Supply Chain Risk. Business Continuity. Transport Vulnerability. Resilience. Articles and papers. Books and book chapters. Reports and whitepapers. And more.
Resilience Adviser or Scaremonger? What am I really? That is what started to ask myself after I came across an article written by Frank Furedi the other day. In the article, Furedi, a Professor of Sociology at the University of Kent, highlights the issue of vulnerability-driven policies and how possibilistic (worst likely) risk thinking has dethroned probabilistic (most likely) risk thinking. Why is it that we fear so much?
And the overemphasis on possible risks rather than probable risks is exactly what Furedi tackles head-on in this article Precautionary Culture and the Rise of Possibilistic Risk Assessment. Written in 2009, it is probably or possibly (pun intended) even more valid today than it was back then.
The shift from probabilistic to possibilistic risk management characterises contemporary cultural attitudes towards uncertainty. This shift in attitude is paralleled by the growing influence of the belief that future risks are not only unknown but are also unknowable.
Future risks – to many people – are not only uncertain, but also unknowable. So, while probable, but uncertain risks is something we can learn to live with, possible and unknown risks – and even worse: unknowable risks – are almost too much to bear.
The shift towards possibilistic thinking is driven by a powerful sense of cultural pessimism about knowing and an intense feeling of apprehension about the unknown. The cumulative outcome of this sensibility is the routinisation of the expectation of worst possible outcomes. The principal question posed by possibilistic thinking, ‘what can possibly go wrong’, continually invites the answer ‘everything’. The connection between possibilistic and worse-case thinking is self-consciously promoted by the advocates of this approach.
One of the defining features of our times is that anxiety about the unknown appears to have a greater significance than the fear of known threats. This constant feeling of anxiety is typical of today’s risk society, a society I wrote about risk society in a post 5 years ago: According to sociologist Anthony Giddens a risk society is increasingly preoccupied with the future (and also with safety), thus generating the notion of ubiquitous risk in whatever direction we look. The German sociologist Ulrich Beck defines it as a society that while hailing technology and innovation at the same time seeks to deal with the hazards and insecurities induced and introduced by technology and innovation itself. In other words, we’re more concerned with whatever possible bad that comes with the good than trying to assess how bad the bad really is, if at all.
Time and again the public is informed that the most dreadful dangers are not just ones that we cannot predict or anticipate but ones about which we cannot say anything because they are literally unknown. […] The traditional association of risk with probabilities is now contested by a growing body of opinion that believes that humanity lacks the knowledge to calculate them.
So instead of applying all our science and all our knowledge to close in on the most probable risks, the much easier solution is to home in on all possible risks, or better, on the most feared risks. It’s a vicious circle, because the less we know about a risk, the more we fear it, and the more we fear it, the more we want to deal with it, without investigating it, because it could happen any time, probable or not.
The future of the world appears to be a far darker and frightening one when perceived through the prism of possibilities rather than probabilities. Probabilities can be calculated and managed, and adverse outcomes can be minimised. In contrast, worse-case thinking sensitises the imagination to just that – worst cases.
Worse-case thinking, so Furedi, encourages society to adopt fear as of one of the dominant principles around which the public, its government, and institutions should organise their life. Insecurity is institutionalised and worst-case scenarios are thought of as so normal that people feel defenceless and vulnerable to a wide range of future threats.
Furedi describes this overemphasis on possible threats instead of probable threats as “the devaluation of knowledge and the enthronement of ignorance”. We are ignorant because we prefer not to know about (the probability of) the risks, they are simply there, that is enough for us. Worst case risks are what drives our policies, not the actual risk.
And I?
Furedi does have point. In my attempts to convince my own management that we need to have crisis management plans and conduct emergency drills I must admit that I often resort to worst case scenarios. That said, the realisation is dawning on me that crisis management plans and drills need to be based on (f)actual and probable threats, not on fear alone.
Reference
Furedi, F. (2009) Precautionary Culture and the Rise of Possibilistic Risk Assessment. Erasmus Law Review 2(2), 197-220. DOI: 10.553/ELR221026712009002002005
Is my idea of how to differ robustness from flexibility from agility from resilience – hallmark of my research ideas – in any way related to the ideas of Nassim Taleb, Crawford Stanley Holling and Gary Hamel? Well, Sinan Si Alhir certainly thinks so, on a blog post that he wrote back in 2013, when he explored Taleb’s concept of Fragility and Antifragility. Interesting…, so where do I fit in?
Surprise surprise
Having had an online published presence for almost 20 years now it should not come as a surprise to me that every now and then I stumble across myself in the unlikeliest of places for the unlikeliest of reasons. That said, by now, based from the bits and pieces I have seen here and there, I really should no longer be so surprised that my idea of how to differ robustness from flexibility from agility from resilience resonates with quite a number of people, including Si Alhir, in his blog post on Antifragile, Flexibility, Robust, Resilience, Agility, and Fragile.
The champion of Creative Destruction
Nassim Taleb is certainly no stranger on this blog. After all, in 2009 I did review The Six Mistakes Executives Make in Risk Management, an article he co-authored in the Harvard Business Review, and that was based on his book on Black Swans from 2007. And although I read the book, I never reviewed it, but I remember that liked his ideas. His latest book “Antifragile: Things That Gain from Disorder” makes creative destruction a major point.
The father of Resilience Theory
CS Holling does not have a blog post here; in hindsight I guess he should have, because he is often recognized as one of the if not THE founding father of resilience theory, and resilience has been one of the more frequent topics on husdal.com, even more so after I turned resilience practitioner after being a resilience researcher. That said, since Holling’s main domain lies within ecology I never thought of his resilience as something that I would be particularly interested in. That is why he is only mentioned as a side note in a blog post on transportation resilience.
The Iconoclast
Gary Hamel is another almost unknown on this blog. He shouldn’t be, because bGary Hamel is one of the world’s most influential and iconoclastic business thinkers. In my small world he is mentioned in a comment on my blog post about the HBR guide to Managing External Risk, and I also mentioned him in my review of Lisa Välikangas book on The Resilient Organization, as her co-author in the article on The Quest for Resilience.
The Fantastic Four
So, in his blog post on Antifragile, Flexibility, Robust, Resilience, Agility, and Fragile Si Alhir features me and my definitions alongside those of Taleb, Hamel and Holling, and I must say that I do feel somewhat like being part of the Fantastic Four (pun intended):
However, the most interesting part of Si Alhirs blog post is not the side by side comparison, but a figure that integrates these concepts into one, and that shows how Taleb’s Fragility and Antifragility is a continuum that encloses or surrounds the other concepts.
I like this figure. In a previous blog post I explored Terje Aven’s definitions of vulnerability and resilience, and the notion that you can be generally resilient, but not generally vulnerable, only specifically vulnerable to the specific impact of a specific event relating to a specific risk. That notion now makes much more sense to me when I see fragility below vulnerability. This makes it clear that fragile is a general trait, while vulnerable is a specific trait.
A new way forward?
Taleb’s idea of antifragility is very intruiging, especially if seen the way that Si Alhir manages to put it into one figure that makes it all easy to understand and apply. That reminds me of a paper I wrote 10 years ago, in the early stages of what unfortunately did not manifest into a PhD. Anyway, in that paper – being a qualitative not a qualitative researcher – I took a liking of Giordano Bruno, the 16th century Italian philosopher. Bruno advocated the use of conceptualising, that is to think in terms of images, and he said that to think was to speculate with images. For people to understand science, according to Bruno, it ought to be rich in images and concepts, but poor in formulas.
I think that is exactly what Taleb is trying to do, and I look forward to reading his book on Antifragility, and to see how his ideas fit my own ideas. Si Alhir seems to think they do. I consider that a compliment.
What are the Top of the Pops of Supply Chain Resilience papers? That could be the fitting title for A Citation Analysis of the Research on Supply Chain Resilience where Christian Wankmüller and Gottfried Seebacher analyse current and past literature and manage to find the 8 most cited and influential papers on supply chain resilience.
Below is a list of what they found to be the eight most cited papers in supply chain resilience research. Six of these have been reviewed on this blog, so I’ve done my homework well so to speak.
Unsurprisingly, it is Christopher and Peck (2004) that appears to be the most cited paper, 19 times since its publication. More surprising – to me – is Ponomarov and Holcomb (2009), a paper I haven’t heard about at all. Sheffi (2001) I have read, but never gotten around to review.
Critique
This is a good paper that is well-written and quantitative literature reviews like this one are always interesting. While the work and research leading up to papers like this one is perhaps boring and tedious and not building a new frontier or going where no man has gone before in this field of research, the result may be very rewarding to the reader like me who may find papers he has never heard of. And indeed, I did find new papers here that I must read.
However, if there is to be one bad apple that spoils the barrel it is the fact that not all literature from the above figure is mentioned in the references of this paper. Perhaps the authors thought that these were papers of less importance and not worth mentioning, I don’t know, but for the sake of accuracy I think they should have been mentioned. Fortunately I do know several of these “omitted” papers, but others I don’t, and finding them by the name of the author(s) and year of publication alone isn’t always easy.
