A Survey on Risk-management and Tooling Support

for Procurement Processes in Supply Chains

Stephan Printz

, Johann Philipp von Cube

, Christophe Ponsard

, Renaud De Landtsheer

Gustavo Ospina

, Philippe Massonet

, Robert Schmitt

and Sabina Jeschke

Institute for Management Cybernetics (IfU), RWTH Aachen University, Aachen, Germany

Fraunhofer Institute for Production Technology (IPT), Aachen, Germany

CETIC Research Centre, Charleroi, Belgium

Keywords:

Discrete Event Simulation, Manufacturing, Supply Chain, Procurement Risks, Risk Management.

Abstract:

Managing risks in supply chains is challenging for most companies given that the globalisation process is

strengthening production constraints and also introducing more procurements risks. This is difﬁcult for smaller

companies in particular as they lack the resources necessary to develop speciﬁc expertise or buy expensive

tools. Our research aims to address these issues by proposing an easy to use, yet powerful, tool-supported

methodology. As a ﬁrst step, we conducted a survey of the relevant industries, which were mostly based in

Germany and Belgium. The goal of the survey was to assess the current state of risk management practices

and identify the associated requirements speciﬁc to our SME target. This paper presents the outcomes of our

survey based on the results collected from a representative sample of 70 participating companies. These results

yield interesting observations regarding the characterisation of the people in charge of risk management, their

perception of the importance of risk categories, the current ways to manage these risks and the tooling used.

We also collected several recommendations for how tools could better support risk assessment and drive the

rest of our research.

1 INTRODUCTION

Supply chain risk management (SCRM) is the imple-

mentation of strategies in order to manage both ev-

eryday and exceptional risks throughout the supply

chain. This will be achieved by continuously carrying

out risk assessments with the objective being to re-

duce the number of vulnerabilities, thus ensuring con-

tinuity (Wieland and Wallenburg, 2012). Such risks

can occur for several reasons, both externally (pro-

curement risks of geographic, political, social nature,

etc.) and internally (machine reliability, nature of spe-

ciﬁc operations, etc.). The Risk management (RM) is

performed by either qualitative or quantitative mod-

els (Printz et al., 2015). In terms of legal require-

ments and reporting issues, quantitative risk models

are used. An accepted standard of quantitative risk

management is the Value at Risk (VaR) standard com-

bined with the Monte Carlo Simulation, which are

then adapted according to their application (McNeil

et al., 2005)

Helping company managers make the right deci-

Figure 1: Risk management process according (ISO, 2009).

sions in the face of risks is not an easy task. Small

and medium enterprises (SMEs) are particularly chal-

lenged because they have limited resources to devote

to this task, despite the fact that failing to address such

risks could dramatically affect their business. The

ultimate goal of our research is to produce a user-

friendly, tool-supported methodology that will guide

the user through the whole process of risk assessment,

as shown in Figure 1.

Initially, it was important to fully characterise

Printz, S., Cube, J., Ponsard, C., Landtsheer, R., Ospina, G., Massonet, P., Schmitt, R. and Jeschke, S.

A Survey on Risk-management and Tooling Support for Procurement Processes in Supply Chains.

DOI: 10.5220/0006010903270332

In Proceedings of the 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications (SIMULTECH 2016), pages 327-332

ISBN: 978-989-758-199-1

327

the current practices of SMEs with respect to supply

chain risks:

• What are the risks perceived by companies ?

• How do they rank them in terms of importance,

taking into account both likelihood and impact ?

• How do they manage such risks in terms of people

and tools ?

• What do they require of methods and tools in or-

der to integrate them into their business?

The paper is structured as follows: section 2 pro-

vides an overview regarding risk classiﬁcation and

risk management methods, Section 3 presents the

survey process, Section 4 provides an overview of

the main characteristics of the participating compa-

nies, Section 5 considers speciﬁc procurement as-

pects, Section 6 describes risk perception, Section 7

looks at the current tools and collects the require-

ments necessary for better tool support. Finally sec-

tion 8 concludes with an answer to the identiﬁed

SMEs needs.

