Faisal Aqlan

DOI: https://doi.org/10.1016/j.eswa.2015.08.028

IF: 8.5

2016-01-01

Expert Systems with Applications

Abstract:Supply chain risk management (SCRM) has become a critical component of supply chain management with the movement to global supply chains and the increasing occurrence of internal and external risk events. Effective management of supply chain risks requires a comprehensive yet rapid assessment of all the risk factors in the supply chain and their potential impacts. This paper presents a software application framework for rapid risk assessment (RRA) in integrated supply chains. The proposed framework combines qualitative and quantitative methods to assess and prioritize the risks. Qualitative methods are based on surveys used to collect the risk probability and impact data for the main agents in the supply chain (i.e., supplier, customer, manufacturer, etc.). Quantitative methods are based on probability theory and fuzzy logic. Risks are calculated for each agent in the supply chain and are then aggregated per product type. The proposed RRA tool was tested in a manufacturing environment to assess the validity of the proposed framework. Results from the case study showed that the assessment obtained by the proposed framework agrees with what the risk management experts think about the risk levels and priorities in the company.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Basim Aljabhan

DOI: https://doi.org/10.1016/j.aej.2023.08.020

2023-08-20

AEJ - Alexandria Engineering Journal

Abstract:One of the most fascinating and important research areas in recent years is supply chain risk management (SCRM), which helps to boost customer support, high-profit revenues, and organizational growth. The main goal of this effort is to carry out a thorough case study on the top 5 businesses that use the SCRM model globally. The following reasons are why organizations use the SCRM model: risk identification and assessment, risk analysis, environmental monitoring, and risk management. The organization's SCRM is more complicated and constantly changing, and numerous teams, including those for quality, resilience, security (both cyber and physical), compliance, and sustainability, support its implementation. Additionally, a system based on Artificial Intelligence (AI) and Adaptive Logistic Regression Classifier (ALRC) is employed to determine the right choices for risk identification. They calculated the supply base throughout the risk assessment process using the intrinsic risk factors of the production, social, and environmental processes. Here, the effectiveness of organizations is evaluated in light of their success rate, resilience, and value to their customers.

Rao Tummala,Tobias Schoenherr

DOI: https://doi.org/10.1108/13598541111171165

2011-09-27

Abstract:Purpose The purpose of this paper is to propose a comprehensive and coherent approach for managing risks in supply chains. Design/methodology/approach Building on Tummala et al. 's Risk Management Process (RMP), this paper develops a structured and ready‐to‐use approach for managers to assess and manage risks in supply chains. Findings Supply chain risks can be managed more effectively when applying the Supply Chain Risk Management Process (SCRMP). The structured approach can be divided into the phases of risk identification, risk measurement and risk assessment; risk evaluation, and risk mitigation and contingency plans; and risk control and monitoring via data management systems. Specific techniques for conducting this process are suggested. Originality/value While supply chain risk management is an emerging and important topic in our dynamic and interconnected world, conceptual frameworks providing a clear meaning and normative guidance are scarce (Manuj and Mentzer, 2008). This paper presents such a framework, offering structure and decision support for managers.

J. Initiative

DOI: https://doi.org/10.6028/nist.sp.800-37r2

2018-12-01

Abstract:This publication provides guidelines for applying the Risk Management Framework (RMF) to information systems and organizations. The RMF includes a disciplined, structured, and flexible process for organizational asset valuation; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. It also includes activities to help prepare organizations to execute the RMF at the information system level. The RMF promotes the concept of near real-time risk management and ongoing system and common control authorization through the implementation of continuous monitoring processes; provides senior leaders and executives with the necessary information to make efficient, cost-effective, risk management decisions about the systems supporting their missions and business functions; and integrates security and privacy into the system development life cycle. Executing the RMF tasks enterprise-wide helps to link essential risk management processes at the system level to risk management processes at the organization level. In addition, it establishes responsibility and accountability for the controls implemented in organizational information systems and inherited by those systems. The RMF incorporates concepts from the Framework for Improving Critical Infrastructure Cybersecurity that complement the well-established risk management processes mandated by the Office of Management and Budget and the Federal Information Security Modernization Act.

