Supply Chain Risk Management: A Review of Thirteen Years of Research

This paper performs a systematic literature review on supply chain risk management (SCRM). This review analyzes 133 articles published between 2005 and the first quarter of 2018. Its main purpose is to identify the developed strategies used to mitigate risks and improve supply chain performance. It appears that there is heterogeneity in the developed strategies and that quantitative methods simulation/modeling are the most used by researchers to mitigate supply chain risks (SCR). Although emphasis is made on the links between SCRM and performance or resilience, risk prevention strategies remain the least represented in the papers analyzed. We also find that there is no superior approach in the set of various risks management strategies and thus it is difficult to linearly establish, the successive evolutions of the models that would replace others.


Introduction
In its initial form, industrial production was apprehended on a linear diagram modeled on the single flows of products ranging from the supply of raw materials to the manufacturing and then to the market. Today, the short product life cycle combined with uncertain demand makes flow management more complex while lengthening the supply chain. This requires that new constraints must be taken into account in the management system for information, product and financial flows. Some companies have initiated production to order program, others have made upstream and/or downstream integration, and some have relocated or even outsourced to benefit from economies of scale and expertise. All these strategies have not only brought added value to their initiators but also generated difficulties in their management. While the objective remains to adapt to a highly changing and demanding environment, the consequences of deployment of each strategy are potential source of risks. These risks related to the loss of control, flexibility, comply with the requirements of quality, costs and deadlines, either the distortion of information due to agents opportunism.
In a context where companies evolve within a vast network of collaborators, the objective of reducing risks can help managers to improve their profitability.
For example, just-in-time production to limit waste, use of the Internet or ERP to effectively manage information [1], and the outsourcing of part of its production or transportation activities, are initiatives that have enriched the field of supply chain risk management research [2].
In industrial production chains, this reality is more obvious because the supply of millions of products meets the demand of a great number of people, each with specific preferences in different consumption contexts. While natural disasters, terrorist attacks, personnel strikes, accidents, can cause breaks and lengthen delays [3], above mentioned constraints and fierce competition increase vigilance of the managers.
After the "Subprime" crisis, which revealed the vulnerability of many supply chains, researchers' interest in SCRM issues has increased. And the number of publications available in this field of research experiences a remarkable evolution over the years [2]. Their results are different from one author to another. This testifies to the diversity of approaches around the understanding of the phenomenon. It is this reality that it justifies the choice to conduct a review of the literature on SCRM.
Others literature reviews have addressed the subject before in different angles.
For example [4] who investigated about how and why one supply chain disruption would be more severe than another. [3] reviewed various quantitative models for managing supply chain risks. He also related various supply chain risk management (SCRM) strategies with actual practices. More recently, [2] identified and classified potential risks related to different flows. [3] proposed robust strategies for mitigating supply chain disruptions. In the same vein, [5] have developed a conceptual framework of SC robustness that may contribute to increased SC resilience. [6] developed a framework to classify SCRM literature, focusing on risk-reducing and risk-mitigating strategies. The particularity of the present article belongs to the fact that it performs an analysis of the impacts of different risk management strategies identified on SC performance. We therefore aim to answer to the following question: what are the impacts of risks mitigation strategies identified on SC performance?

