International Journal of Production Research

ISSN: 0020-7543 (Print) 1366-588X (Online) Journal homepage: http://www.tandfonline.com/loi/tprs20

Supply chain risk modelling and mitigation

Faisal Aqlan & Sarah S. Lam

To cite this article: Faisal Aqlan & Sarah S. Lam (2015) Supply chain risk modelling
and mitigation, International Journal of Production Research, 53:18, 5640-5656, DOI:
10.1080/00207543.2015.1047975

To link to this article: https://doi.org/10.1080/00207543.2015.1047975

Published online: 26 May 2015.

Submit your article to this journal

Article views: 1786

View Crossmark data

Citing articles: 27 View citing articles

Full Terms & Conditions of access and use can be found at

http://www.tandfonline.com/action/journalInformation?journalCode=tprs20
International Journal of Production Research, 2015
Vol. 53, No. 18, 5640–5656, http://dx.doi.org/10.1080/00207543.2015.1047975

Supply chain risk modelling and mitigation

Faisal Aqlana* and Sarah S. Lamb
a
Department of Industrial Engineering, The Behrend College, Pennsylvania State University, Erie, PA, USA; bDepartment of Systems
Science and Industrial Engineering, State University of New York at Binghamton, Binghamton, NY, USA
(Received 26 September 2014; accepted 14 April 2015)

In today’s global competitive environment, supply chains are more susceptible to vulnerability due to the increasing
occurrence of internal and external risk events. In addition, the trend associated with lean management, which involves
reducing inventory, leads to more dependency of supply chain partners on each other which exacerbates risk exposure of
companies in the supply chain. This creates the need for more effective management of supply chain risks. In this
research, a methodology based on Bow-Tie analysis and optimisation techniques is proposed to quantify and mitigate
supply chain risks. The proposed methodology takes into consideration risk interconnections, and it identifies the best
combination of mitigation strategies under budget constraints. A real case study from a high-end server manufacturing
environment is presented. Results from the case study showed that the proposed methodology for risk modelling and
mitigation can effectively be used to quantify the risks and achieve the required risk reduction at minimum cost while
considering risk correlations.
Keyword: supply chain risk management (SCRM); risk modelling; risk mitigation matrix (RMM); Bow-Tie analysis;
server manufacturing

1. Introduction
Supply chains are more susceptible to vulnerability and risks than before due to several factors including: (1) globalisa-
tion of sourcing, production and sales, (2) increased complexity and competitiveness and (3) occurrence of internal and
external risk events such as material shortages and natural disasters. In addition, the trend associated with lean manage-
ment, which involves reducing inventory, leads to more dependency of supply chain partners on each other which
exacerbates risk exposure for companies in the supply chain. The key drivers for supply chain profitability are respon-
siveness, efficiency and reliability (Hendricks and Singhal 2005). To maintain their profitability, supply chains must be
able to quickly respond to external and internal risk events and keep their businesses efficient and dynamic. Further-
more, supply chains have to be resilient to unexpected catastrophic events. This, however, requires a deep understanding
of supply chain risks and how to manage them.
What makes risk management challenging is that today’s climate is rapidly changing and the time frames of deci-
sion-making are getting smaller. Supply chain risk occurs because of the uncertainty about the future that unexpected,
risky event may occur and affect the supply chain operations (Waters 2007). Supply chain risk management (SCRM) is
an important part of supply chain management because the risks can cause unanticipated changes of material flow in the
supply chain. SCRM is a systematic approach for identifying, assessing, mitigating, and monitoring potential disruptions
in the supply chain in order to reduce negative impact of these disruptions on supply chain operations. According to
Blackhurst and Wu (2009), most of the definitions of SCRM include the following activities: risk identification and
modelling, risk analysis, assessment and impact measurement, risk management, risk monitoring and evaluation,
organisational and personal learning including knowledge transfer. Most of the risk literatures define the risk as:
Riski ¼ Pi  Li (1)
where Riski is the risk caused by the ith risk event, Pi is the probability of occurrence of the ith risk event, and Li is the
impact of the ith risk event. The probability of occurrence of the risk event can be estimated while considering all the
factors that contribute to the risk events. Historical data and experts’ knowledge can also be used to estimate these
probabilities. Furthermore, simulation and modelling techniques can be utilised in this case. The impact of the risk event
can be estimated using historical records, experts’ knowledge, and/or simulation techniques. In addition to the two main

*Corresponding author. Email: fua11@psu.edu

© 2015 Taylor & Francis

 International Journal of Production Research 5641

risk parameters, probability of occurrence and risk impact, other risk parameters should also be considered for effective
risk management. These parameters include risk interactions, frequency of occurrence, risk predictability, risk duration
and risk type. The risk parameters are shown in Figure 1. Risks are often interconnected which may exacerbate some
risks when mitigation strategies of other risks are implemented. Traditional risk management plans may fail because
they do not consider interconnections among risks and are not comprehensive (IBM Governance and Risk Management
2007). Risk management should be able to identify, measure and prioritise the different risks in the supply chain,
develop proper mitigation strategies, and monitor and control these risks. According to Chopra and Sodhi (2004), there
is no silver bullet strategy to protect organisational supply chains against risks and managers need to choose the proper
mitigation strategy for each risk. Mitigation strategies can be divided into four main categories (Zsidisin and Ritchie
2009): (1) eliminate the risk, (2) reduce the frequency and consequences of the risk, (3) transfer the risk by means of
insurance and sharing and (4) accept the risk. Managers typically choose the proper mitigation strategies based on sev-
eral factors such as nature of the risk, origin of the risk, company’s resources, etc. Other mitigation strategies include
the following: ignoring the risks and risk exploit. The different mitigation strategies along with a description of each
strategy are shown in Table 1. Supply chain risk modelling is an important step to develop quantitative measures for the
risks so that they can be effectively compared and prioritised. Furthermore, modelling is used to identify the proper
mitigation strategies for the risks and provide a way to monitor and control the risks. This research addresses the
problem of quantifying supply chain risks and identifying proper mitigation strategies for the risks. Furthermore, risk
interconnections are considered to avoid increasing the level of some risks when other risks are mitigated.
The rest of this study is organised as follows: Section 2 discusses literature related to risk modelling and mitigation.
Section 3 presents the proposed methodology for supply chain risk mitigation. Section 4 discusses the application of the
proposed methodology for risk mitigation in a high-end server manufacturing environment. Finally, conclusions and
future work are presented in Section 5.

