Journal of Management Information and Decision Sciences (Print ISSN: 1524-7252; Online ISSN: 1532-5806)

Research Article: 2021 Vol: 24 Issue: 1S

Supply Chain Risk Management Process with AHP

Yun Wan, International College, Krirk University

Abstract

Supply chain risk has always been a hot issue. How should enterprises deal with the risk of chain break such as COVID-19 in 2020? In this paper, the application of AHP is embedded in the traditional supply chain risk management process to find a new idea of risk management for a single enterprise. First step is risk identifying with “Third party causes breakdown” “Software gives over-forecast”, “Third party causes delay”, “Strategic transfer causes disqualification”, etc. “Third party causes breakdown” with the highest score identified as the most emergent risk factor. Second step is risk mapping clarify the level of different supply chain partners, which leads to different risk management decision. Third step is risk evaluation by AHP with 6 risk factors and 3 program under the goal of risk minimization, since CR is less than the allowed CR of 0.1 and hence the value is acceptable. P1 program which means changing partner is the best decision. In epidemic situation AHP help enterprises quickly respond to market changes and make correct decisions.

Keywords

AHP, Supply Chain Risk, Risk Mapping

Introduction

Since the 21st century, the supply chain under the background of globalization has become increasingly complex. A successful supply chain often involves multiple parts, multiple countries, multi-level suppliers, and a large number of stakeholders. Take “Apple” in the United States as an example. In the list of its 200 core suppliers released in 2019, there are 87 Chinese enterprises, 38 American enterprises, 18 European enterprises, 11 Korean enterprises, etc., and its purchase amount accounts for about 98% of Apple's purchase expenditure (Hao Shenyong, 2020). Otherwise, the vulnerability of the supply chain is also exposed, the financial crisis of 2008, the Tokyo earthquake of 2011 and the COVID-19 of 2020. Many countries and regions have adopted measures restricting personnel flow and traffic control. According to the economic outlook report by OECD, The Paris-based agency said global gross domestic product will grow at 5.6 percent this year if vaccination rollouts are fast and effective enough across the world (OECD, 2021). In chaotic situations, the play rules change consistently and have no sustainable advantage for the organization except the continuous adaptation to the environment (Tajpour & Moghaddm, 2018). This paper will analyze enterprises quickly response to market change through Supply Chain Risk Management process (SCRM) by applying Analytical Hierarchy Process Model (AHP) method to minimize the supply chain risk.

Literature Review

Supply Chain Risk

Supply chain vulnerability is defined as an “exposure to serious disturbance, arising from risks within the supply chain as well as risks external to the supply chain” (Peck, 2006), And according to Svensson, vulnerability is defined as “a condition that is caused by time and relationship dependencies in a company’s activities in a supply chains, the degree of vulnerability may be interpreted as proportional to the degree of time and relationship dependencies, and the negative consequence of these dependencies, in a company’s business activities towards suppliers and customers” (Svensson, 2002). In this paper, Supply Chain Risk process (SCRM) will be adopted to handle supply chain risk.

Supply Chain Risk Management (SCRM)

At theoretic level, the SCRM process shows similarity, starts with collecting information, process it to determine the risks and measure them, then assess the risk and make decision –accept, mitigate or decline. Once the decision is made, continuous monitor should be done, then go through the process again and again (Olsson, 2002). Any enterprise can get clear guidance from AS/NZS 4360:2004 or ISO/IEC Guide 73, 2002 (International Organization for Standardization introduced generic definitions of risk management terminology as guidelines for use in standards) (Bredell, 2004). But setting up a successful SCRM process is more difficult than it shown on paper, because every enterprise has its own specific characteristics including all kinds of weaknesses, problems, which are easier to result in failure. According to AS/NZS 4360:2004 with small modification, SCRM process includes establish the context, risk assessment, treat risks and risk monitoring, which are all performed on a continuous basis. Risk assessment involves identification, analysis and an evaluation activity, Good practice certainly suggests that risk assessment should take place more than once a year (Beswick & Bloodworth, 2003).

