Next Article in Journal
Mitigating Selection Bias in Recommendation Systems Through Sentiment Analysis and Dynamic Debiasing
Next Article in Special Issue
Exploring Boost Efficiency in Text Analysis by Using AI Techniques in Port Companies
Previous Article in Journal
Experimental Study on the Durability of Geotextile Containers Against Light and Heat Under Spray-Coating Protection
Previous Article in Special Issue
Using Neutrosophic Cognitive Maps to Support Group Decisions About Modeling and Analyzing Smart Port Performance
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 15
Issue 8
10.3390/app15084169
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Evaluation of ISO 31010 Techniques for Supply Chain Risk Management in Automotive Suppliers

by
Ualison Rébula de Oliveira
1,
Tommy Figueiredo Brasil
1,
Vicente Aprigliano
2,*,
Ciro Rodrigues dos Santos
1 and
Gilson Brito Alves Lima
3
1
Programa de Pós Graduação em Administração, Universidade Federal Fluminense, Volta Redonda Campus, Volta Redonda 27213-145, Brazil
2
Escuela de Ingeniería de Construcción y Transporte, Pontificia Universidad Católica de Valparaíso, Valparaíso 2362804, Chile
3
Escola de Engenharia, Universidade Federal Fluminense, Niterói Campus, Niterói 24210-240, Brazil
*
Author to whom correspondence should be addressed.
Appl. Sci. 2025, 15(8), 4169; https://doi.org/10.3390/app15084169
Submission received: 17 March 2025 / Revised: 3 April 2025 / Accepted: 7 April 2025 / Published: 10 April 2025
(This article belongs to the Special Issue Intelligent Logistics and Supply Chain Systems)
Browse Figures
Versions Notes

Abstract

:
Supply chain risk management (SCRM) has become an increasingly relevant field of study, driven by operational challenges, global crises, and the increasing complexity of supply chains. Although the number of publications on the topic has increased significantly over the last two decades, empirical research aimed at practical applications is still limited. In this context, the present research aims to select and rank tools for use in SCRM in direct and indirect suppliers of the automotive industry. As a secondary objective, the research aimed to identify which risk management stages (identification, analysis, and assessment) are most relevant for SCRM. Methodologically, the research was conducted in two main stages, the first involving the Delphi method in twenty suppliers (Tier 2) to select and evaluate risk management tools and the second involving the AHP method in an auto parts manufacturer (Tier 1) to rank the tools raised in the previous step. The main results show that the risk identification phase is considered the most relevant in the SCRM process, being prioritized by 56% of the experts. Regarding the tools, the ISO 31010 techniques most suitable for SCRM in suppliers, in order of priority, are FMEA, SWIFT, and cause and consequence analysis, standing out for their ability to identify and prevent failures.

