SUPPLY CHAIN RISK MANAGEMENT

Transcription

1 SUPPLY CHAIN RISK MANAGEMENT

2 RIRL 2010 Bordeaux September 30th & October 1st, 2010 RIRL 2010 The 8th International Conference on Logistics and SCM Research BEM Bordeaux Management School September 29, 30 and October 1st 2010 Sécurisation de la supply chain : renseignement et intelligence globale Claude Delesse Professeur à BEM Bordeaux Management School, France Membre associée au GRSG Groupe de recherche sur la sécurité et la gouvernance EA4176, Université Toulouse 1 Capitole, France [email protected] Résumé Force est de constater une évolution des recherches et des concepts autour des notions de sécurité de la supply chain. Parallèlement l intelligence économique, approche également transversale et stratégique, a peu pénétré le champ de la logistique globale alors que les menaces se complexifient et que les praticiens de la supply chain prennent conscience de leurs difficultés à appréhender la dangerosité. Il est ici suggéré de repenser les concepts de sécurité et d intelligence logistique à partir de deux principes empruntés à l intelligence économique : le renseignement et l intelligence collective. Cet article a pour but de faire émerger des objets de recherche jusque là relégués à un rang marginal dans le champ conceptuel de la supply chain et de susciter des axes de réflexion à partir d un métissage des approches logistique, risk management et intelligence économique. Supply chain, Intelligence économique, Sécurité globale, Sûreté, Intelligence logistique Maîtrise de l information, Renseignement, Intelligence collective, Intelligence globale 1

3 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Les firmes en opérant grâce à des chaînes logistiques complexes se fragilisent de plus en plus face à des risques protéiformes auxquels elles sont peu préparées et qui se révèlent d autant plus critiques qu ils se caractérisent par une faible probabilité et un fort impact. Mondialisations, globalisation, récession, externalisation, délocalisation, informatisation, géolocalisation, déshumanisation, lean management, mono et offshore sourcing, différenciation retardée, judiciarisation etc. multiplient les vulnérabilités au détriment de la robustesse. Pillages, conflits politiques ou ethniques, guerres civiles, corruption, fraude, transports illicites de marchandises, activités mafieuses, criminalité organisée, infiltration sectaire, piraterie maritime, cybercriminalité, actes terroristes, destruction d infrastructures, changements climatiques, risques NRBCE 1, etc. sont susceptibles de rompre un monde d ordonnancement. Considérer la chaîne logistique uniquement sous l angle d une arme opérationnelle pour remporter des marchés et accroître les résultats, la penser comme des flux linéaires de produits et d informations, dans l idéal ininterrompus, conduisent à négliger les questions de résilience associée à l appréhension des risques dans des contextes particuliers. Les firmes développent souvent l illusion interne ou partagée avec leurs fournisseurs et leurs clients immédiats de contrôler la chaîne alors que la réalité des réseaux actionnés et des situations apparaît d une tout autre complexité. L approche systématique et structurée de conceptualisation des vulnérabilités et des risques liés à la supply chain, est relativement récente (Svensson, 2000, 2002 ; Zsidisin et al, 2000 ; Harland et Brenchley, 2001 ; Johnson, 2001 ; Norman et Lindroth, 2002 ; Peck & Jüttner, 2002 ; Sheffi, 2002 ; Hauser, 2003 ; Chopra et Sodhi, 2004, van Wyk et Baerwaldt, 2005). D après la revue de la littérature et l enquête menées par Uta Jüttner, Helen Peck et Martin Christopher (2003), le risk management ouvre des pistes de recherche positivistes ou normatives, relatives en particulier aux sources de risques, aux réseaux et au management stratégique de la supply chain. La sécurisation de celle-ci est généralement abordée sous l angle de la visibilité, de l adaptabilité, de la flexibilité ou de l agileté (Christopher et Rutherford, 2004), l identification des risques étant alors jugée dans cette optique comme primordiale (Simchi-Levi, 2000, 2003, 2008). Les managers sont constamment confrontés à un dilemme, à savoir renforcer la sécurité sans mettre en péril l efficacité de la supply chain. La littérature apporte un certain nombre de réponses dont l appropriation d une démarche qualité totale (Lee et Wolfe, 2003), la méthode Scor (Faisal et al, 2007), etc. Dans l ensemble il est davantage question de prévisions relatives à la demande et à la production que de prospective stratégique. La perception des risques influence le comportement des décideurs 1 NRBCE : Nucléaire, radiologique, biologique, chimique, explosifs 2

4 RIRL 2010 Bordeaux September 30th & October 1st, 2010 (Sitkin et Weingart, 1995) et les points d ombre accentuent la vulnérabilité de la supply chain. Des enquêtes récentes montrent que les spécialistes de la supply chain et du management des risques sont de plus en plus préoccupés face à un contexte crisogène marqué par l accentuation de menaces hybrides. Ils déplorent de ne pas trouver de réponses très satisfaisantes, malgré le développement des technologies de l information et des systèmes intelligents. L importance de la maîtrise globale stratégique et opérationnelle de l information est négligée, alors qu elle est placée au cœur des préoccupations de l intelligence économique qui selon la définition officielle d Alain Juillet consiste en «la maîtrise et la protection de l information stratégique pour tout acteur économique. Elle a pour triple finalité la compétitivité du tissu industriel, la sécurité de l économie et des entreprises et le renforcement de l influence» 2. Cette idée est à rapprocher du concept de sécurité globale (Delesse, 2008) qui est caractérisée par l INHES comme la capacité d assurer à une collectivité donnée et à ses membres, un niveau suffisant de prévention et de protection contre les risques et les menaces de toutes natures et de tous impacts, d où qu ils viennent, dans des conditions qui favorisent le développement sans rupture de la vie et des activités collectives et individuelles». Il semble donc pertinent de se demander comment l intelligence économique telle que définie préalablement participe à la sécurisation globale de la supply chain et permet d élargir le concept d intelligence logistique. Une revue sélective de la littérature académique et professionnelle montre les limites de l approche risque/sécurité dans le management supply chain (I). Il apparaît utile de focaliser sur la notion de renseignement, processus et produit (II), qui doit être intégrée dans une culture d intelligence logistique globale basée sur le leadership des global supply chain managers et sur la responsabilisation de parties prenantes sensibilisées (III). 1. DES THÉORIES ET DES PRATIQUES DÉCALÉES DE LA DIMENSION SÉCURITÉ GLOBALE Le traitement des risques de la chaîne logistique considérée comme une source de création de valeur et porteuse de différenciation concurrentielle consiste avant tout à réduire les impacts défavorables sur la performance. L intelligence économique, approche transversale et stratégique, n a guère pénétré ce champ d étude et celui de la logistique globale alors que les univers se complexifient et que les praticiens de la supply chain prennent conscience de leurs difficultés à appréhender la dangerosité. 2 France. Premier Ministre. Secrétariat général de la défense nationale (2006 ), Le référentiel des formations en Intelligence économique [en ligne]. 3

5 RIRL 2010 Bordeaux September 30th & October 1st, Le supply chain risk management (SCRM), la supply chain security (SCR) et l intelligence économique (IE), des concepts transverses. La notion de supply chain management (SCM) ne fait pas consensus. Selon Helen Peck (2006) le concept a évolué depuis son apparition dans les années quatre-vingt en intégrant les relations amont et aval dans une chaîne globale visant à créer de la valeur pour le client (Christopher, 1998). John T. Menzer et des chercheurs associés (2001) définissent le SCM comme la coordination systémique, stratégique, des fonctions opérationnelles classiques et de leurs tactiques respectives à l intérieur d une même entreprise et entre des partenaires au sein de la chaîne logistique, dans le but d améliorer la performance à long terme de chaque entreprise membre et de l ensemble de la chaîne. Ils ont clairement distingué la supply chain orientation (SCO) avec sa philosophie et ses aspects stratégiques des fonctions opérationnelles et tactiques de la SCM. Les firmes tentent de gérer les risques en développant des stratégies de type supplier-focused approaches (Zsidisin et al, 2000 ; Sheffi, 2001 ; Lee et Wolfe, 2003 ; Rinehart et al, 2004 ; Tang, 2006) et/ou par une maîtrise rigoureuse des stocks et des lieux de stockage. Elles gèrent des cycles de vie raccourcis de nombreux produits et technologies, sont imaginatives en termes d assortiments et de conditionnements, prévoient une demande de plus en plus incertaine, rebondissent malgré des ruptures de systèmes ou de violation de propriété intellectuelle ou d approvisionnement (Chopra et Sodhi, 2004). La stratégie lean permet de concevoir les flux de marchandises prévisibles, mais il faudrait penser global et recourir plus systématiquement à des stratégies agiles, celles-ci convenant parfaitement dans des environnements peu prévisibles caractérisés par une demande de grande variété (Christopher, 2009). Notons que la sûreté globale en termes d identification des menaces et de réponses est absente des propos. La confusion se retrouve dans l étude du supply chain risk management (Haywood, 2002 ; Peck, 2006). Laville (2006) le caractérise comme «une approche systématique servant à déterminer la meilleure voie à prendre en cas d'incertitude, en identifiant, en évaluant, en comprenant et en communiquant les questions liées aux risques et en prenant des mesures à leur égard». Le SCRM est l identification et le management des risques pour la supply chain à travers une approche coordonnée entre ses membres afin de réduire la vulnérabilité globale (Jütter, Peck et Christopher, 2003). La supply-chain dont schématiquement les risques associés aux flux physiques et d information sont relatifs à la dissonance entre offre et demande se trouve confrontée à des risques environnementaux, organisationnels et réseaux (interactions des organisations au sein de la supply chain). Ils ne peuvent pas être prévus avec 4

6 RIRL 2010 Bordeaux September 30th & October 1st, 2010 certitude et ont un impact variable. Il existerait des différences systématiques dans la perception des concepts de risque et elles dépendraient des spécificités des supply-chains et des secteurs. De plus le concept de risque dominant pour le manager influencerait l approche de management des risques. Uta Jüttner et al (2003) préconisent une approche proactive dans laquelle les risques seraient anticipés à un stade plus précoce ainsi qu une collaboration entre logisticiens et risk managers. Ces auteurs suggèrent de s inspirer de l idée de concession entre management des risques et création de valeur explicitée par Y. Sheffi (2002) afin de développer des outils utiles aux supply chain managers. Toutefois l'ouverture est timide en ce qui concerne le rôle de l'information, simplement évoquée à travers la notion d "information share" vue sous les angles de coopération et de flexibilité. On perçoit pourtant que l information est indispensable, ne serait-ce que pour évaluer les sources de risques. Une firme se doit d identifier ses risques opérationnels, ceux des autres entités impliquées dans la chaîne et les fragilités occasionnées par les liens entre les organisations (Jüttner, 2005 ; Faisal et al, 2007, Franck, 2007). Une culture de risk management s appuie sur la confiance entre partenaires et avec les fournisseurs. Culture et leadership font parties des cinq éléments sensibles pour gérer les risques (Drew et al, 2006). Les supply chain managers doivent, pour plus de visibilité, évaluer et contrôler les risques en collaboration avec les partenaires (Zsidisin et al., 2003), reconsidérer les notions de relations, de collaboration, de confiance, de partage de l information, d implication et de ressources vis-à-vis d eux (Speckman et Davis, 2004). En mutualisant l identification des risques pour chaque entité et pour la chaîne en général il devient possible d adopter de concert des mesures moins onéreuses puisque partagées. Des engagements clairs voire contractuels facilitent à long terme le partage d informations sensibles et de compétences. L information ressort comme un critère important pour la sélection du meilleur paradigme de réduction de risque de la supply chain, les autres étant les dimensions financière, relationnelle et physique (Faisal et al, 2007). Considérant en se référant à la pensée de Forrester (1958) que la supply chain relie les organisations, les industries et les économies, Peck (2006) et des chercheurs associés (2003, 2005) la caractérisent comme un système intégré, interactif. Ils considèrent que la vulnérabilité doit être prise en compte à différents niveaux d analyse (performance et survie d un processus, actif vital ou infrastructures, à l échelle d une organisation, d un réseau interorganisationnel, d une économie ou d une société. Tous les risques (hasard et menaces) ne peuvent être systématiquement évités, contrôlés ou éliminés. La résilience qui est l habileté à absorber et à atténuer l impact de toute perturbation ne serait pas un problème d'entreprise, mais un problème de supply chain (Sheffi 2006 ; Rice et Caniato 2003). Elle doit être 5

7 RIRL 2010 Bordeaux September 30th & October 1st, 2010 considérée de même que la sécurité comme un investissement (Sheffi, 2005). La capacité d'une firme de redémarrer après un choc dépend plus des décisions qu'elle prend avant l'évènement que pendant et après. Se préparer à l incertain, à diverses attaques sur diverses entités implique une coopération public-privé et une organisation particulière pour défendre les employés, les actifs physiques et immatériels sachant qu il faut rechercher un équilibre entre besoin de sécurité et exigence d efficience (Sheffi 2000, Wyk et Baerwaldt, 2005). Depuis le 11 septembre 2001 le Global Supply Chain Management GSCM s est imposé comme un paradigme élargissant le champ d études à de nouvelles thématiques de risques et comme partie intégrante de la stratégie (van Wyk et Baerwaldt, 2005). La supply chain security (SCS) consiste en l application de politiques, procédures et technologies pour protéger les actifs de la supply chain (produits, installations, équipements, information et personnes) du vol, des dommages, du terrorisme et afin de prévenir la pénétration de la contrebande, l infiltration de personnes non autorisés et l introduction d armes de destruction massive dans la supply chain (Closs et McGarrell, 2004 ; Williams et al, 2009). Chaque supply chain est potentiellement crisogène. Elle nécessite l observation concrète de sa complexité propre. Helferich et Cook (2002) se sont appuyés sur le guide de la FEMA 3 pour établir leurs propres recommandations en matière de processus de management de catastrophe, d information amont et d identification d expertises. Le processus de management de crise peut se décomposer en cinq phases : détection des signes d alerte, préparation-prévention, réponse/réduction, récupération, apprentissage (Mitroff, 1988 ; Pearson et Mitroff, 1993 ; Brouard et Sprott, 2004). Situation perturbatrice, la crise échappe à toute régularité et s inscrit généralement en dehors des cadres opératoires et des schémas de référence typiques des gestionnaires (Roux-Dufort, 2000). Elle porte un apprentissage comportemental, mais aussi en termes de paradigme (adopter une totale nouvelle approche dans la façon d opérer) et en termes systémique (système d alerte et détection, compréhension globale et meilleures stratégies face à des situations complexes comme le terrorisme) (Simon et Pauchant, 2000, Brouard et Sprott, 2004). La crise offrirait une ouverture pour exercer ses capacités en intelligence de l information et de situation. La «business intelligence» est une activité adaptée à l action, cela dans toutes les phases du management de crise. La prise de conscience est la principale contre-mesure (Fuld, 1989, Levitin, 1998, etc.). Elle repose sur la sensibilisation et la formation des salariés qui doivent déceler les dangers de leur environnement et adhérer aux politiques et pratiques de sécurité. Il est avant tout nécessaire 3 FEMA. Federal Emergency Management Agency. 6

8 RIRL 2010 Bordeaux September 30th & October 1st, 2010 d accorder un intérêt au processus de collecte d information qui offre un système d identification des risques potentiels (Brouard et Sprott, 2002). Une rapide recherche dans les corpus supply chain à partir des termes information ou intelligence fait émerger une importante littérature en business intelligence (peu pertinente ici) émanant souvent de consultants. Une approche originale est proposée par Christine Roussat et Nathalie Fabbe-Costes (2008) qui avaient antérieurement abordé les pratiques de veille technologique en logistique en étudiant le cas des prestataires de services logistiques (2000). Elles confrontent une démarche méthodologique d anticipation fondée sur une vision centrée sur les supply chains, leur management et leur évolution, au courant prospectif en vue de dégager des pistes d enrichissement mutuel pour saisir des univers stratégiques complexes contemporains. Mais l intelligence logistique évoquée se base sur une notion restreinte de veille et l article est peu explicite sur les acteurs et les facteurs de risque. La chaîne logistique étant un tout organisé qui transcende le seul niveau de l entreprise, la gestion interorganisationnelle des connaissances apparaît comme un levier potentiel de la performance (Fabbe-Costes et Lancini, 2009). Cette recherche pourrait être poursuivie en s intéressant plutôt aux notions de compréhension (stade supérieur à la connaissance) et de sûreté globale. Une réflexion générale portant sur les apports possibles de l'intelligence économique et stratégique à la logistique globale a été initiée sous l angle de la pensée stratégique et au niveau des opérations (Delesse et Verna, 2004). Les clins d oeil vers l anticipation, la proactivité, une nouvelle lecture du monde, la contre information, le mouvement efficace, l approvisionnement durable et l intégration optimale n ont guère suscité de travaux postérieurs théoriques ou empiriques dans le cercle des chercheurs en supply chain. Nolan et Quinn (2000) reconnaissent l importance de la prévention contre les actes terroristes et la nécessité de déployer une stratégie de protection du processus d intelligence. La protection des actifs physiques et intangibles sous-entend d adopter des mesures englobant la contreintelligence et la sécurité en s appuyant sur un audit systématique pouvant porter sur la culture, le management/leadership, les ressources et la structure de la firme et sur chaque phase de la collecte et de la protection d information. Précurseur dans la réflexion et la concrétisation de l intelligence économique en France le préfet Rémy Pautrat (2006) rappelle que l intelligence économique est une culture managériale qui fédère et coordonne. Elle emprunte ce qui la compose (stratégie, management de l information, organisation, outils de protection, etc.) à diverses approches disciplinaires dispersées dans des spécialisations mais en même temps elle invente tout dans un mouvement de synergie qui met en valeur les relations entre ces composantes du tout et leur donne une puissance nouvelle (Pautrat, 7

9 RIRL 2010 Bordeaux September 30th & October 1st, ). Elle est une réaction contre les excès des démarches positivistes aujourd hui largement dépassées même si elles ont marqué une avancée vers la scientificité. Excercée dans un cadre éthique, l intelligence économique n est pas de l espionnage économique et industriel. Elle n est pas réductible aux systèmes d information qui demeurent des outils. Elle ne se limite à aucune de ses composantes comme la veille étroitement dépendante de la pensée stratégique et qui n apporterait rien sans l analyse et le partage de l information. Il est également illusoire de concevoir un dispositif d IE sans une réelle politique de sécurité de l information, sécurité, qui, prise isolément, ne peut aboutir qu à l enfermement. Donc il s agirait plus de développer une intelligence logistique globale orientée sûreté et basée sur un système parfaitement renseigné que de procéder à une approche classique des risques. 1.2 L émergence de nouvelles menaces et d études spécifiques L aléa défie la rationalité. Les firmes sont exposées à une multitude de dangers, des plus prévisibles aux menaces les plus improbables, peu ou pas ou trop médiatisées. Le crime gère des marchés, procède par intégration verticale et horizontale, investit en R&D, génère en chiffre d affaires plusieurs milliers de milliards de dollars. Le blanchiment représente environ 25% des réserves monétaires du monde (Bauer, 2010) 4. Pour Pascal Teixeira Da Silva 5 (CDSE, 2010), les fractures de la globalisation font des entreprises des cibles privilégiées confrontées à la violence politique et idéologique (contestations, rebellions, sécessions) ainsi qu aux prélèvements illégaux commis par les relégués de la mondialisation. Il évoque les ponctions criminelles dans les zones de non-droit, la piraterie maritime, les enlèvements (rançon parfaitement monneyable dans le cas des entreprises au contraire des Etats), différents trafics comme celui de la drogue et le terrorisme qui concerne aussi les entreprises françaises car elles incarnent l occident et son matérialisme honni, collaborent avec des régimes apostats notamment dans l exploitation des rentes pétrolières et gazières, pillent les ressources. Beaucoup de menaces ne sont pas nouvelles, mais gagnent en intensité voire se métamorphosent. En illustrant par le cas de la frontière mexicaine où cartels de la drogue, militaires déserteurs de l armée mexicaine et cultes pseudo catholiques (Santa Muerte ou Jesus Malverde) contrôlent des territoires, X. Raufer (CDSE, 2010) exprime la crainte que de nouvelles manières d agir dans des criminalités fusionnelles, hybrides servent de modèles. Les dirigeants redoutent souvent une contamination de produits et les conséquences sur leur image (attaques informationnelles et réputationnelles). Ils respectent les règles et les normes 4 Club des Directeurs de Sécurité des Entreprises CDSE (2009), Comment les entreprises font-elles face aux nouvelles menaces? Actes du troisième colloque annuel du CDSE, OCDE, Paris, 15 décembre. p Directeur de la stratégie de la Direction générale de la sécurité extérieure DGSE. 8

