**Supply Chain Risk Management in the Electronics Industry**

Frank Zwißler and Marco Hermann

*Fraunhofer Institute for Manufacturing Engineering and Automation IPA, Stuttgart, Germany* 

#### **1. Introduction**

466 Risk Management for the Future – Theory and Cases

*Tereshhenko,* О. (2003*).* Diskriminantnya modelь integralьnoj oczenki finansovogo

Vaino, M. (1999). Esti jae- ja hulgikaubandusettevõtete pankrotimudeli koostamine finantssuhtarvude ja diskriminantanaüüsi abil. Bakalaureusetöö, TÜ, 73 lk Vichnjakov, Ja. D.; Kolesov, А.V.; Shemjakin, V. L. (2000). Oczenka i analiz riskov predpriyatij v usloviyah vrazhdebnoj okruzhajushhej sredy. *Menedzment v Rossis i za rubezom,* N3 Voronina, V. М. (2007). Upravlencheskie resheniya v antikrizisnom upravlenii

Voronova, I.; Romancēviča, J. (2005). Uzņēmumu ekonomiskās stabilitātes novērtēšana. 6

Watson, I. (1996). Financial Distress - The State of the Art in 1996. *International Journal of* 

Хаjdarshina, G.А. (2011). Effektivnaja ocenka riska bankrotstva d sovremennoj praktike finansovogo menedzhmenta na predprijatii. Available from:<http://viperson.ru/

Zavgren, C.V. (1983). The Prediction of Corporate Failure: The State of the Art, *Journal of* 

Zmijewski, M. E. (1984). Methodological issues related to the estimation of financial distress

prediction models. *Journal of Accounting Research*, 22, pp. 59-86.

predpriyatiem na osnove diagnostiki chistyh aktivov. *Izvestija Sankt –* 

*International Scientific Conference. Public Relations: Quality, Benefits and Risks*, Selected

položeniypredpriyatiya. *Ekonomika Ukraini*. №*8* (*501*), pp. *38-44.* 

*Peterburgskogo universiteta ekonomiki i finansov,* pp. 9-16.

papers, Riga, Biznesa augstskola TURĪBA, pp.134-142.

*Business Studies*, Vol. 4, No. 2, pp. 39-65.

*Accounting Literature*, Vol. 2, pp.1-37.

Wind.php?ID=601029>

*International Review*. Vol. 4, pp. 15-21.

Nr.5(R)–2006. St. Petersburg State University: SPb., Available from: <http: //dspace.gsom.pu.ru/jspui/bitstream/123456789/54/1/1128E%29\_2006.pdf> Šneidere, R. (2009). *Finanšu analīzes metodes uzņēmuma maksātnespējas prognozēšanai*, SIA "Lietišķās informācijas centrs", ISBN 978-9984-826-26-4, Riga, Latvia Tamari M. (1966). Financial ratios as a means of forecasting bankruptcy. *Management* 

> Current trends and events show that it is more urgent than ever for companies to deal with supply chain management and, in consequence, with the associated supply chain risk management. In recent years, manufacturing processes are characterized by a decreasing vertical range of manufacture. While in 1980 about 60% of products were manufactured inhouse, this Figure fell to 43% in 2004, so that the proportion of purchased parts, according to Brossardt (2005), outstrips internal production.

> In a globalized world, the situation gets even more complicated as companies are geographically spread all over the world. Following Ziegenbein (2007), the success of a company increasingly depends on its suppliers and its ability to integrate into supply networks.

> In addition, companies are faced with a fast moving and unpredictable economic environment. Intensified competition due to globalization, rising customer expectations along with declining customer loyalty, shorter product life cycles, and a supply shortage of raw materials and energy bring companies under growing competitive pressure (Ziegenbein, 2007).

> Heightened competition leads to growing cost pressure in the supply chain. Also, the number of supply chain risks has grown in recent years and their effects have become more devastating.

> Ziegenbein (2007) takes one of the most prominent and widespread examples in the literature, i.e. the failure of a supplier to deliver, to demonstrate the serious effects that supply chain risks can have on companies. Fire in the production cell of a manufacturer of microchips brought production to stand still for three weeks. At that time, Ericsson had taken measures to optimize its supply chain and cut back on alternative microchip suppliers, resulting in a fall in output for several months and an estimated loss of US \$ 400 million. Natural disasters, terrorism, and political as well as economic crises in individual countries are also raising the demands on supply chain risk management (Ziegenbein, 2007).

> In view of the above, it becomes evident that supply chain risk management has gained in significance. In recent years, a number of studies have been conducted to analyze its importance and practical application. Overall, it can be said that more and more companies recognize the need for risk management and the need for appropriate measures, but fail to put them into practice in a systematic manner.

Supply Chain Risk Management in the Electronics Industry 469

"Supply Chain Management is the cross-company coordination of material and information flows throughout the value-chain from raw material production via various value-adding stages to the end user, aimed at optimizing the overall process in terms of time and costs."

The Supply Chain Operations Reference Model (SCOR) is most frequently mentioned in the literature as providing the basis of SCM design. The idea behind the SCOR model is to design the communication and production processes based on cross-company standardization so that companies can speak the same "tongue". In Arne Ziegenbein's dissertation on " Supply Chain Risks", a detailed description of the SCOR model can be

Risk management in general has become a widely used and well-established term in recent years. However, it was not before autumn 2009 that a basic standard for risk management processes was published as ISO 31000:2009 "Risk management – Guideline on principles and implementation of risk management". This standard is a fairly general description of a process that identifies, assesses, controls, and monitors risks. A definition of the generic term of risk management could be: Risk management is the totality of measures put in place to identify and assess potential risks and control known risks using appropriate strategies

In the professional literature, the descriptions of the risk management process differ only slightly and more with regard to the names of the phases than to their content. Figure 1 shows the steps of the risk management process. In the following, the individual phases are

(Scholz-Reiter and Jakobza, 1999).

**2.2 Risk management: Process and methods** 

described in greater detail, with a particular focus on supply risks.

Fig. 1. The risk management process following Ziegenbein (Ziegenbein, 2007)

found (Ziegenbein, 2007).

**2.1 Risk management** 

and methods.

A study of BearingPoint Consultants claims that potential disruptions of the supply chain pose a major risk for companies today. More than 80% of the 300 companies surveyed said they were facing significantly more supply risks than five years ago. For almost half of the companies, supply is associated with significant risks. In spite of this, only every second of the surveyed companies had established a risk management system to support supply chain management.


This chapter sets out to define basic terms before presenting the results of a study of 2010 and finally introducing a methodical toolkit for identifying, assessing, and managing risks in a supply chain. The methodical toolkit has been developed to help SMEs with risk management. We proceed by reviewing what the literature has to offer. Then, we introduce the study and the research methodology of the study. After the introduction of the basic conditions the actual research findings are presented and discussed.

#### **2. Literature review**

The topic risk management and with special attention on supply chain has been widely discussed in the literature and scientific community. It can be said that the risk management process is a developed methodology for the industry. However, there is a gap between the literature and the actual use of the risk management in companies. Therefore the next section discusses the literature on supply chain management and risk management. Supply Chain Management

The origins of Supply Chain Management (SCM) in its simple form can be traced back to the USA. Here, supply chain management was first implemented in the early 1980s. In 1982, the term 'Supply Chain Management' was introduced by the consultants Oliver and Webber at Booz & Company in London (Christopher, 1992). Even today, a uniform official DIN standard for SCM has not been established, and in the literature many different definitions of SCM can be found. Among the most accurate is that of (Scholz-Reiter and Jakobza,1999):

"Supply Chain Management is the cross-company coordination of material and information flows throughout the value-chain from raw material production via various value-adding stages to the end user, aimed at optimizing the overall process in terms of time and costs." (Scholz-Reiter and Jakobza, 1999).

The Supply Chain Operations Reference Model (SCOR) is most frequently mentioned in the literature as providing the basis of SCM design. The idea behind the SCOR model is to design the communication and production processes based on cross-company standardization so that companies can speak the same "tongue". In Arne Ziegenbein's dissertation on " Supply Chain Risks", a detailed description of the SCOR model can be found (Ziegenbein, 2007).

#### **2.1 Risk management**

468 Risk Management for the Future – Theory and Cases

A study of BearingPoint Consultants claims that potential disruptions of the supply chain pose a major risk for companies today. More than 80% of the 300 companies surveyed said they were facing significantly more supply risks than five years ago. For almost half of the companies, supply is associated with significant risks. In spite of this, only every second of the surveyed companies had established a risk management system to support supply chain


the great significance of supply risk management, compared to 82 % in 2011. - A 2009 IBM study showed that companies deal with their risks in a proactive and systematic manner. Only 38% said they would manage their processes and services in the supply chain as well as the related risks in a targeted way. The study also revealed that supply chain managers are well aware of the risks associated with their lack of information but are not drawing the necessary conclusions. Only 16% of the interviewees think that they are able to fully use and interpret the information and data they get and to smoothly integrate their external partners into the supply chain. 70% of the study participants say that the main problem in supply chain management is to handle, structure, and interpret large and distributed data sets (Kümmerlein, 2009). - Although a 2005 study identified supply chain risks as most critical threats to the whole company and despite the fact that the importance of supply chain risk management is

recognized by both science and industry, it is still rarely used in practice.

conditions the actual research findings are presented and discussed.

This chapter sets out to define basic terms before presenting the results of a study of 2010 and finally introducing a methodical toolkit for identifying, assessing, and managing risks in a supply chain. The methodical toolkit has been developed to help SMEs with risk management. We proceed by reviewing what the literature has to offer. Then, we introduce the study and the research methodology of the study. After the introduction of the basic

The topic risk management and with special attention on supply chain has been widely discussed in the literature and scientific community. It can be said that the risk management process is a developed methodology for the industry. However, there is a gap between the literature and the actual use of the risk management in companies. Therefore the next section discusses the literature on supply chain management and risk management. Supply

The origins of Supply Chain Management (SCM) in its simple form can be traced back to the USA. Here, supply chain management was first implemented in the early 1980s. In 1982, the term 'Supply Chain Management' was introduced by the consultants Oliver and Webber at Booz & Company in London (Christopher, 1992). Even today, a uniform official DIN standard for SCM has not been established, and in the literature many different definitions of SCM can be found. Among the most accurate is that of (Scholz-Reiter and

management.

**2. Literature review** 

Chain Management

Jakobza,1999):

Risk management in general has become a widely used and well-established term in recent years. However, it was not before autumn 2009 that a basic standard for risk management processes was published as ISO 31000:2009 "Risk management – Guideline on principles and implementation of risk management". This standard is a fairly general description of a process that identifies, assesses, controls, and monitors risks. A definition of the generic term of risk management could be: Risk management is the totality of measures put in place to identify and assess potential risks and control known risks using appropriate strategies and methods.

#### **2.2 Risk management: Process and methods**

In the professional literature, the descriptions of the risk management process differ only slightly and more with regard to the names of the phases than to their content. Figure 1 shows the steps of the risk management process. In the following, the individual phases are described in greater detail, with a particular focus on supply risks.

