Int. J. Risk Assessment and Management, Vol. X, No. Y, XXXX 1

Copyright © XXXX Inderscience Enterprises Ltd.

Risks and supply chains

Charles S. Tapiero* Polytechnic University of New York, New York, USA and ESSEC, France E-mail: ctapiero@poly.edu *Corresponding author

Alberto Grando SDA, Bocconi University, Milan, Italy E-mail: alberto.grando@sdabocconi.it

Abstract: The increasing relevance of networking in supply chains is altering the perception of corporate risk and of its measurement and management. Supply chains have expanded hand in hand with the opportunities and the new challenges that firms face in assuming their desired place in a changing environment whose ‘Nouvelle Donne’ include competitive intensity, technological change, globalisation; financial markets but also strategic economic and operational risks; sustainability and risk externalities. However, supply chains have also contributed to an expansion of risks. Supply chain managers have thus an important role in educating corporate managers about what these risks imply, how to measure and value them and ‘internalise them’ in the costs and benefits calculations. The purpose of this paper is to consider the following risks: risk externalities, external risks, operational risks and strategic risks. Further, we emphasise a measurement approach to risk in supply chains and the motivations of supply chain managers in setting managerial and operational priorities.

Keywords: risk; supply chains; control.

Reference to this paper should be made as follows: Tapiero, C.S. and Grando, A. (XXXX) ‘Risks and supply chains’, Int. J. Risk Assessment and Management, Vol. X, No. Y, pp.XXX–XXX.

Biographical notes: Charles S. Tapiero is the Topfer Chair Professor of Technology and Financial Engineering at the Polytechnic University of New York and Professor at ESSEC (France). He has assumed full-time Professorship positions at Bar Ilan University (Israel) as well as Academic positions at Columbia University and the Hebrew University. He has a worldwide reputation as an active researcher and a consultant in Industrial and Quality Management, Risk and Computational Finance and Risk Management. He is currently the area editor for Finance in the Journal of Applied Stochastic Models for Business and Industry as well as a member of Editorial Boards of a number of journals. He has published 12 Books and over 250 papers on a broad range of issues spanning risk management, stochastic modelling in business and industry and applied stochastic control in operations, insurance and finance.

Alberto Grando is a Full-time Professor of Operations and Supply Chain Management at Bocconi University of Milan (Italy). Founder and the Director of CRITOM – Centre for Research in Innovation, Technology and Operations

2 C.S. Tapiero and A. Grando

Management, Bocconi University, Milan, he is also a Senior Professor in Department of SDA Operations and Technology Bocconi School of Management, an adjunct professor of Production and Supply Chain Management at Cattaneo University of Castellanza (Italy) and a Visiting Professor at Cranfield School of Management (UK). Graduated in Business Administration at Bocconi University in 1983, he has published a number of books and papers in academic and professional journals. His research interests are manufacturing performances, supply chain management and production management.

1 Introduction

Risk in supply chains is raising an increased awareness that supply-chain benefits are not free (Agrawal and Seshadri, 2000; Aon, 2005; Peck, 2003; Zsidisin et al., 2004). A search for ‘Supply Chains Risks’ on the internet reveals a large number of interviews with practitioners, individual and academic contributions, consulting firms and papers that seek to bring attention to what concerns supply chain managers, namely risks associated with supply chains. For example, Chris D. Mahoney (UPS, October 2004, www.ism.ws/Pubs/ISMMag/100406.cfm) points out that

“many companies have worked hard to streamline their supply chains. They’ve whittled down the field and built relationships with only the most competent suppliers. And many have gotten the desired result–supply chains that run like clockwork, reducing costs and bolstering customer service. But it turns out there’s a downside – greater risk”.

These risks are also more complex, often transcending the traditional concern for operational (intra-firm) and external (hazard) risks. Risks previously neglected have expanded because of supply-chain dependencies, political, strategic and risk externalities, thus increasing the importance of their assessment and management. For example, the unending drive for lean manufacturing, to reduce inventory, single sourcing of raw materials or adopting Just-In-Time (JIT) manufacturing and delivery techniques while cutting costs has also contributed to the size and adverse effects of supply-chain risks. Greater attention to and management of these risks is therefore needed, both because of the potentially catastrophic costs that these risks imply and because the drive to expand and streamline into lean and cost-reducing supply chains has ignored these risks. Mahoney, for example, raises the following questions:

If your main distribution center or plant sustained substantial damage, how much time would it take you to bounce back? How much inventory would you lose and what are the costs of recouping it? If inventory loss is sizeable, how rapidly can you adjust production lines and plans to accommodate new production goals? Can key suppliers ramp up swiftly? Or, if a product is de-emphasized, how will they handle the revenue loss? How much revenue would your company stand to lose if order taking and filling were to come to a halt for a week, two weeks or a month? What are the legal and financial ramifications of being unable to satisfy contracts? How will your market share and brand be affected in the long-term? What sales and marketing initiatives will you need to adopt to handle customers, recoup revenues, and reclaim lost market share and goodwill? Etc.

