The ISO 31000 standard in supply chain risk management

۱۳۹۸/۰۸/۱۱ بازدید: 25

INTRODUCTION Supply chain problems can generate huge losses for companies, as happened in the last decade with Boeing, Cisco and Pfizer, which suffered losses of US$ 2 billion, US$ 2.25 billion and US$ 2.8 billion, respectively (Hunt et al., 2010). Other notable examples of supply chain interruptions can be found in Sodhi et al. (2012). In the automotive industry, for example, a supply chain failure can cause losses of over US$ 100 million per day (Kern et al., 2012). According to Ghadge et al. (۲۰۱۲) and Colicchia and Strozzi (2012), there are many sources of risks, which can originate within the company (operational risks) or in the external business environment (rupture risks), since the uncertainty of the business climate and the complexity of supply chains increase the likelihood of breakdowns. For this reason according to Christopher and Lee (2004), risk management is an increasingly common element in supply chain management projects. The aims of managing this type of risk are to minimize the occurrence of interruptions, mitigate their impact on performance and hasten the restoration of the supply chain to its normal state (Hendricks et al., 2009).

The overall aim of SCRM is to increase the resilience of the supply chain (Pujawan and Geraldin, 2009). It has emerged as an important element in managing supply chains, aiming to identify potential sources of risks and suggest suitable measures to mitigate them, as stated by Singhal (2011) and corroborated by the majority of other researchers interested in the theme. However, there is a lack of consensus among researchers as to the steps that should be included in SCRM, both regarding their number and the actions involved. For example, Wu et al., (۲۰۰۶), Khan and Burnes (2007), Oehmen et al. (2009) and Singhal et al. (2011) advocate that SCRM should be carried out in a process with at least three steps, which differ in their procedures according to the three research groups. Other authors (Hallikasa et al., 2004; Kleindorfer and Saad, 2005; Manuj and Mentzer, 2008; Tummala and Schoenherr, 2011) argue for different procedures, with more than three steps. At the upper extreme, Ritchie and Brindley (2007) defend the conduction of seven steps for supply chain risk management. Based on this lack of consensus among the researchers regarding the steps that should be applied for SCRM, the following question arises: Is it possible to adopt ISO ۳۱۰۰۰:۲۰۰۹ as the framework for a standardized SCRM process? This standard was launched in 2009 by the International Organization for Standardization, for the purpose of standardizing risk management in general, under the name of “Risk Management: Principles and Guidelines”. Therefore, a secondary question that comes up is: if the ISO 31000 can be adopted as a framework, how can such standard be implemented in a specific company, since it is a generic standard? The justification for choosing that standard is the fact that, as noted by Ataseven et al., (2014), in recent decades a significant number of organizations throughout the world have obtained ISO 9000 and ISO 14000 certification of their processes, in the first case regarding quality control and in the second regarding environmental responsibility (due to growing concern about the environmental impacts of business activities) (Pawliczek and Apiszczur, 2013). As a matter of fact, the latest version of ISO 9001 and ISO ۱۴۰۰۱ explicitly require to organization integrate risk management in the business practice: in ISO 9001, version 2015, preventive actions were replaced by the concept of “risk-based thinking”, a systematic risk evaluation.

The main objective of this article is to propose a pathway to companies develop their procedures to manage risks in supply chains, based on ISO 31000, Section 5.4 (Risk evaluation process) recommendations, under the assumption that the ISO 31000 standard can be used as a systematic process for supply chain risk management. The evaluation would be based on comprehension of the risk management steps that have been covered by researchers interested in SCRM, and by analyzing the correspondence of these steps with those of the risk management process proposed in Section 5.4 of the ISO 31000 standard (i.e. Risk assessment). Our specific objectives are: i) to identify the SCRM steps proposed in the literature; ii) to classify the SCRM steps that have the same purpose, but are given different names by each author or research group; iii) to compare the resulting SCRM steps with those of the ISO 31000 standard, to enable refuting or endorsing the application of that standard for SCRM; iv) to propose a general procedure to select the risk management tools and techniques listed in ISO 31010:2009 to be used in a SCRM. The literature content was obtained from a systematic review of the articles published from 2004 to 2015 that address the steps of SCRM, indexed in the Web of Science and Scopus databases. To the application of the general procedure proposed to the automotive supply chain, we adopted the judgment of five experts from companies of this sector in Brazil, analyzed and prioritized through the use of Analytic Hierarchy Process – AHP (Saaty and Shih, 2009). This is a relevant research problem, for at least three reasons: i) studies about SCRM are still incipient (Lavastre et al., ۲۰۱۲; Narasimhan and Talluri, 2009), particularly in developing countries like Brazil (Blos et al., 2009); ii) studies about SCRM are rapidly growing in the area of logistics (Colicchia and Strozzi, 2012; Wieland and Wallenburg, 2012; Singhal, 2011); and iii) supply chain problems can cause huge losses (Hunt et al., 2010; Kern et al., 2012; Sodhi et al., 2012). The article is organized into six sections including this introduction. Section 2 examines the basic theoretical underpinnings, while the third section addresses the methodological aspects, followed by Section 4, with a comprehensive literature review; Section ۵ presents and discusses the results; and Section 6 sets out the main conclusions and some suggestions for future research.

