ISO 31000:2009 Enterprise and Supply Chain Risk Management: A Longitudinal Study


This research attempts to fill two recently identified gaps in Supply Chain Risk Management (SCRM) research, specifically the lack of a common framework and limited empirical research. This research first attempts to determine if ISO 31000:2009 provides a foundation to advance SCRM research by standardizing the SCRM research framework, terms, and risk treatment categories. Secondly, it attempts to determine if ISO 31000:2009 is a useful framework for managers to link SCRM to enterprise risk management (ERM) when executing SCRM. Currently, there is no research that explicitly links SCRM to the ISO 31000:2009 ERM standard. In this study, longitudinal survey data were analyzed, and follow-up discussions with managers were used to achieve the research purpose. It was determined that current SCRM research frameworks have similarities with each other, but they also diverge to some extent. The ISO 31000:2009 framework encompasses existing SCRM frameworks, but it is more exhaustive than that, which includes the need for developing a strategic context for risk management and for ongoing performance monitoring. It is suggested that ISO 31000:2009 provides a foundation for extending and advancing future SCRM research. It was also found that firms increasingly recognize the importance of systematic SCRM, but SCRM integration and skills are lacking. Topics for future research are proposed, including for example using ISO 31000:2009 as a research foundation, potential outsourcing of SCRM, appropriate organizational structure for SCRM, deployment of IT, and SCRM return on investment.

Share and Cite:

S. Curkovic, T. Scannell and B. Wagner, "ISO 31000:2009 Enterprise and Supply Chain Risk Management: A Longitudinal Study," American Journal of Industrial and Business Management, Vol. 3 No. 7, 2013, pp. 614-630. doi: 10.4236/ajibm.2013.37072.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] D. Wu, D. Olson and J. Birge, “Introduction to Special Issue on ‘Enterprise Risk Management in Operations’,” International Journal of Production Economics, Vol. 134, No. 1, 2011, pp. 1-2.
[2] R. Hoyt and A. Liebenberg, “The Value of Enterprise Risk Man-agement,” Journal of Risk and Insurance, Vol. 78, No. 4, 2011, pp. 795-822.
[3] C. Smithson and B. Simkins, “Does Risk Management Add Value? A Survey of the Evidence,” Journal of Applied Corporate Finance, Vol. 17, No. 3, 2005, pp. 8-17.
[4] M. Beasley, R. Clune and D. Hermanson, “ERM: A Sta-tus Report,” The Internal Auditor, Vol. 62, No. 1, 2005, pp. 67-72.
[5] L. Hauser, “Risk Adjusted Supply Chain Man-agement,” Supply Chain Management Review, Vol. 7, No. 6, 2003, pp. 64-71.
[6] R. VanderBok, J. Sauter, C. Bryan and J. Horan, “Manage Your Supply Chain Risk,” Manufacturing Engineering, Vol. 138, No. 3, 2007, pp. 153-161.
[7] M. S. Sodhi, B. G. Son and C. S. Tang, “Researcher’s Perspective on Supply Risk Management,” Productions and Operations Man-agement, Vol. 21, No. 1, 2012, pp. 1-13.
[8] R. Tummala and T. Schoenherr, “Assessing and Managing Risks Using the Supply Chain Risk Management Pro- cess (SCRMP),” Supply Chain Management, Vol. 16, No. 6, 2011, pp. 474-483.
[9] O. Tang and S. N. Musa, “Identifying Risk Issues and Research Advancements in Supply Chain Risk Management,” International Journal of Production Economic, Vol. 133, No. 1, 2011, pp. 25-34.
[10] S. Black and L. Porter, “Identification of the Critical Factors of TQM,” Decision Sciences Journal, Vol. 27, No. 1, 1996, pp. 1-21.
[11] N. Capon, M. Kaye and M. Wood, “Measuring the Success of a TQM Programme,” International Journal of Qual-ity and Reliability Management, Vol. 12, No. 8, 1994, pp. 8-22.
[12] S. Curkovic, S Melnyk, R. Calantone and R. Handfield. “Va-lidating the Malcolm Baldrige National Quality Fram- ework Through Structural Equation Modeling,” Interna- tional Journal of Production Research, Vol. 38, No. 4, 2000, pp. 765-791.
