Jan Husdal Mitip 2009

MITIP 2009, 15-16 October, Bergamo

FROM RISKS SUPPLY CHAINS TO RISKS IN VIRTUAL ENTERPRISE NETWORKS: IDEAS, CONCEPTS AND A FRAMEWORK Jan HUSDAL Møreforsking Molde / Molde Research Institute Britv 4, 6411, Molde Norway E-mail: [email protected]

Abstract: Is managing risks in Virtual Enterprise Networks different from managing risks in supply chains? It is not unusual for suppliers in a supply chain to come together and act as a Virtual Enterprise Network (VEN) and today’s supply chains exhibit many VEN-like features. Looking at VEN risk management from the perspective of supply chain risk management, current ideas on VENs will serve as a base onto which ideas on supply chain risk will be transposed. Many concepts related to supply chain risk will be explored and related to their possible VEN counterparts: risk, vulnerability, robustness, flexibility, resilience and business continuity. Conceptual in its approach and drawing from other areas of research, this paper introduces four distinct groups of VENS, namely Constrained, Directed, Limited and Free VEN, and concludes that VEN risk management can and should learn from supply chain risk management.

Keywords: Virtual enterprise network, supply chain, risk, vulnerability, resilience.

1. INTRODUCTION Traditional enterprises can enter into various forms of cooperation without necessarily establishing what is called a VEN [26]. Already more than 15 years ago the shape of today’s virtual enterprise networks began to emerge [25]. In the late 1980s the term ‘virtual corporation’ began to appear for the first time, referring to invisible or virtual links between companies in the form of information and communication technology [3], [4], [9], [12]. The definitions and descriptions of virtual enterprises vary [8], ranging from with the purpose of a VEN [13], to primarily management and structure [2]. Others again deviate from ICT as the binding glue of a virtual corporation and focus on the organizational and cooperational characteristics of a VEN [30]. A VEN is a time-limited structure; it has a set life-cycle., i.e. the duration of a project or business opportunity in which the participating enterprises partake [29]. This life cycle perspective poses certain challenges in how to manage VENs [18], [19], [31] and risks in a VEN [10], [23], since the risks may change from project to project or opportunity to opportunity.

2. A VEN CLASSIFICATION SCHEME A VEN is a network of a number of member enterprises and their individual competencies. These two dimensions, number of members, and individual competencies or skills can be used to set up a classification scheme for VENs: In a constrained VEN there are only few members with few skills which the VEN has to depend on, it is therefore constrained in its scope. A VEN with many members, but with a small collective skill set can be seen as a limited VEN, because of few types of although many business opportunities it can engage in. A VEN with few members, but with a wide range of individual skills can be seen as a directed VEN since it is highly dependent on or directed towards these members when seeking business opportunities. The ideal or free VEN is a VEN that has many members with a wide range of collective skills.

Figure 1: A VEN classification scheme

3. FROM SUPPLY CHAIN RISK TO VEN RISK Risk is an ambiguous concept and there are many definitions of risk, depending on their specific application and on their situational context. To understand risks in a VEN it is necessary to first look at the basics of risk and risk management [10], [11], [16], apply it to supply chains [5], [6], [15], [16], [24], [25], and then transfer it to VENs. Abstract submitted to MITIP2009, stream: Supply Chain Risk Management, topic: Enterprise Risk Management

MITIP 2009, 15-16 October, Bergamo

While it is possible to take the views in [5], [6] into a VEN, one of the difficulties in transferring points of views from the realm of supply chains to the realm of VENs is that a supply chain is a directed system with a finite number of individual members, while a VEN is a fleeting entity with a dynamic shape, constantly changing according to the needs of the business opportunities. The perspective employed by [15] is probably the one best transferrable to a VEN setting: 1) Organizational risks that are internal to the VEN members and the customers in the business opportunity, 2) Network risks that relate to the overall processes in the business opportunity, starting with the VEN members and ending with the customer, and 3) Environmental risks outside of the structure of VEN – Customer – Business Opportunity.

