Operational Supply Chain Risk Identification and Prioritization Using the SCOR Model*
Identificación y priorización del riesgo operacional en la cadena de suministro a partir del modelo SCOR
Ingeniería y Universidad, vol. 23, no. 1, 2019
Pontificia Universidad Javeriana
Jenifer Ramos Ríos a firstname.lastname@example.org
Universidad del Valle, Colombia, Colombia
Diego Fernando Manotas Duque
Universidad del Valle, Colombia
Juan Carlos Osorio Gómez
Universidad del Valle, Colombia
Date received: 03 August 2017
Date accepted: 11 October 2018
Date published: 24 June 2019
Abstract: Objective: This study aims to propose a methodology that identifies and prioritizes the operational risk factors in a supply chain (SC) to provide a tool according to the process-based SC approach that is useful for risk assessment throughout the SC. Materials and methods: Risk identification was conducted by a scenario analysis, which linked the risk factors with the standard key performance indicators (KPIs) of the processes and logistics activities proposed by the supply chain operational reference model (SCORM o SCOR). These influence relationships were quantified using a proposed scale, and then, the risk factors were prioritized by the definition of their influence levels. This approach was applied to a real SC. Results and discussion: Twenty risk factors were clearly and effectively identified, analyzed and prioritized, and priority was given to those with the highest influence level, which can be understood as the risk factors that have a larger capacity to negatively affect SC performance. Conclusions: The methodology allows the identification of the most influential risk factors in a SC, and as it is based on a standard model, it fosters a collaborative analysis among its echelons. The main contributions of this paper are the risk identification by means of the KPIs of the SCOR model and the measurement of their influence levels, which is a new and useful feature for risk prioritization.
Keywords: Supply chain risk, operational risk, SCOR model, risk factor influence level.
Resumen: Objetivo: Este estudio busca proponer una metodología para identificar y priorizar factores de riesgo operacional en la cadena de suministro (CS), para brindar una herramienta acorde al enfoque por procesos de la CS, que sea útil para la evaluación de riesgos a lo largo de la CS. Materiales y métodos: La identificación de riesgos fue desarrollada por medio de un análisis de escenarios, relacionando los factores de riesgo con los indicadores clave de los procesos (KPIs) y las actividades logísticas propuestas por el modelo SCOR. Estas relaciones de influencia fueron valoradas usando una calificación propuesta, luego los factores de riesgo fueron priorizados por la definición de su nivel de influencia. La metodología fue aplicada en una CS real. Resultados y discusión: Veinte factores de riesgo fueron clara y efectivamente identificados, analizados y priorizados, dando prioridad a aquellos con mayor nivel de influencia, es decir mayor capacidad de afectar negativamente el desempeño de la CS. Conclusiones: La metodología permite identificar claramente los factores de riesgo con mayor influencia en la CS, y al estar basada en un modelo estándar, facilita un análisis colaborativo entre sus eslabones. Las principales contribuciones de este artículo son la identificación de riesgo por medio de los KPIs del modelo SCOR y la medición del nivel de influencia como una característica nueva y útil para la priorización de riesgos.
Palabras clave: riesgo en la cadena de suministro, riesgo operacional, modelo SCOR, nivel de influencia de factor de riesgo.
Supply chain risk (SCR) is a discipline that has experienced substantial growth, and it provides supply chain managers new techniques and methods of analysis and evaluation for several sectors . The SCR concept has been widely discussed by many authors , , , , , and it is defined as the potential losses in an SC in terms of its target values of efficiency and effectiveness caused by uncertain developments in the supply chain characteristics whose changes were caused by the occurrence of triggering events .
Moreover, risk categories have been proposed based on key performance indicators and by their uncertainty source. Singhal  proposed five risk categories according to the uncertainty source: operational, market, business or strategic, product, and miscellaneous risks. We focus on operational risk because companies have more control and management capacity over these features. Operational risk is defined as the operational features of the SC that either mismatch demand and supply or even disrupt the functioning of the SC by interrupting the flow of materials, products or information , .
According to the review made in , a risk management system is composed of four main steps (see figure 1). Additionally, Elmsalmi and Hachicha  conclude that the first two steps are critical for performing successful risk management.
