Abstract
How are risks managed in organizations? A conformist answer to this question is that all the plausible risks are first identified, then assessed and finally mitigated or treated. Grounded on a single in-depth case study of a leading global manufacturing organization and anchored in David Whetten’s framework for theoretical contributions, this chapter reveals that risk management in practice is not as holistic, single-level and time-independent activity as it is presumed to be in the theory and widely referred to standards. The findings suggest that different risks are managed using a multitude of methods during diverse activities within the supply management process by different personnel positioned at various hierarchical levels of the organization. Consequently, this paper contributes to an alternative understanding of risk management , referred to as the paradox of risk management which is a fragmented, multilevel and time-dependent process. Though this chapter draws on a single case of a large global organization and reveals risk management from the supply management practice perspective, the results may plausibly be valid for other large organizations operating in the supply chain context. As a result, this paper is expected to support the research community in developing practically rational models as well as provide assistance to managers of large complex organizations in forming a holistic understanding of supply chain risk management .
Access provided by Autonomous University of Puebla. Download chapter PDF
Similar content being viewed by others
Keywords
1 Introduction
Theoretically, the risk management process, regardless of its domain of application, consists of at least three linear steps: risk identification, risk assessment and risk mitigation (Purdy 2010; Sodhi et al. 2012). A key assumption here is that a team of people will first identify all the plausible risks by generating a process map of the supply chain or consulting a risk register. Next, these identified risks will undergo a suitable assessment method. Lastly, based on the prioritized values of these risks or assessment scores, suitable measures will be taken. This implicit assumption provides a holistic, single-level and time-independent view of the risk management process, which unfortunately is hardly ever challenged. This is probably because, with a few exceptions (Norrman and Jansson 2004; Ellegaard 2008; Kayis and Karningsih 2012), not many studies in the area of supply chain risk management focus on how the identification, assessment and management of risks are actually carried out inside an organization.
This paper is based on the serendipitous findings from a leading global organization, in which the risk management practice did not match the above portrayal of risk management in the theory (Ho et al. 2015) and widely referred to standards (ISO 2009). To reveal this anomaly between theory and practice, the principal research questions explored in this study are: (1) how are risks managed (i.e., identified, assessed and mitigated) inside a large global organization and (2) why may risk management in practice differ from the theory and widely accepted standards?
To delimit the scope of this paper, the focus is on supply risk management . The rationale behind this delimitation is the seminal paper by Tang (2006), in which the author conceptualizes four basic approaches to supply chain risk management : supply management, product management, information management and demand management. This paper stresses the supply management approach to managing supply chain risks. Furthermore, to reveal the paradox and to form an alternative conceptualization of risk management , Whetten’s (1989) framework for theoretical contributions is applied. This forms the basis for the key contribution of this paper, which is the assertion that risk management in practice is not as holistic, single-level and time-independent activity as it is presumed to be in theory (Ho et al. 2015) and is widely referred to standards (ISO 2009). Thus, the hope is that this paper will assist researchers in supply chain risk management to develop models that are much closer to reality. Moreover, this paper is expected to enable practitioners to recognize the risk management activities that are carried out within a particular process (e.g., supply management) in a large global organization. This understanding will guide managers towards a more comprehensive picture of supply risk as well as its identification, assessment and mitigation methods. The rest of the chapter is organized in the following sections: literature review, research design, results, discussion, conclusions and future directions.
2 Supply Management Process
The terms “purchasing”, “sourcing” and “supply management” are used interchangeably in the literature. However, supply management, in addition to conventional procurement activities, such as searching for and selecting suppliers, order allocation and payment, involves activities such as strategic sourcing and the receiving and inspection of delivered goods (Fraser et al. 2011). According to Tang (2006), supply management deals with five interrelated issues: (1) supply network design; (2) supplier relationship; (3) supplier selection; (4) supplier order allocation and (5) supply contract. For all these issues, certain activities are performed to manage and ensure the supply of incoming materials. For instance, supplier networks can be redesigned by performing activities such as altering the available suppliers and manufacturing facilities. Similarly, supplier relationships can be nurtured by segmenting suppliers into different segments and then deploying strategies for each segment. In supplier selection, the typical activities performed are identifying supplier selection criteria, finding suppliers and selecting suppliers. In this paper, the supply management process of the case organization is examined by scrutinizing four critical activities that are carried out to manage the supply: new supplier selection, strategic sourcing, delivery and inspection and managing the portfolio of existing suppliers.
