Development of a Proactive Supply Risk Management Model

Abstract: Supply risk management (SRM) is a well-established aspect in the field of supply chain management (SCM) that has gained even more relevance due to the ongoing covid-19 pandemic. Many articles have been published relating to the topic, such as Norrman and Jansson (2004) and Zsidisin (2003a). To ensure the academic contribution of this thesis, the authors specifically focused on SRM for companies present in the agrifood industry, which addresses the need for industry-specific research highlighted by Hoffman, Schiele, and Krabbendam (2013). In theory, SRM is typically centered around the steps (1) risk identification, (2) risk assessment, and (3) risk mitigation. In addition to these steps, the elements of (4) risk monitoring and (5) risk organization were also considered. The purpose of this master’s thesis was to develop a proactive SRM model for Company Alpha, a medium-sized company present in the Swedish agrifood industry. The purpose was defined jointly with the practitioners at the company to address the perceived issues caused by lacking transparency in their upstream supply chain. Five research questions were stated, relating to how Company Alpha should work with the different elements of the SRM process. This thesis has been a complete elaboration between the two authors. Each author has been involved in every part of the process and contributed equally. The model was developed following a constructive research method inspired by Kasanen, Lukka, and Siitonen’s (1993) article. In this thesis, the authors adopted an abductive research approach with a system view, where the different aspects of the SRM process were viewed as elements of a complete system. To allow for more rigorous conclusions, a multiple case study including four case companies was conducted. The case companies were selected based on literal replication in a screening process with certain predefined selection criteria. The analysis indicated similar patterns across the case companies. All companies had a mature process for quality and food safety-related risks, driven by regulatory requirements, but were not considering more general supply risks as thoroughly. To varying degrees, a lack of structure, documentation, conceptual tools, regularity, and consistency were observed at different aspects of all companies’ SRM processes. In some cases, there were also a lack of cross-functionality. The practical implication of this finding might be that SRM is an area where many small and medium-sized companies in general are struggling with and would benefit from a more structured process. While this model was developed specifically for Company Alpha, the authors argue that it can still be useful for other similar companies with minor modifications. The recommended model was presented in accordance with the research questions and developed based on theoretical findings, takeaways from the analysis, and input from the stakeholders at Company Alpha. A primary process performed on an annual basis was suggested, with some complementary elements conducted in a more continuous manner throughout the year. Moreover, the authors identified certain enablers that Company Alpha should get in place to enhance their SRM and also enable positive effects on their general purchasing work, i.e. an upstream supply chain mapping and a Kraljic segmentation. In the risk identification step, the authors recommended a thorough identification part of the annual process, where cause-effect diagrams and brainstorming are utilized to list relevant risks. Moreover, risks should be identified from supplier contact and internal meetings continuously. In the risk assessment step, it is proposed to evaluate the identified risks in terms of their probability of occurrence and potential impact, prioritize them based on a risk score, and visualize the output in matrix format. In the risk mitigation step, a comprehensive framework of potential mitigation actions was presented. The authors suggested that relevant actions are determined and pursued based on their (1) alignment with overall company strategy, (2) alignment with product strategy, (3) costs and/or issues, and (4) benefits. In the risk monitoring step, the authors proposed that a risk owner and monitor date are determined for each risk. On the monitor date, the risk owner should evaluate (1) whether there have been any changes to the risk source, and (2) the performance of the pursued mitigation action. Moreover, the monitoring step also includes an evaluation form that all process participants should complete to allow for an element of continuous improvement. Lastly, the risk organization contains two aspects: (1) risk culture and (2) process governance. In terms of risk culture, the authors identified six cultural levers that the company should consider to ensure a strong culture, i.e.: (1) cross-functional participation, (2) formalized risk training, (3) top management prioritization, (4) proactive mindset, (5) continuous improvement, and (6) documentation. In terms of process governance, it was advised that the management team fulfills the role of a governing body to monitor the performance of the process. It was suggested that they discuss the risk topic on (at least) a quarterly basis.