A Longitudinal Study of Supply Chain Risk Management Relative To COSO's of Enterprise Risk Management Framework

See discussions, stats, and author profiles for this publication at: https://www.researchgate.
net/publication/263733797
A Longitudinal Study of Supply Chain Risk Management Relative to COSO’s of

Enterprise Risk Management Framework
Article · February 2013
CITATIONS READS
5 6,318
4 authors, including:
Sime Curkovic Thomas Vincent Scannell

Western Michigan University Western Michigan University
68 PUBLICATIONS 2,795 CITATIONS 23 PUBLICATIONS 3,161 CITATIONS
SEE PROFILE SEE PROFILE
Bret J. Wagner
Western Michigan University
26 PUBLICATIONS 663 CITATIONS
SEE PROFILE
All content following this page was uploaded by Sime Curkovic on 03 March 2016.
The user has requested enhancement of the downloaded file.

www.scholink.org/ojs/index.php/mmse Modern Management Science & Engineering Vol. 1, No. 1; February 2013
Original Paper
A Longitudinal Study of Supply Chain Risk Management
Relative to COSO’s Enterprise Risk Management Framework
Sime Curkovic1*, Thomas Scannell1, Bret Wagner1 and Michael Vitek2

1
Haworth College of Business, Western Michigan University, Kalamazoo, MI, 49008, United States
2
Mercedes-Benz Technology, 400 E. Big Beaver Rd, Suite 300, Troy, MI, 48083, United States
* Sime Curkovic, E-mail: Sime.curkovic@wmich.edu
Abstract
This longitudinal study used paired survey responses gathered over a two year period to identify supply
chain risk management (SCRM) strategies and to frame the findings within the context of The
Committee of Sponsoring Organizations (COSO) ERM framework. The research found an increasing
recognition of the need for ERM and SCRM, but integration of strategies, capabilities and resources is
lacking. Respondents indicated an increased use of hedging, approved supplier lists, supplier financial
analysis, supplier performance monitoring and information gathering to manage supply chain risks.
The COSO ERM framework provides a foundation for supply managers to raise awareness of the need
for SCRM, and to integrate and execute SCRM.
Keywords
supply chain risk management, enterprise risk management, COSO, longitudinal study
1. Introduction
Risk management is a critical component of strategy development and execution, and a driver of firm
success. Yet, the number of firms that apply a systematic approach to risk management is somewhat
limited (Beasley et al., 2005; Bowling and Rieger, 2005). Corporate-wide risks may be managed
through enterprise risk management (ERM), which establishes a framework and set of tools for
systematically managing risks, and identifies, assesses and manages risks throughout the value chain
(COSO, 2004).
Supply chain risk management (SCRM) is an integral component of ERM. This research focuses on
SCRM within the context of the ERM framework proposed by The Committee of Sponsoring
Organizations (COSO) of the Treadway Commission (COSO, 2004). There is a shortage of SCRM
empirical research, and this shortage is especially critical in addressing current practice (Sodhi et al.,
2012). Paired longitudinal data from 17 respondents who worked for the same firm over a two year
13
Published by SCHOLINK CO., LTD
period are analyzed to assess factors that affect decisions to develop a systematic approach for SCRM,
the relative impact of SCRM, and changes in approach over time.
Respondents recognize the need for ERM and SCRM, but integration of strategies, processes and
systems is lacking. Despite the recognized need, corporate structures and budgets are not sufficiently
designed to mitigate corporate and supply risks. There appears to be a reduction in spending on SCRM,
and a slip in the supply groups’ understanding of corporate risk management activities.
Respondents are increasing the use of information gathering, monitoring/auditing of a supplier’s
processes, approved supplier lists, credit/financial analysis, and hedging strategies to manage risk. They
are relying less on joint technology development initiatives to mitigate risk. Respondents are generally
satisfied with supply performance, and improvements in logistics reliability and in reduced material
price volatility were reported.
The rest of this paper is organized as follows. The literature review explores ERM and SCRM practices.
Next, the research method is presented, followed by the data analysis. The paper concludes with a
discussion of the findings, with an emphasis on identifying SCRM strategies and framing the findings
within the context of the COSO ERM framework.
2. Literature Review
A systematic approach to risk management is needed to manage the global competitive environment
and increasingly complex supply chains, particularly given increased pressure to comply with a wide
range of regulations, laws and industry guidelines. Enterprise risk management (ERM) has emerged as
a critical approach to mitigate such risks and to proactively take advantage of risk opportunities (Hoyt
and Liebenberg, 2011; Nocco and Stulz, 2006). ERM, which has also been identified as “integrated risk
management” and “holistic risk management” (Hoyt and Liebenberg, 2011), represents an approach to
identify, analyze and proactively plan responses to a wide range of risks (Bowling and Rieger, 2005;
Chapman, 2003).
ERM can positively impact a firm’s performance (Hoyt and Liebenberg, 2011; Smithson and Simkins,
2005). However, a small percentage of firms have developed a detailed understanding of ERM, and
ERM implementation is limited (Chapman, 2003; COSO, 2010). Though ad-hoc risk management may
provide some benefits, silo approaches to risk management lead to inefficient and ineffective risk
management systems (Hoyt and Liebenberg, 2011).
This research adopts the Committee of Sponsoring Organizations (COSO) of the Treadway
Commission (COSO, 2004) ERM framework (Figure 1) to examine the extent of integration and
comprehensiveness of SCRM practices, and to determine if the COSO framework is appropriate for
SCRM planning and execution. The COSO framework was adopted because it is an effective ERM
approach, its adoption rate is increasing, and it appears to becoming an ERM best practice (Moody,
2011; Young and Hasler, 2010).
14
Figure 1. COSO ERM framework
The COSO ERM framework consists of the eight components described in Table 1. These components
support attainment of a firm’s objectives, and all eight components need to be integrated to provide
effective ERM (COSO, 2004; Sobel, 2006). The framework indicates that risk management cuts across
four objectives, described in Table 2 (Ballou and Heitger, 2005; COSO, 2004). Further, the framework
emphasizes that each organizational level (i.e., subsidiary, business units, division, entity) needs to
manage risks, initiated by the “entity level” then aggregated across all levels so that risks may be
managed holistically (Chapman, 2003; COSO, 2004). COSO formally defines ERM as “…a process,
effected by an entity’s board of directors, management and other personnel, applied in a strategy setting
and across the enterprise, designed to identify potential events that may affect the entity, and manage
risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity
objectives.”
Table 1. Interrelated components of the COSO ERM framework