Risks and supply chains 3

According to Mahoney, we require more risk management, more supply-chain integration and stakeholder management and more network capacity. However, ‘the answer is always part of the problem’ and the risk management in supply chains will need far more strategic and senior management involvement to provide directives for dealing with the following issues (Marsh’s consulting Risk-Adjusted Supply Chain Practice):

• Do we fully understand the dependencies within our supply chain?

• Have we identified the weak links within our supply chain?

• Do we understand the risk that has been inadvertently built into our supply chain?

• Have we identified the supply chain risks that we might be able to mitigate, eliminate or pass on to another supply chain member?

• Do we incorporate the element of risk when making strategic or tactical decisions about our supply chain?

• Is our supply chain nimble and flexible so that we can take advantage of both supply chain risks and opportunities?

• Have we fully captured our enterprise-wide risk profile?

• Do we know which supply chain risks may cause an adverse event that could cause a significant disruption to our supply chain?

• Do we have the necessary tools, skills and resources to model our supply chain, including its risks and vulnerabilities, in order to understand the financial impact that various events and scenarios will have on our supply chain?

• Do we benchmark the activities that make up our supply chain?

• Have we identified – and do we monitor – key risk indicators of upstream or downstream activities that might result in a disruption in the supply chain?

• Have we fully integrated our business contingency plans and emergency response plans into our supply chain management initiatives?

Overwhelmingly, supply chains are based on exchange and dependence between firms, each drawing a payoff whose risks must also be measured and managed (Corbett and Groode, 2000; Corbett and Tang, 1999; Reyniers and Tapiero, 1995a,b). Collaboration, for example, is a well-trumpeted mechanism for maximising payoffs. At the same time, managing the risk dependencies between firms engaged in supply-chain exchanges can be daunting. Collaboration is not always possible however, for agreements may be difficult to self-enforce and as a result, dependence risks are strategic and potentially overwhelming. By the same token, strategic focusing and outsourcing by firms, while justified on some theoretical and economic grounds, induce their own risks. These issues specific to supply chains, combined with the operational and external risks that supply chains are subject to and create, require that specific attention be directed to their measurement and to their management. Such measurement will require a greater understanding of firms’ motivations in entering supply chain relationships and the factors that determine their dependence risks (Bank, 1996; Tapiero, 2005a).

However, the growth and realignment along supply chains of corporate entities in an era of global and strategically focused and market-sensitive strategies is altering the

4 C.S. Tapiero and A. Grando

conception of corporate risk in supply chains. Some of these risks, in addition to well known and documented operational and external-hazards risks, include the risks of globalisation, financial markets meltdown and strategic risks, as well as technological, sustainability and risk externalities.

Further, the measurement of risk, in our view, requires a money-value focus (often ignored by the engineering risk literature). Risk exposure and risk management may then be used to expand the ability to deal ex ante and ex post with the adverse money consequences of uncertainty (risk). If risk is money valued by some actor-agent, it need not be valued equally by the agents involved and collaborating in a supply chain, leading to latent supply chain asymmetries with dire consequences to the management of risks. There are, of course, non-money measures, such as measurements of variability (variance, semi variance, range, etc.), reliability-derived measurements and others. In our view these are not risk measurements! However, they are important indicators of risk and ought to be assessed in terms of money so that they can be called risk. How valuable are these risks to individuals? How valuable are they to the supply chain? And how does the market mechanism value these risks? It is through such valuation that events assume a consequence defined as risk. For example, is demand variability a risk measure? Is the loss of capacity a risk measure? Is the cost of losing a client a risk measure? We cannot therefore dissociate the measurement of risk from money (but we do!). Thus, terms often associated with risks, such as variance, standard deviation (volatility), range and other statistics, semi-variance, stochastic orders, utility, Value at Risk (VaR) (quantile measurement), utility and threshold-derived measurements are in fact terms whose valuations define risk. Supply chain managers have thus an important role to assume by measuring and valuing these risks in order to ‘internalise them’ in the costs and benefits calculations that firms use to reach decisions. The purpose of this paper is to consider these risks and draw some essential attention to risks in supply chains. In addition, we shall use a number of cases, to highlight the types of risk we encounter in supply chains and how we may go about integrating them in strategic decisions about supply chains.

2 Risks and supply chains

Risks concern the direct and indirect adverse consequences of outcomes and events that were not accounted for, that were ill-managed or ill-prepared for, and concerns their effects on individual clients, customer-firms or society at large (their externalities). Risks have many causes, induced both internally and externally. Their effects can be internal and external. For this reason, we define risks belonging to four categories:

operational (intra-process) risks

external (hazard risks)

strategic risks and

risk externalities.

The effects of these risks are of different origins and have different consequences. For example, a car not maintained properly and in a dangerous state may break down with numerous consequences spanning the car itself (operational), damaging some lamppost (external hazard) as well as potentially harming other drivers who will be deprived of the light the lamp-post was providing (externality). Similarly, supply-chain

Risks and supply chains 5

risks arise from many factors that originate in firms’ intentionality (or the lack of it), dependencies and of course the risk externalities they are subject to. These risks have also varied consequences, often strategic, reflected in supply chains’ organisations and determine their collaborating intentions and behaviour.