10 RIRL 2010 Bordeaux September 30th & October 1st, 2010 imposées par les autorités publiques, les pratiques des distributeurs mais se préparent-ils réellement à des actes malveillants de contrefaçon et d empoisonnement, à des déstabilisations orchestrées ou véhiculées par de multiples acteurs qui les offrent en pâture à l opinion publique et à la sphère boursière. Le 11 septembre a renforcé les exigences vis-à-vis des organisations, la chaîne logistique étant reconnue faire partie de la stratégie globale pour la sécurité nationale. La sécurité de la supply-chain recouvre les activités qui protègent des dommages, du terrorisme et de la contrebande (Wilson, 2005 Williams et al, 2009). A court terme le 11 septembre a eu un impact sur les secteurs de l aéronautique, du tourisme, sur l immobilier, le secteur des assurances, également sur les marchés financiers, la capitalisation des firmes dans des secteurs stratégiques (transport aérien, assurance) et sur les fluctuations des prix des matières premières comme le pétrole et l or (Alexander et Alexander, 2002 ; Brouard et Sprott, 2004). Il a par contre favorisé les secteurs de la défense, de la presse, de la sécurité et de la santé. Dramatique, l événement a entamé la confiance et diminué la demande conduisant les firmes à réduire la production, à supprimer des usines, à geler les investissements et à licencier des salariés. Yossi Sheffi (2001) rappelle que beaucoup de ruptures n ont pas été causées par l événement en lui même mais par les réponses du gouvernement (fermeture des frontières, blocage du trafic aérien, évacuation d immeubles). La chaîne logistique s inscrit dans une logique systémique. Toute modification du contexte peut la perturber, cela d autant plus qu elle présente des points de vulnérabilités. In fine les firmes sont fragilisées par des effets domino, ceux-ci semblant s être accentués au cours des dernières années (Jüttner, Peck, Christopher, 2003). En Angleterre le Civil Contingency Act (2004) fut en préparation bien avant le 11 septembre. Autorités et industriels déjà préoccupés par l'encéphalopathie spongiforme bovine dans les années 90, par les protestations concernant le carburant en 2000 et par la fièvre aphteuse en 2001 ont réalisé que des évènements sortaient du cadre des doctrines de plan d urgence élaborés depuis longtemps. Non localisées sur des sites spécifiques, ils émergeaient progressivement contrairement aux crises à la surprise brutale et leur impact sur la supply chain était systémique (Peck, 2006). La fièvre aphteuse eut pour heureuse conséquence la réalisation d une étude exploratoire sur la vulnérabilité de la supply chain aussi dénommée supply network 6. Elle fut menée en 2002 par le Centre for Logistics and Supply Chain Management CLSCM de l université de Cranfield en collaboration avec l université de Heriot-Watt à la demande du Department for Transport (formerly DTLR), Department for 6 CRANFIELD UNIVERSITY. School of Management (2002). Supply Chain Vulnerability (2001-2), January. Management/Supply-Chain-Research-Centre/Supply-Chain-Risk-And-Resilience/Supply-Chain-Vulnerability

11 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Trade and Industry (DTi) et du Home Office. Les sources de risques peuvent être externes (provenant des interactions avec l environnement) comme les catastrophes naturelles, les actes terroristes, les actions directes (contestations sur la hausse de l essence) ou internes (accidents, difficultés opérationnelles d un partenaire, interactions et absence de collaboration au sein de la supply chain). Le manque de confiance entre les membres de la supply-chain est le risque principal. Pouvant entraîner des réactions isolées aggravant la situation, il est lié à deux éléments constitutifs à savoir la visibilité et le contrôle (capacité de répondre au bon moment à des problèmes de manière adéquate et de les détecter à temps). Les organisations se devant d identifier leurs vulnérabilités supply chain, les sources du risque et de déterminer comment le traiter, le rapport préconise d adopter une approche managériale de type 3P (Philosophy, Principles and Process). Il insiste sur l éveil au risque chez les managers, sur l intégration du risk management au management de la supply chain, sur le fait que tout changement dans la stratégie modifie les profils de risque de la supply chain et que dans toute entité chaque individu doit avoir une bonne connaissance de son rôle ainsi que la conscience du risque. Plusieurs principes sont soulignés en termes de pratiques : la prise en compte des risques influence la conception et la structure de la supply chain ; le risk management doit s appuyer sur un haut niveau de visibilité et de compréhension de toutes les entités, sur des exigences claires en termes de performance et sur les moyens de communication entre les entités ; le supply chain risk management repose sur un processus d ajustement et de coopération entre les entités internes et externes. Au niveau tactique le processus englobe l identification des risques, l évaluation (probabilité, impact, coût), le management de continuité et les processus de coordination, les retours d expérience). Une enquête d Economist Intelligence Unit (EIU, 2009) co-parrainée par la compagnie d assurances ACE a cherché à comprendre comment les firmes sont affectées par le risque supply chain et comment elles y répondent. Elle a été menée auprès de 500 managers ayant une responsabilité en matière de risk management dans différentes compagnies en Asie- Pacifique, Nord Amérique et en Europe. Le rapport révèle que beaucoup d'entreprises mettent en place des stratégies visant à augmenter l efficacité et la performance de leurs chaînes logistiques, ont du mal à gérer efficacement au niveau stratégique les risques liés aux fournisseurs, ne considèrent pas la gestion des risques liés à la chaîne logistique comme stratégiquement importante et ne développent pas l expertise nécessaire. 30% des répondants ont subi des sinistres liés aux systèmes d information, 25% aux équipements et 26% au vol. Les conflits du travail sont également préoccupants mais la récession a mis l accent sur d autres problèmes : 62% des répondants évoquent la difficulté à prévoir la demande, 59 % 10

12 RIRL 2010 Bordeaux September 30th & October 1st, 2010 les fluctuations du taux de change, plus de la moitié la hausse des coûts et les fluctuations des prix de l énergie? Un tiers parle de l insolvabilité de leurs partenaires ou de leurs fournisseurs. La dégradation des relations avec eux peut entraîner un effet domino et des défaillances dans les chaînes logistiques Le protectionnisme se renforce en Chine, Allemagne, France et Japon. La pression sur la réduction des coûts incite certaines entreprises à rechercher des partenaires moins-disants, mais aussi à tenir compte des incertitudes politiques et en matière d infrastructures. La majorité des sondés disent que leurs sociétés prennent des mesures significatives visant à relever ces défis. Beaucoup pensent que le risk management de la supply chain a une importance stratégique. 60% reconnaissent la pression des dirigeants pour booster la résilience de leur supply chain. Mais 35% estiment qu il y a un manque de culture du risque au niveau de la direction. Presque la moitié déplore une sous-évaluation de l impact potentiel du risk management et le manque d expertise en la matière. 40% pensent que leur organisation manque de visibilité sur la chaîne globale 7. L Edhec a obtenu 82 réponses à une enquête menée auprès des directeurs de la sécurité en grande partie adhérents au Club des dirigeants de sécurité des entreprises (CDSE) à propos des crimes commis contre les entreprises en 2008 et 2009 (Monnet, Very et Hassid, 2010). Parmi les 35 crimes cités 8 se détachent le vol de produits ou d équipements sur les sites (84% des cas), les fraudes internes et le détournement d argent par les employés (67%), les intrusions dans les systèmes d information (39%) et la contrefaçon (39%). Au moins un tiers des firmes répondantes ont subi des sinistres comme attaques armées contre le site (34%), espionnage (34%), usurpation d identité de l entreprise (33%) et piraterie en particulier routière (33%). Le crime est un fait avéré qui fait partie de la vie de l entreprise. Les actes criminels proviennent de sources internes ou externes : employés (87% des répondants), petite délinquance (76%), hackers et experts informatiques (66%), autres entreprises (60%), crime organisé (53%), agents publics (38%), groupes terroristes et guérillas (31%). Les impacts économiques et stratégiques dépendant du degré d exposition, ils se révèlent plus saillants pour les entreprises internationales. Les répercussions organisationnelles et procédurales sont susceptibles de concerner toute entreprise. Le crime n est plus la seule affaire du responsable de la sécurité. Cette enquête possède intrinsèquement ses propres limites puisqu elle n est qu une vue partielle de l existant et se base uniquement sur ce que les entreprises veulent bien 7 The Economist intelligence Unit (2009), Managing supply-chain risk for reward: a report, EIU, London, 20 p. 8 CDSE (2009), Op.cit. Les crimes peuvent se répartir en quatre catégories : prédation de ressources ; parasitisme s appuyant sur l organisation, la structure, la logistique avec à la clé du trafic illicite ou du blanchiment d argent ; destruction de sites ou dégradation ; compétition (contrefaçon, prédation de marchés publics notamment, détournement de privatisation, affrontement de concurrents contrôlés par des criminels, tentative de prise de contrôle par des acteurs malveillants. 11

13 RIRL 2010 Bordeaux September 30th & October 1st, 2010 voir et dire. Il est important de faire attention aux menaces qui existent mais encore plus d exercer la capacité de voir venir ce qui émerge et de repérer les individus mécontents quels qu ils soient. Les infrastructures critiques sont particulièrement préoccupantes. La cybermenace n est qu affaire d intelligence et de puissance asymétriques. Aussi, d anciens hauts fonctionnaires américains ont participé le 16 février 2010 à Washington à une cybersimulation, baptisée "Cyber ShockWave", au cours de laquelle ils ont testé les parades possibles à une offensive coordonnée contre les réseaux téléphoniques et d électricité, l internet et les moyens de transport, le tout accompagné de quelques attentats à l explosif en des endroits stratégiques 9. Citons enfin l étude d Ann Vereecke (2010) qui distingue cinq types de risques supply chain : processus, approvisionnement, demande, contrôle et environnemental. Ce dernier vu comme spectaculaire se divise en trois catégories : désastres de la nature ; propriété intellectuelle, notoriété, responsabilité sociale ; risque causé par des actions gouvernementales, des grèves dans les transports, etc. L enquête qu elle a menée auprès de 255 entreprises débouche sur un score de maturité gestion de risque de la supply chain inférieur à 3 ce qui se révèle insuffisant. Seules 12% des entreprises obtiennent une note de Ces différentes études tendent de toute évidence à montrer la diversité des risques, leur nature, leurs possibles imbrications ou hybridations et les effets cascade. Il est temps de repenser la sécurisation de la supply chain en repoussant les frontières des cadres spatiaux, temporels, politiques, stratégiques, tactiques et disciplinaires. Le décloisonnement des expertises ainsi que le métissage des approches logistique, risk management et intelligence économique devraient permettre d apporter des réponses adaptées à la modernité des menaces. Deux principes empruntés à l intelligence économique peuvent aider à construire une approche holistique, proactive et résiliente. Le renseignement bien pensé est un instrument puissant pour anticiper des risques systémiques, par essence difficilement quantifiables et identifiables, et surtout pour repérer et qualifier des acteurs malveillants. Mais la réponse face aux vagues déferlantes de dangers et menaces doit être collective, transinstitutionnelle et souvent concertée avec le politique. 9 Club des directeurs de sécurité des entreprises, Détection précoce [en ligne],18 février Ann Vereecke (2010), Au bord de la rupture pp. 2-3 in «Management de la gestion du risque dans la supply chain», Stratégies Logistique, Hors série, janvier, 12 p. 12

14 RIRL 2010 Bordeaux September 30th & October 1st, LA SÉCURISATION DE LA SUPPLY CHAIN SUPPOSE UNE INTELLIGENCE LOGISTIQUE GLOBALE BASÉE SUR LE RENSEIGNEMENT «L intelligence économique peut fournir des heuristiques, c est-à-dire des recettes, des méthodes pratiques de quête de la connaissance éprouvées par l expérience et qui aident à préserver son esprit critique, à déceler les signaux faibles et à repérer les sources d information pertinentes de l environnement» (Huyghe, 2009). Elle facilite des réflexes informationnels et communicationnels qui se singularisent dans chaque expérience. En se callant sur une stratégie globale de supply chain elle peut agir comme un facteur déterminant de l issue des opérations. Sa finalité est plus la compréhension que la connaissance Le renseignement est l essence des pratiques de sûreté qui s avèrent complexes dans le cas d une supply chain Le renseignement d anticipation (estimate intelligence) fournit en amont des éléments d appréciation sur les risques potentiellement encourus. Etre informé en amont pour favoriser un déploiement optimal et robuste des supply chains est un exercice difficile à conduire de manière globale mais aussi focale, en permanence y compris dans l urgence. Le renseignement de sûreté aide à sécuriser la conduite des opérations et des manœuvres dès la conception. Il fournit des éléments d appréciation sur les crises potentielles, sur les sourdes évolutions qui pourraient impacter la performance de la supply chain ainsi que sur la psychologie et les capacités d actions d entités potentiellement hostiles. Il conforte les choix d options stratégiques de résolution de crise. Concrètement, en toutes circonstances, à tout moment et en tout lieu, le manager doit s efforcer de prendre conscience d un déficit de savoir, s'interroger, questionner les autres, entendre leurs propres questions afin de discerner les informations essentielles et crédibles, que celles-ci concernent le terrain, les processus ou les acteurs. Le global Supply Chain Manager assume de fortes responsabilités qui doivent le conduire à s'intéresser aux différents partenaires, aux sous-traitants, aux fournisseurs, aux clients, aux implantations, aux unités de production et de distribution, aux sites, aux entrepôts, aux équipements, aux prestataires de technologies, ainsi qu aux acteurs susceptibles de perturber les flux physiques, financiers, d information, de personnes et les relations humaines. S il lui faut travailler sur des prévisions et considérer les relations de confiance au sein de toute 13

15 RIRL 2010 Bordeaux September 30th & October 1st, 2010 supply chain, il ne doit pas pour autant ignorer les contextes (mondiaux, régionaux, locaux), les climats sociaux spécifiques et occulter l observation d entités stratégiques (États, clans tribaux, organisations criminelles, cartels mafieux, pirates informatiques et des mers, ONG, syndicats, éco-terroristes, anarchistes, groupes antiglobalisatio, sectes, terroristes, etc.), de personnes ou de groupuscules (salariés, leaders politiques ou d opinion, journalistes, avocats, experts, meneurs d hommes, etc.). La supply chain est un objet d étude d autant plus compliqué que divers processus doivent être pris en compte ainsi que des réticulations et des contextes dynamiques singuliers. Il est envisageable de repérer à partir des intentions stratégiques les situations insatisfaisantes, les risques encourus à ne rien faire, les axes d action en matière de renseignement SCM (Fig.2), de protection de l immatériel (Fig. 3), de relations amont - stratégies s influence (Fig. 4) et de management de crise (Fig. 5) tout en précisant les rôles et les missions des personnes impliquées à l interne et à l externe, les sources utiles, les délais et les actions à entreprendre. Cette démarche s intègre progressivement et durablement dans une culture de maîtrise de la sécurité globale (Fig. 1). L étude du renseignement militaire (Francart, 2002) suggère quelques idées complémentaires. Pour mieux identifier des fractures susceptibles d engendrer des ruptures ou des perturbations, il convient de s intéresser à trois catégories d espace : (1) les espaces physiques (terrestre, maritime, aérien, virtuel) ; (2) les espaces structurels à savoir l espace économique (zones de production, d approvisionnement, etc.) et l espace politicoadministratif (frontière, type de lois appliquées.) ; (3) les espaces humains (zones de peuplement, structures sociales ) et l espace de représentation (aspiration géopolitique, idéologique, etc.). Dans chaque espace des acteurs utilisent des réseaux ou les créent : réseaux conditionnant la mobilité et la contre mobilité, réseaux de circulation de biens matériels, d énergie, de personnes physiques, de flux financiers ou informationnels, réseaux humains provisoires, organisés, institutionnalisés, réseaux hiérarchiques ou, informels et maillés, etc. Identifier, neutraliser, contrôler certains d entre eux peuvent se révéler des actions salvatrices. L intérêt doit également focaliser sur toute entité hostile, ses enjeux, les buts qu elle poursuit, ses relations aux autres acteurs, les options stratégiques qu elle peut envisager, ses moyens de mise en œuvre (commandement, renseignement, communications, logistique), ses atouts et handicaps, ses capacités d engagement dans un conflit, son environnement. Les questions sur les systèmes de pouvoir visent à déterminer la nature et les limites de la maîtrise des espaces par une entité identifiée comme centre de pouvoir. Il s agit 14

16 RIRL 2010 Bordeaux September 30th & October 1st, 2010 de percevoir les éléments qui peuvent provoquer l effondrement du système de pouvoir hostile, ses centres déterminants d action, ses points de cohérence lui permettant d agir de façon coordonnée vers son objectif et ses points de vulnérabilités faiblement défendus. L appréciation des situations est autant affaire d expérience que de connaissance du contexte, du terrain et des acteurs. La contre-intelligence mérite une forte attention (Fig. 3). Celle-ci s exerce dans le but de rendre inopérants les systèmes de renseignement de l ennemi (à identifier en amont) et de troubler ses facultés de compréhension. Or, la complexité des supply chains accroît les vulnérabilités informationnelles. Les acteurs malveillants utilisent des failles technologiques mais le plus souvent humaines pour récupérer de multiples indices qui recoupés constitueront pour eux le renseignement recherché (Nolan 2000). La contre-intelligence est renforcée par la contre- ingérence, celle-ci consistant à prendre des mesures contre la pénétration des lieux physiques et des systèmes. «C est souvent par le réseau informatique d une entreprise que s ouvre les clefs de l information confidentielle, celle dont la détention permet de donner un avantage concurrentiel, ou celle dont la destruction peut nuire définitivement au développement voire à l existence de l entreprise (Henry Proglio, CDSE, 2010). Un bon réflexe consiste avant tout à s interroger sur ce qui est vital pour la supply chain et ses entités, sur ce qui relève du secret. Les hommes clés, les alliances constituent autant de cibles que les projets, les fichiers clients ou fournisseurs, les procédés de fabrication, les zones de stockage, les plans de sites, les flux de matières précieuses ou sensibles, les architectures logistiques, les plans de continuité d activités etc.. De ce point de vue l acuité et le bon sens font plus que les modèles déterministes et les prévisions qui montrent leurs limites dans des environnements de plus en plus hostiles et complexes. C est une lutte permanente contre tout individu (ou entité) évoluant dans l ombre et qui bénéficie ainsi de certains avantages. La cible ignore qui va la surprendre, à quel endroit, à quel moment et avec quels moyens. Ajoutons que les capacités des adversaires en termes d intelligence économique ne sauraient rester ignorées. Possèdent-ils un service structuré? De quel type? Qui est à la tête, simple documentaliste ou ancien des services de renseignement ou des forces spéciales? Le processus de protection défensive/offensive étroitement lié à celui de renseignement offensif/défensif est aussi représentée dans un cycle : orientation (ce que l on veut et souhaite protéger), analyse des vulnérabilités, évaluation des risques et des menaces, mise en place de mesure de prévention protection dissuasion- assurance (Brouard, 2004). Dans le 15

17 RIRL 2010 Bordeaux September 30th & October 1st, 2010 processus d approvisionnement par exemple, une approche classique cherchera plutôt à garantir les produits, les flux de matière contre le vol en particulier alors que l approche contre-intelligence suscitera des questions relatives aux fragilités informationnelles associées à cette étape, tout renseignement sur la nature des fournisseurs, des matières premières, des pays d origine étant stratégique? Des parades seront alors mises en place comme l achat de matières premières par le biais de sociétés captives, le recours à des facturations internes pour des achats effectués par des sociétés créées par des salariés de l entreprise ou l échelonnement des achats (Nolan, 2000). La sécurisation d une supply chain se conçoit en fonction des opportunités recherchées, des atouts et des vulnérabilités, du degré d exposition, des acteurs et des menaces intentionnelles endogènes ou exogènes, des impacts. Cela nécessite d enclencher très tôt une démarche de questionnement au niveau de la logistique globale et de la poursuivre tout au long du déroulement des processus. Les logistiques opérationnelles n échappent pas à la règle Le renseignement est un processus qui réclame de l expertise. L orientation, étape préalable, consiste à identifier les réponses souhaitées et à fixer les axes d'intérêt développement/sûreté pour éviter de se maintenir dans une anorexie informationnelle et d encourir des risques méconnus car non suspectés en amont. Elle s appuie sur une logique itérative d'interrogations audacieuces et de propositions inventives, individuelles et collectives, à partir de formulations de base : «Qui? Quoi? Avec qui? Contre qui? Quand? Où? Comment? Pourquoi? Pour combien de temps? Quoi si?». Xavier Guilhou et Patrick Lagadec (2008) parlent de hardiesse de questionnement et de réponses en rappelant les quatre points d entrée de la démarche fondamentale qu ils préconisent «pour détecter au plus tôt les signaux aberrants (souvent annonciateurs de décrochages majeurs) et venir aider au pilotage lors des grands chocs» : «De quoi s'agit-il? Quels pièges? Quels acteurs? Quelles initiatives?». En s appuyant sur le cas du Titanic Bertrand Robert (2009) propose, exemples et questions à se poser en appui, une typologie des signaux faibles qu il faut déceler précocément, écouter et relier en amont des crises ou des transformations d un système. Pour «voir venir» il s agit de s interroger sur les signaux oubliés dans son univers professionnel, sur les signaux non conventionnels, sur l orgueil signalé ou la rigidité des croyances dans des «impossibles», sur les signaux rares mais significatifs, sur les signaux éloignés, sur les signaux de déviance, sur les signaux retenus ou cloisonnés, sur l incapacité à traiter le signal et sur les signaux dévalorisés voire ridiculisés. 16