Reference
Wankmüller, C. and Seebacher, G. (2015) A Citation Analysis of the Research on Supply Chain Resilience. Paper presented at the 22nd EurOMA Conference, June 26th – July 1st, 2015, Neuchatel, Switzerland
Capability is an important measure in addressing vulnerabilities and in assessing resilience. Is there a way to quantitatively describe what capability entails? That is what Hanna Lindom, Henrik Tehler, Kerstin Eriksson and Terje Aven try to do, in a paper called The capability concept – On how to define and describe capability in relation to risk, vulnerability and resilience. And as the name implies, it’s not just about capability.
Background checks are worth doing
I came across this paper while doing some “background checks” – as I like to call it – on the paper I reviewed the other day. By background check I mean reading the references and/or other papers that could shed some same or different light on the issues in the paper in review. And because in that paper capability was highlighted as an important issue in supply chain risk management I began investigating the concept of capability and found this paper here. A very interesting paper, and definitely an Aven-ish paper, even though he only appears as the fourth author.
Definitions of capability
The concept of capability is used frequently in scientific literature. However, despite the fact that researchers
and practitioners frequently use the concept of capability, they rarely seem to define it. So say the authors. Nonetheless, in their extensive literature review they manage to find no less than 13 different definitions or descriptions of capability:
Looking more closely at these definitions, the authors put forward five trends: that capability equates to resources, that resources are an important part of capability, that capability is related to ability, that capability is related to capacity, and that capability is something that affects a goal.
Capability explained
Building on Aven’s definitions of risk, vulnerability and resilience the authors describe capability in a very same manner, and this is where the paper really is the most Aven-ish:
Capability is the uncertainty about and severity of the consequences of the activity given the occurrence of an initiating event and the performed task.
Capability = (CT U | A T)
This is definitely not an easy definition to follow if you haven’t read Aven’s other definitions first, so let me recapitulate those.
Risk is the uncertainty about and severity of the consequences of an activity.
This relates risk to the familiar definition of risk as a combination of probability and impact, where probability is not seen seen as a deterministic value but as a value that is uncertain and must be taken into account as such.
Vulnerability is the uncertainty about and severity of the consequences of the activity given the occurrence of an initiating event A.
This links vulnerability to risk, saying that a given vulnerability depends on a given risk, but only manifests itself when triggered by an event, meaning that one cannot be generally vulnerable, but only vis-a-vis a certain risk and only triggered by a certain event related to that certain risk.
Resilience is the uncertainty about and severity of the consequences of the activity given the occurence of any type of A.
This links resilience to vulnerability, saying that resilience constitutes the sum of vulnerabilities (or perhaps non-vulnerabilities) in relation to whatever trigger. While one cannot be generally vulnerable, one can be generally resilient.
Going back to the definition of capability can thus be interpreted as the uncertain effect a certain task has that is performed in relation to a vulnerability. There is no general capability, only a certain capability in relation to a certain vulnerability, depending on how a certain task addresses this vulnerability.
Capability explored
Going back to the paper, the authors develop an excellent case example of how capability can be understood the way they have defined it.
In the case example they take the reader through a set of various scenarios where they develop a stepwise determination of capability given the success or failure of the previous step, thus demonstrating that capability is inextricably linked to a task with an uncertain outcome (success or failure).
Conclusion
I started out by saying that this is a very Aven-ish paper, and it is. What is so Aven-ish are the abstract definitions that twist your mind and must be thought through and dissected word by word, and put back together again. I must admit that I in the beginning of my blogging career and academic endeavours stayed away from Aven’s papers because they were hard to grasp and intellectually challenging for a qualitative researcher like me. That said, maybe I have matured or maybe Aven has become more pragmatic over the years (albeit I doubt he has), because his papers have gotten easier to read and understand since I first started to read them. As to the topic of capability I now know a lot more about it.
Reference
Lindbom, H., Tehler, H. , Eriksson, K. , Aven, T. (2015) The capability concept – On how to define and describe capability in relation to risk, vulnerability and resilience. Reliability Engineering & System Safety (135), 45-54. DOI: 10.1016/j.ress.2014.11.007
Does supply chain risk management SCRM need another model? Perhaps. That’s what a group of academics from Tunisia and France thought when they presented their conference paper this autumn. In it they suggest a new integrated conceptual model called “SCRIM”that incorporates the characteristics of the supply chain in the risk management process, thus allowing for a better understanding of the dynamics of different risk management strategies.
A tip-off
A couple of weeks I was given a heads-up by one of the authors that they had written a paper called Towards an Integrated Model of Supply Chain Risks: an Alignment between Supply Chain Characteristics and Risk Dimensions and would like my opinion on it. Written by Arij Lahmar, Francois Galasso, Habib Chabchoub and Jacques Lamothe, the paper turned out to be more interesting than I first thought, and the more I read it the more I liked it.
Virtual Enterprises revisited
What also intruiged me into taking a closer look at the paper was not so much the title, but the place where it was presented, namely the IFIP WG 5.5 Working Conference on Virtual Enterprises. Observant readers of this blog may remember that I 5 years ago wrote a book chapter titled A Conceptual Framework for Risk and Vulnerability in Virtual Enterprise Networks, where I extended Supply Chain Risk Management into the realm of Virtual Enterprise Networks. I’ve seen that chapter mentioned as a reference in some of the papers presented at IFIP conferences earlier, and I first thought this would be such an example, too. It was not; it was something quite different.
SCRM versus SCRIM
As the title implies, at the heart of the SCRIM model is the alignment of risk dimension with suply chain characteristics. Here risk specifics and supply chain specifics are used to develop key risk indicators that lead to the design of a response that is specific to the supply chain and the risk in question. The possible response is then checked against capabilities to decide the best risk mitigation strategies and actions, in a sort of Plan-Do-Check-Act manner:
From my point of view this conceptual model appears sound. The left side is the traditional SCRM and ISO 31000 process, the right side is the new concept. The figure could have been a bit more descriptive, though, because the steps on the right side did not become fully clear to me until I saw the other figure in the paper. That figure is a class model detailing the parameters identified through the literature:
However, agin, this figure too has a few shortcomings. While the model claims to be taken from an extensive literature review – and judging from the extensive reference list it indeed is – the paper does not explicitly state which references that have contributed to which part of the figure.
For one instance, as risk strategies they suggest the classic four: Reduce, Retain, Avoid and Transfer, but where does this idea come from? For another instance, capability is seen as important part of the risk treatment process, and I agree, but the concept of capability is poorly described in the paper.
Conclusion
Essentially this is a good paper that needs some revision of references and citations and consistent use of the terms involved. It also needs fuller definitions of the concepts that are introduced.
That said, this paper does develop a new conceptual model that brings SC in more direct contact with RM, and SCRIM is indeed a fitting name for the model. The model and parameter description is perhaps still not complete in all parts, but with some more refinement this could definitely bring SCRM a huge step forward.
Reference
Lahmar, A., Galasso, F., Chabchoub, H., Lamothe, J. (2015) Towards an Integrated Model of Supply Chain Risks: an Alignment between Supply Chain Characteristics and Risk Dimensions. In: L. Camarinha-Matos, F. Bénaben, W. Picard (Eds.) Risks and Resilience of Collaborative Networks, Proceedings of the 16th IFIP WG 5.5 Working Conference on Virtual Enterprises, PRO-VE 2015, Albi, France, October 5-7, 2015 DOI: 10.1007/978-3-319-24141-8_1
Antagonistic threats against supply chains are a special and limited array of risks and uncertainties that are demarcated by three key words: deliberate (caused), illegal (by law) and hostile (negative impact). In this paper, following up on Daniel Ekwall’s PhD thesis, Dafang Zhang, Payam Dadkhah and Daniel Ekwall suggest a suitable model of how to handle the risks and achieve security in a systematic and scientific way, where robustness and resilience play a major role.
Revisiting an old friend
I came across Daniel Ekwall some seven years ago when I found his PhD thesis that combined theories from criminology with theories from logistics and supply chain management to examine cross-over points or antagonistic gateways between legal and illegal logistics. In his thesis, Ekwall contended that there are basically two types of threats to logistics, theft/sabotage and smuggling. The theft/sabotage problem is directly aimed towards the logistics activities, while smuggling abuses the logistics system for illegal purposes. This paper takes this issue a small step further.
Finding myself
I guess I should have paid closer attention to Ekwall’s research and writings, because then I would have discovered this paper earlier and then I would have seen that which I now – if I may be a little presumptious here – can call my legacy within supply chain risk research, namely my illustration on the differences of robustness and resilience:
Back to the article in review, what the authors attempt to do – and succeed at, I must say – is to take current concepts and models of supply chain risk management, and adding supply chain security, not as a separate concept, but as a part of overall supply chain (risk) mangement. While most of the reviewed literature and quoted figures they highlight was quite familiar to, one figure taken from one book was new to me. This clear separation of suply chain risk and supply chain vulnerability and how they link up with risk management and decision-making is much in line with my own way of thinking:
On second thought, dwelling on why tis figure hasn’t caught my attention before, I suddenly realised that I had indeed reviewed the book it was taken from: Supply Chain Risk Management – Vulerability and Resilience in Logistics by Donald Waters. Admittedly, the reviw was done in 2008. Looking back at the review I did almost 8 years ago, I must have thought the book to be of too little academic value to me at that time.
Safety Net
Anyway, I’m sorry for digressing again, what the authors are investigating are what specific supply chain assets that are susceptible to antagonistic threats, and how supply chain security measures can apply robustness and resilience. They illustrate this with a focal model of Robustness and Resilience:
This model shows the relationship between strategies for robustness and strategies for resilience, as seen from a company perspective and from a security provider perspective.