Concerning risk assessment and prioritization, as these risks cannot be completely eliminated, their assessment and measurement is essential for effective risk management. According to , risk measurement can be classified into two categories: quantitative or probabilistic (based on statistics) and subjective (based on expert knowledge) approaches.
Regarding risk identification, , ,  agree on that this is a fundamental phase and the starting point for risk management implementation. Moreover,  indicates that risk identification should be exhaustive because any non-identified risk will not be included in posterior risk assessment. Figure 2 shows the main risk identification techniques proposed in the literature. The most used techniques are qualitative ones, especially checklists, interviews and questionnaires.
Borghesi and Gaudenzi  conclude that qualitative risk measurement is preferable when risk levels are relatively low and when obtaining the information required for a quantitative analysis is expensive. Furthermore, they recommend a quantitative analysis when sufficient information about risk is available and suitable for defining probabilities and consequences, and when this information is shared between many people with different organizational functions, which means that diversity over risk perception and knowledge exists. However, firms frequently do not maintain sufficient information to develop a reliable analysis , . Figure 3 shows the main techniques used for risk assessment and prioritization identified by  and .
In this paper, we study operational risk because it is directly related to SC features that affect its performance. Here, we propose an identification and prioritization methodology that takes the KPIs from version V11.0 of the supply chain operational reference model (SCORM o SCOR) as the starting point to lead risk identification and to define relationships between the KPIs and the SC risk factors for each SC echelon. Afterwards, these relationships are quantified, and the risk factors are arranged according to their influence level over the SC.
The proposed methodology, according to the literature review, is novel in this area of study. The main contributions of the research to the field are twofold: the first contribution is the risk identification by means of the KPIs of the standard SCOR model, which is widely accepted in the industry; the second contribution is the measurement of the influence levels of the risk factors over the SC, which are useful to assess and prioritize.
In the literature, we found different focuses in SC risk studies. The first focus was on risk management systems, which are defined conceptual approximations for SC risk management, mitigation strategies, risk management models and their adoption. The second focus regards the study of the relationships between uncertainty, risk and SC performance. The third focuses on risk analysis and assessment using subjective and quantitative and qualitative methods. These methods use the frequency and severity to estimate the measurement of a risk and lead the analysis and assessment process with the activities in the SC and the scorecards of the SC under study rather than leading the analysis and assessment process with the performance indicators of some standard model , , , , , , .
The SCOR model, proposed by the Supply Chain Council is a reference framework widely accepted in the industry that is useful for diagnosing and designing SCs. The SCORM hierarchically defines the processes and activities of SCs and is organized around six primary processes: plan (sP); source (sS); make (sM); delivery (sD); return (sR) and enable (sE). Additionally, the model defines for each process the best practices and standards or KPIs of the SC .
Hence, the SCORM incorporated the risk concept in its processes starting from its 9.0 version in 2008, and few applications of the SCORM related to supply chain risk management are found in the literature . In its applications, the SCORM has been integrated with other tools to develop risk management methodologies, which drives risk identification around activities in the SC  and uses KPIs to evaluate the SC performance in scenarios with uncertainty .
The proposed methodology consists of six steps (see figure 4). By definition, supply chain risk (SCR) comprises events or uncertain situations that cause supply chain objectives to be unfulfilled. In this sense, the first step of the methodology is to select the SCOR indicators that will lead to risk identification; these indicators are selected according to their relevance for business strategies and to the sourcing, manufacturing and delivery environments where SC activities are developed, i. e., make to order, make to stock or engineer to order.
The SCORM arranges its metrics of the SC on three hierarchical levels and groups them with one of five performance attributes: reliability (RL), responsiveness (RS), agility (AG), cost (CO) and asset management efficiency (AM). The relationships between the levels of the metrics are diagnostic; for example, the second-level metrics serve as diagnostics for the first-level metrics. The second-level metrics help to identify the causes of a performance failure . Thus, the second-level metrics of SCORM are considered suitable for leading risk identification; nevertheless, the SCORM metrics may be used at any desired disaggregation level.