Risk Definition
The concept of risk is a confusing multidimensional construct [7]. Its apprehension through several works makes it one of the most discussed issues in management science. Risks can be defined as a possible variation in the distribution of supply chain results, their likelihood and subjective values [8] or a break in flow between the components of the supply chain. [9] defines risk as the probability of a loss and the importance of this loss for the organization or the individual. Risk is usually associated with the negative consequences of this event [10]. The supply chain risks are a set of obstacles to initiatives taken in the context of moving products from their place of production to the final consumer.
For [11], risk can be thought of as the probability that an undesirable event will occur at some point in a supply chain and the related consequences of this event on performance of the supply chain. They can therefore be considered as variables of internal or external environmental uncertainties which reduce the predictability of results [12]. These risks are demand-driven and are a result of disruptions emerging from supply chain operations [13]. In fact, these disruptions occur in the physical distribution of products to the end customer, especially in transport operations. Also, demand-related risks can arise from the uncertainty caused by customer's unpredictable orders [14].
Furthermore, the evidence of the risks that arise during the transportation and storage of the goods upstream of the supply chain, as well as the resulting financial losses is indisputable. The loss of goods caused by acts of terrorism, theft and accidents results in an additional cost for suppliers. These include the costs of transportation, the process of replacing goods, and the penalties that suppliers and customers face. As a direct result of these shortcomings, the customers turn to other suppliers to meet their demand and avoid breaks. Indirectly, in case of breakage, the corporate image of supplier can be tarnished. [15] groups the SCR into four categories and [16] into three. Globally, they can be divided into two broad groups: operational risks and strategic risks [15].
Their treatment may be considered as a means of value creation and a source of competitive differentiation within the supply chain. Above all, it consists of reducing the adverse impact of risk on performance [17]. For [18] there are two C. Elock Son American Journal of Industrial and Business Management broad categories of risks affecting supply chain design and management: risks related to supply and demand coordination and disruption risks related to normal business. Table 1 summarizes definitions of supply chain risks.

Supply Chain Risk Management (SCRM)
There is no consensus in the definition of supply chain management (SCM) and SCRM because of their newness in the management science literature. Some authors relate the origin of SCM to the 1990s through the work of [21]. By 1997, [22] identified more than 50 SCM definitions, categorized into five categories.
More recently, [23] identified 166 SCM approaches in their attempt to come up with a unique definition.
SCRM is defined as management through coordination or collaboration between channel partners to ensure profitability and continuity [3]. [24] defines SCRM as the firm's ability to understand and manage its economic, environmental and social risks within the supply chain. [17] sees the SCRM as a systematic approach to determining the best course of action in the event of uncertainty, which is by identifying, assessing, understanding, communicating and addressing risk-related issues. The SCRM can also be perceived as a collaborative and coordinated management between the partners in order to ensure profitability to the members of the chain. For [25], the SCRM helps the company build and maintain its competitive advantage. As the importance of managing supply chain risks increases, research in the field focuses on strategic issues [26] [27], and are among those that are making a great progress in this logistics field [28]. [29] argued that SCRM exists as a highly fragmented process involving different actors. [30] defended that there are two ways to manage risk. Firstly, it can be avoided or reduced; secondly it can either be transferred or shared, or accepted as is. From this perspective, risk-taking initiatives require that all stakeholders be integrated in the chain so that the level of understanding is the same for all. In this case, access to a large common database would increase risk acceptance by partners.
For [31], companies adopt two types of strategies in front of crisis: they could first respond in the short run by implementing solutions that allow them to quickly solve the problems. Then they manage their organizations, practices and systems through a learning process that will allow them to adapt more easily to other critical situations. For [32], the SCRM is backed on four key processes include risk identification, risk assessment, risk mitigation and risk monitoring.
Earlier, [17] established five phases of risk management: warning signs detection, preparation-prevention, response/reduction, recovery, and learning. [33] proposed 5 stages: risk identification, risk assessment, risk management, risk monitoring, organizational and personal learning including knowledge transfer.
Of all these stages, the authors are unanimous on risk identification as preliminary to any process of its management. In this article, we propose a management in six steps drawn as follows (see Figure 1). Risk refers to events with small probability but may occur abruptly, and these events bring substantial negative consequences to the system. [7] Supply risks Supply risk is defined as the probability of an incident associated with inbound supply from individual supplier failures or the supply market occurring, in which its outcomes result in the inability of the purchasing firm to meet customer demand or cause threats to customer life and safety.

