تجزیه و تحلیل ریسک مبتنی بر دلفی - شناسایی و ارزیابی چالش های آینده برای امنیت زنجیره تامین در یک محیط چند ذینفعه

Identifying and assessing the potential impact and likelihood of future events, which might evolve into risks, are a prerequisite to identify future security challenges. In particular, risks associated with global supply chains are special since they involve a multitude of international stakeholders with different perspectives on security needs and measures. Therefore, it is essential to determine which techniques and instruments are best suited for risk assessment in complex and multi-organizational environments. The Delphi expert survey technique has proven to be a valuable instrument for long-term decision making support as well as foresight, and has a potential value for risk assessment. We contribute to this research strand and conduct a Delphi-based risk analysis. Our research concentrates on man-made risks in global supply chains which are particularly uncertain in terms of type, location, and affected supply chain partners and can therefore be classified as inherently “wicked” issues, i.e. issues that are multidimensional with often unpleasant outcomes. We illustrate that Delphi research makes a fivefold contribution to risk analysis by: (1) identifying and quantifying risks; (2) analyzing stakeholder perceptions and worldviews; (3) stimulating a global communication process; (4) identifying weak signals, outlier opinions, and wildcards; (5) and facilitating risk scenario development.

Much has been discussed about the various sources and impacts of risks likely to affect global supply chains in the 21st century. Increasing complexity, due to globalization, and leanness of structures and processes are major driving forces of supply chain risks and, therefore, supply chain vulnerability [1], [2] and [3]. Furthermore, the variety of stakeholders involved in managing supply chains, such as suppliers, manufacturers, retailers, logistics service providers, infrastructure providers like port authorities, as well as national and international governmental institutions contributes to the complexity and susceptibility of supply chains [4]. Consequently, disruptions to global flows of goods and related states of affairs around the world have drawn companies' and governments' attention to such situations [5]. The causes of such disruptions include natural catastrophes (e.g. flood or earthquake), man-made accidents (e.g. technological breakdowns), or intentional man-made attacks (e.g. theft or terrorism). Moreover, the UN Millennium Project recently identified organized crime and terrorism as two of the four most impactful global problems for the next 10–20 years. Furthermore, the risk of information warfare and cyber attacks is an emerging problem in our Internet-dependent global economy [6]. The risks associated with the operation of global supply chains, whether these concern the management of maritime shipping lines, supply chain information systems, or logistics infrastructural hubs, are quite high. Especially the substantial and far reaching losses due to man-made attacks – terrorism, crime, cyber attacks or piracy – have drawn attention. For example, maritime piracy was estimated to cost the international economy between $7 and $12 billion in 2010 [7]. Furthermore, re-routing ships due to piracy attacks costs Egypt $642 million a year due to lost revenues from Suez Canal fees, Kenya and Yemen together $564 million due to reduced trading activities and the Seychelles around $6 million due to fewer tourists. However, recent natural disasters (e.g. the flood in Thailand) and accidents (e.g. the nuclear accident in Fukushima) have forced industries and governments to re-evaluate their assessments, preparations for and handling of emergency situations. As a consequence, redesigning global supply chains, in order to make them more resilient and less susceptible to various kinds of disruptions by proactive planning, has become a major management issue [5], [8] and [9]. Furthermore, researchers and practitioners seek appropriate strategies to mitigate the impact of harmful supply chain disruptions [5], [10] and [11]. Usually, a common understanding or consensus does not exist about the problems as well as the sources and impacts that cause risks in international supply chains on a global level [12], [13] and [14]. Furthermore, man-made risks in global supply chains are uncertain in terms of type, location, and affected supply chain partners and are therefore inherently “wicked” issues [13] and [15]. A wicked problem is defined as an issue that is multidimensional with often unpalatable trade-offs. As described by Camillus [13], “a wicked problem has innumerable causes, is tough to describe, and doesn't have a right answer”. A wicked