Component Description
Internal Environment Reflects alignment of the firm's risk philosophy, its appetite for risk, the risk management and
ethical culture, human resource policies and practices, assignment of responsibility, and the
organizational structure to manage risks.
Objective Setting Identifies the firm's competitive strategy or positioning (e.g., low cost, high quality, etc.) and
15
related objectives in four areas: strategy, operations, reporting and compliance, which in turn
drives objectives throughout the value chain.
Event Identification Identifies possible internal and external events, and the potential interrelatedness of those
events, that impact a firm's ability to realize its strategy and objectives. Positive impact events
are "opportunities" that are channeled back to strategic planning, while negative impact events
are risks that should be managed through an integrated risk management process to help
determine how such risks might be managed.
Risk Assessment Examines the likelihood, frequency and the impact (e.g., financial, reputation, etc.) of events
across a range (e.g., best to worst case) of possible outcomes associated with the events.
Risk Response Identifies, assesses and selects risk response options that align with the organization's risk
tolerances and risk appetite. Options include avoidance (e.g., not engaging in the activity),
reduction (e.g., rebalancing the risk, reallocating resources, robust business process, etc.),
sharing (e.g., insurance, partnering, contractual agreements, hedging, etc.) and acceptance.
Control Activities Establishes that risk policies and procedures are in place and properly executed, and that the
risk management initiatives are effective. Such controls may include required authorizations,
supervision, segregation of duties, reconciliations and verifications for example.
Information & Requires that internal and external sources be used to provide appropriate and timely risk
Communications related information that enables people to execute their responsibilities. Such communications
need to be integrated throughout the value chain and impacted organizations.
Monitoring Ensures that an ERM is present and determines how well it is working so that it can be
revised and/or expanded.
Table 2. Objectives of the COSO ERM framework

Objective Description
Strategic Mission driven high level goals and objectives (Governance, Strategic Objectives, Business
Model, External Forces, etc.)
Operations Resource development, management and allocation (Business Processes, Upstream Value Chain,
Downstream Value Chain, etc.)
Reporting Information gathering, analysis and communication (Information Technology, Financial, Internal,
Intellectual Property, etc.)
Compliance Conformance with laws and regulations (Securities & Exchange Commission, Environmental,
Legal, Contractual, etc.)
Though ERM is touted as a strategic imperative, there is limited empirical evidence that ERM is
efficient and effective (Hoyt and Liebenberg, 2011). ERM implementation requires significant resource
commitments and a corporate wide cultural shift (Ballou and Heitger, 2005), at times without an
16
appropriate return on the effort (Samad-Khan, 2005). Even COSO cautions that an ERM framework is
not a cure-all and that ERM implementation is a significant challenge (Landsittel and Rittenberg,
2010).
A survey of researchers found that 74.2% of respondents believe supply chain risk management
(SCRM) is a subset or extension of ERM (Sodhi et al., 2012). While there has been an increasing
amount of SCRM research, there is no consensus on the definition or scope of SCRM (Sodhi et al.,
2012). For example, a three-step SCRM process has been proposed: (1) specifying sources of risks and
vulnerabilities, (2) assessment, and (3) mitigation (Kleindorfer and Saad, 2005). Other researchers
proposed a four-step processes (Hallikas et al., 2004; Juttner et al., 2003), while others propose a
five-step process (Manuj and Mentzer, 2008). Though common elements appear across all these
frameworks, there is not yet agreement on what components and definitions constitute a “standard”
SCRM process. The SCRM frameworks also overlap with some of the elements of the COSO
framework, but are not as comprehensive. For example, the COSO framework begins with a
requirement that the internal environment establishes the philosophy, culture and organizational
structure to support risk management. It also requires ongoing monitoring of the risk management
processes, changes in risk, and performance outcomes. These two steps are either omitted or not
emphasized in most of the SCRM frameworks. This comprehensiveness provides further support for
selecting the COSO framework to examine SCRM.
The advancement of research in a discipline (e.g., Just-In-Time Manufacturing, Supply Chain
Management) may be accelerated through the development and validation of frameworks and concepts
generated through exploratory empirical research. For example, the Total Quality Management (TQM)
discipline leveraged standardized frameworks to advance theory building and testing [see for example
(Black & Porter, 1996; Capon, Kaye, & Wood, 1994; Curkovic, Melnyk, Calantone, & Handfield, 2000;
Dean & Bowen, 1994; Flynn, Schroeder, & Sakakibara, 1994; Saraph, Benson, & Schroeder, 1989)].
By leveraging such frameworks, TQM research moved from a focus on case studies (the current state
of SCRM research) to testable models and specific research hypotheses, linking the theoretical concept
of TQM to empirical indicants. Operational definitions and standardized frameworks have contributed
to TQM theory building by identifying the constructs associated with TQM, developing scales for
measuring these constructs, and empirically validating the scales. SCRM research is still in its infancy
stages and would benefit from development of standardized frameworks and concepts.
Even without agreement on broad SCRM frameworks, a variety of supply risks and risk management
strategies have been identified. Supply risks have been classified as supplier, market and item risks
(Zsidisin, 2003) for example. Specific risks include order fulfillment errors, information distortion,
labor disputes, natural disasters, capacity shortages, supplier bankruptcy, exchange rate risks,
government regulations, single sourcing, and port delays for example (Blackhurst et al., 2005; Manuj
and Mentzer, 2008; Tummala and Schoenherr, 2011; Zsidisin and Hartley, 2012).]
17
Different risks require different SCRM processes (Zsidisin and Wagner, 2010). Supply chain risk
management strategies include environmental scanning (Zsidisin et al., 2004), use of capable suppliers
(Manuj and Mentzer, 2008), dual sourcing (Khan and Burnes, 2007), contingency planning
(Kleindorfer and Saad, 2005), supplier credit analysis (Kern et al.), inventory buffers (Tang, 2006),
integration of information systems and supply chain modeling (Giannakis and Louis, 2001), and
speculation, hedging and forward buying (Zsidisin and Hartley, 2012) for example.
Firms face multiple supply risks, whether in combination or isolation. Other risks include supplier
reliability/failure, information errors, natural disasters, shrinkage, capacity shortages, financial
instability, currency exchange rate fluctuations, port security and increased government regulations for
example (Blackhurst, Wu, & O'Grady, 2005; Kumar & Verruso, 2008; Liu & Cruz, 2012; Manuj &
Mentzer, 2008; Tummala & Schoenherr, 2011; Zsidisin & Hartley, 2012). Each risk might require a
specific SCRM technique (Zsidisin & Wagner, 2010).
SCRM treatment options include evaluation and trust building (Laeequddin, Sardana, Sahay, Abdul
Waheed, & Sahay, 2009), use of dual sources (Khan & Burnes, 2007), environmental scanning
(Zsidisin, Ellram, Carter, & Cavinato, 2004), combined capacity reservation contracts and spot markets
(Inderfurth & Kelle, 2011), qualification and use of capable suppliers (Manuj & Mentzer, 2008),
supplier quality management initiatives (Holschbach & Hofmann, 2011), buffer inventory (Tang, 2006),
contingency plans (Kleindorfer & Saad, 2005), credit analysis (Kern, Moser, Hartman, & Moder),
strategic sourcing and flexibility (Chiang, Kocabasoglu-Hillmer, & Suresh, 2012), forward buying or
hedging (Zsidisin & Hartley, 2012) and supplier development (Matook, Lasch, & Tamaschke, 2009) for
example. Despite the plethora of risks and risk management approaches, few firms have a structured
SCRM approach (Martin, Mena, Khan, & Yurt, 2011).
3. Method
The research questions were: 1) Is SCRM approached from a systematic and corporate-wide
perspective? 2) What strategies and processes are used to manage supply risks and are they effective?
and 3) Have SCRM challenges, strategies, processes or outcomes changed over time? From responses
to these questions, managerial implications and future research questions were developed.
This exploratory research used a purposeful sample (Eisenhardt, 1989; Miles and Huberman, 1994).
Criterion for participation included that the company would agree to identify an informed respondent,
reply in a timely manner, and be open to longitudinal research. Targeted respondents worked for
companies that support supply management education and professional associations. A cross section of
industries was targeted to support generalizability.
The first survey was sent to 67 firms. A 68% response rate (46 responses) was realized.
Non-respondents suggested that company policy prevented them from fully participating or that they
would not be able to complete the survey within the time limits. The second survey was sent to 58
18
firms. A 66% response rate (38 responses) was realized. Respondent and company names were
compared across the two surveys. This matching process identified 17 people who responded to both
surveys and who were with the same company at the time of both surveys, allowing for paired t-tests of
17 data sets. The number of paired responses was about as expected because career transitions
anticipated over the two year period.
4. Limitations
The research findings are based on 17 paired responses. The seemingly small sample size might limit
the generalizability of the findings. However, the research was structured as a two-year longitudinal
study which required responses from the same person at the same company. It was anticipated that
supply professionals would move into new positions or move to other organizations, so the sample size
is about the size expected. The majority of responses came from manufacturing firms. Inclusion of
service firms in future research is warranted. Finally, perceptual measures were used as is often the case
in survey research. Future efforts might include objective measures (e.g., actual risk management
spend). An attempt was made to gather objective data, but few firms were willing to provide such data.
The research findings should be considered with the above limitations in mind.
5. Results
Table 3 indicates that the majority of responses were from manufacturing firms. The companies are all
based in North America and have global sales. Table 4 (sales volume) and Table 5 (number of
employees) reflect firm size. Table 6 suggests that respondents are in positions of knowledge about
SCRM.
Table 3. Respondent industry profile

