The Emerald Research Register for this journal is available at The current issue and full text archive
ext archive of this journal is available at
www.emeraldinsight.com/researchregister
IJPDLM
35,4
210
Received August 2003
Revised December 2004
Accepted February 2005
International Journal of Physical
Distribution & Logistics Management
Vol. 35 No. 4, 2005
pp. 210-232
q Emerald Group Publishing Limited
0960-0035
DOI 10.1108/09600030510599904
www.emeraldinsight.com/0960-0035.htm
Drivers of supply chain
vulnerability: an integrated
framework
Helen Peck
The Resilience Centre, Cranfield University, Cranfield, UK, and
The Royal Military College of Science, Shrivenham, UK
Abstract
Purpose This paper aims to report on findings of a cross-sector empirical study of the sources and
drivers of supply chain vulnerability.
Design/methodology/approach The research was undertaken in accordance with the realist
tradition. It begins with a descriptive exploratory stage involving an in-depth exploratory case study
of aerospace industry supply chains, validated through in-depth interviews with managers
representing other critical sectors of the UK economy. This is followed by an explanatory theoretical
stage. The work is supported throughout with reference to relevant literature sources.
Findings The findings highlight the absence of any widespread understanding of the scope of and
dynamic nature of the problem, which should be considered from multiple perspectives and at four
levels of analysis: value stream/product or process; asset and infrastructure dependencies;
organisations and inter-organisational networks; and social and natural environment.
Research limitations/implications The paper is normative rather than positive, so focuses on
understanding why supply chains are vulnerable to disruption, rather than presenting itself as a
prescription for management. The paper does not investigate academic definitions or existing
taxonomies of risk.
Practical implications The work provides some useful insights for practising managers and
policy makers.
Originality/value The paper reports on empirical research, then draws as appropriate on network
theory and complex systems perspectives to produce a conceptual model of a supply chain as in
interactive adaptive system.
Keywords Supply chain management, Risk management, United Kingdom
Paper type Research paper
Introduction
Supply chain vulnerability is a relatively new and unexplored area of management
research, though one that is in the ascendancy (Svensson, 2002). In the UK, the economic
impact of fuel protests in 2000, followed by the outbreak of Foot and Mouth Disease
early the following year, focused the minds of policy makers on the need to understand
more about the vulnerability of commercial supply chains. As a result, the UK
Government commissioned a programme of research, sponsored by the Department for
Transport to investigate the phenomena. The ultimate aim of the research is to provide
the insight by which to improve the resilience of the nations supply chain networks.
This paper draws on the findings of a significant portion of the work.
The term supply chain can be interpreted in many ways, but is defined here in its
broadest sense, as the network of organisations that are involved, through upstream
and downstream linkages, in the different processes and activities that produce value Drivers of
in the form of products and services in the hands of the ultimate consumer supply chain
(Christopher, 1998). The work involves an exploratory, empirically grounded, study of
supply chain risk and resilience, so common usage dictionary-based definitions were vulnerability
adopted for other key terms. Academic definitions of risk and resilience were
purposefully avoided because grounded research of this sort necessarily begins with
lay definitions before moving to technical descriptions (Blaikie, 1993). The term risk 211
is therefore used here in the sense that something a product, process, organisation
etc. is at risk i.e. vulnerable; likely to be lost or damaged (Collins English
Dictionary, 2000). Resilience is defined as the ability of a system to return to its
original [or desired] state after being disturbed. The definition is rooted in ecology (the
study of the relationships between living organisms and their environment) and was
adopted because it sits comfortably with the view of supply chains as interacting
networks. The notion of flexibility is inherent in the definition and, given that the
desired state may be different from the original, adaptability is also implied.

Methodology
The research presented here was undertaken in accordance with the realist tradition
(Bhasker, 1979; Blaikie, 1993), beginning with a descriptive exploratory stage using
empirical data. This is followed by an explanatory theoretical stage involving the
construction of hypothetical models, to produce a rational explanation of the patterns
found in the empirical study. Further research is then advised to check critically what
is thought to be known. The intertwined literature review presented in this paper
represents part of this latter phase.
The core of the research was an in-depth exploratory case study of commercial
supply chains engaged in the manufacture and assembly of high performance military
aircraft (Haywood, 2002). The case method was used because it is recommended for
studies of contemporary phenomena in real-life contexts (Yin, 1989), and in particular
for exploratory research into industrial networks (Easton, 1995).
The context for the case procurement and production of military aircraft
represents an extreme risk environment, with national security as well as commercial
sensitivities, which pre-9/11 had been inaccessible to the research team. It is a
commercial environment characterised by extreme levels of technological, financial,
product safety and political risk. As such it met the criteria set by Yin for a single case
study i.e. it represented a unique, extreme or revelatory situation.
Few grounded studies of supply chain risk/vulnerability have been published to
date. Those that have tend to follow the design of more general supply chain
management research, constraining the scope of the problem by adopting either a
vertical or horizontal design. Horizontal studies usually examine a given issue either
within the bounds of a single firm or between a focal firm and adjacent organisations.
These would typically survey perceptions of supply chain related risk in an
organisations purchasing department or its first tier supplier base (e.g. Svensson,
2000, 2001, 2002). In contrast, vertical studies (e.g. Harland and Brenchley, 2001) are
likely to involve the mapping and analysis of one or more representative product
lines or value streams through a series of consecutive activities and/or organisations.
While both approaches have yielded useful insights, it was felt that there was a danger
that designs of this sort may reduce the scope of the research to the point where the
IJPDLM very phenomena that could be undermining resilience may be excluded. Consequently
35,4 this research used a design that was both horizontal and vertical in scope.
To guide the researcher and ensure the reliability of the research and its viability
as the basis for further work careful consideration was given to data collection
methods and handling procedures (see case study protocol in the Appendix, Figure A1).
Data collection involved semi-structured interviews with 47 managers, representing
212 five tiers of the network involved in the production of four distinct aircraft types.
Interviewees were selected using snowball sampling (Jankowicz, 1995). The managers
concerned performed a range of supply chain management related roles, as shown in
Table I. They were drawn from across the aircraft programs (product lines/families) of
the prime contractor (the assembler), its first- and second-tier suppliers, industry
associations including one representing small and medium sized enterprises and
customers in the UK Ministry of Defence.
Among the issues each manager was invited to discuss was: What are the sources
or consequences of risks affecting your supply chain?. Owing to commercial
sensitivities, interviews were conducted on a one-to-one basis with assurances given to
informants that their anonymity would be protected. Where possible the interviews
were supplemented by archival evidence and published sources. The conversations
were recorded with the interviewees permission. The tapes were later transcribed and
summarised for analysis using thematic coding. In many instances verbatim quotes
were retained to preserve their richness and meaning. The results of subsequent
analysis were validated through a return to the literature, academic peer and
practitioner reviews[1]. To ascertain whether the findings were transferable to other
contexts (Lincoln and Guba, 1985) or simply industry-specific, two-hour long
interviews were conducted with 27 senior supply chain managers. The interviewees
were drawn from leading companies or public sector agencies with manufacturing,
distribution or retailing expertise in critical sectors of the UK economy (see Table II).
The findings of this latter phase of the research provided the impetus for the
development of a multi-level framework, which allows managers and policy makers to