The growth and the interaction of these risks in supply chains has multiplied and mutated. As a result, in supply chains, the traditional focus to operational (intra-firm) and external risks has been augmented by a concern for strategic and externality risks, seeking to internalise and value these risks in measuring and managing firms’ performance. For example, a firm outsourcing its inventories will be confronted by the traditional and supply risks but it may also be confronted by the strategic risks inherent in their relationships with suppliers. Hopefully, these risks may be compensated by both expected costs reduction and supply risks. But is this always the case? Supply dependency, lock-in contracts risks, etc., set in as well, requiring that greater attention be given to the mutation of supply risks in the short and in the longer term as well. These risks, measured with respect to firms’ and supply chain objectives, may lead to unintended results and therefore to costs that were not accounted for or warranted. By the same token, information and power asymmetries may lead to moral hazards and adverse selection risks whose economic effects are well documented (e.g. see Akerlof, 1970; Desiraju and Moorthy, 1997; Hirschleifer and Riley, 1979; Holmstrom, 1979, 1982; Riordan, 1984).

For convenience, we summarise the four categories of risk given in Table 1 below where we have added a number of examples. The definition, the measurement and the management of risk in supply chains is thus far more complex than in a standalone firm and requires at least a ‘multimetric’, for example firm metrics, supply chain metrics as well as environmental (supply chain externality) metrics. Each of these is subject to four classes of risks, including the operational-service risks, external-hazards risks, strategic risks and finally, the risk externalities as stated above. Below, we shall briefly consider these risks in greater detail.

Table 1 Risks: operational, external, strategic and externality

Operational risk External risks Strategic risks Risk externalities Supply delay risks Political Dependence Environmental risks Synchronisation and delays risks

Regulation Outsourcing Non-detection risks

Measurement risks Financial markets Exchange Collective risks Inventory risks Macroeconomic Information

asymmetry Ethics-Social

Quality risks Risk Bias (Leptokurtic, chaos etc.)

Moral hazard Regulation

… Measurement risks Adverse selection … Non-transparency Measurement risks

Operational risks arise as the direct and indirect adverse consequences of events resulting from a number of consequences originating in the operations and services that are not performing as expected. They arise within the firm (metric) or the supply chain (metric) and may have external as well as strategic and externality effects. Operational risks are thus both a cause and a consequence. By contrast, operations’ attributes (e.g. product and service quality) are objective and subjective attributes measured in

6 C.S. Tapiero and A. Grando

many disparate ways. Quality may be based on a measure of excellence (measured absolutely or relatively as it is the case in benchmarking), or be defined as the aptitude to meet consumers’ specifications (as it is the case in industry) or equivalently, it can be measured in terms of the firm’s ability to meet ‘customers expectations’, broadly used to measure service quality. When quality has an adverse consequence that costs money, then that consequence is a measure of this risk. For example, ‘unquality’ is a risk when it is defined as the ‘cost’ of deviating from consumers’ expectations. Thus, quality and risk are highly intertwined concepts, often one expressing the other. In this sense, risk is an essential attribute of quality. Operational risk and quality are therefore also intimately related – one used to measure, to define and to manage the other.

In industrial quality (Tapiero, 1996) the definition of quality risks is based on the management of variations, and consequently their measurement and control are far more specific than it is the case with services. Such differences arise because service quality may be person specific, may mean, may be measured and may be valued in different manners by different persons and firms and in different circumstances. Further, it may depend on both ‘the service provider – the supplier’ and the ‘serviced producer’, each with their own interacting characteristics, wants, etc. For example, a firm overemphasising on-time delivery to a member of the supply chain (because of absolute requirements in synchronisation) while neglecting intangible attributes (the meeting and the discussion that were on-going between clients and delivery persons) can lead to a subsequent loss of customers and thereby to a loss of market share and money.

External risks arise from external events that the firms and the supply chain have little influence over, for example, weather hazards and financial markets risks. Similarly, the current supply chain environment, ‘globalisation’, has opened as well many external threats that have been kept at bay previously. Globalisation is thus both an opportunity and a risk for firms and supply chains alike. It is an opening to markets (with many specificities and risks) while at the same time it is a risk that ‘Global’ competition may invade what may have been traditional and protected markets. These risks are strategic when the effects of globalisation are malevolent. Approaches to risk measurement, valuation and management might differ due to the cultural environment, values and society’s traditions. Each emphasises perspectives often neglected by the other. Such problems often contribute to misunderstandings in business practices and exchanges. Thus risk can be culture sensitive, as has often been observed in practice in the USA, Europe and Asia. In this spirit, the measurement of external risks in a supply chain must also recognise the many intricacies that local habits and culture imply as well as the many opportunities and threat they open (e.g. as it is the case in China). Technology, by the same token, is both an external as well as a strategic risk. It is an external risk because technological innovation is broadly diffused, with firms having little control over technological innovation. Further, the ‘democratisation’ of innovation has removed the centre of gravity in technological innovation from in-grown and managed R&D to innovations appearing in a seemingly spontaneous manner throughout the global chain. For these reasons some firms have abandoned the in-house process of innovation and inventiveness management in favour of a permanent scouting for innovation talent. As a result, technology can be an important source of external risks as well. IT outsourcing, a current fad, is a revealing signal of helplessness in managing a technology, imbedded in a strategic rationale for focusing, which has long-term, and dire consequences for enterprises. These risks are difficult to evaluate however, pitting in one arena short- and long-term considerations.