Firms strive to manage risk on the information processing view of risk management and explores the association between Supply Chain Integration (SCI) and Supply Chain Risk Management (SCRM) (Munir et al., 2020). A new model for supply chain risk propagation considering herd mentality and risk preference under warning information on multiplex networks, in which one layer is used to denote the risk propagation and the other one represents the warning information propagation network (Liangan et al., 2020). A research see SCRM as complex decision making problem involving twelve major supply chain risks and twenty one resilient strategies for risk mitigation have been acknowledged with archetypal focus on electronics manufacturing supply chains (Rajesh, 2020). Data Mining (DM) employs multiple analytical techniques for intelligent and timely decision making; however, its potential is not entirely explored for SCRM (Kara et al., 2020).

The risk management process starts with an understanding of the context of the risk study, includes rough evaluating current situation of external and internal risk level, planning the remainder of the process, mapping out the scope of the SCRM, the identity and objectives of SC, and the basis upon which risks will be evaluated, defining a framework for the process, and agenda for identification, and developing an analysis plan of risks involved in the process, which usually compose of a series criteria, and comes from comparison analysis with past data or competitors’. Culp points out that “risk identification is the process by which a company recognizes and, in some cases, detects (those) risks to which it is exposed through the normal course of conducting its business”. From a supply chain perspective, firms seek to identify and manage those risks that could prevent them from achieving their supply chain objectives and executing their strategies (Bredell, 2004). The objective of risk identification is to find out all the relative risks endanger the agility of SC, and answer the questions about where, when, why and how events could prevent, degrade, delay or enhance the achievement of objectives, (AS/NZS 4360: 2004) as Hoffman indicates: “the focus should be on those exposures that can significantly impact the ability of the firm to continue operations” (Hoffman, 2002).

Risk identification starts with a baseline common risk language in respect of risk categories and types, and in a subsequent interactive session or risk workshop, senior management brainstorms the high-level business risks per risk category and type. Because “identifying risks is easier if you have some idea of what you are looking for, knowing something about common categories of risk can give you an important advantage” (Borge, 2001). Risk classification is a valuable adjunct and often precedes and then grows in parallel with risk identification (Bredell, 2004).

Risk identification can be achieved by risk mapping which is the process of identifying, quantifying and prioritizing risks relating to the achievement of business objectives (Beswick & Bloodworth, 2003).

Figure 1: The Classic Risk Map

Source: Beswick & Bloodworth (2003), 2p.

But it is useful to allocate a score to each of the top 20 risks rather than just place them in the relevant quadrant of the grid. This shows the relative probability and impact of each risk as showed in Figure 2.

Figure 2: The Classic Risk Map Model

Source: Beswick & Bloodworth (2003).

Risk level description: The colors showed in Figure 1 and Figure 2 imply different risk level illustrated in Table 1.

Table 1
Broad Risk Levels
Risk level Description
Critical: 60+ Action must be taken as soon as possible, or in the case of a life-threatening situation, with immediate effect, to ensure that appropriate controls are in place
High: 30-59 Action must be taken within the time frame set by senior management, or in the case of a life -threatening situation, with immediate effect, to ensure that appropriate controls are in place
Medium: 16-29 Controls should be monitored in accordance with an agreed audit programme
Low: 1-15 Risks can be managed through routine procedures

One of the core enterprises takes charge of risk study of SC, one possibility is the core enterprise lists all the sub-risks out, all the partners identify potential or existed risks based on the list, and analyze probability and impact; the another possibility is all the partners send its own operational risk to the core enterprise with corresponding probability and impact, the core enterprise will do the calculation and finish risk mapping.

Once the risk mapping has finished, the next step is natural to consider how to do with those risks, usually there are several backup controlling plans to reduce corresponding risk level, for making the right choice between options, the prioritization of these plans should be made, as another evaluation, based on how much the risks will affect achievement of the goals, in this paper, an Analytical Hierarchy Process Model (AHP) is found to be widely used in enterprise to risk analysis.

Analytical Hierarchy Process Model (AHP)

AHP is a mathematical decision making technique that support decision makers in structuring decisions, quantifying intangible factors, and evaluating choices in a comprehensive and rational framework. Saaty has evolved the AHP which can enable decision makers to represent the interaction of multiple factors in complex situations. The process requires the decision makers to develop a hierarchical structure for the factors which are explicit in the given problem and to provide judgments about the relative importance of each of these factors, specify a preference for each decision alternative with respect to each factor. It provides a prioritized ranking order indicating the overall preference for each of the decision alternatives. An advantage of the AHP is that AHP is designed to incorporate tangible as well as non-tangible factors especially where the subjective judgments of different individuals constitute an important part of the decision process (Rao, 2004).