C. Elock Son American Journal of Industrial and Business Management
[10] Strategic and operational risks Probability of a loss and the importance of this loss for the organization or the individual.
Demand risk; supply risk; regulatory, legal and bureaucratic risk; infrastructure; and catastrophic risk Risk is the negative deviation from the expected value of a certain performance measure, resulting in undesirable consequences for the focal firm.
[11] Supply risks Risk can be thought of as the probability that an undesirable event will occur during a certain period in a supply chain and the associated consequences of this event that affect the performance of the supply chain.
[13] Supply, demand and environment risks Risks can be considered as variables of internal or external environmental uncertainties that reduce the predictability of results.
[19] Operational risks Risk refers to variations in the distribution of outcomes from expected or agreed targets. [20] Procedure risks Control risks Demand risks Supply risks Environmental risks Risk is the variation in the distribution of possible supply chain outcomes, their likelihood, and their subjective value. Risk assessment is a process whose aim is to provide a framework for comparing risks and distinguishing between those that will need to be addressed and those that will not, on the basis of defined criteria. Evaluating risk is to determine its importance or value within the supply chain. Several approaches are used by authors to address this exercise. Among them, simulation techniques that make it possible to evaluate the losses and damages caused by external factors. They are made using advanced mathematical techniques through simulators that produce real-time scenarios of crisis events [35].
The information sharing and trust between supply chain actors considerably reduces risk [36]. The establishment of a transparent information system helps to link physical flows of goods with information flows. This promotes the timely management of transport and handling, and also reduces the risk of misinformation being transmitted [37]. [29] suggested five ways to reduce risk: -Reducing spatial distance of supply chain partners; -The establishment of in-house partnership, where the supplier settles in the customer's premises; -Improvement of the industry knowledge via cooperation and collaboration in buyer-seller relationship; -Improved product designs in terms of transportability and/or storability that reduces the risk of deterioration; -Risk spreading based on the implementation of a good level of flexibility or the creation of new options to amortize the risk [38].
Subscription to insurance policies is one of the means of transferring risks. [39] argued that the Insurance Companies could be a driving force to improve the SCRM. In the event of an incident, the insurer partially or fully covers the resulting financial damage. However, the concern stems from the vagueness of the logistics contracts, given the related services that accompany the transportation, handling or warehousing offer regarding the provisions and assurance of the underlying risk evolution [40].
To accept risk is to acknowledge that it as an event to be managed within the company. This acceptance assumes that the company develops comprehensive strategies to cope with risks [41]. This activity is a multi-step process based on the type of risk that managers face. [42] proposed the following risk acceptance steps: planning, mitigation, detection, response, recovery, while [43] proposed four particular stages: apprehension, planning, action and control.
Risk sharing is part of the New Institutional Economy (NEI) logic of [44]. The company feels almost obliged to use outside expertise to build or reinforce the offer for the end customer. Outsourcing is therefore one of the most common risk sharing techniques in the supply chain. Numerous studies have thus measured the link between the outsourcing of secondary activities and performance. Some of these researches analyze the relationship between logistics service pro-viders and industrial companies (customers) specifically upstream of the supply chain or throughout the chain. This is the case for example of [45] [46]. From all these developments, we can conclude that the concept of SCRM is at the center of the researchers' concerns. The analysis of the growing number of publications will make it possible to identify the still little explored tracks of this field of research.

Research Methodology
Main databases were investigated since the main objective was to compile all SCRM publications from 2005 to early 2018. The research was first done on Google scholar through keywords such as "supply chain risk", "supply chain risk management", "supply chain uncertainty", "demand risk management", "supply

Result of the Literature Review
Finally, we selected 132 articles written in English with the exception of [15] in french. We did not consider other languages because the bulk of management science publications are in English. They have been published in 26 journals presented in Table 2.

C. Elock Son
Similarly 8 methods have been identified and presented in Figure 3. As in [6] analysis, simulation and modeling methods dominate followed with survey by questionnaire methods. This result is also close to that of [48] who point out that quantitative, analytical and formal modeling of SCRM research output has been increasing rapidly since 2001. The set of mixed methods is inferior to the conceptual searches found in the database. This result positions the SCRM research more as an engineering related activity than managerial one. Similarly, the number of conceptual researches explains the non-maturation of SCRM research within social science. SCRM research remains in its early stage.
We performed a citation/co-citation analysis to prioritize the articles. [49] suggests that the free quotation service offered by Google Scholar operates a larger count of publications unlike the Web of Science considered to bias the count of articles published in American journals [6]. This research is based on the Google scholar count (performed 02/08/2018) and the following table presents publications with a score of at least 500 citations. 52% of the exploited items were cited more than 100 times. The most quoted article (1602 times) is that of [18]. By observing Table 3, the number of citations is almost related to the age of the article. In the category of more than 500 citations, only the article of [2] appears among the publications after 2010. In this same category, four articles are conceptual/theoretical analyzes [