Risks and supply chains 7

Strategic risks: supply chains are based on exchange and collaboration resulting from economic, managerial and strategic considerations. The former mean that firms’ utility must at least be larger than going it alone when they engage in a supply chain. Strategic risks arise when enterprises exchange with other firms whose motivations may differ. In such situations information and power asymmetries, ‘a tyranny of minorities’, are what make it possible for the few, the ‘blessed’ with some advantage, to threaten and control the many. Further if firms do decide to collaborate, often a randomised strategy is Pareto efficient, which induces an additional risk, which arises due to the actions pursued by the parties engaged. In other words, the mere fact that firms engage in a collaborative relationship induces a risk unlike the risk sustained by firms that ‘go it alone’. Strategic risks arise then from an uncertainty with risk derivatives that are no longer consequences of a latent external (bad enough) uncertainty but the outcome of strategic (and potentially malevolent) behaviour. The trend to outsource and thereby contribute to the growth of supply chains also combines two fundamental tenets of industrial and business strategy: specialisation of functions (or focus) and intermediation. ‘Free riders’ and short-term profit-maximising, for example, can contribute in such situations to a plethora of risks for firms operating in good faith for their benefit and good of the supply chain.

Strategic risks arise importantly due to information asymmetry whose risk effects can be summarised by adverse selection and moral hazard. ‘Adverse Selection’ implies that decision makers are not able to clearly distinguish between the qualities of apparently uniformly priced products (Akerlof, 1970). For example, one may buy a used car, not knowing its true state and therefore the risk of such a decision may induce a cost (risk) sustained by the customer. Risk is thus a function of the relationship between the buyer and the seller. ‘Moral Hazard’ implies that private information can induce a risk. For example, a supplier may use private information to take advantage and deliver a product with adverse consequences for the producer. We may deal with such problems with various sorts of (risk-statistical) controls combined with incentive contracts, which create an incentive not to cheat or lie. For example, some restaurants might open their kitchen to their patrons to convey a message of truthfulness in so far as cleanliness is concerned. A supplier would let the buyer visit the manufacturing facilities as well as reveal procedures relating to the control of quality, service record and reputation, etc. Thus, the control of exchanges between a supply chain parties should therefore keep in mind parties’ intentionality imbedded in their preferences, the exchange terms as well as the information each will use in respecting or not the intended terms of their exchange (e.g. see Reyniers and Tapiero, 1995a,b; Tapiero 2005a–b).

An externality is a cost or benefit that is experienced by someone who is not a party to the transaction that produced it. Externalities are important because they can create incentives to engage in too much or too little of an activity, from an efficiency perspective. When an activity has an uncertain and negative effect it is a risk externality. When all of the costs and benefits of an activity or transaction are internal, meaning that all costs and benefits are experienced by the firm directly involved, we expect the activity or transaction to take place only if the benefits are greater than the costs. For example, say that a good is produced through a supply chain with a price set by the market. What if, in making the product, the supply chain would also contribute significantly to pollution without sharing in cleaning the pollution it has created! In this case, the fact that a product was produced and sold does not necessarily mean that wealth was created because of such an activity or exchange. To know for sure, we have to find out the economic value of the pollution damage done. The problem is that externalities

8 C.S. Tapiero and A. Grando

create a divergence between private costs and social costs. When the social costs are sustained by society alone, it has no risk for the firm or the supply chain. But when a social cost can induce a social response to the polluting firm (and indirectly affect the supply chain), an appreciable risk for the firm and the supply chain can result. For example, supply chains are far more susceptible to risk externalities than individual firms. Finally, the measurement of risk externalities in supply chains is difficult, but they are nonetheless important.