Fig. 1. The risk management process following Ziegenbein (Ziegenbein, 2007)

Supply Chain Risk Management in the Electronics Industry 471

For price and quality risks, both probability of occurrence and severity of impact are rated highly. Accordingly, there is immediate need for action to develop measures for

The next step after risk assessment is risk control. At this stage, specific measures are put in

Basically, there are two types of measures: Proactive measures that are used to avoid or prevent risks and reactive measures that are concerned with what needs to be done if losses




still be indirectly affected. Therefore, this strategy should be avoided, if possible. - Sharing an identified risk by taking appropriate measures. The effect of the measure should be that the entrepreneurial activities are shared between the supply chain parties (Mikus, 1998). This ensures that the consequences of a risk, if it occurs, affect the

Fig. 2. The risk portfolio (Wildemann, 2005)

must decide how to further proceed.

individual parties to a much lesser extent.

avoided, at least it should be mitigated (Mikus, 1998).

counteracting these risks.

**2.2.3 Risk control** 

place to manage risks.

occur (Grundmann, 2008).

#### **2.2.1 Risk identification**

The starting point of the process is the identification of risks. It is often described as the most important phase, as only an identified risk can become part of the risk management process and be controlled by appropriate measures. Every unidentified risk carries an increased potential for disruptions and, in the worst case, may lead to losses jeopardizing the survival of the business. The first step therefore is to identify potential risks early on and to record them in a systematic way (Wildemann, 2006).

In practice, a number of different methods have been established to serve this purpose, especially risk checking, employee interviews, and the Failure Mode and Effects Analysis (FMEA).

Supply risk identification primarily means the continuous monitoring of suppliers. To this end, supplier performance measures can be used, such as delivery performance in terms of time and quantity, quality of the delivered products, payment performance, but also the monitoring of the financial situation of the supplier. If a major deviation from preset values occurs, this indicates a potential risk situation and calls for a more in-depth analysis. An analysis of the economic, political and geographical environment of the supplier is also recommended to check for related risks such as natural disasters, currency instability, or possible trade embargos.

#### **2.2.2 Risk assessment**

Risk identification is followed by risk assessment. In this step, risks are assessed as to their probability of occurrence and the potential severity of impact. The two dimensions can be defined both in qualitative and in quantitative terms.

Qualitative techniques for assessing the probability of occurrence include expert estimates or fault tree analysis, while quantitative techniques are based on the statistical analysis of past data or on simulation models. Qualitative techniques for assessing the severity of impact cover expert estimates or event tree analysis, while quantitative techniques use past data to calculate adverse variances in sales, profit margin or operational costs (Ziegenbein, 2007).

Usually, it is not worth the effort for medium-sized companies to quantitatively determine risks. Quantified values for the severity of impact are virtually never calculated and, besides, not needed for raising risk awareness and drawing attention to specific risk sources.

In practice, most companies confine themselves to a qualitative determination of risks. They use reference values for the severity of impact such as the purchasing volume per supplier or ABC classifications as indicators of the strategic significance of each supplier.

The probability of occurrence as well as the severity of impact is often assessed on a scale from 1 to 5 by the responsible staff or on the basis of past data (Blome and Henke, 2009). Figure 2 shows a classification of supply risks considering the two dimensions of probability of occurrence and severity of impact.

Fig. 2. The risk portfolio (Wildemann, 2005)

For price and quality risks, both probability of occurrence and severity of impact are rated highly. Accordingly, there is immediate need for action to develop measures for counteracting these risks.

#### **2.2.3 Risk control**

470 Risk Management for the Future – Theory and Cases

The starting point of the process is the identification of risks. It is often described as the most important phase, as only an identified risk can become part of the risk management process and be controlled by appropriate measures. Every unidentified risk carries an increased potential for disruptions and, in the worst case, may lead to losses jeopardizing the survival of the business. The first step therefore is to identify potential risks early on and to record

In practice, a number of different methods have been established to serve this purpose, especially risk checking, employee interviews, and the Failure Mode and Effects Analysis

Supply risk identification primarily means the continuous monitoring of suppliers. To this end, supplier performance measures can be used, such as delivery performance in terms of time and quantity, quality of the delivered products, payment performance, but also the monitoring of the financial situation of the supplier. If a major deviation from preset values occurs, this indicates a potential risk situation and calls for a more in-depth analysis. An analysis of the economic, political and geographical environment of the supplier is also recommended to check for related risks such as natural disasters, currency instability, or

Risk identification is followed by risk assessment. In this step, risks are assessed as to their probability of occurrence and the potential severity of impact. The two dimensions can be

Qualitative techniques for assessing the probability of occurrence include expert estimates or fault tree analysis, while quantitative techniques are based on the statistical analysis of past data or on simulation models. Qualitative techniques for assessing the severity of impact cover expert estimates or event tree analysis, while quantitative techniques use past data to calculate adverse variances in sales, profit margin or operational costs (Ziegenbein,

Usually, it is not worth the effort for medium-sized companies to quantitatively determine risks. Quantified values for the severity of impact are virtually never calculated and, besides, not needed for raising risk awareness and drawing attention to specific risk

In practice, most companies confine themselves to a qualitative determination of risks. They use reference values for the severity of impact such as the purchasing volume per supplier or ABC classifications as indicators of the strategic significance of each

The probability of occurrence as well as the severity of impact is often assessed on a scale from 1 to 5 by the responsible staff or on the basis of past data (Blome and Henke, 2009). Figure 2 shows a classification of supply risks considering the two dimensions of probability

**2.2.1 Risk identification** 

possible trade embargos.

**2.2.2 Risk assessment** 

(FMEA).

2007).

sources.

supplier.

of occurrence and severity of impact.

them in a systematic way (Wildemann, 2006).

defined both in qualitative and in quantitative terms.

The next step after risk assessment is risk control. At this stage, specific measures are put in place to manage risks.

Basically, there are two types of measures: Proactive measures that are used to avoid or prevent risks and reactive measures that are concerned with what needs to be done if losses occur (Grundmann, 2008).


Supply Chain Risk Management in the Electronics Industry 473

Different methods of data collection can be used for an empirical study. First, a distinction must be made between primary and secondary research. While secondary research uses and re-analyzes existing data collected for other research purposes, primary research collects new data directly from the relevant target group. Surveys on supply chain risk management and their secondary data already exist but differ so much in their focus and the questions asked that only a primary data collection was possible. The primary data collection

Fig. 3. Different ways to collect primary data (own drawing based on Albers et al., 2007)

A survey can be performed in a standardized or in a non-standardized manner. The nonstandardized method aims at qualitative responses. Questions are derived from the context of expected responses or added to existing questions. When the standardized method is applied, the number, formulation and order of questions is precisely defined. A predesigned questionnaire forms the basis of the interview and is filled in by the participants either in writing or online, or serves as a guideline for an oral interview (Raithel, 2008).

The questions are classified according to the type of suggested responses. Open questions require the respondent to formulate an answer himself, whereas closed questions ("multiple-choice questions") provide possible answers from which the participant must choose either one or several answers (multiple vs. single response). Basically, the advantage of open questions is that it gives the participant greater leeway for his responses. So he/she can include aspects that would not have been touched upon in the predefined categories of the closed survey. However, open questions can also prove problematic, as participants may feel annoyed when compelled to formulate responses of their own, prompting them to give

**3. Research methodology** 

combines several methods, as Figure 3 shows:


#### **2.2.4 Risk monitoring and documentation**

The phase of risk documentation and/or monitoring is regarded as a continuous part of risk management, overlapping the above-mentioned phases. A system for documenting risks enables, above all, an overview of identified risks, lists all measures already taken to counteract risks, and keeps track of the implementation progress. An IT-based tool is recommended for use in risk documentation. Moreover, it is an important aspect of documentation to let a centralized risk management unit monitor and control all risk management steps (Greitemeyer, 2004).

#### **2.3 Supply risk management as part of supply chain management**

The great variety of companies involved in a supply chain makes it necessary to implement a specific risk management approach. There are different types of business culture, visions, and objectives clash that along the supply chain. Opportunism or a lack of trust might result in unwillingness to share information, creating an imbalance of information regarding potential risks. Even communication problems caused by a lack of proper channels and interfaces may pose a threat to supply chain processes (Beckmann, 2004).

Companies may also differ in their risk strategy and risk-bearing capacity. And lastly, different national risk management requirements can impede successful collaboration in international supply chains (Siepermann and Vahrenkamp, 2007). Supply chain risk management is defined by Norrman and Lindroth as follows:

"Supply Chain Risk Management is to collaboratively with partners in a supply chain apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources" (Norrman and Lindroth, 2002).

That means supply chain risk management is handled by a chain of companies taking coordinated risk management activities including three elements: 1) Internal risk management, 2) marketing risk management and 3) supply risk management. Internal risk management deals with production-related risks occurring exclusively within one's own company. Marketing risk management focuses on the identification, analysis, control, and monitoring of consumer-related risks. Finally, supply risk management centers on supply-related risks. They can be classified according to internal and external supply risks, with external risks referring to the supplier while internal risks refer to the supply management of a company. Accordingly, (Moder, 2008) defines supply risk as "a possible negative deviation from target on the part of the supplier, on the supply markets or in the internal supply management, adversely affecting the business function of supply management and impacting the supply processes, other internal functions or the customers of the buying company ". For instance, if a supplier is not able to deliver a sufficient quantity of products, this may lead to a shutdown or delay in production for the companies concerned. Within the framework of this study, the term supply chain risk has the same meaning as the term supply risk.

### **3. Research methodology**

472 Risk Management for the Future – Theory and Cases


The phase of risk documentation and/or monitoring is regarded as a continuous part of risk management, overlapping the above-mentioned phases. A system for documenting risks enables, above all, an overview of identified risks, lists all measures already taken to counteract risks, and keeps track of the implementation progress. An IT-based tool is recommended for use in risk documentation. Moreover, it is an important aspect of documentation to let a centralized risk management unit monitor and control all risk

The great variety of companies involved in a supply chain makes it necessary to implement a specific risk management approach. There are different types of business culture, visions, and objectives clash that along the supply chain. Opportunism or a lack of trust might result in unwillingness to share information, creating an imbalance of information regarding potential risks. Even communication problems caused by a lack of proper channels and

Companies may also differ in their risk strategy and risk-bearing capacity. And lastly, different national risk management requirements can impede successful collaboration in international supply chains (Siepermann and Vahrenkamp, 2007). Supply chain risk

"Supply Chain Risk Management is to collaboratively with partners in a supply chain apply risk management process tools to deal with risks and uncertainties caused by, or impacting

That means supply chain risk management is handled by a chain of companies taking coordinated risk management activities including three elements: 1) Internal risk management, 2) marketing risk management and 3) supply risk management. Internal risk management deals with production-related risks occurring exclusively within one's own company. Marketing risk management focuses on the identification, analysis, control, and monitoring of consumer-related risks. Finally, supply risk management centers on supply-related risks. They can be classified according to internal and external supply risks, with external risks referring to the supplier while internal risks refer to the supply management of a company. Accordingly, (Moder, 2008) defines supply risk as "a possible negative deviation from target on the part of the supplier, on the supply markets or in the internal supply management, adversely affecting the business function of supply management and impacting the supply processes, other internal functions or the customers of the buying company ". For instance, if a supplier is not able to deliver a sufficient quantity of products, this may lead to a shutdown or delay in production for the companies concerned. Within the framework of this study, the term supply

expense arising from reducing or even avoiding the risk.