Computer Science,Business

William Arthur Conklin,Dan Shoemaker,Anne Kohnke

DOI: https://doi.org/10.1080/07366981.2017.1355097

2017-08-03

EDPACS

Abstract:Due to the international nature of supply chains, organizations interact by proxy with suppliers that they have little or no knowledge of. Limited knowledge of suppliers’ security practices means less control over overall product security, which can increase corporate risk. Formal risk management is critical to the overall procurement process and the risk to the critical components throughout the acquisition lifecycle can be managed by installing proactive supply chain risk management (SCRM) key practices. A properly managed supply chain is a critical requirement in ensuring trust in an organization’s sourced products. We discuss the assurance process requirements as well as a well-defined and recognized set of system engineering practices that apply scientific and engineering principles to ensure systematic direction, control, and trust.

Nguyen Khoi Tran,Samodha Pallewatta,M. Ali Babar

2024-06-08

Abstract:With the rapid rise in Software Supply Chain (SSC) attacks, organisations need thorough and trustworthy visibility over the entire SSC of their software inventory to detect risks early and identify compromised assets rapidly in the event of an SSC attack. One way to achieve such visibility is through SSC metadata, machine-readable and authenticated documents describing an artefact's lifecycle. Adopting SSC metadata requires organisations to procure or develop a Software Supply Chain Metadata Management system (SCM2), a suite of software tools for performing life cycle activities of SSC metadata documents such as creation, signing, distribution, and consumption. Selecting or developing an SCM2 is challenging due to the lack of a comprehensive domain model and architectural blueprint to aid practitioners in navigating the vast design space of SSC metadata terminologies, frameworks, and solutions. This paper addresses the above-mentioned challenge by presenting an empirically grounded Reference Architecture (RA) comprising of a domain model and an architectural blueprint for SCM2 systems. Our proposed RA is constructed systematically on an empirical foundation built with industry-driven and peer-reviewed SSC security frameworks. Our theoretical evaluation, which consists of an architectural mapping of five prominent SSC security tools on the RA, ensures its validity and applicability, thus affirming the proposed RA as an effective framework for analysing existing SCM2 solutions and guiding the engineering of new SCM2 systems.

Cryptography and Security,Software Engineering

Sandor Boyson

DOI: https://doi.org/10.1016/j.technovation.2014.02.001

IF: 12.5

2014-07-01

Technovation

Abstract:Cyber supply chain risk management (CSCRM) is a new discipline designed to help IT executives address the challenges of the rapid globalization and outsourced diffusion of hardware and software systems. CSCRM is an integrative discipline combining elements of cybersecurity, supply chain management, and enterprise risk management into a new and powerful concept to exert strategic control over the end-to-end processes of the focal organization and its extended enterprise partners. This article provides a survey of the field, as well as a detailed analysis of the results of a four-year research project on CSCRM, conducted by the Robert H. Smith School of Business Supply Chain Management Center for the National Institute of Standards and Technology, that focused on the development of organizational assessment tools and a capability/maturity model for this emerging discipline.

management,operations research & management science,engineering, industrial

Marcela S. Melara,Mic Bowman

DOI: https://doi.org/10.48550/arXiv.2209.04006

2022-09-08

Cryptography and Security

Abstract:The software supply chain involves a multitude of tools and processes that enable software developers to write, build, and ship applications. Recently, security compromises of tools or processes has led to a surge in proposals to address these issues. However, these proposals commonly overemphasize specific solutions or conflate goals, resulting in unexpected consequences, or unclear positioning and usage. In this paper, we make the case that developing practical solutions is not possible until the community has a holistic view of the security problem; this view must include both the technical and procedural aspects. To this end, we examine three use cases to identify common security goals, and present a goal-oriented taxonomy of existing solutions demonstrating a holistic overview of software supply chain security.