3 Measurement, risk and money

Risk is a consequence, expressing the explicit and latent objectives of the firm. In the supply chain, the unit of exchange is essentially ‘money’ and therefore, risk ought, ultimately, to be measure-valued by money (as it is practiced in finance where the risk premium is used). When individual decision-makers have explicit preferences provided by a utility function for money then the expected utility is used to measure the cash equivalent of the risky stream. In a supply chain, this is of course impossible, unless there is a common utility for the supply chain. Industrial risk applications based on statistical quality control and reliability theory have not been helpful either because they have mostly avoided risk valuation issues by using instead measurements of variations (standard deviation, variance, range, etc.) to characterise risk. The recent concern of Total Quality Management (TQM) and ‘total’ approaches in industrial management that seek to account for all potential risk effects – direct and indirect ones are a departure from the traditional approach that recognise the significant effects of risks but not their value (since the risk pricing problems encountered are hard to resolve). Further, since ‘we value only what we can measure’ and inversely ‘we measure only what we value’, the measurement of risk should emphasise well their value. For this reason, quality measurements in industry have emphasised primarily non-quality because it can be measured, while industrial managers have mostly been oblivious to ‘good quality’ because they were hardly measured. By the same token, while the unknown demand for a product might be a source of (inventory) risk, it is not a risk. It is a measured risk when the consequence of such a demand uncertainty can be assessed in money terms. In this sense, risk measurement implies at the same time its risk definition and its valuation. Such an approach provides a far greater justification and incentive for performance measurement, which becomes extremely important and in some cases may contribute to the growth of supply chains. For example, Barzel (1982), points out that ‘when two inputs have to be measured at two successive junctures, a rationale for an integrated (supply chain – our insertion) firm emerges’. In this sense, measurement has its own error sources and commensurate risks, which induce firms to network in order to work and operate in an environment where measurement and their risks are reduced.

In theory and in practice risk is measured and valued based on two essential approaches which we shall resume by:

1 asymmetric (individual) preferences and

2 market pricing of risk.

The first approach is based on the presumption that ‘persons’ are not indifferent to the size of gains and losses. A risk-averse person for example, would weigh losses more than their equivalent gains! To express such subjective preference, a number of approaches

Risks and supply chains 9

(based and often derived from expected utility arguments) are used pretending to represent persons’ preferences. In this context, a concept of certainty equivalence (if it can be measured or assessed) is used to measure the premium a person would be willing to pay to do away altogether with the risk of a given prospect. This approach turns out not to be practical because the underlying utility of decision makers is not usually known (although it is often expressed in terms of a number of parameters). As a result, an expression for the measurement and the pricing of risk need to be specified in terms of data we can properly refer to and assemble. In this context, ‘expectation and threshold’ (rather than expectation and risk premium) is sometimes used (Artzner et al., 1997, 1999, 2000, 2001). Embrechts (2000) suggest an excess function defined in terms of a loss threshold K and given by: ( ) | .e k E L K L K= − −% % This is in fact a complement to the

celebrated and applied VaR quantile risk model (Jorion, 2000) which measures risk exposure by: 1 .P L K ς> ≤ −% This measure relates to money and implies as well a risk

preference – although doubted by many risk researchers. Explicitly if we set the loss in value due to a risk event by: ( ) VaR ( , ) ,t t tP L a a α α> =% and if the loss is normal with,

( ) ~ ( ( ), ( )),t t tL a N a aµ Ω% then the VaR measures in money terms the risk exposure

expressed as a function of the prospect standard deviation and the quantile risk specified or 1/ 2

1VaR ( , ) ( ) ( ( )) .t t ta a a Z αα µ −= − + Ω Here, α is the probability of the risk exposure

while the loss distribution is normal ( ( ), ( )),t tN a aµ Ω with known mean and known

variance. In this expression note that Z1−α is a quantile statistic of the normal distribution. In Tapiero (2000, 2005b, as well as Tapiero, 1996), I have also shown that such a measurement underlies as well an ex post (regret) decision preference expounded by decision theorists such as Bell (1982, 1985, 1995), Gul (1991) and others. Such an approach implies that ex post consequences have ‘extra’ weight in measuring their value (or cost). Other measures may be based on ex post valuation, may be based on stochastic dominance (such as First Order; Second Order; Third Order; Hazard Rate Ordering; Likelihood Ratio Ordering; Convex and Concave ordering; Peakedness Ordering) etc. These latter risk measures are often used to compare risky choices rather than to value them however. Further, these approaches are subjective, expressing a particular point of view and not the ‘common–market price’ of risk. These approaches are therefore lacking because they do not provide an explicit price for risk. In the following we shall be concerned with some specific and purposely simple examples that highlight these types of risks. The problems we consider are classical textbook cases that we expand and adapt to the risks faced by supply chains highlighted here. The first problem is an inventory problem while the second is a strategic (risk) quality control problem.

4 Selected cases and problems

To highlight some of the issues raised here, we shall consider two problems where risk is measured in terms of money and managed in supply chains in terms of operational, external, strategic and risk externalities (Eeckhoudt et al., 1995; Ritchken and Tapiero, 1986).

