March 30, 2022

Supply Chain

Many researchers have analyzed the effect of disruptive events, such as natural disasters and economic and market forces, on global supply chains.

List of contents

Aligning supply chain design for boosting resilience


Many researchers have analyzed the effect of disruptive events, such as natural disasters and economic and market forces, on global supply chains. However, there is a lack of consensus on delineating a universal collection of supply chain risk management practices that will help companies operate in a global market with large-scale disruptions. In this article, we present an analysis, in conjunction with a worldwide online survey, based on successful global brands and their supply chains.

We propose a framework that deploys the dynamics of building supply chain resilience, first linking the design of the supply chain portfolio (local versus global scope, as well as strategic responsiveness versus cost reduction) with supply chain vulnerabilities (external versus internal). We describe the transition between different supply chain structures as a way of coping with disruptions and thus proactively developing resilience. In this article, we introduce both a supply chain risk management approach and the reactive-by-deployment mode, as illustrated by successful global company examples.

1-Supply chain risk management

Supply chain risk management received international attention in the aftermath of the September 11 terror attacks, when disruptions in the transportation system revealed the fragility of companies that relied on just-in-time practices and offshore production (Sheffi, 2015). In particular, supply chain risk management became a much-needed research topic after Hurricane Katrina in 2005, the Japanese earthquake and tsunami in 2011, and most recently, the horrific fire in a clothing factory in Bangladesh, which caused serious disruptions to the global supply chain. Currently, we are facing more such disruptions. For example, closed-border policies due to international immigration tensions, terrorist at- tacks that limit freight transportation, and problems resulting from high-impact political situations such as the U.K.’s Brexit are all disruptive events that restrict international trade. Apart from the humanitarian and social effects, these types of events are revealing the vulnerability of value networks.

Such disparities illustrate that many companies need a solid and holistic strategy to respond adequately to large-scale disruptions. One of the most worrisome conclusions that can be drawn from these recent major events is that most firms ignore or fail to recognize high-impact risks. Moreover, even among companies that recognize such risks, many neglect to assess the potential impact in sufficient detail and cannot respond accordingly. Many managers continue to struggle to create contingency rules and procedures for complex, dynamic, and high-risk business situations. In this regard, the MIT Scale Network study reported that approximately 60% of managers do not actively engage in supply chain risk management or simply consider such actions as ineffective (Saenz & Revilla, 2014).

Consequently, one of the objectives of this article is to answer this question: Why, despite our accumulated knowledge of dealing with disasters and companies’ extensive experience in building and running global market supply chains, do so many enterprises still struggle to cope with large-scale disruptions?

In our view, one answer is that risk management is still a relatively new discipline in the supply chain management field. A lack of quick wins to provide momentum to efforts has resulted in a lack of effective managerial guidance in developing a framework when deploying risk management practices and selecting the best supply chain structures and associated strategies. Additionally, this article addresses another important question: How can companies cope with these disruptive events and build resilience while minimally impacting their value chain?

The main contribution of this article is to analyze the dynamics of reactive and proactive risk management to create resilience in supply chains through a holistic vision that begins when companies initially design a product and its supply chain.

We propose that companies should first analyze their competitive strategies in terms of market competition and develop their different supply chains accordingly without losing sight of the assumed risks. Companies might require a supply chain based on cost reduction versus responsive- ness. As such, local and global suppliers must be an integral part of company plans and scenarios given our current trend of globalization. A thorough understanding of the sources of vulnerabilities is also essential. Companies must be able to develop and implement the most effective risk management tools for their particular supply chains. We have proposed a closed-loop framework that integrates the close relationships between supply chain design and building resilience in a dynamic setting that can be used by any enterprise regardless of operation area.

We also analyzed and contrasted the most relevant risk management orientations with the practices that successful companies use regarding supply chain risk management. Our innovative framework integrates proactive and reactive risk management and uses robust tools and best practices from companies whose supply chain risk management has been tested during major disruptions. Proactive risk management should be rooted by design to provide resilience in products and corresponding supply chains. At the same time, such efforts should be integrated with reactive risk management tools deployed and customized according to the specific disruptive episode.