2. Literature review
The management of supply chain risks has emerged as an important area of research in the field of supply chain man-
agement. Furthermore, companies and professionals are paying more attention to risk management due to the increasing
occurrence of risk events and their impact to supply chains. Different frameworks have been proposed in the literature
for risk management and mitigation. For example, Wakolbinger and Cruz (2011) proposed a framework that captures
the effects of information management and risk-sharing contracts in supply chain networks. Analysis and mitigation of
risks in a food supply chain were discussed in Diabat, Govindan, and Panicker (2012). Chen, Sohal, and Prajogo (2013)
presented a collaborative approach for mitigation supply chain operational risks and focused on supply risks, demand

Figure 1. Supply chain risk parameters.

5642 F. Aqlan and S.S. Lam

Table 1. Mitigation strategies for supply chain risks.

Risk response
strategy Description

Risk avoidance • Completely avoid the risk by eliminating its root causes and/or consequences (residual risk is zero)
• Should precede risk reduction (Kleindorfer and Saad 2005)
• Suitable when risk has high probability and high impact
• Risks are critical and can stop the business
• May involve changing method of operation, plan or redesigning the supply chain (Deshmukh 2007)
Risk reduction • Risk is reduced but not eliminated (residual risk exists)
• Suitable when risk has high probability and low impact
• Operational risks and day-to-day issues
• Example of risk reduction techniques include as follows: redundancy, more quality tests, better tools,
operator training, etc.
Risk transfer • Risk is transferred to another party (residual risk may exist)
• Suitable when risk has low probability and high impact
• Disruption risks such as natural disasters and terrorist attacks
• Common methods include insurance and contracts
Risk acceptance • Residual risk is the same as before (Deshmukh 2007)
• Suitable when risk has low probability and low impact
• Cost of avoiding/reducing/transferring the risk is much higher than its expected impact
• Contingency plans can be developed to handle this type of risks (Deshmukh 2007)
Ignoring risk • Risks are ignored and not identified or studied
• Can be confused with risk acceptance which identify and analyse the risk but does nothing for response
• Risks are assumed to have very low probability and very low impact
• Ignoring risk can represent a risk
Risk exploit • Can be assumed as opposite to ‘Avoid’
• Risk impact is positive

risks and process risks. Tse and Tan (2011) proposed a framework for product quality risk and visibility assessment.
The study argues that better visibility of risk in supply tiers could minimise quality risks. However, these studies do not
consider risk factors (or root causes) and risk interconnections when risks are calculated.
Supply chain risk modelling is an important topic that needs more investigation due to the fact that having quantita-
tive measures for the risks enables companies to assess and prioritise the risks and develop proper mitigation plans.
Modelling approaches of supply chain risks can be divided into: (1) qualitative models, (2) quantitative models and (3)
hybrid models that incorporate qualitative and quantities techniques. Qualitative models are widely used for supply
chain risk analysis due to the lack of risk data. Furthermore, qualitative techniques are easy to use and allow for faster
identification of potential risks and their impacts. Qualitative techniques can include surveys, cause and effect analysis,
failure mode and effect analysis (FMEA), and benchmarking. Qualitative techniques are mostly used for risk identifica-
tion and risk analysis. Raj Sinha, Whitman, and Malzahn (2004) proposed a theoretical framework that used FMEA for
analysing supply chain risks in the aerospace industry. An empirical analysis of supply chain risks in the automotive
industry was also discussed (Thun and Hoenig 2011). Quantitative models can be classified into two main categories:
simulation models and analytical models. Simulation can be an effective and ideal tool to visualise supply chain risks. It
is used to deal with the stochastic natures existing in supply chains and the risk uncertainties. Simulation modelling
techniques that are commonly used to study supply chain risks include discrete–event simulation (DES), agent-based
simulation (ABS) or multi-agent-based simulation, system dynamics (SD), Monte Carlo simulation and Petri nets. The
use of DES and Monte Carlo simulation to quantify supply chain disruption risks was discussed in Schmitt (2009).
Carvalho et al. (2012) used DES to study the supply chain risks in an automotive three-echelon supply chain. ABS has
real-time adaptability and learning capability that can be utilised to develop a more efficient response to the risk.
Giannakis and Louis (2011) proposed a framework based on ABS for disruptions management and risk mitigation in
manufacturing supply chains. According to Mele et al. (2007), ABS is suitable for modelling supply chains that are
either working under uncertain environments or driven by pull strategies. Comparison of two mitigation strategies for
 International Journal of Production Research 5643

Figure 2. Proposed methodology for supply chain risk modelling and mitigation.

Figure 3. Bow-Tie analysis of supply chain risks.

supply risks based on ABS was discussed in Sirivunnabood and Kumara (2009). SD, which is a system simulation
method, can also be used to analyse risks in the supply chain. Sidola, Kumar, and Kumar (2011) used SD to analyse
risks in a four-echelon supply chain. Petri nets, which can be effective modelling and automated analysis tools, were
used by some researchers to analyse supply chain risks. Tuncel and Alpan (2010) analysed the performance of a supply
chain network subjected to various risks based on Petri nets.
Analytical optimisation models for analysing supply disruptions and selecting the optimal mitigation strategies were
discussed in several studies. Sarkar and Mohapatra (2009) developed an optimisation model to determine the optimal
supply base (number of suppliers) under the risk of supply disruption. A stochastic model for managing risks in global
supply chains was built in Goh, Lim, and Meng (2007).
Hybrid models utilise both qualitative and quantitative techniques. Due to the uncertainty of supply chain risks and
the lack of risk data, hybrid modelling techniques are effective for risk analysis, assessment, and developing proper mit-
igation strategies. The most common tools used for qualitative–quantitative modelling of risks in supply chains are as
follows: questionnaires (Pavlou and Manthou 2008; Schoenherr, Rao Tummala, and Harrison 2008), analytic hierarchy
process (Schoenherr, Rao Tummala, and Harrison 2008) and fuzzy logic (Aqlan and Lam 2015; Aqlan and Mustafa Ali
2014).
5644 F. Aqlan and S.S. Lam