**2.3 Supply risk management as part of supply chain management** 

interfaces may pose a threat to supply chain processes (Beckmann, 2004).

on, logistics related activities or resources" (Norrman and Lindroth, 2002).

management is defined by Norrman and Lindroth as follows:

chain risk has the same meaning as the term supply risk.

**2.2.4 Risk monitoring and documentation** 

management steps (Greitemeyer, 2004).

Different methods of data collection can be used for an empirical study. First, a distinction must be made between primary and secondary research. While secondary research uses and re-analyzes existing data collected for other research purposes, primary research collects new data directly from the relevant target group. Surveys on supply chain risk management and their secondary data already exist but differ so much in their focus and the questions asked that only a primary data collection was possible. The primary data collection combines several methods, as Figure 3 shows:

Fig. 3. Different ways to collect primary data (own drawing based on Albers et al., 2007)

A survey can be performed in a standardized or in a non-standardized manner. The nonstandardized method aims at qualitative responses. Questions are derived from the context of expected responses or added to existing questions. When the standardized method is applied, the number, formulation and order of questions is precisely defined. A predesigned questionnaire forms the basis of the interview and is filled in by the participants either in writing or online, or serves as a guideline for an oral interview (Raithel, 2008).

The questions are classified according to the type of suggested responses. Open questions require the respondent to formulate an answer himself, whereas closed questions ("multiple-choice questions") provide possible answers from which the participant must choose either one or several answers (multiple vs. single response). Basically, the advantage of open questions is that it gives the participant greater leeway for his responses. So he/she can include aspects that would not have been touched upon in the predefined categories of the closed survey. However, open questions can also prove problematic, as participants may feel annoyed when compelled to formulate responses of their own, prompting them to give

Supply Chain Risk Management in the Electronics Industry 475

Fig. 4. Quantitative data on participants in the study according to industry

About 86% of interviewees indicated that risk management has become more important to their company in recent years. Only one participant said that risk management has not become more important, while 12% found the issue to have hardly gained in importance (cf.

**4.1 The importance of supply risk management** 

Fig. 5. Importance of risk management (overall)

Figure 5).

short responses and so possibly withholding important information. Also, the analysis is very difficult and time-consuming, as processing the data in a structured way requires to painstakingly elicit those details that the given answers have in common. This may, if nothing else, distort the evaluation results. By contrast, the advantage of closed questions is that the answers can be more easily compared and that the evaluation is more objective (Raithel, 2008).

With a view to the scope of the planned study and the expected return of a large amount of data, only the standardized survey with closed questions using multiple-choice answers suited best. In certain sections, however, open questions were also acceptable to increase the level of detail and the information content.

When asking the respondents to assess certain statements, a rating scale was used based on verbalized categories.


Table 1. Example of a rating scale

Special attention was given to meeting the recommendations of Raithel (2008, p.68) to establish precise, disjunctive (not overlapping), exhaustive and roughly equidistant categories (Raithel, 2008). Scales ranging from 1 to 4 are used throughout the present study, eliminating the option to select a middle category. So, the frequently observed "trend towards the middle" (cf. Berekoven 2009, p.70) is avoided to which participants often resort out of convenience or ignorance, forcing the participants to take a position.

The online survey was chosen as data collection method, enabling the quickest and most uncomplicated survey for the chosen type of questions and ensuring a high response rate.

In the next section we present our study and discuss the outcomes of it.

#### **4. Study on supply chain risk management**

Fifty-two companies took part in the study. Since a quarter of the participants belonged to the mechanical engineering industry, this turned out to be the dominant sector. The automotive (supply) industry, the electrical & electronics industry, and the metal (working) industry were also strongly represented in the study at about 13% each. The remaining industries together accounted for roughly a third of the study participants (see Figure 4).

At 48%, medium-sized companies with a workforce of 50 to 500 people are most strongly represented in the study. Even large companies with more than 1000 staff members account for a significant proportion at 33%. The study mainly covers module and system suppliers at 44% and OEMs at 39%, while component suppliers are represented at 15% and raw material suppliers at about 2%.

The study also considered the position in the supply chain, which determines the roles of the companies in the supply chain.

short responses and so possibly withholding important information. Also, the analysis is very difficult and time-consuming, as processing the data in a structured way requires to painstakingly elicit those details that the given answers have in common. This may, if nothing else, distort the evaluation results. By contrast, the advantage of closed questions is that the answers can be more easily compared and that the evaluation is more objective

With a view to the scope of the planned study and the expected return of a large amount of data, only the standardized survey with closed questions using multiple-choice answers suited best. In certain sections, however, open questions were also acceptable to increase the

When asking the respondents to assess certain statements, a rating scale was used based on

Example: Please rate the current importance of the following operational risks to your

1= minimal 2= rather low 3= rather high 4= very high 5= don't know

Special attention was given to meeting the recommendations of Raithel (2008, p.68) to establish precise, disjunctive (not overlapping), exhaustive and roughly equidistant categories (Raithel, 2008). Scales ranging from 1 to 4 are used throughout the present study, eliminating the option to select a middle category. So, the frequently observed "trend towards the middle" (cf. Berekoven 2009, p.70) is avoided to which participants often resort

The online survey was chosen as data collection method, enabling the quickest and most uncomplicated survey for the chosen type of questions and ensuring a high response rate.

Fifty-two companies took part in the study. Since a quarter of the participants belonged to the mechanical engineering industry, this turned out to be the dominant sector. The automotive (supply) industry, the electrical & electronics industry, and the metal (working) industry were also strongly represented in the study at about 13% each. The remaining industries together accounted for roughly a third of the study participants (see

At 48%, medium-sized companies with a workforce of 50 to 500 people are most strongly represented in the study. Even large companies with more than 1000 staff members account for a significant proportion at 33%. The study mainly covers module and system suppliers at 44% and OEMs at 39%, while component suppliers are represented at 15% and raw

The study also considered the position in the supply chain, which determines the roles of

out of convenience or ignorance, forcing the participants to take a position.

In the next section we present our study and discuss the outcomes of it.

**4. Study on supply chain risk management** 

(Raithel, 2008).

verbalized categories.

Table 1. Example of a rating scale

company:

Figure 4).

material suppliers at about 2%.

the companies in the supply chain.

level of detail and the information content.

#### **4.1 The importance of supply risk management**

About 86% of interviewees indicated that risk management has become more important to their company in recent years. Only one participant said that risk management has not become more important, while 12% found the issue to have hardly gained in importance (cf. Figure 5).

Fig. 5. Importance of risk management (overall)

Supply Chain Risk Management in the Electronics Industry 477

The dependence brought about by single sourcing was also rated highly, as well as an increase in prices by the suppliers. There are various reasons for single sourcing: A common strategic reason is that companies fear the disclosure of knowledge, inducing them to cooperate with a single supplier only. It is, of course, possible that there were no alternatives available on the market. Other frequent reasons are financial, such as quantity discounts or long-established business relations, for which no alternatives were developed. So, the real question is when and where single sourcing makes sense and how to weigh the associated risks against other sourcing strategies? This is what makes risk management a key part of the supply strategy.

The assessment of strategic risk factors is influenced by the economic crisis and the related currency risks as well as by the rising raw material and energy prices. Accordingly, risks in the business environment received a high rating by 81% of the companies questioned (cf. Figure 7) Similar to the 2008 Moder study, in this study the risk of force majeure events such as catastrophes and war/terrorism received a low rating. Even events such as the volcanic eruption in Iceland in May 2010 did not affect the assessment of risks. The evaluation of risks in the economic environment, however, is different from past investigations. While currency or competitiveness are regarded by the Moder study as relevant risks, these are ranked top risks in this study. This certainly owes to the economic and financial crisis, and to currency fluctuations, business insolvencies and cutbacks in capacity associated with it. In spite of this, companies do not think they are the most important risks in the future. This demonstrates the companies' positive outlook on the future (Schatz and Hermann, 2010).

Next, we proceed by discussing the methodological expertise and the maturity level of risk

Fig. 6. Operational risk factors (overall)

management process in the companies.

Especially prominent German sectors, such as the automotive (supply) industry, mechanical engineering and, above all, the electrical and electronics industry, feel the threat of unforeseen events affecting their supply management. News on recurring production losses, e.g. due to a lack of material, do their best to confirm those fears. As this is hardly a new problem for those industries, the values indicating the gain in importance of risk management are beyond average.

Unlike raw material suppliers, component suppliers, and module/system suppliers, OEMs do not see a great increase in importance. The reason for this relatively low rating is that OEMS have to deal with risk management for quite some time, as the number of their suppliers tends to be rather high. In sum, almost all study participants admitted a significant increase in the importance of supply risk management.

The next section will deal with the risks that companies regard as relevant and critical.

#### **4.2 An overview of risks – Their significance today and in the future**

For a better analysis, the study divided the risks into operational and strategic risks and asked to provide an assessment of risks now and in three years' time.

Among the operational risks, the risk rated highest both today and in the future is that of late delivery by the suppliers. (cf. Figure 6)

The strong growth since the economic crisis has, for instance, repeatedly brought the production lines at automotive OEMs to a halt because supply bottlenecks occurred at semiconductor manufacturers who had reduced capacity during the crisis. The development of capacity, however, that now lies ahead and the associated investment take time to take effect. And anyway, synchronizing the planning and production strategies of the two supply chain partners is difficult enough.

The lean principles of the automotive industry require a high level of flexibility, which, due to technological restrictions and the resulting batch production, is not easily provided by the semiconductor industry. This risk is especially feared by OEMS due to their high proportion of purchased parts. In general, the vertical range of manufacture and the risk of late deliveries is directly connected, due to insufficient production capacity on the part of the suppliers.

Even in 2010, quality problems still range among the top risks. Unstable manufacturing processes, often in combination with poor quality control, present an overall high risk. A way to successfully avoid risks in globalized supply is to check and select suppliers very carefully to ensure process stability. A functioning quality assurance system including clearly defined responsibilities and standards in the supply chain can also be a lever to reduce cost risks in the supply chain. The sooner a quality problem in the chain is discovered, the less cost are incurred for its remedy. So, it becomes obvious how important an integrated supply risk management approach is. The automotive sector, which sells consumer goods, is at the forefront of public attention. Almost every year an automotive OEM hits the headlines because of the poor quality of some of its components. Toyota's recent recall campaigns, for instance, will cost the company 13 million Euros in Germany alone, not to mention the loss of image. The risk of "unstable manufacturing processes at the supplier" is often the cause of quality problems and therefore rated high.

Especially prominent German sectors, such as the automotive (supply) industry, mechanical engineering and, above all, the electrical and electronics industry, feel the threat of unforeseen events affecting their supply management. News on recurring production losses, e.g. due to a lack of material, do their best to confirm those fears. As this is hardly a new problem for those industries, the values indicating the gain in importance of risk

Unlike raw material suppliers, component suppliers, and module/system suppliers, OEMs do not see a great increase in importance. The reason for this relatively low rating is that OEMS have to deal with risk management for quite some time, as the number of their suppliers tends to be rather high. In sum, almost all study participants admitted a

The next section will deal with the risks that companies regard as relevant and critical.

