Search results

This research aims to develop a supplier risk assessment methodology for measuring, tracking, and analyzing supplier and part specific risk over time for an automotive manufacturer.

Supply chain risk literature is analyzed and used in conjunction with interviews from the automotive manufacturer to identify risks in the supply base. These risks are incorporated into the development of a temporal risk assessment and monitoring system.

A framework of risk factors important to the auto manufacturer is presented. A multi‐criteria scoring procedure is developed to calculate part and supplier risk indices. These indices are used in the development of a risk assessment and monitoring system that allows the indices to be tracked over time to identify trends towards higher risk levels.

There are a number of operational issues identified in the paper that could be investigated in future research. One such issue is the development of alternative risk assessment methods that would increase the sensitivity of the risk analysis.

The framework is implementable in firms interested in understanding and controlling risk in their supply base. The research stems from an industry project with an automotive manufacturer. The method is designed to be practical and easy to implement and maintain. The system also has a visual reporting mechanism designed to provide early warning signals for potential problems in the supply base and to show temporal changes in risk.

This paper presents a dynamic risk analysis methodology that analyzes and monitors supplier risk levels over time.

Information security has become an essential entity for organizations across the globe to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). However, the existence of numerous different types of risk assessment methods, standards, guidelines and specifications readily available causes the organizations to face the daunting tasks in determining the most suitable method that would augur well in meeting their needs. Therefore, to overcome this tedious process, this paper suggests collective information structure model for ISRA.

The proposed ISRA model was developed by deploying a questionnaire using close-ended questions administrated to a group of information security practitioners in Malaysia (N = 80). The purpose of the survey was to strengthen and add more relevant additional features to the existing framework, as it was developed based on secondary data.

Previous comparative and analyzed studies reveals that all the six types of ISRA methodologies have features of the same kind of information with a slight difference in form. Therefore, questionnaires were designed to insert additional features to the research framework. All the additional features chosen were based on high frequency of more than half percentage agreed responses from respondents. The analyses results inspire in generating a collective information structure model which more practical in the real environment of the workplace.

Generally, organizations need to make comparisons between methodologies and decide on the best due to the inexistence of agreed reference benchmark in ISRA methodologies. This tedious process leads to unwarranted time, money and energy consumption.

The collective information structure model for ISRA aims to assist organizations in getting a general view of ISRA flow and gathering information on the requirements to be met before risk assessment can be conducted successfully. This model can be conveniently used by organizations to complete all the required planning as well as to select the suitable methods to complete the ISRA.

Identifying and prioritizing supply chain risk is significant from any product’s quality and reliability perspective. Under an input-process-output workflow, conventional risk prioritization uses a risk priority number (RPN) aligned to the risk analysis. Imprecise information coupled with a lack of dealing with hesitancy margins enlarges the scope, leading to improper assessment of risks. This significantly affects monitoring quality and performance. Against the backdrop, a methodology that identifies and prioritizes the operational supply chain risk factors signifies better risk assessment.

The study proposes a multi-criteria model for risk prioritization involving multiple decision-makers (DMs). The methodology offers a robust, hybrid system based on the Intuitionistic Fuzzy (IF) Set merged with the “Technique for Order Performance by Similarity to Ideal Solution.” The nature of the model is robust. The same is shown by applying fuzzy concepts under multi-criteria decision-making (MCDM) to prioritize the identified business risks for better assessment.

The proposed IF Technique for Order Preference by Similarity to the Ideal Solution (TOPSIS) for risk prioritization model can improve the decisions within organizations that make up the chains, thus guaranteeing a “better quality in risk management.” Establishing an efficient representation of uncertain information related to traditional failure mode and effects analysis (FMEA) treatment involving multiple DMs means identifying potential risks in advance and providing better supply chain control.

In a company’s supply chain, blockchain allows data storage and transparent transmission of flows with traceability, privacy, security and transparency (Roy et al., 2022). They asserted that blockchain technology has great potential for traceability. Since risk assessment in supply chain operations can be treated as a traceability problem, further research is needed to use blockchain technologies. Lastly, issues like risk will be better assessed if predicted well; further research demands the suitability of applying predictive analysis on risk.