1. Introduction

According to Mital et al. [1], growing competition requires the industry to expand its concentration on core competencies and reduce manufacturing verticalization, leading to a new dimension of cooperation of numerous companies in the form of supply chains. However, since these industries depend on different levels of suppliers, processes, warehouses, and distribution channels, they consequently increase the complexity of their activities, mainly due to issues related to reductions in stock levels, delivery time, product and geographic dispersion [2,3]. Christopher and Lee [4] also note that supply chains are not a simple series of processes, but complex networks [5,6], where disruptions can occur at any time and harm everyone involved [7].
When the dependence between companies increases, they are more exposed to risks [3,8]. This is because supply chains are increasingly connected and, consequently, increasingly subjected to interruptions [9]. As an example, Thun and Hoenig [10] cite a loss of millions of dollars that occurred with the German component supplier Robert Bosch (Tier 1), which delivered defective high-pressure pumps for diesel injection systems to its customers in early 2005. This error was caused by a Bosch sub-supplier (Tier 2), thus compromising the entire supply chain. Similarly, in 1996, an 18-day strike at a brake supplier factory disrupted operations, leading to idled workers at 26 General Motors plants. This strike resulted in an impact of USD 900 million [11].
In these examples, where raw materials or components represent between 50 and 70% of the added value of a supply chain, supplier performance significantly impacts many product dimensions such as cost, quality, and on-time delivery [12]. In monetary terms, Kern et al. [13] estimates that interruptions in the automotive production chain have the potential to generate daily losses of around USD 100,000,000.00.
Although the automobile companies Toyota, Honda, Nissan, Chrysler, Ford, and General Motors have implemented several risk management programs in their production chains over the years, [14,15] note that the existing literature provides little in terms of operational frameworks for its realization. To fill this gap, De Oliveira et al. [16] found twenty-seven models of risk management in the supply chain in the literature, reaching the conclusion that there was no consensus among researchers about the best model for practical application in the daily operation of companies. Just as an example, with regard to the steps for its realization, authors such as Juttner et al. [17] define the existence of four stages, Harland et al. [18] establish five steps, and Ritchie and Brindley [19], in turn, defend performing the SCRM in seven stages. As for De Oliveira et al. [16], the standard established by the ISO 31000:2009 standard [20] is the one that best presents itself as a systematic procedure for performing the SCRM.
Despite the relatively recent identification of the twenty-seven models and the finding that ISO 31000 could be used as a systematic procedure for carrying out the SCRM, part of the findings of Matook et al. [15] still persevere, that is, there is still a lack of empirical research on “how to do” SCRM in practice [21,22]. Seeking to fill part of this gap, [21,22,23] developed empirical research looking for tools that could be used to implement SCRM in industry while De Oliveira et al. [24] researched the development of SCRM in services. The recent efforts of these empirical studies align with the recommendations of Sodhi et al. [25], who, more than a decade ago, pointed to the need to develop research based on practical applications in the industry through case studies.
If, in general, research on the practical implementation of SCRM is scarce, this gap is even greater when this topic is delimited into direct and indirect suppliers. Dias et al. [21], for example, found that in the period from 2009 to 2020, only one practical application work was published focusing on suppliers in the automotive industry. Seeking to fill this gap, the present research aims to select and rank the most appropriate tools for use in SCRM in suppliers of the automotive industry. As a second objective, the research seeks to identify the most relevant stage of risk management (identification, analysis, or assessment) for the implementation of SCRM. This aspect is crucial since the difficulty in selecting appropriate tools for risk management in suppliers can be minimized by knowing the most critical phase of the process. In this way, it becomes possible to prioritize tools that are strongly applicable to this stage, optimizing the effectiveness of risk management in the supply chain. As a starting point, following the example of recent research [21,22,26,27,28], the present research will use the ISO 31010 standard [29] to identify the most appropriate tools since this standard provides guidance on the selection and application of more than thirty systematic techniques for risk management. For this purpose, a multinational company in the automotive sector located in Rio de Janeiro (Brazil) and twenty of its main suppliers were selected in order to rank, according to the professional knowledge of the research participants, which tools would be the most appropriate for the supply chain risk management for this business segment.
It is noteworthy that the present research does not intend to completely solve the gap that has been presented so far (lack of empirical research on how to develop the SCRM). But a starting point is sought, which will begin with choosing the most appropriate tools for SCRM in suppliers. It is understood that only in future research (perhaps to continue this and, perhaps, through the development of action-type research) will we be able to bring more robust results on a practical application of the tools that will be selected now. The delimitation of the present study focuses on this point. In other words, efforts will be made to select and prioritize the most suitable tools for SCRM in suppliers of the automotive industry.
The relevance of the topic is linked, not exclusively, but mainly, to the following aspects: (i) comprehensively understanding what the risk is, where the risk exists and how to mitigate the risk, and whether the risks presents itself as a challenge for additional research in supply chain management [30]; (ii) supply chain risk management is positively related to supply chain resilience [31,32]; (iii) ensuring continuity of supply is one of the most critical objectives of the supply chain [15,33]; (iv) when suppliers proactively initiate risk management actions, the buyer is more likely to achieve resilience [7,34]; (v) with regard to “hands on” risk management processes, there is a gap caused by a lack of empirical research [25]; (vi) since there is a relationship between sustainability and the level of resilience [35,36], a good risk management process improves the sustainability of the supply chain [37,38].
The next sections will present the research, segmented as follows: Section 2 will address a review of the literature on the subject, bringing up concepts about SCRM, SCRM with a focus on suppliers, ISO 31000 and 31010 standards, and sustainability and SCRM; Section 3 will address the methodological aspects used in the research, approaching the steps that were followed in the unfolding of the empirical study; Section 4 and Section 5 will organize and discuss the results and, finally, the last section will conclude the research, bringing the main considerations and analyzing whether the objectives that were initially aimed by the research were achieved.