4. STRATEGIES FOR MANAGING VEN RISKS In the recent literature, several “buzzwords” have been linked to supply chain risk and disruption management in various ways, among which are robustness, flexibility, agility and resilience [1], [20], [21], [22], [27]. These concepts need to be explained both from a supply chain perspective as well as a VEN perspective. Flexibility or agility, robustness and resilience are different sides of the same coin, yet at the same time distinctively different animals.

5. VEN RISK AND VULNERABILITY Taking into account the views in [5], [6], [7], along with the views in [14], [15] and [22], we can now construct a framework for risk and vulnerability in a VENs as below, showing how the vulnerability of a VEN is determined by its structural and organizational characteristics, analogous to the framework for risk and vulnerability in supply chains used in [14]. On one side, the VEN is subject to certain potential disruptions, coming from a set of risk sources. On the other side, the VEN has certain characteristics, which make up the VEN vulnerability.

Figure 2: A framework for analyzing VEN Risk and Vulnerability

The risk side is divided into four risk categories: 1) supply-side risk, 2) operational risks, 3) demand-side risks and 4) external risks. The vulnerability side is divided into two: 1) structural and 2) organizational characteristics. The term structural refers first and foremost to the four categories of VEN, while the term organizational refers to the VEN-internal preparedness, with management and information technology as the binding force between structure and organization. These two elements, structure and organization, determine the degree of adaptability or the capacity the VEN possesses for dealing with or handling disruptions that might occur.

6. CONCLUSION This paper attempts to interface supply chain perspectives with VEN perspectives, showing how risks management in supply chains can apply to risk management in VENs. The discussion is kept at an executive level, and in a pondering manner seeking to give strategic advice on the intersection of two much related research areas. In conclusion it must be said that a VEN is a business entity, not a supply chain. Supply chains are competitive, VENs are collaborative. Approaching VENs from a supply chain perspective can assist in defining the risks and challenges a VEN faces and how to manage them, particularly since many of the traditional supply chain risks stem from a lack of collaboration and visibility, the hallmarks of VENs, making a VEN perhaps the ideal setup for supply chains and making supply chain risk management practices a fertile ground for researching VEN risk management.

Abstract submitted to MITIP2009, stream: Supply Chain Risk Management, topic: Enterprise Risk Management

