of
evaluation that CRAVE insists on, we believe a much more systematic and comprehensive view of
SCM cost/benefits and risks emerges rather logically if we look for them across the different areas
particularly transportation, warehousing and distribution costs, as being relevant here. Conceptually,
a more compact view, which may also be necessary and useful in CBA-related SCM research,
appears in McLaren et al. (2004). This rather comprehensive and multi-level taxonomy of SCM costs
and benefits consists of four major categories: (1) Total cost of ownership or TCO of the system, (2)
Partnership-related Opportunity Costs, (3) Market Responsiveness benefits, and (4) SC Cost-
reduction benefits. Moreover, this taxonomy clearly shows how these four major categories are
systematically broken down into more specific types of costs/benefits, i.e. (1) system implementation
costs, process integration costs and data-transition and integration costs, (2) partnership instability as
well as switching costs, and (3) Reductions in product costs, inventory costs, and process costs.

Supply chain literature today also lists several different phrases under the banner of the
“challenges” to SCM today. SCC summarises the 5 top SC challenges in terms of Superior Customer
Service, Cost Control, Planning and Risk Management, Partnership Relationship Management, and
the institutional talent needed. Again, from the standpoint of a systematic and formalized kind of
evaluation, much work is needed to operationalize these challenges so as to include them in such
evaluations. However, our insights from the methodology of CRAVE (briefly reviewed here in
Section 3), suggest that these challenges need to be clearly operationalized and expressed in terms of
their associated costs, benefits and risks before they can be really incorporated into formal cost-
benefit research in SCM.

While risk has been researched for much longer in the financial, banking and insurance research, SC
risk and security threats came to the forefront of SCM literature mainly after the 9/11 disaster (White
et al., 2002). Still, perhaps following the lead of the financial risk research, in SC research also
attention was initially focused on the economic (i.e. monetary) impacts of SC risks and SC security
threats (White et al., 2002). Thus, more comprehensive, holistic, discussions on supply chain risk
management (SCRM) in general (McCormack et al., SCC Risk Research Team, 2008) (Vanany et al.,
2009), and on global SC security (Thai, 2009) in particular, are just emerging in SCM research.

Given the methodological focus of this paper, here it is necessary to mention our broad observations
about the cost-benefits and risks of today’s supply chains, and about their treatment in any kind of
formal evaluations of SCM projects/systems. First, the wide-ranging variety or the “bewildering

4
mix” of today’s SC cost-benefits implies major challenges of conceptually clear definitions,
measurements and valuations which indicate the need for methodologically powerful
approaches/frameworks for evaluating today’s SCM systems. This need is clearly reinforced by
Naslund and Williamson’s (2009) warning about the “hype and potentially unrealistic claims”
concerning SCM today. Second, the whole issue of “intangibility” of many important costs, benefits,
and especially risks, does not appear to have hit the cost-benefit efforts in SCM. While this is exactly
what was predicted by our déjà vu of the BIS scenario of the 1980s and the GTD scenario of the
1990s, our paper is aimed at averting the same mistakes in SCM cost-benefit research. Third, a
growing awareness and importance of SCM frameworks involving Collaboration, Integration and
Sustainability in SCM literature (Naslund and Williamson, 2009) also suggests that SCM evaluation
approaches will have to be explicitly holistic, multi-perspective, and even proactively facilitating
tough-to-reach (Pareto Optimum) group-decisions involving a variety of stake-holders of SCM today.
(Looking ahead, CRAVE was consciously “designed” to handle precisely such challenges in the
context of GTD decisions.) Finally, presently the so-called SCM challenges, as they are popularly
called, are not sufficiently well-defined and articulated to be of a significant use in formal cost-
benefit research in SCM. Therefore, these challenges need to be conceptualized more clearly, and
operationalized through their associated cost-benefits and risks, before they can be accounted for
(and, if they really mean something, then accounted they must be!) in any kind of cost-benefit
evaluations.