Table 1 shows the second-level SCORM indicators used in this study, the first-level indicators that contain the second-level indicators for each performance attribute, and their codification. The indicators related to the performance attribute agility (AG), measurement flexibility, adaptability and value at risk of the SC are related to the capacity planning of elements on different processes. Overall, the information used to calculate these indicators is the result of metrics of other performance attributes; therefore, they are not taken into account for the operational risk identification in this study. However, they could be considered in other planning level analyses.
The second step of the proposed methodology is the identification of situations and risk factors that cause an undesired result on SC metrics. For this identification, as shown in , several tools are already validated and implemented, such as interviews, data analyses, expert consultations, checklists, SC mapping, and fault tree analysis, may be used.
Once the risk factors are identified, a scenario analysis is performed. Through this analysis, the causes and activities where the risk factors originate are determined. This process facilitates the comprehension and identification of the causal relationships between the identified risk factors and performance metrics of the echelon where they originate and other affected echelons.
Later, direct and indirect influence relationships of the risk factors, which affect any performance indicator inside and outside of the SC echelon, are established. These relationships are quantified using the scale shown in table 2.
This scale assigns a higher score to external influence relationships, i. e., relationships with other SC echelons.
On the one hand, the risk factor has a direct influence over the indicator result when its occurrence does not need another event to affect the indicator. On the other hand, the risk factor has an indirect influence over the indicator when its occurrence needs other events within a chain reaction to affect the indicator.
Figure 5 shows an example where the influence relationships of the identified risk factors are established and quantified. The risk factors error in delivery schedule, inputs not available and improper storage affect the results of the indicators percentage of orders delivered in full (RL.2.1) and source cycle time (RS.2.1) at two echelons of an SC.
At the supplier, the risk factor errors in delivery schedule has a direct relationship with the indicator percentage of orders delivered in full; hence, the materialization of errors in delivery schedule will always affect the result of percentage of orders delivered in full. However, the materialization of errors in delivery schedule does not always generate a higher source cycle time than the time desired at customer. Nevertheless, if the percentage of orders delivered in full is not fulfilled, the source cycle time will likely be affected, which will generate an indirect external relationship between errors in delivery schedule and source cycle time.
The influence level is equal to the sum of the influence relationship scores exerted by the risk factor. This measure allows the arrangement of risk factors according to their influence on the SC, thereby complementing traditional definitions of risk factor impact measures, which are usually performed in the assessment phases of risk management methodologies and are therefore useful for decision-making and risk prioritization.
In this example, the risk factor errors in delivery schedule has an external indirect influence on the indicator source cycle time at the customer, an internal direct influence over the result of orders delivered in full, and an internal indirect influence over the perfect conditions indicator, which are valued at 3, 2 and 1 points, respectively; therefore, total influence level of errors in delivery schedule is 6 points.
Results of Methodology Application
The proposed methodology was implemented on the SC of a company that provides clinical diagnostic services. The SC in this study comprises the reagent provider (RP) for the elaboration of laboratory tests, the focus company (FC) and the customer (CT) that requests diagnostic services (see figure 6). They operate in a make-to-order production environment.
The operational risk factors that affect the performance and results of the SC and their impact on the results of the metrics for each echelon were identified through interviews and data analyses from documented cases. Table 3, table 4 and table 5 show the operational risk identified at each echelon of the reagent provider, the focus company and the customer, respectively.
Table 3 shows that the risk factors delay in export procedures and lack of raw material and inputs directly affect the result of the indicator percentage of orders delivered in full. An unsuitable performance related to full delivery of orders forces the focus company to wait for backorders, which indirectly affects the result of the indicator source cycle time. Additionally, the delay in export procedures may cause product damage, which indirectly affects the indicator perfect conditions.
Moreover, note that some risk factors may generate the same risk or effect. For example, the risk factors reprocessing order pickup and delivery and frequent changes on customer orders both generate customer dissatisfaction.
The results presented from table 3 through table 5 show the indicators indirectly affected by each identified risk factor. These tables present the SCORM indicator code and the acronym for the impacted echelon. For the cases where the impacted echelon is not indicated, the indirect influence relationship is presented internally and does not transcend to another echelon.
