International Journal of Physical Distribution & Logistics Management

Emerald Article: Supply risk management: model development and empirical

analysis
Daniel Kern, Roger Moser, Evi Hartmann, Marco Moder

Article information:
To cite this document: Daniel Kern, Roger Moser, Evi Hartmann, Marco Moder, (2012),"Supply risk management: model development and
empirical analysis", International Journal of Physical Distribution & Logistics Management, Vol. 42 Iss: 1 pp. 60 - 82
Permanent link to this document:
http://dx.doi.org/10.1108/09600031211202472
Downloaded on: 04-10-2012
References: This document contains references to 61 other documents
Citations: This document has been cited by 1 other documents
To copy this document: [email protected]
This document has been downloaded 1476 times since 2012. *

Users who downloaded this Article also downloaded: *

Minna Rollins, Saara Pekkarinen, Mari Mehtälä, (2011),"Inter-firm customer knowledge sharing in logistics services: an empirical
study", International Journal of Physical Distribution & Logistics Management, Vol. 41 Iss: 10 pp. 956 - 971
http://dx.doi.org/10.1108/09600031111185239

Rao Tummala, Tobias Schoenherr, (2011),"Assessing and managing risks using the Supply Chain Risk Management Process (SCRMP)",
Supply Chain Management: An International Journal, Vol. 16 Iss: 6 pp. 474 - 483
http://dx.doi.org/10.1108/13598541111171165

Ila Manuj, John T. Mentzer, (2008),"Global supply chain risk management strategies", International Journal of Physical
Distribution & Logistics Management, Vol. 38 Iss: 3 pp. 192 - 223
http://dx.doi.org/10.1108/09600030810866986

Access to this document was granted through an Emerald subscription provided by University of South Australia

For Authors:
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service.
Information about how to choose which publication to write for and submission guidelines are available for all. Please visit
www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
With over forty years' experience, Emerald Group Publishing is a leading independent publisher of global research with impact in
business, society, public policy and education. In total, Emerald publishes over 275 journals and more than 130 book series, as
well as an extensive range of online products and services. Emerald is both COUNTER 3 and TRANSFER compliant. The organization is
a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive
preservation.
*Related content and download information correct at time of download.
 The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0960-0035.htm

IJPDLM
42,1 Supply risk management:
model development and empirical
analysis
60
Daniel Kern
Chair of Supply Chain Management, FAU Erlangen-Nuernberg,
Nuernberg, Germany
Roger Moser
European Business School, Oestrich-Winkel, Germany and IIM Bangalore,
Bangalore, India
Evi Hartmann
Chair of Supply Chain Management, FAU Erlangen-Nuernberg,
Nuernberg, Germany, and
Marco Moder
McKinsey & Company Inc., Frankfurt, Germany

Abstract
Purpose – The purpose of this paper is to develop a model for upstream supply chain risk
management linking risk identification, risk assessment and risk mitigation to risk performance and
validate the model empirically. The effect of a continuous improvement process on identification,
assessment, and mitigation is also included in the model.
Design/methodology/approach – A literature review is undertaken to derive the hypotheses and
operationalize the included constructs. The paper then tests the path analytical model using partial
least squares analyses on survey data from 162 large and mid-sized manufacturing companies located
in Germany.
Findings – All items load high on their respective constructs and the data provides robust support to
all hypothesized relationships. Superior risk identification supports the subsequent risk assessment
and this in turn leads to better risk mitigation. The model explains 46 percent of the variance observed
in risk performance.
Research limitations/implications – This study empirically validates the sequential effect of the
three risk management steps on risk performance as well as the influence of continuous improvement
activities. Limitations of this study can be seen in the use of perceptional data from single informants
and the focus on manufacturing firms in a single country.
Practical implications – The detailed operationalization of the constructs sheds further light on the
problem of measuring risk management efforts. Clear evidence of the performance effect of risk
management provides managers with a business case to invest in such initiatives.
Originality/value – This is one of the first large-scale, empirical studies on the process dimensions
of upstream supply chain risk management.
Keywords Supply chain risk management, Continuous improvement, Structural equations model,
International Journal of Physical Partial least squares, Survey data, Manufacturing industries, Germany
Distribution & Logistics Management
Vol. 42 No. 1, 2012
Paper type Research paper
pp. 60-82
q Emerald Group Publishing Limited
0960-0035
DOI 10.1108/09600031211202472
Introduction Supply risk
The recent past has seen a growing interest in supply chain management topics within management
the field of operations management research (Kouvelis et al., 2006). Popular initiatives
like outsourcing, reduction of inventories, just-in-time concepts, and increasing
inter-firm cooperation created much leaner supply chains. In a world without supply
chain risks, such initiatives lead to the most cost-effective operation models with
economic benefits for the entire supply chain. However, extreme leanness can also lead 61
to more fragile supply chains (Kleindorfer and Saad, 2005). A single appearance of any
fatal risk – be it a natural disaster, labor disputes, new import restrictions, or simply the
blackout of an IT system – can cause a collapse of the whole supply chain. Taking the
automotive industry as an example, such a production breakdown can lead to economic
losses of more than 100 million dollars per day. In fact, the impact of supply chain
disruptions on company performance has increased over the past few years (Hendricks
and Singhal, 2005). Single sourcing (Hendricks and Singhal, 2005; Tomlin, 2006), low
inventories (Craighead et al., 2007; Hendricks and Singhal, 2005; Schmitt and Singh,
2009), increased product complexity (Hendricks and Singhal, 2005) and a growing
importance of purchasing as a value creation function (Zsidisin et al., 2000) allow only
little margin for errors in this function and leave many supply chains highly vulnerable.
At the same time, global organizations face an increasingly unstable environment in
many of their markets (Manuj and Mentzer, 2008a; Wagner and Bode, 2008). With more
vulnerable supply chains on one hand and more dynamics and complexity in a
globalized world on the other hand, disruptions hit supply chains more often and with
much worse impact on the continuity of production (Barry, 2004). The negative
consequences are immense when risks are poorly managed or remain undetected
(Hendricks and Singhal, 2003). Hendricks and Singhal (2005) also show that past supply
chain research heavily focused on cost efficiency and less on robustness. In a recent
survey of Poirier and Quinn (2004, p. 31), only one-third of the responding firms report
that they paid “sufficient attention to supply chain vulnerability and risk mitigation
actions”. Thus, the implementation of lean concepts within supply chains must be
accompanied by supply chain risk management concepts. Managing supply chain risks
needs to be a primary objective of any senior executive team through the integration of
risk management as part of each and every supply chain (Cohen and Kunreuther, 2007;
Ghoshal, 1987; Tomlin, 2006).
The literature on risk management shows that a common risk management process is
generally organized into three steps: risk identification, risk assessment, and risk
mitigation (Bode and Wagner, 2009; Kleindorfer and Saad, 2005; Tang, 2006). In the past,
some of these authors also stressed the importance of an ongoing risk monitoring and
iterative risk management process that is constantly adapted to the requirements of a
changing environment (Bode and Wagner, 2009; Hendricks and Singhal, 2005;
Kleindorfer and Saad, 2005). With no continuous improvement, even successful risk
management processes will become weak and unable to identify and address risks with
the right measures when environmental conditions change and new risks arise. Thus,
we argue that risk management activities need to go hand-in-hand with a continuous
improvement process in the long run.
As to the best of our knowledge, there are only a few large-scale empirical studies on
the effects of risk identification, risk assessment or risk mitigation on supply chain risk
management performance. Hendricks and Singhal (2003, 2005) analyze in their event
IJPDLM studies the stock price effect of more than 500 public disruption announcements made by
42,1 companies. Wagner and Bode (2006) use a survey-based approach to investigate supply
chain vulnerability including several supply chain characteristics. However, the effect of
risk management processes and their resulting performance has not yet been analyzed
in a large-scale empirical study. Nevertheless, it is important to understand the
performance effect of risk management endeavors in order to provide managers with
62 a clear business case to invest in such initiatives. Therefore, the purpose of this paper is
to develop and empirically test a model linking supply chain risk identification,
risk assessment and risk mitigation to a company’s risk performance. In our study, we
first operationalize the constructs through an extensive literature review and link risk
management efforts to risk performance. Furthermore, we include the effect of a
continuous improvement process in our model. In a second step, we use partial least
squares (PLS) analysis to evaluate the contribution of these upstream supply chain risk
management activities on risk performance.
The remainder of the paper is structured as follows: in second section, we place our
study in the context of supply chain risk management research. Based on a literature
review, we develop and operationalize our model in third section. Sampling and data
description are then presented in detail in fourth section together with our measurement
and structural model analysis. Fifth section includes the analysis of our findings and the
discussion of the study results. We finally discuss the study’s limitations and
opportunities for further research in sixth section.