3. CRAVE Framework: A Methodological Development to Deal with the Challenge of GTD

Decisions

The acronym CRAVE stands for Costs, Risks And Values Evaluation. To really generate active
research interests in CRAVE today, it is crucial show how the applicability of CRAVE to SCM
arises quite logically from the methodological challenges before it. For this reason, below, we first
review relevant background of the development of CRAVE, before simply describing it in a
declarative mode. As we see it, global technology deployment (GTD) decisions became the ultimate
battle-ground where Joglekar and Toraskar (1994) conducted the research-diagnosis of these
challenges and, through rather meticulous methodological arguments, logically derived the CRAVE
framework.

5
3.1 Characteristics of GTD Decisions and Related Cost-Benefit Methodological Challenges

Even before GTD became a major concern, since the early 1980s the classical 1 approach called Cost
Benefits Analysis (CBA), and its long-respected computational methods, were being increasingly
challenged by industry experts (Lay, 1985) and academics (Hays and Garvin, 1982). This was
directly in response to the spiralling infrastructure investments at large, which, at the same time,
were deemed necessary in practice to meet business competition. However, it was in the context of
the GTD decisions that crucial issues of multi-stage and multi-perspective complexities (of such
decisions) came to the forefront of analysis. Therefore, it is truly instructive, here, to understand the
exact nature of these GTD decisions in terms of their major characteristics, and how they are
different or similar from other types of decisions.

GTD decision situations, by their very nature, refer to situations where large institutions and their
partners, and/or governments, regulators, global bodies, are considering deploying a large complex
system using a new/old technology (invariably requiring huge investments and significant time-
horizons) over major geographic regions. Readers can think of many obvious examples of such
situations in their own industry or field of expertise, i.e. shipping, or SCM in general, or SC
Container Security. For this methodologically driven paper, we have identified (and somewhat
refined) the following list of general GTD decision characteristics:

1. High Initial, as well as Total, investments/costs

2. Multi-stage, multi-phase, project with significant Time-Horizon, Mile-stones, etc.
3. Wide Variety of Stakeholder Groups at different Hierarchic Levels of:
a. Business and Industry: A Champion MNC or Industry-Group, and their value-chain
Partners,
b. National Governments/Regulators, and Global Bodies like U.N., WHO, World bank
etc.
c. End-User Customers/Consumers of the main product/service of the GTD Project
d. Society-at-large: Affected Non-Users, and concerned NGOs, e.g. Green Peace
4. Technological and Technical Complexities of the:
a. Underlying special Technology involved

6
 b. Business Information Systems (BIS) and communication systems
c. Project Planning, and Project Management

It is interesting to see GTD decisions compare with other kinds of decisions, i.e. the 1980s corporate
IT investments decisions, and the Federal Agency-type public sector decisions (for which, in fact, the
classical CBA methodology created; see Footnote 2). Unlike traditional 1980s, firm-level, IT
investment decisions, GTD decisions are not a simple one-shot approval (or rejection) of a master
plan. Instead, the GTD decision process consists of a guided evolution of option-generating events
and incremental choices or negotiated agreements, in the midst of technological advances and
changes in the host-country's laws and standards. No wonder, GTD decisions are more complex and
controversial, and should not be treated like the 1980s corporate IT decisions.

On the other hand, the success (and even feasibility and the start) of GTD decisions depend on
approval and support from many different stakeholder groups that pursue varied economic and non-
economic values. In this sense, GTD decisions are more like Public Sector decisions rather than
corporate or private-sector decisions of even Today! This rather counter-intuitive, but CRAVE-
crucial, similarity is supported by the fact that most GTD decisions evolve over a period of time
through the actions and reactions of a multitude of participants. For example, an MNC may develop
a tentative GTD plan, and then get local managers, employees, and governments to accept portions
of the plan. Often this process requires a modification of the original plan. The implementation of the
approved portions of the plan may take several years, during which time such factors as technology
advances and changes in local laws may require further modification of the plan. Sounds like any
protracted Public Sector decision that is still pending?