18 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Cet exercice indispensable force à définir les besoins d informations en adéquation avec les axes stratégiques, tactiques ou opérationnels de toute supply chain. Il oriente la recherche basée sur l expertise des sources et des outils, sur le repérage des personnes "qui savent " et des experts. Le plan de renseignement guide des opérations délicates du fait d une infoobésité ambiante, de l évolution des technologies de l information et des communications, du fait aussi des stratégies de désinformation, des manipulations informationnelles en tout genre et de la résurgence d une gestion offensive de l information. Cette étape enclenche plusieurs modes de collecte coordonnés qui procèdent par multiplication des angles d approche et dont le produit après traitement constitue le renseignement intelligence») utile au global supply chain manager. Le renseignement de documentation, renseignement de base («basic intelligence») fondé sur le passé, s élabore à partir de l information interne détenue par les acteurs de la supply chain (retours d expérience ou RETEX, journaux de bord qui relatent la chronologie de faits et les mesures déjà prises, connaissances mémorisées) et à partir des «informations dites blanches» 11. La veille stratégique, en complémentarité permanente, décele des tendances, des décrochages, des signes de crise potentielle, des mouvements d acteurs, des faits et des événements nouveaux, des indices d évolution, etc. Des procédures d alerte, l exploitation systématisée de dépêches, la traque automatisée d informations en continu, la surveillance de blogs et de groupes de discussion ou d émissions podcastées, l utilisation de flux rss et plus encore l implication des hommes sur le terrain alimentent la «current intelligence». Stratégique voire opérationnelle, la veille se décline en veilles spécifiques selon les préoccupations des managers. L observation cherche à préciser ou recouper les indices et les signaux d alerte (Francart, 2002). Ce peut être également l action de considérer avec attention les choses physiques ou les choses morales. Un signal interprété comme signe de dangerosité ou d opportunité peut être capté par hasard (en fait, inconsciemment, l attention est influencée par l existence d une préoccupation) ou par observation volontaire, en fonction des besoins d informations formulés par rapport à l intention sécuritaire. Il est utile de repérer les hommes de la supply chain qui, curieux et perspicaces, sont aptes à l écoute multisensorielle et à la sérendipité 12. Le global supply chain manager peut ressentir aussi un besoin d investigation qui suppose la consultation d experts en renseignement, géopolitique, risque-pays, sécurité, etc. Une question particulière est 11 Informations ouvertes que chacun peut obtenir par des canaux classiques. Par exemple le site du Council of Supply Chain Management Professionals propose des monographies pays «Global Perspectives» qui permettent d évaluer les potentialités d une supply chain et l environnement logistique, de repérer des fournisseurs et des partenaires localement, de prendre connaissance des réalités de l environnement des affaires, de repérer des sources d information fiables. Council of Supply Chain Management Professionals. What can CSCMP Global Perspectives do for you? 12 Faculté de capter au hasard ce que l on ne cherchait pas au départ voire de saisir ce qui pour d autres passerait inaperçu. 17

19 RIRL 2010 Bordeaux September 30th & October 1st, 2010 examinée de manière approfondie «pour obtenir des informations pertinentes permettant de se déterminer par rapport à l objet de l investigation» (Francart, 2002). Exercices indispensables, la validation et le recoupement des informations émanant de sources bien différenciées et qualifiées demandent un esprit critique que chaque logisticien à son niveau doit exercer. L analyse est une lecture à un moment spécifique qui consiste pour un individu, un groupe à combiner les informations et à générer du sens selon un alphabet et des règles propres au système qu il cherche à comprendre (Lacoste, 2006). Les rapports des commissions d enquête sur le 11 septembre 2001 ont étudié l échec des services état-uniens de renseignement en identifiant quatre procédures permettant de relier les indices : l inférence, la déduction, la recherche de patterns au moyen de l exploration des données (data-mining) et la séparation des signaux authentiques du bruit ambiant dans la masse très considérable d informations recueillies (Brodeur, 2007). La mise en perspective permet de dégager une vue d ensemble, d envisager des scénarios futurs, de jauger leur plausibilité. Le questionnement agit comme un antidote à une prétentieuse omniscience. La pensée liante se substitue à la croyance de l isolement des causes et des symptômes. La question fondamentale est la place de l analyse dans les mécanismes de risque (Bauer, CDSE, 2010). La sécurisation de toute supply chain suppose une intelligence logistique globale : savoir ce qu il faut saisir, savoir ce que l on sait, comprendre, faire croire ou empêcher qu autrui ne sache ce qu il ne faut pas. Pour cela, il faut s appuyer sur des personnes fiables et compétentes, sur des équipes régulières et durables tout en évitant le recours à du personnel sous-qualifié et sous-rémunéré, parfois méconnu. Il n en demeure pas moins difficile de faire circuler l'information dans une organisation pour qu'elle arrive au centre de décision concerné et juste à temps. Les crises sont la plupart du temps imputables à des facteurs comportementaux et organisationnels déviants, qui se traduisent par un manque de pertinence et d exploitation de l information, par des dysfonctionnements dans la circulation de celle-ci. Les signes existent, mais c est plus la compétence humaine qui est en question. 3. L INTELLIGENCE LOGISTIQUE GLOCALE EST AFFAIRE D HOMMES ET DE RÉSEAUX La sécurité de la supply chain peut être renforcée mais cela requiert des changements dans les modes de pensée, le maintien d un leadership et un apprentissage permanent dans les secteurs 18

20 RIRL 2010 Bordeaux September 30th & October 1st, 2010 privés et publics (Closs et McGarrelll, 2004), l idée de maîtrise du renseignement devant être de surcroît intégrée. 3.1 La sécurisation de toute supply chain requiert un fort leadership, stimulateur d une culture de sûreté Concrètement la mise en place d'une architecture de supply chain sécurisée s'appuie sur des pré-requis essentiels comme l implication et le leadership des global supply chain managers, la communication des politiques et stratégies, l utilisation d'un langage commun dans le champ de la sécurité globale, des hommes initiés et motivés, une démarche concertée, et les retours du terrain (cf. Fig.1). Le logisticien stratège affirme la volonté d anticiper sachant que la stratégie est aussi affaire d intelligence. Il recherche une vision globale des activités envisagées ou en cours. Il prend en considération les processus, les infrastructures et les dynamiques réticulaires pour mieux appréhender la sûreté. Il adopte dès le début de la conception de la supply chain une approche holistique en intègant les jeux d acteurs, les ruptures envisageables et les conséquences. Cet état d esprit l engage dans une démarche concertée, structurée, proactive pouvant se révéler préventive, protectrice, dissuasive. En ce sens, il lui appartient de se placer plus dans les champs de la prospective que dans ceux de la prévision. Il lui faut discerner les échelles du probable et de l improbable, être en mesure de jauger la part à laisser au hasard, savoir où il veut aller, ne pas hésiter à dire non, affirmer sa volonté, être à l écoute, valoriser des personnes, mettre en confiance et en situation. Confronté à l inconnu, il doit plus que tout autre être attentif aux décrochages et pas seulement aux simples écarts de gestion ou de fonctionnement dans son univers. L intelligence (renseignement élaboré externe et interne) dont il dispose ouvre la voie vers la pertinence des décisions et l efficacité des actions commanditées pour que le bon produit soit au bon endroit au bon moment, y compris dans les contextes les plus hostiles. Elle offre la possibilité de garder une certaine liberté de pensée, de décision et d action tout en faisant gagner en maturité par rapport aux pratiques courantes. Préparé à toute éventualité, le global supply chain manager a conscience qu il engage, parfois en situation d urgence, des actions qui peuvent avoir des conséquences humaines, immatérielles, matérielles, environnementales et financières à plus ou moins long terme. Il garde à l esprit qu il est nécessaire de protéger des biens, un capital immatériel ainsi que des Hommes mais aussi de raisonner des activités humaines insouciantes, malveillantes ou 19

21 RIRL 2010 Bordeaux September 30th & October 1st, 2010 destructrices pouvant entraîner une situation de catastrophe et par là même porter atteinte aux populations et à la société. Il accepte (ou sait convaincre) en conséquence d investir en ressources humaines et financières. Un équilibre coûts/bénéfices est à trouver en tenant compte des autres buts de la firme (Sheffi, 2001). Concevoir, produire, transporter, livrer, distribuer voire sécuriser mobilisent des compétences particulières qu il s agit de déterminer dans la phase conception amont, y compris au paroxysme d une crise (Où veut-on aller qui?). Le choix des forces vives et la détermination de leurs responsabilités au sein de la supply network s avère primordial. Dirigeants supply chain et équipes d encadrement «incarnent un leadership qui fait sens face à des crises émergentes, crises molles et «en dehors des modes de représentation classique des risques». Lorsqu elle éclate, la crise suppose la capacité à piloter en univers extrêmement turbulent avec perte des référentiels, donc à en changer (Lagadec, Guilhou, 2008) et d apprendre non à prévoir l imprévisible, mais à s y adapter et à en exploiter les potentialités (Huyghe). Les «conjonctures critiques» que Michel Dobry (1986) différencie des «conjonctures routinières» marquées de déterminisme et fatalisme exigent des décisions extraordinaires, la mobilisation d acteurs compétents, d experts ou de spécialistes (on peut penser aux pompiers, négociateurs, forces spéciales, démineurs, scientifiques, etc.). Il y a souvent heurt d objectifs car la priorité va aux actions intentionnelles, urgentes et rapides, et non plus réglementaires et formelles, même si les situations d urgence sont-elles mêmes fondées sur de tels règlements. Les organisations complexes modernes, cloisonnées et divisées bureaucratiquement, sont régies effectivement par des règlements contraignants, qui rassurent, mais paralysent et isolent à l inverse sur elles mêmes toutes les structures traditionnelles rendues ainsi extrêmement vulnérables. Les routines ficèlent les comportements dans des procédures, formatent pour isoler et non pour faire réagir ensemble en cas d événement déstabilisant. Agir en dehors du cadre habituel, c est cela qu impose la crise, c est aussi à cela qu incite l intelligence économique. Les réflexes qu elle développe pourraient donc préparer à construire des réponses individuelles et collectives sous réserve qu'il existe un leadership porteur d innovation logistique et imprégnée d une culture de sûreté. Il s exerce en faisant preuve d humilité, d altérité, de curiosité, de respect du secret, d audace et d imagination. Il stimule des Hommes aux cultures diverses qui, rompus aux aléas, contribuent à déployer des talents quelles que soient les situations. 3.2 Les acteurs de la supply chain sont les moteurs d une Intelligence partagée embarquée dans une dynamique de sécurité globale. 20

22 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Les experts et les membres de toute supply network embarqués dans la transversalité et la réticularité ont une forte responsabilité en tant que contributeurs au renseignement. La vision globale est dépendante des informations fournies par les unités sur le terrain (Francart, 2002). Les hommes en général doivent à leur niveau (conception ou action) exercer leur discernement et être en éveil permanent. Savoir capter les indices, déceler les signaux d alerte précoces et savoir communiquer tant qu il est temps, même si le message dérange, sont exigibles au titre des compétences individuelles pour chaque poste ou mission clairement définie, et cela y compris tout au long d un cycle de crise (Boucher, 2008). L initiative personnelle doit pouvoir recevoir un écho dans un système général de sûreté. Si le sens premier d intelligence correspond à la faculté de comprendre, le terme désigne aussi la capacité à la relation, le fait de s entendre mutuellement. Il sous-entend une connivence, parfois des complicités secrètes, des accords et des ententes ou des désaccords (en bonne, en mauvaise intelligence) (Petit Robert ; Amiral Lacoste, 2006). Tout système humain suppose un «mécanisme de communication où chacun des acteurs se sente impliqué, de manière pleine et entière avec un rôle à la fois de pourvoyeur d information, de destinataire, d intégration et d éclatement constant des informations, de telle façon que l intelligence devient effectivement collective» (Amiral Pierre Lacoste, 2006). Les parties prenantes internes et externes doivent donc être incitées à collaborer et être responsabilisées en tant que vecteurs d information et en tant qu experts. Elles peuvent également intervenir comme relais d influence auprès des instances décisionnaires locales, nationales ou internationales dans le but de favoriser ou de protéger des activités (Van Wyk et Baerwaldt, 2005 ; Delesse, 2008). Le destin à long terme des firmes est lié à celui d autres entités et aux éléments de leur écosystème. Il dépend des capacités conjointes en matière sécuritaire (Sheffi, 2001). La faculté à identifier les vulnérabilités et à améliorer la résilience de la supply chain demande de développer des discussions directes avec des entités externes comme les fournisseurs, les contractants et les clients. Elle requiert de renforcer les échanges intra et trans-sectoriels et de collaborer avec les firmes concurrentes (Faisal et al, 2007). Mais les interventions de professionnels lors du colloque annuel 2010 du CDSE laissent supposer que c est plus que cela. Pour Robert Kilian, Directeur du management des risques d IKEA, le département sécurité est une fonction soutien faisant partie intégrante des fonctions essentielles de l entreprise. Il est au coeur de l organisation. Pour Edwige Bonneyle, Directrice maîtrise des risques au Commissariat à l énergie atomique, il n y a pas un dossier qui ne nécessite une mise en commun avec des 21

23 RIRL 2010 Bordeaux September 30th & October 1st, 2010 personnes d autres secteurs. Luc Oursel membre du directoire Areva Nuclear Power met l accent sur la transversalité, la vigilance sans paranoia, la fierté d appartenance des équipes et la volonté d en défendre les intérêts. Décloisonner est une urgente nécessité. Des relations de confiance entre managers, État(s), collectivités territoriales et entreprises, contribuent à renforcer la compétitivité et la sécurité économique. Leaders gouvernementaux et industriels ont la nécessité d y apporter une attention concertée, le secteur public devant comprendre les intérêts du privé et ce dernier les contraintes des politiques (Closs, 2004 : 36). L État a pour responsabilités d identifier certaines menaces et les moyens de les traiter, de renforcer l arsenal juridique et préventif, de maintenir la sécurité des infrastructures critiques. Régalien et acteur de poids dans les catastrophes, il impose et sécurise. Stratège, il fixe les orientations générales, renseigne, accompagne et soutient les entreprises dans leurs activités sensibles, les opérations à l étranger et leurs efforts de protection 13. Il appartient au privé, sensé connaître les ressources étatiques, de se mobiliser à des fins lucratives voire humanitaires. Les entreprises ont à faire connaître leurs vulnérabilités. Beaucoup d entre elles ayant des activités à l étranger peuvent posséder des informations importantes pour la défense nationale (Sheffi, 2001). Il leur faut travailler en connivence avec différents services, dont ceux du renseignement, ainsi qu avec la gendarmerie nationale. Il leur est souvent utile d établir des liens avec des entreprises privées de renseignement ou de sécurité soigneusement sélectionnées, avec des associations comme le Haut comité français pour la Défense civile (HCFDC), des groupes de réflexion, des organisations professionnelles, avec le monde militaire, les sphères diplomatiques et consulaires, etc. Thorsten Neumann, Chairman of Transported Asset Protection Association (TAPA) in the Europe, Middle East and Africa (EMEA) region, pointe l accent sur le partage de l information entre membres de l association et avec les instances gouvernementales et réglementaires 14. La prise en compte de futurs aux enjeux trans-sécuritaires et multi-localisés projette la stratégie globale supply chain dans des pratiques concertées fortement responsabilisées qui reposent sur une connaissance réciproque des missions et des rôles, une 13 Cf «Circulaire du 14 février 2002 relative à la défense économique», J.O, n 70, 23 mars 2002, p NOR : ECOZO200005C. 14 He said: "Overall, we know from research among our members that participating in TAPA has enabled them to reduce losses in their supply chain. The 67 million of losses reported through our Incident Information Service (IIS) in 2009 is still a fraction of the overall total for the industry as a whole and we are determined to continue to drive this figure down through continued improvements in our security requirements, shared intelligence among our members and developing closer relationships with government and law enforcement agencies." «TAPA Brings Together Security and Logistics Specialists Together To Discuss Reducing Multi-Million Euro Losses from Cargo Crime», The Journal of Commerce Online, May 13, :16PM GMT, 22

24 RIRL 2010 Bordeaux September 30th & October 1st, 2010 compréhension mutuelle, des échanges d informations ou d expertises. Accepter la différence et s adapter à d autres modes de pensée sont les bases d une intelligence partagée, opérationnelle en temps réel de façon permanente en n importe quel lieu et à tout moment. Des actions de sensibilisation et de formation sont incontournables pour initier et renforcer cet état d esprit et cette manière d être. Face aux réels enjeux trans-sécuritaires le supply chain manager devrait concevoir et soutenir des politiques de formation visant à accompagner les personnes qui en permanence se trouvent confrontées à des menaces endogènes et exogènes, finalement systémiques et particulièrement nuisibles voire destructrices, difficilement détectables du fait de leurs caractéristiques inhabituelles, intangibles, improbables. Quelques messages sont prioritaires comme l absurdité d avancer de manière dispersée et sans concertation, l opportunité d intégrer la dimension intelligence globale aux activités logistiques, la prise en compte de la contre-ingérence et de la contre-intelligence. La sécurisation repose sur une approche interconnective, curieuse d identifier les acteurs, les causes et les effets cascade. Elle établit obligatoirement des liens entre la sécurité des entreprises, la sécurité économique, la sécurité intérieure, la défense, la sécurité civile, la sécurité humaine tant au niveau régional et national, qu européen et international, tant dans les sphères physiques que virtuelles. D où l importance du concept de Sécurité globale pour ne pas dire glocale. Schématiquement toute entité doit réaliser qu il est urgent d apprendre à maîtriser le renseignement pour déjouer les situations critiques, y compris dans un temps court, de réactiver le bon sens et de développer des réflexes. Il est possible de franchir un degré supérieur dans la formation de tout individu en s inspirant de préceptes de Xavier Guilhou et Patrick Lagadec, à savoir préparer les esprits au chaotique, à l implication personnelle dans des situations tétanisantes et gravissimes. Renforcer la résilience et la réflexivité nécessite de débrider les comportements, de sortir les individus de l exclusivité des logiques de pilotage forgées pour les univers exclusivement stables, cloisonnés, parfaitement connaissables et gérables. Il est autant irresponsable (et non l inverse) de croire avec certitude à l universalité des réponses que d envisager exclusivement le recours aux logiques rompues de plans de secours et de continuité, ceux-là même que les décideurs initient le plus souvent par crainte des réglementations en matière de sécurité et de responsabilité civile et pénale. L important est de préparer à être surpris, à sortir du cadre, à agir en univers mutant et chaotique, à prendre en compte l asymétrie ainsi que l inversion brutale des fondamentaux, à intégrer le décloisonnement, à renforcer les relations humaines. L émergence d une «alchimie collective» s appuie sur la confiance durable, l implication, la 23

25 RIRL 2010 Bordeaux September 30th & October 1st, 2010 lucidité, l inventivité, la responsabilité, l intelligence. La préservation et l expansion du niveau de confiance, centre de gravité du management de crise, guide les actions au stade de la prévention, du pilotage à chaud et de la cicatrisation (Robert, 2009). Pour cela, il faut «réinjecter de la vision et de la cohésion dans le fonctionnement des têtes de groupe», endurcir les hommes dans leurs champs de responsabilité afin d éviter d avoir une fragilisation par dilution de responsabilité et une décomposition des terrains. Le souci d amélioration permanent sort des habitudes, de l indolence et de l irresponsabilité collectives. Les préoccupations portent plus sur l exceptionnel au fort impact que le fréquent à l impact modéré. Une pratique partagée de l intelligence globale au sein de la supply chain peut contribuer à tout cela. CONCLUSION L exploration de la littérature sur le supply chain risk management, la supply chain security et la sécurisation de la chaîne logistique met surtout en avant des préoccupations par rapport aux risques de performance, liés à la demande ou aux approvisionnements. Le 11 septembre a avant tout suscité une production relative au traitement des symptômes (par des plans de continuité par exemple) en négligeant la dynamique amont des menaces et de leur traitement. Bien que le partage de l information soit souvent cité, sa maîtrise n est généralement abordée que par le biais des statistiques, de la veille ou des technologies de business intelligence. Par contre l importance du renseignement et celle de l intelligence collective sont particulièrement soulignées dans les champs de l intelligence économique voire du management de crise, cela tout particulièrment pour faire face aux actions malveillantes, aux évènements non-prédictibles, à l instabilité, à l irrégularité, au non-sens et au désordre. La lecture du monde actuel devient d une particulière complexité pour de nombreux professionnels du risque, de la sécurité et de la logistique qui s avouent conscients de la mutation des risques mais démunis en matière de réponses à y apporter. Confrontés à des menaces hybrides, les global supply chain managers ont l impérieuse nécessité d acquérir une meilleure vision de la globalité, d instiller de la transversalité dans leur système, de comprendre les spécificités des espaces, des réseaux et des systèmes de pouvoir. Il leur faut assurer un leadership et stimuler une culture intégrant le renseignement, pensé à la fois comme un investissement rentable, comme un produit et comme un processus inscrit dans la transversalité et la pluridisciplinarité. S informer, informer et contre-informer constituent les principales armes contre le caméléonisme des menaces et l intensité des dangers. Mais les réponses face aux vagues déferlantes de l hostilité doivent être interorganisationnelles, conçues et mises en œuvre en concertation avec les Risk managers, les directeurs de la 24

26 RIRL 2010 Bordeaux September 30th & October 1st, 2010 sécurité et les directeurs de la prospective stratégique, acteurs également soucieux de performance économique et de sûreté. La mission essentielle est d avoir un temps - en l occurrence une intelligence - d avance. S inscrivant dans cette mouvance cet article a tenté de présenter les percées conceptuelles et les enjeux liés à la sécurisation globale de la supply chain. Il a pour but de faire émerger des objets de recherche, à ce jour relégués à un rang marginal ou ignorés dans le champ théorique de la supply chain et d inciter à des réflexions transdisciplinaires à partir d un métissage des approches logistique, risk management et intelligence économique. Comment articuler dans le détail la problématique générale que nous avons cherché à soulever sachant que la définition de la supply chain ne fait pas consensus, sachant aussi que toute conception s avère singulière et dépendante de multiples acteurs et facteurs? Comment partant de là élaborer des enseignements plus précis au titre de la conceptualisation et de l éclaircissement des idées ou mener des études positivistes riches d enseignements. Des axes sont particulièrement propices à des travaux ultérieurs, par exemple la mise en place d une culture, la structuration des opérations de renseignement, la protection de l immatériel, les relations et stratégies d influence amont, ainsi que la gestion de crise. Comment concrètement inscrire la supply chain dans une vision englobante et intégrer l intelligence aux finalités de développement /survie/sûreté? Comment inculquer que la sécurité de la supply chain implique des responsabilités informationnelles et communicationnelles au sein de l entreprise mais aussi dans les sphères politiques et civiles? Quelles places faut-il accorder à l intelligence, à la contre-intelligence et au facteur humain dans le supply chain risk management? Toutes ces questions nous incitent à suggérer d intégrer Time to global intelligence et Time to global security à la pensée et à l action logistique. BIBLIOGRAPHIE [Think global, act agile]: Le professeur Martin Christopher explique les chaînes logistiques agiles, Supply chain solutions, janvier - février 2009, pp.7-12 Alexander D.C., Alexander Y. (2002), Terrorism and Business; The Impact of September 11, 2001, Ardley, NY: Transnational Publishers Inc. Boucher E. (2008), Les mesures d urgence et la gestion de crises en sécurité privée, pp in : Cusson M. (Dir.) Dupont B. (Dir.), Lemieux F. (Dir), Traité de sécurité intérieure, Lausanne, Presse polytechiques et universitaires romandes. 25