In the company and transportation network perspective, every components of the supply chain should become robust and resilience. The robust strategy is to handle small risks ahead of the event, and manage regular fluctuations like some low impact with high likelihood accidents. Resilience strategy can help the companies adapt, improvise and overcome those disturbance and disruptions greater than the robust can handle. It helps the companies to survive after suffering from big risks and changes.
The right side of the model is further developed into what the authors call a “safety net” of services: site security, transportation security, emergency services, consultation services, and collaboration:
Site security is about protecting every node in the transferral of goods in the transportation network, e.g. warehouses, terminals, factories, and ports. Transportation security is about protecting the transportation as such, e.g. the vehicles en-roue and during parking, as well as the drivers. Emergency services provide a quick response in addition to security operations. Security providers can also act as professional consultants, and lastly, security providers are also likely to collaborate with other organisations to improve their own (and the others’) service level and the overall capability to thwart any security threats.
Conclusion and critique
Akward English sentences and lack of flow aside (see citation above), this article does have some good points. Supply chain security appears to be overlooked in supply chain risk management. However, supply chain security can add to the robustness and resileince of the overall supply chain, providing a “safety net” of services that protects, secures and enhances the overall supply chain operation.
The company versus security provider model brings together both sides of the perspective in a way that does create a consistent groundwork for building robustness and resilience. The safety net model extends beyond the supply chain and identifies the assets that need to be protected and how they can be protected.
However, after finishing reading my first thought was that there should have been a conclusion after the authors’ chosen conclusion, because the article seems to stop abruptly, leaving loose ends that could have been wrapped up a bit more, at least from an academic perspective.
That said, for a logistics and transportation manager this paper is well worth reading.
Reference
Zhang, D., Dadkhah, P. Ekwall, D. (2011) How robustness and resilience support security business against antagonistic threats in transport network. Journal of Transportation Security 3 (4) 201-219 DOI: 10.1007/s12198-011-0067-2
For much of the last three years my blog was dormant. Out of sight, out of mind. My mind, perhaps, but not the mind or rather minds of the people at Incapsula, which has protected it from malicious attacks while I have been to busy to check on how my blog was doing. I hardly ever logged in to my WordPress dashboard to update my plugins. I even hardly ever logged in to my Incapsula dashboard to read the list of latest atttacks. Why? Because I knew that is was perfectly safe, that’s how much I trust Incapsula.
Incapsula – four years on
When I signed up with Incapsula in 2011 it was in fact not so much for security reasons. Most of all, it was for speed and delivery, using Incapsula as a CDN, Content Delivery Network. The added security came as an extra bonus. It started in early 2011, first using Amazon’s Cloudfront, then switching to CloudFlare, before finally settling for and staying with Incapsula. You can read about my experiences here:
Now, four years on, it’s time for a revision of my posts. However, both Incapsula and CloudFlare have moved on since I first wrote about them, and this time around, this will not be a full comparison post, perhaps more like an appraisal post…of Incapsula, mostly.
Incapsula for security, CloudFlare for speed
Reading up on the latest Incapsula versus CloudFlare posts and news, for instance Zero Science Lab’s in-depth firewall testing from 2013 or Anand Srinivasan’s closer look at differences in CDN in 2014, as well as Tracy Vides’ 2015 article on who might be leading the way confirms the impression I had of the two competitors back in 2011: It’s all about security (Incapsula) versus speed (CloudFlare). It’s clear that both companies pursue different strategies and different market segments. For an in-depth look at both CloudFlare and Incapsula, their strengths and weaknesses and differences, the aforementioned reviews are a good starting point.
Incapsula and I
I said that I wasn’t going to compare the two and I won’t. Especially since the plans they offer are very different, even in the free version. Cloudflare offers this and Incapsula offers that. For a full comparison the abovementioned blogposts are a much better option.Therefore, let me just focus on how I use the Incapsula Pro plan on my WordPress website here.
WP caching and minifying…no need?
Although I chose Incapulsa for security and not for speed I must say that I am very impressed with the caching and optimizing features. In fact, so impressed that I now can do without WP plugins for caching and minifying, without impairing my site’s performance at all. And less plugins mean less vulnerability. After one month without WP caching and minifying, and only using Incapsula’s features, there does not seem to be a difference in performance.
Looking at Incapsula’s own performance stats, there seems to be no significant increase in response time after turning off WP optimisation and leaving it all to Incapsula:
I’ve checked also my site using testing services like Pingdom, GTmetrix, Monitis, WebPageTest, and alikes, but I realise that the results are just too erratic, for many reasons. The test service’s results and thus visitor experience depends on too many variables: the visitor’s location in relation to Incapsula’s data centers, the visitor’s internet connection, the visitor’s computer or mobile hardware, the visitor’s browser and so on, to name just a few.
Looking at Google Analytics’ stats, since I run Google Analytics on my website, doesn’t help much, because the site speed sample size is only 1% of the total number of visitors.
Which leaves me with one thing: My own experience of how my website performs when looking at it from different locations using different platforms. Home, office, friends, this computer, that mobile, it didn’t matter, I simply could not see any significant deterioration in performance after settling for Incapsula as my sole provider of optimization tools. So out go Zen cache and WP Minify.
Many of the Incapsula caching and optimization features are included even in the Free plan, it is mainly the dynamic content caching and dynamic content compression along with image compression and other advanced techniques that is added to the Pro plan. For most non-commercial website owners, the Free plan will suffice in terms of optimization options.
How-to guides
What I like about Incapsula are the support and product information pages. Here it is clearly explained (even to a computer illiterate like me) what turning on and off this and that security and performance option actually does, see for example Content Caching, and Optimization Features. Since all settings are explained using screenshots of the dashboard it is easy and straightforward to relate this to my own website settings.
Incapsula Tutorial
If you need a tutorial that goes beyond what is offered at incapsula.com, Jeff Reifman has written an excellent piece just a month ago, explaining everything much better than I would be able to do. Enjoy! How to secure your website using Imperva Incapsula.
Security
Security is the part that really sets Incapsula apart from the rest, and which is why I chose the service in the first place. Obviously, a paid plan offers considerable more security than a free plan. However, one feature that does come with the free plan (and – correct me if I’m wrong – which CloudFlare does not have, not even in their paid plans) is Two Factor Authentication login for my website, ensuring that I and only I am able to log in for administering my blog and publishing any posts (or I can set a a given number of designated and verified admins). Considering how often I do log in this is probably going to be more of a hassle than a security feature, but good security is meant to be a hassle, isn’t it? Otherwise it wouldn’t be any security, or?
The other feature I cannot do without is the Web Application Firewall. Five years ago it used to come with the free plan, now it’s only in the paid plans. Do I really need it? Well, my site my not be the likeliest of potential targets for attack, but you never know, and judging from my thwarted attack stats the firewall has done its job well. During the last 90 days I’ve stood against 4 SQL Injection attempts, 8 Cross Site Scripting attempts and 108 Illegal Resource Requests. Perhaps not worth worrying too much, then again, there’s no telling what could have happened to my website in the three years I did nothing to it, had I not been protected by Incapsula.
Conclusion
After more than 4 years with Incapsula I have no reason to question the security layer surrounding my website. It works, it’s easy to use, and it can be set to do exactly what you want, provided you know what you want. That said, even to lesser sophisticated website owners like I am Incapsula is definitely worth the price.
Transport network resilience has 10 properties. So says PamelaMurray-Tuite in her 2006 article A Comparison of Transportation Network Resilience Under Simulated System Optimum and User Equilibrium Conditions. I had completely forgotten about these 10 properties, until I came across them again in an 2013 article on Safeguarding critical transportation infrastructure by Joseph S.Szyliowicz. However, there’s more to the story than just this…
Too many posts to remember
The reason for looking deeper into Szyliowicz’ paper in the first place was that I had searched academic literature databases for references of my papers to see whether any of the papers I had written was making an impact. In Szyliowicz’ paper I found that he had cited a blog post I wrote in 2011, about The UK Transport Network Resilience…and I. Looking it it up, I discovered that I had mentioned Murray-Tuite’s ten properties in my own blog post 4 years ago. So why did I forget about them? Too many posts to remember, perhaps. Besides I never mentioned Murray-Tuite as a reference in the post or as a worthy paper in my literature review list, otherwise I might have remembered her, I guess. I only copied Murray-Tuite’s definitions from the report I was reviewing in that blog post.
Not her own
Anyway, upon re-reading the article by Murray-Tuite I realised the ten properties were not all her creation, but taken from other authors. Six out of ten came from a 2003 paper on Urban Hazard Mitigation: Creating Resilient Cities by David Godschalk. Ouestions of originality aside, she does deserve credit for taking the concept of resilience from the realm of urban planning and adopting it to the realm of transport planning. Moving ideas from one realm to another is not always straightforward. Murray-Tuite also deserves solid credit for describing and quantifying four of these properties with regard to transport networks.
Ten properties of resilience
According to Murray-Tuite, the ten properties of resilience in transport network are redundancy, diversity, efficiency, autonomous components, strength, adaptability, collaboration, mobility, safety, and the ability to recover quickly.