2. Literature Review

2.1. Supply Chain Risk Management

De Oliveira et al. [24] and Purdy [39], define “risk” as the effect of uncertainty on objectives. For Ekwere [40], risk is the possibility of suffering economic and financial losses or physical damage as a result of an uncertainty inherent in actions. Resnik [41] and Dias et al. [42], in turn, see risk as a product of two components: (1) the probability of damage; and (2) the magnitude (or severity) of the damage.
According to De Oliveira et al. [43] and Ghadge et al. [44] supply chain risk can be broadly defined as exposure to an event that causes disruption, affecting efficient supply chain management. Manuj and Mentzer [45] classify those risks as “quantitative” or “qualitative”. Quantitative risks include lack of inventory, high inventory, obsolescence, and inadequate availability of components and materials in the supply chain. Qualitative risks include inaccuracy and unreliability of components and materials in the supply chain. Manuj and Mentzer [45] also divide risk sources into supply risks, operational risks, demand risks, security risks, macro risks, policy risks, competitive risks, and resource risks. The first four risks are specifically associated with the supply chain, since they interrupt supply and/or distribution operations.
Hunt et al. [46] and Dias et al. [47] state that the risks inherent in the supply chain have an exogenous element for any participant, since each company that composes a given chain has its own objectives and reasons, which may conflict with other links in the supply chain. This is the reason why supply chain management is complex [21,22,48], since it covers not only the company itself, but also all its partners along the chain. In turn, Rangel et al. [49] suggest 14 different types of risks to supply chains, according to the vulnerabilities to which they can be exposed. These risks are shown in Table 1.
The proposed classification system facilitates the understanding of risk management in a supply chain, simplifying the identification process while indicating the process in which the risk can occur among planning, supply, production, delivery, and return. For Rangel et al. [49], it is essential to use a risk classification system that addresses the risks that can make a supply chain vulnerable. The authors conclude that the proposed risk classification is the first attempt to standardize the types of risk relevant to supply chains, suggesting its use in SCRM.
With the complex relations between and within companies, it is hard to imagine a supply chain management process without considering risks. There are numerous documented challenges regarding risk identification and mitigation at different stages and scales in a supply chain, which evidence how challenging it is to manage a supply chain.
Thun and Hoenig [10] developed an empirical study on manufacturing plants in the German automotive industry, based on the likelihood of risks and their potential impact on the supply chain. The results of this study show that companies with the application of SCRM have better performance. On the other hand, companies with a reactive approach to SCRM present higher average values of disruption resilience or even reduction of the bullwhip effect. In contrast, those with a preventive approach show better flexibility and safety stocks.
Tummala and Schoenherr [50], through an extensive review of the literature, propose a risk management process for managers to assess and manage risks in a supply chain. For the authors, this process should consider the following stages: risk identification; risk measurement; risk assessment; risk evaluation; risk ranking; risk acceptance; risk mitigation and contingency plans; and control and monitoring.
Lavastre et al. [51] develop an empirical and descriptive research on SCRM, surveying 142 managers in French companies. Besides the stages an SCRM can have, Lavastre et al. [51] highlights the multiple sources of risk a supply chain may have related to process, control, demand, supply, and environment. This study indicates that collaboration is essential for an effective SCRM, in terms of meetings and timely and relevant exchange of information, besides establishing joint and common processes within firms and partners of a supply chain.
El Baz and Ruel [52] evaluate the effect of SCRM strategies in the face of the COVID-19 outbreak through structural equation modeling and survey data from 470 French firms. This study shows that mediation manager roles are essential for SCRM practices to promote better resilience and robustness within a supply chain.
Through an extensive literature review and an illustrative case study, Daghfous et al. [53] evaluate the importance of knowledge loss on the SCRM. Results of this study show that knowledge loss may significantly affect the performance of a firm. Therefore, it should be added as a typology of risk within an SCRM process for companies.
Yang et al. [54] evaluate antecedents and consequences in terms of information processing capacities in the SCRM process within the COVID-19 context, with the support of data collected from a survey applied to manufacturers in China. This study found that information processing capacities and requirements can effectively improve SCRM capabilities, resulting in an enhancement of the supply chain resilience in the face of uncertainties.
Also, in the face of COVID-19 impacts and through interviews with key actors of supply chains, Hohenstein [55] evaluates SCRM strategies and their implications on global logistics service providers’ performance. It can be highlighted that one of the results of the study shows that robustness and agility are key factors in promoting a better business performance because it reflects on the capacity of managers to learn from experience, this way leading to a dynamic reconfiguration of the SCRM process in order to mitigate or even prevent disruptions.
SCRM focuses on the way to control factors that may negatively affect the functioning of the supply chain, improving its reliability [56]. Moreover, SCRM greatly influences the stability of dynamic cooperation between supply chain partners and is therefore important for the performance of operations [57], since it seeks to identify potential sources of risk and appropriate implementations to prevent or restrict supply chain vulnerability [58]. SCRM is a formal process that involves identifying potential losses, understanding their probability, and assigning their significance [59]. To strengthen the whole system, the performance of the weakest link needs to be improved. This assumption elicits considerations about targeted mitigation and contingency, in which the application of these strategies in the worst performing suppliers can substantially improve the performance of the entire supply chain [60].
Park et al. [32] highlight that an excessive emphasis on lean manufacturing can also impair the functionality of the entire supply chain due to its lack of flexibility and limited responsiveness. The results of this study indicate that the ambidextrous approach, which combines supply chain resilience and low-cost operational efficiency, is more effective in mitigating vulnerabilities and has a greater impact on the organization’s market share. These concerns have become even more relevant during the COVID-19 pandemic. Given that essential product chains need to remain operational during deep crises, it is crucial to implement adaptive strategies to maximize supply, inventory, and transportation in order to mitigate risks [33]. In addition to operational aspects, it is essential to understand supply chain risk management (SCRM) systemically, as disruptions can propagate across different economic sectors globally and over an extended period [6].