27 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Brodeur J.P. (2008), Le Renseignement I : concepts et distinctions préliminaires, pp in : Cusson M. (Dir.) Dupont B. (Dir.), Lemieux F. (Dir), Traité de sécurité intérieure, Lausanne, Presse polytechiques et universitaires romandes. Brodeur J.P. (2008), Le Renseignement II : L analyse en pratique, deux illustrations, pp in : Cusson M. (Dir.) Dupont B. (Dir.), Lemieux F. (Dir), Traité de sécurité intérieure, Lausanne, Presse polytechiques et universitaires romandes. Brouard F., Sprott E. (2004), Business Intelligence for Canadian Corporations after September 11, Journal of Competitive Intelligence and Management, Vol. 2, N 1, Spring, p Chopra S., Sodhi M.S. (2004), Managing Risk to Avoid Supply Chain Breakdown, Sloan Management Review, Fall, pp Christopher M., Lee H. (2001), Supply Chain Confidence, Working Paper, Cranfield School of Management, UK. Christopher M., Rutherford C. (2004), Creating Supply Chain Resilience through Agile Six Sigma, Critical Eye, June/Aug., pp Closs D.J., McGarrell E.F. (2004), Enhancing Security throughout the Supply Chain, Special Report Series, IBM Center for The Business of Government. Club des Directeurs de Sécurité des Entreprises (CDSE) (2009), Comment les entreprises font-elles face aux nouvelles menaces? Actes du troisième colloque annuel du CDSE, OCDE, Paris, 15 décembre. Delesse C. (2002), Revisiting supply chains ex post and ex ante: Literature review, Supply Chain Management Forum : An Internatinal Journal, Vol. 3, N 1, pp Delesse C., Verna G. (2004), Les apports possibles de l intelligence économique et stratégique à la logistique globale, Logistique & Management, vol. 12, N 2, pp Delesse C. (2008), L inteligence économique et la sécurité globale : des ressources pour les entreprises fragilisées par la mondialisation, Cahiers de la Sécurité, N 4, pp Delesse C. «Intelligence des crises : un réflexe face aux facteurs temps et ignorance?» A paraître. Dobry M. (1986), Sociologie des crises politiques. La dynamique des mobilisations intersectorielles, Paris, Presses de la FNSP. Drew S.A, Kelley P.C., Kendrick T. (2006), CLASS: Five Eléments of Corporate Governance to Manage Strategic Risk, Business Horizons, Vol. 49, N 2, pp

28 RIRL 2010 Bordeaux September 30th & October 1st, 2010 The Economist Intelligence Unit (2009), Managing Supply-Chain Risk for Reward: a Report, London, EIU, 20 p. Elkins D., Handfield R.B., Blackhurst J., Craighead C.W (2005), 18 Ways to Guard against Disruption, Supply Chain Management Review, January/February, pp Fabbe-Coste N., Roussat C. (2000), Les pratiques de veille technologique en logistique : le cas des prestataires de services logistiques, Logistique et Mangement, vol 8, n 2, pp Fabbe-Coste N., Roussat C. (2008), Une démarche d exploration prospective : le processus d intelligence logistique, Revue Management et Avenir, n 17, pp Fabbe-Coste N., Lancini A. (2009), Gestion inter-organisationnelle des connaissances et gestion des chaines logistiques : enjeux, limites et défis, Revue Management et Avenir, n 24, pp Faisal M.N., Banwet D.K., Shankar R. (2006), Supply Chain Risk Mitigation: Modeling the Enablers, Business Process Management Journal, Vol. 12, N 4, pp Faisal M.N., Banwet D.K., Shankar R. (2007), Management of Risk in Supply Chains: SCOR Approach and Analytical Network Process, Supply Chain Forum : An International Journal, Vol. 8, n 2, pp Fleming R. S. (1998), Assessing Organizational Vulnerability to Acts of Terrorism, SAM Advanced Management Journal, Fall, Vol. 63, N 4, pp Forrester J.W. (1958), Industrial Dynamics: a Major Breakthrough for Decision Makers, Harvard Business Review, N 38, pp Franck C. (2007), Framework for Supply Chain Risk Management, Supply Chain Forum: An International Journal, Vol. 8, N 2, pp Fuld L.M (1989), Competitor Intelligence: Can You Plug the Leaks? Security Management, Vol. 33, N 8, pp Guilhou X., Lagadec, P. (2008), Quand les fondamentaux sont touchés : la gestion de crise en mutation, Préventique Sécurité, N 88, juillet-août, pp Harland C., Brenchley R. (2001), Risk in Supply Networks, Proceedings of the European Operations Management Association 8th Anual Conference, Bath, 3-5 June, pp Hauser L.M. (2003), Risk-Adjusted Supply Chain Management, Supply Chain Management Review, Vol. 7, N 6, pp Haywood M. (2002), An Investigation into Supply Chain Vulnerability Management within UK Aerospace Manufacturing Supply Chains, MSc thesis, Cranfield University. 27

29 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Huyghe F-B. (21 mars 2009), Définir l'intelligence économique : Rappel de quelques notions in : Information, pouvoir et usage : l'infostratégie > Intelligence économique : du savoir à l'influence. Johnson E. (2001), Learning from Toys: Lessons in Managing Supply Chain Risk from the Toy Industry, California Management review, Vol. 43, N 3, pp Jüttner U. (2005), Supply Chain Risk Management, International Journal of Logistics Management, Vol.16, N 1, pp Jüttner U., Peck H., Christopher M. (2003), "Supply Chain Risk Management: Outlining an Agenda for Future Research", International Journal of Logistics : Research and Applications, vol 6, n 4, 2003, pp Lacoste Amiral P. (Entretien de l.) pp in (2006) in : Brüte de Rémur D., Ce que l intelligence économique veut dire : regards croisés, Eyrolles, Paris, 253 p. Kleindorfer P., Saad G. (2005), Managing Disruption Riskes in Supply Chains, Production and Operations Management, Vol. 14, pp Laville J.J. (2006), Comment sécuriser sa supply chain? Logistique & Management, Vol. 9, N 2, pp Lee H.L., Wolfe M. (2003), Supply chain security without tears, Supply Chain Management Review, Jan./Feb., pp Levitin H. (1998), Preparing for Terrorism: What Every Manager Needs to Know, Public Management, Vol. 80, n 12, pp Menzer J.T., Dewitt W., Keebler J.S., Min S., Nix N.W, Smith C.D., Zacharia Z. G. (2001), Defining Supply Chain Management, Journal of Business Logistics, Vol. 22, N 2, pp Mitroff I.I (1988), Crisis Management: Cutting through the Confusion, Sloan Management Review, Vol. 29, nn 2, pp Monnet B., Very P. et Hassid O., Enquête EDHEC CDSE : Panorama des crimes commis contre les entreprises, Sécurité & stratégie. Revue des directeurs sécurité d entreprise, N 3, mars, pp Nishat Falsal Mohd, Banwet D.K., Shankar Ravi (2007), Management of Risk in Supply Chains; SCOR Approach ans Analytic Network Process, Supply chain Forum: An International Journal, Vol. 8, n 2, pp Nolan J.A., Quinn J.F. (20000). Intelligence and Security, pp in J. Miller (ed) Millenium Intelligence, Medford, NJ: CyberAge Books. 28

30 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Norrman A., Lindroth R. (2002), Supply Chain Risk management: Purchasers' vs Planners View on Sharing Capacity Investment Risks in the Telecom Industry, Proceedings of the IPSERA 11 th International Conference, Enschede, Holland, Mach, pp Pautrat R.R (Entretien de) pp in : BRÜTE de RÉMUR D. (2006), Ce que l intelligence économique veut dire : regards croisés, Eyrolles, Paris, 253 p. Pearson C.M., Mitroff I.I. (1993), From Crisis Prone to Crisis Prepared: A Framework for Crisis Management, Academy of Management Executive, Vol. 7, N 1, pp Peck H., Jüttner U. (2002), Risk Management in the Supply Chain, Logistics and Transport Focus, Vol. 4, N 11, pp Peck H. (2005), Drivers of Supply Chain Vulnerability: an Integrated Framework, International Journal Physical Distribution Logistics Management, N 35, pp Peck H. (2006), Reconciling supply chain vulnerability, risk and supply chan management, International Journal of Logistics; Research and Applications, Vol. 9, N 2, June, Rice J.B., Jr. & Caniato F. (2003), Building Secure and Resilient Supply Network, Supply Chain Management Review, September October, pp Rinehart L.M., Myers M.B. & Eckert J.A. (2004), Supplier Relationships: the Impact on Security, Supply Chain Management Review, Vol. 8, n 6, pp ; Robert B. (Entretien avec) (2009), Voyage au cœur du facteur humain : du management de crise au management de la surprise, pp in Portal, Crises et facteur humain : les nouvelles frontières mentales des crises, De Boeck, Bruxelles. Roux-Dufort (2000), La Gestion de crise, De Boeck Université. Sheffi Y. (2005), Resilient Enterprise: Overcoming Vunerability for Competitive Advantage, Cambridge, Massachusetts Institute of technology. Sheffi Y (2002), Supply Chain Management under the Threat of International Terrorism, International Journal of Logistics Management, Vol. 12, N 2, pp Simchi-Levi D., Kaminsky P., Simchi-Levi E. (2007), Designing and Managing the Supply Chain, McGraw-Hill Education. Simon L., Pauchant T.C. (2000), Developping the Three Levels of Learning in Crisis ManagementR A Case Study of the Hagerville Tire Fire, Review of Business, Vol. 21, N 3/4, pp Sitkins S., Weingart L. (1995) Determinants of Risky Decision-making Behaviour: a Test of the Mediating Role of Risk Perceptions and Propensity, Academy of Management Journal, N 38, pp

31 RIRL 2010 Bordeaux September 30th & October 1st, 2010 Speckman R.E., Davis E.W. (2004), Risky Business: Expanding the Discussion on Risk and the Extended Enterprise, International Journal of Physical Distribution & Logistics Management, Vol. 34, n 5, pp Svensson G. (2000), A Conceptual Framework for the Analysis of Vulnerability in Supply Chain, International Journal Physical Dristribution Logistics Management, 30, p. 731 Svensson G. (2002), A conceptual Framework of Vulnerability in Firms' Inbound and Outbound Logistics Flows, International Journal of Physical Distribution & Logistics Management, 32, 2, pp Tang C.S. (2006), Robust Strategies for Mitigating Supply Chain Disruptions, International Journal of Logistics, Vol. 9, N 1, pp Williams Z., Lueg J.E., Taylor R.D., Cook R.L. (2009), Why all the changes? An Institutional Theory Approach to Exploring the Drivers of Supply Chain Security (SCS), International Journal of Physical Distribution & Logistics management, Vol. 39, N 7, pp Williams Z., Lueg J.E., LeMay S.A. (2008). Supply Chain Security: an Overview and Research Agenda, International Journal of Logistics management, Vol. 19, n 2, pp Wilson R. (2005), Security Report Card - Not Making the Grade, 16 th Annual State of Logistics Report, White Paper, Council of Supply Chain Management Professionals, Lombard, IL. Wyk Dr J. van, Baerwaldt W. (2005), External Risks and the Global Supply Chain in the Chemicals Industry, Supply Chain Forum: An International Journal, Vol. 6, N 1, pp Zsidisin G., Panelli A., Upton R. (2000), Purchasing Organization Involvement in Risk Assessments, Contingency Plans, and Risk Management: An Exploratory Study, Supply Chain Management, Vol. 5, N 4, pp

32 RIRL 2010 Bordeaux September 30th & October 1st, 2010 AXES : MISE EN PLACE D UNE CULTURE QUI? à l interne QUI? à l externe Situation souhaitée Questions à se poser Risques encourus du fait ignorance Actions à réaliser Sources IL/SG 1. S intégrer en amont (comprendre la politique générale). 2. Identifier talents, savoir-faire, savoirs. 3. Institutionnaliser la communication des informations 4. Associer à la hiérarchisation et à la valorisation de l information. 5. Faire connaître les besoins. 6. Impliquer dans la prise en compte du risque 7. Diffuser l usage de certains outils (matrices, grilles ) 8. Attribuer les moyens financiers et humains 9. Assurer la volonté de sécuriser les SI. 10. Veiller à une adéquation entre ce qui est demandé et les moyens fournis 11. Responsabiliser, favoriser une culture intelligence collective 12. Valoriser, remercier 13. Former sensibiliser Fig.1 C. Delesse, Instaurer une culture d intelligence logistique 31

33 RIRL 2010 Bordeaux September 30th & October 1st, 2010 AXES : RENSEIGNEMENT Situation souhaitée Questions stratégiques opérationnelles, tactiques que l on se pose Identification des besoins d informations Identification des sources Qui à l interne ou à l externe (capteur d information, experts, relais) Renseignements obtenus Risques encourus à ignorer une situation Actions à initier (selon la supply chain, Qu est-ce selon les processus et qui a de la les contextes. Il est valeur pour constitué à partir de la supply recherche chain? documentaire, de Qu est-ce veilles, d observations qui est et d investigation) sensible, Renseignement vulnérable? stratégique, sociétal, Qui, quoi, commercial, avec qui, approvisionnement, contre qui, concurrentiel, quand où, technologique, normatif, comment, transport, géographique pourquoi, et géologique, pour infrastructures, réseaux, combien de géopolitique et temps, dans politique, social, quel délai, écologique et quoi si, environnemental, quels juridique et pièges, etc? réglementaire ; flux et Qui et transports intelligents, qu est-ce informatique, métier, qui peut nuire, retarder, détruire? Synthèse et recommandations générales Fig. 2 : C. Delesse, Plan de renseignement stratégique, image, opérationnel 32

34 RIRL 2010 Bordeaux September 30th & October 1st, 2010 AXES : SECURISATION, PROTECTION DE L'IMMATERIEL Situation souhaitée Questions stratégiques opérationnelles, tactiques que l on se pose Identification des besoins d informations Identification des sources Qui à l interne ou à l externe (capteur d information, experts relais) Renseignements obtenus Risques encourus à ignorer une Situation Actions à initier (disponibilité, Idem mais spécifique. Qui détient des informations, intégrité, comment circulent-elles Où sont-elles stockées? confidentialité) Comment sont-elles gérées, sécurisées? Qui les traitent? etc. ; qui fait quoi? quels sont les risques acteurs et risques d espionnage.? Fig. 3 : C. Delesse, Sécuriser l immatériel. AXES : DYNAMIQUE D INFLUENCE Situation souhaitée Questions stratégiques opérationnelles, tactiques que l on se pose Identification des besoins d informations Identification des sources Qui à l interne ou à l externe ( Renseignements obtenus Risques encourus à ignorer une situation Actions à initier?? Fig. 4 : C. Delesse, Mettre en place des stratégies et établir des relations amont. AXES : MANAGEMENT DE CRISE Situation souhaitée Questions stratégiques opérationnelle s, tactiques que l on se Identification des besoins d information s Identification des sources Qui à l interne ou à l externe (capteur d information Renseignemen ts obtenus Risques encourus à ignorer une situation Actions à initier??? Fig. 5 : C. Delesse, Anticiper le management de crise... 33

35 RIRL 2010 The 8th International Conference on Logistics and SCM Research BEM Bordeaux Management School September 29, 30 and October 1st 2010 Interpretive Structural Modelling of Supply Chain Risks Hans-Christian Pfohl Technische Universität Darmstadt, Germany Philipp Gallus Technische Universität Darmstadt, Germany David Thomas Technische Universität Darmstadt, Germany Abstract Today s supply chains are confronted with all sorts of risks due to the globalisation of procurement, production and distribution. Supply Chain Risk Management for the identification, assessment, control and monitoring of supply chain risks has gained in importance over the past few years. Risk identification is the first and crucial step of risk management. Interpretive structural modelling has been applied to identify interrelationships among supply chain risks and to classify the risks according to their driving and dependence power. The insight from this model would help supply chain (risk) managers in the effective allocation of risk management resources in the subsequent risk management phases. Supply Chain Risk Management, Decision Making, Cause-Effect-Relations, Interpretive Structural Modelling, MICMAC 1

36 1: RESEARCH OBJECTIVE Growing competition demands industry wide the concentration on core competencies and the reduction of the vertical range of manufacture, which lead to a new dimension of cooperation of numerous companies in form of value added chains (supply chains). Today s supply chains are very complex inter-dependable structures, due to the multitude of (partly globally) participating suppliers, service providers and customers. Understanding and managing risk which is shifting around supply chains is an important issue in business and a complex problem. Identification of supply chain risks is the first step in the risk management process. But transparency across the risk potential along the supply chain is not the only prerequisite for a successful (in the sense of effective) risk management. The selection of appropriate (mitigation or prevention) measures builds on the structural assessment and the impact area of the various types of risks (Chopra & Sodhi, 2004). Even though there is a rich stream of (empirical) literature that deals with supply chain risks and their management (Svensson, 2000; Jüttner et al, 2003; Zsidisin et al, 2004; Pfohl, 2008b), and conceptual literature that deals with the new concept of supply chain risk management (Hauser, 2003; Norrman & Lindroth, 2004; Jüttner, 2005; Faisal et al, 2007; Franck, 2007; Pfohl et al, 2008a), there has been little research about the interconnectedness of supply chain risks. The aim of this paper is the structural analysis of potential supply chain risks by applying Interpretive Structural Modelling (ISM). It will be demonstrated how ISM supports risk managers in identifying and understanding interdependencies among supply chain risks on different levels (e. g. 3PL, 1 st tier supplier, focal company etc.). Interdependencies among risks will be derived and structured into a hierarchy in order to derive subsystems of interdependent elements with corresponding driving power and dependency. The point for departure for ISM methodology is the identification of relevant elements, in our case supply chain risks. The remainder of this paper is organised as follows. The paper sets out to discuss definitions and classifications of supply chain risks in section 2. Next, the concept of supply chain risk management is emphasized and the elements to be modelled are identified. Section 3 contains the methodology and provides the results of the ISM, followed by a concluding section 4 of the major findings. Section 5 contains the practical use of the methodology. Finally, limitations of this study and further research questions are provided in section 6. 2

37 2: SUPPLY CHAIN RISK MANAGEMENT AND IDENTIFICATION OF ELEMENTS Generally each business activity is connected with risks. The focus on just-in-time production, lean manufacturing, single-sourcing and offshoring implies a certain vulnerability of supply chains (Peck, 2006). Similarly, outsourcing and offshoring result in geographically more diverse supply chains, which are therefore exposed to all sorts of risks. To minimize potential negative effects or even avoid them, a systematic and comprehensive risk management process is essential. A Supply Chain Risk Management (SCRM) approach for the identification, assessment, treatment/control and monitoring of supply chain risks has gained in importance over the past few years (Hauser, 2003; Norrman & Lindroth, 2004; Jüttner, 2005; Faisal et al, 2007; Franck, 2007; Straube & Pfohl, 2008). The focus of SCRM is broader than normal risk management. The unit of analysis represents a dyadic relationship (buyer-seller) or a supply chain of three or more companies. Due to the high interconnectedness of today s supply chains, supply chain risks can be manifold, may be difficult to identify and could consist of difficult to analyze cause-effect relations. A structured and detailed collection of all risk potentials including their inter-dependencies is of crucial importance for the subsequent phases. Identifying cause-effect correlations between individual risks is important, because hidden influences of a certain risk in connection with other risk(s) may cause substantial damages (Chopra & Sodhi, 2004). The literature offers most different definitions as to what is to be understood by supply chain risks (Ziegenbein, 2007; Li & Hong, 2007; Kajüter, 2007). This paper is based on the following definition: Supply chain risks cover risks that are related to disturbances and interruptions of the flows within the goods-, information- and financial network as well as the social and institutional networks and may negatively effect the objective accomplishment of the individual company respectively the entire supply chain, in regards of end user advantage, costs, time or quality. Not only the definition of supply chain risks turns out to be difficult, but their categorization proves difficult as well. Potential risks in the supply chain are categorized in different ways in the literature (Jüttner et al, 2003; Spekman & Davis, 2004; Götze & Mikus, 2007). Based on the cause-oriented risk categorization, risks can be divided into three areas related to their point of origin (Götze & Mikus, 2007; Jüttner et al, 2003): risks within a focal company, risks outside of this company and within the supply chain as well as risks outside the supply chain (Figure 1). 3

38 Supply Chain Risks Supplier 3 PL Focal Company 3 PL Customer Process risks Supply risks Control rissk Demand risks External risks Figure 1: Supply chain risk categorization Risks originating within a focal company can be differentiated between process and control risks. Process risks describe disruptions within the value increasing activities of a company, like production delay or loss of operating resources. Control risks, due to disturbances of the management systems, imprecise and/or wrong decision guidelines, with which the company co-ordinates its own processes and those of the suppliers and customers. These include e.g. wrongly planned lot sizes or even missing and/or not practicable instructions for the coworkers. Additionally, risks rooting outside of a company but within the supply chain and with an impact on the focal company are differentiated according to their effective direction, namely into supply and demand risks (Jüttner, 2005). Supply risks are based on disturbances, respectively loss of key suppliers, whereas demand risks are mostly related to the customer, and exhibited in fashionable or seasonal demand fluctuation. Risks outside the supply chain are so-called external or environmental risks and are exemplified by natural disasters, terrorist attacks and/or changes in federal guidelines (Kersten et al, 2006). To show the utility of ISM to structure risks and highlight inter-dependencies between them this paper uses the results of a study of German logistics service providers and industrial and commercial companies supply chain risks (Straube & Pfohl 2008, Pfohl et al, 2008b). To remain within the scope of this paper, the relevant part of the survey, which pertains to the ranking of the most important supply chain risks, has been used in this paper. The showcase underlying this research uses a virtual supply chain consisting of a focal industrial company, its 1 st tier supplier and the 1 st tier supplier s 3PL which is responsible for the transportation on the 1 st tier s supply side. Only downstream risks will be considered. Risks in the focal company s sphere According to the risk categories and the virtual supply chain the relevant risks are process and control risks as well as supply risks. Within the company long term production downtimes (1), IT breakdowns (2) and short term production downtimes (3) are critical risks. Long term production downtimes last longer than 3 days whereas short term downtimes are everything between a couple of hours to 3 days. On the supply side the company is facing primarily 4