The ensuing cost-benefit evaluation challenges of GTD-type decisions can be captured primarily
through (a) the Intangibility of some costs/benefits, (b) the Risks and Uncertainties of long time-
horizons, technological advances, and socioeconomic-political changes in different countries/regions,
and perhaps most importantly (c) the need for Approval and Support from the Disparate Stakeholder
Groups! Briefly, just from the MNC perspective alone, today’s advanced technologies and systems
based on them have many strategic yet intangible benefits, such as improved management decision-
making, reduced pollution, and a better fit with the company's long term competitive strategy. Such
intangibles are quite difficult to quantify in monetary terms. Intangible cost/benefits in the broader
socio-cultural and climate/environmental context are even harder to quantify and evaluate due to
different valuations by different stakeholder groups. Next, although risk analysis has advanced

7
considerably in finance/insurance arena, risks and uncertainties in the social/political arena are
largely left to subjective assessment today, which brings us to the final challenge.

The challenge of getting different stakeholders to participate in a joint

assessment/evaluation/decision-making process is especially tough, in the first place, because of the
unavoidable (but hopefully, valuable!) role of subjectivity. In GTD decisions, this basic challenge is
further compounded by the presence of significant intangibles (both costs and benefits), risks, and
uncertainties! Simply because of who they are (relative to the system under evaluation), and their
overall perspective or “world-view,” different stakeholders almost always hold differing subjective
views and assessments of such complications. Thus, without an effective process to engage different
stakeholders in a participative and “holistic” dialogue, everything is delegated to their isolated
subjectivities, thereby making joint decisions even harder to arrive at.

3.2 The CRAVE Framework: Its Essential Principles, Requirements and Guidelines

Briefly, the challenges of GTD’s cost-benefit evaluation suggest “dual” requirements for an
approach or overall framework for such evaluation. First, the approach/framework used must follow
some systematic theory/methodology of rational decision-making and evaluation. And second, it
must also be conducive for involvement, and active participation, of the wide variety of partners and
stakeholders mentioned above. We qualified these requirements as dual deliberately, because each
of them is critically important (CSF) for an effective cost-benefit evaluation and yet, each is so
challenging and difficult to achieve, making it likely for an approach/framework itself to focus on
one at the cost of the other, and become lopsided. Simply stated, what GTD situations are calling for
is not only an evaluation-methodology that of course yields rational and objectively defendable GTD
decisions, but also an evaluation-process that explicitly includes and involves the wide variety of
stakeholders whose active participation (in evaluation) is essential for the ultimate success of GTD..
Below, we simply describe it, through its basic principles, requirements and guidelines.

First, at the outset CRAVE is designed as a deliberately formal, explicit, and multi-perspective
evaluation framework, to counteract the often informal, implicit and single-perspective character of
many important evaluations in practice. Secondly, CRAVE explicitly endorses and encourages (or
essentially, requires) the use of the good old classical CBA methodology for all cost-benefit
evaluations. Therefore, CRAVE emphasizes the need to understand, and to capitalize on, the many
rich principles and concepts of the classical CBA when evaluating any complex decisions. Thus, the

8
Figure-1: Process-Flow Logic of the CRAVE Framework, Adapted for Container Security

Stage-1: Enumeration Stakeholder Perspectives:

- Cargo Lead Service Provider

Changes in: - Cargo Manifest Shipper / Consigner
- Container Security Regulatory Authority

No
Can be
measured?

Yes

Stage-2: Measurement
Key issues: - Underlying cargo appraisal (technical issues)
- Joint use of security systems and services

Explicit No
Evaluation?

Yes

Stage-3: Valuation
Key issue is identifying the Source of Values:
- Environmental and Societal value
- Cargo value
- Customer/Consumer value
- Container Security value

Stage-4: Adjustments and Sensitivity

Key issues: - Adjust for time-vale as well as different locales
- Sensitivity analyses around point estimates

Stage-5: Combining (not single-sided Consolidation)

Key issues: - Weighing/scoring of valued against un-valued
- Re-appraisal of the CRAVE-study, if warranted

9
fundamental principles behind CRAVE are same as those of the classical CBA methodology.
Moreover, the CRAVE framework as argued out and constructed by its authors, is actively interested
in avoiding the common pitfalls of prevalent CBA practice. Suffice to say here, CRAVE comes with
a healthy skepticism, namely that merely listing the great principles is not enough; we must also
concretely “show and tell” how those principles are missed in practice, i.e. the pitfalls.