2.2. Supplier Perspective on Risk Management

According to Cagnin et al. [61], there are no specific requirements that define the prioritization criteria for SCRM applied to suppliers. The authors recommend further investigation into how different companies work to assess risks in supply chain management. Lockamy and McCormack [62] found that one-third of an organization’s suppliers could reduce their risk impact on the company by at least 77% by applying SCRM methods. The company, together with its supply chain partners, must work to minimize the likelihood of risk events with the greatest impact on the organization and the greatest chance of occurrence. Organizations, along with their suppliers, should develop targeted approaches to minimize risk as part of a comprehensive program of supply risk management.
Focusing on the impact of a collaborative relationship between industrial and supply partners on the SCRM, Lavastre et al. [63] proposes a framework that is tested on data collected from French companies. The proposed framework has four main elements: characteristics of firms and respondents; perception of supply chain risk; relationship between focal and supply firms; and risks mitigation methods. The first involves understanding key features of the firms in terms of size, activity, sector, and others. The perception element is differentiated from “risk identification” because it is a passive approach. In other words, it is without a defined goal or objective, because it seeks not to identify but to understand perceived risks. The relationship between firms consists of the formalization of information, thus removing ambiguities about information in order to establish procedures and rules to deal with risks.
Through interviews with different actors, Sarker et al. [64] investigate risks related to the supply management processes of a purchasing manufacturing firm. In this case study, it was identified that the visibility of supplier-related risks was dependent on different factors, such as the manager’s role, responsibilities, and hierarchical level within the company. Individual sets of conceptualizations of risk generate the risks from the supplier. Because in complex organizations, over a long time, role-specific overconfidence can develop among managers, leading to a reliance on specific sets of risk mitigation strategies. Kirilmaz and Erol [65] focus on a proactive planning procedure in the mitigation phase of a SCRM process, specifically in the face of risky suppliers, aiming to decrease the damage that could be caused in case of disruption. Through linear programming, this study performs risk analysis from the suppliers’ perspective, focusing on shifting orders among suppliers to mitigate risks.
From the suppliers’ perspective, in firms with limited resources, and using a survey-based and structure equation modeling, Li and Chen [66] investigate the conditions to maintain and improve performance facing the problems incurred by product complexity. This study indicates that the complexity of products actually motivates the promotion of collaboration between firms and their suppliers. Also, it was found that collaboration at the operational level leads to better performance. And, through an inductive and qualitative methodological approach, Wang-Mlynek and Foerstl [67] investigate barriers to multi-tier supply chain risk management in the automotive and civil aircraft industries. In this study, it was found that high dependency on strategic alliances with suppliers affects the efficiency of SCRM, besides the risks related to the exposure of information with the implementation of new information and communication technologies.