Number of Number of Interviewee

interviewees organisations/business units roles/responsibilities

MoD (customer) 4 2 Supply chain management

Prime 31 8 Business development
contractor Programme management
Risk management
Supply chain management
Supply chain planning
Tier 1 suppliers 6 4 Business development
Managing director
Operations management
Supply chain management
Tier 2 suppliers 3 2 Supply chain management
Industry 3 2 National/regional association
associations representative
Table I. Total 47 18
Aerospace case study
interviewee profiles Source: Adapted from Haywood (2002)
 Number of
Drivers of
Number of organisations/ supply chain
Sector interviewees business units Interviewees roles/responsibilities vulnerability
Food and drink 5 2 Director of distribution
Business cont. manager
Supply chain strategy
Supply chain operations
213
Supply chain planning
Personal care and cleaning 3 2 Supply chain strategy
products Supply chain planning
Supply chain operations
Health care and 2 2 Process evaluation manager
pharmaceuticals Portfolio (purchasing) manager
Automotive spares 3 1 Purchasing manager
International distribution manager
Distribution operations manager
Electrical and electronics 1 1 Consultant
Oil and petrochemicals 8 2 Business continuity manager
Director of distribution
Supply chain business analysts
Change design leader
Supply chain integration
Sales and operations planning
Transport and logistics 4 3 Managing director
Distribution operations manager
Assistant director (policy)
International distribution manager
Packaging 5 1 Head of purchasing
Supply chain manager
European logistics manager
Vice president supply chain
Materials and inventory controller
OEM parts supply
Total 27a 10a Table II.
Critical sector validation
Note: a Some individuals and their organisations are active in more than one sector interviewee profiles

break out the issues of supply chain vulnerability in a relatively simple and structured
way. Given the desire to produce grounded research, an extensive literature review
followed rather than preceded the development of the framework. It draws on the
supply chain management literature and as Stock (1997) suggests, appropriate work
from related disciplines.
The usefulness and relevance of the framework has since been validated through focus
group discussions and workshops involving groups of practitioners drawn from the
defence industry, the armed forces, cross-sector commercial industry associations,
national emergency planning committees, and international humanitarian relief agencies.

Interim findings aerospace

Several clear themes emerged from the initial case study. First, when asked about the
sources of risk in their supply chains, the aerospace managers did not refer to specific
IJPDLM high profile events such as earthquakes or 9/11, nor did they refer to generic
35,4 taxonomies used by some academics, e.g. accidents, intentional acts or nature
(Helferich and Cook, 2002). Instead they referred to often unanticipated side-effects or
consequential risks to supply chain processes, arising from specific managerial
decisions, requirements or industry trends. Demands for shorter lead-times,
outsourcing and increasing use of global sourcing and supply, as well as off-set
214 (politically determined counter trade agreements) were among the legitimate and
well-intentioned measures identified by interviewees as sources of risk to supply chain
performance. The constraints imposed by the safety-critical nature of the products,
supply chain complexity and industry structure were also identified as contributory
factors:
An example of relationship risks, complexity and loyalty occurred with one of the Royal
Ordnance factories, which had supplied components to us for 50 years. They used to be
Ministry of Defence until they were privatised and [the prime contractor] bought them. Then
three years ago [the prime contractor] did a deal with the South Africans for aircraft and all
sorts of other stuff. Somewhere inside that deal was a deal to transfer the prime contractors
contracts to South Africa, which made this particular Royal Ordnance factory an unviable
proposition, so they shut it. Well of course buried in the factory, about 10 per cent of their
turnover probably, was this 50-year-old component supply business that was critical to us. The
prime was completely oblivious to this link and when we pointed the fact out, and that it would
disrupt our deliveries to them, they couldnt have been more surprised (Tier 1 supplier).

The network relationship risks get worse where supplier loyalty is divided. For example,
were buying a piece of equipment from a major US organisation and we are actually a very
small part of that particular area of business they have some pretty big US aerospace
customers as well you see. Its clear that theyre not very interested in the relationship and
consequently were having issues with kit in the field. Theyre not investing in the software
changes that need to be done and when they do make software changes it encompasses lots of
other customers changes as well, which has a knock on effect on how the kit works on the
aircraft (Customer, UK Ministry of Defence).
Second, interviewees frequently described how efforts to improve performance against
one measure (e.g. cost or quality) often inadvertently reduced performance and
increased risk associated with one or more of the others (e.g. schedule adherence or
relationship management):
An aero engine manufacturer had a requirement for repair work to a very old engine. This
material had to conform to their quality approvals, as did the original melt source. We had to
buy 20,000 of raw material, the minimum order quantity for the mill, just so the company
could have 100 components from us. In the end we made 500 for them, but it took four to six
months to do it all. Although there was something similar in use by another aero engine
manufacturer, they werent completely sure it would be right and they couldnt take the risk.
So paying the 20,000 became cheaper than doing the research into the compatibility of this
alternative source (Tier 2 supplier).
The collective impact of all these factors irregular demand patterns, measures
introduced to reduce costs, changes and upgrades to product specifications, customer
determined network reconfigurations meant that even the supply chains for
established products were characterised by high levels of uncertainty and constant
change[2].
Findings from cross-sector validation Drivers of
Managers from the other sectors studied were invited to consider the same questions supply chain
regarding the vulnerabilities and sources (or drivers) of risk affecting their own supply
chains. These interviewees readily offered opinions on when and why their supply vulnerability
chains (as they understood them) were most vulnerable. They also highlighted
problems of conflicting performance measures. For example:
215
There is no common language other than cost . . . I see evidence of this at least once a week,
particularly with material brought in from the Far East. Purchasers go for the lower unit
costs, which usually mean bigger order quantities, longer lead times, lower responsiveness
and worse customer service (Automotive parts manufacturer and 4th party logistics
company).
The practitioners also confirmed that higher-level strategic choices and many of the
other extraneous factors previously identified by aerospace managers were present
within their own sectors. With the exception of one industry (oil refining), interviewees
reported that their own supply chains were longer than ever before. All were becoming
leaner.
Furthermore, managers from each sector echoed the beliefs of their aerospace
industry counterparts, who claimed that their supply chains never reached a balanced
stable steady state, where mature products and information flowed through
optimised channels, supported by reliable systems, allowing inputs to be balanced with
demand:
Issues of supply chain maturity are poorly understood. The supply chains we support rarely
get the chance to mature into a mid-lifecycle steady state . . . 15 years after the [food
retailers] last network reorganisation, suppliers are still shaking out problems and dealing
with the successive shock waves (Transport and 4th party logistics company).
Changes in product specifications, continuous improvement initiatives, outsourcing,
internal network redesigns, IT upgrades, changing process technology, supplier
rationalisations and industry consolidations all contributed to the uncertainty of
operations:
Its when the supply chain is supposed to be in the established steady state that it is most
vulnerable, because thats the point when its most susceptible to external effects. Thats
when most people are trying to optimise and reduce control limits to reduce the variability of
the process, but external risks may have changed the original scenario...The model of supply
chain management in academia is one that we need to get away from, we need to think about
fuzzy limited time interlocking networks (Consultant, electronics manufacturing).
Ongoing regulatory changes and the practicalities of managing across different legal,
cultural and environmental settings made supply chain management a far more
complex set of activities than some felt was recognised elsewhere within their own
organisations[3]. The complexity of the task also left managers struggling to find
appropriate ways to tackle supply chain risk management:
We know supply chain vulnerability is important, we know that, but its such an amorphous
mass that we dont know how to break it down . . . we have to break it down so we can start to
deal with it (Manager, food and personal care products manufacturer).
IJPDLM The remaining sections of this paper address the problem of breaking down supply
35,4 chain risk into its constituent parts, without losing the contextual dynamic of cause
and effect.

