Ericsson���s proactive supply chain risk management approach after a serious sub-supplier accident Andreas Norrman Department of Industrial Management and Logistics, Lund University, Lund, Sweden, and Ulf Jansson Ericsson AB, Sweden, Core Unit Supply, Stockholm, Sweden Keywords Supply chain management, Risk management, Business continuity, Insurance Abstract Supply chain risk management (SCRM) is of growing importance, as the vulnerability of supply chains increases. The main thrust of this article is to describe how Ericsson, after a fire at a sub-supplier, with a huge impact on Ericsson, has implemented a new organization, and new processes and tools for SCRM. The approach described tries to analyze, assess and manage risk sources along the supply chain, partly by working close with suppliers but also by placing formal requirements on them. This explorative study also indicates that insurance companies might be a driving force for improved SCRM, as they now start to understand the vulnerability of modern supply chains. The article concludes with a discussion of risk related to traditional logistics concepts (time, cost, quality, agility and leanness) by arguing that supply chain risks should also be put into the trade-off analysis when evaluating new logistics solutions ��� not with the purpose to minimize risks, however, but to find the efficient level of risk and prevention. Introduction Background In industry, especially those industries moving towards longer supply chains (e.g. due to outsourcing) and facing increasingly uncertain demand as well as supply, the issue of risk handling and risk sharing along the supply chain is an important topic. The leaner and more integrated supply chains get, the more likely uncertainties, dynamics and accidents in one link affect the other links in the chain. Hence, the supply chain vulnerability (Svensson, 2000 Christopher et al., 2002) increases, and it will increase even more if companies, by outsourcing, have become dependent on other organizations. A number of current business trends that increase the vulnerability to risks in supply chains are: . increased use of outsourcing of manufacturing and R&D to suppliers . globalization of supply chains . reduction of supplier base . more intertwined and integrated processes between companies . reduced buffers, e.g. inventory and lead time . increased demand for on-time deliveries in shorter time windows, and shorter lead times . shorter product life cycles and compressed time-to-market The Emerald Research Register for this journal is available at The current issue and full text archive of this journal is available at www.emeraldinsight.com/researchregister www.emeraldinsight.com/0960-0035.htm IJPDLM 34,5 434 Received July 2003 Revised February 2004 Accepted March 2004 International Journal of Physical Distribution & Logistics Management Vol. 34 No. 5, 2004 pp. 434-456 q Emerald Group Publishing Limited 0960-0035 DOI 10.1108/09600030410545463

. fast and heavy ramp-up of demand early in product life cycles and . capacity limitation of key components. Souter (2000) stresses that companies should not only focus on their own risks: they must also focus on risks in other links in their supply chain. According to Lambert and Cooper (2000) and Mentzer et al. (2001), for example, a key component for supply chain management (SCM) is sharing both risks and rewards between the members of the supply chain. This is often mentioned, but not further elaborated on, in traditional SCM literature. The focus of supply chain risk management (SCRM) is to understand, and try to avoid, the devastating ripple effects that disasters or even minor business disruptions can have in a supply chain. Some examples of risk sources and such ���supply chain rippling effects��� from the last few years are: . Hurricanes. Hurricane Floyd flooded a Daimler-Chrysler plant producing suspension parts in Greenville, North Carolina (USA). As a result, seven of the company���s other plants across North America had to be shut down for seven days. . Diseases. The foot-and-mouth disease in the UK in 2001 affected the agriculture industry more than its last outbreak 25 years ago. The reason for this was that former local and regional supply networks had become national and international, and that the industry was much more consolidated (Juttner �� et al., 2002). But many other industries were also affected: luxury car manufacturers like Volvo and Jaguar had to stop deliveries due to lack of quality leather supply. . Fires. Toyota was forced to shut down 18 plants for almost two weeks following a fire in February 1997 at its brake-fluid proportioning valve supplier (Aisin Seiki). Costs caused by the disruption were estimated to be $195 million and sales loss was estimated to 70,000 vehicles (, $325 million) (Converium, 2001). . Demand. Rapidly weakening demand coupled with locked-in supply agreements made Cisco take a $2.5 billion inventory write-off in Q2 2001. . Supply. Inaccurate supply planning led Nike to an inventory shortage of ���hot��� footwear models and the sales for Q3 2001 were $100 million off target. . Supply chain capacity risks. In a situation where demand is very uncertain, and the capacity bottleneck is far upstream from the market place, the risk of investing in more capacity could be a joint issue for the whole supply chain, and different instruments for supply chain risk sharing can be used. Purpose Recently, the interest of supply chain risk management has increased in purchasing, logistics and supply chain management research (e.g. Smeltzer and Siferd, 1998 Zsidisin and Ellram, 1999 Hallikas et al., 2000 Ritchie et al., 2000 Lindroth and Norrman, 2001 Johnson, 2001 Lamming et al., 2001 Christopher et al., 2002). This article aims to extend current SCRM knowledge by describing and sharing insights of a company���s new organization, processes and tools focused on SCRM. The company is Ericsson, a leading telecom company seriously affected by a fire at a sub-supplier some years ago, an accident which has been widely reported (e.g. TheWall Street Journal, 2001). Ericsson���s proactive approach 435

The remainder of the paper is structured as follows. First, literature related to supply chain risk management and business continuity planning in a supply chain perspective will be summarized to give a background of the topic. Then there is a short discussion of the methodology. Next, the case is introduced by a short description of the ���Albuquerque incident��� that increased Ericsson���s focus on supply chain risk management. The following section describes Ericsson���s current approach to SCRM, and the paper ends with a concluding discussion. Supply chain risk management The underlying definition of SCRM in this article is: Supply chain risk management is to [collaborate] with partners in a supply chain apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources (Norrman and Lindroth, 2002). Supply chain risk management could of course deal with risks for a single company, or even with the impact on a single logistics activity. But following the definition, the unit analyzed should represent a buyer-seller relationship (a dyad) or, preferably, a supply chain of three or more companies. Two important dimensions in the definition are risk and uncertainties and the risk management process, which will now be further elaborated on. Risk and uncertainty Deloach (2000) defines business risk as ���the level of exposure to uncertainties that the enterprise must understand and effectively manage as it executes its strategies to achieve its business objectives and create value���. A more standard definition of risk is ���risk is the chance, in quantitative terms, of a defined hazard occurring. It therefore combines a probabilistic measure of the occurrence of the primary event(s) with a measure of the consequences of that/those event(s)��� (The Royal Society, 1992, p. 4). Hence, risk is a quality that reflects both the range of possible outcomes and the distribution of respective probabilities for each of the outcomes. This ���quantitative definition��� could be expressed: Risk �� Probability (of the event) * Business Impact (or severity) of the event, often illustrated in a risk map or matrix (Figure 1). While risks can be calculated, uncertainties are genuinely unknown. But as soon as the ���quantitative definition��� is left for a broader and more business oriented perspective, the term also gets fuzzier. Juttner �� et al. (2002) have also observed that the use of the term ���risk��� can be confusing, and they argue that risk should be separated from ���risk (and uncertainty) sources��� and ���risk consequences��� (equal to the term risk impact). Risk sources are the environmental, organizational or supply chain related variables that cannot be predicted with certainty and that affect the supply chain-outcome variables. Juttner �� et al. (2002) suggest organizing risk sources relevant for supply chains into three categories: (1) Numbers: external to the supply chain. (2) Internal to the supply chain. (3) Network related. External risk sources are exemplified by ���political risks���, ���natural risks���, ���social risks���, ���industry/market risks��� (e.g. volatility of customer demand). Internal risk sources IJPDLM 34,5 436