Juttner, (2005) defined Supply chain risk sources as any variable which cannot be predicted with certainty and from which disruption can emerge. Waters, 200 noted that supply chain risk is any event that might affect the flow and movement of material from initial supplier down to the final consumer. Building from the above definitions, supply chain risk is any factor that can course interference in the supply chain (supplier > manufacturer > distributor > retailer > consumer). Manuj and Mentzer, (2008) categorized four distinct risk in global supply chain: supply, demand, operational, and security risk
Supply risk is the possibility of an event occurrence associated with inbound supply that may cause failures from supplier(s) or the supply market, such that the outcome results in the inability of the focal firm to meet customer demand within anticipated costs, or causes threats to customer life and safety (Zsidisin et al. 2004). Supply risks reside in the course of movement of materials from supplier's suppliers to the focal firm, and include reliability of suppliers, single versus dual sourcing, make or buy decisions, centralized versus decentralized sourcing, and security issues.
Operations risk is the possibility of an event associated with the focal firm that may affect the firm's internal ability to produce goods and services, quality and timeliness of production, and/or the profitability of the company. Sources of operational risk reside within the firm and may result from a breakdown in core operations, inadequate manufacturing, or processing capability (Simons 1999), high levels of process variations, changes in technology that may render the current facilities obsolete, and/or changes in operating exposure.
Demand risk is the possibility of an event associated with outbound flows that may affect the likelihood of customers placing orders with the focal firm, and/or variance in the volume and assortment desired by the customer. Sources of demand risk reside in the movement of goods from the focal firm to the customer's customers. Sources of demand risk could be delayed/inappropriate new product introductions (leading the firm to either miss market opportunities or inventory write-offs/stock-outs due to inaccurate forecasting), variations in demand (caused by fads, seasonality, and new product introductions by competitors), and chaos in the system (caused by overreactions, unnecessary interventions, and distorted information from the downstream supply chain members) (Johnson 2001; Wilding 1998). Demand risks vary with the nature of the product, with functional products less risky than innovative products (Fisher 1997).
Information security risk is a threat from an unknown third party who may or may not be a member of the supply chain and whose motivation is to steal proprietary data or knowledge (i.e., intellectual property) and/or destroy, upset, or disable a firm's operations. The sources of information security risk include individuals within the firm leaking vital information to competitors, system hackers, and weak security/firewalls of members of the supply chain (Spekman and Davis 2004). Significant elements of infrastructure security risks are public and private utility services, for example, waterways, highways, airports, electricity and communications. Freight breaches - i.e., violation of the integrity of cargoes and products, leading to the loss or adulteration of goods (due either to theft or tampering for criminal purpose, e.g. smuggling weapons inside containers) - are a major security risk for supply chains.