Assess the vulnerability of your production system

So far I have reviewed “international” literature and web sites, and it is only fitting that now it is time for the Norwegian “domestic” literature to be reviewed. Assess the vulnerability of your production system was written back in 1997, by Bjørn Egil Asbjørnslett and Marvin Rausand, both now high-profile academics within risk analysis in Norway.

A holistic concept

The paper defines the concept of vulnerability as it applies to production systems and is built around three concepts:

  • A taxonomy of vulnerability factors as a basis for or guideline in establishing scenarios
  • An input/output model to describe production systems
  • A two-step vulnerability analysis for productions systems

I found the paper interesting in many ways, and that is why I decided to take a closer look at it and see if it fits into the context of supply chain vulnerability.



The concept of vulnerability

In 1997 the concept of vulnerability was still relatively unexplored. Resilience and vulnerability are two terms that have grown in both the research literature and the popular literature in recent years, yet, surprisingly, already in 1997, the authors draw a clear line of distinction between the terms vulnerability, robustness and resilience.

A robust or resilient system is able to withstand or absorb disturbances without catastrophic failure and still persist.

Robust means being able to resist an accidental event and return to the same stable situation than before the event. Resilient means being able to return to a new (often “lower”) stable situation than  before the event.

The key message is that a robust system will retain its system structure intact, while a resilient system has to adapt to regain a new stable position. There is a distinct notion of severity in these definitions. In a business setting, the ability to survive (resilience) is much more important than the ability to quickly regain stability (robustness).

Disruption profile, from: Asbjørnslett (1997)

This figure, taken from the article is very similar to Sheffi’s disruption profile and the description of Resilient Organizations in New Zealand.

Vulnerability factors

The paper distinguishes between two sets of factors, external and internal factors. Within these factors there may be latent threats that can cause potential harm if the factors manifest an accidental event. The figure may not be directly transferable to the realm of supply chains, but one could propose that internal factors are “in-house” or directly controllable, whereas external factors are “out-house” or “outsourced” to use SCM lingo, and only indirectly controllable, if at all controllable.

Input/output model

The input/output model, see figure below, is transferable, if, the flow through the production system is  replaced with a supply chain going from supplier via focal firm to the customer.

Input-Output Model, from: Asbjørnslett (1997)

The external and internal factors can no be used as a checklist against the inputs (and outputs) and form the basis of a vulnerability analysis. Similarly, these factors can be used vis-a-vis a supply chain, to assess its vulnerability.

Vulnerability versus Risk Analysis

A vulnerability analysis is not the same as a risk analysis. A risk analysis is focused on the human, environmental and property impacts of an accidental event, while a vulnerability analysis is focused towards the survivability of the system.

Asbjørnslett (1997)

Risk analysis vs. vulnerability analysis, from: Asbjørnslett (1997)

A vulnerability analysis then, focuses on 1) an extended set of threats and consequences, 2) adequate resources to tackle the event and bring the system back to new stability, and 3) the length of disruption before the new stability is established. Clearly, Vulnerability analysis has a wider scope than risk analysis. In particular vulnerability analysis addresses how to mitigate the identified threats and restore and restart the system after an accidental event. This is akin to the distinction between mitigative and contingent actions in Tomlin (2002).

Vulnerability Analysis

Finally then the paper describes the stepped vulnerability analysis. First, a scenario assessment is developed, listing threats and likelihood of potential scenarios and whether or not there are contingent or mitigative measures already in place. Second, a quantitative analysis of the former is performed, ranking threats and scenarios by criticality in terms of human, environmental, business and property impacts. Third, the ranked threats are plotted in a vulnerability matrix similar to the one below.

Risk Matrix

Risk Matrix

The fourth step is to take the most critical events in the vulnerability matrix and list how these threats are to be dealt with, in order to reduce a) the likelihood of the event occurring and b) the consequences should the event occur.

Conclusion

The paper is short, but to the point. Albeit not directly supply chain related, the vulnerability analysis described in this paper can indeed serve as a framework for analysis of supply chain vulnerability, and as such is now in fact widely employed by supply chain risk management professionals. An updated version of this paper has also been published in the book Supply Chain Risk, edited by George Zsidisin and bob Ritchie.

Reference:

Asbjørnslett, B E and Rausand, M (1997) Assess the vulnerability of your production system. Report NTNU 97018. Norwegian University of Science and Technology NTNU, Department of Production and Quality Engineering, Trondheim Norway.

Image 1-3 (Fig. 1+4+5), copyright by Asbjørnslett and Rausand (1997)

Author links

Links

Related

Posted in REPORTS and WHITEPAPERS
Tags: , , , , , , , , , ,

ARTICLES and PAPERS
A grounded definition of supply risk
Risk has many facets and has been studied widely in many settings for many decades. But risk in a su[...]
Perspectives on risk management in supply chains
Today's article is actually not an article on it's own, but an editorial to a special 2009 issue of [...]
BOOKS and BOOK CHAPTERS
Understanding risks in Virtual Enterprise Networks
Today's unstable and highly competitive business environment has created a shift in how enterprises [...]
Supply Chain Risk - Jetzt auch auf Deutsch
Unbeknown to me - or perhaps I really should have known better - there appears to be a large body of[...]
REPORTS and WHITEPAPERS
Vulnerable or valuable supply chain?
More than a year old now, but still holding not so few words of wisdom is the Pricewaterhouse Cooper[...]
Will Climate Change have an impact on transportation?
Many studies have already examined the potential impacts of climate change on broad sectors of the e[...]