Astha Singh,,

DOI: https://doi.org/10.55041/ijsrem30271

2024-04-11

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:To review the extant literature on 3PL risk management (SCRM, including risk identification, assessment, treatment, and monitoring), developing a comprehensive definition and conceptual framework; to evaluate prior theory use; and to identify future research directions. Additionally, our framework emphasizes the importance of aligning performance metrics with risk objectives, facilitating ongoing monitoring and evaluation of 3PL partnerships. By establishing clear performance benchmarks and feedback mechanisms, organizations can promptly identify emerging risks and implement corrective actions as necessary. Methodology: A systematic literature review of couple of articles (published 2000-2016) based on descriptive, thematic, and content analysis. Drawing from extensive literature review and industry best practices, our framework integrates multiple dimensions of risk identification and evaluation into a cohesive methodology. We propose a structured approach that encompasses both qualitative and quantitative techniques, enabling organizations to comprehensively assess risks across various stages of the 3PL relationship lifecycle. Through the application of our holistic framework, organizations can enhance their ability to navigate uncertainties in 3PL relationships, fostering resilience and competitiveness in today's dynamic business environment. Findings: There has been a considerable focus on identifying risk types and proposing risk mitigation strategies. Research has emphasised organisational responses to 3PL risks. Research implications: A broad, contemporary understanding of 3PL risk management is provided; leading to a conceptual framework. The research agenda guides future work towards maturation of the discipline. Practical implications: Managers are encouraged to adopt a holistic approach to risk management. Guidance is provided on how to select appropriate risk treatment actions according to the probability and impact of a risk. Key components of our framework include risk categorization, stakeholder engagement, scenario analysis, and performance metrics alignment. By systematically categorizing risks according to their nature and impact, organizations can prioritize mitigation efforts and allocate resources effectively. Stakeholder engagement ensures that diverse perspectives are considered in the risk assessment process, enhancing its accuracy and relevance. Furthermore, scenario analysis allows for the exploration of potential future events and their implications on 3PL operations, enabling proactive risk management strategies. Keywords: 3PL, Risk management, Systematic literature review (SLR), theoretical approach

Abhijeet Ghadge,Samir Dani,Roy Kalawsky

DOI: https://doi.org/10.1108/09574091211289200

2012-11-02

The International Journal of Logistics Management

Abstract:Purpose This paper examines supply chain risk management (SCRM) from a holistic systems thinking perspective by considering the different typologies that have evolved as a result of earlier research. The purpose of this paper is to identify important strategic changes in the field and to outline future requirements and research opportunities in SCRM. Design/methodology/approach The systematic literature review (SLR) methodology employed by this research was used to evaluate and categorise a literature survey of quality articles published over a period of ten years (2000‐2010). Additionally, the findings from the SLR have been strengthened through cross validation against results obtained from an associated text mining activity. Findings The SLR methodology has provided a rich, unbiased and holistic picture of the advances in the field of SCRM. Consequently, important new research areas have been identified based on a multi‐perspective descriptive and thematic data analysis. In addition, the analysis, based on evolved typologies, indicates a growth of SCRM from a nascent to a fairly established activity over the past decade. Practical implications The systematic approach undertaken for the literature review will provide future researchers and managers with an insightful understanding of the scope of the SCRM field. Also, the literature review provides important clues on new research directions for SCRM through identification of gaps in current knowledge. Originality/value The holistic approach to SCRM was found to be an important missing link in earlier literature surveys. The outcome of the SLR reported in this paper has provided critical insights into the present and future scope of the SCRM field. The identified research insights, gaps and future directions will encourage new research techniques, with a view to managing the risks in the globalized supply chain environment.