Description Number
Aerospace and Defense 1
Automotive 5
Construction 1
Consumer Products 1
Electronics manufacturers 2
Health Care 2
Manufacturing, Diversified 4
Retail 1
19
Table 4. Respondent sales profile

Sales Count
$50M-$99M 1
$100M-$499M 3
$500M-$999M 3
$1B-$9B 4
$10B-$49B 3
$50B-$99B 3
Over $100B 0
Table 5. Respondent employment profile

Employees Count
Under 50 0
50-99 1
100-499 1
500-999 1
1000-4999 3
5000-9999 3
Over 10000 8
Table 6. Respondent titles

Title Count
Procurement or Supply Chain Leader / Manager / Coordinator 6
Strategic / Senior Buyer 3
Operations / Quality Manager 6
Supply Chain Analyst 2
The results are presented relative to the eight components of the COSO framework. Components 1 and
2 (internal environment and objective setting) and components 3 and 4 (event identification and risk
assessment) are presented in combined sections respectively. The tabulated data are sorted from high to
low mean values based on the second survey data. All “agree / disagree” questions are scaled from “1 =
strongly disagree” to “7 = strongly agree.” All “extent of use” questions are scaled from “1 = not used”
to “7 = extensively used.” Given the exploratory nature of this research, a significance level of p = 0.10
was used for the paired two-tailed difference tests.
5.1 Internal Environment and Objective Setting
Table 7 provides descriptive statistics related to internal environment and objective setting. Consistent
20
with the application of the framework, four subcategories were developed: need, approach, budget and
organization.
Need: Firms indicated that there is a significant need to make SCRM part of their strategic planning
and processes. There is recognition that risk impacts company objectives and that risks need to be
managed proactively. The observations are relatively consistent across surveys 1 and 2, and there are no
statistically significant differences for any items. Despite perceived SCRM importance, some of the
results discussed below suggest that firms are not sufficiently allocating or developing resources for
SCRM.
Approach: Risk management requires an integrated approach. Such integration presents a challenge,
reflected by the high level of agreement that no single set of tools or technologies exist to manage risks.
Though there are no statistically significant differences between survey 1 and 2 items for this data
category, there appears to be a substantial drop (-0.71) in proactive SCRM approaches. Given the
absence of a single set of risk management tools and technologies as well as a relatively reactive
approach to SCRM, perhaps respondents are managing risks on an ad-hoc basis using traditional supply
chain management practices (e.g., spend, contract, and inventory management, demand planning,
benchmarking, building long-term partnerships, etc.).
Budget: Only 18% of respondents somewhat agreed that spending intentions for SCRM were high, and
there was a statistically significant decrease in agreement to this survey item. Though all the firms
allocate funds for SCRM, only slightly more than half agreed that nontrivial amounts are being spent.
Approximately half the firms indicated that there was a dedicated budget for SCRM.
Organization: Organizational readiness for SCRM was low. Though respondents indicated that they
have no intention to outsource risk management, internal SCRM competencies and integration are
lacking. Approximately 71% of the respondents disagreed that they understood the activities performed
by the risk management group, and there was a statistically significant decline in agreement with that
item. Approximately 82% of firms had limited use of supply risk managers who work closely with
corporate risk management. Perhaps the corporate function is involved with SCRM but there is limited
coordination of risk management activities across the organization.
Table 7. Internal environment and objective setting

Survey 1 Survey 2
NEED p (t-test) Mean SD Mean SD
Without a systematic analysis technique to assess risk, much can
0.39 6.12 0.78 6.41 1.06
go wrong in a supply chain.
Managing supply chain risk is an increasingly important
0.45 5.82 1.19 6.12 0.93
initiative for our operations.
21
It is critical for us to have an easily understood method to

0.69 5.65 1.00 5.47 1.42
identify & manage supply chain risk.
We are very concerned about our supply chain resiliency, and
0.88 5.24 1.20 5.29 1.26
the failure implications.
My workplace plans on evaluating or implementing supply
0.34 5.24 1.68 4.76 1.71
chain risk tools and technologies.
APPROACH
There is no single set of tools or technologies on the market for
0.67 5.29 1.72 5.47 1.33
managing supply chain risks.
We are currently using some form of supply chain risk
0.43 4.59 1.91 4.88 1.69
management tools and services.
Managing supply chain risks is driven by reactions to failures
0.30 4.41 1.00 4.76 1.44
rather being proactively driven.
Supply chain risk initiatives are driven from the bottom up
0.50 4.06 1.68 4.35 1.66
rather than top down.
Proactive risk mitigation efforts applied to the supply chain is
0.18 4.65 1.50 3.88 1.73
common practice for us.
BUDGET
We do plan on investing nontrivial amounts in managing supply
0.25 4.94 1.82 4.47 1.37
chain risks.
Funding for managing supply chain risks will come from a
0.66 3.76 2.05 4.12 2.03
general operations budget.
We have a dedicated budget for activities associated with
0.26 3.82 1.88 3.24 2.11
managing supply chain risks.
Our spending intentions for managing supply chain risks are
0.05 * 3.53 1.59 2.76 1.44
very high.
ORGANIZATION
Supply chain employees understand government legislation &
0.76 3.65 1.27 3.53 1.46
geopolitical issues.
I fully understand the activities being performed by our risk
0.01 * 4.65 1.62 3.29 1.36
management group.
My workplace uses supply chain risk managers who work
0.57 1.94 1.25 2.18 1.24
closely with corporate risk mgmt.
We are planning to outsource all or some of our risk
0.40 2.24 1.44 1.88 1.32
management functions.
22
5.2 Event Identification and Risk Assessment