issue often involves multiple stakeholders with different perceptions of the problem, different perceptions of the appropriate procedure to solve the problem, and different perceptions of how the results and success of the solution should be evaluated [13] and [16]. In such uncertain wicked environments, it is difficult for relevant stakeholders to process information and make effective decisions [17]. Gonzalez [18] emphasized the importance of empirical studies to identify and assess relevant information in uncertain environments in order to derive appropriate strategies. Duncan [19] elaborated on the characteristics of the organizational environment and perceived environmental uncertainty in a seminal paper. Both authors argued that possible images of the future significantly affect strategies to cope with future uncertainties. Stakeholders from different regions and cultures often have different perceptions of situations and risks which could affect security in supply chains, depending on national or cultural backgrounds, their own position within the value chain, their experience, and so on [20] and [21]. In such situations, it is common to accidentally neglect relevant factors and important information, or draw misleading conclusions [22]. In order to be better prepared for the future, we need to systematically consider different stakeholder conditions, contexts, and limitations in order to gain a complete perspective of the wicked problem: supply chain security (SCS) [15]. An appropriate procedure which collects and evaluates all stakeholder aspects, including stakeholders' images of the future and opinions of the greatest challenges in SCS needs to be applied. Therefore, the first step is to identify which risks stakeholders perceive to be relevant in long-term SCS. These risks are inherently uncertain and have varying impacts and severity on supply chain partners [23]. The risk conditions are shrouded by ambiguity, information asymmetry, and organizational fragmentation [15]. In a second step, the identified risks need to be evaluated in a risk analysis process, which includes an estimation of risk probability and risk impact [24]. Due to similar challenges and characteristics of risk analysis and foresight, Koivisto et al. [25] recently proposed to investigate foresight methods for risk analysis due to their proactive nature. Several authors [18], [26] and [27] have already proclaimed the potential value of the Delphi method to analyze risks in a future setting. The authors argued that in uncertain environments it is necessary to analyze how uncertainties can impact business and supply chains. The conventional Delphi technique follows a structured, anonymous, multi-round survey process in written form, where expert opinions on future events and developments are summarized [28]. Thereby, this method overcomes drawbacks of traditional group discussions, such as the halo and bandwagon effects [29], and produces answers quicker and more accurately than individuals on the average [30] and [31]. Furthermore, the Delphi technique has been found to be helpful in examining uncertain world events, such as geopolitical changes, terrorist activities or volatile military actions [32]. Following this logic, we contribute to the field of supply chain security by examining the potentials of Delphi research for risk analysis. Our overall aim is to gauge to what degree the Delphi technique can support and improve risk analysis. We conduct a Delphi survey on the future of supply chain security in 2030 and aggregate the perceptions and views of the world of 80 international top decision makers from a multitude of stakeholder groups, such as industry, academia, politics and other associations. Thereby, this multi-stakeholder approach improves the general validity of our findings concerning the future of SCS. The remainder of the paper is organized as follows: In Section 2, we provide an overview of literature that points to the challenges of risk analysis or presents experiences with the Delphi method in the field of risk analysis. In Section 3, we present the methodology of the Delphi survey that was applied to gather data and the perceptions of stakeholders for the future of SCS. In Section 4, we propose how the Delphi data can be applied for risk analysis, before we discuss and evaluate the benefits of the collected Delphi data for risk analysis in Section 5: we illustrate how we (1) identify and quantify security risks for global supply chains, (2) determine stakeholder perspectives and world views, (3) stimulate a global communication process, (4) identify weak signals, outlier opinions, and wildcards, and finally (5) facilitate a risk scenario development. Section 6 concludes with overall reflection, limitations and suggestions for future research.

