A Survey on Risk-management and Tooling Support
for Procurement Processes in Supply Chains
Stephan Printz
1
, Johann Philipp von Cube
2
, Christophe Ponsard
3
, Renaud De Landtsheer
3
,
Gustavo Ospina
3
, Philippe Massonet
3
, Robert Schmitt
2
and Sabina Jeschke
1
1
Institute for Management Cybernetics (IfU), RWTH Aachen University, Aachen, Germany
2
Fraunhofer Institute for Production Technology (IPT), Aachen, Germany
3
CETIC Research Centre, Charleroi, Belgium
Keywords:
Discrete Event Simulation, Manufacturing, Supply Chain, Procurement Risks, Risk Management.
Abstract:
Managing risks in supply chains is challenging for most companies given that the globalisation process is
strengthening production constraints and also introducing more procurements risks. This is difficult for smaller
companies in particular as they lack the resources necessary to develop specific expertise or buy expensive
tools. Our research aims to address these issues by proposing an easy to use, yet powerful, tool-supported
methodology. As a first step, we conducted a survey of the relevant industries, which were mostly based in
Germany and Belgium. The goal of the survey was to assess the current state of risk management practices
and identify the associated requirements specific to our SME target. This paper presents the outcomes of our
survey based on the results collected from a representative sample of 70 participating companies. These results
yield interesting observations regarding the characterisation of the people in charge of risk management, their
perception of the importance of risk categories, the current ways to manage these risks and the tooling used.
We also collected several recommendations for how tools could better support risk assessment and drive the
rest of our research.
1 INTRODUCTION
Supply chain risk management (SCRM) is the imple-
mentation of strategies in order to manage both ev-
eryday and exceptional risks throughout the supply
chain. This will be achieved by continuously carrying
out risk assessments with the objective being to re-
duce the number of vulnerabilities, thus ensuring con-
tinuity (Wieland and Wallenburg, 2012). Such risks
can occur for several reasons, both externally (pro-
curement risks of geographic, political, social nature,
etc.) and internally (machine reliability, nature of spe-
cific operations, etc.). The Risk management (RM) is
performed by either qualitative or quantitative mod-
els (Printz et al., 2015). In terms of legal require-
ments and reporting issues, quantitative risk models
are used. An accepted standard of quantitative risk
management is the Value at Risk (VaR) standard com-
bined with the Monte Carlo Simulation, which are
then adapted according to their application (McNeil
et al., 2005)
Helping company managers make the right deci-
Figure 1: Risk management process according (ISO, 2009).
sions in the face of risks is not an easy task. Small
and medium enterprises (SMEs) are particularly chal-
lenged because they have limited resources to devote
to this task, despite the fact that failing to address such
risks could dramatically affect their business. The
ultimate goal of our research is to produce a user-
friendly, tool-supported methodology that will guide
the user through the whole process of risk assessment,
as shown in Figure 1.
Initially, it was important to fully characterise
Printz, S., Cube, J., Ponsard, C., Landtsheer, R., Ospina, G., Massonet, P., Schmitt, R. and Jeschke, S.
A Survey on Risk-management and Tooling Support for Procurement Processes in Supply Chains.
DOI: 10.5220/0006010903270332
In Proceedings of the 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications (SIMULTECH 2016), pages 327-332
ISBN: 978-989-758-199-1
Copyright
c
2016 by SCITEPRESS Science and Technology Publications, Lda. All rights reserved
327
the current practices of SMEs with respect to supply
chain risks:
What are the risks perceived by companies ?
How do they rank them in terms of importance,
taking into account both likelihood and impact ?
How do they manage such risks in terms of people
and tools ?
What do they require of methods and tools in or-
der to integrate them into their business?