Upstream supply chain risk management

Research on supply chain risk management classifies risks into operational risks and
disruption risks (Tang, 2006) or refers to them as supply-demand coordination risks and
disruption risks (Kleindorfer and Saad, 2005). Operational risks include the everyday
management of the supply chain whereas disruptions risks are associated with
unexpected events including natural disasters (Kouvelis et al., 2006). As a second
dimension, Tang (2006) suggests structuring the literature on supply chain risk
management according to the mitigation approach. Supply management, demand
management, product management, and information management can all contribute to
successful risk mitigation.
Recent research stresses the importance of an integrated and holistic approach in
supply chain management because a narrow view on a single focal firm cannot take into
consideration the many interrelations of global supply chains (Buhman et al., 2005;
Steele and Court, 1996; Wagner and Bode, 2006). Research has so far proposed distinct
models and management tools for various steps in the supply chain. A common
classification is the distinction between upstream and downstream supply chain
initiatives. Likewise, risks can occur on the supply side and on the demand side
(Kouvelis et al., 2006; Manuj and Mentzer, 2008b; Wagner and Bode, 2008). Similarly,
Tang’s (2006) classification of risk management approaches within the supply chain
context also distinguishes supply and demand managements. We follow this
classification; although we stress that the consideration of both – the demand side
and the supply side – is always required. For example, specific knowledge about the
demand-side impact is necessary when assessing supply side risks regarding a potential
negative business impact. Nevertheless, supply and demand side focused risk
management processes are quite distinctive in their actual implementation and require
different kind of constructs and measurement items. This paper focuses on the upstream Supply risk
supply chain risk management sometimes also referred to as supply risk management management
(Wagner and Bode, 2006; Zsidisin et al., 2004) in order to ensure a clear focus of the study
and its measurement items.

Conceptual model
Our research model includes five constructs and six relationships as shown in Figure 1. 63
The constructs are defined in the subsequent sections and their operationalization is
an-chored in the literature. We investigate the effect of risk identification on risk
assessment which again is hypothesized to have a positive impact on risk mitigation.
Risk mitigation only then directly contributes to risk performance because only
risk mitigation activities can directly decrease the frequency and the impact of actual
risk incidents on the operations of a company. Additionally, we examine the impact of a
continuous improvement process on the quality of the risk identification, risk
assessment and risk mitigation activities.

Risk identification
The first critical step of the risk management process includes the identification of risks
(Kleindorfer and Saad, 2005). Only the identification of risks is triggering any further
risk management activity. Risk identification aims therefore to discover all relevant
risks. This implies that an early judgment is needed to decide whether a risk is
considered to be relevant – and thus will be further assessed – or not. Therefore,
risk identification needs to follow a holistic approach (Buhman et al., 2005), screening
regularly for early indicators of potential risks within the supply chain and the
environment. Some authors include risk identification activities within the risk
assessment step (Ritchie and Brindley, 2007; Zsidisin et al., 2004). The two activities

Risk
Identification
H4a+
H1+

H4b+ Continuous
Risk
Improvement
Assessment
Process

H2+ H4c+

Risk
Mitigation

H3+

Figure 1.
Risk
Conceptual model of
Performance
supply risk management
IJPDLM are, however, very different from one another. The target of risk identification as we
42,1 define it in our study is to identify as broadly as possible all potential threats and all
relevant vulnerabilities within the upstream part of the supply chain. Risk assessment
then aims at evaluating and understanding each risk in detail for its relevancy. The
construct of risk identification focuses on the regular scanning for new threats and the
classification of identified risks. The major focus lies on the identification of each
64 relevant risk. The construct of risk assessment evaluates in detail the potential triggers,
causes and effects on the organization and its environment of those risks identified in the
previous step collecting and analyzing additional data. The major objective is to assess
the causes and effects of each single risk that is perceived to be relevant for the
organization. As, the objectives of risk identification and risk assessment are
substantially different they need to be operationalized as two separate constructs.
Craighead et al. (2007) argue that the disruption severity is influenced by the time it
takes for a company to learn about a risk or to predict the respective disruption.
Consequently, companies need to develop an ability to predict disruptions early so that
risks can be duly assessed and mitigation efforts can take effect. By carefully scanning
the environment for early indicators, relevant risks are thus recognized in time and
mitigation actions can be initiated (Craighead et al., 2007; Hendricks and Singhal, 2003;
Tomlin, 2006; Zsidisin et al., 2004). A totally undirected search for new risks, however,
does not use the limited resources of an organization in the most efficient way. Owing to
the resource constraints that exist for any company it is necessary to define observation
fields and discover potential sources of risks and vulnerabilities with the least input of
resources. Observation fields are typically circled around already known sources of risk
and the most critical and vulnerable areas of the supply chain. With the complexity of
global supply chain operations, this requires knowledge about a company’s most critical
components, processes and suppliers worldwide in order to focus the existing resources
on the most fragile areas of the supply chain (Hallikas et al., 2002; Kleindorfer and Saad,
2005; Steele and Court, 1996). The final operationalization of the risk identification
construct in our study including a detailed item description with their respective
loadings can be found in the Appendix Table AI.
It is important to note that only risks that are identified in the first step can be
assessed and managed in the subsequent process (Berg et al., 2008). Literature suggests
that the critical first step of a risk management process is risk identification (Kleindorfer
and Saad, 2005). Thus, the quality of the risk identification activities is crucial for the
overall supply chain risk management process. Therefore, the subsequent step –
namely risk assessment – highly depends on the activities and results of the first step.
Only events that have been identified as risks can be evaluated for their actual potential
to harm the organization’s supply chain and environment. Therefore, the subsequent
step – namely risk assessment – highly depends on the activities and results of the first
step. Therefore, we derive our first hypothesis:
H1. Supply chain risk identification activities have a positive impact on supply
chain risk assessment.