This article is structured as follows. We start by introducing the framework that tackles the dynamics of building supply chain resilience. We then deploy each sequence of steps, illustrated with relevant and practical examples from companies. We examine the main characteristics for structuring and designing a supply chain and their implications for levels of vulnerabilities. We illustrate four different supply chain scenarios, briefly reviewing existing best practices of well-known companies in the supply chain arena. A description of proactive and reactive supply chain risk management follows. We describe how a proactive approach provides the feedback connection with the origin of supply chain design. In the Appendix, we present our research methodology.

2-Dynamic supply chain design: The origin and the end

Companies adopt supply chains based on an industry’s idiosyncrasies. A deep understanding of why supply chains are designed in a given way helps managers identify vulnerabilities and implement risk mitigation measures. This leads us to the con- cept of supply chain resilience by design. That is, companies should design and build their supply chains not only with the objective of optimizing operational procedures, but also with the goal of achieving resilience.

The way in which a supply chain is designed to tackle both market and industry mandates efficiently has important implications for dealing with potential supply chain risks. Once companies envision their target market strategically, they must consider the particular design of the supply chain and take into account two main characteristics: the supply chain scope (local or global) and competitive priorities (responsiveness or cost-reduction). At this stage, it is important to understand the vulnerabilities that such a type of supply chain implies, both from internal and external sources. This knowledge can help to design and achieve a resilient supply chain dynamically adapted to respond to unexpected changes and anticipated disruptions by continuous monitoring and an understanding of its vulnerabilities. Figure 1 illustrates the dynamics of this framework and shows how the proactive mitigation approach creates a closed-loop process. This process ensures that the supply chain is protected by inherently resilient capabilities and prepares the reactive tools for deployment in the event of a disruption.

In Sections 2.12.2, we develop each of the constitutive elements of this framework.

2.1-Supply chain competitive priorities: Cost reduction versus responsiveness

The first step in building supply chain resilience is determining whether the company’s supply chain is cost-oriented or based on market responsiveness.

The cost reduction-oriented approach means prioritizing supply chain cost minimization above other objectives. Examples of these types of supply chains would include those from industry areas such as commodities, mining, or mature markets in which demand is relatively stable. When the order-to-delivery requirement is the top priority, responsiveness becomes the key strategic objective. Market-responsive businesses compete in terms of product customization, market segmentation, and demand modification (Waller, Dabhol- kar, & Gentry, 2000). Examples of industries that follow this competitive orientation include companies that offer high-service levels, as well as those operating in highly unpredictable demand markets and short lead-time markets. In the cost reduction- oriented case, business channels are driven by the final price, which requires a low-cost supply chain.

In the responsiveness case, business channels demand a particular time-horizon delivery time, which requires a responsive and fast supply chain (Table 1).

A continuum of tradeoffs exists for competitive priorities between responsiveness and cost- reduction orientation since each of these approaches requires a distinctively different supply chain. These categories should not be viewed as dichotomous (i.e., one supply chain must fall into one group), but rather as a spectrum with two extreme strategic types as end points. Therefore, the key decisions in supply chain design lie in leveraging the most efficient source for cost and speed.

The following questions may help managers establish their supply chain priorities (Olavson, Lee, & DeNyse, 2010): What are the levels of customer responsiveness that we want to achieve in order to compete in certain sales channels? What are the financial goals of our business costs and market inventory in which we want to compete? However, depending on how the supply chain has been de- signed, companies have to face different intrinsic vulnerabilities (Park, Hong, & Roh, 2013). In the past decades, we have witnessed how sources of vulnerabilities within the supply chain–—internal vulnerability–—can bring disruptions to light in the normal flow of materials. Particularly, supply chain competitive priorities (responsiveness versus cost reduction) determine internal vulnerabilities within the supply chain, as represented in the exterior perimeter X-axis of Figure 2.

Internal vulnerability sources have to do with the degree of tightness of connections, or fit, between the various parts of the supply chain system. Al- though cost-reduction strategies are used to create more rigid and tightly coupled systems, there is also a loss of process flexibility. Such a loss propagates problems and implies increased tension and conflict along the supply chain. As a result, the more supply chains evolve toward a cost-reduction orientation, the less flexible the supply chain will be in response to non-planned operational changes, and thus have higher internal vulnerability. Conversely, a supply chain designed for offering a greater market response provides a higher and faster reaction capability and consequently less vulnerability.