The paper is structured as follows: section 2 pro-
vides an overview regarding risk classification and
risk management methods, Section 3 presents the
survey process, Section 4 provides an overview of
the main characteristics of the participating compa-
nies, Section 5 considers specific procurement as-
pects, Section 6 describes risk perception, Section 7
looks at the current tools and collects the require-
ments necessary for better tool support. Finally sec-
tion 8 concludes with an answer to the identified
SMEs needs.
2 LITERATURE REVIEW
According to ISO 31000, risk is defined as the im-
pact on uncertainty to objectives (ISO, 2009). The ob-
jectives to be assessed are, for instance, strategic, or-
ganisational, and related to projects, products or pro-
cesses. However, Heckmann pointed out that there
is no common definition of SCRM (Heckmann et al.,
2015). This literature review provides an overview
of several classes of risks. In order to reduce com-
plexity, an aggregation of three risk classes was per-
formed, which considers the transportation and ware-
house risks in the context of manufacturing. Quantity
risks are related to how a lack or excess of materi-
als (from raw materials to produces) can affect the
manufacturing process. Quality risks are related to
the good or bad conditioning of materials as well as
the respect of specifications for internal quality. Fi-
nally, Delay risks concern the time aspects, especially
for the supplying of materials, the processing time
and the transport from/to warehouses. Those classes
are shown in Table 1, and they are widely reported
in the literature (Blackhurst et al., 2008; Chopra and
Sodhi, 2004; Mangla et al., 2015; Manuj and Mentzer,
2008; Oke and Gopalakrishnan, 2009; Punniyamoor-
thy et al., 2013; Sodhi and Lee, 2007; Sodhi and Tang,
2012; Thun and Hoenig, 2011).
The quantitative assessment of supply chain risks
is evaluated using the probability of risk and its ex-
pected impact. For instance, Ziegenbein extended
the approach to the number of suppliers and interrup-
tion time. However, this approach is a mathemati-
cal model. There is no connection to the process and
value added chain (Ziegenbein, 2006).
Table 1: Risk classification.
Risk class Definition Root cause
Quantity risks leading to de-
viations in the dis-
posed quantity
insolvency, storage, order cy-
cle, sourcing strategy, sup-
plier, order strategy
Quality risks regarding the
quality of supplied
goods
processing, sourcing strategy,
supplier, logistics
Delay risks causing
unscheduled devia-
tions
processing, logistics, delivery
time, transportation capacity,
number of brokers / transfer
points
3 SURVEY PROCESS
The survey was carried out between October 2014 and
mid-2015. It was based on a trilingual form (French,
German, English) that was distributed to companies in
Wallonia and Germany via different communication
channels, such as dedicated mailing lists and social
networks. The geographical factors were determined
by the collaborative SimQRi project, which involved
different industrial partners and focused on risk as-
sessment (Printz et al., 2014).
The survey was composed of about 40 questions
in total and had different sections: one to understand
the company size and business, one to understand the
importance of the procurement process, another to
identify the current way in which risks are managed,
and finally one to determine the requirements neces-
sary for better tool support. Figure 2 illustrates a typi-
cal question, designed to be simple to understand and
answer. The indicative time needed to answer the sur-
vey is about 15 minutes. The survey was available
through a dedicated website for surveys.
Figure 2: Example of question.
SIMULTECH 2016 - 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications
328
4 CHARACTERISATION OF
PARTICIPATING COMPANIES
Around 70 companies answered the invitation and de-
spite their answers being anonymous, we were able to
record the contact data of the companies interested
in following the project and wanting to get more in-
volved in the process through a user committee. The
initial user committee was also the first target group
used to fine-tune the survey before it was released to
a wider audience. The average age of the participants
was 44.84 years, 9 were female and 61 male. The av-
erage number of years of professional experience in
the sector of risk management was 15.12.
Figure 3: Main characteristics of participating companies.
A global overview of the whole sample is depicted
in Figure 3. The number of participating companies
was balanced between Belgium and Germany (given
the size of the activity sectors in both countries). A
great variety of manufacturing industrial sectors were
covered, with no predominance of any specific sector.