3 Supply Risk Management
The two predominant sources of supply risks are inbound supplier failures and failures occurring in the supply market (Zsidisin 2003). Inbound supplier refers to a supplier that belongs to the upstream part of the supply chain . Similar to supply chain risk management , the management of supply risk passes through the stages of risk identification, assessment and mitigation (Ho et al. 2015). The difference is that supply chain risk , contrary to and in addition to supply risk , encompasses operational risk and demand risk (Manuj and Mentzer 2008). In this paper, only supply risk management activities that are performed during the supply management process are recognized. Four critical risks from upstream suppliers are identified: financial risk, sourcing risk, performance risk and sustainability risk. The following subsections extract from the literature the key methods for risk identification, assessment and mitigation for managing supply chain risk .
3.1 Risk Identification
The methods for identifying risks are classified into four different categories: common listing, taxonomy-based, scenario-based and objective-based process mapping (Singhal et al. 2011). The common listing approach (Christopher et al. 2003) lists the historical events of risks. In comparison, the taxonomy-based approach (Lockamy and McCormack 2012) provides a framework to extract and organize risk identification activities from business functions. Scenario analysis (Dani and Ranganathan 2008), on the contrary, analyses the key risk factors and their effects on supply chain performance. In addition to identifying risk and creating a risk profile for an organization, the scenario analysis approach assists in building contingency plans for treating various risks. Process mapping , such as process failure mode and effect analysis (PFMEA) (Canbolat et al. 2007) and hazard and operability analysis (HAZOP) (Tummala and Schoenherr 2011), as opposed to the previous approaches, displays the root causes of failures due to risk exposure . Most of these risk identification methods share the holistic assumption of risk management and attempt to recognize all possible risks an organization may have.
3.2 Risk Assessment
The assessment of supply risk has received much more attention than that of risk identification (Ho et al. 2015). The prevalent risk assessment methods in the literature are the risk matrix (Griffis and Whipple 2012), the analytical hierarchy process (AHP) (Radivojević and Gajović 2014), scenario analysis (Asbjørnslett 2008), different types of FMEA (failure mode effect analysis) (Kumar et al. 2013), frequency space (Ganguly and Guin 2011), multi-criteria scoring (Lockamy and McCormack 2012), the risk pyramid (Tummala and Schoenherr 2011) and so on. Few authors have combined both identification and assessment methods of risk. For instance, Cagliano et al. (2012) have developed a methodology for supply chain risk identification and analysis. Though the above-mentioned techniques are different, they as well share the holistic assumption of risk management and try to assess all possible risks an organization may have using one particular method.
3.3 Risk Mitigation or Treatment
Like risk assessment , risk mitigation has also received significant attention from scholars (Ho et al. 2015). Supply risk can be treated by adopting behaviour-based management techniques (Zsidisin and Ellram 2003), by creating strategic supplier relationships (Hallikas et al. 2005), by reducing the supply base complexity (Choi and Krause 2006), by determining the optimum number of suppliers (Ruiz-Torres and Mahmoodi 2007) and by choosing dual sources instead of single sources (Li et al. 2010). Furthermore, a few authors, in addition to Tang (2006), argue for the criticality of the supply management process for the management of supply risk . For instance, Gualandris and Kalchschmidt (2014) introduce the concept of risk management preparedness and claim that the preparedness of supply chain risk management depends on factors such as supplier integration and development, strategic sourcing, supplier selection, supplier portfolio management and manufacturing postponement. Similarly, Reuter et al. (2010) argue that supplier risk management must be tightly interlocked with the supplier management process.
4 Case Study Methodology and the Single-Case Design
To understand risk management from the supply management practice perspective and answer the research questions, this paper uses a single, in-depth, embedded case study design with the supply management process as the unit of analysis (Yin 2009). A single-case study design is chosen because of its ability to provide a rich as well as a deep understanding of the complexity of the reality (Benbasat 1987). Although single-case studies are rare, they are not entirely absent from the extant literature on supply chain risk management . A few notable ones are those by Norrman and Jansson (2004), Ritchie and Brindley (2007) and Ghadge et al. (2012). Among these studies, only that by Norrman and Jansson (2004) looks closely into the empirical case of Ericsson and presents in detail Ericsson’s method of managing supply chain risk . This paper, in comparison with Norrman and Jansson’s (2004) study, dives deeply into the risk management activities within the supply management process of a large global organization.