2.2-Supply chain scope: Local versus global

Supply chain strategy decisions should be accompanied by a definition of the supply chain scope, which falls into one of two categories: local or global (see Table 2). More favorable agreements with local key suppliers or logistics service providers could encourage a faster, seamless supply chain. Other decisions require evaluating the impact on global operations from different sources of supply chain cost reductions, such as outsourcing certain manufacturing functions to nations with lower labor prices, which would favor a global supply chain. However, these decisions may bring significant levels of supply chain dependence on globalization not only from global supply, but also to global networks as a response to global demand. Moreover, due to the increasing complexity of the markets in which companies operate, global supply chains are more prone to larger threats and uncertainties than local supply chains (Hohenstein, Feisel, Hartman, & Giunipero, 2015). As companies expand their operations and value networks globally, the external environment also threatens companies’ usual performances. Political upheavals, regulatory compliance mandates, increasing economic uncertainty, rapid changes in technology, diverse customer expectations, constraints in access to capacity, and natural disasters are examples of such external vulnerabilities. Figure 2 depicts external vulnerabilities in the Y-axis related to the supply chain feature of global scope. External vulnerabilities cannot be reduced generally since they are not under the control of the supply chain manager or other such functional man- agers. External vulnerabilities are directly related to the degree of global operations within a supply chain. We recognize three categories of external vulnerabilities: hazards (fire, floods, hurricanes, earthquakes, or tsunamis), market forces (sudden demand change, price collapse, or competition), and economic or social forces (recession, labor instability, political events, or currency devaluation, among others).

2.3-Supply chain vulnerabilities: Internal versus external

According to the abovementioned view, global supply chains face global risks due to dynamic and volatile environments (changes in the economic, social, and labor markets, or in political contexts). Even though such supply chains benefit from global outsourcing, distance and cultural differences (which also makes them more vulnerable) may make them harder to control. According to the results of the MIT Scale Network study (see Appendix), the patterns of internal versus external vulnerability vary significantly between world regions. Figure 2 shows how internal sources of vulnerability play a variety of roles in different world regions such as, for instance, the degree of impact from raw material supplier failures in Asia compared with Europe.

In general, we conclude that although internal vulnerabilities occur more frequently than external vulnerabilities, the impacts are lower. This implies that supply chains should deploy different vulnerability monitoring mechanisms depending on the world region in which the company operates, keeping in mind that such mechanisms are not equally efficient in all regions.

2.4-Supply chain portfolio

Having determined the supply chain scope as well as its competitive priorities, we suggest managers integrate these two design characteristics into a matrix to identify the right design for every supply chain, such as one described in Figure 2. The four cells of the matrix represent the four possible combinations of supply chain scope and competitive priorities represented in four quadrants.

2.4.1-Responsive and global supply chains

Supply chains designed for high-value products im- ply that stockouts are expensive, and consequently, service levels should be more favorable to a respon- sive supply One of the most widely studied companies using this type of strategy is Hewlett Packard (HP); its global postponement strategy al- lowed it to optimize resources and gain subsequent competitive advantages. Other companies such as Airbus devote entire business units to providing continuous, fast maintenance and support services, which requires a global supply chain network that is ready to offer immediate service when a plane is in need of technical on-site assistance. Tesla, the electric car manufacturing company, can also be framed in Quadrant A as it builds highly customiz- able vehicles that rely on a global supply chain.

These are examples of global companies that can easily mitigate internal vulnerabilities using flexible inventory and agile responsiveness and thus have become more resilient (Christopher & Holweg, 2011).

2.4.2-Cost reduction and global supply chains

This type of supply chain typically includes high levels of standardized components required by simpler products manufactured or assembled in low-cost factories that have a clear cost-reduction orientation for their supply One example of such a company is the well-known, low-priced fashion retailer Primark, which uses suppliers spread around the world. Its business strategy, based on a lean global tight network operation, makes it more vulnerable to disruptions, especially since external vulnerabilities can be accentuated by internal vulnerabilities. Such was the case when a devastating fire broke out at a Bangladeshi factory in 2013, killing more than 1,000 people and causing supply chain disruption and reputational damage for Pri- mark and other retailers such as Walmart and Sears. These companies, looking for cost minimization, lost control of their supply chains and did not acknowledge having sub-tier suppliers in the collapsed factory (Sheffi, 2015).