[13] J. Dean and D. Bowen, “Management Theory and Total Quality: Improving Research and Practice through Theory De-velopment,” Academy of Management Journal, Vol. 19, No. 3, 1994, pp. 392-418.
[14] B. Flynn, R. Schroeder and S. Saka-kibara, “A Framework for Quality Management Research and an Associated Instrument,” Journal of Operations Management, Vol. 11, No. 4, 1994, pp. 339-366.
[15] V. Saraph, P. Benson and R. Schroeder, “An Instrument for Measuring the Critical Factors of Quality Management,” Decision Sciences, Vol. 20, No. 4, 1989, pp. 810-829.
[16] B. Nocco and R. Stulz, “Enterprise Risk Management: Theory and Practice,” Journal of Applied Corporate Finance, Vol. 18, No. 4, 2006. pp. 8-20.
[17] D. Bowling and L. Rieger, “Making Sense of COSO’s New Framework for Enterprise Risk Management,” Bank Ac-counting & Finance, Vol. 18, No. 2, 2005, pp. 35-40.
[18] C. Chapman, “Bringing ERM into Focus,” The Internal Auditor, Vol. 60, No. 3, 2003, pp. 30-35.
[19] B. Ballou and D. Heitger, “A Building Block Approach for Implementing COSO’s En-terprise Risk Manage- ment—Integrated Framework,” Man-agement Accounting Quarterly, Vol. 6, No. 2, 2005, pp. 1-10.
[20] A. Samad-Khan, “Why COSO Is Flawed,” Opera-tional Risk, Vol. 6, No. 1, 2005, pp. 24-28.
[21] J. Hallikas, I. Karvonen, U. Pulkkinen, V. M. Virolainen and M. Tuominem, “Risk Management Processes in Supplier Networks,” Interna-tional Journal of Production Economics, Vol. 90, No. 1, 2004, pp. 47-58.
[22] P. R. Kleindorfer and G. H. Saad, “Managing Disruptions in Supply Chains,” Production and Operations Management, Vol. 14, No. 1, 2005, pp. 53-68.
[23] I. Manuj and J. T. Mentzer, “Global Supply Chain Risk Management,” Journal of Business Logistics, Vol. 29, No. 1, 2008, pp. 133-156.
[24] M. Moody, “ERM & ISO 31000,” Rough Notes, Vol. 153, No. 3, 2010, pp. 80-81.
[25] ISO, “ISO 31000:2009, Risk Management—Principles and Guidelines,” International Standards Organization, Geneva, 2009.
[26] D. Gjerdrum and W. Salen, “The New ERM Gold Standard: ISO 31000:2009,” Vol. 55, No. 8, 2010, pp. 43-44.
[27] “AS/NZS. AS/NZS 4360:2004,” Risk Management Standard, Wellington, 2007.
[28] ISO, “ISO Guide 73:2009, Risk Manage-ment—Vocabu- lary,” International Standards Organization, Geneva, 2009.
[29] G. Purdy, “ISO 31000:2009—Setting a New Standard for Risk Management,” Risk Analysis, Vol. 30, No. 6, 2010, pp. 881-886.
[30] J. Blackhurst, T. Wu and P. O’Grady, “PDCM: A Decision Support Modeling Methodology for Supply Chain, Product and Process Design Decisions,” Journal of Operations Management, Vol. 23, No. 3-4, 2005, pp. 325-343.
[31] S. Kumar and J. Verruso, “Risk Assessment of the Security of Inbound Containers at US Ports: A Failure, Mode, Effects, and Criticality Analysis Approach,” Transportation Journal, Vol. 47, No. 4, 2008, pp. 26-41.
[32] Z. Liu and J. Cruz, “Supply Chain Networks with Corporate Financial Risks and Trade Credits Under Economic Uncertainty,” International Journal of Production Economics, Vol. 137, No. 1, 2012, pp. 55-67.
[33] G. Zsidisin and J. Hartley, “A Strategy for Managing Commodity Price Risk,” Supply Chain Management Review, Vol. 1, No. 2, 2012, pp. 46-53.
[34] G. Zsidisin and S. Wagner, “Do Per-ceptions become Reality? The Moderating Role of Supply Chain Resiliency on Disruption Occurrence,” Journal of Business Logistics, Vol. 31, No. 2, 2010, pp. 1-20.