Outsourcing inventory and risk valuation in a supply chain (Tapiero and Grando, 2006): consider first and for simplicity individual firms managing inventories

10 C.S. Tapiero and A. Grando

independently and ordering the quantities Rj inducing inventory and shortage costs given by c1j and c2j, respectively, where jD% is the demand for these quantities. The inventory

costs for each of the firms j are random and defined by: 1 ( )j m j j j jC p R c R D += + − +% %

2 ( )j j jc R D −− % where pm is the current market price of buying the good (a part that might

be needed in a production process). An optimal ordering policy based on expected costs minimisation can be found, in this case by minimising:

( ) ( ) ( ) ( )1 20ˆ j

j

R

j m j j j j j j j j j j jRc p R c R D dF D c D R dF D

∞= + − + −∫ ∫% % % %

where ( )j jF D% is the cumulative density function of the jth firm’s demand. It is well

known in such circumstances that the first order condition ˆ / 0j jC R∂ ∂ = leads to an

optimal quantile risk specification for the inventory policy. Namely, we have ( )j j jF R α∗ = where 1 1 21 ( ) 1 ( ) /( )j j j j m j jF R c p c cα∗− = − = + + which can be interpreted as

the shortage risk sustained by the outsourcing firm if it were to be self-managing its inventories and minimising expected costs. In this sense, the traditional inventory problem is in fact an expression of risk exposure used to assess the inventory outsourcing decision as well. The minimisation of expected costs and the risk specification of an inventory shortage are two approaches where one implies the other.

Suppliers strategic risks and control: consider for example a supplier and producer in a supply chain, each with its traditional specification of quantile risks (Type I and Type II errors in statistics as well as the producer’s and consumer’s risk in industrial quality control). Strategic risks recognise explicitly that agents’ motivations, organisations and information asymmetries can be sources of risk. In contrast, the traditional formulation of sampling plans in terms of risk considerations based on Neyman-Pearson theory does not recognise the mutual relationships that exist in a supply chain, avoiding thereby issues which are specific to cooperation, cheating and generally to opportunistic behaviour (Tapiero, 1996). For demonstration purposes and for simplicity, assume that lots of size N are delivered by a supplier to a buyer (a producer of finished products). To assure contract compliance, both the supplier and the buyer can use a number of sampling programmes, each with stringency tests of various degrees (spanning the no sampling case and thereby accepting the lot as is, to the full sampling case and thereby inspecting each individual unit). Let j = 1,2,…, n be the alternative sampling programmes used by the buyer and i = 1,2,…, m be the alternative sampling programmes used by the supplier. Correspondingly, we denote by , , , ,( , ); ( , ), 1, , and 1 , ,p i p i S j S j i n j mα β α β = … = … the

probabilities of rejecting a good lot and accepting a bad one by a producer (indexed p) and a supplier (indexed S), under each alternative sampling programmes selection. These risks are summarised in the matrix below.

( ) ( ) ( ) ( )( ) ( ) ( ) ( )

( ) ( ) ( ) ( )

,1 ,1 ,1 ,1 ,1 ,1 , ,

,2 ,2 ,1 ,1 ,2 ,2 , ,

, , ,1 ,1 , , , ,

, ; , , ; ,

, ; , , ; ,

, ; , , ; ,

p p S S p p S m S m

p p S S p p S m S m

p n p n S S p n p n S m S m

α β α β α β α β

α β α β α β α β

α β α β α β α β

L L

L L

L L

Risks and supply chains 11

For example, for binomial test programmes , ,( , )p i p in k for the producer and , ,( , )S j S jn k for

the supplier, we have then the following risk for the producer (buyer):

( ) ( ) ( ) ( ),

, ,, ,

, 1 1 , 2 20 0

1 1 ; 1p i pi

p i p i

k kn np i p i

p i p i

n nα θ θ β θ θ− −

= =

= − − = −

∑ ∑l ll l

l ll l

where θ1 is a proportion of acceptable defectives (or the AQL) while θ2 is the proportion of unacceptable defectives in a lot (or the LTFD). The probability that a lot is good (i.e. with the standard proportion defectives θ1) is given by π however. The probability that a lot is defective is thus 1−π. For the supplier, the corresponding risks are given by:

( ) ( ) ( ) ( ), ,

, ,,,

, 1 1 , 2 20 0

1 1 ; 1p j p i

S j S j

k kn nS jS i

S j S j

nnα θ θ β θ θ− −

= =

= − − = −

∑ ∑l l

l l

l ll l

For example, assuming that the supplier fully samples and prunes all non conforming units, then the probabilities for the supplier will necessarily be equal to αS,j = 1, βS,j = 0 for all inspection programmes j. If the buyer knew for sure that this were the case, he would then always use a costless no-inspection alternative. In a similar fashion, assume that the supplier accepts a bad lot with some probability (the resulting consumer risk). This probability will of course be a function of the actions taken by the buyer as well. In other words, a bad lot is accepted and reaches a final consumer if it is also accepted by the buyer (producer). The risk probabilities corresponding to each combination of the producer and the supplier selecting a sampling strategy, leads then to the matrix with entries: , , , , , ,(1 ); and ;p i S j S j p i S j S jα α α β β β− for type I and type II errors. As a result, if in a

game the producer selects a sampling strategy i with probability xi while the supplier selects sampling strategy j with probability yj and if both the producer and the supplier specify average risk specifications ( , )p pα β and ( , ),S Sα β respectively, then we have the

following risk constraints (Figure 1).