Supply chain risk in a networked world

216 Some aspects of supply chain management, such as just in time (JIT), have been widely
researched, but the conceptual basis for supply chain risk in the sense that it is applied
here i.e. vulnerability is immature (Svensson, 2002). Academics striving to
improve conceptual clarity in the study of supply chain risk have latterly sought to
make distinctions between sources, drivers and outcomes or consequences of
risk (Juttner et al., 2003). However the managers interviewed for this research did not
make such distinctions. They responded with tales of cause and effect. In this respect
the findings concur with Zsidisin (2003). In his endeavor to establish a grounded
definition of supply risk Zsidisin also found risk to be perceived by practitioners as
a multi-dimensional construct.
The wider findings of this research suggest that the issues identified by the
practitioners interviewed are symptomatic of conflicts between the process-based
supply chain goals and performance measures and the realities of complex
inter-organisational networks.
In the supply chain management literature, writers take quite differing positions on
the most appropriate way to address supply chain risk. For example, Towill (1999)
focused on process design. He drew on the principles of cybernetics when identifying
the removal of complexity as a central pillar of supply chain (re)engineering and as an
explicit risk management objective.
Christopher and Lee (2001) acknowledge the inherent complexity of
inter-organisational supply chain networks, promoting the virtues of visibility,
velocity and control as key elements of risk management. They argue that greater
visibility and control improves quality and allows managers to make their supply
chains more responsive and manageable, thus preventing an undesirable accumulation
of slack in the form of inventory buffers or additional safety time built into logistics
lead-times. More specifically, Christopher and Lee advocated careful monitoring of the
supply chain for deviations from schedules or business plans to allow appropriate
parties to be alerted and corrective actions to be taken. In this sense risk management
has parallels to statistical process control and contemporary lean Six Sigma
methodologies (George, 2002).
Simons (1999) also favoured interactive control systems, which force managers to
engage in conversations about strategic uncertainties i.e. enforced cooperation,
visibility and awareness. However, Braithwaite and Hall (1999) pointed out that
inter-organisational networks are so complex that monitoring them is beyond the
capabilities of any single organisation and control is far from complete.

Drawing on systems theory

Braithwaite and Halls observations in turn reflect the central theme of a long-standing
debate within management science. In particular it represents a fault-line that
separates proponents of engineering-derived hard systems managerial approaches,
and those who argue the case for effectiveness based on open, social or soft systems
perspectives (Checkland, 1994). Checkland (1994, p. 80) makes the following intellectual Drivers of
distinction between the two:
supply chain
Hard systems thinking assumes that the world is a set of systems (i.e. is systemic) and that vulnerability
these can be systematically engineered to achieve objectives. In the soft tradition, the world is
assumed to be problematic, but it is also assumed that the process of inquiry into the
problematic situations that make up the world can be organised into a system.
The hard systems perspective advances with the action-orientated aim to improve
217
real-world problematic situations. The latter is a methodology for inquiry that strives
towards understanding of those situations and why they occur.
Systems thinking, in both guises, has made significant in-roads into organisational
theory, including the study of inter-organisational networks (Morel and Ramanujam,
1999). Soft systems views underpin the largely descriptive studies by members of the
International Marketing and Purchasing (IMP) Group (e.g. Hakansson and Snehota,
1989; Axelsson and Easton, 1992). The studies analyse the structures, processes and
interactions of markets-as-networks including industry and macro economic
governance forms (Williamson, 1985; Thorelli, 1986; Moller and Halinen, 1999). In
contrast, the managerially-oriented, normative organisations-as-networks
perspective found in much of the strategic management literature (e.g. Miles and
Snow, 1986; Byrne et al., 1993) errs in the direction of scientific management and the
hard systems view.
Supply chain management draws on both branches of systems theory (Naim et al.,
2003). However the emphasis on process (re)engineering and the search for optimised
(often technology-enabled) least-cost solutions, to predetermined goals, suggests that
the hard systems view remains the dominant paradigm. It is reflected in the prevalence
of positivist supply chain management research and a tendency to focus on solving
narrowly defined problems, as indicated by the gap between performance and
requirement, within what is often assumed to be a closed system or stable steady
state environment.
Other systems theorists working in branches of the natural sciences (e.g. von
Bertalanffy, 1973) and social sciences (Rittel and Webber, 1973) have long argued
against the reductionist tendencies of engineering and scientific management research.
They have urged researchers to adopt holistic, interdisciplinary perspectives
addressing problems in context. Together with more recent proponents of open
adaptive complex systems thinking, working in the fields of economics (Arthur et al.,
1997) and social policy (Allen, 1997), they reject the very idea that open systems
operate in an equilibrium steady state. By implication, they also reject the notion of a
universal optimised solution. The multiple choices available to each individual or
organisation within the system, together with the results of interactions with the wider
environment mean that predetermined solutions are always likely to fail. Taking this
line of logic into the supply chain arena, Demchak (1996) writing in the context of war
fighting and military logistics, made the same point.
Demchak (1996) argued that those promoting the vision of efficient and reliable
outcomes, through technology enabled monitoring and control, tend to overlook a wide
variety of organisational and environmental issues. Furthermore, she emphasises how,
under the lean paradigm, slack has become waste. Yet slack, in the form of physical
resources and particularly the specialist knowledge of individuals, is essential if
complex systems (engineered or organisational) are to remain effective. Without the
IJPDLM slack of redundant capability and capacity, supply chains struggle to cope with the
35,4 unpredictable effects of consequential problems.
Consequential problems or risks have no definitive solutions. They are by their
nature unknown before they emerge. Nevertheless, managers should strive to
understand why and how they might arise. To that end Rittel and Webber (1973)
suggested that more questions should be asked about the likely impacts or outputs of
218 actions. They go on to suggest that problems should be considered within valuative
frameworks, where multiple and differing perceptions are retained. Such frameworks
recognise problems as the links tying open systems into large and interconnected
networks of systems, and that the outputs from one become the inputs from another.
This paper draws on that advice.
The findings of the initial case study, and the results of the subsequent interviews
with managers from each of the other critical sectors were analysed by thematic
coding, based initially on the component parts of Christophers (1998) broad definition
of supply chain. Other categories were added as required until each component of the
supply chain and each source of vulnerability identified by interviewees could be
positioned within the framework.