The majority of the companies were medium-sized
(between 50 and 250 employees), though Walloon
companies tended to be smaller, which corresponds
well to their economic make-up. About one third (26
participants) had a position associated with risk man-
agement, 21 participants are not compelled to carry
Figure 4: Sectors represented in the survey.
Figure 5: Size and turnover of the participating companies.
out risk management but do so anyway, 13 partici-
pants have a little experience with risk management
but are interested, and 5 participants have no experi-
ence with risk management at all.
The main sectors of activities are shown in Fig-
ure 4. The automotive industry (10%) and ma-
chine construction (10%) are leading, followed by
electric/electronic industry (8,6%), chemistry/plastics
(8,6%) and the metal production/working (4,2%).
Other sectors are less represented. Over 58 of the
companies participating are located in Germany, five
in Belgium, one in the Netherlands, and three are from
other countries in the European Union (EU). Three
other companies are located outside of the EU. Glob-
ally this is consistent with the survey area and relative
importance of the sectors within that area.
The size and turnover results present quite a simi-
lar profile, as shown in Figure 5. Less than four com-
panies have fewer than 50 employees (”small” size),
25 companies have up to 250 employees (”medium”
size) and 13 companies are over 250 employees.
Finally, in regards to procurement risks more
specifically, for the most part the participating compa-
nies were manufacturers of final products (60% of an-
swers), however there was also a significant number
of part assembly companies (25%), as well part sup-
pliers (15%), though to a lesser extent. With respect
to the number of suppliers for each company, Figure
6 shows the average of suppliers is quite high. Inter-
A Survey on Risk-management and Tooling Support for Procurement Processes in Supply Chains
329
Figure 6: Distribution of the number of suppliers.
estingly, there were as many companies present with
fewer than 100 suppliers, as companies with more
than 100 suppliers. This calls for methods and tools
able to manage an important supplier base.
5 RISK MANAGEMENT
Asked where risk management takes place in the com-
pany, 31 participants named the ”executive board”,
18 participants ”supply chain management”, and 5
participants ”logistics”. Whilst 5 participants chose
”other sections”, 10 did not specify at all. Half of the
participants do not prioritise risks, 57% do not even
have a system for the categorisation of risks, all of
which is depicted Figure 7.
Figure 7: Function in charge of risk management.
To set up a priority hierarchy of risks relevant to
global manufacturing processes, we asked the com-
panies to rank their top 3 risks. Figure 8 shows qual-
ity risks (products that cannot fulfil quality require-
ments), supply risks (constraints on the volume and
the delays required by the clients), and risks related
demands (which are directly related to procurement).
Considering procurement processes (before man-
ufacturing) more specifically, Figure 9 shows a simi-
Figure 8: Risk prioritisation in global process.
lar top 3 risks, with procurement risks logically rank-
ing first. Other risks that intervene, though to a lesser
extent, are economical risks (e.g. bankruptcy of a
supplier), political risks (related to the political sit-
uation of a country or region), transport risks (possi-
bility of losses or delays in conveyance) and storage
risks (losses or stocking degradation).
Figure 9: Risk prioritisation for procurement process.
6 EXISTING AND DESIRED
TOOLS
The survey reveals that the majority of SMEs do not
have any kind of risk management tool or, more pre-
cisely, that they rely on standard office tools, like
spreadsheets. Barely 10% of companies have dedi-
cated tools for risk management.
Regarding the risks that require more support, Fig-
ure 10 shows the same top 3 as those identified in the
previous section, which is quite consistent with the
importance of those risks. Over 50% chose quality
risk and demand risk, while over 80% do not see the
benefit in receiving support in assessing political and
warehousing risks.
Figure 10: Tool support by risk categories.
A more detailed correlation analysis (Pearson r)
was carried out in order to check the significance lev-
els (p) of the SME’s characteristics on the current
tools used and in order to identify areas that need bet-
SIMULTECH 2016 - 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications
330
ter tooling. The number of answers (N) is given after
each item.