4.1 Empirical Setting
The case organization is a conglomerate of 200 independent subsidiary companies (i.e., business units) spread across 70 countries around the world. Since its inception in 1994, by growing inorganically through acquisitions, the case organization has developed from a regional company into an international group with a current sales value of 7 billion euros and 43,000 employees. The principal product historically has been automatic and manual door locks (product 1). Over the years, the group has diverged into products such as electronic ID and access cards (product 2) and entrance solutions (product 3) to facilities such as hospitals, stadiums and hotels. To manage the diverse as well as dispersed business units, a decentralized management structure is adopted by the top management of the group. As a result, three regional divisions and two global product divisions work independently to manage the business units under each division. A comparative picture of these five divisions is presented in Fig. 1. Divisions A, B and C manufacture and sell product 1 and are located in America, Europe–Africa–Middle East and Asia Pacific, respectively. Divisions D and E operate globally and sell product 2 and product 3, respectively.
Case organization’s global presence and sales mix
4.2 Data Sources
To ensure triangulation of information (Eisenhardt and Graebner 2007), data were gathered from three distinct sources: (1) semi-structured interviews, meetings and discussions with multiple respondents; (2) internal documents that are not available publicly and (3) observational data obtained during interviews, meetings and discussions.
4.2.1 Semi-structured Interviews, Meetings and Discussions
Eighteen respondents were interviewed from the case organization, positioned at different levels (e.g., three vertical levels, i.e., the group level, divisional level and business unit level and five horizontal levels, i.e., five divisions). The chief technology officer, the group supply chain director, the group quality and sustainability manager and the group risk insurance manager were from the group level. Sourcing directors and category managers were from the five divisions of the case organization and represented the divisional level. Purchasing managers represented the business unit level. Most of the respondents from the case organization were met multiple times during interviews, meetings and discussions held over a period of eight months. Additionally, one respondent from a key supplier and two respondents from the insurance provider of the case organization were interviewed to gather information about supply risk management from all the relevant sources.
4.2.2 Documents
The respondents were asked to provide presentations, Excel sheets, risk reports and audit reports. A total of 48 risk-related documents were collected from the organization. The documents included information on supplier criticality assessments, supplier risk assessments, manufacturing site risk assessments, sustainability audit reports, presentations on the case organization’s risk management strategies, supply chain failures and sourcing strategies.
4.2.3 Observational Data
The observational data consisted of actual notes from interviews, meetings, discussions and a factory visit. During the factory visit, the author spent an entire day with a purchasing manager of the case organization to scrutinize in detail the risk management activities performed during the supply management process at the business unit level.
4.3 Data Analysis
The data analysis is performed based on the framework questions proposed by David Whetten (1989) for evaluating theoretical contributions. According to Whetten (1989), a complete theory has to have certain key elements, which can be assessed by asking basic questions such as what, who, where and when, how and why. From his perspective, the “what” element is a variable, construct or concept. In this paper, “what” refers to the supply risk of concern. The “who”, “where” and “when” elements, in the author’s opinion, set the boundary conditions for the theory. In this paper, “who” refers to the person who manages (i.e., identifies, assesses and mitigates) the risk. The “where” and “when” elements, respectively, refer to the location of the risk and the process in which a particular risk is managed. Although, according to Whetten (1989), the “how” element refers to the mechanisms of relations among the constructs/variables/concepts, in this paper the how element answers the question of how a particular risk is identified, assessed and mitigated. Lastly, the “why” element, according to the author, refers to the underlying factors that explain the relationships between the concepts. Likewise, the why element in this paper refers to the rationale behind a particular method for managing risk in the case organization.
5 Supply Management Process in the Case Organization
Supply management in the case organization is a group-level function. As a result, although the organization is divided into five decentralized divisions, the activities carried out to manage the supply within these five divisions are more or less similar. This subsection is organized according to the critical activities of the supply management process that were discussed in the literature review section as well as being found to be performed in the case organization. These activities are: (1) selection of new suppliers; (2) strategic sourcing; (3) receiving and inspecting goods and (4) managing the portfolio of existing suppliers.