Risk assessment
Second step of the proposed supply chain risk management process is risk assessment.
Almost every definition of risk assessment in the literature includes an evaluation of the
likelihood of occurrence and an estimation of the possible impact in case the risk event
unfolds (Hallikas et al., 2002; Harland et al., 2003; Kleindorfer and Saad, 2005; Manuj and Supply risk
Mentzer, 2008a, b; Ritchie and Brindley, 2007; Schmitt and Singh, 2009; de Souza et al., management
2009; Steele and Court, 1996; Yates and Stone, 1992; Zsidisin et al., 2004). Risk
assessment processes in the field of upstream supply chain management are no
exception here. The main purpose of risk assessment is thus to provide the necessary
in-depth information about a risk identified in order to effectively avoid it, reduce its
likelihood and impact, accept its occurrence or prepare contingency plans (Baird and 65
Thomas, 1985).
The risk assessment process needs to understand the factors leading to the
occurrence of a specific risk and provides information on risk drivers and key
vulnerabilities in the upstream supply chain. Special attention needs to be paid to the
inter-relatedness of risks and trigger events (Harland et al., 2003; Kleindorfer and Saad,
2005; Manuj and Mentzer, 2008b; Ritchie and Brindley, 2007). The resulting business
impact of a disruption highly depends on how fast a specific risk unfolds and upon the
duration of the risk event (Braunscheidel and Suresh, 2009; Hendricks and Singhal, 2003;
Manuj and Mentzer, 2008b; Schmitt and Singh, 2009). Therefore, the outcome of the risk
assessment activities needs to provide a classification of all identified risks and put them
into a prioritizing order. Graphical illustration can help to map risks in an appropriate
way and show where, when, and with what likelihood and impact risks might occur
(Hallikas et al., 2002; Harland et al., 2003; Manuj and Mentzer, 2008b; Matook et al., 2009;
Norrman and Jansson, 2004; Ritchie and Brindley, 2007; Schmitt and Singh, 2009; Steele
and Court, 1996; de Souza et al., 2009; Yates and Stone, 1992). The final operationalization
of the risk assessment construct can be found in the Appendix Table AII.
The specific understanding of any identified risk through an in-depth assessment
process is thus necessary to initiate the right mitigation activities as prevention or once
it occurs. For the mitigation to be effective and suitable for the specific risk, detailed
knowledge about the type of risk, its sources and possible impact is necessary.
Mitigation activities can only work well, when the risk assessment is done carefully
and correctly because all mitigation activities heavily rely on the understanding
derived from the previous step. We hypothesize therefore:
H2. Supply chain risk assessment activities have a positive impact on supply
chain risk mitigation.

Risk mitigation
Risk mitigation makes use of the data collected in the previous step to address potential
risks with the right countermeasures. This includes classic mitigation strategies (before
the risk event) and contingency plans (after the risk event). For each relevant risk, an
appropriate mitigation strategy needs to be developed and executed. Risk mitigation
includes the development as well as the evaluation of diverse mitigation strategies
towards their potential value and required investments (Chopra et al., 2007; Kleindorfer
and Saad, 2005; Manuj and Mentzer, 2008b; Wagner and Bode, 2006). Kleindorfer and
Saad (2005) argue that prevention is better than cure, requiring risk managers to act fast
and treat urgent risks first. However, fast action can only be achieved when managers
prioritize risk management activities and understand risk management as one of their
core management tasks. Thus, risk management activities need to be seen as an
important task within the company (Zsidisin et al., 2004; Kleindorfer and Saad, 2005;
Berg et al., 2008; Chen and Paulraj, 2004). The literature emphasizes that early
IJPDLM and effective mitigation can only be achieved through close collaboration between supply
42,1 chain partners. Risk mitigation also needs to be supported from various functions within
the firm. This requires support from senior executives enabling holistic thinking, joint
decision making and fast implementation activities (Berg et al., 2008; Chen and Paulraj,
2004; Kleindorfer and Saad, 2005; Zsidisin et al., 2004). The final operationalization of the
risk mitigation construct can be found in the Appendix Table AIII.
66 In sum, risk mitigation activities aim to reduce the probability of risk occurrences and
reduce the negative impact of an occurred risk (Tomlin, 2006). Risk identification and risk
assessment indirectly contribute to risk performance by supporting the development of
an optimal risk mitigation strategy. However, only executed risk mitigation activities
have direct impact on the risk performance of an organization. While the previous steps
of the risk management process contribute to better risk mitigation, only suitable and
well-executed risk mitigation activities can directly contribute to risk performance in the
form of lower probabilities for specific risks or a reduced impact of occurred risks
affecting the supply chain. Therefore, we hypothesize:
H3. Supply chain risk mitigation activities have a positive impact on supply chain
risk performance.

Continuous improvement process

A continuous monitoring and improvement process is part of any iterative risk
management process. We argue in line with previous research that risk management
activities need to be repeated regularly and frequently (Giunipero and Eltantawy, 2004;
Kleindorfer and Saad, 2005). Even after a successful mitigation activity for an occurred
risk, continuous monitoring is necessary to control the risk, analyze the effectiveness of
the applied mitigation strategy and adjust measures if necessary at each step of the
supply risk management process based on lessons learned (Craighead et al., 2007;
Giunipero and Eltantawy, 2004; Matook et al., 2009; Norrman and Jansson, 2004; Rees
and Allen, 2008).
Like other processes, supply chain risk management also has to adapt to new situations
over time and strive for continuous improvement. The utility of the current risk
management activities needs to be assessed regularly and corrections have to be made on
an ongoing basis given new input at any stage of the process. Transparency about a firm’s
risk management effectiveness can also serve as a strong incentive for employees to
improve their personal risk awareness and justify financial investments into training,
systems or additional resources (Hendricks and Singhal, 2003; Kleindorfer and Saad, 2005).
In sum, continuous improvement processes can further develop and optimize the three
distinctive risk management steps. The ongoing evaluation of a firm’s risk management
processes helps to shed light on potential areas for improvement and acknowledges the
contribution of effective measures of identification as well as lessons learned from
earlier incidents. With increased complexity and dynamics in the business environment,
risk identification has to cope with ever new forms of risks. Continuous improvement
activities are the instruments to learn from prior mistakes and will support risk
identification activities to find new relevant risks in an efficient way. Therefore, we
hypothesize:
H4a. A continuous improvement process has a positive impact on supply chain risk
identification.
Similarly, risk assessment activities highly depend on the risk identified and are highly Supply risk
specific by nature. Each risk needs to be analyzed in detail and the specific management
characteristics of the risk event, its impact and its sources needs to be understood
during the analysis. With new risks evolving over time, risk assessment needs to adapt
and find new ways to best analyze those risks. Professional activities for continuous
improvement support this process of change effectively and strive for high efficiency.
Therefore, risk assessment is hypothesized to benefit from such activities: 67
H4b. A continuous improvement process has a positive impact on supply chain risk
assessment.
Risk mitigation activities are usually highly event driven and take place when a certain risk
unfolds. Inter-functional and inter-firm collaboration were described as important activities
for effective risk mitigation. These relationships and activities can constantly be improved
by a continuous improvement process even though the actual activities are highly specific
and often do not allow for repetitive behavior. Therefore, we hypothesize that the
continuous improvement process can also positively influence risk mitigation activities:
H4c. A continuous improvement process has a positive impact on supply chain risk
mitigation.