Even though various methods and studies have considered supply chain risks, some limitations of the existing stud-
ies and methods will need to be addressed. The limitations of other researches that will be addressed by this research
include as follows:
(1) Many researches in the literature did not consider the risk factors (root causes) when calculating the risks. In this
research, a methodology based on Bow-Tie analysis is proposed to aggregate the risk values based on the values
of the associated risk factors and impacts.
(2) Risk interconnections need to be considered for effective management of supply chain risks because mitigating
one risk can aggravate another risk if the two risks are correlated. This topic was not given enough consideration
in the literature. In this research, risk mitigation matrix (RMM) is proposed to identify risk correlations, risk
reductions and mitigation strategies’ scores.
(3) Since there are no silver bullet strategies to protect organisational supply chains against risks, managers need to
choose the proper mitigation strategy for each risk (Chopra and Sodhi 2004). However, when there are long lists
of risks and mitigation strategies, it becomes more difficult and timely consuming for the decision-makers to
identify the proper mitigation strategies. In this case, optimisation models can be effectively used to assist
decision-makers in identifying the proper mitigation strategies. In this research, the output from RMM is used as
an input to the optimisation model to identify the best combination of mitigation strategies.

3. Research methodology
The proposed methodology for risk modelling and management is based on risk identification, measurement and mitiga-
tion (see Figure 2). The risks are identified by risk management experts. For each risk, associated factors and impacts
are identified. A survey is developed to estimate the risk parameters, namely likelihood and impact. Because the risk is
caused by one or more risk factors, risk parameters are estimated based on aggregating risk factors’ values using Bow-
Tie analysis. The potential mitigation strategies along with their associated costs and risk reductions are also identified
and used in the RMM. In order to select the best combination of risk mitigation strategies, optimisation techniques are
used.
Bow-Tie analysis (see Figure 3), which combines fault-tree analysis and event-tree analysis, is used to calculate the
aggregated likelihood and impact. Based on the type of relationship among risk factors (OR or AND rules), equations
are used to aggregate the risk parameters as:
For AND rule:
Y
N
Pk ðtÞ ¼ pi ðtÞ (2)
i¼1

For OR rule:
Y
N
Pk ðtÞ ¼ 1  ð1  pi ðtÞÞ (3)
i¼1

where Pk ðtÞ is the probability of occurrence of risk event k during the planning horizon t, pi ðtÞis the probability of
occurrence of risk factor i and N is the number of risk factors associated with risk event k. To calculate the impact of
risks, a standardised value is considered because the risk can have several consequences with different measures. A criti-
cal value of risk consequence j is defined as Cjcr which is the value of the risk that makes the business goals impossible;
the maximum possible value of a risk consequence is defined as Cjmax . Then, the standardised value of consequence j is
calculated as:

Cjmax
Cjsd ¼ ; Cjmax  Cjcr (4)
Cjcr
If each consequence (assuming M consequences) has a probability of occurrence Pjc , the total impact of the risk factor i
will be defined as:
X
M
li ðtÞ ¼ Pjc Cjsd (5)
j¼1
 International Journal of Production Research 5645

Table 2. An illustration of RMM.

Risk mitigation Risk 1 Risk 2 Risk 3 Risk 4 Risk 5 Mitigation score Mitigation cost ($)

Mitigation strategy 1 C(1)− B(2)− 3C(3)− 350,000

Mitigation strategy 2 C(1)− C(3)− 2C(4)− 150,000
Mitigation strategy 3 B(2)− C(3)− C(2)+ 2C(3)− 100,000
Mitigation strategy 4 B(2)− 2C(2)− 50,000
Mitigation strategy 5 C(2)− 1C(2)− 50,000
Current risk score 0.300 0.250 0.300 0.250 0.110 10C(14)− 700,000
After-mitigation risk score 0.090 0.125 0.180 0.125 0.110

The impact of the risk event k is then calculated as follows:

PN
i¼1 pi ðtÞli ðtÞ
Lk ðtÞ ¼ P N (6)
i¼1 pi ðtÞ

To manage and control the risks, proper mitigation strategies are identified for each risk. To consider the risk
reduction for each mitigation strategy along with the risk interconnections, RMM is proposed. RMM, shown in
Table 2, is a two-dimensional matrix where the columns represent the risks and the rows represent the mitigation
strategies.
The risk reduction by a mitigation strategy is represented by a number, an alphabet and a sign. The number
represents the value of the risk reduction, the alphabet represents the importance of the reduction, and the sign
represents the direction of the reduction (negative for decrease and positive for increase). The values of risk reduc-
tion, which are set by the experts, can be divided into five levels as follows: very high (5), high (4), medium (3),
low (2) and very low (1). The sign of the reduction can be positive for increase or negative for decease. The let-
ters are explained as follows: A means the mitigation strategy will bring the risk from red to green, B means the
mitigation strategy will bring the risk from red to yellow or from yellow to green, and C means the mitigation
strategy will bring the risk from red to red, yellow to yellow or green to green. To calculate the total mitigation
strategy score, the numbers are added together and alphabets are added together. The following rules for adding the
alphabets are considered as follows:
• A−A=B−B=C−C=Z
• A + A = 2A, B + B = 2B = A, C + C = 2C =B
• B = ½ A, C = ½ B, C = ¼ A
The example below shows how the total mitigation strategy score is calculated.
• Numbers: 5 – 2 + 3 + 2 − 5 – 1 = (2)+
• Alphabets: |A – B + C + A − A − C| = 1B = 2C