Redundancy – the transport system contains a number of functionally similar components which can serve the same purpose and hence the system does not fail when one component fails (for example, a number of similar routes are available with spare capacity). Diversity – the transport system contains a number of functionally different components in order to protect the system against various threats (for example, alternative modes of transport are available). Environmental Efficiency – a transport system which is environmentally efficient will be more sustainable, and capacity is less likely to be constrained due to environmental reasons. Autonomy – the components of the transport system are able to operate independently so that the failure of one component does not cause others to fail (for example, can the transport system operate safely in the event of a power cut?). Strength – the transport systems ability to withstand an incident (for example, how extreme a flood event can the system cope with?). Adaptability – or flexibility, can the transport system adapt to change and does it have the capacity to learn from experience (for example, an area-wide traffic management system can adapt to differing traffic conditions). Collaboration – information and resources are shared among components and/or stakeholders (for example, contingency plans in the event of an emergency and the ability to communicate with system users). Mobility – travellers are able to reach their chosen destinations at an acceptable level of service. Safety – the transport system does not harm its users or expose them, unduly, to hazards. Recovery – the transport system has the ability to recover quickly to an acceptable level of service with minimal outside assistance after an incident occurs.
In the opriginal paper, if it can be put that way, Godschalk actually lists seven properties of resilience. The seventh, interdependence, was apparently not found applicable by Murray-Tuite. I wonder why, because Godschalk defines this property as such
Interdependent: with system components connected so that they support each other
In my opinion a resilient transport network should definitely be interdependent in the way that Godschalk describes it.
On another sidenote, Godschalk also refers to the Victoria Policy Institute website as one of his references. However, given the year Godschalk wrote his paper, that website and their TDM Encyclopedia was probably still in its infancy.
The resilient city
One paragraph that really struck a cord with me is where Godschalk describes his view of the ideal resilient city:
Resilient cities are constructed to be strong and flexible, rather than brittle and fragile. Their lifeline systems of roads, utilities, and other support facilities are designed to continue functioning in the face of rising water, high winds, shaking ground, and terrorist attacks. Their new development is guided away from known high hazard areas, and their vulnerable existing development is relocated to safe areas. Their buildings are constructed or retrofitted to meet code standards based on hazard threats. Their natural environmental protective systems are conserved to maintain valuable hazard mitigation functions. Finally, their governmental, non-governmental, and private sector organizations possess accurate information about hazard vulnerability and disaster resources, are linked with effective communication networks, and are experienced in working together.
In some way that is exactly what I am trying to do in my day job as a Resilience Adviser, with the lifeline system of roads being the starting point.
Resilience and redundancy
Going back to Szyliowicz, his paper focuses on the various facets of resilience, although most of the paper is spent on what the US has done or not done or perhaps should have done since 9/11 to increase resilience in the transport infrastructure. That said, I do sense that he is ever so slightly inclined towards redundancy as a key ingredient in resilience. Moreover, he credits me with quoting transit planning consultant Bob Bourne for saying that
‘‘Redundancy is not favored by policy makers and can add to costs. However, a system with excess capacity will perform well in times of crisis and will provide additional service during normal times.’’(cited in Husdal, 2011).
On a final note, Godschalk in his paper references Harold D. Foster and his book The Ozymandias Principles: Thirty-one Strategies for Surviving Change. That book features no less than 31 dimensions of resilience, divided by social, physical, environmental, operational, economic, systems and time dimension. It’s not an easy book to get one’s head around, but one day I will present the book on this blog
Reference
Murray-Tuite, P. (2006) A Comparison of Transportation Network Resilience Under Simulated System Optimum and User Equilibrium Conditions. Proceedings of the 38th Conference on Winter Simulation, Monterey, CA, USA — December 03 – 06, 2006 DOI: 10.1109/WSC.2006.323240
Szyliowicz, J. (2013) Safeguarding critical transportation infrastructure: The US case. Transport Policy, Volume 28, Pages 1-122 (July 2013) DOI: 10.1016/j.tranpol.2012.09.008
What is the potential future for supply chain risk management? That is what Abhijeet Ghadge, Samir Dani, and Roy Kalawsky try to answer in their 2012 paper on Supply chain risk management: present and future scope. This paper, so they write, examines supply chain risk management (SCRM) from a holistic systems thinking perspective by considering the different typologies that have evolved as a result of earlier research. Based on this they outline future requirements and research opportunities in SCRM.
Systematic Literature Review – SLR
What fascinates me with this paper is the systematic literature review (SLR) methodology the authors employed to evaluate and categorise a literature survey of quality articles published over a period of ten years (2000-2010). This is very similar to a literature review on organisational resilience that I wrote about a few weeks ago. However, what really strikes me is how this paper visualises the results, clearly identifying which research strands – or rather: clusters – that exist:
Based on the clusters, the following typologies were identified for further data screening of papers on supply chain risk management.
Based on type of risk: organizational risk, network risk and other risks comprising of environmental (man-made and natural disasters), political/social and exchange rate risks.
Based on management level: mitigation strategies are operational, tactical or strategic.
Based on research methodology: qualitative and quantitative research methodologies.
Based on risk management process: risk identification, assessment and mitigation and/or control.
Based on approach to SCRM: the risk mitigation approach could be either proactive or reactive.
In the end seven distinct research areas were found as possible starting grounds for future research:
Behavioural perceptions in risk management
Research on developing practices for unbiased or rational decision making is unexplored area in SCRM approach demands research.
Sustainability factors
It is inferred from this research that sustainability factors (economic, environmental and social) will have a larger influence on how SC are designed in the future.
Risk mitigation through collaboration contracts
It was evident during the analysis that, supplier default risk, quality risk and management risk within SC network are underexplored.
Visibility and traceability
Risk mitigation (proactive management or reactive risk response) can be greatly improved if information is readily available, is timely and accurate.
Risk propagation and recovery planning
Understanding the risk potential beyond the dyad through the chain and then the network provides an insight into how risk can propagate.
Industry impact
Although, this study is related to academic work on SCRM, it is vital to put it in the context of the impact that the work creates within industry.
Holistic approach to SCRM
Holistic SCRM is found to be lacking in current literature and systems approach has the potential to guide in that direction.
Conclusion
This is a paper well-worth considering if plan on doing any research within supply chain risk management.The seven distinctive research factors along with the key references within those will provide researchers with ample options for hypotheses for future work. I for one am likely to link up with the sustainability factor, something I haven’t blogged about for a long time, not since Carter and Easton (2011) Sustainable supply chain management: evolution and future directions.
Reference
Ghadge, A., Dani, S., and Kalawsky, R. (2012) Supply chain risk management: present and future scope. The International Journal of Logistics Management, 3 (23) , pp.313 – 339 DOI: 10.1108/09574091211289200
What is supply chain risk really? That is what Iris Heckmann, Tina Comes and Stefan Nickel try to answer in their article titled A critical review on supply chain risk – Definition, measure and modeling, published in 2015. In this paper, existing approaches for quantitative supply chain risk management are reviewed by setting the focus on the definition of supply chain risk and related concepts. What they found may actually surprise you. Or not.
Supply Chain Risk is still undefined
Supply chain risk is still a very new field of research in a historical perspective, still lacking some common ground and still taking off in different directions, still not having a universal and agreed-upon definition of supply chain risk. From that point of view the authors boldly state that “This review overcomes a hole in the literature which regards the lack of a clear definition of risk within the context of supply chain risk management.” Having dealt with supply chain risk one way or the other for a decade now I first thought they might have bitten off more than they can possibly chew, but as I read on I realised that they are on the way to something, definitely yes.
Deja-vu
In parts this paper reads like a cross-section of this blog, citing articles and reports I am quite sure they must have found here. That said, they also have a vast number of references that are completely unknown to me. What I can see though is that the authors have done an extremely thorough job in collecting and reviewing not only the core literature on supply-chain risk, but they have also managed to link and connect more peripheral literature that deals more indirectly with supply chain risk. What I think this papers shows is how the combined strength (i.e. research interests) of three authors can work together in creating the fullest possible overview of supply chain risk literature.
Risk – a historical recap
Something I really enjoyed reading was the historical recap of how risk was used and understood from the very beginning, starting with the old Greek rhisikon, describing the need to avoid difficulties at sea. Already then, more than two thousand years ago, risk had some connection to (sea-faring) commercial activities. In the 14th century Northern Italian traders adopted the term for describing the danger of losing their ships, and here
risk expresses the fear that economic activities lead to the loss or devaluation of an important asset or a decrease in the performance of the business.
Risk in today’s supply chains is perhaps not very far from this century-old definition of risk? That may be, but, along with the advancement of mathematical theories in the 17th century, risk became increasingly connected to probability theory and the probability of events and outcomes. That is how we most often understand risk today, in mathematical numbers. However, supply chain risk literature seems to be very little concerned with probability theory. Perhaps that is why what the authors lament most of all is “a lack of a clear and adequate quantitative measure for supply chain risk that respects the characteristics of modern supply chains”. My counter-question is, why do we need that? The answer is in my last paragraph below.
Supply Chain Risk – analysed, analysed and analysed
The authors do an excellent job in research, classifying and sorting the past and present supply chain risk literature, really giving new insights into where some of literature fits in. Going into details here would take it to far. All I can say is that the literature is reviewed and scrutinised from every possible angle I can think of, and more. I must say that I now have a much fuller understanding and wider perspective of all facets of supply chain risk.