Table 8 indicates that supplier reliability and continuous supply is a top risk factor for supply chains.
Though specific risk issues (e.g., not being able to fulfill a spike in consumer demand) may be carefully
evaluated, only slightly more than half the firms indicated that documenting the likelihood and impact
of risks is a key part of supply chain management. There were no statistically significant differences
between survey 1 and 2 data for this category of items.
Respondents reviewed a list of potential risks and rank ordered the five risks that would have the
greatest impact (e.g., 1 = most severe, 2 = second most severe, etc.) on supply chain or company
performance. Table 9 summarizes second survey data. Only those risks that were selected three or more
times are listed. “Supplier failure/reliability” and “bankruptcy/ruin/default of suppliers” were the most
frequently selected and had the highest average impact, which might explain the firms’ increased
emphasis on consistent supplier monitoring and approved supplier lists (discussed subsequently). The
next three highest ranked factors cannot be directly controlled or influenced by supply, emphasizing the
need for SCRM and ERM integration.
Respondents were presented with the same list of risks and were asked to identify if the risk will
increase, remain the same or decrease in the next two years. Table 10 summarizes the second survey,
sorted from highest to lowest increase. Many macroeconomic factors (e.g., currency exchange,
inflation, geopolitical events, laws and regulations) top the list of greatest increase. This suggests that
the skill sets of supply risk managers may need to continue to expand well beyond traditional supplier
evaluation and monitoring to include broad economic and financial skills, and/or the need for greater
integration of SCRM with ERM.
Table 8. Event identification and risk assessment

Survey 1 Survey 2
p (t-test) Mean SD Mean SD
Supplier reliability and continuous supply is the top risk factor
0.72 5.47 1.37 5.29 1.61
for our supply chain.
Risks of moving manufacturing facilities overseas are
0.65 5.12 1.41 4.94 1.60
carefully evaluated.
Risks of not being able to fulfill a spike in consumer demand
0.35 4.53 1.46 4.82 1.29
are carefully evaluated.
Key metrics are in place to measure the risk associated with
0.20 5.12 1.54 4.47 1.55
key suppliers.
A key part of our supply chain management is documenting
1.00 4.06 1.30 4.06 1.30
the likelihood & impact of risks.
23
We can actually exploit risk to an advantage by taking

0.36 4.35 1.54 4.00 1.66
calculated risks in the supply chain.
Taxes such as excise and VAT impact our supply chain
0.77 4.12 1.73 4.00 1.90
decisions.
We apply high levels of analytical rigor to assess our supply
0.16 4.65 1.62 3.88 2.03
chain practices.
Table 9. Current supply chain risk impact factors

Weighted Average
Risk 1 2 3 4 5 Freq Points Weight
Supplier failure/reliability 4 4 5 1 14 53 3.79
Bankruptcy, ruin, or default of suppliers,
shippers, etc. 7 1 2 10 45 4.50
Natural disasters or accidents (tsunamis,
hurricanes, fires, etc.) 1 1 2 1 5 17 3.40
Energy/raw material shortages and power
outages 1 1 2 1 5 12 2.40
Geopolitical event (terrorism, war, etc.) 1 3 1 5 11 2.20
Intellectual property infringement 1 1 1 1 4 12 3.00
Commodity cost volatility 1 1 1 1 4 10 2.50
Logistics failure 1 3 4 8 2.00
Contract Failure 2 1 3 9 3.00
Strikes – labor, buyers and suppliers 1 1 1 3 8 2.67
Legal liabilities and litigation 2 1 3 7 2.33
Attracting and retaining skilled labor 1 1 1 3 6 2.00
Return policy and product recall
requirements 2 1 3 5 1.67
Information delays, scarcity, sharing, &
infrastructure breakdown 1 2 3 4 1.33
1 = highest risk (then reverse scaled)
Table 10. Projected change in supply chain risks

Risk Decrease No Change Increase
Currency exchange, interest, and/or inflation rate fluctuations 1 2 14
Commodity cost volatility 2 2 13
Banking regulations and tighter financing conditions 2 3 12
24
Government regulations (SOX, SEC, Clean Air Act, OSHA, EU) 0 7 10

Energy/raw material shortages and power outages 1 7 9
Geopolitical event (terrorism, war, etc.) 0 9 8
Customs Acts/Trade restrictions and protectionism 1 8 8
Bankruptcy, ruin, or default of suppliers, shippers, etc. 4 5 8
Customer-related (demand change, system failure, payment delay) 1 8 8
Logistics failure 3 7 7
Port/cargo security (information, freight, vandalism, sabotage, etc.) 0 10 7
Language and educational barriers 5 5 7
Strikes – labor, buyers and suppliers 1 9 7
Insurance coverage 0 10 7
Supplier failure/reliability 6 5 6
Intellectual property infringement 1 10 6
Natural disasters or accidents (tsunamis, hurricanes, fires, etc.) 1 11 5
Ethical issues (working practices, health, safety, etc.) 2 10 5
Legal liabilities and issues 1 11 5
Return policy and product recall requirements 1 11 5
Diminishing capacities (financial, production, structural, etc.) 4 8 5
Contamination exposures – food, germs, infections 1 11 5
Tax issues (VAT, transfer pricing, excise, etc.) 0 13 4
Contract Failure 4 10 3
Unfamiliar business and property laws 2 12 3
Lack of trust with partners 5 9 3
Measuring tools – metrics translate differently 2 12 3
Attracting and retaining skilled labor 4 10 3
Degree of control over operations 4 10 3
Fraud or scandal 1 13 3
Weaknesses in the local infrastructures 2 13 2
Internal and external theft 2 13 2
Property development – local codes and requirements 1 14 2
Obtaining proper bonds & licenses 0 17 0
Information delays, scarcity, sharing, & infrastructure breakdown 7 10 0
5.3 Risk Response