Finally, integral to CRAVE is a 5-stage implementation process for carrying out CRAVE-based cost-
benefit evaluations. We find this implementation process to be a crucial and therefore integral part of
CRAVE, because of the following. First, a clear separation and logical sequencing of the various
activities (i.e. enumeration, measurement, valuation, adjustments, and final integration of CRAVE
clearly makes it a very formal and explicit evaluation framework where, for example, valuation of
observed changes is clearly differentiated from their technical measurement. Second, the logical as
well as process-flow-like character of Figure-1 adds to the overall validity and reliability of the
evaluation process, and hopefully the ultimate decision. Everyone connected with the evaluation can
know exactly what happens in a CRAVE-based evaluation, why and when, etc. Finally, a
presentation tool like Figure-1 (or its project-specific variations) is most useful in making “multi-
perspective” evaluations truly possible, orderly, and most importantly, effective in securing support
from all stakeholders.

3.3 Five Stages of the CRAVE Implementation Process

In the crucial Stage-1, Enumeration, various stakeholder-groups jointly identify any important
Incremental Changes (in their inputs and outputs) expected due to the System being evaluated. Only
the truly measurable ones are then subjected to the technical work of Measurement in Stage-2,
carefully correcting for any double-counting of joint use. Owing to the importance of keeping
valuation of changes separate from their raw measurement, we believe the pivotal Stage-3 (Valuation)
is quite important in the overall CRAVE process. This stage is all about identifying (again, joinly!)
various kinds of values (e.g. monetary, intangible, or purely subjective) accrued to (or perceived by)
various stakeholder-groups as a result of the system being evaluated. Perhaps even more crucial, yet
important, is the Stage-4 where various kinds of risk-analyses, sensitivity analyses, are used to study
their effects on the base-line average values from Stage-3. Wide variety of risks and uncertainties
(financial, physical security, or reputation-related) must be actively dealt with in this stage. Here, it is
important to understand that CRAVE is not tied to any specific mathematical techniques and tools
used in Stage-4, but actively encourages the use of the most applicable and effective ones, depending

10
of course on the type of risk or uncertainty involved. Finally, Stage-5 (Combining) 2 is really about
integrating all component results (from Stage-4) through appropriate weighting and scoring schemes,
again jointly created by the stakeholder-groups. At this point, the task of costs, risks and values
evaluation, that is CRAVE itself, is complete and the resulting recommendations (be it accept/reject,
modify, or re-CRAVE!) goes to the ultimate project decision-makers (where all stakeholder-groups
may or may not be represented).

4. Applying CRAVE to Today’s Container Security Decisions

4.1 How Today’s Container Security Decisions Mirror Global Technology Deployment (GTD)
Decisions

In Section 3, we have already identified the important characteristics of GTD decisions. To bring out
the parallels between GTD decisions and today’s container security decisions, here we rely on those
same characteristics as they can be seen in today’s global supply chain decisions also. Even a cursory
look at today’s global supply chains reveals how related strategic decisions resemble the GTD
decisions described in the earlier sections. Briefly, today’s supply chains (SC) are expanding and
becoming vastly more complex vis-a-vis their organizational, geographical, as well as technological
dimensions. Moreover, such SCs resided mostly within one nation/country. Today, this picture of SC
has transformed radically in two different ways. Even before globalization became intense, large
corporations began expanding their basic SCs to include new business partners. Simultaneously, on
the Technological dimension a host of new ITs (e.g. RFID and Smart Containers) are being actively
considered for use in the latest global-SC designs, promising significant benefits. The ultimate effect
of these increasing, multi-dimensional, complexities of today’s supply chain scenario is that the
related systems and decisions are also becoming very challenging and risky. What is of essence here,
to see the similarities between GTD and today’s container security decisions, is the broad-base fact
that the above multi-dimensional complexities are clearly growing.

Apart from the obvious similarities in their big-budget, Hi-Tech, and multi-stage (significant time-
horizons) character, the growing similarity between GTD and today’s container security decisions
becomes particularly clear along the Stakeholder-Groups dimension. From the four subcategories (a
to d) of this characteristics (in Sec. 3.1), it is easy to see that today’s global SCs, or rather Global
Supply Chain Networks (GSCNs,) are bound to be of interest and/or concern to many disparate

11
stakeholders ranging all the way from its champion MNC, its overseas business-units (BU) and their
partners/suppliers, to various Governmental/Regulatory bodies and NGOs, not to mention the
customers/consumers involved, the system-operators and managerial users. This rich similarity
between GTD and GSCN decisions becomes especially important in view of the Public Sector-like
character that it renders to all such decisions, and the suitability of CRAVE for their multi-
perspective evaluation.