The support of assessing and simulating external
effects and risks (Pearson r=0.429**) is very im-
portant (p=0.007) according to the position in the
supply chain (N=38).
The importance and impact of warehouse risks
(Pearson r=0.328**) is significantly correlated
(p=0.005) to the risk management (N=70).
The professional experience is correlated (Pear-
son r=0.766*) significantly (p=0.045) with less
expenditure regarding software usability (N=7).
In addition to the survey questions, companies could
provide further requirements through comments or
via their involvement in the user committee. The re-
quirements were sorted according to software engi-
neering criteria (Sommerville, 2011). First, the func-
tional requirements were evaluated (table 2).
Table 2: Functional requirements.
Recorded risks Usability Supported methods
Internal and exter-
nal (Suppliers)
Clear interface quantitative and
qualitative
Status production
line (machine
downtime)
Indication and Cor-
rection of input er-
rors
Decision support
Material accounting Partially-automated
analysis
Scenario analysis
Failure according
production volume
prioritisation of
risks
Definition of Key
Performance Indi-
cators
Summarising the functional requirements, the
user wishes for a tool to support risk management ac-
tivities. The tool should provide qualitative and quan-
titative RM approaches and recommendations for risk
treatment. The input time interval should be as short
as possible and very simple. With regards to an
industrial application of the tool we gathered non-
functional requirements as well (see table 3).
Table 3: Non-Functional requirements.
Integration Others
rapid alert system Confidentiality (protect com-
pany data)
Solution Center (AV, Prod,
technology)
Collaboration (sharing analy-
sis)
Traceability of measures (ini-
tiation and pursuance)
Partially-automated analysis
Interface supplier ratios (SAP,
Oracle)
Prioritisation of risks
Non-functional requirements are summarised in
Table 3. They do not need to be fully integrated into
the tool in the short term, but they will help create an
efficient and standard application method for industry.
7 CONCLUSIONS AND NEXT
STEPS
Based on this enquiry and its recommendations, the
SimQRi project is currently developing a tool proto-
type, which will allow for assessments to be made of
the impact of different risks. The next steps should
provide the following functionalities:
A simplified model of procurement and manufac-
turing processes that is based on a web-graphical
editor. This interface should be designed with us-
ability and ease of installation in mind and it will
fully operate in ”Software as a Service” mode.
This will support collaborative work, however it
could result in some threats and barriers occur-
ring as a result of confidentiality requirements.
In order to address the needs of more advanced
users and their confidentiality, a desktop-based in-
terface relying on Eclipse has been planned as a
second phase.
An efficient discrete-event simulation based on
Monte Carlo methods with the inference of prob-
ability distributions for different types of risks.
This work is relying on the OscaR library (OscaR,
2012). A version of the simulation engine has al-
ready been produced and benchmarked on small
scale examples (De Landtsheer et al., 2016).
Support for the risk analysis process, starting with
risk identification, and also the elaboration of a
risk-oriented model that can be simulated using
the Monte-Carlo simulation. During the simula-
tion, specific probes are used to compute risk re-
lated queries into the model in a statistical way.
The simulation results can be analysed in direct
relation to the risks, all of which is presented on
a dashboard. The effects of specific measures can
then be considered and simulated again in order to
control the significant risks.
The current prototype is depicted in Figure 11. Its
interface is structured across different tabs, which
clearly show the risk management process: edition,
risk identification, simulation and analysis.
ACKNOWLEDGEMENTS
This research was conducted as part of the SimQRi
research project (ERA-NET CORNET, Grant Nr.
1318172). The CORNET promotion plan of the Re-
search Community for Management Cybernetics e.V.
(IfU) is funded by the German Federation of Indus-
trial Research Associations (AiF) based on an enact-
ment of the German Bundestag.
A Survey on Risk-management and Tooling Support for Procurement Processes in Supply Chains
331
Figure 11: Current prototype.