MITIP 2009, 15-16 October, Bergamo

7. REFERENCES [1] Asbjørnslett, B. (2008). Assessing the Vulnerability of Supply Chains. In G. A. Zsidisin & B. Ritchie (Eds.), Supply Chain Risk: A Handbook of Assessment, Management and Performance. New York: Springer. [2] Bickhoff, N., Böhmer, C., Eilenberger, G., Hansmann, K.-W., Niggemann, M., Ringle, C., et al. (2003). Mit Virtuellen Unternhemen zum Erfolg - Ein Quick-Check für Manager. Berlin: Springer. [3] Byrne, J. A. (1993, February 8). The Virtual Corporation. Business Week. [4] Child, J., Faulkner, D., & Tallman, S. B. (2005). Cooperative Strategy. Oxford: Oxford University Press. [5] Christopher, M., & Peck, H. (2004). Building the resilient supply chain. International Journal of Logistics Management, 15(2). [6] Christopher, M. (2005). Managing risk in the supply chain. In Logistics and Supply Chain Management (3rd ed., pp. 231-258). Harlow: Prentice Hall. [7] Craighead, C. W., Blackhurst, J., Rungtusanatham, M. J., & Handfield, R. B. (2007). The Severity of Supply Chain Disruptions: Design Characteristics and Mitigation Capabilities. Decision Sciences, 38(1), 131-156. [8] Cunha, M. M. & Putnik, G. (2006). Agile Virtual Enterprises: Implementation and Management Support. Hershey: Idea Group Publishing. [9] Dawidow, W. H., & Malone, M. S. (1993). The Virtual Corporation. New York: HarperBusiness. [10] De Loach, J. W. (2000). Enterprise-wide Risk Management: Strategies for linking risk and opportunity. London: Financial Times/Prentice Hall. [11] Dorfman, M. S. (2002). Risk Management. In Introduction to Risk Management and Insurance (pp. 43-61). Upper Saddle River: Prentice Hall. [12] Goldman, S. L., Nagel, R. N., & Preis, K. (1995). Agile Competitors and Virtual Organizations - Strategies for Enriching the Customer. New York: Van Nostrand Reinhold. [13] Goranson, T. (1999). The Agile Virtual Enterprise. Westport, CT: Quorum Books. [14] Husdal, J. (2009). Does location matter? Supply chain disruptions in sparse transportation networks. Paper presented at the TRB Annual Meeting, Washington, DC. [15] Jütner, U., Peck, H., & Christopher, M. (2003). Supply Chain Risk Management: Outlining an Agenda for Future Research. International Journal of Logistics: Research and Applications, 6(4), 197-210. [16] Kajüter, P. (2003). Risk Management in Supply Chains. In S. Seuring, M. Müller, M. Goldbach & U. Schneidewind (Eds.), Strategy and Organization in Supply Chains. Heidelberg: Physica. [17] Kaplan, S. (1997). The words of risk analysis. Risk Analysis, 17(4), 407-417. [18] Katzy, B. R., & Dissel, M. (2001). A toolset for building the virtual enterprise. Journal of Intelligent Manufacturing, 12(2), 121-131. [19] Kupke, S. & Lattemann, C. (2007). The strategic virtual corporation: bridging the experience gap. International Journal of Web Based Communities, 3(1), 4-15. [20] Lee, H. L. (2004). The Triple-A Supply Chain. Harvard Business Review, 82(10), 102-112. [21] Lummus, R. R., Duclos, L. K., & Vokurka, R. J. (2003). Supply Chain Flexibility: Building a New Model. Global Journal of Flexible Systems Management, 4(4), 1-13. [22] Mc Manus, S., Seville, E., Brunsdon, D., & Vargo, J. (2007). Resilience Management: A Framework for Assessing and Improving the Resilience of Organisations (No. 2007/01). Christchurch, New Zealand: Resilient Organisations. [23] O'Hehir, M. (2007). What is business continuity planning (BCP) stratetgy? In A. Hiles (Ed.), The Definitive Handbook of Business Continuity Management (pp. 27-46). Chichester: John Wiley & Sons. [24] Paulsson, U. (2007). On Managing Disruption Risks in the Supply Chain - the DRISC Model. Unpublished PhD dissertation, Lund University, Lund, Sweden. [25] Peck, H. (2005). Drivers of supply chain vulnerability: an integrated framework. International Journal of Physical Distribution & Logistics Management, 35(3/4), 210-229. [26] Sengupta, S. (2008). A Plan for Building a New Supply Chain. Supply Chain Management Review, 12(1), 46-52. [27] Sheffi, Y. (2005). The Resilient Enterprise - Overcoming Vulnerability for Competitive Advantage. Cambridge: MIT Press. st [28] Snow, C. S., Miles, R. E., Coleman, H. J. & Henry, H. J. (1992). Managing 21 Century Network Organizations. Organizational Dynamics, 20(3), 5-21 [29] Solvang, W. D. (2001). Architecture for supply chain analysis and methodology for quantitative measurement of supply chain flexibility. Unpublished PhD Dissertation, NTNU, Trondheim, Norway. [30] Thompson, K. (2008). The Networked Enterprise. Tampa: Meghan-Kiffer Press. [31] Walters, D. (2004). A Business Model for Managing the Virtual Enterprise. In L. M. Camarinha-Matos (Ed.), Virtual Enterprises and Collaborative Networks (pp. 273-280). Boston: Springer.

Abstract submitted to MITIP2009, stream: Supply Chain Risk Management, topic: Enterprise Risk Management