The overall aim of this research was to illustrate and assess the applicability of the Delphi technique for risk analysis, including risk identification and estimation thereof. In order to be able to draw future-oriented conclusions, we selected the topic SCS, which has been determined to include wicked problems such as terrorism [13]. We were able to illustrate and assess five major benefits of Delphi data for risk analysis: (1) identification and quantification of risks, (2) analysis of stakeholder perceptions and worldviews, (3) stimulation of global communication process, (4) identification of weak signals, outlier opinions, and wildcards, (5) and facilitation of risk scenario development. In essence, Delphi can assist in reducing uncertainty and thereby the companies' susceptibility and vulnerability to various kinds of disruptions. The method has already been recommended to be especially helpful in the field of security and terrorism [32] and [68] without enlisting specific reasons in more detail or providing empirical data. Consequently, there was a research gap of empirical support in how to apply the method in this field or what specific benefits it has for analyzing risks in a global environment, which we attempted to close. The Delphi method – especially if applied in a real-time version – has several benefits which are particularly helpful for risk analysis. First, it allows quantifying uncertainty and risks by conducting a multi-stakeholder survey without being restricted by the variety of experts' time and place. Including the different worldviews from an international panel of experts is crucial for topics such as supply chain management or terrorism, which have global sources and consequences. We demonstrated an effective evaluation process of relevant factors of SCS regarding probability of occurrence, desirability of occurrence and impact on industry using an online Delphi platform. Thereby, we were able to determine which topics are expected to be relevant in the future and which are not in order to address crucial uncertainty in SCS. Second, the stakeholder analysis of our panel revealed that there are topics on which experts are currently discordant. Consequently, we split our sample into ‘relaxed’ and ‘concerned’ experts in order to gain more insights from our data. We noted that the individual positions of the two groups could be logically substantiated by the collected arguments. This differentiation would not be possible by only considering quantitative data. A further analysis of the characteristics of ‘relaxed’ and ‘concerned’ experts can be conducted unboundedly according to the interest of the risk analyst. Applying the Delphi technique for risk analysis should therefore include written justifications for estimates in order to allow for a more in-depth stakeholder analysis. Third, we demonstrated how the Delphi method stimulates and facilitates an extensive communication process by giving direct and reasonable feedback. Thereby, the method assists the convergence or respectively divergence among panelists and therefore unveils various worldviews in risk perception. Both processes offer valuable findings for multiple stakeholders. Especially extreme arguments and outlier opinions can be productively used to generate wildcards and to identify weak signals in a fourth step. These weak signals have the potential to initiate a serious change in technological, social, economical or political developments and are therefore valuable to be aware of as early as possible. Wildcards, on the other hand, can be used to evaluate the robustness of a company in case of an unexpected and improbable event. Finally, we conducted scenario development in order to expand the future horizon and scope of risk analysis. We illustrate that both portfolio-based scenarios and scenario axes can add a complementary value for risk analysis. Furthermore, we contribute to supply chain risk and security research by providing a methodology for quantitative assessment of targets, sources and causes as well as measures and consequences of supply chain disruptions in a security context. We provide empirical data for assessing risks and possible mitigation strategies. Additionally, we consider the topic in an inter-organizational set-up including perspectives of the corporate world as well as governmental institutions. Therefore, we address some of the main research gaps identified in the supply chain domain. Although our focus was on man-made attacks, the application of the Delphi method is not limited to this kind of disruption. It can also be used to analyze risks related to accidents or natural catastrophes. However, as with any research endeavor, this paper has some limitations. First, the conventional Delphi technique may be more time consuming than other techniques, such as group discussions. We tried to compensate this by using a real-time version of the technique. However, selecting and involving appropriate experts still require a great deal of effort. Therefore, implementing an (expert) network or Delphi modifications which allow a more continuous analysis process [28] and [115] would counteract this aspect. Moreover, the expert panel assessed only three dimensions: probability, impact, and desirability. Future research might examine the potentials of other dimensions for risk analysis, such as feasibility of measures, urgency for actions, or awareness of issues. Second, certain subjectivity in risk analysis by Delphi still exists. Even if we were able to reduce it, the projection development, as well as the selection of the surveyed topics, remains arbitrary to the facilitator. Moreover, the identification of weak signals and wildcards, as well as the development of the extreme scenarios, is still dependent on the experience of the analyst. Third, we assume that the assumption of Parenté [32], that a close terrorist attack can bias the Delphi results, might also be applicable to our data. If one considers that piracy along the coast of Somalia and Yemen has strongly increased since 2008, and this has been communicated in the media, the dissent in the projections about the role of infrastructural nodes (2), regional consequences (3) and increased transport times (14) could be caused by experts, who are more or less affected by the consequences of piracy. However, this does not weaken our findings, but confirms the usability of the real-time Delphi method in the field of SCS since we were able to identify the current areas of increased interest among experts. Fourth, we focused our research on the contribution of Delphi for risk analysis, its identification and assessment. Future research might expand this perspective and examine potential linkages of Delphi in the entire risk management process and its combination with other supportive risk or foresight methods to a multi-method approach (e.g. in combination with cross-impact analysis [115]).It might even be possible to develop a framework for Delphi-based risk management.