by Matthew Liotine, PHD

Operations Management and Planning Expert

 Professor at University of Illinois

 Amick Brown Strategic Advisor

Risk is a pervasive force in business, and consequently, in the supply chain operations that are necessary to support business. Supply chains will always be exposed to some level of risk, and thus firms must have the ability to manage and live with continuous risk. Despite the plethora of adverse events that have occurred around the world in the past ten years, the nature of supply chain risk has not really changed. Such risk can be very complex in nature, but invariably, most risk is linked to the possibility of some level of disruption in the supply chain. A disruption is created when some kind of interruption occurs and ends when operations are restored as they were prior to the disruption. Depending on the type of disruption, effects can be usually interpreted in many ways such as time, cost, unserved demand, financial and reputational damages.

Supply chain disruptions indicate that there is a problem and that existing plans and operations require some kind of improvement. To specify any kind of improvement, a firm must understand the root causes of disruption and develop measures to reduce either the likelihood of the disruption or its impact. In this article, we will explore the extent of the problem of risk in today’s supply chain. This article is the first of a series of articles in supply chain risk – in future articles we will explore the definition and sources of risk in the supply chain, the current best practices that deal with this problem, the process of analyzing risk in the supply chain, and forward looking approaches on identifying and controlling such risk.

supply chain icons

How big is the problem?

The supply chain risk problem is widespread.

  • More than 80% of companies are now concerned about supply chain resilience (World Economic Forum 2013).
  • 76% of companies surveyed had experienced a supply chain incident that caused disruption to their organization (The Business Continuity Institute 2014).
  • In 23% of the organizations, the cost of a disruption was more than $1.4 million
  •  80% of the respondents reported at least one supply chain disruption in a single year, while 42% experienced 1 to 5 disruptions per year (Alacantra 2015).
  • 52% of organizations reported having at least 21 key suppliers and 50% of the disruptions involved a supplier below Tier 1.
  • 75% of the firms studied do not have full supply chain visibility and 34% did not even record supply chain disruptions in 2014.
  • 32% of the firms showed little or no commitment towards improving supply chain resilience and 53% did not even validate supplier assurance.
  • 72% of participants did not even bother to assess supply chain vulnerabilities (IBM 2012).

The reason for this kind of neglect is rooted in the traditional clash between profitability and the costs of preparedness. In one study, 47% of procurement decision makers identified the most important key process indicators (KPIs) as being all cost related, with realized cost savings as the most important  (Xchanging 2015). The respondents also reported that preparedness and resiliency to manage risks and disruption can constitute about 20% of costs. In general, most firms will try to manage risk from two distinct perspectives, using either strategic risk management or more tactical, field level practices, or both. Larger companies with greater revenues are more sensitive to risk and liability, and invest in more sophisticated enterprise-wide risk governance programs to manage risk from a strategic perspective. Some of the available approaches used for strategic risk management include using an executive level risk board to govern enterprise risk, a shared risk registry or online database, a real time dashboard or control mechanism, or a supply chain risk management plan (University of Maryland 2010). While about half of major firms employ these approaches, less than 20% of smaller companies use them. Studies have shown that only 50% of companies have written business continuity plans and only 41% have a recovery plan to rebound after a major disaster (Travelers May 2015).

Where are the deficiencies?

A key deficiency highlighted in the aforementioned studies was a lack of collaboration between firms and key suppliers (University of Maryland 2010). Nearly half of the companies surveyed did not use any collaborative platforms and less than a third did not joint monitor disruptions. In fact, the study showed that firms tend to collaborate more with their customers than suppliers in regards to monitoring and reporting disruptions. While part of the problem are time and costs, as alluded to earlier, enterprise risk management also involves risk identification and quantification, which requires the use of empirical data. It is evident that many firms will favor information sharing with customers versus suppliers. Enterprise Resource Planning (ERP) Systems can provide a foundation for obtaining operational data that can be utilized to gauge supplier risk. However, even with such data, the ability to utilize it for the purposes of strategic risk management is lacking. There has been much research into the nature of supply chain risk, but little in evaluating strategic risk in complex supply chains, since supply chains have grown increasingly complex and dynamic due to product variety and complexity, technology, e-business, globalized outsourcing, among other factors. Altogether, there is still a need for methodologies and tools to aid firms in evaluating and managing strategic supply chain risk.

supply chain light bulb


It has been established that concerns about supply chain risk not only still persist, but are ever growing due to the changing nature of supply chains. Several industry studies have made the following evident:

  • Supply chain risk is a major concern for most companies, large and small;
  • Most companies experience one or a few supply chain disruptions annually, each with a significant loss;
  • Many disruptions involve key suppliers or those below Tier 1;
  • Many firms still lack commitment to controlling supply chain risk for the reasons of the costs and complexity involved;
  • Larger firms will manage risk more strategically using a combination of executive governance and/or data driven approaches;
  • While operational data is increasingly becoming available, there is yet much work to be done in leveraging such data for strategic risk management.

In the next article, we will discover what supply chain risk really means, and the leading threats giving rise to supply chain vulnerability.

Please Join the Discussion by Replying Below


Alacantra, Patrick. Supply Chain Trends: Past, Present and Future. The Business Continuity Institute, 2015.

IBM. IBM Index Reveals Key Indicators of Business Continuity Exposure and Maturity. IBM Global Technology Services, 2012.

The Business Continuity Institute. Supply Chain Resilience 2014 – 6th Annual Survey. The Business Continuity Institute, 2014.

Travelers. Travelers 2015 Business Risk Index: Findings from a Survey of U.S. Business Risk Decision Makers. Travelers Insurance, May 2015.

University of Maryland. Assessing SCRM Capabilities and Perspectives of the IT Vendor Community: Toward a Cyber Supply Chain Code of Practice. University of Maryland, Robert H. Smith School of Business, 2010.

World Economic Forum. Buidling Resilience in Supply Chains. World Economic Forum, 2013.

Xchanging. Xchanging 2015 Global Procurment Study. Xchanging, Inc., 2015.