Figure 7 presents five of the identified risk factors that affect the results of the indicators selected within the methodology and their influence relationships. The risk factor improper storage conditions at the reagent provider has an internal direct influence on the indicator perfect conditions, which is valued at two (2) points, an internal indirect influence on the indicator reprocessing and return cost, which is valued at one (1) point, and an external indirect influence on the indicator make cycle time at the focus company, which is valued at three (3) points. Adding the influence level scores obtained for this risk factor, a total influence level of six (6) points is obtained. In the same fashion, the influence level score of all the identified risk factors is determined.
Twenty (20) operational risk factors were identified that directly or indirectly affect thirteen (13) second-level indicators of the studied SC. Following the presented methodology, the risk factors' influences over the supply chain performance indicators were identified and quantified according to the proposed scale. The scores obtained by every influence relationship of every risk factor were summed to define the total influence level of each risk factor. Table 6 shows the results for each risk factor arranged from the highest to lowest total influence level and the echelon in which they were found.
Regarding the SC under study, most of the risk factors were identified in the focus company and reagent provider, and the risk factors with higher levels of influence are presented on upstream SC echelons. According to these results, the risk factors with the highest level of influence are reprocessing order pickup and delivery orders to be delivered to the laboratory, which is performed by the reagent provider, and purchase of inputs of medium quality (generic references), which is performed by the laboratory.
A methodology for supply chain (SC) risk identification and prioritization was proposed. The methodology uses the SC standard performance metrics of version V11.0 of the SCOR model to lead risk factor identification. Moreover, the methodology permits clear identification of the risk factors with the highest level of influence in SC operations and the ones that may transcend to others SC echelons.
The implemented methodology is easy to apply, and hence, it is based on a standard model for SC assessment (the SCOR model). The methodology facilitates risk identification for the complete supply chain and for the appropriation and understanding of its members. Therefore, this methodology enables collaborative and joint risk management plans.
Hence, the performance metrics proposed by the SCOR model and used by the proposed methodology are related to all planning levels: strategic, tactical and operational. Furthermore, the proposed methodology could also be applied without focusing on the operational planning levels and instead accounting for the planning, enable and return processes proposed by the SCOR Model.
The arrangement of risk factors according to their influence level complements the traditional definition of risk impact used in the assessment phase of management risk systems and supports the decision-making process in risk prioritization.
 T. Aven, “Risk assessment and risk management: Review of recent advances on their foundation,” Eur. J. Oper. Res., vol. 253, no. 1, pp. 1–13, Aug. 2016. https://doi.org/10.1016/j.ejor.2015.12.023
 I. Heckmann, T. Comes, and S. Nickel, “A critical review on supply chain risk: Definition, measure and modeling,” Omega, vol. 52, pp. 119–132, Oct. 2015. doi: 10.1016/j.omega.2014.10.004
 P. Singhal, G. Agarwal, and M. L. Mittal, “Supply chain risk management: Review, classification and future research directions,” Int. J. Bus. Sci. Appl. Manag., vol. 6, no. 3, pp. 15–42, 2011. Available: http://bit.ly/2HT6TjQ
 A. Mora Valencia, Riesgo operativo I: una revisión de la literatura (Borr. Admin., no. 46). Bogotá: CESA, 2011. Available: http://bit.ly/2JWDE1U
 Y. Fan and M. Stevenson, “A review of supply chain risk management: Definition, theory, and research agenda,” Int. J. Phys. Distrib. Logist. Manag., vol. 48, no. 3, pp. 205–230, Jan. 2018. Available: http://bit.ly/2XnZ8YD
 S. Kumar, B. C. Boice, and M. J. Shepherd, “Risk Assessment and Operational Approaches to Manage Risk in Global Supply Chains,” Transp. J., vol. 52, no. 3, pp. 391–411, 2013. https://doi.org/10.1108/JMTM-04-2012-0044
 M. Han and J. Chen, “Managing operational risk in supply chain,” Int. Conf. Wireless Commun., Netw. Mobile Comput., WiCOM 2007, pp. 4919–4922.