As Fariborz stated in 1989, the AHP method can support managers in a broad range of decisions and complex problems – including supplier-selection decisions, facility-location decisions, forecasting, risks and opportunities modeling, choice of technology, plan and product design, and so on (Gaudenzi & Borghesi, 2006).

The AHP and ANP (The Analytic Network Process, a more advanced framework developed by Saaty) has been successfully applied by leading government and commercial organizations worldwide including, IBM, Ford, Boeing, British Airways, the Central Intelligence Agency, the Department of Defense, and the Department of State.

Once risks have been identified and assessed, risk evaluation dues to find out the best controlling option about how to treat these the top dangerous risk factors, generally there are four major categories techniques to manage the risk: tolerate, treat, terminate, and transfer (remember as 4 T's) (Dorfman, 1997).

From systematic perspective of SC, after risk mapping, those risks with low priority won’t be considered automated, because the principle of risk mapping is to choose those risks with high priority to control; on the other way, the best way to terminate a risk is to eliminate the types of event that could trigger the risk (Norrman & Ansson, 2004), in a complicated network, which depends on a perfect prevention system, it is practical and helpful to comprehensively reduce probability of occurrence of risks too, particularly a specific system maybe contribute to decline a series risks.

So based on rough financial evaluation of whole SC, an overall prevention system should be built up, any controlling or avoidance planning including insurance should be considered, mitigation or treat risks can be seen as execution of these plans.

Above of all, although risk assessment is a united action, treat risk is impossible and not necessary to be uniform, because there are different risks exist in different nodes of SC, a guideline of common risk prevention system will be recommended to all entities, since every company faces different risk and burdens different responsibility, which needs differed improvement too, it is company’s own duty to set up exact action program according to its current situation including a detailed financial appraisal, a feasibility evaluation, and others. As for core enterprises, which care risk level mostly, they will try to persuade partners to follow, or motivate them to follow, or force them by raising cooperation conditions in contracts.

Methodology

SCRM with AHP

• Type: comprehensive risk management

• Scope: including two-tiers suppliers, 2300 companies

• Goal: reduce loss by 2% before December 31, 2020

• Agenda: First season—risk identification

Second season---risk mapping, risk evaluation

Last season---appraisal the result of SCRM

In brief, there are 3 relative partners (n=3) to fulfill analysis of only 4 sub-risks (m=4) as example, the scoring standard shows in Table 2, the risk map sent by every partner is shown separately:

Table 2
The Scoring Standard
Probability Wij 0 0-10% 10-20% 20-30% 30-40% 40-50%
Score 0 1 2 3 4 5
Probability Wij 50-60% 60-70% 70-80% 80-90% 90-100%
Score 6 7 8 9 10
Impact Yij less important important very important
Score(only integer) 0--3 4--7 8--10

As for Partner A:

Table 3
Risk Map of A
No. Sub-risks Type Wij Yij Scorej
1 Strategic transfer causes disqualification 1 10 10
2 Third party causes breakdown 9 9 81
3 Software gives over-forecast 8 5 40
4 Mistakes of employees cause delay 4 5 20

As for Partner B:

Table 4
Risk Map of B
No. Sub-risks Type Wij Yij Scorej
1 Strategic transfer causes disqualification 0 9 0
2 Third party causes breakdown 8 7 56
3 Software gives over-forecast 7 3 21
4 Mistakes of employees cause delay 4 7 28

As for Partner C:

Table 5
Risk Map Of C
No. Sub-risk Type Wij Yij Scorej
1 Strategic transfer causes disqualification 2 9 18
2 Third party causes breakdown 9 9 81
3 Software gives over-forecast 7 7 49
4 Mistakes of employees cause delay 4 3 12

After collecting all the data, Final result is represented below (Table 6):

Table 6
Final Risk Map
No. Sub-risk equation equation Scorej
1 Strategic transfer causes disqualification 1 10 10
2 Third party causes breakdown 9 9 81
3 Software gives over-forecast 8 5 40
4 Mistakes of employees cause delay 4 5 20

“Third party causes breakdown” with highest score, which is biggest and emergent risk factor, should be planned to solve as soon as possible. “Software gives over-forecast”, “Third party causes breakdown” and “Strategic transfer causes disqualification” has subsequent declining prioritization, detailed decision should made after further step: risk evaluation.