2.4.3-Cost reduction and local supply chains

We can use the local scope analysis to identify examples of how competitive priorities and scope factors can have an impact in different For example, perishable food supply chains provide a good example of local and cost-reduction fea- tures. This type of chain is used by companies such as Mercadona, the giant Spanish food retailer that relies on local bakeries for its pastries and baked items. Recognizing that customers appreciate local markets, the company’s logistics operation supposes a higher percentage of the final product price, which requires minimal costs. In this case, the local scope of the suppliers allows Mercadona to also minimize the scope of potential internal vulnerability.

2.4.4-Responsive and local supply chains

Companies that provide products with long shelf lives can opt to use different supply chain strategies with remote Whirlpool and its household appliances are centrally located in regional ware- houses in order to reduce order-to-delivery time (Alsop, 2010). In this case, the supply chain derives its speed from storing inventory close to customers and from shipping by air from a dispersed manufacturers’ network at a high-cost premium. These types of options for supply chain design afford lower levels of vulnerability, as companies can react quickly both in terms of geographical scope and operation flexibility in the event of a disruption.

However, in a complex environment, some companies do not fit into a single category, and it is hard to find a one-size-fits-all scheme. Some companies develop a supply chain portfolio depending on different markets or products they want to deploy. Take, for example, the case of retailer Zara, whose supply chains could be easily separated: one for basic garments and one for trendy clothing. Basic garments, like white T-shirts, are slow-moving items, with a stable and predictable demand that makes them suitable to outsource from distant global suppliers who aim to minimize costs (Quadrant B in Figure 2). However, Zara also represents trendy, fast-moving items that offer high variety at a cost of demand uncertainty, and thus requires a responsive strategy that depends on close European suppliers and fast reaction to unexpected demand changes (Quadrant D in Figure 2) (Chopra & Sodhi, 2014).

Starbucks is another company in which we can see two very distinct supply chains. In the U.S., unroasted coffee beans are supplied globally from Africa, Asia, and Latin America in ocean containers according to the company’s Coffee Sourcing Guidelines (CSG) and CAFE guidelines (Coffee And Farmer Equity). Coffee producers are approved as suppliers and meet all of Starbuck’s requirements for a green and sustainable supply chain (Quadrant A, Figure 2). On the other hand, freshly packaged savory food and sweets, dairy products, and beverage items are supplied locally because of their perishability, quality, and local taste (Quadrant C, Figure 2). Chipotle, on the other hand, mostly relies on local farmers to supply the restaurant needs of fresh products such as tomatoes or lettuce, which are then prepared in the kitchens.

In summary, globally dispersed companies are often under pressure to minimize costs while man- aging supply chain operations that are stretched across multiple countries. Opportunities for achieving higher levels of efficiency through price reduction versus responsiveness, and global versus local, are not without cost. Although efficiency helps to smooth supply chain operations, it might also open new sources of vulnerability if disruptions occur. Thus, understanding how the design of each type of supply chain determines its level of vulnerability becomes important. Moreover, this knowledge will also help managers recognize the need for alignment with comprehensive risk management approaches, as we will examine in the next section.

3- Aligning supply chain design and risk management for boosting resilience

The current turbulent environment and complex global value networks demonstrate that vulnerability should be carefully considered along with supply chain scope and competitive priority (Hohenstein et al., 2015). Taking into consideration the frame- work based on the matrix described in the previous section, managers working to achieve optimal efficiency in global supply chains must skillfully integrate the relationship between supply chain portfolios, the vulnerabilities it may face, and supply chain risk management.

A study of the scope of different supply chains, as well as competitive priorities and vulnerabilities, enabled us to devise various approaches to supply chain risk management and identify the best match of design requirements for managing disruption. We propose the use of two risk management approaches working in tandem in developing supply chain resilience, depicted in Figure 4, which complements and further develops Figure 1.

3.1-Proactivity through the supply chain design

In the first approach, companies should anticipate their actions to mitigate risks starting at product and process conception. Proactivity is achieved through the design of the product, the supply chain, and awareness of all risk components at each step to monitor resilience. Interactivity of these three components ensures that both products and supply chains are ‘de-risked.’ New product developers and designers embark on collaborative cross-functional activities to mitigate risks in terms of components, equipment, manufacturing sites, processes, and external services. Supply chain engineers work with technicians and analysts from manufacturing and purchasing functions, as well as in inter- organizational teams, collaborating upstream with key suppliers, downstream with vendors, and connecting nodes with logistics service providers providing flexibility to the network (Saenz & Revilla, 2014). This means not only designing the initial supply chain, but also dynamically redesigning it to mitigate the consequences of a particular disruption and help in post-disaster recovery. Such a design process implies transitioning between the four supply chain modification quadrants presented in Figure 3 to establish a dynamic network that can quickly change under adverse circumstances and is thus resilient by design.