For a better analysis, the study divided the risks into operational and strategic risks and

Among the operational risks, the risk rated highest both today and in the future is that of

The strong growth since the economic crisis has, for instance, repeatedly brought the production lines at automotive OEMs to a halt because supply bottlenecks occurred at semiconductor manufacturers who had reduced capacity during the crisis. The development of capacity, however, that now lies ahead and the associated investment take time to take effect. And anyway, synchronizing the planning and production strategies of

The lean principles of the automotive industry require a high level of flexibility, which, due to technological restrictions and the resulting batch production, is not easily provided by the semiconductor industry. This risk is especially feared by OEMS due to their high proportion of purchased parts. In general, the vertical range of manufacture and the risk of late deliveries is

Even in 2010, quality problems still range among the top risks. Unstable manufacturing processes, often in combination with poor quality control, present an overall high risk. A way to successfully avoid risks in globalized supply is to check and select suppliers very carefully to ensure process stability. A functioning quality assurance system including clearly defined responsibilities and standards in the supply chain can also be a lever to reduce cost risks in the supply chain. The sooner a quality problem in the chain is discovered, the less cost are incurred for its remedy. So, it becomes obvious how important an integrated supply risk management approach is. The automotive sector, which sells consumer goods, is at the forefront of public attention. Almost every year an automotive OEM hits the headlines because of the poor quality of some of its components. Toyota's recent recall campaigns, for instance, will cost the company 13 million Euros in Germany alone, not to mention the loss of image. The risk of "unstable manufacturing processes at the

directly connected, due to insufficient production capacity on the part of the suppliers.

supplier" is often the cause of quality problems and therefore rated high.

significant increase in the importance of supply risk management.

**4.2 An overview of risks – Their significance today and in the future** 

asked to provide an assessment of risks now and in three years' time.

management are beyond average.

late delivery by the suppliers. (cf. Figure 6)

the two supply chain partners is difficult enough.

#### Fig. 6. Operational risk factors (overall)

The dependence brought about by single sourcing was also rated highly, as well as an increase in prices by the suppliers. There are various reasons for single sourcing: A common strategic reason is that companies fear the disclosure of knowledge, inducing them to cooperate with a single supplier only. It is, of course, possible that there were no alternatives available on the market. Other frequent reasons are financial, such as quantity discounts or long-established business relations, for which no alternatives were developed. So, the real question is when and where single sourcing makes sense and how to weigh the associated risks against other sourcing strategies? This is what makes risk management a key part of the supply strategy.

The assessment of strategic risk factors is influenced by the economic crisis and the related currency risks as well as by the rising raw material and energy prices. Accordingly, risks in the business environment received a high rating by 81% of the companies questioned (cf. Figure 7)

Similar to the 2008 Moder study, in this study the risk of force majeure events such as catastrophes and war/terrorism received a low rating. Even events such as the volcanic eruption in Iceland in May 2010 did not affect the assessment of risks. The evaluation of risks in the economic environment, however, is different from past investigations. While currency or competitiveness are regarded by the Moder study as relevant risks, these are ranked top risks in this study. This certainly owes to the economic and financial crisis, and to currency fluctuations, business insolvencies and cutbacks in capacity associated with it. In spite of this, companies do not think they are the most important risks in the future. This demonstrates the companies' positive outlook on the future (Schatz and Hermann, 2010).

Next, we proceed by discussing the methodological expertise and the maturity level of risk management process in the companies.

Supply Chain Risk Management in the Electronics Industry 479

Fig. 8. Process steps of risk management (overall)

Fig. 9. Process steps of risk management – the role of the supply chain

necessary resources or methodical expertise are missing.

The survey shows that the closer a company is to the end user, the worse the rating of the process quality gets. However, a defined risk management process is not enough if the

#### **4.3 Methodological expertise, process maturity and organization of risk management**

Looking at the methods in use, the companies apparently are searching for techniques and solutions to systematically identify, assess and control risks, but hardly any company has implemented suitable systems and processes. It is often claimed that risks are known, but they are not methodically tracked down or even ignored, for companies do not know what action strategies to apply. Another issue is the conflict between accuracy and the invested time and effort, as well as the desire to employ more systematic methods and not to rely on "gut-based" decisions (Ziegenbein, 2007).

Therefore, more and more companies regard risk management as important but they lack the methodical support for the implementation. So, the need for practicable approaches is immense (Siepermann and Vahrenkamp, 2008). Compared to past surveys, the following sections will show how the methodological expertise has improved and what strategies are used by the companies. Another objective is to determine the maturity level of the risk management process in industry.

#### **4.3.1 Maturity level of the risk management process**

Compared to past surveys, process maturity has greatly improved. Of the companies surveyed, 76% agreed slightly or strongly, when asked if the sequence of process steps is defined and the responsibilities are clearly outlined (cf. Figure 8).

Particularly interesting here is the survey's suggestion that a decreasing range of vertical manufacture goes along with a quality decrease in the risk management process. At 70%, the rating of OEMs is much below that of parts suppliers at about 85% (see Figure 9).

Fig. 7. Strategic risk factors (overall)

**4.3 Methodological expertise, process maturity and organization of risk management**  Looking at the methods in use, the companies apparently are searching for techniques and solutions to systematically identify, assess and control risks, but hardly any company has implemented suitable systems and processes. It is often claimed that risks are known, but they are not methodically tracked down or even ignored, for companies do not know what action strategies to apply. Another issue is the conflict between accuracy and the invested time and effort, as well as the desire to employ more systematic methods and not to rely on

Therefore, more and more companies regard risk management as important but they lack the methodical support for the implementation. So, the need for practicable approaches is immense (Siepermann and Vahrenkamp, 2008). Compared to past surveys, the following sections will show how the methodological expertise has improved and what strategies are used by the companies. Another objective is to determine the maturity level of the risk

Compared to past surveys, process maturity has greatly improved. Of the companies surveyed, 76% agreed slightly or strongly, when asked if the sequence of process steps is

Particularly interesting here is the survey's suggestion that a decreasing range of vertical manufacture goes along with a quality decrease in the risk management process. At 70%, the

rating of OEMs is much below that of parts suppliers at about 85% (see Figure 9).

Fig. 7. Strategic risk factors (overall)

"gut-based" decisions (Ziegenbein, 2007).

**4.3.1 Maturity level of the risk management process** 

defined and the responsibilities are clearly outlined (cf. Figure 8).

management process in industry.

#### Fig. 8. Process steps of risk management (overall)

Fig. 9. Process steps of risk management – the role of the supply chain

The survey shows that the closer a company is to the end user, the worse the rating of the process quality gets. However, a defined risk management process is not enough if the necessary resources or methodical expertise are missing.

Supply Chain Risk Management in the Electronics Industry 481

Fig. 11. The tools used in the risk management process (overall)

Fig. 12. The tools used in risk management – the role of the supply chain

Only the steelmaking and the metal production sector, the process manufacturing sector,

#### **4.3.2 Methodological expertise**

The methodological expertise of companies receives lower ratings than the maturity level of the process. Only 70% of the companies surveyed said that the methods for identifying and assessing supply risks are efficient, easy-to-understand and descriptive (cf. Figure 10).

While companies from the electrical and electronics industry found their process quality to be rather poor, they rated their methodological expertise as high. This contrasts with the situation in the metal and metal working industry. While here the process quality receives high ratings, weaknesses are recognized in the methodological expertise. In mechanical engineering, weaknesses are discovered in both areas. 55% of the interviewees indicate that the methods used are not very or not at all efficient, easy-to-understand and descriptive.

#### **4.3.3 Quality of the tools**

The weakest points in the risk management process are the tools available to the companies. Almost half of the companies surveyed indicate that the tools are not very or not at all mature (cf. Figure 11).

and the automotive (supply) industry rate their tools as being mature (cf. Figure 8).

In special-purpose and plant engineering, mechanical engineering and the electrical and electronics industry, the respondents again indicate that there is potential for improvement.

It is also surprising that in all areas the ratings of the OEMs are lower than those of the raw material suppliers, parts suppliers or module & system suppliers. This also applies to the assessment of the tools (cf. Figure 11).

The methodological expertise of companies receives lower ratings than the maturity level of the process. Only 70% of the companies surveyed said that the methods for identifying and assessing supply risks are efficient, easy-to-understand and descriptive (cf. Figure

While companies from the electrical and electronics industry found their process quality to be rather poor, they rated their methodological expertise as high. This contrasts with the situation in the metal and metal working industry. While here the process quality receives high ratings, weaknesses are recognized in the methodological expertise. In mechanical engineering, weaknesses are discovered in both areas. 55% of the interviewees indicate that the methods used are not very or not at all efficient, easy-to-understand and

The weakest points in the risk management process are the tools available to the companies. Almost half of the companies surveyed indicate that the tools are not very or not at all

In special-purpose and plant engineering, mechanical engineering and the electrical and electronics industry, the respondents again indicate that there is potential for

It is also surprising that in all areas the ratings of the OEMs are lower than those of the raw material suppliers, parts suppliers or module & system suppliers. This also applies to the

and the automotive (supply) industry rate their tools as being mature (cf. Figure 8).

Fig. 10. Methodological expertise in risk management (overall)

**4.3.2 Methodological expertise** 

10).

descriptive.

**4.3.3 Quality of the tools** 

assessment of the tools (cf. Figure 11).

mature (cf. Figure 11).

improvement.

Fig. 11. The tools used in the risk management process (overall)

Only the steelmaking and the metal production sector, the process manufacturing sector,

Fig. 12. The tools used in risk management – the role of the supply chain

Supply Chain Risk Management in the Electronics Industry 483

The study highlights that there is an immense need for action in industry to implement supply chain risk management systems. It also shows how much the sectors differ in their management of supply chain risks. Not only that supply chain risk management is not evenly applied throughout the different sectors, there are also great differences in the use and the implementation of supply chain risk management. A particularly striking example is the electronics industry. It particularly reveals the gap between the necessity of supply chain risk management and the actual use of supply chain risk management systems. Moreover, the study demonstrates that, to a certain extent, companies doubt the comprehensibility and the descriptiveness of the processes and structures for supply chain risk management. The maturity level of the processes is seen as insufficient by 49%. For this reason, we have developed the following procedure to overcome the weaknesses in

The following section will undertake a closer examination of the electronics industry and its supplier networks: This requires taking a closer look at its particular features to recognize the need for supply chain risk management in the electronics industry. Most supply chains in the electronics industry are global networks consisting of a single OEM, an "A-supplier", and several small and medium supply companies (SME). These networks are characterized, firstly, by the dominance of the OEM or the A-supplier and, secondly, by the volatile electronics market and its strong fluctuations in demand, short product life cycles, and

It is the combination of environmental turbulence and the focus on ever higher efficiency & productivity of individual companies that makes things difficult for the SMEs in the supply chain. A vital issue is the ability to master existing or occurring risks within the supply chain. This is why the stabilization of critical supply chains has gained in importance. Risks such as the loss of key suppliers, avoidable inaccuracies in the demand forecast, or unforeseen raw material shortages may have disastrous consequences for the supply chain (Zwißler and

The above-mentioned environmental parameters and the results of the study reveal a pressing need for action in the electronics industry to implement supply chain risk

To satisfy this need, the Institute of Industrial Manufacturing and Management (IFF) and the Fraunhofer Institute for Manufacturing Engineering and Automation (IPA) together with the Fraunhofer IML from Dortmund carried out the research project STABLE. The

**5.2 A process model for stabilizing SME supply chains in the electronics industry** 

Since the process of risk management is not implemented in many companies as shown in the study, the next section introduces the process model for a risk stabilization in SMEs in

**5. A method for risk stabilization in SMEs of the electronics industry** 

corporate supply chain risk management.