39 capacity variances/bottlenecks on the supply market (4), depency on suppliers (5) and delayed deliveries (6). Dependencies on suppliers can be caused by single sourcing as well as by a lack of alternative suppliers (e. g. monopolies). Risks in the 1 st tier suppliers sphere Along the lines of the virtual supply chain the 1 st tier supplier is exposed to mainly the same process and control risks as the focal company, namely long term production downtimes (7), IT breakdopwn (8), and short term production downtimes (9) respectively. On the supply side the relevant risks are different which we call logistics risks. As regards the relationship to its 3PL the 1 st tier supplier is facing primarily theft (10), poor delivery quality (11) and a lack of sufficient equipment, staff or transport/warehouse capacity (12). In contrast to delayed deliveries poor delivery quality means deviance in quantity, sort and condition. Risks in the 3PL s sphere Process and control risks within the 3PL s company are hauling claim (13), unqualified staff (14) and IT breakdown (15). Unqualified staff is a potential risk to the 3PL s operations. The supply risks could in this case also be called resource risks and are primarily poor performance of subcontractors (16), lack of transport capacities (17) and a general shortage of staff (18). Poor performance of subcontractors is a relevant risk because 3PL regularly source certain services e. g. from carriers. External risks from outside of the supply chain Besides the above described risks a potential danger arises from external risks such as terrorist attacks (19), natural disasters (20) or employee strikes (21). Theses risks have a direct impact on all stakeholders in the virtual supply chain and can cause severe disruptions. 3: ISM METHODOLOGY AND MODEL DEVELOPMENT ISM is a qualitative and interpretive method which generates solutions for complex problems through discourses based on the structural mapping of complex interconnections of elements (Malone, 1975; Watson, 1978). A structure of the elements results within the context of the ISM depending on a certain relation type which describes the connections of the elements to each other (Warfield, 1994). The method supports the identification and order of the complex relations between the elements of a system so that the influence can be analysed between the elements. ISM has been applied to various problems (Saxena et al, 1990; Mandal & Deshmukh, 1994; Singh et al, 2003; Jharkharia & Shankar, 2005; Thakkar et al, 2005). 5

40 Figure 2 shows the basic logic of the ISM. A complex problem or the dependencies between elements to be examined are interpreted as a (badly or not at all structured) complex system (object system) (Szyperski & Eul-Bischoff, 1983). The modelling converts the object system into a well defined and representative system consisting of directed graphs (digraph). An interpretation of the object system as regards content is also carried out besides the structural one, i.e. the digraphs are completed with context (information). The object system mapped as digraphs becomes the Basic Structural Model. The expansion with content finally leads to an Interpretive Structural Model. Set of Elements Complex problem Basic Structural Model Interpretive Structural Model Context Relations Structure and Content Structure Structure and Content Object System Representative Model Figure 2 : ISM-logic (possible iterations are shown as dashed lines) (Source: Szyperski/Eul-Bischoff, 1983) The ISM is described as interpretive since a group discussion is deciding, whether and how the elements are related. Thus, the methodology is appropriate for use by experts who have enough knowledge of the context of the problem. The method is structuring since it produces (on the basis of the relations) a comprehensive structure of all the complex elements by considering all possible pairwise interactions of the elements. The method is modelling since the complete structure and the individual relations of the elements are illustrated in digraphs (Agarwal et al, 2007). Primarily, in complex systems, indirect relations are of great importance, which at times, greatly influence the system under consideration. 3.1: Steps involved in ISM Methodology The various steps involved in ISM technique are as follows: (1) Selection of elements relevant to the problem Starting point is the identification of elements relevant to the problem. This can be done by secondary research (desk research) or primary research techniques (survey, group problemsolving). 6

41 (2) Establishing contextual relation type Next, the contextual relation must be cogently stated as a possible statement of relationship among the elements. Relations may be of several types like comparative, influence, neutral or temporal relations (Austin & Burns, 1985; Warfield, 1994). (3) Construction of structural self-interaction matrix (SSIM) by pair-wise comparison Phase 3 of ISM is the most tedious and demanding. During this phase the participants must decide upon the pairwise relationship between the elements. Keeping in mind the contextual relationship for each element, the existence of a relation between any two sub-elements (i and j) and the associated direction of the relation is questioned. Four symbols are used to denote the direction of the relationship between the elements i and j: V for the relation from i to j but not in both directions; A for the relation from j to i but not in both directions; X for both direction relations from i to j and j to i; and O if the relation between the elements does not appear to be valid. (4) Developing a reachability matrix from the SSIM and checking for transitivity Phase 4 is concerned with the construction of the reachability matrix M. It is a binary matrix since the entry V, A, X and O of the SSIM are converted into 1 and 0 as per the following rules: 1. If the (i, j) entry in the SSIM is V, then the (i, j) entry in the reachability matrix becomes 1 and the (j, i) entry becomes If the (i, j) entry in the SSIM is A, then the (i, j) entry in the reachability matrix becomes 0 and the (j, i) entry becomes If the (i, j) entry in the SSIM is X, then both the (i, j) and (j, i) entries of the reachability matrix become If the (i, j) entry of the SSIM is O, then both the (i, j) and (j, i) entries of the reachability matrix become 0. Transitivity is a basic assumption in ISM that leads to the final reachability matrix. It states that if element A is related to B and B is related to C, it may be inferred that A is related to C. If element (i;j) of the final reachability matrix is zero, there will not be any direct as well as indirect relationships from element i to element j. The initial reachability matrix may not have this characteristic because when there is no direct but an indirect relationship from element i to j, entry (i;j) is also zero. Indirect relationships can be found by raising the initial reachability matrix (with diagonal entries set to 1) to successive powers until no new entries 7

42 are obtained (Malone, 1975). That is until the steady-state condition is reached such that M n-1 < M n = M n+1. (5) Level partitioning of reachability matrix The fifth phase involves extraction of a hierarchical ordering from the reachability matrix by level partitioning (Warfield, 1977). The purpose of this phase is to facilitate the construction of the digraph from the reachability matrix. The level partition makes use of sets associated with each element s j in s. The reachability set R(s i ) consists of the element itself and other elements which are reachable from s i. Similarly, there may be some elements which can reach the element s i constituting the antecedent set A(s i ). Thereafter, an intersection of the reachability set and antecedent set (R(s i ) A(s i )), i.e. the common elements in both sets, is derived for each element. The element for which R(s i ) = R(s i ) A(s i ) is the top-level element in the ISM hierarchy. The top-level element has no relation to any other elements above their own level. Once top-level elements are identified, they are separated out from the other elements. Then, the same process undergoes iterations till the level of all elements is achieved. These identified levels help in building the digraph and final ISM model. (6) Drawing of digraph with removed transitivity links An initial digraph including transitivity links is obtained from the conical form of the reachability matrix. The conical matrix is achieved from the partitioned reachability matrix by rearranging the elements according to their level, which means all the elements having the same level are pooled, i.e. with most zero (0) elements in the upper diagonal half of the matrix and most unitary (1) elements in the lower half. For the sake of simplicity, transitivity links are removed to obtain the final digraph. If there is a relationship between risk i and j this is shown by an arrow which points from i to j. (7) Conversion of digraph into an ISM and checking of conceptual inconsistency The resultant digraph from step (6) is converted into an ISM by replacing element nodes with statements. Finally, the ISM model is reviewed to check for incompatibilities. 3.2: Formation of the SSIM The relevant elements have already been discussed in section 2. A contextual relation of affects type is chosen, meaning that one risk affects another risk. For example, capacity variances/bottlenecks on the supply market will have a (negative) effect on the focal companies production resulting in short term production downtimes. 8

43 Keeping in mind the contextual relationship for each risk, the existence of a relation between any two sub-risks (i and j) and the associated direction of the relation is questioned. The interrelationships are analysed based on group discussions between the authors and fellow researchers. Table 1 describes the pairwise relationship existing between two sub-elements Long term production downtimes A A A O O O O O O O O O O O O O A O O A 2 IT breakdown O A A O O O O O O O O O O X O V O O V 3 Short term production downtimes A A A O O O O O O O O O O O O O A A 4 Capacity variances/bottlenecks on the supply market A A A O O O O O O A O O A A A A O 5 Dependency on supplier (i.e. oligopoly) O A O O O O O O O O O O O O O O 6 Delay in delivery A A A O O O O O O A A A A A A 7 Long term production downtimes A A A O O O O O O O O O O A 8 IT breakdown O A A O O O X O O O O O V 9 Short term production downtimes A A A O O O O A A A A A 10 Theft A A O O O O A O O A V 11 Poor delivery quality O O O A A A A A O A 12 Lack of sufficient equipment, staff, transport/warehouse capacity A A A A A A A O O 13 Hauling claim O A O O O A A A 14 Poor quality of staff O O O O O O V 15 IT breakdown O A A O O O 16 Poor performance of subcontractors A A O A A 17 Lack of sufficient transport capacities A A A A 18 General staff shortage X O O 19 Terrorist attacks O O 20 Natural desasters O 21 Employee strikes Table 1 : Structural self-interaction matrix 3.3: Reachability matrix and level partitioning The SSIM is transformed into a reachability matrix as described in step (4) of the ISM methodology. After incorporating the transitivities the final reachability matrix is achieved which is presented in Table 2 (1* denotes transitivity). Elements Driving Power * 0 1 1* 1 1* 1* 1* 1* 1* 0 1* * * * 1 1* * 1* 1* 1* * * 1* * 1* * * 1* 0 1* * 1* 1* 1* 0 1* 1* 1* 1 1* 1 1* * 1* 1* 1* 0 1* 1* 1 1* * 1* 0 1* 1 0 1* 1* * 1* 0 1* 0 0 1* 1* 1 1 1* * 0 1* 1* 0 1* 1* 0 1* 1* 1 1 1* * 1* 1 1* 0 1 1* * * 1 1* Dependence Table 2 : Final reachability matrix with driving and dependence power 9

44 The final reachability matrix depicts the driving and dependence power of each risk. Driving power of each risk is the total number of risks (including itself) which it affects, i.e. the sum of interactions in the rows. Conversely, dependence power of each risk is the total number of risks (including itself) by which it is affected, i.e. the sum of interactions in the columns. Depending on their driving and dependence power, the risks will later be classified into autonomous, dependent, linkage, and independent risks. The final reachability matrix leads to the reachability and antecedent set for each risk. The reachability set R(s i ) of the element s i is the set of elements defined in the columns that contain 1 in row s i. Similarly, the antecedent set A(s i ) of the element s i is the set of elements defined in the rows which contain 1 in the column s i. In the present case the risks along with their reachability, antecedent and intersection set as well as resulting levels are shown in Table 3. The process (as described in step (4) of ISM methodology) is completed in ten iterations. Elements Reachability Set R(si) Antecendent Set A(si) Intersection Level 1 1 1, 2, 5, 8, 14, 15, 18, 19, 20, 21 1 I 2 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, VIII 3 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 15 2, 8, 14, 15, 19, 20 2, 8, 15 I 4 3 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 3 II 5 3, 4 2, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 4 II 6 1, 3, 5 5, 20 5 III 7 3, 4, 6 2, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 6 IV 8 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 15 2, 8, 14, 15, 19, 20 2, 8, 15 VIII 9 3, 4, 6, 7 2, 7, 8, 14, 15, 18, 19, 20, 21 7 IV 10 3, 4, 6, 9, 10, 11, 12 2, 8, 12, 14, 15, 16, 17, 18, 19, 20, VI 11 3, 4, 6, 9, 10, 11 2, 8, 10, 12, 14, 15, 16, 17, 18, 19, 20, V 12 3, 4, 6, 9, 13 2, 8, 13, 14, 15, 16, 17, 18, 19, 20, VII 13 3, 4, 6, 9, 11 2, 8, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, V 14 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 15 2, 8, 14, 15, 19, 20 2, 8, 15 IX 15 3, 4, 6, 9, 10, 11, 12, 13, 16 16, 17, 18, 19, 20, VIII 16 3, 4, 6, 9, 10, 11, 12, 13, 16, 17 17, 18, 19, 20, VIII 17 3, 4, 6, 9 2, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 9 IX 18 1, 3, 4, 6, 7, 9, 10, 11, 12, 13, 16, 17, 18, 21 18, 21 18, 21 X 19 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, X 20 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, X 21 1, 3, 4, 6, 7, 9, 10, 11, 12, 13, 16, 17, 18, 21 18, 21 18, 21 X Table 3 : Levels of supply chain risks 3.4: Development of digraph and formation of ISM Based on the reachability matrix, a conical matrix (lower triangular format) is developed by arranging the elements according to their levels (Table 4). 10

45 Elements Table 4 : Conical form of reachability matrix Based on the conical reachability matrix, the initial digraph including transitive links is obtained. After removing indirect links, the final digraph is obtained. Next the elements descriptions are written in the digraph to call it the ISM (Figure 3). The developed ISM has no cycles or feedbacks. Elements are related in pure hierarchical pattern. Long term production downtimes (focal company) Short term production downtimes (focal company) Capacity variances/bottlenecks on the supply market Dependency on supplier (i.e. oligopoly) Delay in delivery Long term production downtimes (1 st -tier supplier) Short term production downtimes (1 st -tier supplier) Poor delivery quality (1 st - tier supplier) Hauling claim (3 PL) Theft (1 st -tier supplier) Lack of sufficient equipment, staff, transport/warehouse capacity (1 st -tier supplier) IT breakdown (focal company) IT breakdown (1 st -tier supplier) IT breakdown (3 PL) Poor performance of subcontractors (3 PL) Poor quality of staff (3 PL) Lack of sufficient transport capacities (3 PL) Employee strikes (external) Terrorist attacks (external) Natural desasters (external) General staff shortage (3 PL) Figure 3 : ISM-based model 11

46 3.5: MICMAC analysis Identification and classification of the various supply chain risks are essential to develop the ISM under study. Comparing the hierarchy of risks in the various classifications (direct, indirect, potential) leads to rich source of information. MICMAC is an indirect classification method to critically analyze the scope of each element. The objective of the MICMAC analysis is to analyze the driving power and dependence of supply chain risks (Mandal & Deshmukh, 1994; Saxena et al, 1990). In Table 2, the sum along the rows and the columns indicates the driving power and dependence respectively. All elements are grouped into four groups of risks (autonomous, dependent, linkage, and independent). Group I includes autonomous elements that have weak driver power and weak dependence. Group II consists of dependent elements that have weak driver power and strong dependence. The third group includes linkage elements that have both strong driving and dependence power. In group four all independent elements are clustered that have strong driving power, but poor dependence power. The driving and dependence power of the analysed risks and their group belonging is shown in Figure 4. Driving power Group IV Group III Group I Group II Dependence power Figure 4: Driving power and dependence diagram 3.6: FUZZY MICMAC analysis The analysis can be further improved by considering the strength of relationships instead of the mere consideration of relationships so far. By strength of relationship we mean the strength of risk i s impact (given its occurrence) on risk j s probability of occurrence. This strength of impact can be defined by qualitative consideration on a 0-1 scale as given below: 12

47 Strength of impact Numerical Value No Weak Medium Strong Very Strong 0 0,25 0,5 0,75 1 Table 5 : Fuzzy scales of impact These values are superimposed on the initial reachability matrix from step (4) in ISM methodology. The resulting fuzzy direct relationship matrix is shown in Table 6. According to Zimmermann (1991), there are three types of fuzzy compositions in order to determine the strength of the fuzzy indirect relation from element i to j: max-min, maxproduct, and max-average. In the context of this research, the max-min composition is the most suitable, since the fuzzy relations represent the strength of relations. That means, that the minimal strength has to be the maximum of all possible minimal impacts from i to j. If the fuzzy relations represent the probability of relations, the max-product approach seems to be the most suitable. In order to obtain indirect relationships the fuzzy direct relationship matrix is modified based on the computational steps given in Yenradee & Dangton (2000). The resulting direct and indirect fuzzy relationship matrix with driving power and dependence is given in Table 7. Elements , ,5 0 0, , ,5 0 0, , , ,25 0 0, , , ,25 0 0, , ,5 1 0, , ,5 0 0, ,75 0, , ,25 0 0,5 0 0,75 1 0, ,25 0 0,25 0,5 0,25 0, ,25 0,25 0, , , , ,75 0,25 0,75 0,5 0 0,5 0,75 0,25 0, , ,25 0 0, ,75 0,75 1 0,75 0,5 1 0,75 0,75 1 0,25 0 0,5 0,25 0 0,75 0,25 0, , ,25 0 0,5 0, ,25 0 0, , Table 6 : Initial fuzzy direct relationship matrix. 13

48 Elements Driving power , ,5 0 0,5 0,25 0,25 0,25 0,25 0,25 0,25 0,25 0 0, , , ,75 5 0,5 0 0, , ,5 0, ,5 0, ,25 0,25 0,5 0, , ,25 0,5 0,25 0,25 0 0, ,5 0,5 0 0, , ,5 0,5 0 0, ,5 1 0, , ,5 0, , , ,5 0, ,75 0, ,5 0,5 0 0, , ,5 14 0,25 0,25 0,5 0,5 0 0,75 0,25 0,25 0,75 0,25 0,5 0,25 0,75 1 0, , ,25 0,25 0,5 0,5 0 0,5 0,25 0,25 0,5 0,25 0,5 0,25 0, , ,5 0,5 0 0, ,5 0,25 0,25 0,25 0, , ,5 0, ,75 0, , , ,25 0 0,5 0, ,25 0 0,75 0, , ,25 9, ,75 0,25 0,75 0,5 0 0,75 0,75 0,25 0,75 0,25 0,25 0,25 0,25 0 0,25 0,25 0, ,5 20 0,75 0,75 1 0,75 0,5 1 0,75 0,75 1 0,25 0,5 0,5 0,25 0 0,75 0,25 0, , , , , , ,75 Dependence 5,5 2,75 12,75 9,75 1, , , ,25 4 3, ,25 Table 7 : Final fuzzy relationship matrix 4: DISCUSSION AND CONCLUSION Figure 4 clearly shows that the highest driving power lies with terrorist attacks (20), natural disasters (19) and employee strike (21), which all fall in the category of external risks. The occurrence of external risk cannot be influenced by risk management, which makes it even more important to asses the relationship of those risks to other supply chain risks. Short term production downtimes at own facilities (3), capacity variances/bottlenecks on the supply market (4) and delay in delivery (6) were classified as highly dependent risks followed by short term production downtimes of supplier (9). The operating levels of the focal company depend on these risks substantially. They have minor driving power and are at the top of the ISM hierarchy. Besides, assigning high priority to these risks, the management should understand the dependence of these risks on lower level risks, in achieving the supply chain risk management goals and objectives. But that means, putting high priority to the linkage risks (group III), too. The MICMAC analysis indicates that these are IT-related risks (2), (8) and (15) respectively, poor performance of subcontractors (16) and lack of transport capacities (17) which both originate from 3 PL provider and finally theft (10), poor delivery quality (11), lack of sufficient equipment, staff or transport/warehouse capacity (12) and hauling claim (13) which are in the 1 st tier supplier s sphere. These linkage risks have relatively strong driving power as well as strong dependence. Therefore, these form the middle level of the model. Though the lower level risks induce or affect these risks, theses also have significant driver power to influence some other risks, which are at the top of the model. 14

49 Another insight from driver power and dependence figure is that dependency on suppliers (5) is the only autonomous risk. Autonomous risks are weak drivers and weak dependents and do not have much influence on the system. Further insights can be gained from the ISM model shown in Figure 3. First of all the graph depicts the risks and their dependencies. In this configuration the ISM model, in contrast to the digraph built from the initial reachability matrix, is clearly arranged but still contains all dependencies. The initial reachability matrix indicates only the direct relationships between any two elements. By building the ISM model plenty of these edges can be removed while the information is still represented by a set of indirect dependencies. Thereby the complexity of the visualization is reduced. So this mapping of inter-relationships is a useful method for supply chain risk managers to evaluate supply chain risks and learn about the impact chains of these risks. It can also be used to communicate and explain these dependencies within the company and within the supply chain, to enable an effective management which deals with the most important risks, not only from a company perspective, but primarily from an overall supply chain perspective. Besides the potential as a structured and simple communication tool among supply chain risk managers, the ISM model also supports the chosen risk categorization shown in Figure 1. With an exception of the IT risks (2), (8) and (15) the resulting structure illustrates the same hierarchy of categories. On level I are only the focal company s process and control risks, followed by its supply risks (4) to (6). On level IV are the 1 st tier supplier s process and control risks (7) and (9), followed by its supply risks (10) to (12). Finally, on level V and below are the 3PL s risks (13) and (14), followed by its resource risks (16) to (18). The external risks, which have a direct impact on all players, are at the bottom of this digraph. Risks (2), (8) and (15), i.e. IT breakdown on all levels (focal company, 1 st tier supplier, 3 PL), are exceptions because these risks have an influence both on risks on higher levels (upwards the supply chain) as well as on lower levels within the hierarchy. Risk management should carefully assess the causes behind those risks which could be either technical or relationship related. The former involves interruptions in data communication. The latter deals with risks of not getting relevant information about the development within the partner s company (e.g. forecast of volume changes, availability of transport capacities). 15