Cisco is a company that has successfully learned, albeit the hard way, how to integrate a supply chain design and supply chain risk management in which proactive capabilities are continuously deployed (Saenz & Revilla, 2014). Cisco integrates risk awareness while innovating its product and supply chain. The company identifies product components with risk qualifications that are outside established tolerances in an effort to de-risk its supply chain. To monitor resilience, Cisco also uses an index to assess time-to-recover (TTR) for all capabilities, both while designing the supply chain and when confronting a particular disruption. The company also realized the importance of proactively analyz- ing cultural issues when managing risks. Such issues were treated as critically important when Cisco deployed its supply chain risk management in the face of the Japanese tsunami (Park et al., 2013). In regards to cultural considerations, some research has proposed learning about country idiosyncrasies as a proactive risk prevention and mitigation measure. A corporate crisis in China, for example, requires a clear a priori understanding of the unique Chinese conjuncture in terms of partnerships or relationships with key stakeholders, as well as in institutional contexts (Yang & Jiang, 2015).

3.2-Reactive by deployment

In the second approach, we elaborate on how companies can face disruption by being reactive by deployment, which complements the previous approach. Reactive supply chain risk management practices, through incident management and business continuity management plans, are limited to respond only in the event of a disruption. With such management, companies can anticipate disruptions by monitoring the impact of events on the company’s supply chain. Reactive business continuity measures enable supply chain analysts to solve contingencies as they emerge, activating cross- functional response teams tailored to the nature and impact of the problem (Saenz & Revilla, 2014). These teams, using the different sensors and signals implemented during the product and supply chain design, map critical product components and net- work nodes, and subsequently monitor and audit for business continuity. Effective risk management is implemented (Figure 4) only when the two approaches–—proactive by design and reactive by deployment–—are well coupled.

Many companies use different approaches. Regarding reactive risk mitigation practices, when dealing with disruptions caused by product recall, quality, or safety issues, some companies have experimented with the creation of regulatory fits in their communications. However, Avnet and Laufer (2015) found that this practice can be counterproductive, amplifying the negative effect of the disruption.

Many companies, such as Unilever or Schneider Electrics, have implemented control towers that, among other functions, increase visibility and detect any potential disruption in daily operations (Sheffi, 2001). Business continuity management provides an outline response of the specific plans that need to be followed in order to recover from a given disruption and maintain operations at a normal level (Duncan, Yeager, Rucks, & Ginter, 2011). In the implementation of its business continuity plan, Starbucks identifies signals of potential disruptions and implements, if needed, re- active mitigation measures through centers of excellence that are customized depending on the nature of the disruption (Bradley, 2014; Sheffi, 2015). Business continuity plans have proven to be critical when it comes to dealing with major disruptions. Procter & Gamble (P&G) set a best practice example with its response during and after Hurricane Katrina, managing to quickly restore operations and clearly prioritize workers’ safety. This effective operation during such a disastrous disruption was possibly due to a combination of proactive and reactive mitigation tools (Sheffi, 2015).

3.3-The dynamics of building supply chain resilience

When the threat of supply chain disruption occurs, senior managers need to combine the available risk management infrastructures in terms of dedicated information, resources, and human decision making. Managers also need to synergistically deploy the ability to reconfigure existing resources in a dynamic manner, such as procedures for monitoring the flow of goods along the overall supply chain and the reprioritization of workflows, quickly acquiring new resources if necessary (Ambulkar, Blackhurst, & Grawe, 2015). Nevertheless, in order to be efficient, both supply chain risk management approaches, reactive and proactive, must be nourished to maintain continuous dynamic awareness and learn from big or small disruptions to enhance current mitigation practices and train personnel.