Finally, today, the steadily growing concerns about the all-important global Container Security issues,
and possible risk management solutions (which must be evaluated), make the analogy between GTD
and GSCN decisions almost complete! A wide variety of security-related risks and uncertainties
appear in relevant literature on supply-chain security and SC risk-management (SCRM) today, and
we will not discuss them here. What is important about all such security-related issues here is the fact
that security in general and the associated “state of protection” from threats is a “public good” in
Economics (White et al., 2004). No one truly wants to pay for public goods, and so market forces
alone cannot provide enough incentive for their supply, thereby requiring governments (Public
Sector) to provide them. This view of security as a public good further reinforces the above public-
sector effects of multiple stakeholder-groups effects, thus making today’s SC or GSCN decisions
very similar to the public-sector like GTD decisions. Thus, applying CRAVE to today’s SCM
decisions should be promising.

4.2 Using CRAVE to Evaluate Strategic SCM Decisions in General

The above similarity between GTD decisions and today’s container security decisions already
supports the theoretical applicability of CRAVE to today’s strategic SCM decisions. Therefore, here
we will mainly focus on the more practical, substantive, aspects of such application of CRAVE in
the context of today’s SCM scenario. Given the logical process-flow of CRAVE (Figure-1), this
basically involves outlining “who” does “what,” and possibly “how,” at each stage of the process.
From the overall understanding of CRAVE and its process (Sec. 3), it seems clear that the “who”
here largely depends on the industry context of application (here, today’s SCM scenario), whereas
“what” is to be done is largely dictated by the particular stage in Figure-1. This rationale leads us to
the following outline of many substantive and practical aspects of applying CRAVE to today’s SCM
decisions in general.

12
As a typical example of today’s SCM-related strategic decisions, suppose a logistics service provider
is looking into developing a new facility for its global operations, and wants to use CRAVE to make
the decision. In this scenario, it is easy to see that the stakeholder groups, who should be involved in
applying CRAVE, include at least the following:

• The lead service provider Head-Office (minimally, its Finance, Operations, and Technology
Units).
• Its relevant business-units (BU) and any SC partners (whose cooperation is vital to system
success).
• Relevant Governmental Agencies, Regulatory Bodies, (Customs etc).
• The End-Customer/Consumer groups
• Societal-level concerned NGOs (Security Auditors)

To launch the process in Figure-1, first a CRAVE Working Group (CWG) with representatives from
various stakeholder-groups is formed, and briefed on CRAVE and its process in general (requisite
policy education!). With this CWG and its participants in mind, below we outline what should be
done (and not done) during the various stages of Figure-1, to follow the CRAVE principles and
requirements from Sec. 3.2.

As seen in Figure-1, the focus of Stage-1 (Enumeration) is on identifying the important changes in
resources used, management information output, and of course, the business performance. This may
seem rather straightforward at first, but not so if we remember the various guidelines and
requirements of CRAVE. First and foremost, we must strive to be comprehensive, explicit and multi-
perspective. This basic principle transforms the simple idea above into various qualifications and
requirements, of which we can mention only the major ones here. For example, we must carefully
isolate the incremental changes (e.g. in resource-usage) that can be attributed to change-over to new
system. Also, the various stakeholder groups (hereon, simply participants) should actively engage in
identifying all such changes of interest first from their own perspective, and then jointly, as a super-
group. Not only we enumerate them for all the constituent business-units and groups involved, but
enumerate all different types of such changes shown in Table-1 fixed/variable, direct/indirect, etc.
We do not enumerate specific costs/benefits here, not because the task is indeed huge in practice, but
because CRAVE does not endorse using any specific tools/techniques simply because they are

13
popular or quantitative. SCM literature already contains useful classifications of costs/benefits/risks,
and they should be judiciously employed for such exhaustive enumeration in practice.