Supply Chain Risk
Towards the end the authors come of with this definition of supply chain risk:
Supply chain risk is the potential loss for a supply chain in terms of its target values of efficiency and effectiveness evoked by uncertain developments of supply chain characteristics whose changes were caused by the occurrence of triggering-events.
Is this a good definition of supply chain risk? It seems to comprise everything, but at the same time it appears a bit abstract and perhaps even a bit akward, i.e. academically correct, but difficult to understand in practice. That said, it’s not any worse than ISO 31000 that defines risk as “the effect of uncertainty on objectives”, which is even more abstract.
Conclusion
What this paper does show, and I must commend the authors on their efforts, is that the supply chain risk literature has a great number of vastly different definitions and modelling approaches, and reviewing all of them must have been a daunting task. Given this diversity it is no wonder then that supply chain risk still lacks a common ground for research. Perhaps then we should just let supply chain risk be what is, complex, and not fit for quantifying?
Giordano Bruno Revisited
I’m reminded of what I wrote 10 years ago, in a discourse on reliability and vulnerability in transport networks, where I discussed my proposed PhD topic and my intention to quantify reliability and vulnerability so that it could be used in a cost-benefit decision. In the end I found out that quantitative research was not my cup of tea and I decided to go with Giordano Bruno instead.
Giordano Bruno (1548-1600) was a philosopher who took the current ideas of his time and extrapolated them to new and original vistas. Bruno advocated the use of conceptualising, that is to think in terms of images. He said that to think was to speculate with images. Complex scientific correlations are often better explained in pictures than in mathematical formulae. Rather than spinning his ideas from the yarn of algebra, the cobweb of modern science, Bruno moulded pictures and manipulated visual images to interpret complex ideas.
The reason for researching supply chain risk is to make better supply chain management decisions. With Bruno in mind, decisions should not be determined by numbers alone; decisions should be fully envisioned and comprehended by the decision makers. This is only possible by speculating with images what the outcome of the decision will be. Following Bruno’s lead, leaving the mathematical world of risk and probability behind, perhaps supply chain risk research should stay as it is, diverse and rich in images and concepts, but poor in formulae. From my point of view I hope it does so,
Reference
Heckmann, I., Comes, T., Nickel, S. (2015) A critical review on supply chain risk – Definition, measure and modeling. Omega (52), 119-132 DOI: 10.1016/j.omega.2014.10.004
Is what I am doing worthwhile? Is anybody reading and using what I write? Am I contributing to a broader and/or better understanding of supply chain risk and (transport) vulnerability? After more than a decade of blogging and researching I think those are legitimate questions to ask. More than anything, am I making an impact…at all? For many of us researchers that is an important question, because, after all, we do hope that someone picks up our ideas.
Robustness and Flexibility 2004
One concept that I have found cited more recently is what started out 11 years ago in 2004 as a university course paper on flexibility and robustness as options to reduce risk and uncertainty. In hindsight, it is not a paper I am particularly proud of, but it was the starting point for an illustration that later became the core idea of much of my work.
Flexibility and Robustness
Admittedly, not the best illustration, but the idea was to show that robustness means enduring and withstanding changes in the environment without severe impact, while flexibility means reacting to and adapting to the same changes, while not deviating from the target.
The idea here was to show that robust means staying on course, despite being buffeted from both/many/all sides. Yes, there are impacts, but they do not severely hamper reaching the target. In this picture flexible means reacting to environmental circumstances and changing course or even the target without reducing performance. Resilient is coming back to where we were after suffering a blow or setback.
Here I differentiated between flexibility and agility by saying that flexibility meant reacting to environmental changes in an expected and preplanned manner, while agility implied reacting in an unexpected and unplanned (creative) manner.
Robustness, Flexibility, Agility and Resilience 2010
While I not stated it explicitly, the definitions read like this
Robustness is the ability to endure foreseen and unforeseen changes in the environment without adapting.
Flexibility is the ability to react to foreseen and unforeseen changes in the environment in a pre-planned manner.
Agility is the ability to react to unforeseen changes in the environment in an unforeseen and unplanned manner.
Resilience is the ability the ability to survive foreseen and unforeseen changes in the environment that have a severe and enduring impact.
All four are linked, all four are important in risk management, but they all put different weight on what should be the focal point.
Dissemination
No longer a part of academia, I have little means of disseminating my ideas, but I am glad to see that my rather lengthy discourse on the difference between this terms in the book chapter has struck a cord with a number of recent publications on supply chain risk and resilience:
You Can’t Understand China’s Slowdown Without Understanding Supply Chains. That’s the title of a recent article written by David Simchi-Levi, the author of Operations Rules that I reviewed on this blog some time ago. Simchi-Levi believes that the slowdown is due, in part, to an acceleration of “near-shoring,” the practice of producing closer to the customer, and not as many economists would say, due to a looming economic crisis in China. That is an interesting point of view.
Bringing supply chains home
Is everything still “Made in China”? According to Simchi-Levi, the answer is No. An increasing number of companies are sourcing and producing nearer and nearer to their markets, in an effort to better manage their supply chain risks:
Global companies have realized in the last few years that strategies such as outsourcing and off-shoring have significantly increased risk because their supply chain is geographically more diverse and, as a result, exposed to all sorts of potential problems. A recent example is the explosion at a warehouse in Tianjin that ships hazardous materials, which was most likely caused by a company culture that flouted regulations. This drives companies to reevaluate their supplier and manufacturing base in order to increase flexibility and reduce risk.
The current turmoil in China will most likely accelerate the trend to near-shoring, but the impact will vary by specific industry and company.
For high tech industries (e.g., the manufacture of laptop computers and mobile phones) recreating the infrastructure in China somewhere else would be expensive and difficult to do. In contrast, it will be easier for footwear and apparel companies to move to lower-cost locations. Manufacturers of heavy products such as appliances or cars that are heavily influenced by shipment costs may find it pays to move production closer to market demand.
The bottom line: Companies need to evaluate on an ongoing basis whether the trade-offs for their particular industry have shifted enough to justify a change in their sourcing strategies.
This reminds me of a post I made in 2010, Outsourcing – Risking it all? reflecting on an article and a presentation made by Jack Barry ten years ago, where he raises some fundamental concerns about the then current trend towards global outsourcing and its consequences. Yes, it may be cutting the costs, but it is not cutting the risks.
In Global Risk: Outsourcing Services, A New Aesop’s Fable of the Ant and the Termite, a presentation he made to the Institute for Supply Management, ISM, he reviewed his article and his thoughts behind it. If I summarise some of his slides, he said
The benefits of globalisation:
India develops my software
Ireland manages my customer service
Taiwan does my testing
Mexico performs piece labor
Germany balances my finances
Israel does my clinical research
… my supply sources are global.
>>> I have the lowest overall cost of services
The risks of globalization:
India owns my IT process and innovation
Ireland is between me and my customers
Taiwan controls my quality control
Mexico dominates my capacity curve
Germany leverages my finances
Israel has first views of my innovation
… my supply sources may be beyond my laws and conventions.
>>> I have the highest level of risk to continued operations
I guess what Barry said back then isn’t any less valid today, and you can find the full presentation for download below.
My own conclusion is that in the same way that cost-cutting is what lead companies to pursue outsourcing and offshoring in the past, risk-cutting is what now may now lead companies into sourcing and producing their goods nearer to their markets, because in sum it is less risky AND less costly. As long as labour cost and production costs were low, along with minimal logistics cost per unit, due to the sheer volume of goods that were shipped around the globe, offshoring and outsourcing made sense, but it also made supply chain risk less controllable. That realisation is perhaps finally sinking in.
Reference
Simchi-Levi, D. (2015) You Can’t Understand China’s Slowdown Without Understanding Supply Chains. Harvard Business Review. Retrieved 2015-10-02 from https://hbr.org/2015/09/you-cant-understand-chinas-slowdown-without-understanding-supply-chains
Barry, J. (2004). Supply chain risk in an uncertain global supply chain environment International Journal of Physical Distribution & Logistics Management, 34 (9), 695-697 DOI:10.1108/09600030410567469
ISCRIM – 4 years ago it was a very big part of this blog. Unfortunately, after leaving the academic world of supply chain risk for a practitioner job in transport vulnerability, I lost touch with perhaps the main contributing source for not few of blog posts. However, attending a university course in road safety management recently rekindled my academic vibes, and even revived my interest in my husdal.com blog which had been withering along for the last three years or so. And now I have returned back to the fold, so to speak.
ISCRIM
My involvment in ISCRIM started in 2010 and the International Supply Chain Risk Management Network (ISCRIM) is a network of researchers and practitioners engaged in analyzing, developing and disseminating evidence and good practices associated with managing supply chains and their associated risks. Founded in 2001 by a handful of active researchers in this at that time still fledging field of research, it has now grown into a network of 35 researchers and practitioners in Europe and the US, and I am glad to once again being a direct part of it.
Dissemination
ISCRIM holds an annual research seminar and issues a newsletter to be found on their website once or twice every year highlighting the latest research in supply chain risk:
Journal articles, research papers, conference presentations, PhD theses, books and book chapters
Coming conferences and seminars
Weblinks
The newsletter is a bit of who’s who, who does what, where should you go, and where can you find more on the subject of supply chain risk. If you’re new to supply chain risk, the newsletter is the best place to start and if you’re deeply involved with supply chain risk, work-wise, research-wise or otherwise, the newsletter is the best place to stay on top of what’s going on.