Risk performance
Measuring supply chain risk performance continues to present a challenge to
researchers as well as practitioners. Berg et al. (2008) conducted a case study about how
companies assess the performance of their supply chain risk management programs.
We draw upon those insights when measuring risk performance and contribute to the
further development of risk performance constructs. Risk management activities finally
aim at reducing the frequency and impact of supply risks. Consequently, any risk
performance evaluation should measure such reductions (Berg et al., 2008; Hendricks
and Singhal, 2003; Manuj and Mentzer, 2008b). In our study, we focused on a time
horizon of three years to measure a reduction of frequency and impact similar to the
approach applied by Hendricks and Singhal (2005).
However, a reduction of frequency and impact does not fully capture our proposed
risk performance construct. We argue that well-informed decisions of whether to accept
or mitigate a risk and clear processes and responsibilities with only few firefighting
activities are also part of a superior risk performance. A well identified, assessed and
mitigated risk can unfold with only little negative impact on the business. Good risk
performance is consequently signaled by well-defined procedures on how to manage
supply chain risks as well. With a systematic process, clear responsibilities and
elaborated contingency plans, companies are able to accommodate risks according to
their daily routines and without unplanned frequent firefighting actions (Berg et al.,
2008; Hendricks and Singhal, 2003; Kleindorfer and Saad, 2005; Norrman and
Jansson, 2004; Matook et al., 2009; Steele and Court, 1996; Wagner and Bode, 2008;
Zsidisin et al., 2004). Even though a supply risk manager may have the lead in mitigating
a risk, interdisciplinary teams are usually necessary to adequately solve the situation
and mitigate the risk entirely. Thus, a high supply chain risk management level requires
the preparedness and risk awareness of many employees within the firm beyond
the purchasing and supply management staff (Hallikas et al., 2002; Manuj and Mentzer,
2008b).
IJPDLM The empirical study
42,1 Sample and data collection
To capture a broad picture of supply chain risk management activities and performances,
the conceptual model was tested using information from a cross-industry sample of
manufacturing firms. We opted for a focus on manufacturing firms because with batch
and mass production and frequent supplier collaboration this sector seems most suitable
68 for our supply chain risk management research. A mailed survey was the most
appropriate instrument to apply and test our hypotheses. Data collection focused on
large- and mid-sized companies because they are more likely to have complex governance
systems and standardized processes in place (Bonaccorsi et al., 2006; Simsek et al., 2005).
In accordance with Simonin (1997), only large and mid-sized companies with
revenues above e50 million were selected. Contacts were obtained from a professional
address provider who offered the largest available research sampling frame of valid
addresses within Germany including contact details of a senior supply management
executive. The measurement items were drawn from the relevant literature as discussed.
Respondents indicated their perception of each measurement item on a seven-point
Likert-type scale. The face validity of the survey items was assessed by iteratively
refining the item wording and terminology with a panel of eleven senior managers and
eleven academic domain experts. After revising the wording according to their comments
the survey instrument was sent out to 1,146 addresses fulfilling our sample frame
requirements. The data collection took place during a period of three months in 2007
before the economic and financial crisis occurred.
With a sample of 162 completed questionnaires, the effective response rate equals
14.1 percent. Basic demographic statistics are shown in Table I. The mean sales of the
resulting sample is e5.1 billion. The mean number of employees is around 14,000. Thus,
the sample fulfills the initial requirement of large- and mid-sized industrial companies
with a purchasing and supply chain management function of relevance for the companies.
We targeted high-level managers, since they typically form more reliable sources of
information than other colleagues (Miller and Roth, 1994). The survey respondents held
titles such as chief purchasing officer, purchasing officer, supply manager, supply risk
manager. More than 60 percent of the respondents were (chief) purchasing officers within
their respective business divisions. The other respondents held positions as supply risk
manager, team leader in purchasing and others. Respondents had substantial work
experience within the field of supply chain management with an average of more than
12 years.
To detect non-response bias, the data were tested for differences between early and
late respondents. Of returned questionnaires, 50 percent arrived within ten days after the
start of the data collection period. Those 82 datasets were considered early respondents,
whereas the remaining 80 respondents were classified as late respondents. A t-test
including all variables of the structural model showed no significant differences
between early and late respondents at the p , 0.05 significance level (Armstrong
and Overton, 1977). Therefore, non-response bias seems not to be a major issue in this
study.
Although it is common in management research to use key informants as a source,
the collected data are prone to some common method bias. In line with previous studies
in this field, we addressed this potential problem in several ways. First, we followed
the recommendations made by Podsakoff et al. (2003) for the questionnaire design
 Supply risk
Percentage of firms
management
Industry
Aerospace 4
Automotive 22
Chemical 8
Electronics 15 69
Energy and water supply 3
Machinery and equipment engineering 24
Medical equipment 4
Metal processing 6
Rubber and plastic 6
Other 8
Firm size: sales (in million e) (Mean ¼ 5,661, SD ¼ 19,586, n ¼ 144)
,100 (min. ¼ 50) 19
100-200 18
200-500 24
500-10,000 29
10,000-100,000 9
.100,000 (max. ¼ 150,000) 1
Firm size: number of employees (Mean ¼ 15,297, SD ¼ 46,931, n ¼ 152)
,500 (min. ¼ 200) 18
500-1,000 27
1,000-10,000 32
10,000-300,000 22
.300,000 (max. ¼ 382,000) 1
Purchasing volume (in million e) (Mean ¼ 2,861, SD ¼ 13,424, n ¼ 140)
,50 (min. ¼ 15) 26
50-100 18
100-200 16
200-500 13
500-10,000 22
10,000-100,000 4
.100,000 (max. ¼ 118,000) 1
Respondents: years of experience in purchasing (Mean ¼ 12.1, SD ¼ 9.41, n ¼ 157)
.40 (max. ¼ 41) 2
30-40 6
20-30 15
10-20 28 Table I.
5-10 24 Basic demographic
,5 (min. ¼ 0.5) 25 statistics

and data collection. We designed the survey instrument separating the measurement
items in the questionnaire (Drolet and Morrison, 2001; Podsakoff and Organ, 1986) and
guaranteed the respondents complete anonymity. Furthermore, high ranking
informants such as in our study are considered to be a more reliable source
(Bagozzi and Phillips, 1982; Phillips, 1981).

Analytical method
We analyzed the measurement and structural models using a PLS approach, specifically
SmartPLS Version 2.0 M3 Beta (Ringle et al., 2005). PLS is the most appropriate analytic
IJPDLM technique for our study for several reasons. First, its distribution-free method weights
42,1 indicator loadings on constructs in context of the theoretical model rather than
in isolation (Hulland, 1999). Second, PLS is most appropriate in examining data where
the sample size is relatively small (Hulland, 1999; Mitchell and Nault, 2007). Third,
designed to explain variance, PLS is more suitable for predictive applications and theory
building (Chin, 1997)[1]. To ensure the proper use of this technique we followed
70 the general procedures described by Chin (1998a) and Hulland (1999).

Measurement model
We operationalized the variables using multi-item reflective measures. Based on our
literature review, existing measures were used wherever possible. Newly developed or
adapted constructs and items were rigorously anchored in the literature and discussed
in several focus group workshops to ensure high content validity. For a detailed list of
indicators and constructs with their respective literature sources, the reader is referred
to Tables AI-AV in the Appendix.
Construct validity is assessed by its three sub-dimensions: content, convergent and
discriminant validities. Content validity was addressed by rigorously anchoring every
item and every construct in the literature and testing its validity within several focus
group workshops. We assessed convergent validity, reliability and internal consistency.
To do so, we checked all path coefficients for significant values higher than 0.7 and
assessed composite reliability as well as average variance extracted (AVE) for each
construct. Figure 2 shows the loadings for each measurement item on its respective
construct. To test their statistical significance we used a bootstrapping approach (Efron
and Tibshirani, 1993). We followed the procedure as in Johnston et al. (2004), generating
1,000 samples of randomly selected cases and then calculated path coefficients and
t-statistics for each sample. The cross-loading results confirm further the validity of the
measurement model. A standardized loading of 0.7 is the commonly applied threshold
for item loadings on established scales (Fornell and Larcker, 1981). All measurement
items are above the threshold and thus support the assumption of a valid measurement
model.
Composite reliability and AVE for the five latent constructs are shown in Table II.
Composite reliability measures the inter-item consistency. Unlike Cronbach’s a,
composite reliability does not assume equally weighted measures and should have a
value of at least 0.7 (Chin, 1998b). The composite reliability of our measures show values
of 0.884 and above suggesting that each scale has excellent reliability. The high values
for the AVE indicate that the items share far more than half of the variance of their
respective constructs. Each construct substantially exceeds the commonly applied
threshold of 0.5 (Chin, 1998b; Fornell and Larcker, 1981).
We also assessed discriminant validity in order to address the potential problem of
having one construct overlapping with the defined area of another construct. One
criterion for adequate discriminant validity is that each item should load highest on
the construct it is intended to measure (Carmines and Zeller, 2008). We checked the
items’ cross-loadings finding that all items load highest on their respective construct.
Additionally, following the procedures outlined in Fornell and Larcker (1981),
we calculated the squared correlations between the constructs which are presented in
Table III. Discriminant validity is obtained when all squared correlation values are
significantly different from 1 (Anderson and Gerbing, 1988). Thus, discriminant validity
 ident_1 l
1 =0
Supply risk
l2 =
7
.82
management
ident_2 0.857 Risk
l 3 = 0.792 Identification
ident_3
.85
6 R2 = 0.589
=0
l4
ident_4 71
H1+
γ1 = 0.436 H4a+
γ4a = 0.767

assess_1 l
5 =0
.87
l 9
assess_2 6 =0
.86
4
l7 = 0.896 Risk H4b+
Continuous
assess_3 Assessment Improvement
0.80
8 γ4b = 0.486
l8 = R2 = 0.712 Process
2
assess_4 .89
=0
l9
assess_5 H4c+

l 15
91
γ4c = 0.234
0.