Risks
Strategy Risk 1 Risk 2 Risk 3 Risk 4 Risk 5 Risk 6 Strategy Score

Redundant suppliers A(5)+ B(2)− C(3)+ A(2)+ A(5)− C(1)− 2C(2)+

The best combination of mitigation strategies that satisfies both budget and risk reduction constraints needs to be identi-
fied. A direct method for doing this is by enumerating the possible combinations while considering risk reduction
and budget constraints. However, this method is a time-consuming and difficult task, especially when the number of
mitigation strategies increases. The mitigation strategy selection problem can be formulated as a single-objective or
multi-objective mixed-integer linear programming model. For single-objective models, the objective can be either
minimising total mitigation cost or maximising total risk reduction. The notation for the optimisation models is included
below.
5646 F. Aqlan and S.S. Lam

Symbol Description

M set of risks (index i)

N set of mitigation strategies (index j)
Ri current level of risk i before implementing response strategy
R0ij amount of reduction in risk i after implementing mitigation strategy j
Cj evaluated cost of implementing mitigation strategy j
Ri target (acceptable) level of risk i
B dedicated budget for risk mitigation
δ percentage of budget to be spent on mitigation strategies
 
1; if response strategy j is selected
xj
0; otherwise

The single-objective model with minimising risk reduction can be formulated as follows:

N R0 x 
M X
X ij j
Max Z1 ¼ (r.1)
i¼1 j¼1
Ri

Subject to
X
N
xj Cj  dB (r.2)
j¼1

X
N
Ri  ðR0ij xj Þ  Ri 8i 2 M (r.3)
j¼1

X
N
ðR0ij xj Þ  0 8i 2 M (r.4)
j¼1

xj 2 ½0; 1; binary

The objective function (r.1) maximises the total risk reduction. The risk reduction is standardised by dividing it by the
original value of the risk. Constraint (r.2) ensures that the total cost for mitigating the risks will not exceed the allocated
budget. Constraint (r.3) indicates that the resulting risk value after implementing the mitigation strategies must be less
than (or equal to) the target level of that risk. Constraint (r.4) indicates that the total reduction in the risk level should
be a positive number. The single-objective model can also be formulated by setting the total mitigation cost as the
objective function:

X
N
Min Z2 ¼ xj C j (c.1)
j¼1

Subject to
X
N
Ri  ðR0ij xj Þ  Ri 8i 2 M (c.2)
j¼1

X
N
ðR0ij xj Þ  0 8i 2 M (c.2)
j¼1

xj 2 ½0; 1; binary

 International Journal of Production Research 5647

Figure 4. An overview of configure-to-order environment for high-end servers.

Table 3. Supply chain risk calculations for high-end server manufacturing.

No. of risk Combination Aggregated Aggregated Risk score

Supply chain agent Agent type factors rule likelihood impact (%)

Company A Supplier 16 OR 0.77 0.51 39.27

Country A Country 14 OR 0.67 0.31 20.77
Bank A Customer 2 OR 0.59 0.87 51.33
Memory Commodity 5 OR 0.61 0.70 42.70
Manufacturing site A Manufacturer 6 OR 0.40 0.31 12.40

Both models can be combined into one multi-objective optimisation model. The model can be solved using goal
programming. The risk mitigation multi-objective model is reformulated as follows:
   þ    þ
w 1 d1 þ w þ
1 d1 w2 d2 þ wþ 2 d2
Min Z3 ¼ þ w2 (g.1)
k1 k2
Subject to
X N R0 x 
M X
ij j
þ d1  d1þ ¼ b1 (g.2)
i¼1 j¼1
Ri

Table 4. Common risks that can affect high-end server manufacturing supply chain.

No. Risk Risk definition

(1) Material shortage Not enough parts to fulfil all customer orders
(2) Machine failure Failure of customer machines in the test stations
(3) Order cancellation Cancellation of orders by customer after order is processed
(4) Rush orders Orders with short lead time that take higher priority than regular orders
(5) Quality problems Defective parts that cannot be used in the product
(6) Delay risk Long lead time that affect delivery time of product to the customer
(7) Innovation risk Failure to introduce new products and innovations
(8) Critical customer issues E.g. serious failure of servers in customer’s site
(9) Natural disasters risk E.g. severe weather, floods, earthquakes, etc.
(10) Extra inventory risk Risk of having extra inventory more than needed
 5648

Table 5. Risk mitigation matrix (RMM).

Risk mitigation Risk 1 Risk 2 Risk 3 Risk 4 Risk 5 Risk 6 Risk 7 Risk 8 Risk 9 Risk 10 Mitigation score Mitigation cost ($)

Mitigation strategy 1 C(1)− C(1)− B(2)− B(2)− C(1)+ C(1)− 6C(6)− 350,000
Mitigation strategy 2 C(1)− C(1)− C(1)+ 1C(1)− 150,000
Mitigation strategy 3 C(1)− C(1)+ B(2)− 2C(2)− 100,000
Mitigation strategy 4 C(1)− C(2)− 2C(3)− 50,000
Mitigation strategy 5 C(2)− C(1)− C(1)+ 1C(2)− 50,000
Mitigation strategy 6 C(2)+ C(1)− C(1)− B(2)− B(2)− 5C(4)− 150,000
Mitigation strategy 7 B(2)− C(1)− B(2)− C(1)− 6C(6)− 160,000
Mitigation strategy 8 C(1)− B(2)− C(1)+ 2C(2)− 100,000
Mitigation strategy 9 C(1)− C(1)− 2C(2)− 50,000
Mitigation strategy 10 B(2)− C(1)− 3C(3)− 150,000
Mitigation strategy 11 C(1)+ C(1)− C(1)− 1C(1)− 50,000
Mitigation strategy 12 C(1)+ C(1)− C(1)− 1C(1)− 100,000
Mitigation strategy 13 C(1)+ B(2)− C(1)− C(1)− 3C(3)− 155,000
Mitigation strategy 14 C(1)− C(2)− 2C(3)− 100,000
Mitigation strategy 15 B(2)− C(1)+ 1C(1)− 100,000
Mitigation strategy 16 C(1)− 1C(1)− 50,000
F. Aqlan and S.S. Lam

Mitigation strategy 17 C(1)− B(1)− 3C(2)− 100,000

Mitigation strategy 18 B(2)− C(2)+ B(2)− C(2)− 4C(4)− 250,000
Mitigation strategy 19 B(2)− 2C(2)− 100,000
Mitigation strategy 20 C(1)− C(2)− 2C(3)− 100,000
Current risk score* 0.300 0.250 0.300 0.250 0.275 0.310 0.300 0.250 0.300 0.350 50C(52)− 2415,000
After-mitigation risk score 0.090 0.125 0.090 0.050 0.110 0.124 0.060 0.100 0.090 0.070

*0.000–0.199: Green, 0.200–0.299: Yellow, 0.300–1.000: Red.