2 LITERATURE REVIEW

According to ISO 31000, risk is deﬁned as the im-

pact on uncertainty to objectives (ISO, 2009). The ob-

jectives to be assessed are, for instance, strategic, or-

ganisational, and related to projects, products or pro-

cesses. However, Heckmann pointed out that there

is no common deﬁnition of SCRM (Heckmann et al.,

2015). This literature review provides an overview

of several classes of risks. In order to reduce com-

plexity, an aggregation of three risk classes was per-

formed, which considers the transportation and ware-

house risks in the context of manufacturing. Quantity

risks are related to how a lack or excess of materi-

als (from raw materials to produces) can affect the

manufacturing process. Quality risks are related to

the good or bad conditioning of materials as well as

the respect of speciﬁcations for internal quality. Fi-

nally, Delay risks concern the time aspects, especially

for the supplying of materials, the processing time

and the transport from/to warehouses. Those classes

are shown in Table 1, and they are widely reported

in the literature (Blackhurst et al., 2008; Chopra and

Sodhi, 2004; Mangla et al., 2015; Manuj and Mentzer,

2008; Oke and Gopalakrishnan, 2009; Punniyamoor-

thy et al., 2013; Sodhi and Lee, 2007; Sodhi and Tang,

2012; Thun and Hoenig, 2011).

The quantitative assessment of supply chain risks

is evaluated using the probability of risk and its ex-

pected impact. For instance, Ziegenbein extended

the approach to the number of suppliers and interrup-

tion time. However, this approach is a mathemati-

cal model. There is no connection to the process and

value added chain (Ziegenbein, 2006).

Table 1: Risk classiﬁcation.

Risk class Deﬁnition Root cause

Quantity risks leading to de-

viations in the dis-

posed quantity

insolvency, storage, order cy-

cle, sourcing strategy, sup-

plier, order strategy

Quality risks regarding the

quality of supplied

goods

processing, sourcing strategy,

supplier, logistics

Delay risks causing

unscheduled devia-

tions

processing, logistics, delivery

time, transportation capacity,

number of brokers / transfer

points

3 SURVEY PROCESS

The survey was carried out between October 2014 and

mid-2015. It was based on a trilingual form (French,

German, English) that was distributed to companies in

Wallonia and Germany via different communication

channels, such as dedicated mailing lists and social

networks. The geographical factors were determined

by the collaborative SimQRi project, which involved

different industrial partners and focused on risk as-

sessment (Printz et al., 2014).

The survey was composed of about 40 questions

in total and had different sections: one to understand

the company size and business, one to understand the

importance of the procurement process, another to

identify the current way in which risks are managed,

and ﬁnally one to determine the requirements neces-

sary for better tool support. Figure 2 illustrates a typi-

cal question, designed to be simple to understand and

answer. The indicative time needed to answer the sur-

vey is about 15 minutes. The survey was available

through a dedicated website for surveys.

Figure 2: Example of question.

SIMULTECH 2016 - 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications

328

4 CHARACTERISATION OF

PARTICIPATING COMPANIES

Around 70 companies answered the invitation and de-

spite their answers being anonymous, we were able to

record the contact data of the companies interested

in following the project and wanting to get more in-

volved in the process through a user committee. The

initial user committee was also the ﬁrst target group

used to ﬁne-tune the survey before it was released to

a wider audience. The average age of the participants

was 44.84 years, 9 were female and 61 male. The av-

erage number of years of professional experience in

the sector of risk management was 15.12.

Figure 3: Main characteristics of participating companies.

A global overview of the whole sample is depicted

in Figure 3. The number of participating companies

was balanced between Belgium and Germany (given

the size of the activity sectors in both countries). A

great variety of manufacturing industrial sectors were

covered, with no predominance of any speciﬁc sector.