Hermann, 2010).

management processes.

the electronics industry.

**5.1 The particularities of the electronics industry** 

tremendous potential for technical innovation (Kersten *et al.*, 2008).

project was funded by the BMWi and supported by the AiF.

#### **4.3.4 System integration**

Companies often use internally developed tools for IT support, which are not integrated with the system architecture. Accordingly, 48% of the tools used in the supply risk management process are internally developed. About a quarter uses ERP systems, though in most cases they can only be efficiently used after extensive customization. So, with the number of suppliers to be scheduled and controlled growing, the companies are increasingly turning away from using ERP systems for their operations. Commercial custom software or databases are rarely used, and a quarter of the companies surveyed do not use any software at all.

#### **4.3.5 Summary**

A rapid increase of the maturity level of the risk management process has taken place. In the 2006 study of Horst Wildemann, only 36% of companies indicated that they systematically capture supply risks, while in 2010, 76% of the participating companies said that the risk management process is mature.

Opportunities may exist in the methodological expertise, in the identification and assessment of risks, and especially regarding the available tools.

An analysis of the results of the separate industries shows that only the automotive (supply) sector receives a consistently high rating in all categories. All other sectors revealed weaknesses, suggesting considerable room for improvement. The outcome of the study should be taken as a warning by the special-purpose and plant engineering sector, the mechanical engineering and the electrical & electronics industry.

All in all, the findings of the study show that companies recognize the importance of supply chain risk management and that the corresponding responsibilities have been largely defined. Weaknesses can be found in the methodological expertise, in the tools used in the process, and in IT support.

These weaknesses were already at the focus of the research project "STABLE", which was initiated in 2008 by Fraunhofer IPA and BMWi, and funded by the AiF (German Federation of Industrial Research Associations). Together with Fraunhofer IML and three partners from the electronics industry, they developed an approach and a methodical toolkit for each phase of the risk management process. The objective of the project was to make methods and tools available to SME's to identify, assess and control supply chain risks. More information on this project can be found on the website of Fraunhofer IPA.1 The results of the study show that there is still a lack of knowledge and use of risk management in the companies. Especially in SMEs, there is a lack of use of the mentioned process due to a shortage of human or financial resources or just due to a lack of interest. Therefore in the next section we introduce our developed methodical toolkit for SMEs that should reduce respectively overcome the mentioned barriers to implement a risk management process in companies.

<sup>1</sup> SMEs are small and medium sized businesses. According to the definition of the European Union SMEs are defined with an headcount ≤ 250, a turnover ≤ 50 million € or a balance sheet total ≤ 43 million € (European Commission, 2005)

Companies often use internally developed tools for IT support, which are not integrated with the system architecture. Accordingly, 48% of the tools used in the supply risk management process are internally developed. About a quarter uses ERP systems, though in most cases they can only be efficiently used after extensive customization. So, with the number of suppliers to be scheduled and controlled growing, the companies are increasingly turning away from using ERP systems for their operations. Commercial custom software or databases are rarely used, and a quarter of the companies surveyed do not use

A rapid increase of the maturity level of the risk management process has taken place. In the 2006 study of Horst Wildemann, only 36% of companies indicated that they systematically capture supply risks, while in 2010, 76% of the participating companies said that the risk

Opportunities may exist in the methodological expertise, in the identification and

An analysis of the results of the separate industries shows that only the automotive (supply) sector receives a consistently high rating in all categories. All other sectors revealed weaknesses, suggesting considerable room for improvement. The outcome of the study should be taken as a warning by the special-purpose and plant engineering sector, the

All in all, the findings of the study show that companies recognize the importance of supply chain risk management and that the corresponding responsibilities have been largely defined. Weaknesses can be found in the methodological expertise, in the tools used in the

These weaknesses were already at the focus of the research project "STABLE", which was initiated in 2008 by Fraunhofer IPA and BMWi, and funded by the AiF (German Federation of Industrial Research Associations). Together with Fraunhofer IML and three partners from the electronics industry, they developed an approach and a methodical toolkit for each phase of the risk management process. The objective of the project was to make methods and tools available to SME's to identify, assess and control supply chain risks. More information on this project can be found on the website of Fraunhofer IPA.1 The results of the study show that there is still a lack of knowledge and use of risk management in the companies. Especially in SMEs, there is a lack of use of the mentioned process due to a shortage of human or financial resources or just due to a lack of interest. Therefore in the next section we introduce our developed methodical toolkit for SMEs that should reduce respectively overcome the mentioned barriers to implement a risk management process in

1 SMEs are small and medium sized businesses. According to the definition of the European Union SMEs are defined with an headcount ≤ 250, a turnover ≤ 50 million € or a balance sheet total ≤ 43 million

assessment of risks, and especially regarding the available tools.

mechanical engineering and the electrical & electronics industry.

**4.3.4 System integration** 

any software at all.

management process is mature.

process, and in IT support.

companies.

€ (European Commission, 2005)

**4.3.5 Summary** 

#### **5. A method for risk stabilization in SMEs of the electronics industry**

The study highlights that there is an immense need for action in industry to implement supply chain risk management systems. It also shows how much the sectors differ in their management of supply chain risks. Not only that supply chain risk management is not evenly applied throughout the different sectors, there are also great differences in the use and the implementation of supply chain risk management. A particularly striking example is the electronics industry. It particularly reveals the gap between the necessity of supply chain risk management and the actual use of supply chain risk management systems. Moreover, the study demonstrates that, to a certain extent, companies doubt the comprehensibility and the descriptiveness of the processes and structures for supply chain risk management. The maturity level of the processes is seen as insufficient by 49%. For this reason, we have developed the following procedure to overcome the weaknesses in corporate supply chain risk management.

#### **5.1 The particularities of the electronics industry**

The following section will undertake a closer examination of the electronics industry and its supplier networks: This requires taking a closer look at its particular features to recognize the need for supply chain risk management in the electronics industry. Most supply chains in the electronics industry are global networks consisting of a single OEM, an "A-supplier", and several small and medium supply companies (SME). These networks are characterized, firstly, by the dominance of the OEM or the A-supplier and, secondly, by the volatile electronics market and its strong fluctuations in demand, short product life cycles, and tremendous potential for technical innovation (Kersten *et al.*, 2008).

It is the combination of environmental turbulence and the focus on ever higher efficiency & productivity of individual companies that makes things difficult for the SMEs in the supply chain. A vital issue is the ability to master existing or occurring risks within the supply chain.

This is why the stabilization of critical supply chains has gained in importance. Risks such as the loss of key suppliers, avoidable inaccuracies in the demand forecast, or unforeseen raw material shortages may have disastrous consequences for the supply chain (Zwißler and Hermann, 2010).

The above-mentioned environmental parameters and the results of the study reveal a pressing need for action in the electronics industry to implement supply chain risk management processes.

To satisfy this need, the Institute of Industrial Manufacturing and Management (IFF) and the Fraunhofer Institute for Manufacturing Engineering and Automation (IPA) together with the Fraunhofer IML from Dortmund carried out the research project STABLE. The project was funded by the BMWi and supported by the AiF.

#### **5.2 A process model for stabilizing SME supply chains in the electronics industry**

Since the process of risk management is not implemented in many companies as shown in the study, the next section introduces the process model for a risk stabilization in SMEs in the electronics industry.

Supply Chain Risk Management in the Electronics Industry 485

To find a suitable approach for the electronics industry, the literature was searched for methods and procedures applicable to the four phases of supply chain risk management. As Figure 14 shows, the 100 methods initially examined for their suitability for a future supply chain risk management approach were reduced to ten methods left for validation and finally

Fig. 14. Process of reducing the number of methods for supply chain risk management

The first step presents methods for identifying critical supply chains that could support a proactive stabilization in subsequent steps. It should be noted that many methods found in the literature are not designed for use in the electronics industry. Accordingly, the following methods were selected and/or customized for use in the electronics industry. These methods were validated in industry and proved to be especially suitable for the

The major advantage of Supply Chain Mapping is its particular time and resource efficiency. Supply chain maps give the user an overview of the key partners, processes and relations within the supply chain. The first step in drawing a supply chain map is to record all suppliers and customers on the map relevant to the supply chain and their locations (Kaufmann and Germer, 2001). Then, the material, information, and financial flows between the supply chain partners are illustrated on the map. Like a road map, the goal is to chart

**5.2.2 Phase I: Risk identification** 

identification of supply chain risks.

only the "motorways" and major "highways" (cf. Figure 15).

**5.2.2.1 Supply Chain Mapping** 

to five methods that could be applied in the process model.

#### **5.2.1 Basics**

The process model developed in the research project enables SMEs in the electronics industry to identify major risks in their supply chains and to produce measures to stabilize them. The separate phases are outlined in Figure 13. It shows that the process model follows the normal risk management cycle described in section 1.3.


Fig. 13. Supply chain risk management cycle

The process model developed in the research project enables SMEs in the electronics industry to identify major risks in their supply chains and to produce measures to stabilize them. The separate phases are outlined in Figure 13. It shows that the process model follows

1. The process model covers four phases. The first one is the risk identification phase. Here, the critical supply chain sections are identified as well as the exact location where the risk occurs. It includes an examination of all supply chain sections, both on the

2. In the second phase, the identified risks are assessed to enable a ranking of the risks. The overall goal of phase I is to identify all risks affecting the relevant supply chain sections mentioned by the employees. The given variety of risks must be prioritized to enable informed decisions on what measures to take. Defining measures for all identified risks would not make sense. Better is to manage critical risks first before,

3. The third Phase deals with the development of measures. The aim is to select and apply targeted measures for those risks ranked in phase II and so to enable risk avoidance,

4. Phase four is very important for the lasting implementation of the first three phases. The entire supply chain risk management cycle should not be a one-off event. It is rather a continuous process, which must be put into practice in everyday work and thus

the normal risk management cycle described in section 1.3.

step-by-step, including less critical risks in the process.

needs to be firmly established in operations and organization.

mitigation, limitation, sharing and transfer.

Fig. 13. Supply chain risk management cycle

supply and on the distribution side.

**5.2.1 Basics** 

To find a suitable approach for the electronics industry, the literature was searched for methods and procedures applicable to the four phases of supply chain risk management. As Figure 14 shows, the 100 methods initially examined for their suitability for a future supply chain risk management approach were reduced to ten methods left for validation and finally to five methods that could be applied in the process model.