A multi-level framework for analysis

The findings of this research suggest that the sources and drivers of supply chain risk
operate at several different levels as shown in Figure 1. These are inextricably linked
as elements of a system, but for the purpose of clarity are described here within four
discrete levels of analysis:
(1) Level 1 value stream/product or process.
(2) Level 2 assets and infrastructure dependencies.
(3) Level 3 organisations and inter-organisational networks.
(4) Level 4 the environment.
Together these levels cover elements of a supply chain and the environment within
which they are embedded, though each level reflects quite different perspectives.

Figure 1.
An integrated model of a
supply chain as an
adaptive system
Each is discussed here with reference to relevant sources in the supply chain Drivers of
management literature. supply chain
Level 1 value stream/product or process
vulnerability
At level 1 supply chain vulnerability is examined from the prevailing process
engineering-based supply chain management perspective. It is a view that is in keeping
with lean manufacturing and demand-driven logistics concepts. The approach 219
aspires to a perfect flow of information and materials facilitated by all supply chain
partners thinking and acting as one (Geary et al., 2002). Supply chains are therefore
seen in terms of the contents of a logistics pipeline flowing through and between
organisations in the network. The emphasis is on the efficient, value-based, design and
management of processes relating to workflows and their accompanying information
(usually by product or product class). Supply chains carry one or more of these value
streams (Childerhouse and Towill, 2003).
Risks are principally the financial or commercial consequences of inefficiencies or
sub-optimal supply chain performance, including the inability to react swiftly to
volatility in demand and the changing needs of the market place. Christopher and Lee
(2001) refer to the latter as market risk i.e. the risk of inertia. The agile paradigm,
with its roots in short-life cycle products has explicitly sought to address market risk
(Christopher and Towill, 2001).
The availability of credible and reliable information is central to this process
management perspective and is in turn dependent on the willingness of the parties to
share demand and process monitoring data. It is widely acknowledged that this
requires a high level of trust and cooperation between adjacent organisations; itself
evidence of a heightened sense of shared enterprise and shared risk.
Geary et al.s (2002) analogy of a supply chain as a perfect seamless logistics
pipeline represents the supply chain process management ideal. It is a useful
metaphor, but in the context of supply chain vulnerability it can be a deceptively
seductive one. It reinforces the notion of simplicity by promoting the vision of a stable,
controllable, linear, self-transporting flow, hermetically sealed from disruptive
environmental forces. In reality supply chains are rarely fixed, discrete,
self-propelling or self-protecting. Moreover, the adoption of lean and agile practices
(particularly JIT delivery) has made them increasingly reliant on the existence of a
reliable, secure and efficient communication, transport and distribution infrastructure.
Level 2 represents supply chains in terms of these asset and infrastructure
dependencies.

Level 2 asset and infrastructure dependencies

Level 2 represents supply chains in terms of the assets and infrastructure needed to
produce and carry the goods and information flows in level 1. The nodes are fixed
commercial assets, sites or facilities (e.g. fields, factories, distribution centres, retail
outlets or perhaps hospitals). The same facilities may house IT assets (hardware,
processing, and communications/service centres), which are nodes in communications
networks. These are in turn connected through the nodes and links of national and
international communications infrastructure (e.g. cables, radio masts and satellites).
They are also connected through the links and nodes of the transportation/distribution
infrastructures. Here the links are pipelines, power grids, roads, rail and waterways,
IJPDLM shipping lanes and flight paths. The nodes themselves may also be rail
35,4 termini/stations, ports and airports. Then there are the mobile assets that must not
be overlooked (the trucks, trains, boats and planes, etc.) that ply the links in
transportation networks.
At level 2 the resilience of the network should be assessed in terms of the
implications of the loss of links, nodes and other essential operating assets not least
220 skilled workers. Maintaining or retaining them is likely to be the responsibility of
functional managers, in manufacturing operations, IT, logistics and personnel. It is
also the territory of business continuity planning and disaster recovery specialists.
The threat of Y2K did much to raise awareness of business continuity issues. Loss
of IT, site and skills as well as product or service-related health and safety scares (some
with implications for reverse logistics) may all fall within its remit. A 2002 survey
(Chartered Institute of Management, 2002) showed that loss of IT capacity was the
most widely recognised threat to business continuity, followed by loss of site. However,
loss of skills ranked first in the list of actual problems experienced by companies in the
previous year. Clearly each of these scenarios could disrupt supply chain operations.
Nevertheless, other recent research linked to this study suggests that organisations
continue to undertake business continuity planning on the basis of a single site or
single firm (Peck and Juttner, 2002; Starr et al., 2003). The managers interviewed for
this study focused on risks to manufacturing and retail sites, others on transport and
infrastructure related risks. The emphasis tended to reflect the profile of their
organisations own assets and activities.
Despite supply chain managements emphasis on the substitution of information for
inventory, and business continuity managements preoccupation with IT, physical
distribution remains an essential element of effective integrated supply chain
management. Transport disruption is therefore a potential source of vulnerability to all
(McKinnon, 2004). In terms of impact on level 1 performance, it can be classified into
three broad groups: damage, loss and delay (Christopher et al., 2002). All can have a
significant impact on service levels, with the first two also causing discrepancies in
demand and stock availability data.
The choice of transport mode will automatically determine immediate
transportation asset related risks, e.g. shortages of heavy goods vehicle drivers in
the UK, or world-wide seasonal shortages of shipping capacity. It will also determine
infrastructure dependencies. As with everything else in this networked world,
elements of infrastructure are interconnected through commercial and technological
links. Back in May 1998 a malfunction in a satellite cut off 90 per cent of all US pagers,
affecting business transactions and emergency services (Robinson et al., 1998). The
same authors reported that the frequency and impact of events of this kind is
increasing. In the summer of 2003 a localised power cut knocked out British Airways
baggage handling system, preventing the airline from meeting security requirements.
The failure effectively closed Heathrow Airport, disrupting flights for days. A strike by
aggrieved check-in staff had a similar effect.