Olivier Lavastre,Angappa Gunasekaran,Alain Spalanzani

DOI: https://doi.org/10.1080/00207543.2013.878057

IF: 9.018

2014-01-21

International Journal of Production Research

Abstract:Recent years have witnessed a focus on managing risks in supply chains. On the one hand, there are many cases where events like natural disasters, strikes and terrorism have significantly influenced the performance of organisational supply chains and in turn their competitiveness. And on the other hand, operational activities and strategic decisions of the firms (concerning, for e.g. supply, procurement, production, delivery, commercialisation, demand management, planning, etc.) can be different than expected and so create uncertainties. Uncertainties, whether they are external or internal, impact organisations leading to increased supply chain risk. Realising the potential implications of these situations on supply chain competitiveness, an attempt has been made to define risks and their sources and to identify the management that can help reduce the negative impact of risks on supply chains. In this paper, a framework for supply chain risk management (SCRM) is proposed and is applied using the data collected from 164 French companies, in manufacturing sector. The literature review, theoretical framework and empirical research undertaken in this work have led to identifying critical success management for SCRM. The focus of this paper is the inter-organisational management of supply chain risk: the collaborative relationship (with industrial and supply partners) can be considered as an efficient way to make SCRM. The paper finishes with a summary of the findings and conclusions, along with suggestions for future research projects.

engineering, manufacturing, industrial,operations research & management science

Olivier Lavastre,Angappa Gunasekaran,Alain Spalanzani

DOI: https://doi.org/10.1016/j.dss.2011.11.017

IF: 6.969

2012-03-01

Decision Support Systems

Abstract:The risk thematic is not new in management, but it is a recent and growing subject in supply chain management. Supply Chain Risk Management (SCRM) plays a major role in successfully managing business processes in a proactive manner. Supply chain risk has multiple sources including process, control, demand, supply and environment. Supply chain management, faced with these risks, requires specific and adequate responses such as techniques, attitude and strategies for management of risk. This paper is based on an empirical study of 142 general managers and logistics and supply chain managers in 50 different French companies. It demonstrates that for organizations to be effective, SCRM must be a management function that is inter-organizational in nature and closely related to strategic and operational realities of the activity in question. Moreover, the findings of our empirical study suggest that effective SCRM is based on collaboration (collaborative meetings, timely and relevant information exchanges) and the establishment of joint and common transverse processes with industrial partners.

computer science, information systems, artificial intelligence,operations research & management science

P. Siva Kumar,Ramesh Anbanandam

DOI: https://doi.org/10.1007/s40171-020-00233-x

2020-02-28

Global Journal of Flexible Systems Management

Abstract:<p class="a-plus-plus">Supply chain (SC) disruption management is a complex issue that involves building SC resilience through enhancing the organizational ability to anticipate, adapt, respond, recover and learn from disruptions; it needs participation and coordinated efforts of all SC stakeholders and their processes. There is a need for a qualitative, interpretive, holistic and flexible framework in the literature. The main purpose of this work is to propose a framework. Therefore, the present study uses an interpretive method, namely "situation–actor–process–learning–action–performance" (SAP–LAP) analysis, to enhance the understanding and analyze the SC resilience building and improvement in the case company, ABC, a prominent automaker in India. Findings reveal several issues, including the establishment of risk management culture, building collaborative capabilities, framing flexible contracts, enhancing the awareness level of risks, security, and resilience among stakeholders, seamless information sharing, require attention. The efficacy and simplicity of the <em class="a-plus-plus">SAP</em>–<em class="a-plus-plus">LAP framework</em> may enable SC stakeholders to initiate resilience-building processes.</p>