5.1 New Supplier Selection
Supplier selection is considered as one of the key processes for managing the supply of material. The rationales are that the case organization wants to be innovative and cost-efficient and to increase its market presence. Therefore, having new suppliers in the portfolio of existing suppliers is quite important for the organization. According to the procurement director of division B:
… quite frankly, in direct procurement, we have 3400 suppliers at this moment in time; I have put in plan that we will drive down to 1000 by 2020 and of that thousand in 2020, my feeling is 500 will be brand new suppliers.
The above quote projects how critical it is for the case organization to search for new suppliers. The category managers of the case organization were mandated by their respective sourcing directors to select new suppliers. Thus, the new supplier selection is carried out at the divisional level.
5.2 Strategic Sourcing
The term strategic sourcing translates into strategies that are decided at the group level by the group supply chain director. These strategies are to have a limited number of suppliers, strategic partners, supplier agreements, category management, value engineering, a sustainable supply base and zero-defective suppliers (source: company internal presentation). Strategic sourcing, like new supplier selection, is performed at the divisional level. The sourcing directors have the mandate to develop and decide on appropriate sourcing strategies for sourcing key categories of each division. In comparison, the category managers operationalize those strategies and source from the suppliers accordingly. According to the quality and sustainability manager of the group, professional sourcing is about keeping the supplier base limited, choosing strategic partners, managing categories, building supplier relationships, developing suppliers and reducing costs. In his words:
We need a limited number of suppliers and strategic partners … The other thing is the category of management, which is how we organize our categories and sourcing; that is, the glue that contains the supplier relationship, which supplier to develop, how to reduce cost, etc.
5.3 Receiving and Inspecting the Delivered Goods
In the words of a purchasing manager in the case organization, the responsibility of a purchasing manager is as follows:
We are responsible for the supplier base. We do commercial agreements, prices, on-time delivery, frameworks and rules for working with suppliers.
The above quote portrays the types of activities that are performed at the business unit level of the case organization by the purchasing managers. These activities are making agreements with suppliers, setting the prices and ensuring on-time delivery of the purchased items.
5.4 Managing the Portfolio of Existing Suppliers
To manage the portfolio of existing suppliers, one of the key activities performed at the case organization is to carry out sustainability audits. Having a sustainable supply base is a group-level strategy. The group has a corporate KPI for how many suppliers are audited within a year. According to the group’s quality and sustainability manager.
Given that it is a sizeable and decentralized organization, shaped by acquisitions, and a growing number of suppliers in low-cost countries, of which some perform manual labour, it is fair to say that the company’s supply chain has inherent risks.
The above quote demonstrates the case organization’s need to perform sustainability audits on a regular basis because of the growing number of suppliers in low-cost countries with manual labour.
6 Supply Risk Management in the Case Organization
Supply risk management in the case organization is deeply coupled with the supply management processes. At the corporate level, the group has a risk management function. However, this function manages business risks for the case organization. The management procedure for this risk is to transfer the risk to the insurance provider. The properties (e.g., business units) are insured by the insurance provider for risks such as physical damage to the manufacturing units due to fires and natural disasters. However, as an extension of this insurance, and for some rare cases, business units can also be insured for suppliers’ failures. All these are evident in the following quote by the group risk insurance manager.
So, there is a risk management process within the group for each division … Our main partner is X, which is also our insurance company, for property and business interaction … Obviously, they target the most profitable and the biggest values (business units), wherever they are. Within the insurance coverage, there is also cover for suppliers and the supply chain , and that goes for as many tiers as you like.
Apart from the business risk, which is managed by the insurance provider of the case organization, four types of risks are observed to be identified, assessed and mitigated across the five supply management processes of the organization. All these risks are mapped according to the Whetten (1989) framework in Table 1 and discussed in the subsequent sections.
6.1 Financial Risk
Financial risk from suppliers is identified, assessed and mitigated during new supplier selection at the divisional level by the category managers. Financial risk refers to the risk of suppliers becoming bankrupt. The identification process of such risk in the case organization is to check suppliers’ financial health in a public database named Dun & Bradstreet (D&B). Dun & Bradstreet (D&B) is an organization that holds credit reports on 235 million companies across 200 countries worldwide. By looking at suppliers’ financial performance (e.g., payments to suppliers’ supplier) over several years, category managers can predict the future bankruptcy risk from suppliers. The mitigation process of such risk is as simple as not selecting or not including a financially unstable supplier as a new supplier to the group. The reason for this risk being identified, assessed and mitigated at the divisional level and by the category managers is that category managers are the ones who are responsible for selecting suppliers as well as being entitled to include new suppliers in the existing supply base.