The next step is risk evaluation which is to make decisions, based on the outcomes of risk analysis, about how to treat those emergent risks. Since risk analysis, especially risk mapping don’t consider financial factors, one of tasks of risk evaluation is to compare the potential benefits and adverse outcomes, although higher potential losses may be associated with higher potential gains (AS/NZS 4360:2004). But SC is made of a lot of single organizations, the detailed financial data for whole SC is impossible; usually a rough appraisal comes out as a result.

AHP can be applied with procedures in risk evaluation:

Step 1:

Goal: risk minimum;

Factors: C1---Political risk; C2---Economic risk; C3---Force majeure;

C4---Structure risk; C5---Information share risk; C6--Management risk

N=6, aij (i,j=1,2,…6)

Program: P1—Change supplier; P2---Backup inventory; P3—insurance

Step 2: Factors—Goal

Based on the result of risk mapping, and professional experience, a pair-wise comparison matrix is constructed out:

equation

equation

CR is less than the allowed CR of 0.1 and hence the value is acceptable. Thus, there is a good consistency in the judgments made in the present example.

Step 3: Program -- factors

Since all the calculations are same with step2, the results listed below:

equation

And

Table 7
Composite Weights
K 1 2 3 4 5 6
WK 0.500 0.691 0.136 0.311 0.540 0.648
0.250 0.218 0.238 0.493 0.297 0.230
0.250 0.091 0.625 0.196 0.163 0.122
λmax 3.000 3.054 3.018 3.054 3.009 3.004
CR=CI/RI 0.000 0.046 0.046 0.046 0.008 0.003

Since RI (n=3)=0.58, they are all acceptable.

Step 4: we finally attained: composite weights(CW)

equation

From the value of CW, its clear P1 Should be selected with highest value of CW.

In practice, AHP could be applied to solve more complicated structural problems. Such as more than 3 hierarchies, limited relationship, etc.

Discussion and Conclusion

In the era of COVID-19, with the goal of better financial performance, AHP can be embedded in the traditional SCRM process for a single enterprise combining current individual risk management into integrated supply chain risk management.

First step is risk identifying with “Third party causes breakdown” “Software gives over-forecast”, “Third party causes delay” and “Strategic transfer causes disqualification” etc. “Third party causes breakdown” with the highest score identified as the most emergent risk factor. Second step is risk mapping clarify the level of different supply chain partners, which leads to different risk management decision. Third step is risk evaluation by AHP with 6 risk factors and 3 program under the goal of risk minimization, since CR is less than the allowed CR of 0.1 and hence the value is acceptable. P1 program which means changing partner is the best decision. In the epidemic era, AHP in SCRM help to quickly response to market change for enterprises.

In future research, AHP can be combined with ANP, the partnership with different suppliers should be considered as restriction, the axiom of AHP being the widely used method need to be further discussion.