=
H2+ =

0.9
γ2 = 0.641
13
l14 = 0.903
l

16
improve_1 improve_2 Improve_3
l
mitigate_1 =010
.90
0
l11 = 0.881 Risk
mitigate_2 Mitigation
0.779
l 2= 1 R2 = 0.712
mitigate_3

H3+
γ3 = 0.674

perform_1 l
16 =
0.7
72
l1 =
perform_2 7 0 .850 Risk
l 18 = 0.78
5 Performance
perform_3 3 1 R2 = 0.455 Figure 2.
. 8
=0 Structural and
l 19
perform_4
measurement model

is identified for all our constructs (Hulland, 1999) since they are sufficiently distinct from
each other. An even more stringent criterion is formulated by Fornell and Larcker (1981),
advising values for squared correlations to be smaller than the AVE of the respective
construct as shown in Table II. All our constructs also satisfy this more stringent
criterion. Thus, we conclude that all our constructs show sufficient discriminant
validity.
IJPDLM Structural model
42,1 The results of the structural model are shown in Figure 2. Our model explains 46 percent
of the variance observed in risk performance. Additionally, 71 percent of variance
observed in risk mitigation, 75 percent in risk assessment and 59 percent in risk
identification are explained through our model. All our above-stated hypotheses are
supported with path loadings being significant at the p , 0.001 level.
72 First, the path coefficient from risk identification to risk assessment is strong,
positive and highly significant (g1 ¼ 0.436; p , 0.001 level). Thus, organizations that
regularly and diligently engage in identifying upstream supply chain risks are found to
also perform strongly in their risk assessments. Therefore, our H1 is supported by the
model. Similarly, the path coefficient from risk assessment to risk mitigation is highly
positive and significant (g2 ¼ 0.641; p , 0.001 level). Thus, it can be stated that firms
with due and proper risk assessment tools and activities are most likely to excel in risk
mitigation actions. Hence, we find empirical support for our H2. The standardized path
from risk mitigation to risk performance is also statistically significant with a positive
path coefficient (g3 ¼ 0.674; p , 0.001 level). This result supports the notion that
organizations with superior risk mitigation activities perform generally better in
reducing the impact of risks on their supply chain. This lends support to H3. The path
coefficients from the continuous improvement process construct to the three other risk
management constructs are all highly significant and positive. The positive path
coefficient from continuous improvement process to risk identification (g4a ¼ 0.767;
p , 0.001 level) implies that companies that monitor their risk management actions,
regularly assess their utility and adjust their risk management processes accordingly
are found to have also advanced levels of risk identification activities. Hence, our H4a is
supported. The path coefficient from continuous improvement process to risk
assessment is also showing a positive and significant relationship (g4b ¼ 0.486;
p , 0.001 level). This implies that a firm’s effort to regularly assess and adjust its risk
management processes has a positive effect on its risk assessment practices further

Construct Number of items (1) (2) (3) (4) (5)

(1) Identification 4 1
Table III. (2) Assessment 5 0.655 1
Squared correlation (3) Mitigation 3 0.532 0.694 1
matrix for latent multiple (4) Continuous improvement process 3 0.589 0.674 0.578 1
item constructs (5) Performance 4 0.452 0.416 0.455 0.517 1

Composite reliability AVE

Risk identification 0.901 0.695

Risk assessment 0.939 0.754
Risk mitigation 0.890 0.730
Continuous improvement process 0.935 0.828
Risk performance 0.884 0.657
Table II. Notes: Composite reliability is a measure of the internal consistency of the construct indicators; AVE
Composite reliability reflects the overall amount of variance in the indicators accounted for by the latent construct;
and AVE individual item loadings and critical ratios are reported in the Appendix
supporting H4b. It can also be stated that companies are most likely to excel in their risk Supply risk
mitigation actions if they invest in a continuous improvement process. The positive and management
significant path coefficient from continuous improvement process to supply risk
mitigation (g4c ¼ 0.234; p , 0.001 level) supports our H4c.

Discussion and implications

Throughout this paper, we address the need for professional supply chain risk 73
management activities along the risk management process – risk identification,
risk assessment and risk mitigation. We argue that companies with higher competencies
in these three process steps of the upstream supply chain risk management show
superior performance when it comes to the reduction of the frequency and impact
of supply chain risks. Our findings provide evidence that supply chain risk activities
support the operational and strategic preparedness of organizations towards a wide
range of risks. To the best of our knowledge, this is one of the first large-scale, empirical
studies on the process dimensions of upstream supply chain risk management and
contributes to theory and practice in several ways.
Through the literature review, we significantly elaborate on existing theory. Our
detailed operationalization of the constructs sheds further light on the problem of
measuring risk management efforts and performance. With our scales demonstrating
excellent consistency, the partial least squared analysis explains between 46 and
75 percent of the observed variances in our model. Thus, the presented items in our study
provide a sound empirical starting point for further large-scale research in this area.
As research on risk identification and risk assessment is scarce (Kouvelis et al., 2006),
we put a special focus on these two constructs and clearly demonstrate their importance
within the overall risk management process. Our results indicate that all constructs are
closely linked to their antecedents, supporting the view of an integrated risk
management process where risk identification, risk assessment and risk mitigation can
only be successful when closely linked together. The high variances explained by our
model support the notion that accurate risk assessment is only possible with excellent
prior risk identification, just as risk mitigation is impossible without a prior risk
assessment. Activities need to be performed sequentially in order to yield visible
benefits for companies. These empirical results are also consistent with earlier findings
in the case-based literature (Berg et al., 2008; Craighead et al., 2007; Zsidisin et al., 2000).
Additionally, our results lend support to the application of traditional risk
management constructs in the area of supply chain risk management. Even though the
complexity of supply chains might lead to differing activities from traditional risk
management, the basic risk management process is still suitable. Our study provides
insights on how risk management tools and methods derived from previous studies can
contribute to risk performance improvement. Kouvelis et al. (2006) argue that despite the
surge of academic interest in supply chain risk management, implementation in practice
still lags behind. Well defined measurement methods and clear evidence can help to
translate risk management practices into a business case and justify further investments.
Our results provide managers with a strong argument to invest in supply chain risk
management projects (Chen and Paulraj, 2004).
The empirical results both support the sequence of risk identification, risk
assessment and risk mitigation and also offer a warning note to researchers. Further
attention needs to be paid to the boundaries of the three steps because every company
IJPDLM has slightly different process definitions especially for risk identification and risk
42,1 assessment. Clear definitions of the scope and boundaries between the process steps
are necessary in order to identify which supply chain risk management activities
finally yield the highest benefits for companies.
The strong effect of a continuous improvement process on risk identification, risk
assessment, and risk mitigation lends support to the notion that supply chain risk
74 management processes need to constantly adapt and integrate lessons learned from
ongoing experiences. The impact is strongest from continuous improvement to risk
identification which is in line with the idea that risk identification is the most undefined
process step and can therefore benefit maximally from the integration of lessons learned
and continuous improvement efforts. The strong effect of continuous improvement
activities on risk identification also supports the view of a dynamic environment where
activities need to be re-adjusted regularly. The impact of continuous improvement on risk
mitigation is somewhat lower but still higher than on the mitigation activities. Again, this
seems to confirm the decreasing impact of any continuous improvement effort on the
supply chain risk management activities risk assessment and mitigation as both steps are
much more standardized compared to risk identification.

