Supply Chain Risk Management – as seen from Space

Is it possible to reconcile supply chain vulnerability, risk and supply chain management with corporate governance, business continuity, national security and emergency planning? In a 2006 article, Reconciling supply chain vulnerability, risk and supply chain management, by Helen Peck, she attempts to do just that, hence my analogy of looking down at supply chains from Space – in order to really see the big picture. Because, as far as supply chain risk goes, some, if not all, stakeholders are found far beyond the individual supply chain and Helen Peck does an excellent  job at explaining why.


Coming straight to the point, the figure below, taken from the article, is one of the best attempts I have seen at synthesizing all fields that relate to supply chain risk management.

Peck, H. (2006). Reconciling supply chain vulnerability, risk and supply chain management

Copyright note: The figure above is taken from the article.

This view is very much reminiscent of my own view on risk and vulnerability, which should come as no surprise, having a background as adviser in vulnerability assessment, safe community planning and crisis management with several Norwegian government authorities for more than 15 years. Let’s take a closer look at Peck’s article, which in essence is a critique and literature review of past and current research in supply chain risk and its related fields. This critique starts from the concept of supply chains, and ends with a societal perspective, cleverly making the case for “the extendend supply chain”.

The literature review

The literature review leading up to the figure, which is on the second-last page of the article, is amazingly succinct, despite spanning a wide variety of fields, not immediately related to supply chain vulnerability, but in a wider sense all necessary to understand the full implications of supply chain vulnerability.

Supply chains

Peck sees supply chains are seen as more than just supply chains, but as a complex and multi-tiered networks, namely:

a network of connected and interdependent organisations, mutually and co-operatively working together to control, manage and improve the flow of material and information from suppliers to end users.

Peck contends, and I am inclined yo agree,  that the word chain in supply chain has been a barrier to fully understanding supply chains.

Supply chain management

The literature differs considerably as to a common definition of what supply chain management (SCM) really is, since SCM works at several levels, both operational, tactical and strategical. The operational side is often made up of logistics activities, while the strategic level takes a wider view, with the long or short-term co-operation and alignment among firms as the main objective.

Risk and risk management

Classical risk discussion often start with decision theory, making risk the possible upside or downside result of a rational and quantifiable decision, the (in)famous “objective” risk, while the “perceived” risk is what most people think of, and perhaps, what most organizations should be concerned with. Indeed, as Peck notes,

where supply chain concepts are at best ambivalent, “risk” is hotly contentious

Furthermore, risk management often fails to recognize that systems interact, and thus, makes it impossible to separate risk in one system (or company unit or business unit or supply network unit) from risk in other systems.

Supply chain risk and vunerability

When it comes to supply chain vulnerability, Peck starts with Göran Svensson, the first and most widely cited author, who defined vulnerability as

an exposure to serious disturbance, arising from risks within the supply chain, as well as risks outside of the supply chain.

Supply chain risk and vulnerability, so Peck says, should be regarded as a multi-dimensional construct, in an end-to-end supply chain context, thereby including

anything that presents a risk, a hazard or any form of impediment  to information, material and product flows from original suppliers to the delivery of the final product to the ultimate end-user,

much akin to the definition in her own 2002 article on Drivers of supply chain vulnerability.

SCM as risk mangement

As I and many other researchers have noticed, and Peck is absolutely right in this, the SCM literature has a vast number of articles promoting  risk management (RM), recognizing that proper SCM cannot exist without proper RM, and indeed, vice versa. This underscores that RM should be and must be an integral part of SCM. However, let alone sadly, more often than not, this link is overlooked by many SCM professionals.

Corporate risk management and business strategy

Corporate risk management is rooted in strategic risk management, and is a way of creating corporate resilience towards external circumstances. Unfortunately, corporate risk management focuses maybe too much on financial risk and avoiding bankruptcy, and interestingly, outsourcing “risky” activities or transferring risk is here seen as a way to reduce risk, whereas much of the recent SCM literature, e.g. Martin Christopher, views outsorcing as a way to introduce risk because of loss of control over the supply chain. In essence, as Husdal puts it, globalization, offshoring and outsourcing leads to

“no” control of
causes to events in the supply chain
“only” control of
consequences of events in the supply chain.

This means that business strategies are a major factor in determining a company’s exposure to supply chain disruptions, an thus, cannot be separated from supply chain vulnerability.