The dynamics developed to reach resilience can clearly be understood when we think of global disruptions such as those associated with the economic recession. For example, Whirlpool was aware of its vulnerabilities and made strategic decisions on designing and restructuring its supply chains, moving from Quadrant B to D (see Figure 3) in order to reduce exposure to internal and external vulnerabilities (Alsop, 2010). Because of the housing cri- sis, the company faced a collapse of the household appliances market. Simultaneously, it also faced internal vulnerabilities from operational contingencies, such as the closure of a number of production facilities, which required the company to furlough workers. However, Whirlpool continued to serve the market, deploying a reactive risk management approach while facing these particular disruptions. To manage this increase in vulnerability, the company decided to enhance both efficiency and resilience, focusing on its responsiveness capacity. The company proactively redesigned its supply chain by consolidating product brands all over the world and increasing the use of standardized components. “Now you might have only 4 different controls for 20 different (washer) models,” said the Vice Presi- dent of Supply Chain at Whirlpool Corp (Sheffi, 2015, p. 171). By consolidating its inventory into warehouses located within a day’s drive of one another, the company reduced logistics costs in the North American region by 12%, while cutting delivery time to customers by more than 5 days (Alsop, 2010).

Amazon has also adapted its supply chain to respond to the highly dynamic market in which it operates, creating new distribution centers close to the biggest cities to satisfy immediate demand with a time delivery of just a few hours. This new model has been expanded to Madrid and London, as well as to other European cities. Amazon is a great example for illustrating the importance of supply chain redesign for building resilience, as it is transitioning in a continuum along the several quadrants of Figure 3.

Chipotle is another example of a company implementing a dynamic approach to its supply chain risk management, moving from Quadrant C to B in Figure 3. Since late 2015, due to a lack of quality control in individual facilities, the company had out- breaks of E. coli and norovirus related to its local food suppliers. Hundreds of people were affected, which led to a drop in sales in 3 consecutive quarters (Oyedele, 2016). As a result, Chipotle has been exploring new ways to redesign its supply chain to minimize food safety-related risks with more global suppliers while maintaining its differentiating essence. This implied that they had to face additional global uncertainties (Berfield, 2015).

There are other examples that   illustrate how the redesign of the distribution network–— transitioning from lower to higher quadrants as shown in Figure 3–—can create resilience, taking advantage of a global network by moving operations to regions where external vulnerabilities are under control. Consider, for example, the 2010 volcano eruption in Iceland, which caused a major global disruption with the closure of European air space for several days. FedEx’s European hubs, located in Cologne, Frankfurt, Paris, and Stansted, were all closed, as well as any alternatives. As a consequence, FedEx’s operations came to a halt for 5 days. In contrast, TNT suffered almost no disruption as it immediately switched air hubs from northern Europe to Spain, and transferred its air-freight transportation to road transportation in central and northern Europe (Sheffi, 2015). During this same disruption, a Japanese Nissan plant saw an impact in the production of three car models because a critical component produced in Ireland could not be delivered (Graf & John, 2010). BMW, however, quickly reacted to the same disruption, finding alternative ways to transport transmission components from Europe to its North American factories (Sheffi, 2015).

More recently, the financial collapse of ocean cargo company Hanjin has again tested companies that rely on global supply chains. As containers piled up at both ends of Hanjin’s routes, companies such as Walmart, Target, and J.C. Penney had to manage with their lack of available stock, and were not ready for the holiday shopping season. Because of these difficulties, Hanjin had to dynamically reconfigure its network, redesigning routes and avoiding the ports that were highly affected, even transferring goods to alternative global cargo companies. However, a situation such as Hanji’s also signaled the beginning of a disruption, be- cause shipping rates increased as a direct result of a reduction in the overall worldwide shipping capacity.

4-Fostering supply chain resilience

Although recent research streams have attempted to find a universal supply chain risk and disruption management practice, our own theoretical and empirical research confirms that this universality is not possible. Successful global organizations have built a key attribute in today’s economy, creating resilience by focusing on risk-management practices, as well as integrating the idea of resilience from initial conceptualization of a product and its supply chain, thereby integrating the risk awareness into a single design process. In this regard, successful supply chain risk-mitigation management practices can balance proactive mitigation capabilities with reactive capabilities that require customization of the deployment within the supply chain design in the face of a disruptive incident. Our proposed framework might serve as the skeleton for supporting executive directors in the deployment of resilience in a dynamic manner. Companies should first be aware of the nature of their supply chain and understand its vulnerabilities before attempting to design a risk management plan.