۲٫ THEORETICAL FRAMEWORK

This section briefly examines some concepts of SCRM, the ISO 31000 standard, and introduces the Multiple Criteria Decision Analysis area, to facilitate understanding of the themes addressed in this study. 2.1. Risk Management Risk management has emerged as an important factor in management and control decisions (Ritchie and Brindley, ۲۰۰۷), widely applied in areas such as economics, insurance and manufacturing, among others. While the word risk applies to uncertain events, possible hazards or damages, or other undesirable consequences (Harland et al., 2003), which can be expressed by means of a probability, management denotes the organized actions or activities to control these occurrences. So, risk management can be understood as a structured process to minimize or mitigate the effects of risks (Wang and Hsu, 2009), or a proactive process of decision making that aims to minimize the consequences of negative future events, by identifying potential risks, analyzing them and planning the responses necessary for their monitoring and control (Zafiropoulos et al. 2005; Mabrouki et al., 2014)

Generally a risk management process involves four steps, in this order: 1) identification of the risks; 2) evaluation of the risks; 3) choice and implementation of actions to reduce the likelihood of risks and minimize the effects if they occur; and 4) monitoring of risks (Hallikas et al., 2004). There appears to be a consensus in the literature regarding this overall process (Tuncel and Alpan, 2010), although some researchers advocate fewer or more steps for its achievement. Tuncel and Alpan (2010) discuss the purpose of each of these four steps, as follows: • The first step is to identify risks, to help develop a common understanding of future uncertainties, recognized as future risks, to prepare to face them effectively. • The second step is risk assessment, which means attributing probabilities to events involving risk and identifying their consequences. • The third step is to define the risk management actions to be implemented. These actions can be, for example, reactive (when a pre-identified risk really occurs) or proactive (actions to mitigate risk by reducing the probability of occurrence or the degree of the consequences). • The fourth step is to monitor the risk, to detect the impacts of risks that occur and the effectiveness of the countermeasures taken. 2.2. Supply Chain Management According to Hahn and Kuhn (2012), the supply chain (SC) is formed by external suppliers, the internal processes to produce products or render services, and customers.

According to Rangel et al. (2015) and Ritchie and Brindley (2007), for adequate integration of the companies that make up the supply chain, there is a need to share processes, both of the organizations that supply all types of raw materials and other inputs and those that distribute the finished products, thus transcending the central firm. As customers become increasingly demanding regarding product quality and levels of service, and the global economy becomes more open, supply chains are becoming broader and more complex, including with respect to distinct business cultures involved (Juttner, 2005). This requires actions for supply chain management (SCM), which according to Kleindorfer and Saad (2005), has become a key part of the business model, where each “link” must be managed to strengthen the “connection” along the entire network. Lambert and Cooper (2000) define SCM as management of the multiple relationships that occur along the supply chain, to optimize these intra- and inter-organizational relationships as well as to assure the quality of the processes of all the members of the SC. For Rao and Goldsby (2009), SCM consists of strategic and systematic coordination of the traditional functions and transactions inside and outside a company, with the objective of improving the performance of the SC as a whole. Complementing this definition, Trkman and McCormack (2009) contend that SCM is a set of multifunctional and multidisciplinary activities that deal with not only the physical and tangible attributes and activities, but also the behaviors and intangible aspects. They further consider that SCM emanates from a relationship and proactive integration among the various members of the SC.