Table 11 classifies risk responses by the categories of acceptance, reduction, and shared risks as
suggested by COSO (a fourth category, avoidance, was not explicitly studied in this effort.) The table
25
suggests that regardless of the strategies and practices used, companies will need to accept that some
risk impacts will be felt due to supply disruptions. Inventory management (e.g., buffers, safety stock)
remains a widely used risk acceptance tactic.
Reduction activities emphasized the use of qualified suppliers. There was a statistically significant
increase in the already extensive use of approved supplier lists. Very few firms (30%) identified
postponement as a risk reduction approach, which is somewhat surprising given the increased
discussion of “postponed differentiation” over the last decade.
Risk sharing emphasizes development of strong supplier relationships, which is consistent with the
increased use of approved suppliers identified earlier. Though not used extensively, there was a
statistically significant increase in the use of hedging strategies. This is likely one driver of the
improvement in reduction of material price volatility (discussed later.) Few firms are extensively
pursuing joint technology development initiatives to share risk, and there was a statistically significant
reduction in the use of this practice. Given a recent emphasis on “open innovation” and that risk is most
effectively and efficiently addressed at early lifecycle stages, this result is also somewhat surprising.
Table 11. Risk response

Response Category Survey 1 Survey 2
ACCEPTANCE p (t-test) Mean SD Mean SD
Inventory management (buffers, safety stock levels, optimal
0.77 5.18 1.59 5.29 1.10
order & production qty.)
Our suppliers are required to have secure sourcing, business
0.78 4.44 1.71 4.29 1.69
continuity, & contingency plans.
Contingency Planning (jointly with suppliers) 0.54 4.00 1.32 4.29 1.36
We have placed an increased focus on inventory management
0.31 4.59 1.23 4.06 1.75
to deal with supply risks.
We are prepared to minimize the effects of disruptions
0.87 3.41 1.23 3.35 1.69
(terrorism, weather, theft, etc.)
REDUCTION
Using an approved list of suppliers 0.08 * 5.59 1.54 6.35 0.86
Multiple sourcing (rather than sole sourcing) 0.55 4.12 1.41 3.94 1.85
Postponement (delaying the actual commitment of resources to
0.29 4.00 1.32 3.47 1.37
maintain flexibility)
SHARING
Partnership formation and long-term agreements 0.43 5.12 0.93 4.88 1.32
Supplier development initiatives 0.33 4.53 1.50 4.82 1.63
26
Speculation (forward placement of inventory, forward buying

1.00 4.24 1.79 4.24 1.35
of raw material, etc.)
Hedging strategies (to protect against commodity price
0.10 * 3.18 1.42 3.94 1.48
swings)
We are hedging our raw materials exposure to reduce input
0.82 3.47 1.50 3.59 1.58
cost volatility.
Joint technology development initiatives 0.00 * 3.88 1.22 2.59 1.42
5.4 Control Activities

There was a statistically significant increase in the use of credit and financial data analysis (Table 12),
perhaps driven by the recent trend of supplier bankruptcies and the increased use of approved supplier
lists. Other control activities such as spend analysis and business process management are also used,
though the degree of integration of such tools is unclear. Training and network optimization tools to
ensure risk management practices are properly executed are used to a lesser extent.
Table 12. Control activities

Survey 1 Survey 2
Activity p (t-test) Mean SD Mean SD
Credit and financial data analysis 0.03 * 4.35 1.80 5.41 1.23
Spend management and analysis 0.91 5.24 1.64 5.18 1.38
Contract mgmt (e.g., leverage tools to monitor performance
0.16 4.18 1.85 4.88 1.36
against commitments)
Business process management 0.13 4.35 1.46 4.82 1.19
Inventory optimization tools 0.46 4.65 2.00 4.35 1.80
We use network design and optimization tools to cope with
1.00 3.41 2.06 3.41 1.50
uncertainty in the supply chain.
Training programs 0.71 3.35 1.46 3.24 1.25
5.5 Information & Communications

Table 13 indicates that information gathering and good communications with suppliers are widely used
risk management practices. There is a statistically significant increase in the already extensive use of
information gathering, emphasizing the importance of information for risk management
decision-making. Despite higher levels of information gathering and communications, there is a
relatively low level of confidence that information is accurate and readily available.
27
Table 13. Information and communication

Survey 1 Survey 2
Item p (t-test) Mean SD Mean SD
Information gathering 0.09 * 5.65 1.22 6.12 1.11
Establishing good communications with suppliers 0.43 5.41 1.06 5.71 1.26
Forecasting techniques (e.g., to pre-build & carry additional
0.87 4.76 1.44 4.71 1.40
inventory of critical items)
Our company uses real-time inventory information and
0.60 4.12 1.65 4.35 1.84
analytics in managing the supply chain.
Visibility (detailed knowledge of what goes on in other parts
of the supply chain – e.g., finished goods inventory, material
0.62 4.12 1.17 4.35 1.50
inventory, WIP, pipeline inventory, actual demands and
forecasts, production plans, capacity, yields, and order status)
Ata warehousing 0.66 4.24 1.75 4.06 1.43
Supply chain risk information is accurate and readily available
0.90 3.65 1.37 3.71 1.76
to key-decision makers.
Demand signal repositories 0.89 3.71 2.05 3.65 1.73
Network design analysis programs 0.55 3.06 1.98 2.88 1.45
5.6 Monitoring
Table 14 reflects a statistically significant increase in the use of consistent monitoring of a supplier’s
process. The consistent analysis of processes, coupled with the already extensive use of supplier
measurement and supplier visits, supports risk mitigation efforts. Directly determining SCRM
effectiveness is difficult, so standard supply measures (e.g., on time delivery) are generally used. Few
firms benchmark their risk management processes relative to best in class.
Table 14. Monitoring

Survey 1 Survey 2
Supplier performance measurement systems 0.69 5.12 1.93 5.29 2.05
Visiting supplier operations 0.88 5.12 1.22 5.18 1.33
Consistent monitoring and auditing of a supplier’s processes 0.02 * 4.00 1.73 5.12 1.87
Benchmarking (internal, external, industry-wide, etc.) 0.90 4.53 1.77 4.47 1.37
We have placed an emphasis on incident reporting to decrease
0.77 4.18 1.67 4.00 1.58
the effects of disruptions.
We actively benchmark our supply chain risk processes
0.76 3.24 1.60 3.12 1.58
against competitors.
28
5.7 Performance Outcomes

Table 15 suggests that most firms are relatively satisfied with SCM performance outcomes. The firms
in this study realized a statistically significant increase in logistics/delivery performance and in reduced
material price volatility. These improvements may be driven by past practices, as well as the increased
use of the practices identified in this research (e.g., consistent supplier performance monitoring,
information gathering, hedging strategies).
Table 15. Satisfaction with performance