Fig. 14. Process of reducing the number of methods for supply chain risk management

#### **5.2.2 Phase I: Risk identification**

The first step presents methods for identifying critical supply chains that could support a proactive stabilization in subsequent steps. It should be noted that many methods found in the literature are not designed for use in the electronics industry. Accordingly, the following methods were selected and/or customized for use in the electronics industry. These methods were validated in industry and proved to be especially suitable for the identification of supply chain risks.

#### **5.2.2.1 Supply Chain Mapping**

The major advantage of Supply Chain Mapping is its particular time and resource efficiency. Supply chain maps give the user an overview of the key partners, processes and relations within the supply chain. The first step in drawing a supply chain map is to record all suppliers and customers on the map relevant to the supply chain and their locations (Kaufmann and Germer, 2001). Then, the material, information, and financial flows between the supply chain partners are illustrated on the map. Like a road map, the goal is to chart only the "motorways" and major "highways" (cf. Figure 15).

Supply Chain Risk Management in the Electronics Industry 487

Fig. 16. Information on the supply chain sections to be retrieved in the Supply Chain Map

Based on the results of the supply chain mapping process, a stress and resilience portfolio was drawn up to identify the critical supply chain sections (Kaufmann and Germer, 2001). This method is aimed at defining the position of each supply chain section in the portfolio in order to find out what sections are particularly vulnerable, depending on stress and resilience. The analysis of the separate supply chain sections regarding the two dimensions of "stress" and "resilience" resorts to questions e.g. about the dynamics or robustness of the section. Then, each dimension is rated on a scale of 1 to 5 and so allows allocating the sections to the portfolio. This is the starting point for identifying and assessing the risks of

A major drawback of the stress and resilience portfolio is that currently applied measures are only included in the assessment in terms of quantity but not with regard to their quality. As a consequence, measures with poor cost/benefit ratio could possibly be applied to increase the resilience of a supply chain. This makes the SRP a suitable tool to identify where action is needed but not to reveal potential cost savings in the supply chain. To

Expense is the general indicator for current risk control activities in each analyzed supply chain section. The higher the numerical value of the expense, the higher the investment in

overcome this drawback, the dimension of expense is added to the SRP procedure.

the critical sections and for implementing measures to stabilize them.

measures for risk control with a sub-optimal cost/benefit outcome.

**5.2.2.3 Stress, resilience and expense portfolio** 

Fig. 15. Example of a supply chain map

Further details on individual locations and flows can also be included. For example, information on lead times, delivery performance, schedule performance, transportation times, capacity, stock levels, the logistics service provider involved, and the relevance of a supplied product for the end product. It should be defined in advance what key factors impacting the supply chain map are to be entered (cf. Figure 16). In view of the amount of information collated, it is necessary to take care that the level of detail is sufficient to make it a useful supply chain map; however, the map should not be too complex in presentation to ensure transparency and traceability.

#### **5.2.2.2 Brainwriting method**

Brainwriting is an intuitive group creativity technique for putting down ideas in writing or generating additional ideas based on the combination of ideas (risks) created by several participants.

This technique allows each participant, in a few minutes, to write down on index cards every single risk associated with the identified supply chain section. They are then discussed by the group (Rückle and Behn, 2007). As part of risk identification, this method uncovers by far the largest number of risks in the corresponding supply chain and the examined supply chain sections.

Further details on individual locations and flows can also be included. For example, information on lead times, delivery performance, schedule performance, transportation times, capacity, stock levels, the logistics service provider involved, and the relevance of a supplied product for the end product. It should be defined in advance what key factors impacting the supply chain map are to be entered (cf. Figure 16). In view of the amount of information collated, it is necessary to take care that the level of detail is sufficient to make it a useful supply chain map; however, the map should not be too complex in presentation to

Brainwriting is an intuitive group creativity technique for putting down ideas in writing or generating additional ideas based on the combination of ideas (risks) created by several

This technique allows each participant, in a few minutes, to write down on index cards every single risk associated with the identified supply chain section. They are then discussed by the group (Rückle and Behn, 2007). As part of risk identification, this method uncovers by far the largest number of risks in the corresponding supply chain and the

Fig. 15. Example of a supply chain map

ensure transparency and traceability.

**5.2.2.2 Brainwriting method** 

examined supply chain sections.

participants.


Fig. 16. Information on the supply chain sections to be retrieved in the Supply Chain Map

#### **5.2.2.3 Stress, resilience and expense portfolio**

Based on the results of the supply chain mapping process, a stress and resilience portfolio was drawn up to identify the critical supply chain sections (Kaufmann and Germer, 2001). This method is aimed at defining the position of each supply chain section in the portfolio in order to find out what sections are particularly vulnerable, depending on stress and resilience. The analysis of the separate supply chain sections regarding the two dimensions of "stress" and "resilience" resorts to questions e.g. about the dynamics or robustness of the section. Then, each dimension is rated on a scale of 1 to 5 and so allows allocating the sections to the portfolio. This is the starting point for identifying and assessing the risks of the critical sections and for implementing measures to stabilize them.

A major drawback of the stress and resilience portfolio is that currently applied measures are only included in the assessment in terms of quantity but not with regard to their quality. As a consequence, measures with poor cost/benefit ratio could possibly be applied to increase the resilience of a supply chain. This makes the SRP a suitable tool to identify where action is needed but not to reveal potential cost savings in the supply chain. To overcome this drawback, the dimension of expense is added to the SRP procedure.

Expense is the general indicator for current risk control activities in each analyzed supply chain section. The higher the numerical value of the expense, the higher the investment in measures for risk control with a sub-optimal cost/benefit outcome.

Supply Chain Risk Management in the Electronics Industry 489

The SREP (cf. Figure 17) helps companies to uncover "hidden" opportunities faster and more efficiently, and quickly locate the highest risk supply chain sections, while enabling them to develop immediate strategies from standard strategies for a proactive

The risk checklist helps companies to identify existing risks. In sum, the checklist covers five risk categories: quality risk, risk of delay, risk of failure, cost risk, and planning risk. The

checklist has been developed during the research project:

Q1) Damage to the material and/or to the end products

d. during the manufacturing process in your company e. during your subcontractors' manufacturing process

Q3) Change of product specifications (without consultation)

the performance of the companies and the supply chain.

Q4) Manufacturing fault (e.g. machine/tool failure, incorrect use, etc.)

Q5) Quality defects due to climate (e.g. dry, damp, cold, or warm climate)

The risk checklist facilitates the identification of certain risk factors and ensures that the process of risk identification covers all risks. The risk checklist brings a more objective method of identification to the complete sub-process of risk identification. The following sequence of steps represents the best and most efficient procedure for the first phase of risk identification with regard to the number and quality of the identified risks (cf. Figure

At first, the supply chain should be mapped to get an overview of information, money and material flows in the analyzed supply chain. It is important not to adopt a too high level of detail in the process of supply chain mapping, as this would be of no avail to the next steps. The brainwriting method is used to uncover additional risks in the analyzed supply chain sections. During validation at the industry partners, this creativity technique turned out to be most effective and profitable, helping to identify by far the most risks. In the next step, the stress, resilience and expense portfolio is applied. It provides detailed information on critical sections in the supply chain, helping to identify those risks with crucial impact on

Finally, we recommend using the risk checklist to identify further risks not yet uncovered

An example is given in the following for the category of "quality risks":

stabilization.

**5.2.2.4 Risk checklist** 

a. at your suppliers

18).

b. during transport to your company c. in the incoming goods department

f. in the outgoing goods department g. during transport to your customers

Q2) Insufficient quality control

by the previous methods.

In capturing the expense, it is particularly challenging to identify the hidden potential for improvement in currently used measures. Taking into account the expense invested, inefficient processes (e.g. three employees ordered to track the shipments of suppliers) are now identified, pointing out opportunities for cost savings (a single employee would be sufficient if the process were redesigned).

With the factor of expense added to the SREP , the user companies get a tool enabling them to analyze and assess the as-is situation (Zwißler and Hermann, 2010).

As a result of the SREP, the following three basic strategies can be presented:


Fig. 17. SREP – The cube of dimensions

The SREP (cf. Figure 17) helps companies to uncover "hidden" opportunities faster and more efficiently, and quickly locate the highest risk supply chain sections, while enabling them to develop immediate strategies from standard strategies for a proactive stabilization.

#### **5.2.2.4 Risk checklist**

488 Risk Management for the Future – Theory and Cases

In capturing the expense, it is particularly challenging to identify the hidden potential for improvement in currently used measures. Taking into account the expense invested, inefficient processes (e.g. three employees ordered to track the shipments of suppliers) are now identified, pointing out opportunities for cost savings (a single employee would be

With the factor of expense added to the SREP , the user companies get a tool enabling them

1. In an isolated case of stress increase, no (substitution) investments need to be made, as the expense can be reduced or dropped if stress normalizes (e.g. cut down on

2. If stress increase is permanent, a lasting solution at a lower expense must be found. In terms of staff capacity, this might mean an increase in productivity (training schemes,

3. If stress increases periodically, the interval becomes relevant. For short intervals, a permanent solution must be found, while for long intervals a short-term increase of expense is usually more favorable. A frequent strategy for this scenario is changing the

to analyze and assess the as-is situation (Zwißler and Hermann, 2010).

As a result of the SREP, the following three basic strategies can be presented:

sufficient if the process were redesigned).

temporary workers and floaters, etc.).

shift schedule to increase staff flexibility.

Fig. 17. SREP – The cube of dimensions

staff qualification).

The risk checklist helps companies to identify existing risks. In sum, the checklist covers five risk categories: quality risk, risk of delay, risk of failure, cost risk, and planning risk. The checklist has been developed during the research project:

An example is given in the following for the category of "quality risks":

Q1) Damage to the material and/or to the end products


Q2) Insufficient quality control


Q5) Quality defects due to climate (e.g. dry, damp, cold, or warm climate)

The risk checklist facilitates the identification of certain risk factors and ensures that the process of risk identification covers all risks. The risk checklist brings a more objective method of identification to the complete sub-process of risk identification. The following sequence of steps represents the best and most efficient procedure for the first phase of risk identification with regard to the number and quality of the identified risks (cf. Figure 18).

At first, the supply chain should be mapped to get an overview of information, money and material flows in the analyzed supply chain. It is important not to adopt a too high level of detail in the process of supply chain mapping, as this would be of no avail to the next steps. The brainwriting method is used to uncover additional risks in the analyzed supply chain sections. During validation at the industry partners, this creativity technique turned out to be most effective and profitable, helping to identify by far the most risks. In the next step, the stress, resilience and expense portfolio is applied. It provides detailed information on critical sections in the supply chain, helping to identify those risks with crucial impact on the performance of the companies and the supply chain.

Finally, we recommend using the risk checklist to identify further risks not yet uncovered by the previous methods.