Finally, before hastily jumping to Measurement, careful expert consideration is used to separate
meaningfully (and of course explicitly) measurable changes from the un-measurable ones. But, in
CRAVE the un-measurable changes are not simply forgotten or subjected to forced and meaningless
quantification. Instead, they play a vital role in satge-5 where all stakeholders are formally involved
in jointly integrating all changes of interest through proven weighting/scoring techniques.

In contrast to stage-1 where the stakeholder-groups play the active role, stage-2 (Measurement) is
largely delegated to the technical measurement specialists, including cost-accounting experts for
traditional monetary costs. Examples of main issues of concern here include double-counting of joint
costs/benefits, and the common neglect of any changes that do not first appear in monetary/dollar
units. In CRAVE, any change of interest, whether monetary or not, must be measured if it is
measurable in any practical way. The measurement of changes is deliberately isolated from
Valuation of those changes (stage-3) to facilitate and enhance the multi-perspective character of
evaluations, precisely because different stakeholder-groups often assign quite different value
(meaning, importance here) to same magnitude of change.

What goes on during the Valuation stage needs to be carefully understood along several different
dimensions, to recognize its pivotal importance in CRAVE, and thereby to conduct it properly. First,
here, is to keep in mind what is meant by “valuation” of a given change in contrast to its
“measurement.” Moreover, the basic distinction between must be understood by the participants
before they can come up with valuations of different changes from their individual perspectives, and
then try their best to participate in a joint valuation of greatest The critical importancestage-3Here
again, stakeholder-groups play an active role and the overall dynamics of stage-3 is similar to stage-1.

5. Applying CRAVE to Strategic Decisions for Container Security

5.1 Special Characteristics of Container Security Strategic Decisions and How CRAVE Could Handle
Them

The system of international maritime shipping handled approximately 500 million twenty feet
equivalent container units (TEUs) in 2012, of which 41 million TEUs (21 million actual container

14
boxes) came through North American ports. Under normal conditions, the system of international
maritime transport depends on the ability to maintain steady flow of container traffic through the
world’s major ports. Efforts to achieve a secure system must not threaten the economic viability of
the network or by extension, the system of global trade. Consequently, container security should be
viewed in the context of overall security architecture for preventing, disrupting, deterring, and
protecting against terrorism. A comprehensive analysis of the threats posed by international terrorism
requires consideration of our own exploitable security weaknesses as well as the operational
capabilities of the organizations that pose a threat. A security assessment that attempts to fully
account for the costs of enhancing the security of international container traffic in the context of
other threats and vulnerabilities should also factor in counterbalancing, non-terrorism-related
benefits. For example, criminal activities are common in the realm of international container
shipping. Private shippers, insurers, and governments routinely attempt to minimize theft, Customs
violations, and the flow of illegal narcotics and other contraband. Some of the technologies and
equipment recommended here as components in a “systems approach” to detect the transport of illicit
nuclear materials have been developed and marketed commercially for these purposes.

A significant proportion of international shipping passes through very large super ports. Roughly 25
percent of all container handling worldwide is performed at the five busiest container ports—Hong
Kong, Singapore, Pusan, Kaohsiung, and Rotterdam. Early efforts should focus on detecting illicit
nuclear materials at these and other choke points in the international system of maritime shipping.
This level of concentration does not eliminate the need to secure the many smaller installations that
could provide vulnerable entry points, but it makes it possible to begin testing equipment and system
approaches in a few major locations with a realistic expectation that practices adopted at those sites
may, with suitable inducements and economies of scale, spread to cover the rest of the industry.

A security-oriented approach to container inspection should be structured as a “layered defense,”

incorporating independent detection opportunities along the supply chain. System design and
continued system monitoring are as important as appropriate equipment and practices, given that all
static systems and technologies are vulnerable to eventual evasion by a sophisticated enemy.
Attention to minimizing overall system vulnerabilities including those arising from human
operators—is important. To be readily embraced by system participants, the costs of achieving a
secure system will have to be small relative to shipping costs (a few percent of the cost of the goods
shipped), unless significant government subsidies are made available to alleviate the financial burden.
Deciding how to spread these costs fairly, and in such a way as to maximize incentives for

15
compliance among legitimate market participants, will be a critical component in reducing
opportunities for maritime transport to be used as either a conduit for illegal purposes.