REFERENCES
Blackhurst, J. V., Scheibe, K. P., and Johnson, D. J. (2008).
Supplier risk assessment and monitoring for the auto-
motive industrynull. Int. Journal of Physical Distri-
bution & Logistics Management, 38(2):143–165.
Chopra, S. and Sodhi, M. S. (2004). Managing Risk To
Avoid Supply-Chain Breakdown - By understanding
the variety and interconnectedness of supply-chain
risks, managers can tailor balanced, effective risk-
reduction strategies for their companies. MIT Sloan
management review., 46(1):53.
De Landtsheer, R., Ospina, G., Massonet, P., Ponsard, C.,
Printz, S., H
¨
artel, L., and von Cube, J. P. (2016). A
Discrete Event Simulation Approach for Quantifying
Risks in Manufacturing Processes. In International
Conference on Operations Research and Enterprise
Systems (ICORES16), Rome.
Heckmann, I., Comes, T., and Nickel, S. (2015). A critical
review on supply chain risk Definition, measure and
modeling. Omega, 52:119–132.
ISO (2009). DIN ISO 31000 : Risk management - Risk
Assessment Techniques.
Mangla, S. K., Kumar, P., and Barua, M. K. (2015). Pri-
oritizing the responses to manage risks in green sup-
ply chain: An Indian plastic manufacturer perspective.
Sustainable Production and Consumption, 1:67–86.
Manuj, I. and Mentzer, J. T. (2008). Global supply chain
risk management strategies. International Journal
of Physical Distribution & Logistics Management,
38(3):192–223.
McNeil, A. J., Frey, R., and Embrechts, P. (2005). Quantita-
tive risk management: concepts, techniques and tools.
Princeton series in finance. Univ. Press, Princeton, NJ.
Oke, A. and Gopalakrishnan, M. (2009). Managing disrup-
tions in supply chains: A case study of a retail sup-
ply chain. International Journal of Production Eco-
nomics, 118(1):168–174.
OscaR (2012). OscaR: Scala in OR.
https://bitbucket.org/oscarlib/oscar.
Printz, S., von Cube, J. P., and Massonet, P. (2014). SimQRi
- Simulative quantification of procurement induced
risk consequences and treatment impact in complex
process chains. http://www.simqri.com.
Printz, S., von Cube, J. P., Vossen, R., Schmitt, R.,
and Jeschke, S. (2015). Ein kybernetisches modell
beschaffungsinduzierter st
¨
org
¨
oßen. In Exploring Cy-
bernetics - Kybernetik im interdisziplinren Diskurs.
Springer Spektrum.
Punniyamoorthy, M., Thamaraiselvan, N., and Manikan-
dan, L. (2013). Assessment of supply chain risk: scale
development and validation. Benchmarking: An Inter-
national Journal, 20(1):79–105.
Sodhi, M. S. and Lee, S. (2007). An analysis of sources of
risk in the consumer electronics industry. Journal of
the Operational Research Society, 58(11):1430–1439.
Sodhi, M. S. and Tang, C. S. (2012). Managing Supply
Chain Risk, volume 172 of International Series in Op-
erations Research & Management Science. Springer
US, Boston, MA.
Sommerville, I. (2011). Software engineering. Pearson,
Boston.
Thun, J.-H. and Hoenig, D. (2011). An empirical analysis
of supply chain risk management in the German auto-
motive industry. International Journal of Production
Economics, 131(1):242–249.
Wieland, A. and Wallenburg, C. M. (2012). Dealing with
supply chain risks: Linking risk management prac-
tices and strategies to performance. International
Journal of Physical Distribution & Logistics Manage-
ment, 42(10):887–905.
Ziegenbein, A. (2006). Supply chain risk assessment:
a quantitative approach. ETH-Zentrum f
¨
ur Un-
ternehmenswissenschaften, Z
¨
urich.
SIMULTECH 2016 - 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications
332