6.2 Sourcing Risk
Sourcing risk from suppliers is identified, assessed and mitigated during the sourcing of materials from the existing portfolio of suppliers at the divisional level by the sourcing directors and the category managers. It includes risks such as volume dependence on suppliers, dependence due to a sole sourcing situation or dependence because suppliers are contract manufacturers and produce customized products only for the case organization. Such risk is identified and assessed in two ways: first, by performing a spend analysis of the purchased goods and material, which gives an indication of how large a volume in monetary values is purchased from a particular supplier and, second, by using matrices such as that of Kraljic (1983), which gives an indication of the supply market of the purchased goods and services. The sourcing risks that are identified and assessed by Kraljic’s (1983) matrix are related to the nature of sources (e.g., single source, dual source), the nature of the buyer–supplier power relationship, criticality and the scarcity of the raw material. The mitigation procedures that are followed in the case organization for such risks are to keep dual sources instead of single sources, keep inventories for critical items and redesign the product with an alternative material when its current raw material is scarce. The reason for this risk is identified, assessed and mitigated at the divisional level and by the sourcing directors and category managers, as they are the ones who are responsible for deciding and implementing sourcing strategies for a particular category of materials.
6.3 Performance Risk
Performance risk from suppliers is identified, assessed and mitigated during delivery and inspection of the purchased material, at the business unit level, by the purchasing managers. Risks such as quality risk and delivery risk are considered as performance risk from suppliers. The identification and assessment technique of such a risk is to check it against the key performance indicators (KPIs) for the suppliers. To judge the quality risk from a supplier, the measurement procedure is to count the number of quality complaints raised against it. Similarly, to assess the delivery risk, the number of times that suppliers met the on-time delivery requirement is checked. The mitigation technique for such a risk is to raise quality claims with the supplier and blacklist non-performing suppliers so that no further orders are given to them. The reason for this risk being identified, assessed and mitigated at the business unit level and by the purchasing managers is that the purchasing managers are responsible for receiving and inspecting the materials delivered by the suppliers.
6.4 Sustainability Risk
Sustainability risk from suppliers is identified, assessed and mitigated while carrying out sustainability audits. These audits are driven by the group quality and sustainability manager, who is positioned at the group level. The risks that are considered under the umbrella of sustainability risk from suppliers are ethical concerns, workers’ rights, health and safety issues, issues with the working environment and management system and so on. The identification and assessment procedure of such risk is to perform sustainability audits on suppliers from low-cost countries. The mitigation procedure that follows such sustainability audits is to warn non-sustainable suppliers as well as removing suppliers that are high in sustainability risk. The reason for this risk being identified, assessed and mitigated at the group level and by the quality and sustainability manager of the group is that he is responsible for carrying out sustainability audits of low-cost country sources.
7 Discussion
This section of the paper is guided by the research questions for this study. The research questions are: (1) how are risks managed (i.e., identified, assessed and mitigated) inside a large global organization and (2) why may risk management in practice differ from the theory and widely accepted standards?
7.1 How Are Risks Managed (i.e., Identified, Assessed and Mitigated) Inside a Large Global Organization?
The results reveal that various types of risks are identified and assessed using different methods. For instance, financial risk from suppliers is identified and assessed by checking a public credit report database, whereas sustainability risk is identified and assessed by carrying out sustainability audits. For research, this finding implies that methods for risk identification and assessment are required to be customized for the risk in concern. In other words, a method for identifying and assessing financial risk cannot be used for identifying and assessing sustainability risk. Most models in literature for risk identification (e.g., Christopher et al. 2003; Lockamy and McCormack 2012) and assessment (e.g., Ganguly and Guin 2011; Griffis and Whipple 2012) typically attempt to identify and assess all possible risks an organization may have. Possibly because, these models rely on the holistic perception of risk management .