 P. Boller, C. Grégorie, and T. Kawano, “Chapter 4. Operational risk,” in IAA Risk Book, 2016, pp. 1–19. Available: http://bit.ly/2wwxYmy
 D. F. Manotas Duque, J. C. Osorio Gómez, and L. Rivera, “Operational risk management in third party logistics (3PL),” en Handbook of Research on Managerial Strategies for Achieving Optimal Performance in Industrial Processes, vol. I, USA: Business Science Reference, 2016, pp. 218–239. doi: 10.4018/978-1-5225-0130-5.ch011
 M. Elmsalmi and W. Hachicha, “Risks prioritization in global supply networks using MICMAC method: A real case study,” in 2013 Int. Conf. Adv. Logist. Transp. ICALT 2013, pp. 394–399. doi: 10.1109/ICAdLT.2013.6568491
 J. Nan, J. Z. Huo, and H. H. Liu, “Supply chain purchasing risk evaluation of manufacturing enterprise based on Fuzzy-AHP method,” 2009 2nd Int. Conf. Intell. Comput. Technol. Autom. ICICTA 2009, vol. 3, no. 70772077, pp. 1001–1005. doi: 10.1109/ICICTA.2009.707
 P. K. Marhavilas, D. Koulouriotis, and V. Gemeni, “Risk analysis and assessment methodologies in the work sites: On a review, classification and comparative study of the scientific literature of the period 2000–2009,” J. Loss Prev. Process Ind., vol. 24, no. 5, pp. 477–523, Sep. 2011. https://doi.org/10.1016/j.jlp.2011.03.004
 A. Borghesi and B. Gaudenzi, Risk Management. How to Assess, Transfer and Communicate Critical Risks. Milan: Springer, 2013. doi: 10.1007/978-88-470-2531-8
 A. Mora Valencia, Una comparación de algunos métodos para cuantificar riesgo operativo (Borr. Admin., no. 39). Bogotá: CESA, 2010. Available: http://bit.ly/2HUBnSF
 I. Kilubi, “Investigating current paradigms in supply chain risk management: A bibliometric study,” Bus. Process Manag. J., vol. 22, no. 4, pp. 662–692, 2016. https://doi.org/10.1108/BPMJ-05-2015-0060
 Z. George A. and B. Ritchie, Supply Chain Risk. Springer Science + Business Media, 2009. doi: 10.1007/978-0-387-79934-6
 S. Nurmaya Musa, Supply Chain Risk Management: Identification, Evaluation and Mitigation Techniques (Linköping Stud. Sci. Technol. Diss., no. 1459). Swewden: Linköping University, 2012. Available: http://bit.ly/2QG1sYl
 O. Tang and S. Nurmaya Musa, “Identifying risk issues and research advancements in supply chain risk management,” Int. J. Prod. Econ., vol. 133, no. 1, pp. 25–34, Sep. 2011. https://doi.org/10.1016/j.ijpe.2010.06.013
 Supply Chain Council, Supply Chain Operations Reference Model Rev. 11.0. USA, 2012. Available: http://bit.ly/2KlrGOE
 K. Rotaru, C. Wilkin, and A. Ceglowski, “Analysis of SCOR’s approach to supply chain risk management,” Int. J. Oper. Prod. Manag., vol. 34, no. 10, pp. 1246–1268, 2014. https://doi.org/10.1108/IJOPM-09-2012-0385
 A. C. Cagliano, S. Grimaldi, and C. Rafele, “Enabling SCOR-Model Risk Management Process with a Theoretical Performance-Based Approach,” in Pioneering Solutions in Supply Chain Management: A Comprehensive Insight into Current Management Approaches, W. Kersten, T. Blecker, and C. Luthje, Eds. Berlin: Erich Schmidt Verlag, 2010, pp. 59–76. Available http://bit.ly/2WiMSvX
 M. Abolghasemi, V. Khodakarami, and H. Tehranifard, “A new approach for supply chain risk management: Mapping SCOR into bayesian network,” J. Ind. Eng. Manag., vol. 8, no. 1, pp. 280–302, 2015. http://dx.doi.org/10.3926/jiem.1281
a Corresponding author. E-mail: email@example.com
How to cite this
article: J. Ramos, D. Manotas, and J. Osorio, “Operational
supply chain risk identification and prioritization using the SCOR model,” Ing. Univ. vol. 23, no. 1, 2019