Estructura sintáctica del Conocimiento Biológico

Discussions on SCS are frequently found in the SCRM literature (Ho et al., 2015, Rao and Goldsby, 2009). However, a review of this literature indicates that there are still knowledge gaps and inconsistencies in current research, particularly in terms of the methodologies used and the types of risks investigated (Ho et al., 2015). First, less than one third of the articles reviewed for this study used qualitative methods focusing on risk identification and SCRM constructs. The literature is dominated by the use of quantitative methods and the application of analytical methods is much more prevalent than empirical methods. Second, the majority of articles discuss supply risks, while very little attention is given to infrastructural risks, like transportation and information. Rice and Spayd (2005) also suggested the need of empirical research in the SCS literature.

This current research fills these gaps by applying the qualitative case study approach and addressing the infrastructural risks in the flow of goods transportation and information. These risks are reflected in the AEO security standards that require sufficient security measures to be implemented in the areas of cargo and conveyance security.

Security and risk are often seen as interchangeable terms and are not seen as distinct. There is some confusion on the use of terms such as risks, uncertainties, vulnerabilities, and sources of risk (Manuj and Mentzer, 2008). While Section 2.3.1 discussed security, this section explores risk and risk management strategies and how these differ from security. There is no clear consensus on the definition of risk in SCRM (Sodhi et al., 2012). Ho et al. (2015) defined risk as the likelihood and impact of unexpected macro or micro level events that adversely influence any part of a supply chain leading to operational, tactical, or strategic level failures. So the risk is associated with the probable occurrence of adverse events.

The element of collaboration consistently appears in SCRM discussions (Tang, 2006a, Thun and Hoenig, 2011, Jüttner et al., 2003). Jüttner et al. (2003) offered basic constructs that help identify risks and their management within the complexity of a supply chain. They also highlight the need for collaboration.

24

Table 2.1 SCRM basic constructs

Risk sources Risk consequences

Risk drivers Risk mitigation strategies i. Environmental - Accidents - Terrorism ii. Organizational - Labour strikes - Production uncertainty iii. Network - Lack of ownership - Chaos - Inertia i. Cost ii. Quality i. Efficient vs. effective ii. Globalization of supply chain iii. Focused factories and centralized distribution centers iv. Outsourcing. v. Reduction of supplier base i. Avoidance ii. Control iii. Cooperation iv. Flexibility

Source: Jüttner et al. (2003)

Table 2.1 shows the suggested risk management strategies, identified according to the source of the risk (e.g., environmental, organizational, and network), the risk consequences (e.g., cost and quality), the risk drivers (e.g., globalization, outsourcing etc.) and possible risk mitigation strategies (e.g., avoidance, control, cooperation and flexibility). Following these constructs, the risks of security identified in the AEOs can be categorized into three groups of sources. The first group is environmental risks. This type of risk refers to the surroundings of the supply chain operations, whether in the form of socio-political actions (e.g., rallies or terrorist attacks) or natural incidents (e.g., extreme weather, earthquakes, flood or fire). The second group relates to organizational risks that are found internally within the chain actors’ organizations and may include a wide range of causes, such as labor disputes (e.g., strikes), production problems (e.g., machine failure), or IT-system breakdowns. The third group is network- related risks that derive from issues in the relationships between chain partners. The interaction between and among partners may create potential friction, hampering the smooth flow of the supply chain. These three risk sources are identified in the AEOs. For example, the AEOs work in collaboration with the trucking companies to determine the container routes from warehouse to port. This takes into consideration the environmental risk of road disruptions due to weather or riots, organizational risks of

25

time uncertainty on container readiness, and network-related risks on the agility of the trucking companies.

As risk is often inevitable (Jüttner et al., 2003), the development of risk mitigation strategies should include the identification of risk drivers, many of which originate from the natural pressure of competition in business. A driver relevant to this research is the increasing trend to outsource, particularly logistics operations such as warehousing, transportation and freight forwarding (Jayaram and Tan, 2010, Hertz and Alfredsson, 2003). Companies are induced to produce and deliver goods in the most cost-efficient manner to improve their operational competitiveness (Svensson, 2002). The AEO export supply chains offer appropriate examples of logistics outsourcing to achieve efficiency. The outsourcing is relatively low risk when the AEO signs a contract with the first-tier outsourced company. However, outsourcing operations become more vulnerable to risk when the first contracted company enters into a subcontract creating second tier and beyond.

Peck et al. (2003) classified risks in supply chains into four category levels (see Table 2.2). These align with the AEOs’ security aspects (WCO, 2006). The four levels show that vulnerabilities come in different forms and risk drivers may be found in different interconnected levels. Peck et al. (2003) highlighted a problem in SCRM, with many firms still concentrating only on risks within their organization, despite the many examples of business continuity being influenced by supply chains. The first level of risk relates to the process value stream, which describes the flow of goods and operations between organizations in a supply chain network. This level is represented in the AEOs’ cargo and conveyance security, where coordination between stakeholders in the chain is a critical to achieving the smooth flow of goods. This flow not only involves goods and container movement but also information sharing systems that support individual operations. This level relates to the role of links (goods transportation) that connect nodes (individual operations). The second level focuses on asset and infrastructure dependencies (e.g., factories, distribution centers, retail outlets, trucks, trains, vessels, planes, etc.) that characterize the aspects of premises and personnel security. The third level emphasizes the importance of organizational and inter-organizational networks. This resonates with the principles of trading partner security. The final level covers environmental risks, including the risk of terrorism.