5.2 Using CRAVE to Evaluate Strategic Container Security Systems and Decisions

Container security challenges, and possible solutions to deal with them, are at the forefront of the
overall SCM arena today. The applicability of CRAVE to SCM decisions in general was already
demonstrated in Sec. 4, suggesting the general applicability of CRAVE to container security systems
as well. In addition, the above scenario of container security challenges suggest even more
convincing reasons why CRAVE may be particularly valuable in dealing with the strategic decisions
in this area. On the one hand, many new approaches, technological systems and equipments are
currently being developed and proposed both in research literature and commercial context. At the
same time, related literature also reveals a basic dilemma which may be in the way of timely
implementation and deployment of these systems and solutions in practice. The essence of this
dilemma is best understood through various inter-twined issues related to, just as major examples,
the cost of these new security solutions, their adverse impact on supply chain efficiencies, and the
difficulties of estimating their true security benefits, as follows.

As for costs, advanced container security solutions seem to be riddled with many tough questions
arising from the very nature of the “security” concept itself, plus the complexities of its cost-
allocation not only when you seem to have the promised security but also (and especially) when it
fails! We can only briefly allude to some such questions and issues here. First and foremost, due to
the popular view of security as a “public good,” the vexing question of ‘who should pay for security’
seems to always slow down investments in security systems in general. And, in a society anchored
on ‘free enterprise’, this issue becomes particularly nefarious because of the wide variety of
stakeholder groups concerned with it. When security fails, as in case of a damaged cargo container
for example, a host of otherwise dormant questions arise: What are its contents? Are they really
same as those listed on the cargo-manifest, or shipping label, in quantity, quality, etc? If not, who
should bear the cost of associated losses: the carrier, the customer, the insurance company, security-
system vendor/operator, or concerned Regulatory Authority, or any nation-state Government(s)?
Finally, security solutions of any kind inevitably degrade operational systems operations with
additional time-delays, customer inconvenience, frustration, and so on. But, in the end, why these
issues culminate in a dilemma for security systems development today becomes clear when we
recognize that different stakeholder-groups have quite different valuations for many of the changes

16
involved, especially when a suitable forum for communication among them is absent. In addition to
CRAVE’s basic principles and guidelines (Sec. 3.2), it provides precisely this kind of forum for
needed stakeholder communications, and indeed operates it as integral part of its process-logic in
Figure-1 (Sec. 3.3). The obvious inference is that the argument in favour of applying CRAVES to
strategic container security decisions/systems appear to be even stronger than SCM decisions in
general. Below, we work through various stages of the CRAVE process to supplement this inference
in theory, and to illustrate such a process in more practical terms. For succinctness, and limitations of
space, here we adopt a more compact format, segmented by the stages of CRAVE, listing only the
salient issues involved in applying CRAVE specifically to strategic container security decisions and
systems.

Stage-1 Enumeration

The security system/service provider, the shippers and consigners, and relevant Regulatory Authority
(as a minimal set of stakeholders) engage in a comprehensive and explicit enumeration of the various
security threats and vulnerabilities, and the risks they pose. Potential changes in container security,
and corresponding changes in the cargo and cargo manifest must be enumerated. Cases of
Uncertainty, which defy any sensible risk measurement, are explicitly identified for separate
handling as unmeasurable.

Stage-2 Measurement

Measurement of the magnitude of changes must be kept un-influenced by, isolated from, the
valuation stage below. Examples of important issues to deal with again be technical measurements of
the cargo changes, and cases of joint use of resources, most notably the security service resource.

Stage-3 Valuation:

As always for CRAVE, explicit valuation (even if non-quantitative, e.g. using subjective rating and
scoring schemes) of various changes identified in stage-1. Given the public good overtones of
security, values from the societal and environmental perspectives should be estimated by the
stakeholder groups. To be comprehensive, valuations of potential cargo changes, user-perceived
container security changes, as well as from the security system provider’s standpoint should be
covered.

17
Stage-4 Adjustments & Sensitivity Analyses

In the context of security risks and uncertainty, adjustments for different locations, cities, and
geographic regions become more relevant, in addition to the usual time-adjustments (present values)
for corresponding monetary equivalents. Similar, innovative, improvisations need to be explored in
the area of sensitivity analyses.