Limitations and future research directions

Our study lends credence to the notion that effective supply chain risk management
processes significantly contribute to risk performance improvements. In addition, our
study further elaborates on existing theory and provides detailed operationalizations of
the major risk management constructs. In accomplishing these objectives, however, we
have made several research design choices that result in some limitations for our study.
Even though our sample covers a variety of industrial firms, the data were gathered
solely within Germany. This limits the potential generalization of the study results. An
application of the developed constructs should be tested using a broader sample with
regards to both global and horizontal diversities. Like most studies in the past, we
surveyed high-level supply chain professionals from individual firms who are capable of
reliable assessments and are generally considered as a reliable source. The lack of
multiple informants from each firm offers the opportunity for further research. It would
be informative to replicate this study within an international setting surveying multiple
sources and informants within the participating companies. We chose the PLS method
for reasons of predictive power and small sample size. When we assessed the model
using LISREL, not all the fit indices for our model satisfied the commonly applied
thresholds. While this can be seen as a limitation of this study, our findings still help us to
further develop theory in supply risk management. Our study clearly demonstrates the
strong relationship among the analyzed constructs. The use of Likert-type scales
prevents the collection of qualitative data that led to the perceptions indicated in the
survey. A further interesting question that arises from our study is what specific risks
primarily drive the supply chain risk management activities of companies. More
qualitative research is needed to go deeper into the variety of different risks that require
distinct assessment and mitigation strategies.
Though our model notably sheds light on the effect of upstream supply chain risk
management activities on risk performance improvement, it would be interesting to
investigate what other factors contribute to upstream supply chain risk performance.
Further research is needed, possibly using a longitudinal study approach to reveal
in detail how frequency and impact of risk events change over time. This would provide Supply risk
even more detailed knowledge about the effect of risk management activities on risk management
performance. Furthermore, future studies might analyze how supply chain risk
performance impacts supply chain performance. In addition, future research that
incorporates both downstream and upstream risk management approaches into the
analyses would provide a valuable contribution to the literature by further developing a
holistic model for supply chain risk management. 75

Note
1. Even though PLS is the preferred method for prediction and early theory development, we
also tested the model using covariance-based technique (LISREL). Calculating the model
using the SPSS Amos package provided the following results: x2 ¼ 535.883; df ¼ 146;
CFI ¼ 0.845; NFI ¼ 0.802; RMSEA ¼ 0.129. The fit indices show a mixed picture manly due
to the small sample size and thus, provide additional support to the PLS method.