50 Figure 5 : Digraph based on reachability matrix with relation strength 1 Although these results provide a lot of information about the dependencies between supply chain risks the ISM model cannot be used to identify a direct (critical) link between two risks, that, when eliminated, would have no longer any effect. The resulting ISM model shows overall impact chains but removes links, if the information is still contained, to keep track of the dependencies at the expense of detailed information about all direct links. Furthermore the ISM model shows only that there is a connection between two risks without any information if the impact of this connection is significant or negligible. To get more detailed information about the strength of the relation between risks, fuzzy ISM has been applied and subsequently, driver power and dependencies were derived. The main advantage of the fuzzy digraph is its clustering of the edges. The scale used is shown in Table 5. In Figure 5 the fuzzy digraph contains all edges, the direct and indirect dependencies, which have a very strong impact of 1. The less significant edges are hidden to reduce the complexity. In this diagram a supply chain risk manager can point out directly, which risks have significant impact on other risks and yet he can identify which linkage risks should be managed first to reduce a potential series of impacts on other, mostly downstream, risks. After having dealt with the most significant dependencies in a next step the edges with a relation strength of 1 will be hidden and those with a strength of 0.75 will be shown. This approach ensures a structured treatment of the risks depending on the strength of impact on other risks while keeping the complexity in the diagram on a manageable level. This research contributes to the 16

51 field of managerial decision making literature as it emphasizes the usefulness of integrating ISM in the identification phase of supply chain risk management. 5: PRACTICAL USE OF ISM IN SUPPLY CHAIN RISK MANAGEMENT In this paper, an attempt has been made to apply ISM to uncover interdependencies of supply chain risks. The ISM creates conditions for rational decision making in that complex issues are structured. The pair-wise analysis of risks in a group of experts from different functional areas encourages contributions from those who understand the issues being discussed, but may not understand all issues related to the overall risk management process. Thus, the present model will help to increase awareness of decision makers and can help them to better understand the mutual influence among different supply chain risks and the consequences this implies for decisions about risk mitigation strategies. Substantial discussion of the identified risks among the experts lead to significant learning about the inter-relationship and total risk exposure of the company or supply chain under study. The ISM steps could be implemented in software. Input to this software would be the list of identified risks. The decision about the pairwise relationship between the risks (step 2) can be done by using a voting screen (interface) that displays every relationship between risks upon the users have to vote. Use of such software will help to keep track of all the relationships and to ensure that all necessary comparisons are made, which form the basis for the SSIM. The following steps will be calculated and the final graph will be drawn automatically. Furthermore, it reduces the chance of human errors and shortens the overall process considerably. We propose to use such an ISM-software as a complementary tool with other risk management (identification) tools. Moreover, the software could be uses in a collaborative environment with suppliers and customers to share risk information across company boundaries. 6: LIMITATIONS AND FUTURE ORIENTATION The application of ISM showed its practicability as an analysis and decision-support tool in order to facilitate thorough understanding of a complex problem. The complex problem studied was the interrelationship of supply chain risks. The process of building an ISM develops subject-matter knowledge through discussion and analysis. In the present work only 21 risks have been used for modelling. More risks can be identified to develop ISM. The ISM results are the reflection of a group of researchers, thus selection bias of the group members 17

52 as well as individual bias has to be considered. It would be worthwhile to enlarge the group by inviting practitioners (supply chain managers). In addition to the identification of critical risks with high driver and dependence power (linkage risks) and chains of dependent events in terms of the consequences it is important to consider the probability. Using this approach the first risk to manage would be the one with the highest probable impact onto the supply chain. Future research should integrate the probability in the model and combine it with the results derived from fuzzy MICMAC in order to provide decision makers with a more precise basis for the effective allocation of risk management resources. Moreover the model has not been statistically validated. Testing of the validity of this model can be another area of future research. Structural Equation Modelling (SEM) has the capability of testing the validity of an already developed theoretical model. LITERATURE Agarwal, A., Shankar, R., Tiwari, M.K. (2007), Modeling agility of supply chain, Industrial Marketing Management, Vol. 36, N 4, 2007, pp Austin L. M., Burns J. R. (1985), Management Science. An aid for managerial decision making, Macmillan Publishing Company, New York. Chopra, S., Shodi, M. S. (2004), Managing risk to avoid supply-chain breakdown, MIT Sloan Management Review, Vol. 46, N 1, 2004, pp Christopher, M., Lee, H. (2004), Mitigating supply chain risk through improved confidence, International Journal of Physical Distribution & Logistics Management, Vol. 34, N 5, 2004, pp Faisal, M. N., Banwet, D. K., Shankar, R. (2007), Management of Risk in Supply Chains, SCOR Approach and Analytic Network Process, Supply Chain Forum: an International Journal, Vol. 8, N 2, 2007, pp Franck, C. (2007), Framework for Supply Chain Risk Management, Supply Chain Forum: an International Journal, Vol. 8, N 2, 2007, pp Götze, U., Mikus, B. (2007), Der Prozess des Risikomanagement in Supply Chains, in Vahrenkamp, R., Siepermann, C. (Eds.) Risikomanagement in Supply Chains Gefahren abwehren, Chancen nutzen, Erfolg generieren, Erich Schmidt Verlag, Berlin, pp Hauser, L. M. (2003), Risk-adjusted Supply Chain Management, Supply Chain Management Review, Vol. 7, N 6, 2003, pp

53 Jharkharia, S., Shankar, R. (2005), IT-enablement of supply chains: understanding the barriers, The Journal of Enterprise Information Management, Vol. 18, N 1, 2005, pp Jüttner, U. (2005), Supply Chain Risk Management. Understanding the Business Requirements from a Practitioner Perspective, The International Journal of Logistics Management, Vol. 16, N 1, 2005, pp Jüttner, U., Peck, H., Christopher, M. (2003), Supply Chain Risk Management: Outlining an Agenda for Future Research, International Journal of Logistics: Research and Applications, Vol. 6, N 4, 2003, pp Kajüter, P. (2007), Risikomanagement in der Supply Chain: Ökonomische, regulatorische und koneptionelle Grundlagen, in Vahrenkamp, R. & Siepermann, C. (Eds.), Risikomanagement in Supply Chains Gefahren abwehren, Chancen nutzen, Erfolg generieren, Erich Schmidt Verlag, Berlin, pp Kersten, W., Böger, M., Hohrath, P., Späth, H. (2006), Supply Chain Risk Management: Development of a Theoretical and Empirical Framework, in Kersten, W., Blecker, T. (Eds.), Managing Risks in Supply Chains, How to Build Reliable Collaboration in Logistics, Erich Schmidt Verlag, Berlin, pp Li, J., Hong, S. (2007), Towards a New Model of Supply Chain Risk Management, The Cross-Functional Process Mapping Approach, International Journal of Electronic Customer Relationship Management, Vol. 1, N 1, 2007, pp Malone, D. W. (1975), An introduction to the application of interpretive structural modelling, Proceedings of the IEEE, Vol. 63, N 3, 1975, pp Mandal, A., Deshmukh, S.G. (1994), Vendor Selection Using Interpretive Structural Modelling (ISM), International Journal of Operations & Production Management, Vol. 14, N 6, 1994, pp Norrman, A., Lindroth, R. (2004), Categorization of Supply Chain Risk and Risk Management, in Brindley, C. (Ed.) Supply Chain Risk, Ashgate, Hampshire, pp Peck, H. (2006), Reconciling Supply Chain Vulnerability, Risk and Supply Chain Management, International Journal of Logistics: Research and Applications, Vol. 9, N 2, 2006, pp Pfohl, H.-Chr., Gallus, P., Köhler, H. (2008a), Konzeption des Supply Chain Risikomanagements, in Pfohl, H.-Chr. (Ed.), Sicherheit und Risikomanagement in der Supply Chain. Gestaltungsansätze und praktische Umsetzung, Deutscher Verkehrs-Verlag, Hamburg, pp

54 Pfohl, H.-Chr., Gallus, P., Köhler, H. (2008b), Risikomanagement in der Supply Chain - Status Quo und Herausforderungen aus Industrie-, Handels- und Dienstleisterperspektive, in Pfohl, H.-Chr. (Ed.), Sicherheit und Risikomanagement in der Supply Chain. Gestaltungsansätze und praktische Umsetzung, Deutscher Verkehrs-Verlag, Hamburg, pp Saxena, J.P., Sushil, Vrat, P. (1990), Impact of Indirect Relationships in Classification of Variables a MICMAC Analysis for Energy Conservation, Systems Research, Vol. 7, N 4, 1990, pp Singh, M. D., Shankar, R., Narain, R., Agarwal, A. (2003), An interpretive structural modeling of knowledge management in engineering industries, Journal of Advances in Management Research, Vol. 1, N 1, 2003, pp Spekman, R. E., Davis, E. W. (2004), Risky Business. Expanding the Discussion on Risk and the Extended Enterprise, International Journal of Physical Distribution & Logistics Management, Vol. 34, N 5, 2004, pp Straube, F., Pfohl, H.-Chr. (2008), Trends und Strategien in der Logistik Globale Netzwerke im Wandel Umwelt, Sicherheit, Internationalisierung, Methoden, Deutscher Verkehrs- Verlag, Hamburg Svensson, G. (2000), A Conceptual Framework for the Analysis of Vulnerability in Supply Chains, International Journal of Physical Distribution & Logistics Management, Vol. 30, N 9, 2000, pp Szyperski, N., Eul-Bischoff, M. (1983), Interpretative Strukturmodellierung (ISM): Stand der Forschung und Entwicklungsmöglichkeiten, Braunschweig Thakkar, J., Deshmukh, S. G., Gupta, A. D., Shankar, R. (2005), Selection of Third-Party- Logistics (3PL): A hybrid approach using interpretive strucutral modeling (ISM) and analytic network process (ANP), Supply Chain Forum: An International Journal, Vol.6, N 1, 2005, pp Warfield. J. N. (1977), Societal Systems: Planning, Policy, and Complexity, John Wiles & Sons, New York. Warfield, J. N. (1994), A science of generic design. Managing complexity through systems design, Ames (2 nd édition). Watson, R. H. (1978), Interpretive Structural Modeling A useful tool for technology assessment?, Technological Forecasting and Social Change, Vol.11, N 2, 1978, pp

55 Yenradee, P., Dangton, R. (2000), Implementation sequence of engineering and management techniques for enhancing the effectiveness of production and inventory control systems, International Journal of Production Research, Vol. 38, N 12, 2000, pp Ziegenbein, A. (2007), Supply Chain Risiken: Identifikation, Bewertung und Steuerung, Vdf Hochschulverlag, Zürich. Zimmermann, H. J. (1991): Fuzzy Set Theory and Its Applications, Kluwer Academic, Massachusetts (2 nd edition). Zsidisin, G., Ellram, L. M., Carter, J. R., Cavinato, J. L. (2004), An analysis of supply risk assessment techniques, International Journal of Physical Distribution & Logistics Management, Vol. 34, N 5, 2004, pp

56 RIRL 2010 The 8th International Conference on Logistics and SCM Research BEM Bordeaux Management School September 29, 30 and October 1st 2010 Brazilian Supply Chain Risk Analysis Marina Guimarães Mattos UFMG, Brazil David José Ahouagi Vaz de Magalhães UFMG, Brazil Abstract This study aims to identify the risks that occur more frequently in Supply Chains in Brazil and their severity in supply networks. It is part of the Global Risk Initiative, a project conducted by MIT (Massachusetts Institute of Technology) simultaneously in many different regions of the world. It focuses on the real need of supply chain managers to be alert to the increasingly competitive global environment. However, the study does not intend to address the matter of decision-making. The data were acquired through a global online survey of experiences and attitudes regarding Supply Chain Risks and Risk Management. Key words: Supply Chain, Risk Analysis, Resilience, Brazil, Logistics 1

57 1. INTRODUCTION RIRL Bordeaux September 30th & October 1st, 2010 In a globalized economy the goal of multinational corporations is to find a more efficient flow of goods and services for corporate or individual consumers. The search for new sources and the acquisition of increasingly competitive advantages have been a constant challenge in today's highly competitive world in its marketing, finance, operations, logistics and sourcing. For supply chains, competitive advantage can be obtained through the development of logistics practices and procedures that can optimize order processing, shipping and inventory control. Globalized operations have resulted in an increase of the average distance of transport. A greater reliance on partners in the supply chain seeks to reduce the inventory levels and the conflicts of regional differences. Great distances, high inventory levels and conflicts of regional differences are all factors that together tend to increase the vulnerability of the logistics chain. For that reason, these partnerships are essential. To compensate the increased risk, which is fruit of the turbulence of recent periods, companies need to develop programs to mitigate and eliminate them. The great challenge of logistics management is to structure a good responsiveness and flexibility to respond to changes in business strategy and impacts generated by external events, while it earns through lean production. 2. LITERATURE REVIEW According to Knemeyer (2008), every supply chain stage is vulnerable to risks and adversities, whether generated by internal failures or changes in the business environment. Thus, the strategic supply chain planning should be concerned with examining each of the threats that the process is subject to and looking for protective and mitigation procedures. The first step on implementing this strategy is to understand the whole supply chain, so that a good knowledge of each step of the process makes it possible to simplify some of its stages and improve it. When the supply chain is improved a higher reliability with less process variability is achieved. 2

58 Variability and complexity add risk to the process because they indicate unstable and unreliable procedures, says Tang (2006). Such aspects may be the result of a wide range of products offered, as well as an extensive list of components and mounting options and different suppliers and markets. The possible configurations of the supply chain come with the connection ties established between plant suppliers, distributors, factories, warehouses and other entities that form the network. Since there are potentially thousands of possible configurations for supply chains, the challenge for managing supply chain risks is to identify the settings that provide critical paths and bottlenecks for business. These critical paths can be identified as links that point to the following conditioning agents of the system: High lead times, Exclusive sources of supplies that do not allow short-term alternatives, Dependence on infrastructure or transportation specific mode High concentration of markets, Restrictions on the supply of raw material, affecting production volume or time. Uncertainties during planning. 2.1 Risk Analysis and Resilience The approach taken by the Risk Analysis, according to Hubbard (2009), applies the systematic use of available information to determine how often specified events may occur and the magnitude of their consequences. Risks can be defined as the extent of a harm to people, damage to the environment or economic loss, both in terms of the possibility of the incident and the magnitude of loss or harm. Common risk examples in a supply chain are observed in demand changes, damages during transportation, operational risks and catastrophic events that could affect units of the logistics network: floods, earthquakes, fires, etc. Chopra and Sodhi (2004) identify risk factors of supply chain in events such as delays, interruptions of supply, provisioning, inventory and limited physical capacity among others. For each risk factor it is possible to identify an agent and from both, draw a decision tree to identify the main causes of threats to supply chains. 3

59 The impact of an unplanned or unexpected event can cause serious damage throughout the entire network which links suppliers, factories, warehouses, transporters, retailers and customers. The risk analysis can be performed quantitatively or qualitatively through the use of subjective data to assess a situation by intuitive statements regarding it, "This seems very risky" or "This investment will probably have a good turnover." Quantitative risk analysis seeks to associate numerical values to risks applying statistical analysis and quantifying qualitative statements through numerical scale application. To evaluate the losses and damages caused by a disruption, a widely used approach is the simulation of the supply chain. The simulation is the use of certain mathematical techniques employed in digital computers, which allows reproducing virtually any process of the real system. In a simulation a model is constructed using a logical-mathematical tool that represents the dynamics of the system under study. This model incorporates values for time, distance, resources, costs, among other details allowing behavioural differences, sometimes subtle, to be perceived. The traditional approaches employing preliminary statistic studies with many simplifications showed that many projects, once implemented, end up suffering numerous modifications and adjustments. The main issue regarding the use of this tool is that it allows making a system analysis without interfering in it. All changes and consequences, in spite of their depth, will occur only in the computer model and not in the real system. Thus, the simulation allows studies in systems that do not exist, leading to the development of efficient designs before any physical change has occurred. The association between methods of risk analysis and simulation techniques allows more accurate assessments of the processes to validate the results through a probabilistic graphic that enables the visualization of the consequences, allows sensitivity analysis and scenario generation with different combinations of values and inputs correlation. Since no chain is fully protected against risk, it is essential to ensure maximum resilience inside it. Resilience is the ability of a system to get back to its original state after suffering a disturbance that forced it to operate different from its normal conditions. The higher the resilience gets the faster its process responds after disturbances, which reflects how flexible 4

60 and agile the chain is. To ensure resilience to the chain it is important to provide access to information at all stages and allow flexibility especially at critical points that can become bottlenecks limiting the flow. The critical paths in the network must be continuously monitored and if necessary, safeguard measures should be established. The first step is identifying the location of all entities that are part of the chain and pointing out the potential inherent threats in each site. Afterwards with the available information at hand, the second step is to quantify the likelihood of each threat, as well as the potential consequences of each event Risk Profile The growing internationalization of production and the shortening of product life cycle, evidenced by market globalization, increased the complexity of logistics operations. While products are sold worldwide, companies seek to centralize their operations by extending distribution networks to meet the market demands. The increase in mergers and acquisitions in the last decade also contributed to the globalization of production chains. Although there are chances of catastrophic events striking any entity within a supply chain at any time, the limited financial resources lead managers to select only certain types of events to focus their efforts on. Among the ongoing efforts in pursuit of business efficiency, there is an emphasis on the improvement of the supply chain management activities. Traditionally, the supply chain is composed of five segments: suppliers, manufacturers, distributors, retailers and consumers, which together build a network that aims to produce and deliver products or services for consumers. The supply chain management deals with material, information and financial flows through these organizations. Improvements of this activity happen with the main objective to raise standards of customer service within the smallest possible costs. Tang (2003) defines Supply Chain Risk Management - SCRM- as the activity that manages threats through coordination or collaboration among the supply chain partners to ensure profitability. The configuration of the risk profile seeks to identify the supply chain weaknesses and its potential impacts. To help to identify the risk profile of a business, it is useful to audit the main sources of risks in the network. 5

61 The old strategy of manufacturing and sale sites was replaced by the frontier expansion including regional suppliers and assemblers worldwide. The production of raw materials, the manufacturing of finished products and the sale of these goods may be located in different sites increasingly distant from each other. This internationalization is usually motivated by the reduction of acquisition costs as well as economies of scale are achieved through larger volumes produced in concentrated locations. Instead of producing the full range of products in each site, companies are choosing to focus their factories on manufacturing a smaller range of items exclusively in one place. This production strategy leads to lower production costs, at the expense of longer travel distances for the goods commercialized. Negative impacts are noticed as a result of longer lead times. Of these one could point out, higher safety inventory, higher levels of obsolescence and loss of flexibility in the mills. Another impact generated by the development of buying and selling relations is the replacement of the traditional relationship model by long term strategic alliances. In this scenario, it is important to establish a permanent relationship between client and provider, involving not just any shopping or planning, but the actual product development. Partnerships are true alliances with which the companies involved are able to reduce costs by cutting off duplicate operations, saving on transportation expenses, material handling, packaging and production. The establishment of partnerships reduces the number of suppliers with whom the company negotiates materials, equipment and services. Although it has many benefits it increases supply chain vulnerability while it limits some products to a single partner. In this case faults can lead to fatal disruptions in the process. 3. BRAZILIAN SUPPLY CHAIN SCENARIO With a population of 190 million and abundant natural resources, Brazil is one of the ten largest markets in the world, producing tons of steel, iron ore, coal, cement, airplanes, steel, machinery, armaments, textiles and apparel, petroleum, chemicals, fertilizers, consumer products, electronics, food processing, transportation equipment (including automobiles, rail cars and locomotives, ships, and aircraft) electronics, telecommunications equipment, 6

62 commercial space launch vehicles, satellites, and so on. In addition, about 70 million cubic meters of petroleum are processed annually into fuels, lubricants, propane gas, and a wide range of petrochemicals. Furthermore, Brazil has at least 161,500 kilometers of paved roads and more than 63 million megawatts of installed electric power capacity. Brazil s industrial sector accounts for three fifths of Latin America s industrial production. The country s scientific and technological development is argued to be attractive to foreign direct investment showing a remarkable growth. The agricultural sector, locally called agrobusiness, has also been remarkably dynamic. The agricultural sector and the mining sector also supported trade surpluses, which allowed for massive currency gains and foreign debt pay offs. The economy has a mix of farming and industry, which are increasingly dominated by the service sector. Recent administrations have expanded competition in seaports, railroads, and airports and in telecommunications with the aim of promoting the improvement of infrastructure framework. The country accounts for three fifths of industrial production in South America and integrates various economic blocs such as Mercosul, G-22 and Cairns Group. It s scientific and technological development, coupled with a diversified and dynamic manufacturing are attractive to foreign enterprise. Direct investments have been averaging about twenty billion dollars a year, against two billion per year over the past decade. The Brazilian supply chain system handles a strong movement modernizing the companies, which increasingly demand efficient, reliable and sophisticated logistics operations in order to remain competitive in a globalized environment where SCM (Supply Chain Management) is crucial to business success. 3.1.Risk analysis studies in Brazil It is a noticeable growing interest in Brazilian organizations to know what they are exposed to in the face of threats that can compromise the stability of their operations. 7