The majority of the companies were medium-sized

(between 50 and 250 employees), though Walloon

companies tended to be smaller, which corresponds

well to their economic make-up. About one third (26

participants) had a position associated with risk man-

agement, 21 participants are not compelled to carry

Figure 4: Sectors represented in the survey.

Figure 5: Size and turnover of the participating companies.

out risk management but do so anyway, 13 partici-

pants have a little experience with risk management

but are interested, and 5 participants have no experi-

ence with risk management at all.

The main sectors of activities are shown in Fig-

ure 4. The automotive industry (10%) and ma-

chine construction (10%) are leading, followed by

electric/electronic industry (8,6%), chemistry/plastics

(8,6%) and the metal production/working (4,2%).

Other sectors are less represented. Over 58 of the

companies participating are located in Germany, ﬁve

in Belgium, one in the Netherlands, and three are from

other countries in the European Union (EU). Three

other companies are located outside of the EU. Glob-

ally this is consistent with the survey area and relative

importance of the sectors within that area.

The size and turnover results present quite a simi-

lar proﬁle, as shown in Figure 5. Less than four com-

panies have fewer than 50 employees (”small” size),

25 companies have up to 250 employees (”medium”

size) and 13 companies are over 250 employees.

Finally, in regards to procurement risks more

speciﬁcally, for the most part the participating compa-

nies were manufacturers of ﬁnal products (60% of an-

swers), however there was also a signiﬁcant number

of part assembly companies (25%), as well part sup-

pliers (15%), though to a lesser extent. With respect

to the number of suppliers for each company, Figure

6 shows the average of suppliers is quite high. Inter-

A Survey on Risk-management and Tooling Support for Procurement Processes in Supply Chains

329

Figure 6: Distribution of the number of suppliers.

estingly, there were as many companies present with

fewer than 100 suppliers, as companies with more

than 100 suppliers. This calls for methods and tools

able to manage an important supplier base.

5 RISK MANAGEMENT

Asked where risk management takes place in the com-

pany, 31 participants named the ”executive board”,

18 participants ”supply chain management”, and 5

participants ”logistics”. Whilst 5 participants chose

”other sections”, 10 did not specify at all. Half of the

participants do not prioritise risks, 57% do not even

have a system for the categorisation of risks, all of

which is depicted Figure 7.

Figure 7: Function in charge of risk management.

To set up a priority hierarchy of risks relevant to

global manufacturing processes, we asked the com-

panies to rank their top 3 risks. Figure 8 shows qual-

ity risks (products that cannot fulﬁl quality require-

ments), supply risks (constraints on the volume and

the delays required by the clients), and risks related

demands (which are directly related to procurement).

Considering procurement processes (before man-

ufacturing) more speciﬁcally, Figure 9 shows a simi-

Figure 8: Risk prioritisation in global process.

lar top 3 risks, with procurement risks logically rank-

ing ﬁrst. Other risks that intervene, though to a lesser

extent, are economical risks (e.g. bankruptcy of a

supplier), political risks (related to the political sit-

uation of a country or region), transport risks (possi-

bility of losses or delays in conveyance) and storage

risks (losses or stocking degradation).

Figure 9: Risk prioritisation for procurement process.

6 EXISTING AND DESIRED

TOOLS

The survey reveals that the majority of SMEs do not

have any kind of risk management tool or, more pre-

cisely, that they rely on standard ofﬁce tools, like

spreadsheets. Barely 10% of companies have dedi-

cated tools for risk management.

Regarding the risks that require more support, Fig-

ure 10 shows the same top 3 as those identiﬁed in the

previous section, which is quite consistent with the

importance of those risks. Over 50% chose quality

risk and demand risk, while over 80% do not see the

beneﬁt in receiving support in assessing political and

warehousing risks.

Figure 10: Tool support by risk categories.

A more detailed correlation analysis (Pearson r)

was carried out in order to check the signiﬁcance lev-

els (p) of the SME’s characteristics on the current

tools used and in order to identify areas that need bet-

SIMULTECH 2016 - 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications

330

ter tooling. The number of answers (N) is given after

each item.