 International Journal of Production Research 5649

Table 6. Risk mitigation results for different values of allocated budget.

δ Value Mitigation matrix Risk value after mitigation

0.70< Not feasible Not feasible

0.70 [0 0 0 1 1 1 1 1 1 1 0 0 1 1 0 1 0 1 0 1] [0.15 0.15 0.12 0.125 0.1925 0.167 0.15 0.15 0.15 0.105]
0.75 [0 0 0 1 1 1 1 1 1 1 0 0 1 1 0 1 0 1 1 1] [0.15 0.15 0.12 0.05 0.1925 0.167 0.15 0.15 0.15 0.105]
0.80 [0 0 0 1 1 1 1 1 1 1 0 0 1 1 0 1 1 1 1 1] [0.15 0.15 0.12 0.05 0.165 0.167 0.15 0.15 0.12 0.105]
0.85 [0 0 1 1 1 1 1 1 1 1 0 0 1 1 0 1 1 1 1 1] [0.15 0.15 0.12 0.025 0.1925 0.167 0.15 0.075 0.12 0.105]
0.90 [1 0 1 1 1 1 1 1 1 1 0 0 0 1 0 1 0 1 1 1] [0.09 0.15 0.18 0.025 0.165 0.074 0.18 0.1 0.12 0.105]
0.95 [1 0 1 1 1 1 1 1 1 1 0 0 1 1 0 0 0 1 1 1] [0.12 0.15 0.09 0.025 0.165 0.074 0.15 0.1 0.12 0.105]
1.00 [1 0 1 1 1 1 1 1 1 1 1 0 1 1 0 1 0 1 1 1] [0.12 0.15 0.09 0.050 0.110 0.074 0.15 0.1 0.12 0.070]

Figure 5. Effect of changing allocated budget on risk reduction and mitigation cost.

Table 7. Effect of changing b2 value on mitigation strategy selection and risk reduction (b1 = 4).

b2 Value Mitigation matrix Risk value after mitigation

1,000,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
1,100,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
1,200,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
1,300,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
1,400,000 [1 0 0 1 0 1 1 0 0 1 0 1 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.175 0.165 0.124 0.18 0.175 0.18 0.07]
1,500,000 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
1,600,000 [1 1 1 0 0 1 1 0 1 1 0 0 1 0 0 0 0 1 1 0] [0.18 0.15 0.15 0.125 0.165 0.167 0.15 0.175 0.18 0.14]
1,700,000 [1 1 0 1 1 1 0 0 0 1 0 1 0 1 0 1 1 1 1 1] [0.15 0.15 0.18 0.15 0.11 0.174 0.15 0.175 0.18 0.14]
1,800,000 [1 1 1 1 1 1 0 0 1 1 0 1 1 1 0 1 1 1 0 0] [0.18 0.15 0.12 0.175 0.11 0.174 0.12 0.15 0.18 0.14]
1,900,000 [1 1 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.15 0.0825 0.174 0.12 0.175 0.18 0.105]
2,000,000 [1 1 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.15 0.0825 0.174 0.12 0.175 0.18 0.105]
2,500,000 [1 1 1 1 1 1 0 1 0 1 1 1 1 1 0 1 1 1 0 0] [0.18 0.125 0.12 0.15 0.0825 0.174 0.15 0.175 0.18 0.105]
3,000,000 [1 1 1 1 1 1 0 1 0 1 1 1 1 1 0 1 1 1 0 0] [0.18 0.125 0.12 0.15 0.0825 0.174 0.15 0.175 0.18 0.105]
5,000,000 [1 1 1 1 1 1 0 1 0 1 1 1 1 1 0 1 1 1 0 0] [0.18 0.125 0.12 0.15 0.0825 0.174 0.15 0.175 0.18 0.105]
5650 F. Aqlan and S.S. Lam

Figure 6. Effect of increasing mitigation cost goal value on total mitigation cost and risk reduction (b1 = 4).

Figure 7. Effect of increasing mitigation cost goal on total mitigation cost and risk reduction (b1 = 5).

X
N
xj Cj þ d2  d2þ ¼ b2 (g.3)
j¼1

X
N
Ri  ðR0ij xj Þ  Ri 8i 2 M (g.4)
j¼1

N 
X 
R0ij xj  0 8i 2 M (g.5)
j¼1
 International Journal of Production Research 5651

Table 8. Effect of changing b1 on mitigation strategy selection and risk reduction (b2 = 1.5 M).

b1 Value Mitigation matrix Risk value after mitigation

0.0 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
0.5 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
1.0 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
1.5 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
2.0 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
2.5 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
3.0 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
3.5 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
4.0 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
4.5 [1 0 0 1 0 1 1 0 0 1 0 1 0 0 0 0 1 1 1 1] [0.18 0.175 0.18 0.175 0.1375 0.124 0.18 0.175 0.15 0.07]
5.0 [1 0 1 1 0 1 1 0 0 1 0 0 0 1 0 0 0 1 1 1] [0.18 0.175 0.18 0.125 0.1925 0.074 0.18 0.125 0.09 0.105]
10.0 [0 0 0 1 1 1 1 1 1 1 1 0 1 1 0 1 0 1 1 1] [0.15 0.15 0.12 0.075 0.165 0.167 0.15 0.15 0.15 0.07]
20.0 [0 0 0 1 1 1 1 1 1 1 1 0 1 1 0 1 0 1 1 1] [0.15 0.15 0.12 0.075 0.165 0.167 0.15 0.15 0.15 0.07]
100.0 [0 0 0 1 1 1 1 1 1 1 1 0 1 1 0 1 0 1 1 1] [0.15 0.15 0.12 0.075 0.165 0.167 0.15 0.15 0.15 0.07]