63 The main contribution of this work is to evaluate the importance of risk analysis for Brazilian companies regarding supply chain management. The information generated by the research may lead some companies to improve their performance to manage risks appropriately and classify them on the national scenario. Few countries like Brazil combine a market relevant to other competitive factors, such as the industrial base, the agricultural potential, the diversified chain of local suppliers, and the institutional environment of universities and research institutes. Allied to these factors are the growth of the Brazilian economy and the importance of domestic producers in global supply chains. 4. GLOBAL RISK SURVEY To find out the Brazilian companies behaviour regarding supply chain risk management a survey was carried out for supply chain, finance, and business professionals. In particular, it sought responses from manufacturing, retailing, and distribution companies. Through database obtained with the survey it will be possible to know the different risk management strategies that have been applied in the Brazilian supply chains and find the differences and similarities between the risk profiles linking it to regional, cultural and economical aspects. This study aims to identify the risks that occur more frequently in Supply Chains in Brazil and their severity in supply networks. It focuses on the real need of supply chain managers to be alert to the increasingly competitive global environment. However, the study does not intend to address the matter of decision-making. The exact same survey was used in six different regions of the world managing to understand if regional and cultural differences affect the way people think about supply chain management risks and how they manage them. The survey was organized according to the following sessions: i. Attitudes & Tolerance: 8

64 How important is preventing supply chain risks from happening (Prevention) versus being prepared for a quick recovery once they do happen (Recovery)? Who is in a better position to prevent a supply chain disruption? Considerations about suppliers and customer failures. ii. Risk Frequencies Internal and external events severe enough to disrupt your company's supply chain. iii. Importance & Priority Most important risks to your supply chain Supply Chain Risk Management at the company, Business Continuity Plan and customer collaboration. iv. Background Information Industry field, annual revenue, number of employees, professional position After completing the survey it was possible for those who filled out the questionary to request a summary of the study findings via . This survey was ed to the Brazilian main companies, post graduation students, federal associations, industry and agricultural councils. One hundred answers were reached and the final data acquired will be used to draw Brazilian company strategies of Supply Chain Risk Analysis. The survey will help the researchers to identify patterns and trends in risk management and understand the similarities and differences across regions, cultures, and industries. As a conclusion, a maturity framework will be drawn up to classify companies based on its resilience degree over the Brazilian scenario Survey results The same way as in other countries, the survey was carried out in Brazil from December 2009 to February During this time it was possible to get 89 responses, which is not a big number, compared to the other countries results. The main reason would be because the survey took place during national holidays and vacation time. Furthermore, we also realized that Latin Americans don t usually take online surveys as an incentive to participate in researches. Despite these facts, these results could be useful for the required analysis. The main working area of those who participated in the survey is shown in Figure 1. As it can be 9

65 seen most of them do not belong to the Risk Management Department which first points us to an idea that those companies do not have this department in their structure. Figure 1 Working area Supporting this affirmative the answers for the question about risk mitigation strategies, shown in Figure 2, point to a scenario where most of the companies devote more efforts into planning and practicing reactions to events than working on their prevention. This result was somehow expected as Brazilian companies are used to giving attention to risks only once they have happened. Figure 2 - Risk Mitigation 10

66 Another result that should be taken into consideration refers to the sense of urgency shared between suppliers and clients. Once the information flow of the supply chain is not perfectly shared they might experience the bullwhip effect and blind themselves against some risks. This conclusion was made based on the results shown in Figure 3 - Sense of urgency. Figure 3 - Sense of urgency According to Figure 4 most frequent interruptions on the Brazilian Supply Chains are due to: Software Systems Failures, Finished Goods Manufacturing Failures, and Transportation Failures. Figure 4 - Daily occurrences 11

67 Although these are the most frequent risks for the Brazilian Supply Chains they are not considered the three most important for the companies who participated in the survey. Despite the fact that some risks are more frequent than others their impact may be smaller. The results in Figure 5 were obtained through direct answers where companies were surveyed about the three most important risks for their supply chain. Risks pointed as the most important scored 3 points, the second most important scored 2 points and the third most important scored 1 point. The sum of these scores represents the importance of each risk. Figure 5 - Most important risks 5. CONCLUSION Although a deeper conclusion should be made comparing Brazilian results to global results and to answers obtained from other Latin American and supplier countries, we can say that the Brazilian Supply Chains are not well prepared to deal with risk analysis and that this is a new field of study for companies in Brazil. 12

68 Improved analysis can be made after building a decision tree based on the answers and clustering some data. This work might help Brazilian companies to design their risk strategies and methodology and to identify some of their weaknesses. After this data analysis it will be possible to compare Brazilian supply chain concerns with of other countries and design a framework to supply chain managers to support their decisions concerning risk analysis. 6. REFERENCES o Chopra S and Sodhi M (2004) Managing Risk To Avoid Supply Chain Breakdown, MIT Sloan Management Review, Vol. 46, No. 1, p o Tang, C S (2006) Perspectives in supply chain risk management, Int. J. Production Economics 103, p o Knemeyer A M, Zinn W, Eroglu C (2008) Proactive planning for catastrophic events in supply chains, Journal of Operations Management, 27(2), o Hubbard D (2009) The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. 13

69 RIRL 2010 The 8th International Conference on Logistics and SCM Research BEM Bordeaux Management School September 29, 30 and October 1st 2010 Risk Response Measures and their Application from Transportation to Supply Chain Management Irene Sudy a, Hans-Joachim Schramm b* a Institute of Transport and Logistics Management, WU Wirtschaftsuniversität Wien, [email protected] b Institute of Transport and Logistics Management, WU Wirtschaftsuniversität Wien,, [email protected] The aim of this contribution is to outline risk response measures of avoidance, reduction, transfer, sharing or acceptance of risks associated with goods flows. Based on desk research and review of actual business practice, it is shown which risk response measures are employed in practice on different levels from transportation to supply chain management. The main findings are as follows: Aside from purely operative oriented strategies of risk reduction, transferring risks to others by different forms of contracts are prevalent in transportation. In logistics and supply chain management, however, strategic oriented risk response measures of avoiding, sharing or accepting risks are more likely to occur. Therefore, useful risk response strategies for goods flows should vary depending on the level of analysis and companies have to take this into account in their risk management processes. Key words: Risk management, risk response measures, transportation, logistics, supply chain management 1

70 1 INTRODUCTION During the last decade, the issue of risk management evolved as a growing research objective in the field of transportation, logistics and supply chain management. Whereas the issue of identification, analysis and assessment of risks is well covered by literature, actual risk treatment with appropriate risk response measures to counter risks seems to be underdeveloped so far (Peck, 2006, Tang, 2006, Khan & Burns, 2007, Olson & Wu, 2008, Manuj & Mentzer, 2008, Bode & Wagner, 2008). Therefore, this paper deals with risk response measure arrangements, e.g. avoidance, reduction, transfer, sharing or acceptance of identified and assessed risks in the areas of transportation, logistics and supply chain management. In the following, first basic definitions of risks etc. are given. Second, risk control by risk response measures in general is described before the spectrum of risk response measures for four different levels of transport, transport chain, logistics and supply chain management is outlined. 2 BASIC DEFINITIONS Risks are omnipresent as they are an inevitable component of economic action. This means that business operations are always connected with uncertainties and risks (Knight, 1921, Khan & Burns, 2007, Romeike, 2002, Banks, 2005, Schmitz & Wehrheim, 2006). Therefore, risks appear in all functional areas of a company, e.g., in sourcing, procurement, manufacturing and distribution. Nevertheless, there are also risks which appear as shared risks in all functional areas, as for example in logistics. Here transport risks take an important role. Since the entry of such risks may result in damages not only for the company concerned, but also for each of the partners within the supply chain, the consideration of the whole supply chain becomes more and more important (Khan & Burns, 2007, Kajüter, 2007). A closer look on the literature published recently shows that risk management is an extremely multi-layered subject and a steadily increasing number of authors addressed the topic of risk management in transportation, logistics and supply chain management (Finch, 2004, Tang, 2006, Vahrenkamp & Steiff, 2006, Steven & Pollmeier, 2006, Wagner & Bode, 2008). However, an assignment of possible risk response measures to the different levels of transportation (transport and transport chains), logistics and supply chain management domain is almost absent up to now. Following Kummer (2006) or Kummer et al. (2009) the levels of transportation (transport and transport chains), logistics, supply chain management and actors involved therein can be defined as follows: 2

71 Transport can be best characterised as goods movements produced either on own account or by means of transport service companies. If necessary, transport intermediaries like transport agents, ship brokers or IATA cargo sales agents are involved who are specialised in affreightment of transport service providers as the actual operating carriers. Transport chains can be regarded as a system of transport, handling and temporary storage operations. The actors therein are apart to the above mentioned transport service providers and transport intermediaries transport integrators and freight forwarders, who organise transport chains and/or consolidate cargo in LTL or groupage service operations. Logistics can be understood as the amount of all transport, handling and warehouse operations which can be produced either on own account or by others. Nowadays main levels in this field are 3PLs or system providers who try to offer all sorts of logistics services in a one-stop-shopping manner backed by own transport networks or relying on transport services offered by carriers and intermediaries from the transportation levels. Supply chain management shows the highest level and here an organisation performance is produced by supply chains either on own account or via so-called 4PLs or system integrators including of all levels from the previous levels. This view is in accordance with the unionist perspective on logistics versus supply chain management by Larson & Halldorsson (2004). Because risk potentials at each level differ, spectrum of risk response measures is also different which will be described in more detail in the next section. 3 RISK RESPONSE MEASURES To treat already identified and assessed risks, risk response measures are developed, valued and selected within the scope of the risk control in a typical risk management process (Mikus, 2001, Norrman & Jansson, 2004, Khan & Burns, 2007, Ekwall, 2008, Olson & Wu, 2008). For actual risk treatment, there are a huge number of risk response measures available. If such measures are taken to reduce risks of loss or damage or to limit their effects, we can talk about active risk behaviour. If such sorts of measures are not employed, risk behaviour can be regarded as passive. Therefore, under risk politics we can subsume passive as well as active behaviour to counter risks of loss or damage which result from failing expectations in connection to decisions made (Rogler, 2002). 3

72 1.... avoidance reduction... Measures of... 2a. 2b.... reduction... likelihood of damage degree of damage... of risks transfer or sharing acceptance... Figure 1: Risk response measures (Kummer & Sudy, 2007) Fig. 1 gives an overview of the risk response measures available. They can be divided into measures of (1) avoidance, (2) reduction, (3) transfer or sharing and (4) acceptance of risks. Furthermore, it can be distinguished whether a removal of the risk should be aimed and therefore the entry or at least the likelihood of the entry of a damage should be prevented (cause-related measures) or whether a reduction of the negative effects and damages which follow the entry of a risk is aimed (effect-related measures, see Kupsch, 1973, Philipp, 1967, Mikus, 2001). Of course, certain risks like pilferage or decay of stocks can be avoided totally by abandonment of stockholding, but in practice this will be hard to realise and would lead to an increase of risks in other areas (e.g. in transportation). Risk reduction tries to reduce the likelihood of loss or damage and further economic consequences. The aim of transferring risk is not to avoid risks or reduce damages, but to transfer risks to someone else (like suppliers, buyers, transport or logistic service companies or insurers, see Rogler, 2002). However, it is neither hardly possible nor economically feasible for all sorts of risk to be avoided, reduced or transferred to others. How and to what extent such risks are accepted depends on the readiness to take risk. In this case, companies must exercise due care and act with financial precaution in order not to be endangered in their existence by single events of loss or damage. 4

73 4 THE APPLICATION SPECTRUM OF RISK RESPONSE MEASURES Within the scope of a chosen risk strategy, risk response measures have to be combined in such a way that from the point of the actors an optimal mix of measures is reached, as the chosen risk response measures affect all partners of a supply chain. However, settings, interests and acceptance of risks can vary very strongly between supply chain partners. Therefore, an integration of all partners involved and an exchange of information is important, as e.g. an access to a larger data base increase their acceptance (Mullai, 2004). Furthermore, risk response measures cannot seen isolated, as they affect not only one area (e.g., transport) but also other areas (e.g., warehousing) as well as other partners in a supply chain. For example, the decision of a producer to introduce JIT delivery in order to lower risks of stockholding causes changes in transportation and warehousing operations of his suppliers. The implementation of JIT delivery increases the number of deliveries and the number of transports will increase sometimes even a change of means of transport (e.g., from rail to truck) and thereby a change of transport route is necessary. The applicability of the above described possible risk response measures from transportation to supply chain management as shown in Fig. 2 will be explained in the next sections. Transport Transport chains Logistics Supply Chain Management operative Nature of arrangement strategic reducing, transferring or accepting risks Risk response measures avoiding, sharing or accepting risks Fig. 2: Possibilities of risk response measures 4.1 Transport Transport risks include all single risks which arise in the connection with physical goods movements (Oberparleitner, 1955). Thus, loss or damage can appear, e.g. if consignments in 5

74 transit are lost or damaged or if transport operations are not carried out as planned and arrive at the consignee too late. Besides relying on strategies of avoidance or reduction of transport risks, risk transfer is a pre-dominant risk response measure. This is done by application of suitable terms of payment and delivery shifting risks to contracting partners with lower negotiation power closing special contractual arrangements. Furthermore, cargo insurance can be covered or forward freight agreements (FFAs) can be concluded as a special form of financial hedging - as far as there is a market for it. With all these measures, a lot of risks arising from transport operations and occurring financial damages can be covered Measures for reduction of loss or damage Because transports are inevitable in most cases, risk response measures start with reduction of risks coming along with them. There, choice of appropriate means of transport takes a central role: means of transport employed are more or less determined by topography en route as well as criteria of evaluation of traffic alternatives like speediness, reliability, flexibility and net density. In addition to this, transport routing and timing should be selected according to security aspects to reduce the likelihood of damaging events. Usually, several routes are available but these should be carefully evaluated taking climatic and geographic, infrastructural, political as well as juridical and administrative conditions into consideration. Furthermore, in unsecure regions, the mean of transport should never left unattended. Other additional preventive measures should be taken into consideration like convoy formation or escort service. Access to warehouse locations should only be granted to authorised people (Linzmeier, 2006). A reduction of the amount of damage can be achieved by splitting up a single consignment in several shipments and transport them separately. By this subdivision of consignments, average quantity and value per shipment will be lowered and in case of an event this results in less loss or damage. Nevertheless, this measure comes along with a higher number of shipments and, hence, with higher transportation costs. Therefore, it is more suitable for valuable goods as the increased overall transport costs do not outweigh loss or damage reduction achieved by splitting up shipments. Another aspect is an appropriate cargo packaging as it helps to lower the likelihood of transport loss or damage (Branch, 2006, David & Stewart, 2008, Kummer et al., 2009). Thus, cargo is protected against mechanical (e.g., pressure, hits) and climatic impacts (e.g., temperature, humidity) and pilferage is made more difficult. In addition, suitable marking of 6

75 packaging by pictograms, signs or explanations prevent inappropriate transport and handling which is especially important in the case of consignments with fragile, toxic, explosive or fire-supporting goods. Appropriate cargo packaging preserves good state of consignment but also allows more rational transport and handling. The application of information and communication systems contributes to a coupling of material and information flows which also leads to risk reduction. Information and communication systems allow a transparent and timely execution of transport and handling processes and efficient interface management (e.g., EDI) helps to reduce the danger of faulty transmission of information considerable (Frankel, 1999, Stopford, 2002) Measures of risk transfer Referring to measures of risk transfer, a company can first try to force its suppliers to arrange for transportation and to agree on a very late place of transfer of risk and/or title whereas for a seller a very early place of transfer of risk and/or title is preferred. In this context, the International Commercial Terms (INCOTERMs, see ICC, 1999) are recommended as they are uniform contract norms of commercial clauses to fix rights and duties of suppliers and buyers (Ramberg, 2000, David & Stewart, 2008, Kummer et al., 2009). Because the organisation of transportation requires special expertise (especially in an international context), an outsourcing to transport or logistics service providers usually takes place. In cases of loss or damage during custody, the transport or logistics service provider can then be made responsible. However, their liability is often limited by transport law or by special standard trading conditions (STCs, see Jones, 2008, Jerman, 2008). In addition to this, some hardly ex ante foreseen expenses arising from transport operations are passed on their clients in form of e.g. bunker adjustment factors (BAFs) and currency adjustment factors (CAF) usually demanded in maritime shipping instead of hedging these risks by themselves (Menachof, 1996, Menachof & Dicer, 2001, Alizadeh & Nomikos, 2004, Alizadeh et al., 2004, Cariou & Wolff, 2006). Insurance coverage is another, often employed measure of risk transfer (Branch, 2006, David & Stewart, 2008, Kummer et al., 2009). There, a financial damage is covered - according to the extent of the insured risks - either completely or partially by an insurer. Transport insurance can be contracted for the means of transport or consignments being transported and can cover various dangers that may appear during transport, handling or temporary storage. Thus, they represent a partial or an entire hedging of transport risks. Apart from insurance 7

76 contracts for means of transport and insurance contracts covering solemnly transport and traffic liability, two kinds of transport insurance contracts are common: First, there is a forwarder s liability insurance (Jones, 2008, Jerman, 2008) which is obligatory e.g. in the case of Austria when freight forwarding companies want to apply their STCs lowering their full liability burden to a reasonable limit (Tuma, 2001, Kummer et al., 2009). It has to be paid by the freight forwarders client and covers actual financial losses arising from late delivery, loss or damage of and further interest in cargo within certain limits outlined in their STCs. In addition to this, a cargo insurance policy can be closed at any time for a consignment which seems advisable for international transports of valuable goods (David and Stewart, 2008, Jones, 2008). There, insurance coverage is granted up to the stated value of cargo on the basis of e.g. the Institute of Cargo Clauses (ICC) of Other measures of risk transfer are financial instruments of hedging against possible losses caused by price fluctuations of exchange rates, interest rates, commodity prices as well as transport prices under exploitation of suitable financial instruments within the scope of financial hedging (Bernstorff, 2001, Schäfer & Frank, 2006, Kummer et al., 2009). In this context, currency management is about recognising risks and chances from exchange rate fluctations and making suitable arrangements for risk avoidance, reduction and/or chance exploitation. Within the scope of interest rate management, a company may make arbitrage from interest rate differences at different capital and credit markets. Another field of application of such financial instruments is hedging of raw materials as well as all kinds of commodities. Last but not least, transport prices can also be fixed by means of forward freight agreements (FFAs) if no agreement in form of price adjustment clauses can be closed in longterm contract relations (Koekebakker & Ådland, 2004, Koekebakker et al., 2007). Notably, the use of these financial instruments is by no means riskless it is rather a new source of risks which has to be assessed and controlled, too (Schäfer & Frank, 2006, Kummer et al., 2009). 4.2 Transport Chain Apart from complete loads as direct shipments from consignor to consignee, most cargo is transported in transport chains using different means or modes of transport. This comes along with additional risks arising from cargo handling at transhipment points as well as temporary storage before transport operations can be preceded. Apart from unimodal transport chains as 8

77 transport chains with different means of transport of the same mode of transport there are multimodal transport chains which can be divided again into break bulk, intermodal and combined transport types of operation (Jennings & Holcomb, 1996, UN/ECE, 2001, Eurostat, 2003). In break bulk (or transloading) operations, transhipment of goods is carried out by simply unloading and reloading of cargo. Intermodal transport, however, means that goods movement takes place in the same transport unit over different transport modes and transhipment occurs by handling the complete transport unit. Combined transport, finally, is a sub-group of intermodal transport where the pre- or onward carriage legs by road are kept as short as possible. The rising number of actors involved in transport chains creates additional risk potentials when changing means and/or modes of transport. Furthermore, it is fact that in multimodal transport chains different transport modes subject to different transport law are employed, which adds considerable complexity (EC, 1999, Kummer et al., 2009) Measures for reduction of loss or damage As in transport chains more than one mean of transport is used, the likelihood of loss or damage rises considerably with each transhipment and temporary storage. By using intermodal transport units (e.g., containers, swap bodies or semi-trailers) attempts are made to synchronize different subsequent means of transport in such a way, that at the transhipment point, the cargo itself must not be unloaded and reloaded again. However, it is paradox that this kind of cargo protection measures is reduced to the absurd by insufficient cargo securing and unfavourable climatic conditions within such intermodal transport units resulting in severe cargo damage or decay without extraneous cause (Kummer et al., 2009). In addition to this, information about the status and place of cargo or the time of transfer from one means of transport to another gets more and more important. Accordingly, improvement of logistics processes is influenced by automatic identification technologies like RFID (Sheffi, 2004, Mohsen, 2007). Possible application fields are wide-spread and allow automatic observation and updating current place and status of cargo over various hierarchy levels from a single part of a consignment up to transport units and means of transport in a transport chain. Furthermore, it allows observation, supervision and control of external conditions or internal states as well as fulfilment of safety and security needs. 9

78 4.2.2 Measures of risk transfer Generally, risk transfer in transport chains normally occurs when cargo is handed over from one carrier to another at some transhipment point if the underlying transport contract does not define something else (Jones, 2008, Kummer et al. 2009). Concerning transport contracting, a variety of different usances exist in practice. In typical break bulk type operations, usually for each transport leg a separate transport contract is closed - no matter whether cargo movement is carried out based on the same transport law. By contrast, in intermodal or combined transport operations a more or less uniform cargo contract may be closed like a multimodal transport contract with which a transport service company commits itself to the organisation of the multimodal carriage of goods including supervision, transhipment and temporary storage from end to end. But there is still a lack of clear-cut legal regulations for multimodal carriage of goods (e.g., in Austria) or they are rather dissatisfying implemented (e.g., in Germany with 452 Code of Commerce). Therefore in case of a claim, the parties affected must often argue not only about the amount of compensations for loss or damage of cargo to be paid, but also the place where the damage happened - despite several attempts are made to establish a uniform liability of a multimodal transport operator (MTO, see EC, 1999, Kummer et al., 2009). In the end, the option of just applying for cargo insurance always exists, where in case of a claim the insurer pays first the therein stated value of cargo to the beneficiary independent of place of loss or damage and then afterwards seeks to subrogate against parties being responsible in order to recover the expenses. 4.3 Logistics In logistics, warehousing and value added services are added to handling and temporary storage operations. Warehousing is commonly understood as a stationary time-bridging process between availability and demand of goods. This comes along with warehouse risks as different kinds of risks referring to holding goods on stocks as well as general risks running a warehouse. Another aspect is the offering of value added services executed by logistics service providers on behalf of their clients from order picking, packaging and despatching of consignments up to assembly or conversion operations within the scope of contract logistics based on a still insufficient or virtually non-existent legal basis. Moreover, risk coverage arising from offering value added services is poorly and is not at all covered by the classical forms of insurance contracts as outlined above. Therefore, trust between the client and the 10

