How many ways are there for defining vulnerability and criticality, really? Traditionally, risk matrixes have a likelihood/impact approach, but not always. Yesterday, I was examining a criticality/vulnerability matrix. Today, I will take a closer look at a criticality/preparedness matrix with a third susceptibility dimension added to it, as presented in the New Zealand research project Resilent Organisations, a project that has given me plenty of food for thought for my own research in assessing and analyzing resilience.
Resilient Organisastions
In 2004 the New Zealand research project Resilient Organisations had barely started and I had the pleasure of meeting one of the driving people behind it, Erica Seville (nee Dalziell), during a 2-month stay at the University of Canterbury in Christchurch. In fact, I should probably mention that it was an article by Erica Dalziell and Alan Nicholson that I read in 2001 that sparked my interest in transportation vulnerability in the first place: Dalziell, E., & Nicholson, A. J. (2001). Risk and impact of natural hazards on a road network. Journal of Transportation Engineering, 127(2), 159-166. But anyway, back to the topic.
Vulnerability Matrix
The vulnerability matrix has three dimensions: While criticality and preparedness are the matrix axes, susceptibility becomes a third dimension, related to certain events and their criticality for the organization and preparedness of the organization:
- Criticality
- How severe is the impact on the organisation if this organisational component is compromised?
- Preparedness
- How well prepared is the organisation to continue functioning if this component is compromised?
- Susceptibility
- Contextual: how badly impacted will this component be in the event of this particular scenario?

Event hierarchy
What I also found interesting is how they relate events and their impact:

Resilience
Resilience is here viewed a 3-fold construct, working in a complex, dynamic and interconnected fashion depending on 1) keystone vulnerabilities, criticality and preparedness, 2) situation awareness, stemming from an assessment of the keystone vulnerabilities, and 3) adaptive capacity. Resilience, in essence, is the ability to survive disruptive changes despite severe impact.

In my post: De-confusing SCRM: robustness, resilience, flexibility and agility I present a thorough review of resilience and related concepts.
Conclusion
I like this view on resilience, and the importance of ‘preparedness’ is very similar to the ‘organizational’ requisites seen in Craighead et al. (2007) The Severity of Supply Chain Disruptions: Design Characteristics and Mitigation Capabilities. Here, recovery and warning capability were key organizational factors in mitigating supply chain disruptions. In the end, it is always the human factor that matters, not technology. And perhaps, resilience is what New Orleans needs next time a hurricane like Katrina threatens the city and its built environment.
Reference
Erica Seville, David Brunsdon, Andre Dantas, Jason Le Masurier, Suzanne Wilkinson, & John Vargo (2008). Organisational resilience: Researching the reality of New Zealand organisations Journal of Business Continuity & Emergency Planning , 2 (3), 258-266
Author links
- rsrc.co.nz: Erica Seville, nee Dalziell
- kestrel.co.nz: David Brunsdon
- canterbury.ac.uk: Andre Dantas
- canterbury.ac.uk: Jason Le Masurier
- auckland.ac.nz: Suzanne Wilkinson
- canterbury.ac.uk: John Vargo
Downloads
- resorgs.org.nz: Resilience Management (pdf)
Links
- resorgs.org.nz: Resilient Organisations
Related
- husdal.com: De-confusing SCRM: robustness, resilience, flexibility and agility
- husdal.com: The Severity of Supply Chain Disruptions: Design Characteristics and Mitigation Capabilities
More from husdal.com
Is New Zealand better prepared for a disaster than other countries? As our infrastructure and or ...
Yes. No doubt about it. Reduction, Readiness, Response and Recovery are four key elements in the ...
Today's unstable and highly competitive business environment has created a shift in how enterpri ...
Several “buzzwords” have been linked to supply chain risk management (SCRM) in various ways: ro ...
Economic resilience, as defined a paper published by the Multidisciplinary Center for Earthquake ...





















2010/07/11 : WCTR 2010
2010/07/01 : Mitigating Supply Chain Vulnerability
2010/06/23 : Humanitarian Relief Supply Chains
2010/06/14 : How Norwegian freight carriers handle supply chain disruptions
2010/05/03 : Risk and Vulnerability in Virtual Enterprise Networks
2010/04/30 : What goes into resilience?
2010/04/29 : Pay more get more?
2010/04/24 : Volcanic ash cloud – really a surprise?
Hi Jan,
I like that what has sparked your attention off, is now driving your research interest in the supply chain risk. I have also had this sort of enthusiasm, but now in dark converging my ideas and thoughts to a good proposal for my PhD. I read the paper you noticed (Craighead et. al), it was interesting and informative. Can you talk more about research methodologies in supply chain risk management as well.
Dear Sajad
For research ‘methodologies’ I highly recommend the book Research Methodologies in Supply Chain Management. That said, there are probably as many definitions of supply chain risk as there are papers, and there are many papers on supply chain risk, if you count in related subjects, such as this ‘Resilient Organisations’ project, or if you bring in transport vulnerability, so finding a common definition, and hence a common research methodology is practically impossible. I’m not sure this is helpful, but here is a philosophical outlook on what brought me here. And as far as supply chain risk management goes, if you bring in all kinds of management theories, that adds even more breadth to the whole subject. And sure, as my literature review progresses – my hope is to review ALL articles in my list – I will get to management, too. Stay in touch.