Catching up
Now that I have linked up with ISCRIM again, I realise that I have missed out on a great deal of very interesting and promising research. So there’s a whole lot of catching up to do, going through every newsletter since 2012 to see which paper I would like to present on this blog. There’s so much that I don’t even know where to start and I’m glad to see new names and never heard of research topics in journal articles, which will fill this blog with new content in due time.
Looking back…looking forward
I attended the ISCRIM seminar in 2010, meeting so many interesting researchers, hearing about so many interesting topics and basically really enjoying myself surrounded by supply chain risk on all sides. Since there weren’t any other with similar interests at my research institute back then, That was a whole new experience to me, and I guess that’s one of the reasons for quitting that job, because, in the end, I was rather alone in my special field.
In my current job as a Resilience Adviser I have a national network of 5-10 people I can share and discuss my views on transport vulnerability with, and it dawned on me how important networks are, and that I should link up with ISCRIM once again. After all, I haven’t completely left supply chain risk territory; rather I’m like standing at the top of the pyramid in Helen Peck’s 2005 article on Reconciling supply chain vulnerability, risk and supply chain management, where she managed to draw a line from the ambiguous concept of risk in one company, through the supply chain, through extended networks and all the way up to society as a whole.
In my review of that article I concluded that
Supply chains link industries and economies more than we may be aware of, and the research agenda for supply chain risk and vulnerability needs to recognize that there are many and varied interests and communities involved. Consequently, and that is my view, too, research in supply chain risk and vulnerability is inclusive, rather than exclusive, of other fields.
In my case, given my current job, it’s probably more vice versa, I should not include other fields in supply chain risk, but rather include supply chain risk and vulnerability in the other field, i.e. what I do, namely resilience. I intend to do so, and being part of ISCRIM goes a long way in achieving that. After all, meeting and becoming part of ISCRIM has done a lot to keep my academic spirit going. Besides, as I understand it, membership is by merit, or invitation and recommendation only, so it is a bestowed privilege that I should not waste.
The World Economic Forum Global Risks Reports. I first came across them in 2008, when the hyperoptimisation of supply chains was a major issue, particularly, if coupled with a potential economic downturn. This was again highlighted in 2011, in the Supply Chain and Transport Risk Initiative, bringing together a range of leading experts to explore the most critical threats facing supply chain and transport networks. And now, in 2015, supply chains are again part of the global risk picture. This time, supply chains are at risk for getting too lean, highly effective, but also highly vulnerable.
Lean supply chains = risky supply chains?
The Global Risk Report 2015 does not spend much ink on supply supply chains specifically, but the make the case for supply chain risks being interwoven with many other risks that in turn make supply chains vulnerable, and vice versa:
The far-reaching global supply chains set up by multinational corporations are more efficient, but the complexity and fragility of their interlinkages make them vulnerable to systemic risks, causing major disruptions. These comprise natural disasters, including those related to climate change; global or regional pandemics; geopolitical instability, such as conflicts, disruptions of critical sea lines of communication and other trade routes; terrorism; large-scale failures in logistics; unstable energy prices and supply; and surges in protectionism leading to export/import restrictions.
This reminds me of a post I made in 2009 where I reflected on the upsides and downsides of lean supply chains, based on a couple of articles I had read, and my conclusion was quite simple:
Is lean logistics the same as risky logistics? No, lean does not necessarily make you more vulnerable or less robust towards supply chain disruptions. Lean implies agile, and agile is what is needed to overcome supply chain disruptions.
The only problem, and the Global Risk report 2015 highlights this, is that world is no longer peaceful and quite for the most, it’s a rather unstable place with an uncertain future.
Global risk at a glance
At the heart of the Global Risk report 2015 is the overall risk picture. The Global Risks Landscape, a map of the most likely and impactful global risks, puts forward that, 25 years after the fall of the Berlin Wall, “interstate conflict” is once again a foremost concern. For those of us who have lived long enough to see and feel the rise and fall of the Cold War, that is not the 2015 world we expected in the early 1990s.
In 2015, on one hand, the most likely risks are Interstate conflict, Failure of national governance, State collapse or crisis, along with Failure of climate change adaptation and Extreme weather events. On the other hand, the most average risks, i.e. what the respondents fear most, are Food crisis and Profound social instability, along with Large-scale involuntary migration, the latter making much of the news in Europe this summer.
An interesting feature of the 2015 report is what trends that contribute to what risks:
It is clear that Profound social instability is THE risk that is driven by a number of trends, alongside Interstate conflict and Failure of national governance.
Looking at how risks are interconnected, a similar picture emerges:
Again, Profound social instability, Interstate conflict and Failure of national governance are at the heart of all other risks.
Conclusion
In summary, the Global Risk report 2015 highlights and reflects upon a wide range of cross-cutting challenges that can threaten social stability. These risks are additionally aggravated by the legacy of the global economic crisis in the form of strained public finances and persistent unemployment. So basically, things have not improved since the inception of the Global Risk Reports in 2005, they have in fact turned worse. Local risks have now gone global.
The resilience of infrastructure systems can be measured by two dimensions: robustness, the extent of system function that is maintained, and rapidity, the time required to return to full system operations and productivity. That is the theme in Fostering resilience to extreme events within infrastructure systems: Characterizing decision contexts for mitigation and adaptation, written by Tim McDaniels, Stephanie Chang, Joseph Mikawoz, Darren Cole, and Holly Longstaff. A very interesting paper, indeed, for more than one reason.
What influences the disruption profile?
In a previous post on transport network resilience by Mattson and Jenelius, I was struck by a figure they had taken from this paper. It was a disruption profile, used time and again by a number of researchers within resilience, vulnerability, reliability and related subjects.
In this particular paper the shape of the disruption profile is influenced by two variables: robustness and rapidity. Robustness, in turn, is influenced by mitigation, while adaptation influences rapidity. As a concept this makes sense.
More interesting than the above figure is the construct behind it, illustrated in the form of a flowchart, showing how the influence of mitigation and adaptation comes into play:
At the top of the figure is the socio-technical context. Here are the variables that affect the decisions as to how much pre-disaster mitigation that is required (e.g. by law or based on prior experience), how much that is desired (e.g. risk acceptance) or how much that is economically viable (budgetary constraints).
Following the mitigation decision, at the next level, the system’s vulnerability is determined by another set of variables: the system’s technical resilience, and the organization’s organisational resilience and how they meet the next variable, which is a particular hazard.
Combined, technical and organisational resilience determine the immediate operational capacity following an event, depending on the hazard causing the event. That is the system’s robustness.
After the immediate operational capacity has been established, adaptation decisions must be made as to how to regain full operational recovery, the speed of which is a system’s rapidity in getting back to normal.
The evaluation of pre-disaster and post-disaster decisions and actions initiates a learning process that in turn leads to a new socio-technical context.
In essence, pre-disaster mitigation fosters robustness, and post-disaster adaptation fosters rapidity.
Conclusion
This paper clearly outlines a conceptual framework where resilience, a combination of both rapidity and robustness, is a result of ex-ante and ex-post decisions. Albeit resilience in common thinking more often than not is linked to how an organisation copes with an event ex-post, much of the groundwork for the coping process is laid ex-ante.
Reference
McDaniels, T., Chang, S., Cole, D., Mikawoz, J., Longstaff, H. (2008) Fostering resilience to extreme events within infrastructure systems: Characterizing decision contexts for mitigation and adaptation. Global Environmental Change 2 (18), 310–318
The 2015 FM Global Resilience Index provides an annual ranking of 130 countries and territories according to their business resilience to supply chain disruption. Presented both as a report and an online map it is a visually impressive way of conveying an important message: Beware of where you do your business. As to my home turf the report Norway retains its top position in the index from last year, with strong results for economic productivity, control of corruption, political risk and resilience to an oil shock.
The map
This is how the map looks like for 2015
It’s definitely intriguing to see which countries that rank at lower end and higher end of the resilience scale.
Comprehensive and complete?
Supply chain risk is one of the leading causes of business volatility, so says the report.
The FM Global Resilience Index is the first data-driven tool and repository that ranks the resilience of 130 countries and territories to supply chain disruption. It is designed to help executives evaluate and manage unknown risk potentially inherent in the countries they rely upon. Nine key drivers of supply chain risk are grouped into three categories: economic, risk quality and supply chain factors.
Well, lets take a closer look at how the index is calculated
Levels, factors and drivers
The index is calculated at three levels. Level 1 of the index provides a country ranking of business resilience to supply chain disruption. Level 2 comprises three factors, the core elements of resilience: economy, risk quality and supply chain. Level 3 includes a set of nine drivers that determine the business resilience to supply chain disruption for a country: GDP per capita, political risk, vulnerability to an oil shock, exposure to natural hazard, quality of natural hazard risk management, quality of fire risk management, control of corruption, infrastructure, quality of local suppliers:
I think this index does capture most of what goes into measuring resilience, although it’s hard to judge from the outside what actually goes into the calculations of levels, factors and in particular, the drivers. This is proprietary data. That said, I have no doubt that the scores are statistically sound and based on valid data.