Level 3 organisations and inter-organisational networks

Level 3 steps back further to view supply chains as inter-organisational networks. It
moves supply chain vulnerability up to the level of corporate risk management,
business strategy and microeconomics. Here the nodes in the networks are the
organisations commercial and public sector that own or manage the assets and Drivers of
infrastructure, through which the physical goods and information flow. The links supply chain
become trading relationships, particularly the power dependencies between
organisations. vulnerability
The principles of integrated approaches to supply chain management (as set out in
level 1) rely on the premise that strong organisations will not abuse their position of
power vis-a`-vis weaker ones. Additionally, that information and risk will be shared 221
selflessly for the good of all. While supply chain managers may work tirelessly to
achieve this objective, other higher-level factors can work against them.
The expectation that a host of organisations can be harnessed to act as one, for a
single common good has been criticised in the literature for two reasons (Lonsdale,
2001). First because the paradigm was put forward by proponents of lean
manufacturing, who borrowed practices from Japanese motor manufacturing,
transplanting them to the West without due regard for cultural, behavioural and
contextual differences. Second, that integrated supply chain management draws on the
idealised view of market behaviour as set out by classical economists. Williamson
(1985) and numerous others studying transaction cost economics have challenged this
assumption. A review of the recent supply chain risk literature suggests that
Williamson is right and that opportunism is alive and well in the Western business
environment. Examples abound of powerful customers using contractual means to
push risk associated with inventory management, technology or new product
development back up the chain to weaker suppliers who are less able to shoulder the
burden (e.g. Cook, 2001; Burtonshaw-Gunn, 2002).
Where dominant organisations have the power, capabilities, and the will to manage
their supply chains in an open and collaborative way, we have seen the emergence of
extended enterprises. However, establishing and monitoring close cooperative
partnering relationships is resource-intensive. Consequently, large sophisticated
customers have reduced the number of direct suppliers, often opting for single sourcing
(usually by product line) as the lowest cost way to develop, manage and monitor their
supplier base. The downside of this is that it has given rise to one of the most widely
recognised causes of supply chain disruptions; the failure of a single source supplier
(Latour, 2001; Houghton et al., 2003). All of the commercial organisations involved in
this research were rationalising the number of suppliers and increasingly moving
towards single sourcing. Some, including healthcare and packaging manufacturers
were aware that this would increase their supply-side vulnerability to supply chain
disruptions, but were content to trade the risks associated with occasional supply-side
disruptions for the benefits of reduced inventory, better quality control and
collaborative forecasting.
Suppliers may of course choose to improve their own strategic position vis-a`-vis
competitors, customers or their own suppliers through mergers, acquisitions or
strategic alliances. These high level consolidations increasingly operating on a
global scale can change the balance of power in customer-supplier relationships
overnight. They can leave customers with fewer switching options. Worse still, an
organisation may suddenly find that a sole supplier is now the property of a
competitor.
Consolidations whether horizontal or vertical, can herald further network
reconfigurations and disruptions at level 2. The likely post-merger removal of
IJPDLM excess capacity may subsequently improve suppliers margins, but it can also reduce
35,4 its ability to cope with unexpected surges in demand. This was apparent in the
findings of the research, for example when a healthcare company manager described
how vaccine production had been constrained by a shortage of packaging materials.
Demand for vaccine was surging at the time as armed forces prepared for the 2003
invasion of Iraq. The cause was a shortage of high quality glass, caused by a
222 production failure at the only suppliers plant. The healthcare company is one of the
largest in the world, but is only a small volume customer of the glassmaker, which was
obliged to supply its high volume and high value customers including several
brewers first.
Managers representing several sectors involved in this study including grocery
retailing, food processing, pharmaceuticals, transportation as well as aerospace
also provided examples of supply chain networks being reconfigured at the request of
powerful customers. The customers were demanding the reconfigurations to enable
cost savings to be made in their own operations. The danger here is that by
attempting to optimise part of the system for their own interests, customers can
unwittingly strip vital volume out from existing suppliers networks, undermining
their viability.
Unlike many of the scenarios above, strategic outsourcing is likely to be an elective
reconfiguration determined by the organisation itself. From a level 1 perspective, loss
of visibility and control are the most obvious risks. However, in the strategic
management literature the outsourcing debate has been dominated by the core
competence concept, encouraging organisations to focus on their core value adding
activities. High on the list of non-strategic activities ripe for divestment or outsourcing
have been transport and information systems management (Anderson and Delattre,
2002). While these activities may not be seen as core activities by business strategists
in manufacturing and retailing, they are nevertheless the backbone of integrated
supply chain management.
Similarly, from a corporate governance perspective, outsourcing may be
undertaken as a risk mitigation strategy. Indeed the transfer of responsibility for
a known risk (e.g. labour disputes) is an acknowledged method of risk management.
In practice though outsourcing may exchange liability for known risks for exposure
to a host of unknown ones. When an event or near miss then highlights a
previously unrecognised or consequential risk, responsibility for managing it may
not be clearly defined. The lack of role clarity and fragmentation of ownership can
in turn lead to a situation where serious risks are orphaned. The refusal of any
organisation to accept responsibility for failures in rail safety following the
piecemeal privatisation of the British Rail network (a level 2 disruption) is one such
example.
The issue of role clarity for commercially owned infrastructure had however been
recognised by a US presidential commission in 1998 (The White House, 1998). The
research highlighted the need for greater clarity between public agencies and private
sector organisations if infrastructure vulnerabilities were to be managed effectively. At
the time 85 per cent of the USAs national infrastructure was under private ownership.
The same report concluded that private industrys investment in protecting it could be
justified only from a business perspective (Robinson et al., 1998).
Level 4 the environment Drivers of
The fourth and final level is the wider macroeconomic and natural environment within supply chain
which organisations do business, assets and infrastructure are positioned and value
streams flow. vulnerability
Factors for consideration are the political, economic, social, and technological
elements of the operating environment (including legal and regulatory issues), as well
as natural phenomenon geological, meteorological and pathological. All can affect a 223
supply chain at each of the first three levels of the framework. Disruptions emanating
at this level are likely to be beyond the direct control of supply chain managers and
business strategists. Nevertheless the susceptibility of the networks to known
phenomena can often be assessed in advance, thus enabling informed decision to be
made regarding the merits of specific risk avoidance or mitigation strategies.
Technological developments have already been addressed indirectly in this paper.
They can affect demand for existing products, cause uncertainty with the launch of
new ones, or facilitate better supply chain cooperation and visibility, as well as opening
up new channels or business models. They are creating new or increased dependencies
between supply chains, organisations and their supporting infrastructures.
Socio-political disruptions e.g. protests, strikes or regulatory changes rarely
happen without warning, so routine scanning of industry and general news services
should identify threats of this kind. For example, in 2003 drinks manufacturers and
packaging suppliers were well aware of scheduled changes to environmental
legislation affecting soft drink containers in Germany. Nevertheless, the packaging
manufacturer who participated in this study described how its customers (and their
retail customers) ignored the likelihood that whole categories of products would have
to be withdrawn if the legislation could not be derailed. Delaying tactics failed, the
products had to be removed from the shelves until new packaging was developed.
The collapse of the former Soviet Union, consolidation and expansion of the
European Union, and the rapid emergence of China as an economic superpower after
years of isolationism, continue to have a profound effect on international trade. The
geopolitical changes behind them have opened the way for truly global sourcing and
supply. Supply chains are being redesigned accordingly. However, the emergence of a
post-communist new world order has brought many new uncertainties. The terrorist
attacks of September 11, 2001 have done more than anything to raise awareness of
supply chain vulnerabilities (Sheffi, 2001; Aichlmayr, 2002; Harrington, 2003).
Subsequent military action in the Middle East, raised uncertainty over oil prices and
some uncomfortable questions about the future cost-effectiveness of global supply
chains (New, 2003).
Macroeconomic vacillations whether due to war worries, currency fluctuations or
other cyclical downturns have far reaching consequences for levels of demand,
pricing, and purchasing policies. As New (2003) points out, contemporary patterns of
purchasing and procurement policies have been established on the premise of low
inflation and macroeconomic stability. If conditions change possibly due as a result
of another 1970-style oil crisis two elements of purchasing and procurement policy
would become increasingly difficult to manage: the design of robust contracts and the
measurement of purchasing performance. Purchasing practices such as target costing,
applied in situations of high inflation or economic volatility, could mean more
bankruptcies and swift shifts in power-dependencies.
IJPDLM Moving on finally to the forces of nature, the great tsunami of 2004 reminded
35,4 everyone how devastating they can be. There were already numerous well-documented
examples of how natural phenomena such as earthquakes, hurricanes, floods, etc. have
disrupted JIT supply chains (McGillivray, 2000; Helferich and Cook, 2002).
Meteorological and geological susceptibilities are identifiable, though exactly when
and where disruptive events occur is less predictable. Pathological phenomena are
224 different. They are perhaps the most difficult to predict of all, and potentially the most
disruptive because they are mobile. Threats of this kind, whether Foot and Mouth
Disease, SARS, or the man-made computer viruses that mimic them, highlight how
efficient consolidated seamless distributions systems can becomes victims of their own
success.
This point brings the discussion back to the events that triggered this research
the fuel protests of 2000 and the UK Foot and Mouth epidemic. Both provoked a
national crisis affecting many of organisations involved in this research, but the
economic disruptions they caused were not due to ineffective supply chain
management, quite the reverse. The UK livestock and fuel supply chains exhibited
all of the characteristics of efficient lean distribution systems. It was the very efficiency
and the reliability of the fuel distribution system, plus the fact that the UK is so heavily
dependent on road transport that made the effects of the industrial action so rapid and
far reaching.
The Foot and Mouth outbreak tells a similar story. The UKs livestock rearing
industry has gone through the same process of vertical disaggregation and
specialisation as almost every other business sector, simultaneously moving from a
local to a regional and international industry. Bovine Spongiform Encephalopathy
(BSE), also known as Mad Cow Disease, had previously surfaced as a threat to the
livestock and meat processing industries; so new regulations were introduced. Better
visibility (British cattle became traceable), and tighter process controls in
slaughterhouses were brought in to manage this known risk. The measures added
cost into the slaughtering process, which together with retail-driven demands for
tighter quality controls led to a consolidation of the livestock supply chain networks.
What become apparent later was that these same measures had increased the
vulnerability of the system to another risk, Foot and Mouth. Foot and Mouth had been
known in the UK, but the disease is not endemic. Decades had passed between
outbreaks. Over the years, expertise was lost indeed the very success of the state
veterinary service in disease suppression arguably led to its own dismantling. So when
infected sheep (exhibiting no visible symptoms) entered the system, the newly
consolidated livestock network together with the velocity of the distribution system
spread the disease more rapidly and efficiently than anyone presently working in the
field had anticipated.