Survey 1 Survey 2
Logistics and delivery reliability 0.05 * 4.82 0.88 5.47 1.07
Meeting customer service levels 0.46 5.12 0.86 5.29 0.69
Damage-free and defect-free delivery 0.36 5.47 0.72 5.24 0.83
Supplier reliability and continuous supply 0.29 4.82 0.95 5.18 0.95
Order completeness and correctness 0.48 4.88 0.86 5.06 1.20
Reduced disruptions in the supply chain 0.82 4.76 0.97 4.82 0.95
After sales service performance 0.37 4.35 1.32 4.71 0.92
Inventory management 0.12 4.00 1.32 4.71 1.53
Reduced material price volatility 0.06 * 3.59 1.46 4.41 1.06
Lower commodity prices 0.12 3.71 1.05 4.24 1.20
6. Discussion
Respondents indicated that there is a need for ERM and SCRM, and that there was some management
support for such initiatives. This recognition of need might suggest that the firms have implemented
proactive and integrated SCRM. However, a limited set of firms have the approach, budget and/or
organization to holistically manage risk. There was a statistically significant decrease in spending
intentions for risk management and in the understanding of corporate risk management activities.
While most participants suggested this funding drop was driven by resource limitations, one manager
suggested that recent increased economic activity and stability in the supply chain has driven a funding
drop: “…since the [economic] crisis has eased, it [risk management] has not been a high priority as in
past years. The data is still collected and reviewed but not at a high management level. There has been
a drop off of importance of the supply risk management program since we are seeing stability in the
supply chains.”
Few firms used supply risk chain managers who worked closely with corporate risk management, and
there appears to be limited understanding of the activities being performed by corporate risk
management groups. One manager stated that it is a “lack of experience and lack of planning to reduce
29
risk, and a lack of experience of procurement professionals” that is limiting SCRM preparedness and
implementation. This limited approach was not universal though. One manager indicated that “Supply
risk management is very important to our Materials Department as well as the company. Our Supply
Base Management department is responsible for developing, maintaining, and executing contingency
plans for the supply base. Supply risk management is included in the job description for the Supply
Base Management department. Each Supply Base Analyst is responsible for his/her suppliers. If a
contingency plan is executed, other resources are appointed to assist with the plan until the supply risk
is mitigated. Maintaining our production schedules and keeping the lines running is priority number
one and to date we have not impacted the line, even with the natural disasters in Japan and Thailand.”
Firms will always contend with risk and are unlikely to be able to effectively and efficiently mitigate all
risks, suggesting that firms may need to focus on the highest impact and/or most likely to occur risks.
The survey data indicated that supplier failure is the most common and highest risk factor, and this was
reflected by one analyst: “Day to day the largest failure is nonconforming product and failure to deliver
on-time or the required amount.” A statistically significant increase in the consistent monitoring and
auditing of supplier processes was reported, likely in response to this significant risk.
Bankruptcy and default of suppliers was another high risk impact factor. A statistically significant
increase was found in the use of credit and financial data analysis to control risks. Many firms rely on
external reports such a as the Dun & Bradstreet Supplier Evaluation Risk rating. One supply manager
indicated they use internal analysis coupled with financial analysis from an outside consulting firm to
assess financial risk: “Primarily we’re looking at supplier financial risk. We work with an external firm
to provide financial reports on our suppliers and monitor spend and risk with them. We also use
supplier scorecards that look at cost/quality/delivery which drives good and frequent communication
with the supply base which helps pick up on any underlying risk issues.”
Currency exchange, interest rate changes, inflation and commodity cost volatility were all of growing
concern. To mitigate such risks, a variety of techniques were be used. One supply manager stated:
“…we monitor our core commodity markets on a regular basis. We also have implemented policy of
only doing business in USD and hedging currency risks from a corporate level. We also establish
long-term global contracts with multiple air/ocean and trucking carriers.” Overall, there was a
statistically significant increase in the use of hedging strategies by the firms.
Also of growing concern were the uncertainty and impact of regulations and laws (e.g., SOX, Clean Air
Act, etc.). A supply executive commented: “Major concerns are labor practices, environmental
implications, and the upcoming world custom codes (WCO SAFE Framework, EU Community
Customs Code).” These increasing regulatory pressures further highlight the importance of corporate
and legal department involvement in mitigating “supply” risk.
Risk responses included avoidance, acceptance, reduction and sharing. Though avoidance wasn’t
explicitly examined in this research, one manager commented that avoiding global sourcing risks is an
30
option: “Natural disasters could be more evident and have more of an impact, and global financial
markets could cause companies to look to keep stuff close to home”
A common risk reduction approach was to qualify and use approved suppliers. This approach to risk
management might unintentionally lead to other risks. For example, one risk of using approved
suppliers is the potential to adopt single sourcing when perhaps dual/multiple sourcing would be most
appropriate as one respondent warned: “We single source most items so we are held hostage to
suppliers in regards to price and lead times.” Another manager commented that developing
relationships with suppliers has become more difficult: “there is less loyalty to supply base/partnership
with the ‘internet generation’ of suppliers.”
As expected, companies make extensive use of information and communication to identify, assess and
manage risks. Respondents indicated that there was a statistically significant increase in information
gathering for example. Such processes are fundamental to SCRM, as one manager noted: “The major
failure mode today in the supply chain would be communication, internal and external. I bring this
point up, because this seems like a very small issue, but it can cause significant problems.
Communications internally to plants, customers, or suppliers are crucial to any supply chain. It is
always better to over-communicate or to re-confirm what was agreed upon to all parties to make sure
understanding of the goal is agreed upon.”
Despite the importance of information and communication, there was not a high level of confidence
that risk information was accurate and readily available to support decision-making. Companies have
ideas regarding what information is needed, just not a common method of gathering and using such
information, as exemplified by this manager’s comment: “Our company currently uses way too many
systems to run the supply chain which increases the risk of disconnect and error.” An integrated
information system resolved the issue for one company: “SAP is our infrastructure that facilitates all of
our major activities. If a process is not done through SAP then there is no way to track and control the
process. SAP is a major part of how we identify and analyze risk, because it provides that data and
signals for our company to make decisions. We have multiple reports that are run off the data from SAP
that drive our decision-making and give us early warning on potential issues before they occur.”
7. Conclusion and Future Research