Figure 8. Effect of increasing risk reduction goal on total mitigation cost and risk reduction (b2 = 1.5 M).

xj 2 ½0; 1; binary

d1 ; d1þ ; d2 ; d2þ  0

where d1 and d1þ are the negative and positive deviations from ‘risk reduction’ goal, d2 and d2þ are the negative and
þ þ
positive deviations from ‘mitigation cost’ goal, and w 
1 , w1 , w2 , and w2 are the respective positive weights attached to
the deviations in the achievement function Z3. The weights take the value of zero when the minimisation of the corre-
sponding deviational variable is unimportant to the decision-maker. k1 and k2 are normalisation constants.

4. Case study: risk modelling and mitigation in high-end server manufacturing

High-end server manufacturing supply chain is a complex environment and is prone to different types of risks. Charac-
teristics of the high-end server manufacturing include as follows (Aqlan, Lam, and Ramakrishnan 2014): (1) expensive
components and high inventory carrying costs, (2) extreme demand skews and aggressive introduction cycles for new
5652 F. Aqlan and S.S. Lam

Figure 9. Effect of increasing risk reduction goal on total mitigation cost and risk reduction (b2 = 1.8 M).

Table 9. Effect of increasing b1 and b2 values on mitigation strategy selection and risk reduction.

b1 Value b2 Value Mitigation matrix Risk value after mitigation

0.0 1,000,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
0.5 1,100,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
1.0 1,200,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
1.5 1,300,000 [1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.15 0.165 0.074 0.18 0.175 0.18 0.105]
2.0 1,400,000 [1 0 0 1 0 1 1 0 0 1 0 1 0 0 0 0 0 1 1 1] [0.18 0.175 0.18 0.175 0.165 0.124 0.18 0.175 0.18 0.07]
2.5 1,500,000 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
3.0 1,600,000 [1 1 1 0 0 1 1 0 1 1 0 0 1 0 0 0 0 1 1 0] [0.18 0.15 0.15 0.125 0.165 0.167 0.15 0.175 0.18 0.14]
3.5 1,700,000 [1 1 0 1 1 1 0 0 0 1 0 1 0 1 0 1 1 1 1 1] [0.15 0.15 0.18 0.15 0.11 0.174 0.15 0.175 0.18 0.14]
4.0 1,800,000 [1 1 1 1 1 1 0 0 1 1 0 1 1 1 0 1 1 1 0 0] [0.18 0.15 0.12 0.175 0.11 0.174 0.12 0.15 0.18 0.14]
4.5 1,900,000 [1 1 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.15 0.0825 0.174 0.12 0.175 0.18 0.105]
5.0 2,000,000 [1 1 1 1 1 1 0 0 1 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.125 0.0825 0.174 0.12 0.15 0.18 0.105]
10.0 2,500,000 [1 0 1 1 1 1 1 1 1 1 0 0 1 1 0 0 1 1 1 1] [0.12 0.15 0.09 0.025 0.1375 0.074 0.15 0.1 0.09 0.105]
20.0 3,000,000 [1 0 1 1 1 1 1 1 1 1 0 0 1 1 0 0 1 1 1 1] [0.12 0.15 0.09 0.025 0.1375 0.074 0.15 0.1 0.09 0.105]
100.0 5,000,000 [1 0 1 1 1 1 1 1 1 1 0 0 1 1 0 0 1 1 1 1] [0.12 0.15 0.09 0.025 0.1375 0.074 0.15 0.1 0.09 0.105]

products, (3) extremely complex assembly operations, (4) extensive test processes to ensure high quality, (5) servers
must have extremely high reliability and no downtimes, (6) extensive alterations of product configurations by the cus-
tomers and (7) capacity constraints from their suppliers. An overview of the high-end server manufacturing considered
in this study is illustrated in Figure 4. Production lines in server manufacturing are supported by multi-tier suppliers
(both internal and external) with long supply lead time. The environment is also characterised by the aggressive
introduction cycles of new products (almost every two years) and significant engineering changes (Aqlan, Lam, and
Ramakrishnan 2014). In such a complex environment, risks must be managed effectively because the server
manufacturing characteristics increase the probability of occurrence of the risks and their impact. For instance, expensive
components with high inventory carrying costs require the inventory to be kept at a minimum, but this could increase
the risk of material shortage. Furthermore, the highly changing technology and new product introduction cycles could
increase the risk of order alterations by customers as they may want to switch the order of a new product. Server
manufacturing companies are also exposed to external risks such as currency fluctuations, third-party outsourcing,
intellectual-property risks that are related to patents, and unstable political and economic situations. Table 3 shows the
risk calculations for the high-end server manufacturing considered in this study based on aggregating the risk factors’
 International Journal of Production Research 5653

Figure 10. Effect of increasing risk reduction and mitigation cost goals on total mitigation cost and risk reduction.