Summary and conclusions

This paper has taken the findings of exploratory research into sources and drivers of
supply chain vulnerability and, drawing on systems theory, developed a multi-level
framework for analysis, providing the basis of a model (Figure 1) to explain the scope
and dynamic nature of supply chain risk. The paper emphasises the point that a
resilient network involves much more than the design and management of robust
supply chain processes. It concludes that if we accept the notion of supply chains as
inter-organisational networks, embedded within an environment characterised by Drivers of
many uncontrollable forces, then we must also accept that complexity and limited supply chain
managerial control are facts of life for supply chain managers. Nevertheless the
managers and the organisation that employ them are contractually, morally and often vulnerability
legally obliged to identify, manage or mitigate the effects of known or knowable
risks. It is therefore important for managers to recognise that in taking action to reduce
known risks, they are changing the risk profile for that organisation and for others in 225
the network. This in turn highlights a second major finding from this research, a
frequent disconnection between the functional goals of supply chain management and
higher-level changes in organisational structure and business strategy. Few
organisations have supply chain management specialists in their boardrooms;
consequently, the supply chain implications of strategic decisions are often not
recognised until serious problems emerge.
Supply chain vulnerability and indeed resilience is wider in scope than integrated
supply chain management, business continuity planning, commercial corporate risk
management or an amalgamation of all of these disciplines. There are political and
public policy dimensions too. In the UK and elsewhere, governments are increasingly
looking to the private sector to reduce costs and deliver efficiency improvements in the
management of national infrastructure and public services. In doing so they are
introducing new commercial pressures, often without an explicit understanding of the
likely impact on network resilience. Even when there is recognition, they and their
private sector counterparts may choose to accept the risks as they see them, deciding
that the perceived benefits of the proposed changes outweigh the potential costs of
managing or mitigating the effects of a disruption if and when it occurs.
Of course truly informed judgments can only be made for known risks, not hitherto
unrecognised ones hence the need for greater understanding of why consequential
problems and risks can emerge at any or all of the levels identified in this paper.
Related to this is the case for the de-vilification of slack. Least cost optimization is all
well and good, in a stable and controllable environment, but in an uncertain world
satisficing may a better way forward. The dynamic and evolving nature of supply
chain risks means that no supply chain strategy is ever likely to be risk-free, and no
system, however well managed, is invulnerable. Therefore, it seems that slack in the
system, whether in the form of inventory, capacity, capability and even time, plus
constant awareness and vigilance are needed if supply chains are to become and
remain truly resilient.