Regarding the multi-tier supply chain, Jamalnia et al. [3] also point out that non-conformities are more difficult to identify in lower tiers. This is due to horizontal complexity, meaning that there is a large number of suppliers at this stage of the chain, in addition to the geographical distance between the focal company and lower-tier suppliers. However, in the context of Industry 4.0, information and manufacturing technologies, such as big data, data analytics, blockchain, and robotics, are allies for companies to facilitate monitoring and strengthen relationships with suppliers [68]. In this sense, Jerome et al. [69] demonstrate that a technology-focused approach to supply chain risk management (SCRM) can provide competitive advantages to the organization, such as boosting its resilience and responsiveness, while Li et al. [70] reveal that the positive impact of collaboration in the supply chain is even greater in a technological turbulence scenario.
Recently, exploring the impact of COVID-19 on SCRM and through an interview-based approach, Hohenstein [55] investigated different outputs of varied SCRM strategies in several logistics service providers. Specifically, this study identified eight factors that pose risks and can be opportunities for the logistics service providers, which are related to measures for anticipating disruption, collaboration within actors of the chain in terms of sharing information and joint effort to face disruptions, communication and trust between and within firms, aligned values and beliefs to support the creation of awareness about possible risks, implementation of digital technologies for better management of information, ability to reallocate and shift resources where needed, staff training and education in terms of SCRM practices, and information transparency.
Shou et al. [71] analyzes, through a survey-based methodology and structural equation modeling, the moderating role of supplier integration in the relationship between supply chain risk management and operational performance. Although this study identifies that SCRM practices positively affect operational efficiency and flexibility, there are deficiencies in the moderation between SCRM and operational efficiency due to the differing information-processing requirements for achieving the expected levels of operational efficiency and flexibility.
Senna et al. [72] and Senna et al. [73] also emphasize that supply chain risk management (SCRM) and integration are two crucial factors in achieving operational excellence, allowing suppliers to understand how to meet customer demands. The study focused on the healthcare chain as the object of analysis. On the other hand, Li et al. [70] investigated the relationship between these two factors, SCRM and integration, through a survey of 264 industries in the USA. The study revealed that bilateral collaboration between a company and its suppliers, at a tactical level, has a positive impact on the management of routine and exceptional risks, generating a competitive advantage. Some characteristics of this type of interaction include information exchange and the formation of cross-functional teams, involving middle-level managers and a larger volume of resources compared to operational-level initiatives.
Furthermore, the supplier’s perspective extends beyond merely meeting standardized requirements and daily demands of the focal company, also involving the sharing of technical resources and joint problem-solving. However, there are challenges in the automotive industry, as identified by De Oliveira et al. [23], where employees of multinational companies report difficulties in dealing with cultural differences.
Other practical integration initiatives are presented by Guerra et al. [34] through a multiple case study in the aviation industry supply chain: (i) the focal company influences its suppliers to practice risk management; (ii) risks identified by suppliers are shared with the procurement department of the focal company, and vice versa; (iii) small and medium-sized suppliers receive training in risk mapping and treatment techniques; (iv) a cross-functional team is sent to foreign suppliers for collaborative risk management; (v) a supply chain analysis of suppliers is conducted, including lower-tier ones; among other actions that grant a prominent role to suppliers and ensure their involvement in the risk management process of the focal company, going beyond simple selection and performance monitoring of suppliers.