Supply Chain Risk Management in the Electronics Industry 491

Then, the consequences of the risks are determined. Here, it is important to remember that a risk can give rise to more than a single risk consequence. In our case, the risk consequence could imply a loss of production, but just as well it could only mean internal rework or a

Next follows an estimate of the severity of risk consequences for the customer in the supply chain. In our example, the consequences and their significance for the customers of the supply chain section, i.e. the sensor manufacturer, would be very high, depending on the severity of the quality defect. In this case, the assessment could range from a 2 (for rework)

An additional distinction is made by assessing the probability of occurrence of the risk consequence. In our example, this could mean a loss of production, as worst-case scenario, or rework, as less serious risk consequence, which have to be assessed for their probability of occurrence. The probability of occurrences for each scenario is also ranked with values from 1 (very rare) to 5 (very frequent). The probability of occurrence for the production loss scenario is very low, resulting in a score of 1. By contrast, the probability of occurrence for the rework scenario is certainly much higher, and therefore

After assessing the different parameters, the so-called risk priority number (RPN) can be determined. The RPN is calculated by adding occurrence probability and detection

Fig. 19. The steps of the FMEA

to a 4 (for production breakdown).

scores a 4.

return of goods without causing production losses.

Fig. 18. The steps of phase I: Risk identification

#### **5.2.3 Phase II: Risk assessment**

In the second phase of the process model, the identified risks are assessed. The Failure Mode and Effects Analysis technique has proved to be an ideal risk assessment method for evaluating and ranking the identified risks of phase I.

Failure Mode and Effects Analysis was chosen as the basic risk assessment method. To serve this purpose, it was modified and fully adapted to the requirements of supply chain risk management for SMEs in the electronics industry (Figure 19). The identified risks were ranked for an FMEA assessment. The ranking helps to prioritize the risks for the future development of stabilization measures.

For a better understanding, an example is used to illustrate the FMEA process. The risk lies in insufficient quality control measures at a company supplying a manufacturer of construction equipment sensors.

In the first step, the risks are compared to the logistical goals for risks posing a threat to certain logistical goals. In our case, the poor quality control at the supplier threatens the logistical goal of "right quality".

In the next step, the assessment refers to the parameters of "probability of occurrence" and "probability of detection". First, the risks are assessed for their probability of occurrence in a given period. The assessment is based on a numerical scale from 1 (very rare) to 5 (very frequent). In our example, the possible occurrence of insufficient quality control at the supplier' site is rare and accordingly is ranked a "2". Second, the probability of detection after the risk has occurred is assessed. In our case, where incoming goods are inspected at the sensor manufacturer, it is very high and therefore ranked a "1".

In the following step, the exact risk location, i.e. the place where the risk occurs, is determined. In our case, this place is easily identified at the supplier's site. However, some risks are not so easy to pin down, being composed of a number of consecutive errors, with the real cause of the risk lying somewhere else. But one thing always holds true: if you want a lasting stabilization of risks, treat the cause of the risk.

In the second phase of the process model, the identified risks are assessed. The Failure Mode and Effects Analysis technique has proved to be an ideal risk assessment method for

Failure Mode and Effects Analysis was chosen as the basic risk assessment method. To serve this purpose, it was modified and fully adapted to the requirements of supply chain risk management for SMEs in the electronics industry (Figure 19). The identified risks were ranked for an FMEA assessment. The ranking helps to prioritize the risks for the future

For a better understanding, an example is used to illustrate the FMEA process. The risk lies in insufficient quality control measures at a company supplying a manufacturer of

In the first step, the risks are compared to the logistical goals for risks posing a threat to certain logistical goals. In our case, the poor quality control at the supplier threatens the

In the next step, the assessment refers to the parameters of "probability of occurrence" and "probability of detection". First, the risks are assessed for their probability of occurrence in a given period. The assessment is based on a numerical scale from 1 (very rare) to 5 (very frequent). In our example, the possible occurrence of insufficient quality control at the supplier' site is rare and accordingly is ranked a "2". Second, the probability of detection after the risk has occurred is assessed. In our case, where incoming goods are inspected at

In the following step, the exact risk location, i.e. the place where the risk occurs, is determined. In our case, this place is easily identified at the supplier's site. However, some risks are not so easy to pin down, being composed of a number of consecutive errors, with the real cause of the risk lying somewhere else. But one thing always holds true: if you want

the sensor manufacturer, it is very high and therefore ranked a "1".

a lasting stabilization of risks, treat the cause of the risk.

Fig. 18. The steps of phase I: Risk identification

evaluating and ranking the identified risks of phase I.

**5.2.3 Phase II: Risk assessment** 

development of stabilization measures.

construction equipment sensors.

logistical goal of "right quality".

Fig. 19. The steps of the FMEA

Then, the consequences of the risks are determined. Here, it is important to remember that a risk can give rise to more than a single risk consequence. In our case, the risk consequence could imply a loss of production, but just as well it could only mean internal rework or a return of goods without causing production losses.

Next follows an estimate of the severity of risk consequences for the customer in the supply chain. In our example, the consequences and their significance for the customers of the supply chain section, i.e. the sensor manufacturer, would be very high, depending on the severity of the quality defect. In this case, the assessment could range from a 2 (for rework) to a 4 (for production breakdown).

An additional distinction is made by assessing the probability of occurrence of the risk consequence. In our example, this could mean a loss of production, as worst-case scenario, or rework, as less serious risk consequence, which have to be assessed for their probability of occurrence. The probability of occurrences for each scenario is also ranked with values from 1 (very rare) to 5 (very frequent). The probability of occurrence for the production loss scenario is very low, resulting in a score of 1. By contrast, the probability of occurrence for the rework scenario is certainly much higher, and therefore scores a 4.

After assessing the different parameters, the so-called risk priority number (RPN) can be determined. The RPN is calculated by adding occurrence probability and detection

Supply Chain Risk Management in the Electronics Industry 493

the end, supply chain risk management undergoes a continuous cycle and so ensures that risks to which SMEs in the electronics industry can be exposed are identified early on to be

This study has several limitations. First, the sample size of the study is sufficient but not large. Therefore, the results have to be evaluated in further research with a larger sample size. There are also limitations related to the measures that were used. The length of the questionnaire and the number of items were limited. Further on, the study was limited to mainly German companies. The results might be transferable for companies across Europe, since there is one European economic area. However, the outcomes of the study could be different in other economic areas in the world like the NAFTA, LAC or APEC due to

The developed methodology of a risk stabilization process is focused on the electronics industry. Therefore as there has been a special attention to the risks in this industry branch. Other industry branches might be slightly different in their initial position. But the developed steps and the methods are usable in all industry branches. Therefore, the focus of the risk management process might change but the methods used in the risk management

The study on supply chain risk management has shown that the supply chain risk management is a particularly important and urgent issue in the industry. Especially in the electronics industry with its strong OEMs and weak suppliers the supply chain risk management should be a standardized method in a company and therefore needs to be

Companies increasingly recognize the importance of supply chain risk management, due to globalization and the associated increasing distribution of value-added activities, as well as the expansion and the growing complexity of the supply chains. The study also shows that supply chain risk management must analyze and be based upon both strategic and operational risks. Another interesting finding of the study is that the quality of supply chain risk management decreases with a shrinking vertical range of manufacture, and also that the process quality along the supply chain is reduced on the way to the end consumer. This is an important discovery for the electronics industry, since the distribution of value added and the vertical range of manufacture among the supply chain partners is low in the

It has to be said that future research about the topic of supply chain risk management should focus on broadly based case studies conducted in the European Union and the other economic areas for significant, transnational equation. The developed process model has to be mitigated to other industries and branches. Therefore, future research will be concentrated on the development of methods for a process model that can be used and

counteracted by the development of appropriate measures.

different economic, political and geographical positions.

process will be the same.

taken into account.

electronics industry.

implemented in any industry and industrial sector.

**7. Future work and conclusion** 

**6. Limitations and review of the research** 

probability of risk cause, severity of risk consequence and frequency of risk consequence, multiplied by the value of 5. The method of addition was chosen to avoid a too strong effect by a potentially unrealistic assessment, as would be the case with multiplication, leading to falsified results. Finally, the RPN of each risk can be used to establish a hierarchy of risks. The prioritization of risks affects particularly the important parameters of risk cause, risk consequence as well as significance and frequency of risk consequence.

#### **5.2.4 Phase III: Developing measures and risk control**

It is important to align the development of measures with the preceding prioritization of risks, enabling a useful cost-benefit estimate for the different risk-stabilizing measures. To stabilize the prioritized risks by measures, the following basic strategies can be applied. The basic strategies are described in detail in section 2.2.3:


It has to be said that not all of the mentioned measures are transferable in business. In our point of view and concerning the electronics industry, the transferring of risks to supply chain partners may interrupt the whole supply chain in case of an occurring risk.

#### **5.2.5 Phase IV: Monitoring of measures**

Two fundamental questions must be answered when it comes to the monitoring of measures. One is the question how to integrate supply chain risk management into dayto-day operations. And the other question is who is responsible for supply chain risk management and what organizational unit is responsible for it? During validation in companies of the electronics industry, it became obvious that neither a pure top-down nor a bottom-up approach makes sense. Instead, an interdisciplinary team comprising experts from both operational and strategic (i.e. top management) areas of the business should be put together. This helps to take care of risks which only one of the two groups can identify, whether operational or strategic risks. Letting the top management take part also ensures the organizational integration of supply chain risk management. This leads on to the actual application of the process model. A common mistake in industry is to recognize the importance of the methods of supply chain risk management but to apply them only once. After that, the methods as well as the supply chain risk management process end up in a drawer and are no longer carried out. For the success and usefulness of supply chain risk management, however, it is essential that the process is repeated cyclically.

To ensure maximum benefit, the presented process model should be applied once every year. The identification and validation of risks is done by the core team based on the analysis data of the previous year. So, the data pool is always updated with existing and previously identified risks. Likewise, additional and new risks are integrated in this cycle. In

probability of risk cause, severity of risk consequence and frequency of risk consequence, multiplied by the value of 5. The method of addition was chosen to avoid a too strong effect by a potentially unrealistic assessment, as would be the case with multiplication, leading to falsified results. Finally, the RPN of each risk can be used to establish a hierarchy of risks. The prioritization of risks affects particularly the important parameters of risk cause, risk consequence as well as significance and frequency of risk

It is important to align the development of measures with the preceding prioritization of risks, enabling a useful cost-benefit estimate for the different risk-stabilizing measures. To stabilize the prioritized risks by measures, the following basic strategies can be applied. The

It has to be said that not all of the mentioned measures are transferable in business. In our point of view and concerning the electronics industry, the transferring of risks to supply chain partners may interrupt the whole supply chain in case of an occurring risk.

Two fundamental questions must be answered when it comes to the monitoring of measures. One is the question how to integrate supply chain risk management into dayto-day operations. And the other question is who is responsible for supply chain risk management and what organizational unit is responsible for it? During validation in companies of the electronics industry, it became obvious that neither a pure top-down nor a bottom-up approach makes sense. Instead, an interdisciplinary team comprising experts from both operational and strategic (i.e. top management) areas of the business should be put together. This helps to take care of risks which only one of the two groups can identify, whether operational or strategic risks. Letting the top management take part also ensures the organizational integration of supply chain risk management. This leads on to the actual application of the process model. A common mistake in industry is to recognize the importance of the methods of supply chain risk management but to apply them only once. After that, the methods as well as the supply chain risk management process end up in a drawer and are no longer carried out. For the success and usefulness of supply chain risk management, however, it is essential that the process

To ensure maximum benefit, the presented process model should be applied once every year. The identification and validation of risks is done by the core team based on the analysis data of the previous year. So, the data pool is always updated with existing and previously identified risks. Likewise, additional and new risks are integrated in this cycle. In

**5.2.4 Phase III: Developing measures and risk control** 

basic strategies are described in detail in section 2.2.3:


**5.2.5 Phase IV: Monitoring of measures** 



is repeated cyclically.

consequence.

the end, supply chain risk management undergoes a continuous cycle and so ensures that risks to which SMEs in the electronics industry can be exposed are identified early on to be counteracted by the development of appropriate measures.