Implementation of SCRM is a challenge. The most significant challenge may be establishing the
commitment and culture needed to manage risks holistically, perhaps because risk management
outcomes cannot be directly measured. Standard supply measures such as on time delivery, not line
disruptions, reflect supply risk management performance but cannot directly measure it. One manager
commented: “The most significant challenge is the inability for firms to seriously consider, continue to
be proactive, and create contingency plans that are updated and kept current given the uncertainty to
measure and quantify the actual ROI of such risk reduction efforts.” Extending contingency planning
31
throughout the value chain provides a higher level of risk mitigation but is challenging to implement as
one manger noted: “The biggest challenge is making suppliers understand the importance of having a
solid contingency plan for their own business. A lot of suppliers consider this work as a paperwork only
exercise and don't put the necessary effort or diligence into the plan. It takes a lot of training and
consulting to make them true believers.”
Supply managers will need to be persistent in communicating to upper management the importance of
SCRM to secure the support, budget and resources necessary to treat risks and meet corporate
objectives. One sourcing manager emphasized this point: “As managers, you are the voice for your
associates and those who may not get the face time with the people who can affect change. The metrics
speak for themselves, so managers need to be able to relate the needed resources to areas in the supply
change that need improvement. In-stocks, fill-rate, turns, inventory, and vendor compliance are all
areas with risk that need adequate resources to meet goals.” The COSO framework provides a good
structure for supply managers to not only identify and treat risks, but to communicate the importance of
SCRM to corporate executives. These concepts, coupled with the shortage of SCRM empirical research
(Sodhi et al., 2012), the following topics may be particularly appropriate for future research.
Area 1: In the long term, does dedicating resources specifically for SCRM and/or ERM provide an
appropriate return on investment?
Major supply disruptions garner a lot of attention and have significant business impacts. Companies
with dedicated proactive risk response organizations and teams generally respond faster in the short
term to such disruptions than do firms without such programs, so it is increasingly suggested that firms
should adopt proactive ERM/SCRM approaches. Perhaps institutional theory (DiMaggio and Powell,
1983; Oliver, 1991) is driving companies to adopt formal ERM/SCRM structures. In the long term,
what is the appropriate level of resources, budget and time that a firm should spend on structured risk
management programs as opposed to maintaining a “just in case” budget to support contingency
responses?
Area 2: Coalescing around a standard risk framework.
We reviewed SCRM frameworks and noted that the COSO framework provides a more comprehensive
framework that is already adopted in various industries. Existing SCRM frameworks have advanced
our understanding of SCRM, but has it reached the point that researchers should agree to a common
framework and will the COSO ERM framework become the de-facto standard? SCRM is generally
believed to be a subset of ERM (Sodhi et al., 2012) and COSO is expected to be widely adopted
(Moody, 2011; Rubenstein et al., 1976), so it may be a reasonable choice. If this standard is widely
accepted, will it lead to a relatively standardized set of tools and templates so that risk management
research may become more standardized?
Area 3: Impact and utilization of ERP and other information-technology tools.
Firms in this study used a variety of information-based technology and applications for supply
32
management efforts that support risk management (e.g., information gathering, partnership formation,
supplier measurement, communications, inventory management, spend management, etc.) However,
there was limited indication that IS/IT is being used in “new” ways (e.g., joint technology development,
data warehousing, network design analysis programs, demand signal repositories, inventory
optimization tools, etc.) to proactively understand, model, and cope with increasing levels of supply
risks.
IT/IS tools are becoming increasingly sophisticated, and pervasive with the growth of technologies
such as internet-based systems, cloud computing, in-memory computing and mobile device interfaces.
These tools should provide the technology necessary to evaluate and monitor supply chain risk drivers.
The question will be how quickly can such tools be adopted and how effective will they become? What
is preventing adoption of current tools throughout the supply chain, and what might slow the adoption
of newer tools?
Area 4: Growth of the risk management function within organizations.
Just as there has been a change in organizations to grow from isolated functions of production
management, purchasing and transportation to the more holistic supply chain management function,
will there be a similar growth in the risk management function? Will this continue to be something that
is more of an afterthought by people with direct line responsibilities, or will acceptance of the COSO
framework lead to more firms adopting a corporate risk management officer and risk management
organization? Will SCRM become a common organizational structure in firms? Should each function
develop their own risk management structure and budget (e.g., financial risk management, project risk
management, design risk management) or should all risk management be centralized?
Further, should SCRM or components of SCRM be outsourced? Firms already rely on external agents
to assess and predict supplier financial performance. Further, suppliers often must or voluntarily
comply with external standards (e.g., ISO 9000, GAAP, SOX, etc.). To what extent are such issues
supportive of or detrimental to risk management outcomes?
Area 5: Link between open innovation and risk?
Firms such as P&G, Phillips and Ford increasingly collaborate with suppliers during early stage product
development to achieve innovation. Though risk management is part of that process, few firms in this
study integrated supplier into product development specifically to reduce risks. Since risk is best
addressed in early development, is this a potentially important process for firms to adopt? One
complaint is that assessing supplier risk delays the development process. Will supply personnel
increasingly need to adopt rapid process assessment techniques to contribute to early stage risk
mitigation efforts?
Acknowledgements
The authors would like to take this opportunity to thank the following Western Michigan University
33
undergraduate students for their participation in this research project: Mr. Jamie A. Loeks, Mr. Judson
A. McCulloch, and Ms. Priyanka Parekh.
References
Ballou, B., & Heitger, D. (2005). A Building Block Approach for Implementing COSO's Enterprise
Risk Management-Integrated Framework. Management Accounting Quarterly, 6, 1-10.
Beasley, M., Clune, R., & Hermanson, D. (2005). ERM: A Status Report. The Internal Auditor, 62,
67-72.
Black, S., & Porter, L. (1996). Identification of the Critical Factors of TQM. Decision Sciences Journal,
27(1), 1-21.
Blackhurst, J., Wu, T., & O'Grady, P. (2005). PDCM: A Decision Support Modeling Methodology for
Supply Chain, Product and Process Design Decisions. Journal of Operations Management, 23,
325-343.
Bowling, D., & Rieger, L. (2005). Making Sense of COSO's New Framework for Enterprise Risk
Management. Bank Accounting & Finance, Feb/Mar, 35-40.
Capon, N., Kaye, M., & Wood, M. (1994). Measuring the Success of a TQM Programme. International
Journal of Quality and Reliability Management, 12(8), 8-22.
Chapman, C. (2003). Bringing ERM into Focus. The Internal Auditor, 60, 30-35.
Chiang, C. Y., Kocabasoglu-Hillmer, C., & Suresh, N. (2012). An Empirical Investigation of the Impact
of Strategic Sourcing and Flexibility on Firms Supply Chain Agility. International Journal of
Operations and Production Management, 32(1), 49-78.
COSO. (2004). Enterprise Risk Management - Integrated Framework. Committee of Sponsoring
Organizations of the Treadway Commission.
COSO. (2010). Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM
Framework. Committee of Sponsoring Organizations of the Treadway Commission.
Curkovic, S., Melnyk, S., Calantone, R., & Handfield, R. (2000). Validating the Malcolm Baldrige
National Quality Framework Through Structural Equation Modeling. International Journal of
Production Research, 38(4), 765-791.
Dean, J., & Bowen, D. (1994). Management Theory and Total Quality: Improving Research and
Practice through Theory Development. Academy of Management Journal, 19(3), 392-418.
DiMaggio, P., & Powell, W. (1983). The Iron Cage Revisited: Institutional Isomorphism and Collective
Rationality in Organizational Fields. American Sociological Review, 48, 147-160.
Eisenhardt, K. (1989). Building Theories from Case Study Research. The Academy of Management
Review, 14, 532-550.
Flynn, B., Schroeder, R., & Sakakibara, S. (1994). A Framework for Quality Management Research
and an Associated Instrument. Journal of Operations Management, 11(4), 339-366.
34
Giannakis, M., & Louis, M. (2001). A Multi-Agen Based Framework for Supply Chain Risk
Management. Journal of Purchasing and Supply Management, 17, 23-31.
Hallikas, J., Karvonen, I., Pulkkinen, U., Virolainen, V. M., & Tuominem, M. (2004). Risk
Management Processes in Supplier Networks. International Journal of Production Economics, 90,
47-58.
Holschbach, E., & Hofmann, E. (2011). Exploring Quality Management for Business Services from a
Buyer's Perspective Using Multiple Case Study Evidence. International Journal of Operations &
Production Management, 31(6), 648-685.
Hoyt, R., & Liebenberg, A. (2011). The Value of Enterprise Risk Management. Journal of Risk and
Insurance, 78, 795-822.
Inderfurth, K., & Kelle, P. (2011). Capacity Reservation Under Spot Market Price Uncertainty.
International Journal of Production Economics, 133(1), 272-279.
Juttner, U., Peck, H., & Christopher, M. (2003). Supply Chain Risk Management: Outlining an Agenda
for Future Research. International Journal of Logistics, 6, 197-210.
Kern, D., Moser, R., Hartman, E., Moder, M. (2012). Supply Risk Management: Model Development
and Empirical Analysis. International Journal of Physical Distribution & Logistics Management,
42, 60-82.
Khan, O., & Burnes, B. (2007). Risk and Supply Chain Management: A Research Agenda. The
International Journal of Logistics Management, 18, 197-216.
Kleindorfer, P. R., & Saad, G. H., (2005). Managing Disruptions in Supply Chains. Production and
Operations Management, 14, 53-68.
Kumar, S., & Verruso, J. (2008). Risk Assessment of the Security of Inbound Containers at US Ports: A
Failure, Mode, Effects, and Criticality Analysis Approach. Transportation Journal, 47(4), 26-41.
Laeequddin, M., Sardana, G. D., Sahay, B. S., Abdul Waheed, K., & Sahay, V. (2009). Supply Chain
Partners Trust Building Process through Risk Evaluation: The Perspectives of UAE Packaged
Food Industry. Supply Chain Management, 14(4), 280-290.
Landsittel, D., & Rittenberg, L. (2010). COSO: Working with the Academic Community. Accounting
Horizons, 24, 455-469.
Liu, Z., & Cruz, J. (2012). Supply Chain Networks with Corporate Financial Risks and Trade Credits
Under Economic Uncertainty. International Journal of Production Economics, 137(1), 55-67.
Manuj, I., & Mentzer, J. T. (2008). Global Supply Chain Risk Management. Journal of Business
Logistics, 29, 133-156.
Martin, C., Mena, C., Khan, O., & Yurt, O. (2011). Approaches to Managing Global Sourcing Risk.
Supply Chain Management, 16(2), 67-81.
Matook, S., Lasch, R., & Tamaschke, R. (2009). Supplier Development with Benchmarking as Part of a
Comprehensive Supplier Risk Management Framework. International Journal of Operations and
35
Production Management, 29(3), 241-267.