79 logistic service provider is inevitable together with system thinking as both are stronger integrated in their everyday business Measures for reduction of loss or damage Because it is most impossible to avoid keeping inventory, the choice of location and type of warehouse plays an important role to reduce the likelihood and impact of damaging events. Thus choice of warehouse location is crucial in countries with substantial criminal activities. Also type of warehouse should be according to characteristics of stored goods. Theft of valuable goods can be lowered by installing and using equipment like burglar alarms, locking systems or safe deposits. Equipment like sprinkler systems and fire-resistant doors prevents quick spreading out of flames in case of fire. The combination of different storage and retrieval operations allows having a back-up solution if a fully automated warehouse system breaks down. Another viable starting point to lower the extent of loss or damage is to choose appropriate packaging allowing better storage and increased shelf life. Doing this, stocks are protected against external influence supporting decay and theft is made complicated. Furthermore, improper handling can be avoided by suitable markings. The application of information systems and communication systems in order to couple material and information flows also plays a big role at this level, because this allows a transparent, reliable and rapid execution of warehouse processes. Moreover, control and coordination of warehouse processes improves information exchange between companies and reduces warehouse risks. Another rather simple risk-political measure to reduce the impact of damaging events in warehousing is reducing the amount of stock keeping units. Additionally, manufacturing and assembly done by suppliers in a warehouse located in-house or nearby can be regarded as avoidance further measure for reduction of loss or damage (Rogler, 2002). If some level of stock holding is needed, damages can be reduced by distributing stocks to several warehouses. But here a trade-off between risk reduction and costs of decentralized warehousing like increased buffer stocks and transport operations have to be taken into account Measures of risk transfer A measure of risk transfer in the area of transportation is to determine in the conditions of contract exactly place of transfer of perils. The same is valid for the transfers in the area of warehousing and logistics. Warehousing can be performed by either supplier or buyer and 11

80 should come along with well defined responsibility of inventory levels as well as place and time of transfer of perils. This is in particular the case in vendor managed inventory (VMI) or consignment warehousing where the responsibility of stock keeping units and therefore the transport and warehouse risk are transferred from the buyer to the supplier (Waller et al., 1999, Appenfeller & Buchholz, 2005). As already mentioned before, currently a big uncertainty exists in the field of contract logistics in connection with value added services offered beyond bare transport, handling and warehousing concerning contractual arrangements and insurability of therein evolving risks (Wieske, 2006, Jerman, 2008). Relying on freedom of contract principles, logistics contracts can be arranged in quite individual ways whether in the form of mixed-type or combinedtype contracts as a mixture or combination of already existing contract types or as a contract of own kind (sui generis). Moreover, according to Wieske (2006) the majority of such contracts are agreed in an ad hoc manner without any preliminary negotiations. To counter this arbitrariness of contractual form and arising problems thereof, attempts were already started in Germany as well as in Austria to use Standard Terms and Conditions dedicated to logistics operations although with moderate success up to now. Concerning transfer risks to insurers a similar picture comes up: a uniform coverage of risks in form of a logistics service insurance arising from the various activities performed in contract logistics is extremely difficult if not even impossible (Wieske, 2006). Thus in insurance practice currently hedging of risks is obtained through a combination of already existing insurance products, like standard transport insurance for goods movement, warehouse or warehouse excess insurance cover for stock keeping units up to special public liability, product liability and/or recall expenses insurances in case of assembly or packaging operations done on behalf of the client. 4.4 Supply chain management Damage or loss in transit or warehouse and resulting financial damage is often quite evident and can be rather easily assessed (Oberparleiter, 1955). However, possible secondary damages linked with it and their impact on the whole supply chain are more difficult to quantify as they are quite often not restricted to solemnly monetary dimensions. Loss of cargo (e.g., by theft, accidents or terrorist assaults) causes disruptions in the supply chain. This results on the supplier s side in additional expenses in transport and logistics operations through express compensation delivery as well as in manufacturing through 12

81 additional manufacturing costs of repeated production and setup costs of alternated production schedules. Other additional costs originate, e.g., from contract penalties and compensation demands on the buyer's side. Furthermore, it comes to diminished revenues by derogations (e.g., discounts have to be granted) or escaping proceeds (e.g., non-purchases of customized goods) because of missed deadlines. Moreover, lost contribution margins may accrue from direct sales loss (e.g., customer satisfies his demand with another supplier) or indirect sales loss (e.g., loss of reputation). Finally, on the customer s side loss or damage of cargo may lead to production shutdowns or a least to disruptions when delivery is planned just in time and buffer stocks are too low. Reducing spatial distance of supply chain partners can be seen as a viable measure to reduce impacts of damaging events in supply chain management. Key suppliers may settle nearby buyers in industrial parks or directly in-house. An alternative strategy is global localisation which intends to set up manufacturing nearby sales markets and local sourcing (Morris, 1991, Morita, 1992). These strategies help to organize shorter unimodal transport chains, while the strategy of strategies of global sourcing and distribution leads very often to longer multimodal transport chains (Stölzle & Gareis, 2001). The establishment of in-house partnerships where suppliers produce at their customers premises not only reduces, but even avoids the risks arising from spatial distance. In the automobile industry such partnerships go so far that suppliers even carry out integration of their modules at the assembly line of the manufacturer (Roehrich, 2008). However, there is still a transport risk for the supplier existing for the sourcing of the components of such modules. Moreover, as suppliers produce their modules usually not only for a single but for more customers who have their assembly plants spatially dispersed, the suppliers could be forced to set up their operations at different geographically dispersed locations (Bogaschewsky & Rollberg, 2001). Another measure to reduce the likelihood of damaging events is the improvement of the industry knowledge via cooperation and collaboration in buyer-seller relationship. Supplier relationship management and coordinated sourcing activities along supply chains leads to a better knowledge of possible substitutes or improved characteristics of materials in terms of transportability and/or storability. However, this requires sometimes a change of the underlying manufacturing technology. Another example for coordination and collaboration along a supply chain is the concept of efficient consumer response (ECR, see Harris et al., 1999, Eßig, 2002). With this concept all supply chain partners are integrated from the first 13

82 supplier up to the end user. EDI tends to realize faster and more efficient transportation and warehousing processes by identification and communication standards, standardization of loading units as well as product identification. This may contribute to a reduced likelihood of damaging events, too. Improved product designs in terms of transportability and/or storability also helps to reduce the likelihood of damaging events. Thus the risk of damages will be e.g. lower with plastic packing than glass packing (Rogler, 2002). Furthermore, a huge number of product variants raises complexity of transportation and warehousing. Above all, on an international level a high number of variants originates from country specific products and their packaging (Schary & Skjott-Larsen, 2001, Kummer et al., 2009), but product design strategies like standardization, modularisation and postponement help to reduce the complexity. Moreover, lower warehouse stock resulting from application to these strategies reduces warehouse risk, especially for products with short life cycles and high degree of perishability. Another possible risk response measure is spreading risks, e.g., by operational hedging as a reaction on increasing integration of the global economy with concurrent enlargement of the market volatilities (Kogut, 1985, Buckley & Casson, 1998). In contrast to the concept of financial hedging drawing attention on nominal price changes caused by exchange and interest rate changes, operational hedging tries to counteract real price changes (Kogut, 1985, Lessard & Lightstone, 1986, Huchzermeier & Cohen, 1996, Casson & Gulamhussen, 2000). Main instruments of operational hedging are on the one hand reaching operational flexibility and, on the other hand, creation of real options (Miller, 1992, Triantis, 2005) Reaching operational flexibility can be achieved in different ways. Application of computer integrated manufacturing (CIM) in connection with highly qualified as well as flexible deployable employees allows comparatively fast and cheap manufacturing of a wide spectrum of qualitatively superior products (Upton, 1995). In addition to this, an integrated value added chain with integrated external resources allows to open other potentials of operational flexibility. Advantage of this approach is that by a better integration of suppliers, investment costs and associated risks are on average considerably lower, too. Creation of real options still goes one step further, because beside operational flexibility at existing company locations, possibilities like relocation of manufacturing operations, changes in product mix, international supplier structure and control of actual service level for each sales market can be taken into consideration (Dornier et al., 1998). 14

83 This outline of viable risk response measures at the supply chain level clearly shows that there strategic considerations dominate. Furthermore, the application of risk response measures may cause far-reaching changes for other actors along the whole supply chain. Interests and acceptance of the risk response measures by involved actors can significantly improve an actor s negotiation power. Thus the decision about establishment of an industrial park or an in-house partnership as a risk response measure will be set up in many cases by a focal company whereas cooperation and collaboration among supply chain partners rather rests on integrative decision-making. 5 Conclusions The preceding discussion has shown that risks differ at the different levels of transport, transport chains, logistics and supply chain management. However, within the scope of the risk management process, workable risk response measures vary from level to level which is well reflected in actual business practice. As transports can be avoided only in the rarest cases, many risk response measures come in effect at the level of transport which aim on loss or damage prevention of goods in transit. Another important option in this field are risk transfers to others, either by advantageous arrangement of terms of payment and delivery, external processing of transport performances, closing appropriate insurances coverage or exploitation of suitable financial hedging instruments. At the transport chain level, new risk potentials arise from the multimodality of transport chains. Repeated handling operations in connection with temporary storage at transhipment points add to this. Moreover, actors evolving from multimodal transport chain operations can be controlled employing other risk response measures like risk reduction and/or transfer. At the logistics level, a variety of logistic services offered and unsatisfying legal regulations cause a need for trust between client and logistic service provider or risk transfer to an insurer. Accordingly, risk response measures of reduction of loss or damage of cargo become more important at this level. At the level of supply chain management, claims resulting from a damaging event may lead to secondary damages which also have to be taken into account. In this case, risk transfer steps in the background in favour of risk response measures which try to reduce the likelihood of a damaging event or at least the reduction of the extent of damage. 15

84 Seeing this continuum of different risk response measures, useful risk response strategies for goods flows should vary depending on the level of analysis and companies have to take this into account in their risk management processes. 16

85 REFERENCES o Alizadeh A.H., Nomikos N.K. (2004), The Efficiency of the Forward Bunker Market, International Journal of Logistics: Research and Applications Vol. 7/3, pp o Alizadeh A.H., Kavussanos M.G., Menachof D.A. (2004), Hedging against bunker price fluctuations using petroleum futures contracts: constant versus time-varying hedge ratios, Applied Economics Vol. 36, pp o Appelfeller W., Buchholz W. (2005), Supplier Relationship Management, Wiesbaden. o Banks E. (2005), Catastrophic Risk, Chicester o Bernstorff C. Graf v. (2001), Risiko-Management im Auslandsgeschäft, Knapp: Frankfurt/Main. o Bode C., Wagner S.M. (2008), Risk and Security A Logistics Service Industry Perspective, in Wagner S.M., Bode C. (Eds.), Managing Risks and Security, Kuehne Foundation Book Series on Logistics 16, Haupt Publisher: Berne - Stuttgart - Vienna, pp o Bogaschewsky R., Rollberg R. (2002), Produktionssynchrone Zulieferungskonzepte, in Hahn D., Kaufmann L. (Eds.), Handbuch Industrielles Beschaffungsmanagement, Wiesbaden, pp o Branch A.E. (2006), Export Practice and Management (5th ed.), Thomson Learning, London. o Buckley P.J., Casson M.C. (1998), Models of the Multinational Enterprise, Journal of International Business Studies Vol. 29/1, pp Cariou, Pierre o Cariou, P., Wolff F.-C. (2006), An Analysis of Bunker Adjustment Factors and Freight Rates in the Europe/Far East Market ( ), Maritime Economics and Logistics Vol.8/2, pp o Casson M., Gulamhussen M.A. (2000), Real Options in International Business, in Casson M. (Ed.), Economics of International Business: A New Research Agenda, Cheltenham, pp o David P.A., Stewart R.D. (2008), International Logistics - The Management of International Trade Operations (2nd ed.), Thomson, Southbank (Victoria). o Dornier P.-P., Ernst R., Fender M., Kouvelis P. (1998), Global Operations and Logistics, New York. o EC (1999), Intermodal Transportation and Carrier Liability, Office of Official Publications of the European Communities, Luxemburg. 17

86 o Ekwall D. (2008) Security, Risk Management, and Crime Prevention in Supply Chains, in Wagner S.M., Bode C. (Eds.), Managing Risks and Security, Kuehne Foundation Book Series on Logistics 16, Haupt Publisher: Berne - Stuttgart - Vienna, pp o Eßig M. (2002), Cooperative Sourcing, in Hahn D., Kaufmann L. (Eds.), Handbuch Industrielles Beschaffungsmanagement (2nd ed.)., Wiesbaden, pp o Eurostat (2003), Glossary for Transport Statistics (3rd ed.), Office for Official Publications of the European Commission: Luxembourg. o Finch P. (2004), Supply Chain Risk Management, Supply Chain Management: An International Journal Vol.9/2, pp o Frankel E.G. (1999), The economics of total trans-ocean supply chain management, International Journal of Maritime Economics Vol.1/1, pp o Harris J.K., Swatman P.M.C., Kurnia S. (1999), Efficient consumer response (ECR): a survey of the Australian grocery industry, Supply Chain Management: An International Journal, Vol.4/1, pp o Huchzermeier A., Cohen M.A. (1996), Valuing Operational Flexibility under Exchange Rate Risk, Operations Research Vol. 44/1, pp o ICC (1999), Incoterms 2000, International Chamber of Commerce Publication No. 560, ICC Publishing, New York. o Jennings B., Holcomb M.C. (1996), Beyond containerization: The broader concept of intermodalism, Transportation Journal Vol.35/3, pp o Jerman B. (2008), Legal aspects of the Logistics contract and partnership in logistics, European Transport Law Vol.43/5, pp o Jones P. (2008), FIATA Legal Handbook on Forwarding, (4th ed.), Peter Jones and International Federation of Freight Forwarders Associations, Toronto. o Kajüter P. (2007), Risikomanagement in der Supply Chain: Ökonomische, regulatorische und konzeptionelle Grundlagen, in Vahrenkamp, R., Siepermann, Ch. (Eds.), Risikomanagement in Supply Chains, Berlin 2007, pp o Khan O., Burnes B. (2007), Risk and supply chain management: creating a research agenda, International Journal of Logistics Management Vol. 18/2, pp o Knight F.E. (1921), Risk, Uncertainty and Profit, Boston, Hart, Schaffner & Marx; Houghton Mifflin Co. 18

87 o Koekebakker K., Ådland R.O. (2004), Modelling Forward Freight Rate Dynamics - Empirical Evidence from Time Charter Rates, Maritime Policy and Management Vol. 31/4, pp o Koekebakker S., Ådland R., Sødal S. (2007), Pricing Freight Rate Options, Transportation Research Part E Vol.43, pp o Kogut B. (1985), Designing Global Strategies: Profiting from Operational Flexibility, Sloan Management Review Vol. 27/1, pp o Kummer S. (2006), Einführung in die Verkehrswirtschaft, UTB: Wien. o Kummer S., Sudy I. (2007), Management von Transport- und Lagerrisiken, in Vahrenkamp R., Siepermann Ch. (Eds.), Risikomanagement in Supply Chains, Berlin, pp o Kummer S., Schramm H.-J., Sudy I. (2009), Internationales Transport- und Logistikmanagement, WUV: Wien. o Kupsch P.-U. (1973), Das Risiko im Entscheidungsprozeß, Wiesbaden. o Larson P. D., Halldorsson A. (2004), Logistics versus supply chain management: An international survey, International Journal of Logistics: Research and Applications, Vol.7/1, pp o Lessard D.R., Lightstone J.B. (1986), Volatile Exchange Rates Can Put Operations at Risk, Harvard Business Review Vol. 64/4, pp o Linzmeier H. (2006), Sicherheit in der Logistik, Wien. o Manuj I., Mentzer J.T. (2008), Global supply chain risk management strategies, International Journal of Physical Distribution and Logistics Management Vol.38/3, pp o Menachof D. (1996), Risk Management in the Liner Shipping Industry: The Response to Customer Service Demands for Simplified Tariffs, Journal of Business Logistics Vol. 17/1, pp o Menachof D., Dicer G. (2001), Risk Management Methods for the Liner Shipping Industry: The Case of the Bunker Adjustment Factor, Maritime Policy and Management Vol. 28/2, pp o Mikus B. (2001), Risiken und Risikomanagement - ein Überblick, in Götze U., Henselmann K., Mikus B. (Eds.), Risikomanagement, Heidelberg, pp o Miller K.M. (1992), A Framework for Integrated Risk Management in International Business, Journal of International Business Studies Vol. 23/2, pp

88 o Mohsen A. (2007), RFID: an enabler of supply chain operations, Supply Chain Management: An International Journal Vol.12/4, pp o Morris J. (1991), Japan and the Global Economy: Issues and Trends in the 1990s, Routledge: New York. o Morita A. (1992), A critical moment for Japanese management, Economic Eye Vol.13/3, pp o Mullai A. (2004), A Risk Analysis Framework for Marine Transport of Packaged Dangerous Goods, in Brindley C. (Ed.), Supply Chain Risk, Ashgate, pp o Norrman, A., Jansson, U. (2004), Ericsson s proactive supply chain risk management approach after s serious sub-supplier accident, International Journal of Physical Distribution and Logistics Management Vol.34/5, pp o Oberparleiter K. (1955), Funktionen und Risiken des Warenhandels, Wien. o Olson D.L., Wu D. (2008), Supply Chain Management, in Olson D.L., Wu D. (Eds.), New Frontiers in Enterprise Risk Management, Springer: Berlin-Heidelberg, pp o Peck H. (2006), Reconciling supply chain vulnerability, risk and supply chain management, International Journal of Logistics: Research and Applications Vol.9/2, pp o Philipp F. (1967), Risiko und Risikopolitik, Stuttgart. o Ramberg J. (2000), ICC Guide to Incoterms 2000, International Chamber of Commerce Publication No. 620, ICC Publishing, Paris. o Roehrich R.K. (2008), Outsourcing: Management and Practice within the Automotive Industry, in Parry G., Graves A. (Eds.), Build To Order: The Road to the 5-Day Car, Springer: London, pp o Rogler S. (2002), Risikomanagement im Industriebetrieb, Wiesbaden. o Romeike F. (2005), Risikokategorien im Überblick, in Romeike F. (Eds.), Modernes Risikomanagement, Weinheim 2005, pp o Romeike F. (2003), Der Prozess des strategischen und operativen Risikomanagements, in Romeike F., Finke R. (Eds.), Erfolgsfaktor Risiko-Management, Wiesbaden, pp o Schäfer H., Frank B. (2006), Derivate und finanzwirtschaftliches Risikomanagement, Controlling No. 8-9/2006, pp o Schary P. B., Skjott-Larsen T. (2001), Managing the Global Supply Chain, (2nd ed.), Copenhagen Business School Press. o Schmitz T., Wehreim M. (2006), Risikomanagement, Stuttgart. 20

89 o Sheffi Y. (2004), RFID and the innovation cycle, International Journal of Logistics Management Vol.15/1, pp o Steven M., Pollmeier I. (2006), Der Risikomanagementprozess in der Supply Chain, Logistik Management Vol. 8/4, pp o Stopford M. (2002), E-commerce-implications, opportunities, and threats for the shipping business, International Journal of Transport Management Vol.1/1, pp o Stölzle W., Gareis K. (2002), Konzepte der Beschaffungslogistik - Anforderungen und Gestaltungsalternativen, in Hahn D., Kaufmann L. (Eds.), Handbuch Industrielles Beschaffungsmanagement, (2nd ed.), Wiesbaden, pp o Tang C.S. (2006), Perspectives in supply chain risk management, International Journal of Production Economics Vol.103, pp o Triantis A.J. (2005), Corporate Risk Management: Real Options and Financial Hedging, in Frenkel M., Hommel U., Rudolf M. (Eds.), Risk Management - Challenge and Opportunity, Springer: Berlin - Heidelberg, pp o Tuma, O.J. (2001), Grundlagen und Grundprinzipien der Speditionsversicherung in Österreich, European Transport Law Vol. 36/5, pp o UN/ECE (2001), Terminology of Combined Transport, United Nations: New York - Geneva. o UNCTAD (2004), Container Security: Major Initiatives and Related International Developments. United Nations Conference on Trade and Development: Geneva. o Upton D.M. (1995), What Really Makes Factories Flexible?, Harvard Business Review Vol. 73/4, pp o Vahrenkamp R., Steiff Z. (2006), Risikomanagement: Kreditinstitute als Vorbild für die Logistik in Unternehmensnetzwerken?, Logistik Management Vol.8/4, pp o Wagner S.M., Bode C. (2008), Managing Risks and Security, Kuehne Foundation Book Series on Logistics 16, Haupt Publisher: Berne - Stuttgart - Vienna. o Waller M.A., Johnson M.E., Davis T. (1999), Vendor-managed inventory in the retail supply chain, Journal of Business Logistics Vol.20/1, pp o Wieske T. (2006), Rechtliche Rahmenbedingungen in der Logistik - zum Begriff der Logistik, den Formen der Vereinbarung und den Logistik-AGB, in Hector B. (Ed.), Risikomanagement in der Logistik, Deutscher Verkehrs-Verlag: Hamburg, pp