Summary: Chapters 5 & 6 of the CASSANDRA compendium provide a general overview on supply chain security risk management from the private sector perspective. Explaining the essentials of supply chain risk management, Chapter 5 introduces commonly used risk management models and tools (e.g., risk matrices and risk registers), discusses various classifications of supply chain risks, and elaborates current trends of risks and risk management in the supply chain context. Chapter 6 focuses on specific challenges of supply chain security risks – the risks that arise from intentional, man-made criminal activities such as terrorism, theft, trafficking, and sabotage. The chapter explains a few early classifications of supply chain security risks (e.g., motive-based typology and taxonomies based on private sector perspectives). Following the classifications of security risks, the chapter puts forth a few models for managing security risks in the supply chain context (e.g., the 8-layer model for supply chain security management). The chapter concludes with a detailed case study on security management of an international security company and a comparison of supply chain security management and the total quality management (TQM) management philosophy. The CASSANDRA compendium is available for download: www.cassandra-project.eu. Review by Toni Männistö (CBRA)
Full review: Previous observatory entries have already shown the relevance of the CASSANDRA compendium to the community of supply chain management professionals. The compendium’s chapters 5 & 6 give a brief summary of risk management and security risk management in the context of international supply chains. The contents of the chapters are relevant and useful for people involved in FP7 CORE project, especially for those involved in work packages 3 (Multi-method Threat and Vulnerability Analysis Suite) and 4 (SC Situational Awareness Tools & Maps).
Chapter 5 elaborates a set of common supply chain risk management tools. The model of Waters (2007) summarises rather obvious three steps of the risk management process: identifying risks, analysing risks and responding to risks. The model proposes, for example, that managers can identify supply chain risks through analysis of past events, collection of opinions, and through operational analysis. The model also calls for managerial attention to prerequisites of successful risk management – mutual trust, cooperation and information exchange among relevant stakeholders involved in supply chain management – and highlights importance of continuous monitoring and controlling the risk management process. The chapter concludes with the four classic approaches to risk management: risk avoidance, risk reduction, risk transfer (e.g., insurance and contractual agreements), and acceptance. The classifications of supply chain risks include typologies focusing on risk sources (natural hazards operational failure and terrorism), risk consequences (e.g., risk to operations, risk to reputation and risk to profits), and objects of vulnerability (e.g., information, materials, personnel and financial flows).
The chapter on crime prevention and security management (Ch. 6) in supply chains provides a concise summary on supply chain security management from the private sector perspective. The chapter starts by describing some early classifications of supply chain security risks. A motive-based taxonomy classifies such risks into the three categories: economic crime (profit as motive), other crime types (ideological, emotional and other reasons as motive) and facilitating crime that covers activities that do not bring direct crime benefits but help committing other rewarding crime crimes later on. (e.g., document fraud, bribery and use of intimidation). The chapter’s next section elaborates ways to mitigate security risks in the global supply chains, highlighting the key ideas of the so-called 8-layer model for supply chain security management (the model incorporates multiple aspects of risk assessment, hands-on design and planning, implementation of a variety of technologies, procedures, and incentives as well as preparation for dealing with the consequences of supply chain crime). The chapter provides also a case study with an international tobacco company that runs high security risk supply chain operations. The section also contrasts, rather interestingly, principles of security management against the fundaments of the total quality management (TQM) management philosophy. The chapter continues with a brief review of regulations (e.g., EU customs security and aviation security regulations) and standards on supply chain security management (World Customs Organization’s SAFE framework of standards, and industry standards of the Transported Asset Protection Association).
Hintsa, J. and Uronen, K. (Eds.) (2012), “Common assessment and analysis of risk in global supply chains “, Compendium of FP7-project CASSANDRA, Chapters 5 & 6