Findings also suggest that for mitigation techniques , the case organization closely follow the prescriptions of literature and vary techniques depending on the type of risk being managed. For example, the mitigation technique for a risk of high-volume dependence on a supplier is to distribute the volume between at least two sources (Li et al. 2010). In comparison, the mitigation technique for non-performing suppliers is to blacklist them and not to source from them, which is a kind of behaviour-based management (Zsidisin and Ellram 2003) of risk. For research, this implies that when it comes to mitigation techniques , unlike for risk identification and assessment, the practice closely matches the theory.
The findings also reveal that different types of risks are managed at different levels of the organization (e.g., the corporate level, divisional level and business unit level). For instance, financial and sourcing risks are managed at the divisional level, whereas sustainability risk is managed at the corporate level. Moreover, performance risk is managed at the business unit level. Furthermore, the results from the analysis also show that different types of risks are managed by different personnel of the organization. For instance, the sourcing director and category managers manage sourcing-related risk. In comparison, purchasing managers manage quality risk and delivery risk. Similarly, sustainability risk is managed by the group’s quality and sustainability manager and financial risk is managed by the category manager. These findings go against the holistic, single-level perception of risk management which is a team of people from several functionalities (e.g., production, marketing and quality ) identifies and assesses all plausible risks of an organization and mitigates risks based on the prioritized scores of different risks. For research, these findings imply that in reality different risks can be identified, assessed and mitigated in parallel by several people positioned at various hierarchical levels of an organization. In other words, risk management in practice may not be as integrated as it is presumed in theories.
The outcome of this study also demonstrates that various types of risks are identified, assessed and mitigated during various processes. For instance, financial risk from suppliers is managed during the new supplier selection process, whereas sourcing risk is managed during the sourcing process. Similarly, performance risk is checked only when a supplier is delivering goods to the organization. For research, this implies that various risks may become relevant at different times during the supply management process. In other words, this finding suggests that it may not be possible to identify all possible risks from suppliers during a new supplier selection process because only when the chosen supplier has started delivering goods, can the performance risk from that supplier be recognized.
In sum, the above findings reveal that different types of risks are managed in parallel, at different hierarchical levels of the organization (e.g., divisions, group level and business unit level). The findings consequently question the conventional notion of risk management , which is holistic, single-level, time-independent and thought to be performed by a group of people who identify all the risks so that these risks can be assessed and mitigated. Accordingly, the findings present a fragmented, multilevel and time-dependent view of risk management from the case of a large global organization.
7.2 Why May Risk Management in Practice Differ from the Theory and Widely Accepted Standards?
Based on the results of this paper, this question can have at least three plausible answers. The first is that different risks are owned by different people working at various hierarchical levels of the organization set by the division of labour for managing the supply. Therefore, they manage the risk that they own and use different methods to identify and assess it based on the risk of concern. For instance, because category managers are responsible for new supplier selection, they check the risk (e.g., financial risk) that is relevant for selecting a new supplier. Similarly, a sustainability manager who is responsible for maintaining a sustainable supply base manages the sustainability risk from the supplier. The identification and assessment of this risk are performed while he carries out sustainability audits on suppliers.
The second is that the supply risk is managed during the supply management process and is not managed by a separate risk management function in the organization. This is because, even though the case organization has a risk management function at the corporate level, the risk handled by this function is business-related risk and in this particular case, it is the risk of property damage of the case organization’s manufacturing facilities. The management procedure for that risk is to buy insurance from the insurance provider. However, the key question here is whether or not it is possible to manage supply risk within the corporate risk management function. For this particular case, it was not feasible to manage the supply risk within the corporate risk management function because of the nature of the organization.
Consequently, the third plausible answer relates to the structure of the case organization. The case organization is large and operates in 70 countries around the world. It has 200 independent companies under its umbrella, managed by 5 independent and decentralized divisions. Though in every respect, the case organization is one focal firm (e.g., a manufacturing firm) in its supply chain , which consists of numerous suppliers, distributors, wholesalers and customers, it is still not a single organization. To match the diverse supply and customer bases that this particular organization has, the organization needs to be decentralized and dispersed around the globe. This kind of structural diversification of an organization is not new in the organizational theory and design literature and has long been discussed by scholars such as Thompson, March, Simon, Lawrence and Lorsch and termed requisite variety (Dooley 2002). Hence, it is nearly impossible for large and complex organizations to manage supply risk by a group of people at the top level of the organization or by a corporate risk management function. Therefore, risk management activities have to be designated to different people at different hierarchical levels of the organization based on the roles, responsibilities and functions performed.