• The support of assessing and simulating external

effects and risks (Pearson r=0.429**) is very im-

portant (p=0.007) according to the position in the

supply chain (N=38).

• The importance and impact of warehouse risks

(Pearson r=0.328**) is signiﬁcantly correlated

(p=0.005) to the risk management (N=70).

• The professional experience is correlated (Pear-

son r=0.766*) signiﬁcantly (p=0.045) with less

expenditure regarding software usability (N=7).

In addition to the survey questions, companies could

provide further requirements through comments or

via their involvement in the user committee. The re-

quirements were sorted according to software engi-

neering criteria (Sommerville, 2011). First, the func-

tional requirements were evaluated (table 2).

Table 2: Functional requirements.

Recorded risks Usability Supported methods

Internal and exter-

nal (Suppliers)

Clear interface quantitative and

qualitative

Status production

line (machine

downtime)

Indication and Cor-

rection of input er-

rors

Decision support

Material accounting Partially-automated

analysis

Scenario analysis

Failure according

production volume

prioritisation of

risks

Deﬁnition of Key

Performance Indi-

cators

Summarising the functional requirements, the

user wishes for a tool to support risk management ac-

tivities. The tool should provide qualitative and quan-

titative RM approaches and recommendations for risk

treatment. The input time interval should be as short

as possible and very simple. With regards to an

industrial application of the tool we gathered non-

functional requirements as well (see table 3).

Table 3: Non-Functional requirements.

Integration Others

rapid alert system Conﬁdentiality (protect com-

pany data)

Solution Center (AV, Prod,

technology)

Collaboration (sharing analy-

sis)

Traceability of measures (ini-

tiation and pursuance)

Partially-automated analysis

Interface supplier ratios (SAP,

Oracle)

Prioritisation of risks

Non-functional requirements are summarised in

Table 3. They do not need to be fully integrated into

the tool in the short term, but they will help create an

efﬁcient and standard application method for industry.

7 CONCLUSIONS AND NEXT

STEPS

Based on this enquiry and its recommendations, the

SimQRi project is currently developing a tool proto-

type, which will allow for assessments to be made of

the impact of different risks. The next steps should

provide the following functionalities:

• A simpliﬁed model of procurement and manufac-

turing processes that is based on a web-graphical

editor. This interface should be designed with us-

ability and ease of installation in mind and it will

fully operate in ”Software as a Service” mode.

This will support collaborative work, however it

could result in some threats and barriers occur-

ring as a result of conﬁdentiality requirements.

In order to address the needs of more advanced

users and their conﬁdentiality, a desktop-based in-

terface relying on Eclipse has been planned as a

second phase.

• An efﬁcient discrete-event simulation based on

Monte Carlo methods with the inference of prob-

ability distributions for different types of risks.

This work is relying on the OscaR library (OscaR,

2012). A version of the simulation engine has al-

ready been produced and benchmarked on small

scale examples (De Landtsheer et al., 2016).

• Support for the risk analysis process, starting with

risk identiﬁcation, and also the elaboration of a

risk-oriented model that can be simulated using

the Monte-Carlo simulation. During the simula-

tion, speciﬁc probes are used to compute risk re-

lated queries into the model in a statistical way.

The simulation results can be analysed in direct

relation to the risks, all of which is presented on

a dashboard. The effects of speciﬁc measures can

then be considered and simulated again in order to

control the signiﬁcant risks.

The current prototype is depicted in Figure 11. Its

interface is structured across different tabs, which

clearly show the risk management process: edition,

risk identiﬁcation, simulation and analysis.

ACKNOWLEDGEMENTS

This research was conducted as part of the SimQRi

research project (ERA-NET CORNET, Grant Nr.

1318172). The CORNET promotion plan of the Re-

search Community for Management Cybernetics e.V.

(IfU) is funded by the German Federation of Indus-

trial Research Associations (AiF) based on an enact-

ment of the German Bundestag.

A Survey on Risk-management and Tooling Support for Procurement Processes in Supply Chains

331

Figure 11: Current prototype.