26

Table 2.2 Four levels of risk in supply chains

Level 1: Process/value stream

Supply chain is seen as a linear ‘pipeline’ flowing through and between organizations in the network. It focuses on the efficient, value-based management of individual workflows of products and information.

Level 2: Assets and infrastructure dependencies

Supply chains as asset and infrastructure dependencies (e.g. factories, distribution centers, retail outlets, trucks, trains, vessels, planes, etc.).

Level 3: Organizations and inter-

organizational networks

Supply chains as inter-organizational networks. The central focus is on the organizations that own or manage the assets and infrastructure, through which the products and information flow.

Level 4: The environment

Supply chain as a wider macroeconomic and natural environment. It includes aspects of politics, economic, social, technology, terrorism and nature in the operating and trading environment.

Source: Peck et al. (2003)

From different perspectives, Trkman and McCormack (2009) categorized uncertainty into two groups, endogenous and exogenous, to classify internal and external aspects of risk from inside and outside the supply chain. Endogenous uncertainty includes market and technology turbulence that can affect the relationships between focal firms and suppliers. Under exogenous sources, two groups of risk are discrete events (e.g., terrorist attacks, contagious diseases and workers’ strikes), and continuous risks (e.g., inflation rates, consumer price index changes). Terrorism is categorized as a risk affecting the supply chain under the category of external risk from the environment. This is beyond the control of supply chain managers. Tang (2006b) argued that with a robust mitigation strategy, firms can not only maintain smooth operations, they can keep satisfying customers when other firms collapse or fail to recover quickly enough after disruptions. One way to rationalize the security investment is through an understanding of the probability of risks occurring. Interestingly, despite the fact that many firms are aware of the magnitude of the risks and the need for security strategies, the majority of firms fail to justify the investment needed to develop security strategies and only a few decide to take robust action to secure their supply chains (Zsidisin et al., 2004).

27

Rice and Caniato (2003) proposed a number of assumptions that they believed underlay this phenomenon. First, firms tend not to appreciate risk when accurate risk assessment is absent. Second, firms are not familiar with SCRM. Third, security programs are difficult to justify without proper investment analysis. Insurance becomes an option to mitigate risks (Heckmann et al., 2015). However, only a small number of firms rely on insurance because it is expensive and, in the aftermath of a major disruption, it cannot prevent a firm from losing customers (Rice and Caniato, 2003). To address this issue, Tang (2006a) argued that a security strategy must serve two purposes. First, it should be able to support business continuity during normal conditions. Second, it should allow sustainable operations during and after a disruption. Tang (2006a) focused on supply and demand chain in production and sales, overlooking the logistics of goods movement where the use of third parties is dominant (Rodrigue, 2012). The development of SCS initiatives was also not included in his discussion despite their potential options to support firms’ security strategy. In fact, the characters of continuity and sustainability highlighted in the discussion are closely relevant with AEO program and to be revealed in more details in this thesis.

Security at nodes and links is equally important to ensure security for the whole supply chain (Sheffi, 2001). Rice and Caniato (2003) considered security control at nodes to be relatively uncomplicated since this is generally under the authority of a firm. On the other hand, maintaining security at links (i.e., transportation routes) requires more extensive coordination and collaboration (Zsidisin and Ellram, 2003). Scholars (Williams et al., 2008, Closs and McGarrell, 2004, Peck et al., 2003) have discussed specifically the importance of collaboration for addressing security risks. As noted in Chapter 1, Closs and McGarrell (2004) argued that current security risks have forced the shift of security perspectives from within firms to end-to-end supply chains, from a country to a global focus, and from traditional theft prevention to anti-terrorism. A closer relationship with government authorities, as well as other actors, is highlighted as necessary to achieve positive security outcomes.

While companies react differently to risks and not all companies have strategies to mitigate and manage them along the supply chain, Jüttner et al. (2003) proposed the implementation of a cooperation strategy. This strategy constitutes a joint effort between chain actors with three purposes: to improve supply chain visibility and

28

understanding; to share risk-related information; and to prepare supply chain continuity plans. Jüttner et al. (2003) portrayed the focus of many firms to integrate internally and neglect the importance to integrate externally. Their study supported the claim from Haywood (2002) that external integration is limited to first tier suppliers. The integration level as represented by different tiers of relationship and the impact to security was not discussed. This current research revisited this claim through the AEO case studies by evaluating the existence of multiple tiers in the principle-agent relationships.

Terrorism in Jüttner et al. (2003) was tangentially discussed as an external risk element affecting the business continuity. The offered cooperation strategy addresses general supply chain risks and does not focus on terrorism only. However, the strategies of control and security are closely related to the focus of this research. A control strategy involves the transfer of risks in the form of integration, contracts, and agreement. A security strategy addresses information system security, freight breaches, terrorism, vandalism, crime, and sabotage. The focus of the strategy is the ability to identify an abnormality in a supply chain. This strategy embraces the opportunity to work closely with government and other authorities (Manuj and Mentzer, 2008).