### **6. Limitations and review of the research**

This study has several limitations. First, the sample size of the study is sufficient but not large. Therefore, the results have to be evaluated in further research with a larger sample size. There are also limitations related to the measures that were used. The length of the questionnaire and the number of items were limited. Further on, the study was limited to mainly German companies. The results might be transferable for companies across Europe, since there is one European economic area. However, the outcomes of the study could be different in other economic areas in the world like the NAFTA, LAC or APEC due to different economic, political and geographical positions.

The developed methodology of a risk stabilization process is focused on the electronics industry. Therefore as there has been a special attention to the risks in this industry branch. Other industry branches might be slightly different in their initial position. But the developed steps and the methods are usable in all industry branches. Therefore, the focus of the risk management process might change but the methods used in the risk management process will be the same.

### **7. Future work and conclusion**

The study on supply chain risk management has shown that the supply chain risk management is a particularly important and urgent issue in the industry. Especially in the electronics industry with its strong OEMs and weak suppliers the supply chain risk management should be a standardized method in a company and therefore needs to be taken into account.

Companies increasingly recognize the importance of supply chain risk management, due to globalization and the associated increasing distribution of value-added activities, as well as the expansion and the growing complexity of the supply chains. The study also shows that supply chain risk management must analyze and be based upon both strategic and operational risks. Another interesting finding of the study is that the quality of supply chain risk management decreases with a shrinking vertical range of manufacture, and also that the process quality along the supply chain is reduced on the way to the end consumer. This is an important discovery for the electronics industry, since the distribution of value added and the vertical range of manufacture among the supply chain partners is low in the electronics industry.

It has to be said that future research about the topic of supply chain risk management should focus on broadly based case studies conducted in the European Union and the other economic areas for significant, transnational equation. The developed process model has to be mitigated to other industries and branches. Therefore, future research will be concentrated on the development of methods for a process model that can be used and implemented in any industry and industrial sector.

Supply Chain Risk Management in the Electronics Industry 495

Kümmerlein, R. (2009). Betriebe gehen zu sorglos mit Lieferrisiken um, In: *Deutsche* 

Lück, W. (2000). Managementrisiken, In: P*raxis des Risikomanagements: Grundlagen,* 

Mikus, B. (2001). Zur Integration des Risikomanagements in den Führungsprozess, In:

Schlattau, E., Mikus, B. (2001). *Supply Chain Risk Management Make-or-buy-Entscheidungen in* 

Moder, M. (2008). *Supply Frühwarnsysteme die Identifikation und Analyse von Risiken in Einkauf und Supply Management* (1st. Edition), Gabler Verlag, 978-3834912039, Wiesbaden Otterbach, B. (2011). OEMs beziffern Produktionsausfälle. In*: automobil-industrie.vogel.de*,

Rückle, H., Behn, M., (2007). *Unternehmenserfolg mit Zielen: Mit Checklisten, Leitfäden und* 

Schatz, A., Hermann M. (2010*) Risikomanagement in der Beschaffung – Studie 2010*, Fraunhofer-

Schatz, A., Hermann M. (2011). Supply Chain Risk Management – Relevanz und Handlungsbedarf, In: *ZWF Produktionstechnik im Wandel*, book 5/2011 Scholz-Reiter, B., Jakobza J. (1999). Supply Chain Management: Überblick und Konzeption,

Siepermann, C., Vahrenkamp, R. (2007). Grundlagen des Risikomanagements in Supply

Siepermann, C., Vahrenkamp, R. (2008). Empirische Untersuchung zu SC-Risiken und SC-

Wildemann, H. (2006). Gestaltung des Risikomanagements im

<http://www.automobil-industrie.vogel.de/oems/articles/308934> Raithel, J. (2008). Die Befragung als dominantes Datenerhebungsverfahren, In: *Quantitative* 

*Übungen*, expert-Verlag, 978-3816926474, Renningen

\_Risikomanagement\_in\_der\_Beschaffung\_2010.pdf>

73, Erich Schmidt Verlag, 978-3503100415, Berlin

Wirtschaftsdatenbank GmbH, DVZ Nr. 45-406, Hamburg

Kagermann, H. (Ed.), pp. 311-343, 978-3791014524, Stuttgart

Bfi Wien, 978-3902624048, Wien

790814156, Heidelberg

03/31/2011, Available from:

3531161815, Wiesbaden

HMD(207), Heidelberg

KG, 978-3937236261 , München

3503100415, Berlin

Wiesbaden

*Supply Chain Risk Management*, Schlattau, E. (Ed.), pp. 7-21, Wien: Fachhochsch. des

*Verkehrs-Zeitung*, WISO-Datenbank der GBI-Genios Deutsche

*Kategorien, branchenspezifische und strukturelle Aspekte*, Dörner, D., Horváth, P.,

*Risikomanagement*, Götze, U., Henselmann, K., Mikus, B. (Ed.), pp. 67-94, 3-

*der Produktion: Führungsprozesse, Risikomanagement und Modellanalyse*, GUC Gesellschaft für Unternehmensrechnung und Controlling m.b.H., 978-3934235175,

*Forschung - Ein Praxiskurs*, pp. 66, Gabler I GWV Fachverlage GmbH, 978-

Institut für Produktionstechnik und Automatisierung IPA, Retrieved from <http://www.ipa.fraunhofer.de/fileadmin/www.ipa.fhg.de/pdf/Studien/Studie

In: *HMD: Praxis der Wirtschaftsinformatik*, Hildebrand, K., Meinhardt S., pp. 7-15,

Chains. In: *Risikomanagement in Supply Chains*, pp. 16, Erich Schmidt Verlag, 978-

Risikomanagement in Deutschland, In: *Risikomanagement in Supply Chains*, pp. 61-

Leistungserstellungsprozess – Risikomanagement in der Beschaffung. In: *Risikomanagement und Rating*, pp. 141-142, TCW Transfer-Centrum GmbH & Co.

The described process model was developed to help SMEs in the electronics industry to evaluate the criticality of their supply chains. The methodology and the process model provide a systematic procedure that supports companies to minimize risks, enables companies to enhance their performance thanks to more stable supply chains, increases the productivity of companies by reducing the supply-related waiting times, and supports companies to increase their competitiveness based on a stabilized supply chain.

Supply Chain risk management will be a key success factor for companies in a globalized world if they have implemented a risk management process in their organizational structure.

#### **8. References**


The described process model was developed to help SMEs in the electronics industry to evaluate the criticality of their supply chains. The methodology and the process model provide a systematic procedure that supports companies to minimize risks, enables companies to enhance their performance thanks to more stable supply chains, increases the productivity of companies by reducing the supply-related waiting times, and supports companies to increase their competitiveness based on a stabilized supply

Supply Chain risk management will be a key success factor for companies in a globalized world if they have implemented a risk management process in their organizational

Albers, S., Klapper, D., Konrad, U., Walter, A. & Wolf, J. (2007). *Methodik der empirischen Sozialforschung*, Gabler I GWV Fachverlage GmbH, 978-3834904690, Wiesbaden Beckmann, H. (2004). Konzept des Supply Chain Managaments – Risiken, In: *Supply Chain* 

Blome, C. & Henke, M. (2009). Risikomanagement-Standard im Einkauf – Brunnen graben, bevor der Durst kommt, In: *Beschaffung aktuell*, book 12, pp. 30-34, 0343-9704 Brossardt B. (2005). Wertschöpfung hat Wert!, In: *Verband der Bayerischen Metall –und* 

Christopher, M. (1992). *Logistics: The Strategic Issues*, Chapman & Hall, 978-0412597701,

European Commission (2005). *The new SME definition User guide and model declaration.* Office

Grundmann, T. (2008). Der Risikomanagement-Prozess – Schritte, angewandte

Greitemeyer, J. (2004). Expertenbrief zum Thema: Integriertes Risiko-Management für den

Kaufmann, L., Germer, T. (2001). Controlling internationaler Supply Chains Positionierung

Kersten, W., Hohlrath, P., Winter, M. (2008). Risikomanagement in

<www.ratingweb.de/download.php?media\_id=00000162>

R., Urban,G. (Ed.), pp. 177-192, 978-3932306396, Bonn

Springer-Verlag, 978-3540443902, Berlin

*und Technologiemanagement*, 03/21/2010, Available from:

*Management– Strategien und Entwicklungstendenzen in Spitzenunternehmen*", pp. 17,

*Elektroindustrie & TCW Transfer-Centrum GmbH & Co. KG für Produktions-Logistik* 

<http://www.stmwivt.bayern.de/pdf/wirtschaft/Wert\_der\_Wertschoepfung.

for Official Publications of the European Communities, 978-9289479097,

Methoden und Hilfsmittel, In: *Ein anwendungsorientiertes System für das Management von Produkt - und Prozessrisiken*, pp. 27, Apprimus Verlag, 978-

Mittelstand, In: *Wirtschaftsjunioren Deutschland*, 03/25/2010, Available from:

– Instrumente – Perspektiven, In: *Supply Chain Management: Unternehmensübergreifende Prozesse, Kollaboration, IT-Standards*, Arnold, U., Mayer,

Wertschöpfungsnetzwerken – Status quo und aktuelle Herausforderungen, In:

chain.

structure.

**8. References** 

pdf>

London

Luxembourg

3940565105, Aachen

*Supply Chain Risk Management*, Schlattau, E. (Ed.), pp. 7-21, Wien: Fachhochsch. des Bfi Wien, 978-3902624048, Wien


<http://www.automobil-industrie.vogel.de/oems/articles/308934>


Ziegenbein, A. (2007). Identifikation, Bewertung und Steuerung von Supply Chain Risiken –

Zwißler, F. & Hermann, M. (2010). Methodik zur Identifikation und Bewertung von Risiken

81, Vdf Hochschulverlag AG, 978-3728131669, Zürich

8519

eine Methodik, In *Supply Chain Risiken: Identifikation, Bewertung und Steuerung*, pp.

in Supply Chains. *Productivity Management*. 15, 3,(October 2010), pp. 31-33, 1868-

## *Edited by Jan Emblemsvåg*

A large part of academic literature, business literature as well as practices in real life are resting on the assumption that uncertainty and risk does not exist. We all know that this is not true, yet, a whole variety of methods, tools and practices are not attuned to the fact that the future is uncertain and that risks are all around us. However, despite risk management entering the agenda some decades ago, it has introduced risks on its own as illustrated by the financial crisis. Here is a book that goes beyond risk management as it is today and tries to discuss what needs to be improved further. The book also offers some cases.

Risk Management for the Future - Theory and Cases

Risk Management

for the Future

Theory and Cases

*Edited by Jan Emblemsvåg*

Photo by natasaadzic / iStock