Conclusion
In their own words, FM Global describes the index as
The index offers business executives an additional resource to help in prioritising supply chain risk management and guiding strategy in four key areas:
1. Selecting suppliers based on the supply chain risk/resilience of the countries in which they are located,
2. Deciding where to locate facilities,
3. Evaluating the resilience of the countries hosting existing facilities, and
4. Assessing the resilience of the countries where customers’ facilities are based.
In summary, the index provides a robust, composite view of business resilience to supply chain disruption around the world.
A bit of marketing here, but worth looking at, as an initial step in assessing one’s own supply chain resilience.
Maintaining a blog with more than 500 posts is a daunting task. While a post itself may still be OK, 8 years after it was written, the links in it most likely are not. When I revived my blog after three years of hibernation I knew this was going to be a a major problem. It was a problem I created myself in the first place. I don’t know where I got the (stupid) idea from that it would be a good idea to include links to the authors of the pares, books and reports I review on this blog. Well, essentially it is a good idea, because it allows me and my readers to link up with those who create or contribute to much of my content.
As time goes by
The only problem with this seemingly good idea of including links is that people change jobs, and organisations change websites, and it is totally up to me to find out. With more than 500 posts it’s hard to remember which posts that are most likely to have a change in external links. For one reason or the other I decided to link to people within academia at their academic institutions, be that professors, researcher or PhD students. Major pitfall. Reports and whitepapers that could be downloaded were linked to directly instead of downloading to my site and serving from there. Pitfall again. Blogs and websites are now closed or defunct or restructured in a way that my link no longer works. My fault for not reading these blogs/websites as often as I perhaps should.
Linkedin to the rescue
I quickly realised that this was going to be a mess when I started blogging again and started linking my newest posts with older posts that contained external links. There’s no point in referring to a source if the source cannot be found. Well, thank God for Linkedin. Most of the people mentioned on this blog are now on linkedin.com. Apparently they were not when I started to blog. Or researchgate.net. Or academia.edu. Or wherever else I could find them or what I linked to using Google. Some links turned out to be just dead with no traces of their content, even on Google, so I just deleted them, sorry about that. Hopefully they will not be missed. Lesson learned: link to a stable source.
One in twenty only?
So I started out to rectify this post by post, but soon began to think that there must be a better way. After all, I’m using WordPress, and surely, WordPress must have a plugin for that. Yes, it had a Broken Link Checker, and soon after installing it came up with 500 broken links out of 9000 (external and internal) links in total, that’s 5% or 1 in 20. Not too bad, and after a couple days hard work everything seemed in order. Well, “seemed” is the right word, because there are still a number non-functioning links. Sometimes a link to non-existing page will be redirected to, say, the university or company homepage, and not be registered by said plugin, because the links seems to work, technically speaking.
Bear with me, please
It will take a while before everything is in order on this blog, but I’m working on it every day. If you find a link that is not working, or not working as it should, please let me know. You can contact me directly using my contact form or you can leave a comment below the post.
Maritime transport is a vital backbone of today’s global and complex supply chains. Unfortunately, the specific vulnerability of maritime supply chains has not been widely researched. This paper by Øyvind Berle, Bjørn Egil Asbjørnslett and James B Rice puts it right and presents a Formal Vulnerability Assessment of a maritime transportation system. This is not the first maritime paper that Asbjørnslett has contributed to on this blog, and he keeps up the good work he started in 2007, when he presented Coping with risk in maritime logistics at ESREL 2007.
Maritime transport – a forgotten part of supply chains?
I guess it is true that maritime transport or sea transport is an overlooked part of supply chains, even on this blog. In my more than 500 posts the word “maritime only occurs in 20 of them. Well, perhaps not so forgotten, but maybe such an obvious part of today’s supply chains that it is not looked at specifically, and just assumed to be part of the wider picture. Considering Norway’s maritime and seafaring tradition, it is not surprising to see Norwegian researchers taking up this particular question. One of the authors, Asbjørnslett, is part of the Marine System Design research group at the Department of Marine Technology at NTNU in Trondheim, Norway, where he among other topics is involved in research related to risk taxonomies in maritime transport systems, risk assessment in fleet scheduling, and studies of vessel accident data for improved maritime risk assessment.
The invisble risk?
It is interesting to see what starting point the authors use in their introduction, namely the 2008 Global Risk Report by the World Economic Forum. In my post on Supply Chain Vulnerability – the invisible global risk I highlighted that report, which listed the hyper-optimization of supply chains as one of four emerging threats at that time, and as the authors put it:
[…] risks in long and complex supply chains are obscured by the sheer degree of coupling and interaction between sources, stakeholders and processes within and outside of the system; disruptions are inevitable, management and preparation are therefore difficult […]
Akin to the infamous “Butterfly effect”, even a minor local disruption in my supply chain could have major and global implications not just on the company directly linked to the supply chain, i.e. me, but also on other businesses. Or conversely, some other company’s disruption may affect me severely, even though I in no (business) way am connected to said company.
Issues and questions
With that in mind the authors set out to address these particular issues they found in their preliminary observations:
I1—respondents have an operational focus; in this, they spend their efforts on frequent minor disruptions rather than the larger accidental events.
I2—stakeholders do know that larger events do happen, and they know that these are very costly, yet they do not prepare systematically to restore the system.
I3—maritime transportation stakeholders find their systems unique. As a consequence, they consider that little may be learnt from benchmarking other maritime transportation system’s efforts in improving vulnerability reduction efforts.
I4—there seems to be little visibility throughout the maritime transportation system.
which led them to to propose these research questions:
RQ1—what would be a suitable framework for addressing maritime transportation system vulnerability to disruption risks?
RQ2—which tools and methods are needed for increasing the ability of operators and dependents of maritime transportation to understand disruption risks, to withstand such risk, and to prepare to restore the functionality of the transportation system after a disruption has occurred?
I like this introduction, clearly identifying a direction and purpose of the paper.
FSA – Formal Safety Assessmement
In order to solve the research questions the authors transfer the safety-oriented Formal Safety Assessment (FSA) framework into the domain of maritime supply chain vulnerability, and call it Formal Vulnerability Assessment (FVA) methodology. FSA – for those of you who don’t know, including me – is a structured and systematic methodology, aimed at enhancing maritime safety, including protection of life, health, the marine environment and property, by using risk analysis and cost benefit assessment:
What might go wrong?
= identification of hazards (a list of all relevant accident scenarios with potential causes and outcomes) How bad and how likely?
= assessment of risks (evaluation of risk factors); Can matters be improved?
= risk control options (devising regulatory measures to control and reduce the identified risks) What would it cost and how much better would it be?
= cost benefit assessment (determining cost effectiveness of each risk control option); What actions should be taken?
= recommendations for decision-making (information about the hazards, their associated risks and the cost effectiveness of alternative risk control options is provided).
While not fully the same, this assessment follows in essence the ISO 31000 risk management steps of risk identification, risk analysis, risk evaluation and risk treatment, a framework that I am very familiar with.
Deconstructing the maritime transport network
What I like in particular is how they deconstructed the maritime transport network, divided the land from the sea and looked at how a vessel interacts with a port that in turn interacts with other modes of transport:
It’s a figure that reminds of my last project I took part in during the autumn of 2011 while still in academia, where we investigated Customer and Agent Initiated Intermodal Transport Chains, and looked at barriers and incentives to competition and collaboration in intermodal transport. I’m not sure the figure would have helped if I had known about it, but it would have made a few things a bit clearer. Kudos to Berle et al. for coming up with it.
Kaplan and Garrick
It is rare to find papers like this that use Kaplan and Garrick’s definition of risk:
Risk may be defined as a triplet of scenario, frequency and consequence of events that may contribute negatively (in this case to the transportation system’s ability to perform its mission. A hazard is a source of potential damage; Kaplan and Garrick describe risk as hazards divided by safeguards. In this, risks cannot be completely removed, only reduced.
I do like this definition of risk, because risk can be seen as incompletely described unless all three elements are in place. An untrained individual or business entity often stops short after the first, or maybe the second question, without fully considering the third. In risk management, addressing the impacts is an important issue, which is why the consequences need to be considered along with the likelihood and source of risk. In this paper, developing a method for assessing the vulnerability i.e. consequences, and deconstructing the maritime transport network, i.e. scenario, this definition of risk makes a lot more sense than any other definition of risk.
Failure modes
Another interesting idea in the paper is the concept of failure modes, taken from the book System Reliability Theory: Models, Statistical Methods, and Applications, written by two Norwegian professors (from NTNU, again, no surprise). Failure modes are used to investigate and understand how the maritime transport system is able to handle unexpected hazards and threats and low-frequency high impact scenarios:
Failure modes are defined as the key functions and capabilities of the supply chain, loss of any such would reduce or remove the ability of the system to perform its mission.
The concept of “mission” is important here, because it emphasizes what vulnerability in a systems perspective is, namely the inability to function and deliver (whatever the system is supposed to deliver):
The critical ways a transportation system may fail can be summed up as the loss of capacity to supply, financial flows, transportation, communication, internal operations/capacity and human resources, which may be described as follows: supply capacity is the ability necessary to source provisions needed for the element to perform its function; for a factory, this is inbound materials, utilities and electricity. Financial flows cover the ability to access capital and liquidity/cash flow. Transportation is the ability to move materials, including those presently at work. Communication would include enabling technology, and is vital for transparency in the supply chain. Internal operations entail the organization’s processing capacity (e.g. converting materials into a good). Quality issues reducing outputs fall into internal operations. Loss of human resources singles out the human factor explicitly from internal operations—what are the personnel needs for the supply chain functions?