References

  1. Barro, R., Ursua, J.F., & Weng, J. (2020). The coronavirus and the great influenza pandemic: Lessons from the‘Spanish flu’for the coronavirus ’potential effects on mortality and economic activity. NBER Working Paper Series 26866.
  2. Munir, M., Jajja, M.S., Chatha, K.A., & Farooq, S. (2020). Supply chain risk management and operational performance: The enabling role of supply chain integration. International Journal of Production Economics, 227, 107667.
  3. Liangan, H., Hongyuan, G., Yingying, C., & Xiaoxiao, X. (2020). A new model for supply chain risk propagation considering herd mentality and risk preference under warning information on multiplex networks. Physica A-statistical Mechanics and its Applications.
  4. Rajesh, R. (2020). A grey-layered ANP based decision support model for analyzing strategies of resilience in electronic supply chains. Engineering Applications of Artificial Intelligence, 87, 103338.
  5. Kara, M.E., Firat, S.U., & Ghadge, A. (2020). A data mining-based framework for supply chain risk management. Computers & Industrial Engineering, 139, 105570.
  6. Beswick, K.A.B.J. (2003). Risk mapping–dilemmas and solutions. Risk Management Topic Paper, 12(4).
  7. Borge, D., & Wiley, R. (2001). The Book of risk.
  8. Bredell, D.R. (2004). Supply chain risk management: A logistics perspective. Rand Afrikaans University,
  9. Chapman, P., Christopher, M., Jüttner, U., Peck, H., & Wilding, R. (2002). Identifying and managing supply chain vulnerability. Logistics and Transport Focus, 4, 59-64.
  10. Chopra, S., & Sodhi, M.M.S. (2004). Managing risk to avoid: Supply-chain breakdown. MIT Sloan Management Review, 46(1), 53-61.
  11. Christopher, M., & Peck, H. (2004). Building the resilient supply chain. The International Journal of Logistics Management, 15(2), 1-14.
  12. Christopher, M., Peck, H., Rutherford, C., & Juttner, U. (2002). Supply chain vulnerability: Final Report on behalf of DTLR. DTi and Home Office.
  13. Culp, C., & Christopher, L. (2002). The art of risk management: Alternative risk transfer, capital structure, and the convergence. Risk Governance and Control Financial Markets & Institutions, 5(4), 224-233.
  14. Culp, C.L. (2002). The art of risk management. New York: J. Wiley. &. Sons.
  15. Gaudenzi, B.A. (2006). Managing risks in the supply chain using the AHP method. The International Journal of Logistics Management, 17(1), 114-136.
  16. Hendricks, K.B., & Singhal, V.R. (2005). An empirical analysis of the effect of supply chain disruptions on long-run stock price performance and equity risk of the firm. Production and Operations Management, 14(1), 35-52.
  17. Hoffman, H., & Douglas, G. (2002). Managing operational risk: 20 Firm wide best practice strategies. Experimental Neurology, 50(1), 36.
  18. Jensen, M. (1986). Agency cost of free cash flow, corporate finance, and takeovers. American Economic Review, 76, 323-329.
  19. Jüttner, U. (2005). Supply chain risk management: Understanding the business requirements from a practitioner perspective. The International Journal of Logistics Management, 16(1), 120-141.
  20. Kalay, K., & Avner, E. (1980). Signaling, information content, and the reluctance to cut dividends. The Journal of Financial and Quantitative Analysis, 15(4), 855-869.
  21. Lee, H., Padmanabhan, V., & Whang, S. (1997). The bullwhip effect. Managementence, 50(12S), 1875-1886.
  22. Limited, S.G., Australia, S., & Zealand, S.N. (2004). AS/NZS 4360:2004: Risk management.
  23. Myers, S.C., & Majluf, N.S. (1984). Corporate financing and investment decisions when firms have information that investors do not have. Journal of Financial Economics, 13, 187-221.
  24. Nishat Faisal, M., Banwet, D.K., & Shankar, R. (2006). Supply chain risk mitigation: Modeling the enablers. Business Process Management Journal, 12(4), 535-552.
  25. Norrman, A., & Jansson, U. (2004). Ericsson's proactive supply chain risk management approach after a serious sub‐supplier accident. International Journal of Physical Distribution & Logistics Management, 34(5), 434-456.
  26. OECD. (2021). OECD Economic Outlook.
  27. Olsson, C. (2002). Risk Management in Emerging Markets. Palgrave Macmillan.
  28. Olsson, C. (2002). Risk Management in Emerging Markets: How to Survive and Prosper. Palgrave Macmillan.
  29. Partovi, F.Y., & Burton, J. (1992). An analytical hierarchy approach to facility layout. Pergamon Press, Inc.
  30. Peck, H. (2005). Drivers of supply chain vulnerability: an integrated framework. International Journal of Physical Distribution & Logistics Management, 35(4), 210-232.
  31. Peck, H. (2006). Reconciling supply chain vulnerability, risk and supply chain management. International Journal of Logistics Research and Applications, 9(2), 127-142.
  32. Venkata, R., & Rao, V. (2004). Evaluation of metal stamping layouts using an analytic hierarchy process method. Journal of Materials Processing Technology, 152(1), 71-76
  33. Ramirez, D., & Bs, L.A. (2008). Risk management standards: The bigger picture.
  34. Richardson, S. (2006). Over-investment of free cash flow. Review of accounting studies, 11(2-3), 159-189.
  35. Svensson, G. (2002). A typology of vulnerability scenarios towards suppliers and customers in supply chains based upon perceived time and relationship dependencies. International Journal of Physical Distribution & Logistics Management, 32(3), 168-187.
  36. Tajpour, M., Hosseini, E., & Moghaddm, A. (2018). The effect of managers strategic thinking on opportunity exploitation. Scholedge International Journal of Multidisciplinary & Allied Studies, 68.
Get the App