Supply chain risk in strategic networks

There are many reasons why companies come together in strategic networks, one is to form long-term relationships that foster trust and cooperation, see Child, Faulkner & Tallman for an in-depth discussion. Risk sharing or risk pooling is another reason. From one company’s perspective, passing on or transferring risk makes good sense, in line with outsourcing “risky” operations or activities, and vendor-managed inventory (e.g. Wilson) is a typical example of risk pooling in a supply chain. However, as Peck warns, there is a danger of transferring too much of the risk to a weaker party in the network, or that the principal party retains too much risk that is not or can not be transferred. In addition, often risk is transferred without ensuring that that the risk-carrying party has the appropriate risk management structures in place to handle possible externally induced supply chain events. Here too, a an extended view on supply chain vulnerability is needed to fully grasp how one vulnerability may affect the entire network.

Supply chain risk – beyond SCM

On a management level, supply chain are often conceptualized as strategic and commercial production networks, often overlooking or neglecting the mundane side of physical distribution and transportation, which more often than not, is outsourced. Transport and distribution is no longer seen as a core competence, as is IT. IT, luckily, has always had a strong focus on business continuity management (BCM), albeit not all companies recognize this to the full. Remember though, Peck states,

These activities, not core to the organizations they support, form the backbone of SCM.

Thus it should be clear that the sustainability of the transport system, both nationally and  internationally, is a vital component in SCM. The transport system, however, is not the responsibility of individual firms, it lays with the transport authorities. Consequently, SCM should be a core task not just for the industry, but also for the government.

Supply chain risk, security and civil contingencies

Coming from a government and emergency planning background, I too am well aware of the risks associated with transportation and infrastructure deficiencies. Peck describes it excellently when she says

This discipline has always dealt with threats to societal well-being, rather than risk simply as a measure of – or hazard to – corporate financial performance.

Peck refers to the UK Civil Contingencies Act of 2004 that requires the undertaking of business continuity planning and risk management from local government authorities, utilities providers and commercial organizations with responsibilities for essential public transport and critical infrastructure. The British Standard for BCM stresses that

All organisations depend upon others to enable the delivery of their products and services to customers and clients (the supply chain). As a result, BCM applies across industry sectors and cultural divides.

Supply chain risk and vulnerability are much more than just supply chain related.


This paper brilliantly explains how supply chain vulnerability sits on the intersection of several still evolving fields of academic research and management practice. Peck manages to draw a line from the ambiguous concept of risk  in one company, through the supply chain, through extended networks and all the way up to society as a whole. Why is this important? Because

supply chains serve a purpose that extends far beyond the functional concerns and stated aims of SCM.

Supply chains link industries and economies more than we may be aware of, and the research agenda for supply chain risk and vulnerability needs to recognize that there are many and varied interests and communities involved. Consequently, and that is my view, too, research in supply chain risk and vulnerability is inclusive, rather than exclusive, of other fields.


Peck, H. (2006). Reconciling supply chain vulnerability, risk and supply chain management International Journal of Logistics, 9 (2), 127-142 DOI: 10.1080/13675560600673578



Jan Husdal is an engineer turned researcher turned engineer again and he is now a Resilience Adviser with the Southern Region office of the Norwegian Public Roads Administration (Statens vegvesen Region sør) in Arendal, Norway,

Tags: , , , , , ,
Economies of integration
Logistics is no longer what it used to be and logistics today plays a much more important and strate[...]
Lean + Agile = LeAgile: a happy marriage?
Opposites attract and in the supply chain world, "lean" and "agile" appear to be opposites. Both man[...]
Supply Chain Risk Management Research
What are the current gaps that waiting to be closed in supply chain risk management research? Here i[...]
Book Review: Research Methodologies in SCM
Is there something like the right research design for supply chain studies? I believe there is, and [...]
Book Review: Risk Modeling, Assessment, and Management
First published in 1998 and now already in its 3rd edition in 2009, but still unknown to me, althoug[...]
Book Review:Managing Risks in Supply Chains
To make up for yesterday's perhaps overly harsh critique of just one article from this book, this is[...]
The UK Transport Network Resilience...and I
UK Transport Network Resilience
For a budding and even for a seasoned researcher, nothing is more rewarding than to have one's publi[...]
Risk management - Vocabulary
What is risk management in supply chains? The more I study supply chain risk management, the more co[...]
Critical Infrastructure and Resilience
What happens when a business is disabled for a length of time? What are the impacts on its profitabi[...]