Risk Sources and Identification
Risk identification is the first step in order to assure their management as mentioned above. Their care can be preceded by the identification of the sources that led to their occurrence. The identified research addresses this phase in four different ways.   [59]. -The third group proposes meanwhile models that allow the company to select a set of risk agents to be processed and then prioritize the proactive actionsin order to reduce its global impacts to supply chain performance (example of [60]). -The fourth group of researches proposes a new risk identification methodology for SC based on process engineering (example [60] [61]). All these means take part in risks identification process even if it remains difficult to accurately identifying points in the SC, where risks can arise [33].

Evolution of SCR Management Models
Authors note several evolution of research on the SCRM. Several strategic changes in the risk management approach have been identified in the field of SC [62]. [63] argued that the 1994 to 2010 publications on the SCRM mobilize different approaches. They note that most of these developments address the subject from a broad perspective, underestimating the relevance of a thorough analysis of the relationship between SCRM strategies and performance. [2] pointed out that "the intellectual structure of the field made statistically significant increased from 2000-2005 and evolved from passively reacting to vague general issues of disruptions towards more proactively managing supply chain risk from system perspectives". For [64], the scientific underpinnings of risk assessment and risk management are still somewhat fragile on some issues. The evolution of risk apprehension and management models is generally belonging to a debate between quantitative and qualitative analysis approaches that emerge from the different papers [65]. But this debate is more accentuated by the approaches that aim to apply risk theory to the SCRM. The authors point out, however, that this exercise is still in its early stages and that the SCRM models that have been proposed need to be tested empirically. Quantitative models are still limited in their contribution within SCM. They are suitable for managing certain risks such as operational risks, but not others, such as disturbances [3]. So, few researches use quantitative models, which would explain the lack of consensus in defining SC resilience. Therefore, [66] concluded that it is up to the operations and SC managers to identify what quantitative tools are available for different areas of application.
Although the debate on SCRM approaches is dominated by the duo of quantitative and qualitative models, the fact remains that there are more or less solid approaches within SC literature. For example, [47] established that formal modeling of SCRM research can be classified into eight categories from which they recognize supply uncertainty as a mature domain, and "sustainability risk" as an emerging field. The consideration of these elements is at the origin of the divergence of approaches in the literature. It is therefore difficult to consider one of approach as being superior to the other or to establish in a linear stream the successive evolutions of the models that would replace others.