Miles, M., &Huberman, A. (1994). Qualitative Data Analysis: A Sourcebook of New Methods.
Newbury Park, CA: Sage Publications.
Moody, M. (2011). COSO Framework Proves Efficacious. Rough Notes, 154, 130-132.
Nocco, B., & Stulz, R. (2006). Enterprise Risk Management: Theory and Practice. Journal of Applied
Corporate Finance, 18, 8-20.
Oliver, C. (1991). Strategic Responses to Institutional Processes. Academy of Management Review, 16,
145-179.
Rubenstein, A. H., Chakrabarti, A. K., O'Keefe, R. D., Souder, W. E., & Young, H. C. (1976). Factors
influencing success at the project level. Research Management, 16, 15-20.
Samad-Khan, A. (2005). Why COSO is Flawed. Operational Risk, 6, 24-28.
Saraph, V., Benson, P., & Schroeder, R. (1989). An Instrument for Measuring the Critical Factors of
Quality Management. Decision Sciences, 20(4), 810-829.
Smithson, C., & Simkins, B. (2005). Does Risk Management Add Value? A Survey of the Evidence.
Journal of Applied Corporate Finance, 17, 8-17.
Sobel, P. (2006). Building on Section 404: Investments in Sarbanes-Oxley Compliance can Provide a
Solid Foundation for Enterprise Risk Management Projects. The Internal Auditor, 63, 38-44.
Sodhi, M. S., Son, B. G., & Tang, C. S. (2012). Researcher's Perspective on Supply Risk Management.
Productions and Operations Management, 21, 1-15.
Tang, C. S. (2006). Perspectives in Supply Chain Risk Management. International Journal of
Production Economics, 103, 451-488.
Tummala, R., & Schoenherr, T. (2011). Assessing and Managing Risks Using the Supply Chain Risk
Management Process (SCRMP). Supply Chain Management, 16, 474-483.
Young, G., & Hasler, D. (2010). Managing Reputational Risks: Using Risk Management for Business
Ethics and Reputational Capital. Strategic Finance, 92, 37-46.
Zsidisin, G. (2003). Managerial Perceptions of Supply Risk. Journal of Supply Chain Management, 39,
14-25.
Zsidisin, G., & Hartley, J. (2012). A Strategy for Managing Commodity Price Risk. Supply Chain
Management Review, Mar/Apr, 46-53.
Zsidisin, G., & Wagner, S. (2010). Do Perceptions become Reality? The Moderating Role of Supply
Chain Resiliency on Disruption Occurrence. Journal of Business Logistics, 31, 1-20.
Zsidisin, G., Ellram, L., Carter, J., & Cavinato, J. (2004). An Analysis of Supply Risk Assessment
Techniques. International Journal of Physical Distribution & Logistics Management, 34, 397-413.
36
View publication stats

A Longitudinal Study of Supply Chain Risk Management Relative To COSO's of Enterprise Risk Management Framework

Uploaded by

Copyright:

Available Formats

A Longitudinal Study of Supply Chain Risk Management Relative To COSO's of Enterprise Risk Management Framework

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Longitudinal Study of Supply Chain Risk Management Relative To COSO's of Enterprise Risk Management Framework

Uploaded by

Copyright:

Available Formats

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

A Longitudinal Study of Supply Chain Risk Management Relative to COSO’s of

Article · February 2013

Sime Curkovic Thomas Vincent Scannell

SEE PROFILE SEE PROFILE

The user has requested enhancement of the downloaded file.

A Longitudinal Study of Supply Chain Risk Management

Relative to COSO’s Enterprise Risk Management Framework

Sime Curkovic1*, Thomas Scannell1, Bret Wagner1 and Michael Vitek2

Figure 1. COSO ERM framework

Table 1. Interrelated components of the COSO ERM framework

Table 2. Objectives of the COSO ERM framework

Table 3. Respondent industry profile

Table 4. Respondent sales profile

Table 5. Respondent employment profile

Table 6. Respondent titles

Table 7. Internal environment and objective setting

It is critical for us to have an easily understood method to

5.2 Event Identification and Risk Assessment

Table 8. Event identification and risk assessment

We can actually exploit risk to an advantage by taking

Table 9. Current supply chain risk impact factors

Table 10. Projected change in supply chain risks

Government regulations (SOX, SEC, Clean Air Act, OSHA, EU) 0 7 10

5.3 Risk Response

Table 11. Risk response

Speculation (forward placement of inventory, forward buying

5.4 Control Activities

Table 12. Control activities

5.5 Information & Communications

Table 13. Information and communication

Table 14. Monitoring

5.7 Performance Outcomes

Table 15. Satisfaction with performance

7. Conclusion and Future Research

Production Management, 29(3), 241-267.

View publication stats

You might also like