According to Ritchie and Brindley (۲۰۰۷), only rarely do companies operate with simple linear supply chains. The majority of firms operate through a huge set of channels, both upstream and downstream, involving suppliers of inputs, service providers and end consumers. As framed by Pfohl et al. (2010), the mere relationship among these “actors” causes risks to all those involved, so it is not sufficient only to analyze the vulnerabilities of the central firm (producer). Instead, attention must be paid to the potential “domino” effects that can spread to all the actors in the SC. To examine those effects, at the beginning of the 2000s the first studies appeared on supply chain risk (SCRM), as covered in the next topic. 2.3. Supply Chain Risk Management Supply chains involve a multitude of areas and participants, including various links, making them vulnerable to the influences of uncertain endogenous and exogenous factors of all those involved in the chain (Guo, 2011). In this environment, the probability of failures is high, requiring contingency plans to avoid ruptures in the chain that harm the business (Tumala and Schoenherr, 2011).

According to Ghadge et al. (۲۰۱۲), the risk of a SC can be broadly defined as the exposure to an event that causes disturbances, affecting the efficient management of the SC. These risks, as put by Manuj and Mentzer (2008), can be classified as quantitative or qualitative. Quantitative risks include understock, overstock, obsolescence and insufficient availability of components and materials in the SC. Qualitative risks include lack of the proper precision or reliability of components and materials in the chain. Further according to Manuj and Mentzer (2008), the sources of risk can be divided into supply risks, operating risks, demand risks, information security risks, macroeconomic risks, political risks, competitive risks and resource risks. The first four of these (supply, operations, demand and information security) are specifically associated with supply chains, since they can interrupt the operations of supply and/or distribution. Hunt et al. (2010) argue that the risks inherent to supply chains have an exogenous element for each participant, since each firm that composes a determined SC has its own objectives and motives, which can clash with those of the other firms in the chain. For this reason, their management is complex (Chopra and Sodhi, 2004), since this includes not only the central firm itself, but all the upstream and downstream partners in the chain. According to Guo (۲۰۱۱), SCRM boils down to how to control the factors that can have negative effects on the normal functioning of the SC, to improve its reliability. Besides this, SCRM has a strong influence on the stability of the dynamic cooperation among the chain’s partners, so it is important to the performance of all their operations (Xia and Chen, 2011).

Therefore, the objective of SCRM is to identify potential sources of risk and implement appropriate measures to avoid or restrict the vulnerability of the SC (Singhal, 2011). This means controlling the factors that can cause negative effects on the normal functioning of the SC, improving its reliability (Guo, 2011). Various authors (Harland et al., 2003; Hallikas et al., 2004; Zsidisin et al., 2005;Wu et al., 2006; Ritchie and Brindley, 2007; Wagner and Bode, 2008; Rao and Goldsby, 2009; Jia and Rutherford, 2010; Tummala and Schoenherr, 2011, Wieland and Wallenburg, 2012, among others) have proposed SCRM models for the purpose of managing risks in supply chains, by reducing the vulnerability and assuring continued functioning of the SC. For Jia and Rutherford (2010), for example, SCRM basically consists of: i) defining the concepts of risk and adverse consequences; ii) evaluating the sources of risk; iii) monitoring the risk factors; and iv) minimizing them. For Tummala and Schoenherr (2011), in similar form, SCRM also involves four steps: i) risk identification; ii) risk evaluation; iii) proposal of strategies to accept, transfer, reduce or mitigate risks; and iv) risk monitoring.

آکادمی آموزش BRS

تهران سعادت آباد خیابان سپیدار پلاک ۱۰

تلفن : ۰۲۱۲۶۷۶۱۲۸۱

www.BRSAcademy.com

www.BRSMENA.com

www.BRS.ir

#ایزو #استاندارد #مدیریت #ممیزی #مشاوره #سیستم_کیفیت #ایزو۹۰۰۱ #ایزو۲۲۰۰۰ #ایزو۴۵۰۰۱ #ایزو۱۴۰۰۱#استانداردغذایی #استانداردایمنی #استانداردبهداشت #استانداردآموزش #ایزوکیفیت #ایزو_مدیریت_کیفیت#ویرایش۲۰۰۱۵ #مرکزتاییدصلاحیت #ناسی #ترکاک #شرکتbrs #شرکتBRSM #ایزو۱۰۰۰۲ #ایزو۱۰۰۰۴#مشاوره_مدیریت #ممیزی_ایزو #اخذ_ایزو #گواهینامه_معتبر #سیستم_مدیریت_کیفیت

منبع : https://brs.ir