Risks Mitigation Strategies and Resilience
Risk management within SCs is an ongoing activity. Although many tools allow today to address them, however, they struggle to eradicate completely. The uncertainty surrounding the environment is a catalyst for their occurrence and there is considerable evidence that companies will experience increasing turbulence in the future [67]. Companies looking for flexibility should therefore review their current risk management models that are made in a context of relative stability. However, the literature identifies a plurality of risk mitigation approaches. This plurality is related to diversity of risks surrounding each level of the supply chain. Though, the SCR assessment comes from the careful examination of impacts and from the consideration of cause-and-effect relationships [68].
Thus, some forty articles in this review analyze the impact of disruptions occurrence on the companies' behavior. This research aims globally to prepare the SC to cope with the unexpected. Some authors identify strategies developed to mitigate disturbances. [53] classified effective risk mitigation enablers in two groups: "enablers having a high driving power and low dependence requiring maximum attention and of strategic importance, while another group consists of those variables which have high dependence and are the resultant actions". [50] proposes robust strategies to mitigate disruptions. For the author, Supply Alliance Network strategies, Lead Time Reduction, and Recovery Planning Systems will allow a SC to effectively manage inherent fluctuations, regardless of the occurrence of major disruptions within SC activities. In addition, these same strategies will enable a supply chain to become more resilient to major disruptions. In this same order, [69] proposes the Supply Chain Risk Management Process (SCRMP) as an effective management technique for the risks related to the chain. Similarly, [70] identifies robustness and resilience as two key techniques for managing risk. [6] identifies eight unique categories of strategies developed by the authors to mitigate risks under two main approaches: reactive and proactive. She highlights that the reactive strategy is appropriate to address supply and internal risk, while the proactive should be applied to external risks and demand risks. Finally, [55] demonstrates through five stylized models that a firm does not need to invest in a high degree of flexibility to mitigate supply, process and demand risks; because the benefits are achieved for the most part with low levels of flexibility. From the above, we note that the risks assessment should be considered as an ordinary activity of the manager. An effective risk mitigation strategy should be built on consistent and robust internal processes to prepare the business to be proactive in the face of risk occurrence.
Outsourcing is another mitigation strategy. It allow firm to complete his core competences in order to meet market needs and improve their performance through strategic alliances. By making this choice, the company avoids some investment constraints and mitigates breakages that can arise within the SC. [71], proved that the outsourcing option is capable of covering two types of risks C. Elock Son American Journal of Industrial and Business Management (production capacity risk, price fluctuation risk). But not all activities are disposed to outsource. Firm can benefit to focusing on producing complex systems internally and outsourcing simple systems [72]. Knowledge granted from outsourcing can also help to improve supply chain practices. It can be used to find best way to manage risk. Managers can use specifics knowledge internally from their experiences or outside by creating strong partnerships with specialized companies. Even if there exists a diverging opinions on the contribution of outsourcing to the SC performance improvement, the benefits of this strategy is recognized by managers. Some researchers found a negative impact of outsourcing on SC performance while others do not. The authors fear that outsourcing reduces the capacity for innovation within the company, reduces flexibility or leads to the loss of control of outsourced activities by managers. The outsourcing strategy must therefore take into account these additional risks.
Even if, it is obvious that the problem is not the ignorance of above risks by the managers, the difficulties are inherent in their management [73].
Some authors advocate a careful inventory control to mitigate risks in a financial crisis [74] [75]. This strategy is different from that initiated in ordinary disruptions. For example [76] found that without financial constraints, the supplier always prefers the method of recording, by bearing all the risks on the inventory.
In the presence of financial constraints, the supplier will sell part of its stock to pre-ordering retailer, which leads to the sharing of inventory risk in the supply chain. However, [54] shows that inventory control is not an attractive strategy in an environment where disturbances are rare as large quantities of stocks have to be transported for long periods of time without interruption.
The largest number of the above risk management models comes from simulation/modeling methods. Therefore, risk mitigation strategies are not the same from one model to another or from one firm/sector to another. Even if [77] finds that owners of small manufacturing firms adopt the same defensive strategies to supply risks.
The occurrence of risks influences business activity at different levels. For example, the impact of terrorist attacks on inventory levels in SC can increase by 600% compared to normal operating conditions as a result of increasing the security measures on international borders [82]. Generally, when consequences are harsh, firms do not recover quickly from the negative effects of disruption [51]. This can take additional investment in new strategy to access to a certain level of performance. Managers therefore have to look for new network rela-C. Elock Son American Journal of Industrial and Business Management tionship: upstream and downstream. In upstream of the SC, the availability of a provider with specific capabilities and the nature of disruptions are key determinants of the optimal strategy [54]. The choice made in the single or multiple sourcing strategy can define the level of chain resilience. [84] found that multiple sourcing dominates single sourcing for low-impact and high-frequency disruptions, regardless of the level of risk aversion. But, single or dual source supply can be effective depending on the magnitude of the disruption probability [80].
Environmental uncertainty has to be integrated in the decision making process.
Practices that sufficiently align the strategy and environmental uncertainty are likely to lead to better SC performance [87].
The complexity of the supply base can increase disruptions frequency and reduce business performance. Especially when there are few alternatives in the choice of supply sources. Therefore, a company's level of commitment to its supplier can determine its degree of risk exposure [78]. Paradoxically, [83] assumes that lack of resources and visibility in supply activities can help to mitigate the effects of disruption risk. However, supplier integration can significantly contribute to this and thus provide a foundation to improve the firm's customer performance [85]. In conclusion, we can assume that the optimal choice of suppliers significantly impacts company's performance level.
Two mains considerations emerge from the impact of outsourcing to performance. The first found a significant impact of outsourcing on logistic performance (example [92] [93]) while the second do not (example [46] [94]). As above mentioned, it depends on when and what to outsource. Under production disruption, outsourcing could positivelyimpacts SC performance [88]. Managers are willing to outsource activities that do not provide a competitive advantage to the firm if managing internally [95] and keep those with distinctive capability, valuable, scarce, both difficult and costly to imitate [96].
The information distortion or bullwhip effect is one of the problems that affect the quality of forecasts and thus demand disruptions. It's characterized by an amplification of demand volatility in upstream of the supply chain [10]. It also seems to play an important role in the implementation of decision coordination mechanisms [97]. The authors stress that there is no only one best way to counter with this risk. It's the combination of strategies such as information sharing of sell-through and inventory status data, coordination of orders across retailers and simplification of the pricing/promotional activities of the manufacturer, that help to mitigate bullwhip effect and improve SC performance. A blunt collaboration based on the sharing of complete information between partners can lead to better performance [89]. Table 4 summarizes the main topics covered in various articles of this literature review.