The concept of failure modes is an idea the authors developed in a previous paper, Failure modes in ports – a functional approach to throughput vulnerability, a paper which I will review as soon as I get a copy of it. I think the failure modes concept captures the idea of what could go wrong in the maritime supply chain, as seen from a systems perspective:
Hazards and Mission
This is where it gets interesting. In order to transfers the FSA into a FVA, the FVA hazard focus is shifted towards the FVA mission focus. For example, the question of what can go wrong is turned into the question of which functions/capabilities should be protected (to ensure the functionality of the maritime transport system). The same is done for the other questions. Where the FSA looks at measures to mitigate most important risks the FVA looks at measures to restore functions/capabilities. This kind of parallel or similar thinking shows how easy it may be to transfer a concept from one domain into another domain.
Case example – LNG
The FVA is put to test in practice, using LNG (Liquid Natural Gas) shipping as their case. At first I thought there must be better examples, but the issue is that
[…] this analysis is relevant to study energy import dependencies, as current LNG supply chains are optimized to the level that much of the system storage and flexibility can be found in the shipping element, lacking on-shore infrastructure […]
and therefore, definitely a case worth studying.
Conclusion
Not only do the authors develop a conceptual framework for assessing the vulnerability of maritime transport networks, the successfully transfer the maritime Formal Safety Assessment (FSA) framework into the domain of maritime supply chain vulnerability and demonstrate that the approach works. It is not done according to IMO’s own standard, the FSA, thus extending vessel safety to port safety and supply chain safety. I think that this will help this approach gaining acceptance within the wider maritime community. The paper is well-written and well-structured, but I could have wished for a bit more about the FSA. Never having heard about it I had to do some research to find what this was all about. All in all, the paper is a showcase example of how easy it can be to transfer concepts from one domain to another domain, exemplifying a cross-fertilization of research strands.
Reference
Berle, Ø., Asbjørnslett, B.E. and Rice, J.B. (2011) Formal Vulnerability Assessment of a maritime transportation system. Reliability Engineering and System Safety (96) 6, 696–705 DOI: 10.1016/j.ress.2010.12.011
Finally, and long overdue, another review in the Gower Short Guide to Business Risk book series. This is the 7th book I’m covering, and I must say that the main topic of Risk Appetite versus Risk Attitude has brought a whole new perspective on risk and risk management to my attention. Basically, what the books states is that every company should ask themselves two questions: 1) How much risk do we want to take? That is risk appetite. 2) How much risk do we think we should take? That is risk attitude. There are actually 4 more questions, dealing with risk propensity, risk capacity, risk perception and risk exposure that make up the risk management framework presented in this book.
Risk management – difficult or easy?
Risk management, so the authors, is a way of understanding the trade-offs we are making when we decide a course of action, not only in the short-term, but more importantly, in the long term, because a long-term perspective helps in making strategically consistent decisions time and again, instead of simply listening go your gut feelings. Understanding your risk appetite, and your risk attitude, lays the groundwork for making good decisions in uncertain yet important situations.
Who says what?
An interesting feature of the book is a whole chapter dedicated to collecting the views on risk appetite from regulators, standards bodies like, professional associations and consultants, clearly showing that there is a lot of debate about risk appetite, but no consensus.
Risk appetite risk tolerance, risk attitude and risk profile are mentioned by the regulators, but appear to be the same. Risk appetite is mentioned in standards, but not always well defined. Professional associations do fare a bit better; at least they do show some guidance in how to express risk appetite in a useful way. Consultants, seeing business opportunities in helping confused managers, have produced a wide range of white papers on risk appetite.
Although there is some common thinking among all these sources, there is little agreement and no agreed-upon definition. The list of 24 different definitions taken from these sources definitely shows that. However, so the authors claim, two strands of thought are common in these definitions, risk as a level or threshold that should not be crossed, and risk as a willingness to cross that same threshold, i.e. how much risk do we think we should take and how much risk do we want to take respectively.
Appetite versus attitude
The authors spend a whole chapter on describing and discussing appetite and attitude, their differences and similarities, perhaps a bit too much in my view, but the message sinks in finally:
Risk appetite: Tendency of an individual or group to take risk in a given situation.
Risk attitude: Chose response to a given risky situation, influenced by risk perception.
While this makes perfect sense when reading it the first time, the second time I ask myself, what is “risk” in risk appetite, and what are “risky situations” in risk attitude? Nit-picking, perhaps, and quickly forgotten, because their next point is rather brilliantly explained:
So when we face a risky and important situation and we need to decide how much risk to take […] we could just go with our gut, and make an intuitive decision [..] that might lead to a good outcome. But i might not. This is where is risk attitude comes in, allowing us to chose an appropriate positioning towards the risk.
Risk appetite comes from the heart, or rather, gut, whereas risk attitude comes from the head. Simple as that.
Risk elements at play – inputs and outcomes
The perhaps most difficult part of the book is the chapter that puts all risk elements together:
Risk propensity: How much risk do we usually like to take?
Risk appetite: How much risk do we want to take?
Risk capacity: How much risk can we take?
Risk perception: How much risk do we think we are taking?
Risk attitude: How much risk do we think we should take?
Risk exposure: How much risk are we actually taking?
Inputs to risk appetite and risk attitude and their respective outcomes are then used to construct what the authors call the RARA-model.
What I noticed here is that risk actions are outcomes of risk attitude, not risk appetite. Risk appetite on the other hand sets the risk threshold, against which risk actions and the resulting residual risk should be checked against. They way I interpret this is that risk attitude has a lower risk level than than risk appetite, and risk attitude should be the guiding principle for risk actions, not risk appetite.
Risk attitude and risk appetite exemplified
Half the book is devoted to a number of convincing examples of how the RARA-model can be used in practice in making well-informed risk decisions. In doing so, the authors use three kinds of scenarios: Unmanaged, Constrained and Informed Scenario.
Unmanaged, where risk thresholds are set by the organisation with no conscious or intentional reference to risk appetite or risk attitude.
Constrained, where risk thresholds are consciously modified by an understanding of the inherent risk appetite.
Informed, taking into account the chosen risk attitudes of key stakeholders as well as wider organisational factors when setting risk thresholds.
The beauty of these different scenarios is that they make use of the above elements in the RARA-model in very different ways, demonstrating how everything comes into play.
Conclusion
At first glance the RARA-model appears unnecessarily complex, and the case examples, using every single element of the model, are very elaborated. However, what the model really is all about is answering the six questions above. I like this book, but it takes a while to sink in, especially for someone like me, who uses the ISO 31000 standard extensively in my daily work.
Reference
Murray-Webster, R. and Hillson, D. (2012) A Short Guide to Risk Appetite. Farnham: Gower Publishing.
Organisational Resilience Literature. “What to read, and what not to read”. That could be the popular title of this paper. Written by Alessandro Annarelli and Fabio Nonini their paper on Strategic and operational management of organizational resilience: Current state of research and future directions classifies and sorts more than 70 articles along two axes: static versus dynamic resilience and single organisations versus supply networks or industries.. Essentially, this paper will help you decide which papers that fall into which of these four quadrants and which papers you should read depending on your research interests.
Comprehensive
According to the authors, they did “a systematic literature search and co-citation analysis to investigate the specific research domains of organizational resilience and its strategic and operational management to understand the current state of development and future research directions”. More than 400 papers out of thousands of documents were selected and narrowed down to 70 or so core papers, clearly showing the dominating trends within research into organisational resilience.
1.Theoretical foundations and applications, e.g. Christopher and Peck (2004)
2. Implementation, improvement and measurement of resilience, e.g. Sheffi and Rice (2005)
3. Models for resilience.
4. Other theoretical perspectives.
(The linked papers have been reviewed on this blog)
What to read, or not
In addition, the authors used multidimensional scaling(MDS) to produce a graphic that represents conceptual proximity, or similarity, between publications. This is what I found to be the most interesting part about this paper, because I now can find the most related or otherwise different literature, just by looking at the figure below and going to the reference list in the paper. That is very helpful, indeed.
Annarelli and Nonino (2015)
It’s quite interesting to see where some of the papers that have been reviewed on this blog fall and what papers that are closely related and that I have not yet discovered, which means that I have a lot of work to do in terms of possible reviews on this blog.
Future research
Finally the authors describe 7 areas of future research
Theory testing on design, implementation, and improvement processes to enhance organizational resilience.
Measurement of organizationalandoperationalresilience.
Resilience in Small Medium Enterprises.
Restoration models for the supply chain and operational processes.
Impact of introducing information systems on organizational resilience.
Anticipatory innovation to enhance processes’ resilience.
Strategic approach and dynamic capabilities for becoming a resilient organization.
and why these are the important issues that warrant further investigation.
Conclusion
This paper’s reference list contains more than 200 items. Combined with the sorting and review done in the paper this is very valuable resource for any researcher of organisational resilience.
Reference
Annarelli, A., & Nonino, F. (2015). Strategic and operational management of organizational resilience: Current state of research and future directions Omega DOI: 10.1016/j.omega.2015.08.004
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
