Supply Risk Management: just common sense?

Am I missing something here? Does Supply Risk Management come down to plain and simple common sense? I don’t mind authors who use propositions in their articles; it usually shows that they have a pretty good grip on their subject. Besides, it adds structure and focus. In their 2004 paper, Securing the upstream supply chain: a risk management approach, Larry C Guinipero and Reham A Eltantawy put forward and explore four propositions reflecting four situational factors that should govern supply risk management. However, as I see it, not only are these propositions not fully exploited, they appear to be little more than basic common sense, or is it me who is way off?

The four propositions

There are four situational factors that are important in supply chains, namely, the buyer, the supplier, the product bought, and the environment surrounding the purchase. Essentially, what it comes down to, is that the following factors should be considered vis-a-vis potential suppliers:

the degree of product technology
the need for security
the importance of the supplier
the purchaser’s prior experience

Based on this, the authors put forward four propositions:

1. High-tech markets require more extensive risk management than other low-tech markets with slower pace of technological changes.
2. Those suppliers who provide items that have high security requirements require more extensive risk management than those providing items with relatively less security needs.
3. Major suppliers of high volume, value and/or critical items require more extensive risk management than those who supply fewer or less critical items.
4. Suppliers with whom purchasers have less experience require more extensive risk management than with those there is a history of purchasing.

So what it really comes down to is basic common sense, or?

The conclusion

The cornerstone of the paper is a figure that displays three levels or strategies for risk management, limited, moderated and extensive, and how these relate to the above four dimensions, technology, security, importance, and experience.

Click image for larger version.
Copyright note: The figure above is taken from the article.

The critique

It was when I studied the figure and attempted to use it for various combinations of “high” and “low” degrees for the four factors that realized the shortcomings of the article, high-tech vs. low teach, while looking at high experience vs. low experience and high vs. low experience at the same time. I simply could not make it work for the combinations I tried. Is there a better way to illustrate this?

Maybe. Simple combinatorics reveals that there are at 16 possible combinations of high and low for technology (T), security (S), importance (I) and experience (E). If each factor is factor is equally weighted, the summary score implies five, not three levels of risk management, as illustrated below, where I have assigned the value of 0 (zero) to low and the value of 1 (one) to high, except for experience, where high obviously is 0 and low is  1. The overall  added score, then, is 0 for the lowest degree of risk and 4 for the highest degree of risk.

Example, low-tech (T_L), low need for security (S_L), low importance (I_L) and high experience (E^H) = 0+0+0+0=1. I did this for all combinations, and came up with this:

1. 0: T_L S_L I_L E^H
2. 1:  T_L S_L I_L E_L
3. 1:  T_L S^H I_L E^H
4. 1:  T^H S_L I_L E^H
5. 1:  T_L S_L I^H E^H
6. 2:  T^H S_L I_L E_L
7. 2:  T_L S^H I_L E_L
8. 2:  T_L S_L I^H E_L
9. 2:  T_L S^H I^H E^H
10. 2:  T_H S_L I^H E^H
11. 2:  T^H S^H I_L E^H
12. 3:  T^H S^H I_L E_L
13. 3:  T^H S^H I^H E^H
14. 3:  T_L S^H I^H E_L
15. 3:  T^H S_L I^H E_L
16. 4:  T^H S^H I^H E_L

Of course, if one assigns weights according to the actual importance of each factor to the company, the picture may differ, albeit the basics stay the same. Why Guinipero and Altantawy were unable to come up with this simple deduction, is a mystery to me. Admittedly, the authors do mention that

it is beyond the scope of this paper to address all possible combinations  of  risk dimensions

which implies that they did give it some thought, but I think they could have taken it further, as I did, at least mention  that there are 16 combinations. On the other hand, I guess it is now my turn to admit that it is beyond the scope of this post to address all possible combinations  of  risk dimensions. How does one compare T^H S^H I_L E_L to T^H S_L I^H E_L? Both have a score of 3. Any takers?

Reference

Giunipero, L., & Eltantawy, R. (2004). Securing the upstream supply chain: a risk management approach International Journal of Physical Distribution & Logistics Management, 34 (9), 698-713 DOI: 10.1108/09600030410567478

Author links

• researchgate.net: Larry C Guinipero
• researchgate.net: Reham A Eltantawy

Related

• husdal.com: The impact of product design on supply chain risk