Stage-5 Combining all Stages

Following CRAVE’s focus on formal and explicit evaluation, container security system’s evaluations
using CRAVE should ideally be first performed separately from that of the overall SCM system,
rather than as only as part of the latter. The results can, and ideally should be, incorporated in the
larger SCM evaluations. However, doing it in this way could help compensate for the common view
of security as either an overhead or a public good, both which suffer from a downward bias on
valuation of security thereby discouraging related strategic investments.

6. Conclusion

In this paper, we have shown how and why the CRAVE framework of cost-benefit evaluation of
GTD decisions of the late 1980s-90s seems rather ideally suited for strategic decisions in SCM, and
especially in container security. The “why” here was argued in terms of the methodological
motivations that led to CRAVE itself, the defining characteristics of the GTD decisions for which it
was tailor-made, and finally, the similarities between the GTD decisions and today’s strategic SCM
decisions, especially related to cargo container security. Furthermore, the “how” was primarily
articulated in terms of the logical process-flow of CRAVE in general, and showing how it can be
operationalized for practical applications of CRAVE in the supply chain arena today, and also
specifically for strategic systems/decisions to meet today’s container security challenges. The unique
match between CRAVE’s ability to deal with the variety of stakeholder-groups and the need for such
ability in the case of strategic SCM/container security decisions was also brought out analytically,
thereby supporting the case for using CRAVE in SCM arena. The hope is that this work will generate
informed interest in CRAVE on part of the SC researchers and practitioners leading to its use in real
world. However, before CRAVE can be truly put to test in practice, significant amount of further

18
work is needed in terms of relevant corporate education about CRAVE itself, and cost-benefit
evaluation approaches in general.

6. References

Dos Santos, B., (1991), Justifying investments in new information technologies, Journal of
Management Information Systems, 7(4) 71-89.

Joglekar, P. and Toraskar, K., (1994), Costs, Risks and Values Evaluation: A Methodology for
Global Technology Deployment Decisions, Proceedings of the Goldring Institute Symposium on
Global Technology, Tulane University, New Orleans (USA), January 1994.

McFarland, R.G., James M. Bloodgood and Janice M. Payan (2008), Supply Chain Contagion,
Journal of Marketing, Vol. 72, No. 2, 78-91.

Naslund, D. and Williamson, S. (2010). What is Management in Supply Chain Management? - A

Critical Review of Definitions, Frameworks and Terminology, Journal of Management Policy and
Practice, vol. 11(4).

Holmes, Chris. (2012). Supply Chains at an inflexion point -Will the use of new technologies offset
increasing costs in the Asia Pacific region? Supply Chain Council (SCC), http://supply-
chain.org/node/19086

Kaplan, R. (1986), Must CIM be justified by faith alone? Harvard Business Review, 64(2), 87-95.

McCormack, et al. (2008), Managing risk in your organization with the SCOR methodology, SCC
Risk Research Team.

Rothenberg, J. (1975), Cost-benefit analysis: A methodological exposition. In Guttentag, H., &

Struening, E. (eds.) Handbook of evaluation research, Vol. 2. Beverly Hills, CA: Sage.

Supply Chain Council (SCC), Supply Chain Operations Reference (SCOR®) Model, Overview -
Version 10.0. http://supply-chain.org/f/Web-Scor-Overview.pdf

19
Thai, Vinh V. (2009), Effective maritime security: conceptual model and empirical evidence,
Maritime Policy & Management, 36: 2, 147-163.

Toraskar, K. and Joglekar, P. (1993), Applying cost-benefit analysis (CBA) methodology for
information technology (IT) investment decisions", Strategic Information Technology Management:
Perspectives on organizational growth and competitive advantage (Eds.: Banker, R.D., Kauffman,
R.J., & Mahmood, M.A.) Idea Group Publishing, pp. 119-142.

Vanany, I., Zailani, S. and Pujawan, N., (2009), Supply Chain Risk Management: Literature Review
and Future Research, Int’l Journal of Information Systems and Supply Chain Management
(IJISSCM), 2(1), January-March 2009, pp. 16-33.

White et al., (2004). A research agenda for supply chain security and productivity, NSF Security-02
paper.

20