2.3. Risk Management in Suppliers of the Automotive Industry

When proposing a supply chain risk management (SCRM) framework, [63] recommend the development of specific studies in the automotive sector. Stoppages in automotive assembly lines can occur even due to small suppliers’ shortages. Since assembly lines determine the pace of the entire supply chain, a stoppage can affect the entire operation, resulting in economic losses of over USD 100 million per day [65].
Thus, [65] employing a proactive SCRM procedure in the automotive industry can optimize the procurement plan. The study investigates the risks of three suppliers for the same part. Firstly, risks are identified, analyzed, and evaluated through a probability-impact matrix and interviews with managers, generating a risk profile for each supplier. Then, a linear programming model is developed, considering cost and risk criteria, to optimize the distribution of purchases of said part among the three suppliers. This way, it is possible to elaborate a purchasing plan for the automotive industry that considers not only cost, but also the risk factors of suppliers. This multicriteria design in supplies, combining commercial and risk management aspects, is supported by several studies in the literature, such as [74,75,76,77]. Sustainability criteria in suppliers also influence the performance [38] and resilience [36] of the chain.
Recently, Hohenstein [55] investigated the impact of the COVID-19 pandemic on the automotive industry and found extreme fluctuations in demand. Amidst this turbulent scenario, the success of automotive supply chain risk management (SCRM) relied primarily on factors such as collaboration and communication with customers and business partners, unlike other industries that emphasized digital transformation and organizational culture. The lack of comprehensive information sharing is seen as the main barrier to developing SCRM at various levels in the automotive industry [67]. Additional research corroborates that integration with suppliers strengthens the impact of SCRM on operational flexibility [71] and that collaboration with suppliers brings benefits to performance, improving risk management with modest investments [66].
On the other hand, Zhao and Cao [78] identify cases in the literature where automotive manufacturers exploit weaker suppliers to gain greater economic advantages. Thus, they investigate power asymmetries in the relationship between manufacturers and suppliers, in the context of risks associated with joint product development. The authors argue that initially, it is easier for the dominant party to identify and mitigate risks. However, the disadvantages faced by the weaker party can increase the likelihood of these risks occurring. Therefore, asymmetries should be considered in the supplier selection process, as there is a balance between the technical capacity of the supplier and the control exerted by the manufacturer during joint product development.
In this context, Fan et al. [7] investigate asymmetries and supplier resilience, with an emphasis on individuals and their interpersonal relationships. The authors suggest that supply disruptions can be better managed by employees who maintain more diverse interpersonal connections with suppliers, especially in symmetric relationships between manufacturers and suppliers. Sarker et al. [64] also highlight the importance of the individual and point out significant discrepancies in the perception of supply risks within an organization, depending on the hierarchical levels of those involved, their positions, and specific contexts. Therefore, risk management practices are often conducted in a fragmented manner within organizations, in contrast to the integrated approaches suggested in the literature.

3. Materials and Methods

The ISO 31010:2009 standard presents 31 risk management tools, of which 14 were classified by ISO itself as applicable or highly applicable to the stages of risk identification, analysis, and assessment. This classification, established by one of the main international standardization bodies, served as a starting point for this research, lending rigor and credibility to the study. Since ISO 31010 adopts a generalist approach, applicable to different types of organizations, and since this research focuses on suppliers to the automotive industry, the investigation was conducted in two stages to identify which of these fourteen tools are the most appropriate for this context. In the first stage, the Delphi method was used with experts from Tier 2 suppliers in order to select, evaluate, and validate the most appropriate tools for risk management in the supply chain of these suppliers.
The second stage complemented this analysis using the AHP method, allowing the selected tools to be ranked. The use of AHP made the results more robust, enabling the detection and correction of inconsistencies in the experts’ responses. While the Delphi was conducted remotely via Google Forms, this phase took place in person with seven experts from a Tier 1 auto parts supplier, which allowed for immediate review of any inconsistencies. In addition, the participation of experts from a Tier 1 supplier broadened the research perspective, ensuring a more comprehensive view of the supply chain.
The combination of Delphi and AHP methods was essential to structure decision-making in a context with multiple perspectives and uncertainties. Delphi consolidated the specialized knowledge of Tier 2 suppliers, identifying a consensual set of tools, but without establishing a systematic prioritization. To fill this gap, AHP allowed pairwise comparisons and measurement of the consistency of responses, ensuring an additional level of rigor. In this way, the complementarity between the methods ensured not only the capture of specialized knowledge of the automotive supply chain, but also its structured and hierarchical organization, resulting in a robust and replicable classification of the most appropriate tools for risk management in the sector.