The study proposes a hybrid framework based on the generic risk assessment and MCDM methodologies under a fuzzy environment system. By this, the authors try to address the supply chain risk assessment and mitigation framework better than the conventional one. To the best of their knowledge, no study is found in existing literature attempting to explore the efficacy of the proposed hybrid approach over the traditional RPN system in prime sectors like steel (with production planning data). The validation experiment indicates the effectiveness of the results obtained from the proposed IF TOPSIS Approach to Risk Prioritization methodology is more practical and resembles the actual scenario compared to those obtained using the traditional RPN system (Kim et al., 2018; Kumar et al., 2018).

This study provides mathematical models to simulate the supply chain risk assessment, thus helping the manufacturer rank the risk level. In the end, the authors apply this model in a big-sized organization to validate its accuracy. The authors validate the proposed approach to an integrated steel plant impacting the production planning process. The model’s outcome substantially adds value to the current risk assessment and prioritization, significantly affecting better risk management quality.

The purpose of this paper is to explore two distinct yet complimentary “structured professional judgement (SPJ)” approaches to terrorist/extremist risk assessment on the vexing issue of how best to deal with the subjectivity inherently involved in professional judgement.

An SPJ methodology is considered the best practice approach for assessing terrorism risk. Currently there are four specific terrorism risk instruments that have been published in the literature. Two of these SPJ tools are examined in detail, namely the Violent Extremist Risk Assessment tool (Pressman, 2009; Pressman et al., 2012) and the Structured Assessment of Violent Extremism (SAVE) tool (Dean, 2014). The paper critically unpacks the conceptual and methodological stumbling blocks of an SPJ methodology for controlling human subjectivity.

The paper presents the case for adopting a “controlling in” approach rather than a “controlling out” approach of an analyst’s subjective tacit (in-the-head) knowledge inherent in their professional judgement. To have a quantifiable SPJ tool that triangulates the multi-dimensionality of terrorism risk which can validate an analyst’s professional judgement is the next logical step in terrorist/extremist risk assessment work. The paper includes a case example of this “controlling in” approach and the validation methodology used by the SAVE software system.

The implications for practice range from incorporating the SAVE system in operational policing/national security work with its quantitative nature, triangulated risk scores, visualisation output of a prioritised case report with in-built alerts, to the required training for system calibration to enhance user proficiency.

This is a highly original and innovative paper as this type of quantified SPJ tool (SAVE) has up until now never been applied before in terrorist/extremist risk assessment work.

The purpose of the paper is to provide a robust and simple methodology for disaster risk management officials to assess the total disaster risk posed by dolomite in urban areas of South Africa.

In order to develop the methodology the basic principles of disaster risk assessment, incapsulated in the notation R=H×V, was applied to provide a vehicle to quantify hazard and vulnerability aspects related to dolomite risk. Specifically existing knowledge on inherent dolomite risk classes (hazard component) was aligned to issues of vulnerability (in this case ageing water infrastructure) to attain a total dolomite disaster risk score for a specific area.

The results from the practical application of the method indicated that the proposed dolomite risk assessment methodology is not only robust but easy to comprehend and to apply. The simplicity of the method also allows for easy integration into existing urban planning and integrated development planning process.

The creation of the method not only provides a much-needed tool for assessing the total disaster risk posed by dolomite in urban areas but also adds value to the entire urban and community development process.

Businesses are increasingly vulnerable and exposed to physical climate change risks, which can cascade through local, national and international supply chains. Currently, few methodologies can capture how physical risks impact businesses via the supply chains, yet outside the business literature, methodologies such as sustainability assessments can assess cascading impacts.

Adopting a scoping review framework by Arksey and O'Malley (2005) and the PRISMA extension for scoping reviews (PRISMA-ScR), this paper reviews 27 articles that assess climate risk in supply chains.

The literature on supply chain risks of climate change using quantitative techniques is limited. Our review confirms that no research adopts sustainability assessment methods to assess climate risk at a business-level.

Alongside the need to quantify physical risks to businesses is the growing awareness that climate change impacts traverse global supply chains. We review the state of the literature on methodological approaches and identify the opportunities for researchers to use sustainability assessment methods to assess climate risk in the supply chains of an individual business.