References
Anderson, J.C. and Gerbing, D.W. (1988), “Structural equation modeling in practice: a review and
recommended two-step approach”, Psychological Bulletin, Vol. 103 No. 3, pp. 411-23.
Armstrong, J.S. and Overton, T.S. (1977), “Estimating nonresponse bias in mail surveys”, Journal
of Marketing Research, Vol. 14 No. 3, pp. 396-402.
Bagozzi, R.P. and Phillips, L.W. (1982), “Representing and testing organizational theories:
a holistic construal”, Administrative Science Quarterly, Vol. 27 No. 3, pp. 459-89.
Baird, I.S. and Thomas, H. (1985), “Toward a contingency model of strategic risk taking”,
Academy of Management Review, Vol. 10 No. 2, pp. 230-43.
Barry, J. (2004), “Supply chain risk in an uncertain global supply chain environment”, International
Journal of Physical Distribution & Logistics Management, Vol. 34 No. 9, pp. 695-7.
Berg, E., Knudsen, D. and Norrman, A. (2008), “Assessing performance of supply chain risk
management programmes: a tentative approach”, International Journal of Risk Assessment
and Management, Vol. 9 No. 3, pp. 288-310.
Bode, C. and Wagner, S.M. (2009), “Risk and security – a logistics service industry perspective”,
in Wagner, S.M. and Bode, C. (Eds), Managing Risk and Security: The Safeguard of
Long-term Success for Logistics Service Providers, Haupt, Bern, pp. 1-30.
Bonaccorsi, A., Giannangeli, S. and Rossi, C. (2006), “Entry strategies under competing
standards: hybrid business models in the open source software industry”, Management
Science, Vol. 52 No. 7, pp. 1085-98.
Braunscheidel, M.J. and Suresh, N.C. (2009), “The organizational antecedents of a firm’s supply
chain agility for risk mitigation and response”, Journal of Operations Management, Vol. 27
No. 2, pp. 119-40.
Buhman, C., Kekre, S. and Singhal, J. (2005), “Interdisciplinary and interorganizational research:
establishing the science of enterprise networks”, Production and Operations Management,
Vol. 14 No. 4, pp. 493-513.
Carmines, E.G. and Zeller, R.A. (2008), Reliability and Validity Assessment, Sage,
Newbury Park, CA.
Chen, I.J. and Paulraj, A. (2004), “Towards a theory of supply chain management: the constructs
and measurements”, Journal of Operations Management, Vol. 22 No. 2, pp. 119-50.
IJPDLM Chin, W.W. (1997), Overview of the PLS Method, available at: http://disc-nt.cba.uh.edu/chin/
PLSINTRO.HTM (accessed 27 July 2010).
42,1 Chin, W.W. (1998a), “Issues and opinion on structural equation modeling”, MIS Quarterly, Vol. 22
No. 1, pp. vii-xvi.
Chin, W.W. (1998b), “The partial least squares approach for structural equation modeling”,
in Marcoulides, G.A. (Ed.), Modern Methods for Business Research, Lawrence-Erlbaum,
76 Mahwah, NJ, pp. 295-336.
Chopra, S., Reinhardt, G. and Mohan, U. (2007), “The importance of decoupling recurrent and
disruption risks in a supply chain”, Naval Research Logistics, Vol. 54 No. 5, pp. 544-55.
Cohen, M.A. and Kunreuther, H. (2007), “Operations risk management: overview of
Paul Kleindorfer’s contributions”, Production and Operations Management, Vol. 16
No. 5, pp. 525-41.
Craighead, C.W., Blackhurst, J., Rungtusanatham, M.J. and Handfield, R.B. (2007), “The severity
of supply chain disruptions: design characteristics and mitigation capabilities”, Decision
Sciences, Vol. 38 No. 1, pp. 131-56.
de Souza, R., Goh, M. and Meng, F. (2009), “Risk management in supply chains under
uncertainty”, in Wagner, S.M. and Bode, C. (Eds), Managing Risk and Security:
The Safeguard of Long-term Success for Logistics Service Providers, Haupt, Bern, pp. 31-58.
Drolet, A.L. and Morrison, D.G. (2001), “Do we really need multiple-item measures in service
research?”, Journal of Service Research, Vol. 3 No. 3, pp. 196-204.
Efron, B. and Tibshirani, R.J. (1993), An Introduction to the Bootstrap, Chapman & Hall,
New York, NY.
Fornell, C. and Larcker, D.F. (1981), “Evaluating structural equation models with
unobservable variables and measurement error”, Journal of Marketing Research, Vol. 18
No. 1, pp. 39-50.
Ghoshal, S. (1987), “Global strategy: an organizing framework”, Strategic Management Journal,
Vol. 8 No. 5, pp. 425-40.
Giunipero, L.C. and Eltantawy, R.A. (2004), “Securing the upstream supply chain: a risk
management approach”, International Journal of Physical Distribution & Logistics
Management, Vol. 34 No. 9, pp. 698-713.
Hallikas, J., Virolainen, V.M. and Tuominen, M. (2002), “Risk analysis and assessment in network
environments: a dyadic case study”, International Journal of Production Economics, Vol. 78
No. 1, pp. 45-55.
Harland, C., Brenchley, R. and Walker, H. (2003), “Risk in supply networks”, Journal of
Purchasing and Supply Management, Vol. 9 No. 2, pp. 51-62.
Hendricks, K.B. and Singhal, V.R. (2003), “The effect of supply chain glitches on
shareholder wealth”, Journal of Operations Management, Vol. 21 No. 5, pp. 501-22.
Hendricks, K.B. and Singhal, V.R. (2005), “An empirical analysis of the effect of supply chain
disruptions on long-run stock price performance and equity risk of the firm”, Production
and Operations Management, Vol. 14 No. 1, pp. 35-52.
Hulland, J. (1999), “Use of partial least squares (PLS) in strategic management research: a review
of four recent. . .”, Strategic Management Journal, Vol. 20 No. 2, pp. 195-204.
Johnston, D.A., McCutcheon, D.M., Stuart, F.I. and Kerwood, H. (2004), “Effects of supplier trust
on performance of cooperative supplier relationships”, Journal of Operations Management,
Vol. 22 No. 1, pp. 23-38.
Kleindorfer, P.R. and Saad, G.H. (2005), “Managing disruption risks in supply chains”,
Production and Operations Management, Vol. 14 No. 1, pp. 53-68.
Kouvelis, P., Chambers, C. and Wang, H. (2006), “Supply chain management research and Supply risk
production and operations management: review, trends, and opportunities”, Production
and Operations Management, Vol. 15 No. 3, pp. 449-69. management
Manuj, I. and Mentzer, J.T. (2008a), “Global supply chain risk management”, Journal of Business
Logistics, Vol. 29 No. 1, pp. 133-55.
Manuj, I. and Mentzer, J.T. (2008b), “Global supply chain risk management strategies”,
International Journal of Physical Distribution & Logistics Management, Vol. 38 No. 3, 77
pp. 192-223.
Matook, S., Lasch, R. and Tamaschke, R. (2009), “Supplier development with benchmarking as
part of a comprehensive supplier risk management framework”, International Journal of
Operations & Production Management, Vol. 29 No. 3, pp. 241-67.
Miller, J.G. and Roth, A.V. (1994), “A taxonomy of manufacturing strategies”, Management
Science, Vol. 40 No. 3, pp. 285-304.
Mitchell, V.L. and Nault, B.R. (2007), “Cooperative planning, uncertainty, and managerial control
in concurrent design”, Management Science, Vol. 53 No. 3, pp. 375-89.
Norrman, A. and Jansson, U. (2004), “Ericsson’s proactive supply chain risk management
approach after a serious sub-supplier accident”, International Journal of Physical
Distribution & Logistics Management, Vol. 34 No. 5, pp. 434-56.
Phillips, L.W. (1981), “Assessing measurement error in key informant reports: a methodological
note on organizational analysis in marketing”, Journal of Marketing Research, Vol. 18 No. 4,
pp. 395-415.
Podsakoff, P.M. and Organ, D.W. (1986), “Self-reports in organizational research: problems
and prospects”, Journal of Management, Vol. 12 No. 4, pp. 531-44.
Podsakoff, P.M., Mackenzie, S.B., Lee, J.Y. and Podsakoff, N.P. (2003), “Common method biases in
behavioral research: a critical review of the literature and recommended remedies”, Journal
of Applied Psychology, Vol. 88 No. 5, pp. 879-903.
Poirier, C.C. and Quinn, F.J. (2004), “How are we doing: a survey of supply chain progress”,
Supply Chain Management Review, Vol. 8 No. 8, pp. 24-31.
Rees, J. and Allen, J. (2008), “The state of risk assessment practices in information security:
an exploratory investigation”, Journal of Organizational Computing and Electronic
Commerce, Vol. 18 No. 4, pp. 255-77.
Ringle, C., Wende, S. and Will, A. (2005), SmartPLS 2.0 M3 Beta, available at: www.smartpls.de
(accessed 12 July 2010).
Ritchie, B. and Brindley, C. (2007), “Supply chain risk management and performance: a guiding
framework for future development”, International Journal of Operations & Production
Management, Vol. 27 No. 3, pp. 303-22.
Schmitt, A.J. and Singh, M. (2009), A Quantitative Analysis of Disruption Risk in a Multi-echelon
Supply Chain, Massachusetts Institute of Technology, Cambridge, MA.
Simonin, B.L. (1997), “The importance of collaborative know-how: an empirical test of the
learning organization”, Academy of Management Journal, Vol. 40 No. 5, pp. 1150-74.
Simsek, Z., Veiga, J.F., Lubatkin, M.H. and Dino, R.N. (2005), “Modeling the multilevel
determinants of top management team behavioral integration”, Academy of Management
Journal, Vol. 48 No. 1, pp. 69-84.
Steele, P. and Court, B.H. (1996), Profitable Purchasing Strategies: A Manager’s Guide for
Improving Organizational Competitiveness through the Skills of Purchasing, McGraw-Hill,
London.
IJPDLM Tang, C.S. (2006), “Perspectives in supply chain risk management”, International Journal of
Production Economics, Vol. 103 No. 2, pp. 451-88.
42,1 Tang, C.S. and Tomlin, B. (2008), “The power of flexibility for mitigating supply chain risks”,
International Journal of Production Economics, Vol. 116 No. 1, pp. 12-27.
Tomlin, B. (2006), “On the value of mitigation and contingency strategies
for managing supply chain disruption risks”, Management Science, Vol. 52 No. 5,
78 pp. 639-57.
Wagner, S.M. and Bode, C. (2006), “An empirical investigation into supply chain vulnerability”,
Journal of Purchasing & Supply Management, Vol. 12 No. 6, pp. 301-12.
Wagner, S.M. and Bode, C. (2008), “An empirical examination of supply chain
performance along several dimensions of risk”, Journal of Business Logistics, Vol. 29
No. 1, pp. 307-25.
Yates, J.F. and Stone, E.R. (1992), Risk-taking Behavior, Wiley, Chichester.
Zsidisin, G.A., Panelli, A. and Upton, R. (2000), “Purchasing organization involvement in risk
assessments, contingency plans, and risk management: an exploratory study”, Supply
Chain Management: An International Journal, Vol. 5 No. 4, pp. 187-97.
Zsidisin, G.A., Ellram, L.M., Carter, J.R. and Cavinato, J.L. (2004), “An analysis of supply risk
assessment techniques”, International Journal of Physical Distribution & Logistics
Management, Vol. 34 No. 5, pp. 397-413.

Further reading
Chang, S.J. (2003), “Ownership structure, expropriation, and performance of group-affiliated
companies in Korea”, Academy of Management Journal, Vol. 46 No. 2, pp. 238-53.
Cheng, L.C. and Grimm, C.M. (2006), “The application of empirical strategic management
research to supply chain management”, Journal of Business Logistics, Vol. 27 No. 1,
pp. 1-57.
Seshadri, S. and Subrahmanyam, M. (2005), “Introduction to the special issue on ‘risk
management in operations’”, Production and Operations Management, Vol. 14 No. 1,
pp. 1-4.
Zsidisin, G.A. (2003), “A grounded definition of supply risk”, Journal of Purchasing & Supply
Management, Vol. 9 Nos 5/6, pp. 217-24.