Gang Li,Huan Fan,Peter K. C. Lee,T. C. E. Cheng

DOI: https://doi.org/10.1016/j.ijpe.2015.02.021

IF: 11.251

2015-01-01

International Journal of Production Economics

Abstract:As supply chain risks refer to the risks transmitted among supply chain members and supply chain management (SCM) is concerned with close collaboration among chain members to enhance the chain׳s overall performance, we argue that we need to use an SCM perspective in supply chain risk management (SCRM). We identify risk information sharing and risk sharing mechanism as two important joint SCRM practices. Drawing on the literature on agency theory and collaborative relationships, we argue that the effectiveness of these two joint practices in improving financial performance can be strengthened by collaborative relationship characteristics including relationship length, supplier trust, and shared SCRM understanding. We empirically test our conceptual model using the data collected from 350 manufacturing firms in China. The results suggest that both risk information sharing and risk sharing mechanism improve financial performance, and the effectiveness of the former is strengthened by relationship length and supplier trust, while that of the latter is strengthened by shared SCRM understanding. We contribute to research and practice by identifying two useful joint SCRM practices and ascertaining the conditions under which each of the practices is particularly effectively.

Ali Emrouznejad,Sina Abbasi,Çiğdem Sıcakyüz

DOI: https://doi.org/10.1016/j.sca.2023.100031

2023-09-01

Supply Chain Analytics

Abstract:This paper presents a systematic review of the literature on Supply Chain Risk (SCR) research, focusing on content-based analysis. The study comprehensively examines the general factors associated with key themes and trends in supply chain risk management, encompassing the identification and assessment of risks, risk mitigation strategies, and the influence of emerging technologies on Supply Chain Risk Management (SCRM). The review provides an overview of current and emerging topics in SCRM, while also introducing categorization frameworks to address research gaps and provide a roadmap for future studies, thereby generating valuable insights in this field. The review highlights the significance of effective SCRM in ensuring business continuity and resilience, emphasizing the need for organizations to adopt a proactive approach to risk management. The paper concludes by identifying areas for future research, including the development of novel risk management frameworks and the integration of emerging technologies into supply chain risk management practices. Additionally, a comprehensive evaluation of each classification is presented, highlighting overlooked aspects and unexplored domains, and offering recommendations for potential next steps in SCRM research.

Liang Wang,Yiming Cheng,Zeyu Wang

DOI: https://doi.org/10.1007/s11356-022-22255-x

Abstract:The global spread of COVID-19, international trade protectionism, geopolitical conflicts, and climate change presents challenges and risks to sustainable supply chains (SSCs). In recent years, scholarly interest in sustainable supply chain risk management (SSCRM) has continued to rise. A helpful literature review is necessary to enable supply chain practitioners to apply empirical findings from academic research or conceptual frameworks to their operations to maintain the stability and competitiveness of sustainable supply chains. The knowledge map of SSCRM is explored in this study using both quantitative and qualitative analysis. A total of 793 articles were retrieved to reveal the knowledge map of SSCRM. Scientometric and context analysis are combined in quantitative analysis to identify the intellectual structure of risk management research related to SSC. Then, a critical review is conducted in qualitative analysis to summarize and analyze the motivations, strategies, approaches, and tools of SSCRM. Combining the quantitative and qualitative analysis results, a conceptual model is constructed for SSCRM from three aspects: (1) risk identification, (2) risk assessment, and (3) risk mitigating and responding. Finally, future research directions are suggested based on the conceptual model for guiding the theories and practice of SSCRM. This study can work as a roadmap for providing appropriate risk management policies and toolkits to SSC, which could advance theoretical thinking on how to mitigate SSC risks.

Huan Fan,Gang Li,Hongyi Sun,T. C. E. Cheng

DOI: https://doi.org/10.1016/j.ijpe.2016.11.015

IF: 11.251

2017-01-01

International Journal of Production Economics

Abstract:Although the extant literature recognizes that supply chain risk (SCR) information plays a fundamental and critical role in supply chain risk management (SCRM), little is known about how firms process SCR information for SCRM. Based on information processing theory, we propose an SCR information processing system comprising three components, namely risk information sharing, risk analysis and assessment, and risk sharing mechanism, to manage SCR. Drawing on the literature on organizational change, we consider three organizational, factors, namely SCRM culture diffusion, SCRM team support, and SCRM strategy alignment, being antecedents to the system. Furthermore, we examine the consequences of the system. Thus, we propose a conceptual model linking organizational antecedents, SCR information processing system, and operational performance. We collect data from 350 Chinese manufacturing firms to test the model and obtain the following findings: (1) SCRM culture diffusion and SCRM team support positively influence risk information sharing and risk analysis and assessment, while SCRM strategy alignment only positively influences risk information sharing. (2) Risk information sharing positively influences risk analysis and assessment, and in turn risk sharing mechanism; risk information sharing has a direct effect on risk sharing mechanism. (3) Risk sharing mechanism positively influences operational performance. We contribute to research and practice by offering an information processing perspective on SCRM.