To present a methodology, including the algorithms, to quantify the risk of failure from tin whiskers and to present a dynamic risk trend based on the distribution of each of the whisker growth parameters, generated from experiments over a period of time. This paper also aims to demonstrate the practical application of the methodology developed.

This paper has been written to provide a methodology to assess tin whisker risk due to fixed whiskers in electronic products. The risk assessment process has been detailed in the paper. To demonstrate the usefulness of the methodology, a tin whisker risk assessment was conducted for a printed circuit board (PCB) in operation.

Based on the experimental tin whisker growth data it is observed that growth rates of mean length and average density decrease with time. Based on the risk assessment, it was estimated that for the common matte tin over copper finish, the failure risk for the circuit card assembly was 4 per cent over 20 years. It was recommended that, for this product, components with bright tin lead finish should not be used. It was also found that the effectiveness of the conformal coating on this PCB is limited by the relative risk of the components on the board.

The paper provides a new methodology to assess fixed tin whisker risk in electronic products. The methodology provides a dynamic risk trend with time because the algorithm incorporates distributional data of whisker growth and the distributional data as a function of time. This type of assessment was lacking in the previous studies.

The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure.

This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems.

The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements.

This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

The purpose of this paper is to outline the process of risk assessment for terrorists and violent political extremists and to present an example of such an approach. The approach proposed is referred to as the VERA 2 or violent extremism risk assessment protocol (Consultative Version 2).

A review of the knowledge base relating to risk assessment and risk assessment methodology was undertaken with a focus on relevance to individual terrorists and violent extremists. The need for a specific approach for the risk assessment of terrorists that differs from approaches used for ordinary violent criminals was identified. A model that could be used for the risk assessment of terrorists was identified with pertinent risk indicators. This was structured into a protocol referred to as the VERA (Consultative Version 2). The approach is intended to be applied to different types of violent extremists, terrorists and unlawful violent offenders motivated by religious, political or social ideologies.

First, risk assessments of adjudicated terrorists and violent extremists should be undertaken with risk indicators that are relevant to ideological motivated violence. Indicators used for ordinary common violence differ in substantive ways from those relevant to terrorists and therefore may have questionable relevance for the assessment of risk in terrorists. Second, it is possible to construct an evidence‐based risk assessment approach for the range of violent extremists and terrorists using a structured professional judgment approach with pertinent risk indicators. The VERA 2 is an example of this type of risk assessment protocol for terrorists and unlawful violent extremists.

Risk assessment tools that have been developed for ordinary violent criminals and members of organised criminal gangs should be used with caution with terrorists, violent extremists and other perpetrators of ideologically motivated unlawful violence. Specific risk assessment approaches for terrorists with relevant indicators should be used. At this time, terrorist oriented approaches such as the VERA 2 are to be considered consultative and used as an add‐on to other established approaches.

There are few transparent, structured risk assessment approaches that use indicators specifically relevant to violent political extremists and terrorists. One new approach, the VERA 2 is outlined in the paper using risk indicators that differ in substantive ways from those used for other ordinary violent criminals.

The increasing complexity and dynamism of new technology implemented or to implement have imposed substantial uncertainties and subjectivities in the risk assessment process. This paper aims to present a risk assessment methodology for e-procurement implementation based on modified analytic network process (ANP) coupled with fuzzy inference systems.

ANP is modified in such a way that the experts can provide necessary data precise numerical value, a range of numerical values, a linguistic term or a fuzzy number. The proposed methodology incorporates knowledge and judgements obtained from experts to carry out identification of risk factors and to assess the risk magnitude of the identified risk factors based on factor index, risk likelihood and risk severity.

Risk magnitude of third party systems are found to be minor with a belief of 100 per cent, and for in-house systems, the risk is found to be between minor with a belief of 30 per cent and major of 70 per cent. The results indicate that by using the proposed methodology, the technological risk assessment of new technology can be done effectively and efficiently.

Using the results of this study, the practitioners can better know the pros and cons of implementing both in-house and third party e-procurement systems.

The modified ANP is used mainly to structure and prioritize the diverse risk factors. Finally, an illustrative example on technological risk assessment of both in-house and third party e-procurement systems is used to demonstrate the applicability of the proposed methodology in real life situations.