Figure 11. Effect of increasing risk reduction goal and decreasing mitigation cost goal on total mitigation cost and risk reduction.
5654 F. Aqlan and S.S. Lam

Table 10. Effect of increasing b1 and decreasing b2 values on mitigation strategy selection and risk reduction.

b1 Value b2 Value Mitigation matrix Risk value after mitigation

0.0 5,000,000 [1 1 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.15 0.0825 0.174 0.12 0.175 0.18 0.105]
0.5 3,000,000 [1 1 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.15 0.0825 0.174 0.12 0.175 0.18 0.105]
1.0 2,500,000 [1 1 1 1 1 1 0 1 0 1 1 1 1 1 0 1 1 1 0 0] [0.18 0.125 0.12 0.15 0.0825 0.174 0.15 0.175 0.18 0.105]
1.5 2,000,000 [1 1 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.15 0.0825 0.174 0.12 0.175 0.18 0.105]
2.0 1,900,000 [1 1 1 1 1 1 0 0 0 1 1 1 1 1 0 1 1 1 1 0] [0.18 0.15 0.12 0.15 0.0825 0.174 0.12 0.175 0.18 0.105]
2.5 1,800,000 [1 1 1 1 1 1 0 0 1 1 0 1 1 1 0 1 1 1 0 0] [0.18 0.15 0.12 0.175 0.11 0.174 0.12 0.15 0.18 0.14]
3.0 1,700,000 [1 1 0 1 1 1 0 0 0 1 0 1 0 1 0 1 1 1 1 1] [0.15 0.15 0.18 0.15 0.11 0.174 0.15 0.175 0.18 0.14]
3.5 1,600,000 [1 1 1 0 0 1 1 1 1 1 0 0 1 0 0 0 0 1 0 0] [0.18 0.125 0.15 0.125 0.165 0.167 0.18 0.175 0.18 0.14]
4.0 1,500,000 [1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1] [0.18 0.175 0.18 0.15 0.1375 0.174 0.15 0.175 0.18 0.105]
4.5 1,400,000 [1 0 1 1 1 0 1 0 1 0 1 0 1 0 0 0 1 1 1 0] [0.12 0.175 0.15 0.15 0.1375 0.167 0.15 0.175 0.18 0.175]
5.0 1,300,000 [0 0 0 1 1 1 1 1 1 1 0 0 1 1 0 1 0 1 0 1] [0.15 0.15 0.12 0.125 0.1925 0.167 0.15 0.15 0.15 0.105]
10.0 1,200,000 [0 0 0 1 1 1 1 0 1 1 0 0 1 1 0 1 0 1 1 1] [0.15 0.175 0.12 0.125 0.1925 0.167 0.12 0.15 0.15 0.105]
20.0 1,100,000 [0 0 0 1 1 1 1 0 1 1 0 0 1 1 0 1 0 1 1 1] [0.15 0.175 0.12 0.125 0.1925 0.167 0.12 0.15 0.15 0.105]
100.0 1,000,000 [0 0 0 1 1 1 1 0 1 1 0 0 1 1 0 1 0 1 1 1] [0.15 0.175 0.12 0.125 0.1925 0.167 0.12 0.15 0.15 0.105]

estimates. The risk is calculated for each agent in the supply chain, i.e. supplier, customer, manufacturing site, country
and commodity. The risk factors are identified based on experts’ knowledge. The values of the risk factors are obtained
based on surveys and experts’ inputs. The OR rule means that any factor can cause the risk to occur and the risk score
is calculated based on Equation (1). Table 4 shows the main risks considered for mitigation, and Table 5 shows the
RMM for the selected risks and associated mitigation strategies.
The optimisation models were solved in CPLEX v15. For the single-objective model with risk reduction as the main
objective, results for different values of δ are shown in Table 6. For each value of δ, the mitigation and risk reduction
matrices are obtained. As indicated in the table, there are no feasible solutions for δ < 0.7. Figure 5 shows the effect of
changing δ on the total mitigation cost and risk reduction. It can be concluded that both risk reduction and mitigation
cost increase linearly as δ increases.
For the multi-objective risk optimisation model, numerical analysis is conducted to study the optimal risk reduction
and mitigation cost under different values of the mitigation cost and risk reduction goals. Table 7 shows the effect of
changing b2 values on mitigation strategy selection and after-mitigation risk values. Figures 6 and 7 show the effect of
changing the value of b2 (based on Table 6) on total risk reduction and total mitigation cost where the goal of total risk
reduction, b1, is fixed at 4 (Figure 6) and 5 (Figure 7). It can be noticed that when the mitigation cost goal is set below
the feasible value (1.315 M), the total mitigation cost will be equal to the minimum feasible value of 1.315 M. Further-
more, when the mitigation cost goal is set at a value greater than the available budget (2 M), the total mitigation cost
will be very close to the available budget.
Table 8 shows the effect of changing b1 on the mitigation strategy selection and after-mitigation values of the risks.
The corresponding total risk reduction and mitigation costs are shown in Figures 8 (for b2 = 1.5 M) and 9 (for b2 =
1.8 M). It can be noticed that while the total mitigation cost is almost equal to the target mitigation cost for all indicated
vales, the total risk reduction is close to the predetermined target. The same results were found when the values of the
two goals (b1 and b2) were changed together as shown in Tables 9 and 10 and Figures 10 and 11.
As indicated by the numerical results of the case study, risk mitigation and its corresponding cost are two opposed
objectives and it is up to the decision-maker to determine the balance between the two objectives. Risks always exist,
and there are budget constraints on mitigating them. Furthermore, not all the risks should be eliminated and companies
can determine the acceptable level for each risk. To handle the risk mitigation properly, all the risks and their intercon-
nections should be considered together because developing a response strategy for one risk could affect other areas in
supply chain and/or aggravate other risks. The results of the risk mitigation can be incorporated in tactical and strategic
planning. Even though the case study considered in this research represents a server manufacturing environment, results
could be generalised to similar manufacturing and/or service environments.

5. Conclusions and future research opportunities

This research proposed a method for supply chain risk modelling and mitigation. The proposed method is based on
Bow-Tie analysis and optimisation, and it considers risk interconnections and mitigation cost. A case study from a high-
end server manufacturing environment was considered. RMM was used to identify risk correlations, risk reductions, and
 International Journal of Production Research 5655

mitigation strategies scores. An optimisation model was then used to identify the best combination of mitigation
strategies for the risks. The results from the case study showed that the proposed methodology for risk modelling and
mitigation can be used for managing risks effectively in supply chains. This study assumes that the mitigation strategies
are independent from each other. Furthermore, the identified mitigation strategies may affect other areas in the supply
chain. For this reason, an optimisation model for the entire supply chain considering risk and risk mitigation can be
developed. In addition, simulation models can be used to test the risks and mitigation strategies. It is also important to
link the risk impact to operational measures such as inventory, capacity, etc.