Limitations and further research

It would have been desirable to conduct in-depth multi-tier case studies in each of the
sectors used to validate the findings of the aerospace case study, immediately after the
initial study was undertaken. Unfortunately this was not possible due to time and
resource limitations. However two other UK government departments have expressed
an interest in extending the study further in the defence and food sectors. Similar
studies undertaken in these and other industries by scholars in other parts of the world
would clearly provide useful comparators.
In relation to the academic debate on the integration of supply chain risk and
conventional risk management concepts and taxonomies, this is an area ripe for further
IJPDLM development. Further research is underway to position established definitions and
35,4 taxonomies of risk in relation to respective units or levels of analysis.
Finally, the work presented here is normative in nature, leaning towards the soft
systems agenda. It focuses on understanding why supply chains are vulnerable to
disruption rather, then the hard systems how to agenda of procedural action plans.
Nevertheless, it provides a starting point for skilled complex systems modellers who, if
226 given access to appropriate data, can begin the task of developing more complete
predictive simulations of the likely effects of specific actions on dynamic supply chain
networks. These models would provide more positive assistance for managers and
policy makers at all levels.

Notes
1. For additional examples of verbatim extracts from the interviews, along with further details
of the case methodology, including interviewee profiles, processes employed for data
collection, analysis and validation see Haywood (2002).
2. For further details and discussion of the issue of constant change in the aerospace networks
see Haywood (2002); or Haywood and Peck (2003)
3. Detailed summaries of the findings from each of the critical sectors, including examples of
supply chain failures are presented in Peck et al. (2003).