Discussions and Conclusions
This paper aimed to investigate recent developments in SCRM research. Various  [163] risks were addressed (supply disruption risk, demand uncertainty, information distortion, Operational risk, sustainability risk, Financial Risk mitigation, Inventory risks management, terrorism, Catastrophic and environmental risks) as well as their consequences (loss of profit, less flexibility, customer dissatisfaction, low performance), but also the strategies developed by the researchers and applied by the managers to face the risks (single or multiple sourcing, outsourcing, supplier integration, inventory, customer relationship, mitigation, resilience, …).

C. Elock Son
This shows the growing interest of the SCRM within the industry.
However, by comparing the place of each group of risks in SCM, i.e., physical or informational flow related risks, a very little space is granted to the second group. Risk management related to physical flows remains the most treated topic [2]. Likewise, most of exploited papers analyze the risks upstream of the chain, specifically, the relations between the company and its suppliers. Very few are addressed to downstream relationships. The relations between the company and its market are almost ignored by the researchers. The very couple of researches that analyses demand uncertainty do not really seek the origin of their incons-C. Elock Son American Journal of Industrial and Business Management tancy. However, in a context where industries operate with fierce competition, these parameters should be further deepening based on risk management analysis. Deep market inside uncertainty due to the consumers' behaviors, retailer's power, market heterogeneity, price inconsistency and product characteristics are further preoccupations that authors need to integrate in their SCRM researches.
In addition, they may pay more attention to the information flow risk since their management is performance driver.
The authors paid little attention to the analysis of disasters, environmental risks and terrorist acts. Although the occurrence of the former is rare, the green supply chain movement and its requirements in terms of traceability and environment care should be considered as risk factors for SCs. Similarly, terrorism with their related consequences of new security requirements in international transactions, must increasingly integrate risk analysis models.
It is difficult to consider from several approaches of risks management, one as being superior to the others or to establish in a linear stream, the successive evolutions of the models that would replace others. However, dominant methods in the analyzed papers are quantitative with optimization approach, multivariate analysis, options contracts model, stochastic programming and simulation or surveys. There are few conceptual analyzes and very few case studies.
This testifies to the maturity of SCRM concept that was suffering from the proven measures. But, the abundance of optimization approaches makes certain research closer to the engineering sciences than the management sciences. This gap deserves to be filled to widen the spectrum of SCRM apprehension.
There is no consensus in the definition of SCR and SCRM. The authors propose definitions approaches according to the nature of the risk and the context of its occurrence. Although there are several SCRM approaches, there is a unanimous agreement in the final objective of this activity: to make SCs more resilient to the occurrence of risks. Unfortunately, there is little risk prevention model in the research explored. Authors should pay more attention to that.

Conflicts of Interest
The author declares no conflicts of interest regarding the publication of this paper.