REFERENCES

Blackhurst, J. V., Scheibe, K. P., and Johnson, D. J. (2008).

Supplier risk assessment and monitoring for the auto-

motive industrynull. Int. Journal of Physical Distri-

bution & Logistics Management, 38(2):143–165.

Chopra, S. and Sodhi, M. S. (2004). Managing Risk To

Avoid Supply-Chain Breakdown - By understanding

the variety and interconnectedness of supply-chain

risks, managers can tailor balanced, effective risk-

reduction strategies for their companies. MIT Sloan

management review., 46(1):53.

De Landtsheer, R., Ospina, G., Massonet, P., Ponsard, C.,

Printz, S., H

artel, L., and von Cube, J. P. (2016). A

Discrete Event Simulation Approach for Quantifying

Risks in Manufacturing Processes. In International

Conference on Operations Research and Enterprise

Systems (ICORES16), Rome.

Heckmann, I., Comes, T., and Nickel, S. (2015). A critical

review on supply chain risk Deﬁnition, measure and

modeling. Omega, 52:119–132.

ISO (2009). DIN ISO 31000 : Risk management - Risk

Assessment Techniques.

Mangla, S. K., Kumar, P., and Barua, M. K. (2015). Pri-

oritizing the responses to manage risks in green sup-

ply chain: An Indian plastic manufacturer perspective.

Sustainable Production and Consumption, 1:67–86.

Manuj, I. and Mentzer, J. T. (2008). Global supply chain

risk management strategies. International Journal

of Physical Distribution & Logistics Management,

38(3):192–223.

McNeil, A. J., Frey, R., and Embrechts, P. (2005). Quantita-

tive risk management: concepts, techniques and tools.

Princeton series in ﬁnance. Univ. Press, Princeton, NJ.

Oke, A. and Gopalakrishnan, M. (2009). Managing disrup-

tions in supply chains: A case study of a retail sup-

ply chain. International Journal of Production Eco-

nomics, 118(1):168–174.

OscaR (2012). OscaR: Scala in OR.

https://bitbucket.org/oscarlib/oscar.

Printz, S., von Cube, J. P., and Massonet, P. (2014). SimQRi

- Simulative quantiﬁcation of procurement induced

risk consequences and treatment impact in complex

process chains. http://www.simqri.com.

Printz, S., von Cube, J. P., Vossen, R., Schmitt, R.,

and Jeschke, S. (2015). Ein kybernetisches modell

beschaffungsinduzierter st

org

oßen. In Exploring Cy-

bernetics - Kybernetik im interdisziplinren Diskurs.

Springer Spektrum.

Punniyamoorthy, M., Thamaraiselvan, N., and Manikan-

dan, L. (2013). Assessment of supply chain risk: scale

development and validation. Benchmarking: An Inter-

national Journal, 20(1):79–105.

Sodhi, M. S. and Lee, S. (2007). An analysis of sources of

risk in the consumer electronics industry. Journal of

the Operational Research Society, 58(11):1430–1439.

Sodhi, M. S. and Tang, C. S. (2012). Managing Supply

Chain Risk, volume 172 of International Series in Op-

erations Research & Management Science. Springer

US, Boston, MA.

Sommerville, I. (2011). Software engineering. Pearson,

Boston.

Thun, J.-H. and Hoenig, D. (2011). An empirical analysis

of supply chain risk management in the German auto-

motive industry. International Journal of Production

Economics, 131(1):242–249.

Wieland, A. and Wallenburg, C. M. (2012). Dealing with

supply chain risks: Linking risk management prac-

tices and strategies to performance. International

Journal of Physical Distribution & Logistics Manage-

ment, 42(10):887–905.

Ziegenbein, A. (2006). Supply chain risk assessment:

a quantitative approach. ETH-Zentrum f

ur Un-

ternehmenswissenschaften, Z

urich.

SIMULTECH 2016 - 6th International Conference on Simulation and Modeling Methodologies, Technologies and Applications

332