References
Aichlmayr, M. (2002), Mission critical: closing security gaps, Transportation and Distribution,
May, pp. 28-32.
Allen, P. (1997), Cities and Regions as Self-organizing Systems: Models of Complexity, Gordon &
Breach, London.
Anderson, D.L. and Delattre, A.J. (2002), Five predictions that will make you rethink your
supply chain, Supply Chain Management Review, September/October, pp. 25-30.
Arthur, W.B., Durlauf, S.N. and Lane, D. (1997), The Economy as an Evolving Complex System II,
Addison-Wesley, Reading, MA.
Axelsson, B. and Easton, G. (Eds) (1992), Industrial Networks: A New View of Reality, Gower,
London.
Bhasker, R. (1979), The Possibility of Naturalism, Harvester Press, Brighton.
Blaikie, N. (1993), Approaches to Social Enquiry, Polity Press, Cambridge.
Braithwaite, A. and Hall, D. (1999), Risky business? Critical decisions in supply chain
management: part 1, Supply Chain Practice, Vol. 1 No. 2, pp. 40-57.
Burtonshaw-Gunn, S.A. (2002), Examining risk and supply chain collaborative working in the
UK construction industry, Proceedings of 2nd International Research Seminar on Risk
and the Supply Chain, Lund Institute of Technology, Lund, 14-16 October.
Byrne, J.A., Brandt, R. and Port, O. (1993), The virtual corporation, Business Week, 8 February,
pp. 36-40.
Chartered Institute of Management (2002), Business continuity and supply chain management,
available at: www.inst-mgt.org.uk
Checkland, P. (1994), Systems theory and management thinking, American Behavioral
Scientist, Vol. 38 No. 1, September, pp. 75-91.
Childerhouse, P. and Towill, D.R. (2003), Simplified material flow holds the key to supply chain
integration, Omega, Vol. 31 No. 1, pp. 17-27.
Christopher, M. (1998), Logistics and Supply Chain Management, Pitman Publishing, London. Drivers of
Christopher, M. and Lee, H.L. (2001), Supply chain confidence: the key to effective supply chains supply chain
through improved visibility and reliability, Global Trade Management.
Christopher, M. and Towill, D.R. (2001), An integrated model for the design of agile supply
vulnerability
chains, International Journal of Physical Distribution & Logistics Management, Vol. 31
No. 4, pp. 235-46.
Christopher, M. et al. (2002), Supply Chain Vulnerability, final report on behalf of DTLR, DTi and 227
Home Office, Cranfield University, Cranfield.
Collins English Dictionary (2000), HarperCollins, Glasgow.
Cook, N. (2001), Lower-tier suppliers in the front line, Interavia, Vol. 56 No. 658, November,
pp. 21-2.
Demchak, C. (1996), Tailored precision armies in fully networked battlespace: high reliability
organizational dilemmas in the information age, Journal of Contingencies and Crisis
Management, Vol. 4 No. 2, pp. 93-103.
Easton, G. (1995), Case research as a methodology for industrial networks: a realist approach,
Interaction, Relationships and Networks: Proceedings of the 11th International Conference
of the IMP Group, Vol. 1, 7-9 September, pp. 369-88.
Geary, S., Childerhouse, P. and Towill, D. (2002), Uncertainty and the seamless supply chain,
Supply Chain Management Review, July/August, pp. 52-61.
George, M.L. (2002), Lean Six Sigma: Combining Six Sigma Quality with Lean Production Speed,
McGraw-Hill, New York, NY.
Hakansson, H. and Snehota, I. (1989), No business is an island: the network concept of business
strategy, Scandinavian Journal of Management, Vol. 5 No. 3, pp. 187-200.
Harland, C. and Brenchley, R. (2001), Risk in supply networks, Proceedings of the 8th
International Conference of the European Operations Management Association, Vol. 1,
Bath, pp. 306-7.
Harrington, L.H. (2003), Welcome to the front line, Transportation and Distribution, January,
p. 4.
Haywood, M. (2002), An investigation into supply chain vulnerability management within UK
aerospace manufacturing supply chains, MSc thesis, Cranfield Centre for Logistics and
Supply Chain Management, Cranfield University, Cranfield.
Haywood, M. and Peck, H. (2003), An investigation into the management of supply chain
vulnerability in UK aerospace manufacturing, Proceedings of the EUROMA/POMS
Conference, Vol. 2, Cernobbio, Lake Como, 16-18 June, pp. 121-30.
Helferich, O.K. and Cook, R.L. (2002), Securing the Supply Chain, Council of Logistics
Management, Oak Brook, IL.
Houghton, T., Markham, B. and Tevelson, B. (2003), Thinking strategically about supply
management, Supply Chain Management Review, September/October, pp. 32-8.
Jankowicz, A.D. (1995), Business Research Projects, 2nd ed., Chapman & Hall, London.
Juttner, U., Peck, H. and Christopher, M. (2003), Supply chain risk management: outlining an
agenda for future research, International Journal of Logistics: Research and Applications,
Vol. 6 No. 4, pp. 199-213.
Latour, A. (2001), Was SISU the difference?, Wall Street Journal, 29 January.
Lincoln, Y.S. and Guba, E. (1985), Naturalistic Inquiry, Sage, Beverly Hills, CA.
Lonsdale, C. (2001), Locked-in to supplier dominance: on the dangers of asset specificity for the
outsourcing decision, Journal of Supply Chain Management, Vol. 7 No. 2, Spring, pp. 22-7.
IJPDLM McGillivray, G. (2000), Commercial risk under JIT, Canadian Underwriter, Vol. 67 No. 1,
January, pp. 26-30.
35,4
McKinnon, A. (2004), Life without Lorries: The Impact of a Temporary Disruption of Road
Freight Transport in the UK, report prepared for Commercial Motors, Logistics Research
Centre, Heriot-Watt University, Edinburgh.
Miles, R. and Snow, C. (1986), Organizations: new concepts for new forms, California
228 Management Review, Vol. 28 No. 3, pp. 62-73.
Moller, K. and Halinen, A. (1999), Business relationships and networks: managerial challenge of
network era, Industrial Marketing Management, Vol. 28 No. 5, pp. 413-27.
Morel, B. and Ramanujam, R. (1999), Through the looking-glass of complexity: the dynamics of
organizations as adaptive and evolving systems, Organization Science, Vol. 10 No. 3,
May-June, pp. 278-93.
Naim, M.N., Holweg, M. and Towill, D. (2003), On systems thinking, engineering and dynamics
their influence on modern logistics management, Logistics and Networked Organisations:
Proceedings of the 8th International Symposium on Logistics, University of Sevilla, Sevilla,
6-8 July, pp. 549-64.
New, S. (2003), There may be troubles, Supply Management, 2 January, pp. 16-19.
Peck, H. and Juttner, U. (2002), Risk management in the supply chain, Logistics and Transport
Focus, Vol. 4 No. 11, December, pp. 17-22.
Peck, H., Christopher, M., Rutherford, C., Abley, J. and Saw, R. (2003), Supply Chain Resilience,
final report on behalf of the Department for Transport, Cranfield University, Cranfield.
Rittel, H.W. and Webber, M.M. (1973), Dilemmas in a general theory of planning, Policy
Sciences, Vol. 4 No. 2, pp. 155-69.
Robinson, C.P., Woodard, J.B. and Varnado, S.G. (1998), Critical infrastructure: interlinked and
vulnerable, Issues in Science and Technology Online, No. Fall.
Sheffi, Y. (2001), Supply chain management under threat of international terrorism,
International Journal of Logistics Management, Vol. 12 No. 2, pp. 1-11.
Simons, R. (1999), How risky is your company?, Harvard Business Review, Vol. 77 No. 3,
pp. 85-94.
Starr, R., Newfrock, J. and Delurey, M. (2003), Enterprise resilience: managing risk in the
networked economy, Strategy and Business, Vol. 30.
Stock, J.R. (1997), Applying theories from other disciplines to logistics, International Journal of
Physical Distribution & Logistics Management, Vol. 37 No. 9/10, pp. 515-39.
Svensson, G. (2000), A conceptual framework for the analysis of vulnerability in supply chains,
International Journal of Physical Distribution & Logistics Management, Vol. 30 No. 9,
pp. 731-49.
Svensson, G. (2001), A conceptual framework of vulnerability in firms inbound and outbound
logistics flows, International Journal of Physical Distribution & Logistics Management,
Vol. 32 No. 2, pp. 110-34.
Svensson, G. (2002), Vulnerability scenarios in marketing channels, Supply Chain
Management: An International Journal, Vol. 7 No. 5, pp. 322-33.
Thorelli, H.B. (1986), Networks: between markets and hierarchies, Strategic Management
Journal, Vol. 7 No. 1, pp. 27-31.
Towill, D.R. (1999), Simplicity wins: 12 rules for designing effective supply chains, Control,
Vol. 25 No. 2, pp. 9-13.
von Bertalanffy, L. (1973), General Systems Theory Foundations, Development, Applications, Drivers of
Penguin Books, Harmondsworth.
(The) White House (1998), Presidential Decision Directive/NDC-63 Subject: Critical Infrastructure
supply chain
Directive, The White House, Washington, DC, 22 May. vulnerability
Williamson, O.E. (1985), The Economic Institutions of Capitalism: Firms, Markets, Relational
Contracting, The Free Press, New York, NY.
Yin, R.K. (1989), Case Study Research, Sage, Beverly Hills, CA. 229
Zsidisin, G.A. (2003), Managerial perceptions of risk, Journal of Supply Chain Management,
Vol. 39 No. 1, pp. 14-25.

Further reading
Fink, A. (1998), Conducting Research Literature Reviews, Sage, Thousand Oaks, CA.
Iansiti, M. and Levien, R. (2004), Strategy as ecology, Harvard Business Review, March,
pp. 69-78.
Lee, H.L. and Wolfe, M. (2003), Supply chain security without tears, Supply Chain Management
Review, January/February, pp. 12-20.
Martha, J. and Subbakrishna, S. (2002), Targeting a just-in-case supply chain for the inevitable
next disaster, Supply Chain Management Review, September/October, pp. 18-24.

(The Appendix follows on the next page.)

IJPDLM Appendix
35,4

230

Figure A1.
 Drivers of
supply chain
vulnerability

231

Figure A1.
IJPDLM
35,4

232

Figure A1.