David C. O’Connor

DOI: https://doi.org/10.1080/07366981.2016.1217730

2016-09-01

EDPACS

Abstract:The use of social media platforms for inter-company employee interactions of suppliers and acquirers in the supply chain is an effective and efficient tool. The social media application related to Supply Chain Risk Management (SCRM) has potential risks with the transmission of proprietary information between organizations. Currently there are not published recommendations for Social Media Supply Chain Risk Management (SM-SCRM). The paper takes the first step in providing a risk management framework for organizations to implement inter-communication access controls within the supply chain based on NIST IR 7622 Notional Supply Chain Risk Management for employee interaction.

Ualison Rébula de Oliveira,Fernando Augusto Silva Marins,Henrique Martins Rocha,Valério Antonio Pamplona Salomon

DOI: https://doi.org/10.1016/j.jclepro.2017.03.054

IF: 11.1

2017-05-01

Journal of Cleaner Production

Abstract:Ruptures and interruptions in supply chains (SC) can cause large financial losses and undermine the reputation of firms. In this respect, there is growing interest among researchers in the theme of supply chain risk management (SCRM). SCRM involves analysis carried out in various steps. However, researchers diverge over the number and content of these steps. In light of this problem, the aim of the present study was to analyze whether it is possible to apply the ISO 31000 standard as a systematic procedure for SCRM. And, if so, how the standard can be implemented in the SCRM context, as a framework in a specific company. Through a systematic literature review, we compared and harmonized the risk management steps proposed by researches about SCRM. Additionally we developed a pathway to identify and prioritize which ISO 31000:2009 risk assessment tools and techniques are supposed to integrate a procedure for SCRM, based on the Analytic Hierarchy Process (AHP), exemplified in an automotive supply chain. Based on the research findings, we infer that ISO 31000 can be used beneficially as a standardized method to perform SCRM, as long as tools and techniques are selected according to the company needs and business characteristics.

environmental sciences,green & sustainable science & technology,engineering, environmental

István Mihálcz,Zsolt T. Kosztyán

DOI: https://doi.org/10.3390/math12060841

IF: 2.4

2024-03-14

Mathematics

Abstract:Large, powerful corporations were formerly solely and exclusively responsible for supplies, manufacturing, and distribution; however, the supply chain has undergone significant transformations over the last half-century. Almost all supply chain processes are currently outsourced, owing to the initiatives of cutting-edge, contemporary businesses. According to a compilation of studies, analysts, and news sources, the level of risk associated with modern supply chains is considerably higher than the majority of supply chain managers believe. Supply chain vulnerabilities continue to pose a substantial obstacle for a great number of organizations. Neglecting to adequately address these risks—encompassing natural disasters, cyber assaults, acts of terrorism, the credit crisis, pandemic scenarios, and war—could result in substantial reductions in metrics such as profitability, productivity, revenue, and competitive advantage. Unresolved concerns persist with respect to the risk assessment of the supply chain. The purpose of this article is to propose a framework for risk evaluation that can be efficiently applied to the evaluation of hazards within the supply chain. This research study significantly enhances the existing knowledge base by offering supply chain managers a pragmatic tool to evaluate their processes, regardless of the mathematical foundations or the variety of variables utilized in risk assessment. The outcomes of multiple aggregation methods are compared using a case study from an automotive EMS production; the conclusions are validated by risk and FMEA specialists from the same factory.

mathematics