Appendix
The operationalization of the latent constructs is summarized in this Appendix. The survey used
a seven-point Likert-type scale asking respondents to indicate to what extent they agree with
the following statements. The scale ranged from “does not apply” (1) to “applies
completely” (7). All constructs were operationalized using multi-dimensional reflective items
(Tables AI-AV).
 Standard Critical
Parcel Item Literature loading ratio

ident_1 We are comprehensively informed about Giunipero and Eltantawy (2004), Berg et al. (2008), Kleindorfer and 0.827 26.962
basically possible risks in our supplier Saad (2005), Zsidisin et al. (2004), Tang and Tomlin (2008), Ritchie
network and Brindley (2007), Baird and Thomas (1985), de Souza et al.
ident_2 We are constantly searching for short-term (2009), Manuj and Mentzer (2008a), Bode and Wagner (2009), 0.857 41.999
risks in our supplier network Norrman and Jansson (2004)
ident_3 In the course of our risk analysis for all Matook et al. (2009), Hallikas et al. (2002), Berg et al. (2008), 0.792 21.935
suppliers, we select relevant observation Kleindorfer and Saad (2005), Steele and Court (1996), de Souza et al.
fields for supply risks (2009)
ident_4 In the course of our risk analysis for all Zsidisin et al. (2004), Hallikas et al. (2002), Kleindorfer and Saad 0.856 36.684
suppliers, we define early warning indicators (2005), Hendricks and Singhal (2003), Tomlin (2006),
Craighead et al. (2007)
Note: Verbal definition – the first process step of the risk management process, risk identification, aims at identifying all risks as broadly and as early as
possible by constantly scanning the supply network along several observation fields for short-term risks and early warning indicators

Risk identification
management
Supply risk

Table AI.
79
 80
42,1

Table AII.
IJPDLM

Risk assessment
Standard Critical
Parcel Item Literature loading ratio

assess_1 In the course of our risk analysis for individual Ritchie and Brindley (2007), Harland et al. (2003), Kleindorfer 0.879 44.142
suppliers or supplier groups we look for the and Saad (2005), Manuj and Mentzer (2008b)
possible sources of supply risks
assess_2 In the course of our risk analysis for individual Ritchie and Brindley (2007), Yates and Stone (1992), Steele 0.864 35.805
suppliers or supplier groups we evaluate the and Court (1996), Zsidisin et al. (2004), Harland et al. (2003),
probability of supply risks Hallikas et al. (2002), Schmitt and Singh (2009), Manuj and
Mentzer (2008a, b), Kleindorfer and Saad (2005), de Souza
et al. (2009)
assess_3 In the course of our risk analysis for individual Ritchie and Brindley (2007), Yates and Stone (1992), Steele 0.896 57.952
suppliers or supplier groups, we analyze the and Court (2006), Zsidisin et al. (2004), Harland et al. (2003),
possible impact of supply risks Manuj and Mentzer (2008b), de Souza et al. (2009)
assess_4 In the course of our risk analysis for all suppliers, Ritchie and Brindley (2007), Yates and Stone (1992), Norrman 0.808 26.786
we classify and prioritize our supply risks and Jansson (2004), Steele and Court (1996), de Souza et al.
(2009), Matook et al. (2009), Hallikas et al. (2002), Schmitt and
Singh (2009), Manuj and Mentzer (2008b)
assess_5 In the course of our risk analysis for individual Manuj and Mentzer (2008b), Hendricks and Singhal (2003), 0.892 43.882
suppliers or supplier groups, we evaluate the Schmitt and Singh (2009)
urgency of our supply risks
Notes: Verbal definition – risk assessment analyses each risk identified in the previous step in detail by assessing the likelihood and the possible impact
of each risk; an assessment of possible sources of the risks, an evaluation of urgency and a clear classification and prioritization of all identified risks is
part of this process step
 Supply risk
Standard Critical
Parcel Item Literature loading ratio management
mitigate_1 In the course of our risk analysis Manuj and Mentzer (2008b), 0.900 62.592
for individual suppliers or Wagner and Bode (2006),
supplier groups, we demonstrate Kleindorfer and Saad
possible reaction strategies (2005), Chopra et al. (2007) 81
mitigate_2 In the course of our risk analysis Manuj and Mentzer (2008b), 0.881 36.596
for individual suppliers or Wagner and Bode (2006),
supplier groups, we evaluate the Kleindorfer and Saad
effectiveness of possible reaction (2005), Chopra et al. (2007)
strategies
mitigate_3 Supply risk management is an Zsidisin et al. (2004), 0.779 21.123
important activity in our Kleindorfer and Saad
company (2005), Berg et al. (2008),
Chen et al. (2004)
Notes: Verbal definition – risk mitigation incorporates all activities concerned with deciding how to
deal with a certain risk and executing the chosen strategy; risk mitigation therefore includes the
development and evaluation of different mitigation strategies and a priority within the company in Table AIII.
order to execute a strategy quickly Risk mitigation

Standard Critical
Parcel Item Literature loading ratio

improve_1 We control our risk Kleindorfer and Saad (2005) 0.911 62.108
management methods in
purchasing and supply
management and adapt these
to changing conditions
improve_2 We control the progress of Matook et al. (2009), Norrman 0.903 45.872
measures taken for critical and Jansson (2004), Giunipero
supply risks and Eltantawy (2004), Rees
and Allen (2008), Craighead
et al. (2007)
improve_3 We control the fundamental Kleindorfer and Saad (2005), 0.916 68.216
effectiveness of our activities Hendricks and Singhal (2003)
for identifying and analyzing
supply risks
Note: Verbal definition – continuous improvement process for risk management activities includes Table AIV.
the control of all risk management measures and of the effectiveness in order to ensure that the risk Continuous improvement
management process constantly adapts to the changing conditions of the business environment process
IJPDLM
Standard Critical
42,1 Parcel Item Literature loading ratio

perform_1 Our employees are highly Hallikas et al. (2002), Manuj and 0.772 21.442
sensibilized for the perception of Mentzer (2008b)
supply risks
perform_2 Our risk management processes Matook et al. (2009), Zsidisin 0.850 34.907
82 in purchasing are very et al. (2004), Berg et al. (2008),
professionally designed Norrman and Jansson (2004),
Manuj and Mentzer (2008b),
Kleindorfer and Saad (2005);
Wagner and Bode (2008),
Hendricks and Singhal (2003),
Steele and Court (1996)
perform_3 We have clearly managed to Berg et al. (2008), Manuj and 0.785 15.394
minimize the frequency of Mentzer (2008b), Hendricks and
occurrence of supply risks over Singhal (2003)
the last three years
perform_4 We have clearly managed to Berg et al. (2008), Manuj and 0.831 18.580
minimize the impact of Mentzer (2008b), Hendricks and
occurrence of supply risks over Singhal (2003)
the last three years
Note: Verbal definition – risk performance measures the performance of a risk management process
Table AV. by not only looking at a reduction of the frequency and the impact of risk events but also considering
Risk performance professionally designed processes and the risk awareness of all employees

About the authors

Dr Daniel Kern received his doctoral degree from the Chair of Supply Chain Management of the
Friedrich-Alexander-University Erlangen-Nuernberg, Germany. His research interests cover
empirical studies on supply chain risk management, supply chain collaboration and purchasing
competence. Daniel Kern is the corresponding author and can be contacted at: [email protected]
Professor Dr Roger Moser is Assistant Professor at EBS Business School, Germany, and
EADS-SMI Endowed Chair Professor at the Indian Institute of Management Bangalore, India. His
research interests cover global sourcing, international management and strategic supply chain
management. In his role as academic advisor and member of various advisory boards he has often
discussed with Chief Procurement Officers their management challenges and their need for
structured frameworks when managing the purchasing function.
Professor Dr Evi Hartmann is Professor for Supply Chain Management at
Friedrich-Alexander-University Erlangen-Nürnberg (Germany). Her primary areas of research
interest include services supply management, global sourcing, and sustainable supply chain
management. She has published in Journal of Supply Chain Management, Journal of International
Management, Industrial Marketing Management, International Journal of Production Economics,
Journal of World Business and other managerial and academic outlets.
Dr Marco Moder is a Consultant at McKinsey & Company, Germany. His prior work
experience covered the areas supply chain strategy, material cost reduction, and purchasing in
emerging markets. Until 2008, he was responsible for the supply risk management of the Bosch
Group. In addition to his practical experience, he focused as external research assistant and PhD
student at EBS Business School, Germany, on how to develop supply early warning systems in
complex international environments.

To purchase reprints of this article please e-mail: [email protected]

Or visit our web site for further details: www.emeraldinsight.com/reprints