To summarize, risk management practice may differ from the theoretical assumption of holistic, single-level and time-independent activity because different people may own diverse risks, they may be managing these risks within a particular process (e.g., supply management), and the structure of the organization may create an obstacle for managing risk holistically.
8 Conclusions and Future Research Directions
How are risks managed in organizations? The findings from this paper reveal that risks that arise at different times of a supply management process are managed by different people, working at different levels, using different methods for the identification, assessment and mitigation of risks. The key contribution of this study is this paradoxical view of risk management , which is much more fragmented than is presumed in theories. Conventional risk management theories are anchored in a monolithic view of organizations that is holistic in nature. By using Whetten’s (1989) framework for theoretical contributions, this paper discovers that risk in large, global and complex organizations may not be managed by a group of people identifying, assessing and mitigating all types of risks altogether. Moreover, the findings also reveal that not all organizations may manage supply risk as a corporate function. The reality is that risks such as supply risk may be managed within the supply management process of large global organizations. This requires the involvement of different people, because no single individual can manage the whole supply management process. Therefore, the management of such risks has to account for the division of labour, associated diversification of functions, roles and responsibilities as well as the decentralized structure that may exist in large organizations.
Consequently, future models need to be adjusted to this fragmented and silo-based view of risk management . In other words, as necessary as it is to develop models that can identify and assess all risks together, the silo nature of risk management suggests that models to identify and assess a particular type of risk are also required. For instance, models that can predict the financial health of a number of suppliers from a public database or can assess sustainability risk from suppliers. Furthermore, future research should be directed towards understanding why risk management practices in large organizations may occur in silos. Moreover, this paper reveals one (e.g., supply management) of the four approaches to managing supply chain risk by Tang (2006). Future research can also check how supply chain risks are managed by handling the demand, product or information or all of these together.
References
Asbjørnslett, B. E. (2008). Assessing the vulnerability of supply chains. In G. A. Zsidisin & B. Ritchie (Eds.), Supply chain risk (pp. 15–33). New York: Springer.
Benbasat, I. (1987). The case research strategy in studies of information systems case research. MIS Quarterly, 3(3), 369–386.
Cagliano, A. C., De Marco, A., Grimaldi, S., & Rafele, C. (2012). An integrated approach to supply chain risk analysis. Journal of Risk Research, 15(7), 817–840.
Canbolat, Y. B., Gupta, G., Matera, S., & Chelst, K. (2007). Analysing risk in sourcing design and manufacture of components and sub-systems to emerging markets. International Journal of Production Research, 46(18), 5145–5164.
Choi, T. Y., & Krause, D. R. (2006). The supply base and its complexity: implications for transaction costs, risks, responsiveness, and innovation. Journal of Operations Management, 24(5), 637–652.
Christopher, M., Peck, H., Rutherford, C., & Jüttner, U. (2003). Understanding supply chain risk: A self-assessment workbook. Cranfield University: Department for Transport.
Dani, S., & Ranganathan, R. (2008). Agility and supply chain uncertainty: A scenario planning perspective. International Journal of Agile Systems and Management, 3(3/4), 178–191.
Dooley, K. (2002). Organizational complexity. In International encyclopedia of business and management (pp. 5013–5022).
Eisenhardt, K. M., & Graebner, M. E. (2007). Theory building from cases: Opportunities and challenges. Academy of Management Journal, 50(1), 25–32.
Ellegaard, C. (2008). Supply risk management in a small company perspective. Supply Chain Management: An International Journal, 13(6), 425–434.
Fraser, J. P., Leenders, M. R., & Flynn, E. A. (2011). Purchasing and supply management. New York: McGraw-Hill.
Ganguly, K. K., & Guin, K. K. (2011). understanding supply risk in supply chain: A fuzzy framework. International Journal of Logistics Systems and Management, 8(3), 267–283.
Ghadge, A., Dani, S., & Kalawsky, R. (2012). Supply chain risk management: present and future scope. International Journal of Logistics Management, 23(3), 313–339.
Griffis, S. E., & Whipple, J. M. (2012). A comprehensive risk assessment and evaluation model: proposing a risk priority continuum. Transportation Journal, 51(4), 428–451.
Gualandris, J., & Kalchschmidt, M. (2014). A model to evaluate upstream vulnerability. International Journal of Logistics Research and Applications, 17(3), 249–268.