( ), , , ,1 1 1 1

1 ;m n m n

i j p i S j p i j p i S j pj i j i

x y x yα α α β β β= = = =

− ≤ ≤∑∑ ∑∑

, ,1 1

;m m

j S j S j S j Sj j

y yα α β β= =

≤ ≤∑ ∑

For example, if the supplier accepts a good lot (with probability 1−αS,j), then the event that the buyer–producer rejects the good lot is αp,i (since the lot is good), resulting therefore in a joint probability of rejecting a good lot given by αp,i (1−αS,j). By the same token, if the suppliers reject a good lot, that lot after it has been attended will have no risk under all circumstances (namely the buyer Type I error in such situations is necessarily null). Similarly when the supplier accepts a bad lot with probability βS,j the buyer-producer will also accepts the bad lot with a probability βp,i and therefore the resulting probability of both the supplier and the buyer accepting a bad lot is given by βp,iβS,j. When both the supplier and the producer coordinate their quality control actions, the probabilities (xi,yi) as well as the corresponding samples can be determined by a cost minimisation problem in sampling costs. However, when the supplier and the buyer–producer reach their control decisions independently, the probabilities (xi,yi), express the strategic samples applied by each of the parties, determined by the game the parties are involved in. Such games can be defined in many different manners however,

12 C.S. Tapiero and A. Grando

reflecting the information asymmetry, power asymmetry and of course the behavioural assumptions made regarding the potential collaboration. These problems are of course not considered when the parties consider that they face only an external risk. In a supply chain context, if all costs for the producer and the supplier are defined, then the sample selection problem is defined by minimising the expected costs subject to the risk constraints. The strategic quality assurance sample programmes are then given by solving the following mathematical programmes:

, ,, ,1 1 1 1

ˆ ˆMin ; Mini pi j S j

n m n m

i j p ij i j S ijx n y ni j i j

x y C x y C= = = =∑∑ ∑∑

S. t.: (1)–(4), (7), (8) and

1 1

1, 1, 0 1, 0 1n m

i j i ii j

x y x y= =

= = ≤ ≤ ≤ ≤∑ ∑

which can be solved by the usual techniques. Nevertheless, it is obvious that in such a case, non-zero (xi,yi) will imply a randomised strategy selected by both the supplier and producer, adding thereby another source of uncertainty whose consequences may be costly as well. If firms cooperate or course least cost sampling programmes can be selected.

Firms and supply chains can turn of course to more extensive modelling of the supply chain risks as implied here. Needs and experience have indicated numerous and often inventive approaches to dealing with supply chain risks. According to an August 2003 white paper by Aon www.AON.com some of the problems they have encountered and deal with in political (strategic) risks include:

• Tight timeframes: while JIT manufacturing has enabled companies like Dell Computer to extract costs from their processes, it also leaves less room to manoeuvre when a supplier does not come through. Not only might alternative suppliers bargain harder on costs, but the timeliness of the company’s product delivery might also be threatened. When timeframes were stretched even more by border delays after 11 September, some companies sought certification by the voluntary Customs-Trade Partnership Against Terrorism (C-TPAT). The certification, which requires a rigorous self-assessment of a company’s supply-chain security, provides company imports with a fast lane through Customs if they measure up. Overall, it seems that the longer the time between securing raw materials and shipping finished products or the larger the buffer of materials on hand, the less political risk in the supply chain. Too long a cycle time or too big a buffer, of course JIT goes out the window.

• Custom designs: the more exacting the product specification, the less wiggle room for the manufacturer that must find a new supplier. To take an extreme case, a one-off product blueprint might require an alternative supplier to retool its own operations – a process that could result in months of delay and a drain on the manufacturer’s revenues.

• One supplier: like low-inventory strategies, the currently fashionable single-source doctrine increases political risk even as it adds to efficiency. But on occasion – say, when it is harvest time for one particular fruit – it cannot be helped.

Risks and supply chains 13

• No geographic diversification: relying on suppliers from just one country could result in devastating delays if, for example, war were to break out in the region. Pencilling in alternative suppliers in different countries, but in the same region, might do no good; as the authors of the Aon study suggest, ‘a full-scale Korean conflict would likely disrupt production in much of Asia, at least for a time.’

References

Agrawal, V. and Seshadri, S. (2000) ‘Risk intermediation in supply chains’, IIE Transactions, Vol. 32, pp.819–831.

Akerlof, G. (1970) ‘The market for lemons: Quality uncertainty and the market mechanism’, Quarterly Journal of Economics, Vol. 84, pp.488–500.

Aon (2005) Protecting Supply Chains Against Political Risks (www.AON.com).

Artzner, P., Delbaen, F., Eber, J.M. and Heath, D. (1999) ‘Coherent risk measures’, Mathematical Finance, Vol. 9, pp.203–228.

Artzner, P., Delbaen, F., Eber, J-M. and Heath, D. (2000) ‘Risk management and capital allocation with coherent measures of risk’, October, Available at: www.math.ethz.ch/finance.