References

Aqlan, F., and E. M. Ali. 2014. “Integrating Lean Principles and Fuzzy Bow-tie Analysis for Risk Assessment in Chemical Industry.”
Journal of Loss Prevention in the Process Industries 29: 39–48.
Aqlan, F., and S. S. Lam. 2015. “A Fuzzy-based Integrated Framework for Supply Chain Risk Assessment.” International Journal of
Production Economics 161: 54–63.
Aqlan, F., S. S. Lam, and S. Ramakrishnan. 2014. “An Integrated Simulation–optimization Study for Consolidating Production Lines
in a Configure-to-order Production Environment.” International Journal of Production Economics 148: 51–61.
Blackhurst, J., and T. Wu, eds. 2009. Managing Supply Chain Risk and Vulnerability: Tools and Methods for Supply Chain Decision
Makers, 12. London: Springer.
Carvalho, H., A. P. Barroso, V. H. Machado, S. Azevedo, and V. Cruzz-Machado. 2012. “Supply Chain Redesign for Resilience
Using Simulation.” Computers & Industrial Engineering 62 (1): 329–341.
Chen, J., A. Sohal, and D. Prajogo. 2013. “Supply Chain Operational Risk Mitigation: A Collaborative Approach.” International
Journal of Production Research 51 (7): 2186–2199.
Chopra, S., and M. S. Sodhi. 2004. “Managing Risk to Avoid Supply-chain Breakdown.” MIT Sloan Management Review 46 (1):
52–61.
Deshmukh, V. 2007. “The Design of a Decision Support System for Supply Chain Risk Management.” 19. Master Thesis.
Massachusetts Institute of Technology, Cambridge, MA.
Diabat, A., K. Govindan, and V. Panicker. 2012. “Supply Chain Risk Management and its Mitigation in a Food Industry.”
International Journal of Production Research 50 (11): 3039–3050.
Giannakis, M., and M. Louis. 2011. “A Multi-agent Based Framework for Supply Chain Risk Management.” Journal of Purchasing
and Supply Management 17 (1): 23–31.
Goh, M., J. Y. Lim, and F. Meng. 2007. “A Stochastic Model for Risk Management in Global Supply Chain Networks.” European
Journal of Operational Research 182 (1): 164–173.
Hendricks, K., and V. Singhal. 2005. “Association between Supply Chain Glitches and Operating Performance.” Management Science
51 (5): 695–711.
IBM Governance and Risk Management. 2007. “A Comprehensive, Best-practices Approach to Business Resilience and Risk
Mitigation.” White Paper. Accessed May, 2012. http://www.ibm.com/services/pl/gts/html/pdf/gmw14000-usen-00.pdf
Kleindorfer, P. R., and G. H. Saad. 2005. “Managing Disruption Risks in Supply Chains.” Production and Operations Management
14 (1): 53–68.
Mele, F. D., G. Guillen, A. Espuna, and L. Puigjaner. 2007. “An Agent-based Approach for Supply Chain Retrofitting under
Uncertainty.” Computers & Chemical Engineering 31 (5): 722–735.
Pavlou, S., and V. Manthou. 2008. “Identifying and Evaluating Unexpected Events as Sources of Supply Chain Risk.” International
Journal of Services and Operations Management 4 (5): 604–617.
Sarkar, A., and P. K. Mohapatra. 2009. “Determining the Optimal Size of Supply Base with the Consideration of Risks of Supply
Disruptions.” International Journal of Production Economics 119 (1): 122–135.
Schmitt, A. J. 2009. “Quantifying Supply Chain Disruption Risk Using Monte Carlo and Discrete-event Simulation.” In Proceedings
of Winter Simulation Conference, 1237–1248. Princeton, NJ.
Schoenherr, T., V. M. Rao Tummala, and T. P. Harrison. 2008. “Assessing Supply Chain Risks with the Analytic Hierarchy Process:
Providing Decision Support for the Offshoring Decision by a US Manufacturing Company.” Journal of Purchasing and Supply
Management 14 (2): 100–111.
Sidola, A., P. Kumar, and D. Kumar. 2011. “System Dynamic Methodological Approach for Design and Analysis of Risk in Supply
Chain.” In Proceedings of IEEE International Technology Management Conference, 495–500. San Jose, CA.
Sinha, P. R., L. E. Whitman, and D. Malzahn. 2004. “Methodology to Mitigate Supplier Risk in an Aerospace Supply Chain.” Supply
Chain Management: An International Journal 9 (2): 154–168.
Sirivunnabood, S., and S. Kumara. 2009. “Comparison of Mitigation Strategies for Supplier Risks: A Multi-agent-based Simulation
Approach.” In Proceedings of IEEE/INFORMS International Conference on Service Operations, Logistics and Informatics,
388–393. Chicago, IL.
Thun, J., and D. Hoenig. 2011. “An Empirical Analysis of Supply Chain Risk Management in the German Automotive Industry.”
International Journal of Production Economics 131 (1): 242–249.
5656 F. Aqlan and S.S. Lam

Tse, Y., and K. Tan. 2011. “Managing Product Quality Risk in a Multi-tier Global Supply Chain.” International Journal of Production
Research 49 (1): 139–158.
Tuncel, G., and G. Alpan. 2010. “Risk Assessment and Management for Supply Chain Networks: A Case Study.” Computers in
Industry 61 (3): 250–259.
Wakolbinger, T., and J. M. Cruz. 2011. “Supply Chain Disruption Risk Management through Strategic Information Acquisition and
Sharing and Risk-sharing Contracts.” International Journal of Production Research 49 (13): 4063–4084.
Waters, D. 2007. Supply Chain Risk Management: Vulnerability and Resilience in Logistics, 13. London: Kogan Page.
Zsidisin, G., and B. Ritchie, eds. 2009. Supply Chain Risk: A Handbook of Assessment, Management, and Performance, 93.
New York: Springer.