Hallikas, J., Puumalainen, K., Vesterinen, T., & Virolainen, V.-M. (2005). Risk-based classification of supplier relationships. Journal of Purchasing & Supply Management, 11(2–3), 72–82.
Ho, W., Zheng, T., Yildiz, H., & Talluri, S. (2015). Supply chain risk management: A literature review. International Journal of Production Research, 7543(September), 1–39.
ISO. (2009). ISO 31000:2009—Risk Management—Principles and Guidelines, 2009.
Kayis, B., & Karningsih, P. D. (2012). SCRIS: A knowledge-based system tool for assisting manufacturing organizations in identifying supply chain risks. Journal of Manufacturing Technology Management, 23(7), 834–852.
Kraljic, P. (1983). Purchasing must become supply management. Harvard Business Review, 61(5), 109–117.
Kumar, S., Boice, B. C., & Shepherd, M. J. (2013). Risk assessment and operational approaches to manage risk in global supply chains. Transportation Journal, 52(3), 391–411.
Li, J., Wang, S., & Cheng, T. C. E. (2010). Competition and cooperation in a single-retailer two-supplier supply chain with supply disruption. International Journal of Production Economics, 124(1), 137–150.
Lockamy, A. I., & McCormack, K. (2012). Modeling supplier risks using Bayesian networks. Industrial Management & Data Systems, 112(2), 313–333.
Manuj, I., & Mentzer, J. T. (2008). Global supply chain risk management strategies. International Journal of Physical Distribution and Logistics Management, 38(3), 192–223.
Norrman, A., & Jansson, U. (2004). Ericsson’s proactive supply chain risk management approach after a serious sub-supplier accident. International Journal of Physical Distribution & Logistics Management, 34(5), 434–456.
Purdy, G. (2010). ISO 31000:2009—Setting a new standard for risk management. Risk Analysis, 30(6), 881–886.
Radivojević, G., & Gajović, V. (2014). Supply chain risk modeling by AHP and fuzzy AHP methods. Journal of Risk Research, 17(3), 337–352.
Reuter, C., Foerstl, K., Hartmann, E., & Blome, C. (2010). Sustainable global supplier management: the role of dynamic capabilities in achieving competitive advantage. Journal of Supply Chain Management, 46(2), 45–63.
Ritchie, B., & Brindley, C. (2007). an emergent framework for supply chain risk management and performance measurement. The Journal of Operational Reseach Society, 58(11), 1398–1411.
Ruiz-Torres, A. J., & Mahmoodi, F. (2007). The optimal number of suppliers considering the costs of individual supplier failures. Omega, 35(1), 104–115.
Singhal, P., Agarwal, G., & Lal Mittal, M. (2011). Supply chain risk management: review, classification and future research directions. International Journal of Business Science and Applied Management, 6(3), 15–42.
Sodhi, M. S., Son, B.-G., & Tang, C. S. (2012). Researchers’ perspectives on supply chain risk management. Production and Operations Management, 21(1), 1–13.
Tang, C. S. (2006). Perspectives in supply chain risk management. International Journal of Production Economics, 103(2), 451–488.
Tummala, R., & Schoenherr, T. (2011). Assessing and managing risks using the supply chain risk management process (SCRMP). Supply Chain Management: An International Journal, 16(6), 474–483.
Whetten, D. A. (1989). What constitutes a theoretical contribution? The Academy of Management Review, 14(4), 490.
Yin, R. K. (2009). Case study research: Design and methods (4th ed.). California: Sage Inc.
Zsidisin, G. A. (2003). A grounded definition of supply Risk. Journal of Purchasing and Supply Management, 9(5–6), 217–224.
Zsidisin, G. A., & Ellram, L. M. (2003). An agency theory investigation of supply risk management. The Journal of Supply Chain Management, 39(2), 15–27.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Sarker, S. (2019). The Paradox of Risk Management: A Supply Management Practice Perspective. In: Zsidisin, G., Henke, M. (eds) Revisiting Supply Chain Risk. Springer Series in Supply Chain Management, vol 7. Springer, Cham. https://doi.org/10.1007/978-3-030-03813-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-03813-7_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03812-0
Online ISBN: 978-3-030-03813-7
eBook Packages: Business and ManagementBusiness and Management (R0)