Artzner, P., Delbaen, F., Eber, J-M., Heath, D. and Ku, H. (2001) ‘Coherent multiperiod risk adjusted values’, October, Available at: www.math.ethz.ch/finance.

Artzner, P., Delbaen, F., Eberand, J.M. and Heath, D. (1997) ‘Thinking coherently’, RISK, Vol. 10, pp.68–71.

Bank, D. (1996) ‘Middlemen find ways to survive cyberspace shopping’, Wall Street Journal, December, Vol. 12, p.B6.

Barzel, Y. (1982) ‘Measurement cost and the organization of markets’, Journal of Law and Economics, April, Vol. 25, pp.27–47.

Bell, D.E. (1982) ‘Regret in decision making under uncertainty’, Operations Research, Vol. 30, pp.961–981.

Bell, D.E. (1985) ‘Disappointment in decision making under uncertainty’, Operation Research, Vol. 33, pp.1–27.

Bell, D.E. (1995) ‘Risk, return and utility’, Management Science, Vol. 41, pp.23–30.

Corbett, C. and de Groote, X. (2000) ‘A supplier’s optimal quantity discount policy under asymmetric information’, Management Science, Vol. 46, No. 3, pp.444–450.

Corbett, C. and Tang, C. (1999) ‘Designing supply contracts: contract type and information asymmetry’, in S. Tayur, R. Ganeshan and M. Magazine (Eds). Quantitative Models for Supply Chain Management, Boston: Kluwer Academic Publishers.

Desiraju, R. and Moorthy, S. (1997) ‘Managing a distribution channel under asymmetric information with performance requirements’, Management Science, Vol. 43, pp.1628–1644.

Eeckhoudt, L., Gollier, C. and Schlesinger, H. (1995) ‘The risk-averse (and prudent) newsboy’, Management Science, Vol. 41, No. 5, pp.786–794.

Embrechts, P. (Ed) (2000) Extremes and Integrated Risk Management, London: Risk Books.

Gul, F. (1991) ‘A theory of disappointment aversion’, Econometrica, Vol. 59, pp.667–686.

Hirschleifer, J. and Riley, J.G. (1979) ‘The analysis of uncertainty and information: An expository survey’, Journal of Economic Literature, Vol. 17, pp.1375–1421.

Holmstrom, B. (1979) ‘Moral hazard and observability’, Bell Journal of Economics, Vol. 10, No. 1, pp.74–91.

Holmstrom, B. (1982) ‘Moral hazard in teams’, Bell Journal of Economics, Vol. 13, No. 2, pp.324–340.

14 C.S. Tapiero and A. Grando

Jorion, P. (2000) VaR: The New Benchmark for Managing Financial Risk, New York: McGraw Hill.

Lee, H. and Whang, S. (2001) ‘The impact of the secondary market on the supply chain’, Management Science, Vol. 48, pp.719–332.

Peck, H. (2003) ‘Cranfield school of management report on creating resilient supply chains: A practical guide’, Report produced by the Centre for Logistics and Supply Chain Management, Research funded by the Department for Transport, Available at: http://www.cranfield.ac.uk/som/scr.

Reyniers, D.J. and Tapiero, C.S. (1995a) ‘The delivery and control of quality in supplier-producer contracts’, Management Science, October–November.

Reyniers, D.J. and Tapiero, C.S. (1995b) ‘Contract design and the control of quality in a conflictual environment’, Euro Journal of Operations Research, Vol. 82, No. 2, pp.373–382.

Riordan, M. (1984) ‘Uncertainty, asymmetric information and bilateral contracts’, Review of Economic Studies, Vol. 51, pp.83–93.

Ritchken, P. and Tapiero, C.S. (1986) ‘Contingent claim contracts and inventory control’, Operations Research, Vol. 34, pp.864–870.

Tapiero, C.S. (1995) ‘Acceptance sampling in a producer-supplier conflicting environment; Risk neutral case’, Applied Stochastic Models and Data Analysis, A, Vol. 11, pp.3–12.

Tapiero, C.S. (1996) The Management of Quality and Its Control, London: Chapman and Hall.

Tapiero, C.S. (2000) ‘Ex-post inventory control’, International Journal of Production Research, Vol. 38, No. 6, pp.1397–1406.

Tapiero, C.S. (2005a) Risk Management, John Wiley Encyclopedia on Actuarial and Risk Management, New York-London: Wiley.

Tapiero, C.S. (2005b) ‘Value at risk and inventory control’, European Journal of Operations Research, June.

Tapiero, C.S. (2006) ‘Consumers risk and quality control in collaborative supply chains’, European Journal of Operations Research, October 18.

Tapiero, C.S. and Grando, A. (2006) ‘Supplies risk and inventory outsourcing’, Production Planning and Control, Vol. 17, No. 5, pp.534–539.

Zsidisin, G.A., Ragatz, G.L. and Melnyk, S.A. (2004) Effective Practices for Business Continuity Planning in Purchasing and Supply Management, The Supply Chain Management faculty in the Eli Broad Graduate School of Management at Michigan State University.