[35] C. S. Tang, “Perspectives in Supply Chain Risk Man-agement,” International Journal of Production Economics, Vol. 103, No. 2, 2006, pp. 451-488.
[36] M. Laeequddin, G. D. Sardana, B. S. Sahay, K. Abdul Wa- heed and V. Sahay, “Supply Chain Partners Trust Building Process through Risk Evaluation: The Perspectives of UAE Packaged Food Industry,” Supply Chain Management, Vol. 14, No. 4, 2009, pp. 280-290.
[37] O. Khan and B. Burnes, “Risk and Supply Chain Man- agement: A Research Agenda,” The International Journal of Logistics Management, Vol. 18, No. 2, 2007, pp. 197-216.
[38] G. A. Zsidisin, L. M. Ellram, J. R. Carter and J. L. Cavinato, “An Analysis of Supply Risk Assessment Techniques,” In- ternational Journal of Physical Distribution & Logistics Management, Vol. 34, No. 5, 2004, pp. 397-413.
[39] K. Inderfurth and P. Kelle, “Capacity Reservation under Spot Market Price Uncertainty,” International Journal of Production Economics, Vol. 133, No. 1, 2011, pp. 272-279.
[40] M. Giannakis and M. Louis, “A Multi-Agen Based Frame- work for Supply Chain Risk Management,” Journal of Pur- chasing and Supply Management, Vol. 17, No. 1, 2001, pp. 23-31.
[41] E. Hol-schbach and E. Hofmann, “Exploring Quality Man- agement for Business Services from a Buyer’s Perspec- tive Using Multiple Case Study Evidence,” International Journal of Operations & Production Management, Vol. 31, No. 6, 2011, pp. 648-685.
[42] D. Kern, R. Moser, E. Hartman and M. Moder, “Supply Risk Management: Model Development and Empirical Analy-sis,” International Journal of Physical Distribution & Logistics Management, Vol. 42, No. 1, 2012, pp. 60-82.
[43] C. Y. Chiang, C. Kocabasoglu-Hillmer and N. Suresh, “An Empirical Investigation of the Impact of Strategic Sourcing and Flexibility on Firms Supply Chain Agility,” Interna- tional Journal of Operations and Production Management, Vol. 32, No. 1, 2012, pp. 49-78.
[44] S. Matook, R. Lasch and R. Tamaschke, “Supplier De- ve-lopment with Benchmarking as Part of a Comprehen- sive Sup-plier Risk Management Framework,” Interna- tional Journal of Operations and Production Management, Vol. 29, No. 3, 2009, pp. 241-267.
[45] M. Christopher, C. Mena, O. Khan and O. Yurt, “Ap- proaches to Managing Global Sourcing Risk,” Supply Chain Management, Vol. 16, No. 2, 2011, pp. 67-81.
[46] K. Eisenhardt, “Building Theories from Case Study Re- search,” The Academy of Management Review, Vol. 14, No. 4, 1989, pp. 532-550.
[47] C. Voss, N. Tsikriktsis and M. Frohlich, “Case Research in Operations Management,” International Journal of Op- erations & Production Management, Vol. 22, No. 2, 2002, pp. 195-219.
[48] M. Miles and A. Huberman, “Qualitative Data Analysis: A Sourcebook of New Methods,” Sage Publications, New- bury Park, 1984.
[49] B. Glaser and A. Strauss, “The Discovery of Grounded Theory: Strategies for Qualititative Reasearch,” Aldine, Chi- cago, 1967.
[50] D. M. McCutcheon and J. R. Meridith, “Conducting Case Study Research in Operations Management,” Journal of Operations Management, Vol. 11, No. 3, 1993, pp. 239-256.
[51] J. S. Armstrong and T. S. Overton, “Estimating Nonre- sponse Bias in Mail Surveys,” Journal of Marketing Re- search, Vol. 14, No. 3, 1977, pp. 396-402.
[52] J. H. Thun and D. Hoening, “An Empirical Analysis of Supply Chain Risk Management in the German Automo- tive Industry,” In-ternational Journal of Production Eco- nomics, Vol. 131, No. 1, 2011, pp. 242-249.
[53] R. E. Goodson, “Read a Plant—Fast,” Harvard Business Review, Vol. 80, No. 5, 2002, pp. 105-113.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.