3.1. The Delphi Method for Selecting Supplier Risk Management Tools

The first stage of the research aimed to select the most appropriate tools for risk management in Tier 2 suppliers. To this end, twenty experts were selected (one from each Tier 2 supplier), following an intentional non-probabilistic sampling criterion in order to include only professionals with solid knowledge and relevant experience in the area. This approach aimed to ensure that participants had the potential to contribute significantly to the research. In addition, when determining the number of experts the recommendation in the literature were considered, which suggests between 15 and 20 participants in Delphi studies [79] in order to ensure the diversity and quality of the ideas generated. Table 2 presents the main characteristics of the respondents in this stage.
Since the Delphi Method seeks consensus among experts, it took three rounds of questionnaires to arrive at a list of tools that everyone agreed is the most appropriate. According to Douglas et al. [80], the Delphi method is a group method that is administered by a researcher or a research team and that brings together a panel of experts, asks questions, makes feedback syntheses, and guides the group towards its goal and a consensus. Brill et al. [81] describe Delphi as a particularly good research method for reaching consensus among a group of individuals with expertise in a specific topic, where the information sought is subjective and where the participants are separated by physical distance.
In the first round of Delphi, a questionnaire was prepared in Google Forms where information was presented on tools considered by the ISO 31010 standard as highly applicable to identify and/or analyze and/or assess risks. Based on the tools presented, participants should indicate those that, according to their judgment, would be the most appropriate for risk management in their production chain.
After analyzing and tabulating the data, the experts were invited to participate in a second round of Delphi (also through Google Forms), where, using a Likert-type scale, they assigned a score from 1 (not applicable) to 5 (strongly applicable) for each tool suggested in the previous round. Finally, the third round included the sending of a report with the results of the second round, so that the specialists could answer, in a justified way, whether or not they agreed with the scores given to each tool in the previous step. The sequence of execution of the Delphi method followed the one recommended by the flowchart of Figure 1.

3.2. The AHP Method for Hierarchizing the Tools Selected in the Delphi Method

The AHP method was chosen because it allows pairwise comparisons, exploring the ability of individuals to hierarchically structure their perceptions when comparing two similar alternatives, with reference to a specific criterion and assigning degrees of importance [82,83,84]. In addition to enabling hierarchization, this approach gave greater robustness to the results, as it allows the identification and correction of inconsistencies in the respondents’ choices [85]. Roy [86], for example, highlights the use of the AHP as an appropriate method to classify factors according to the order of preference or priority of the interviewees.
To ensure the reliability of the results, we selected seven experts from an auto parts supplier (Tier 1), adopting the same intentional non-probabilistic sampling criterion as in the first stage. The objective was to ensure the participation of professionals with consolidated knowledge of the automotive industry supply chain. The chosen experts have extensive experience in the sector, having worked for several years in strategic roles directly related to risk management. Thus, the analyses were based not only on technical knowledge but also on the participants’ practical experience.
Furthermore, the definition of the number of experts sought to balance the diversity of perspectives and the consistency of the assessments, ensuring the applicability of the AHP. The literature does not establish a fixed number for this method [87], but indicates that small groups can generate reliable results when composed of highly qualified professionals familiar with the context analyzed [23]. Table 3 presents the main characteristics of the respondents in this stage.
After the selection of experts, the AHP method was performed according to the following steps: (1) Hierarchy representation: Development of the decision hierarchy linked to the different related levels; (2) Prioritization of criteria for the objective: Comparison of pairs and method for self-value and eigenvector, as well as evaluation of the consistency of the comparison by pairs of criteria. At the end of this phase, individual priorities were aggregated; (3) Prioritization of alternatives for each criterion: identify, analyze, and evaluate.
Figure 2 shows the mentioned steps, addressing the hierarchical level with objective, criterion, and alternatives used in AHP application.
Finally, it is important to highlight that the two macro steps mentioned earlier (Delphi and AHP) were carried out in an automotive supply chain, which includes a multinational parts supplier (Tier 1) and twenty of its main suppliers (Tier 2). The companies served by Tier 1 include four major vehicle manufacturers. To perform the analyses, we used the Super Decisions® software (version 3.2) to simplify the calculations resulting from the AHP method.

4. Results

4.1. Delphi Method Results

After the first round of the Delphi method, the experts selected techniques applicable to the supplier risk management process, as shown in Table 4.
In the first round, the experts partially agreed about which techniques were applicable or not, classifying only four techniques as 0% or 100% applicable, and differing about the remaining ten techniques. In none of the completed reports did we note lack of knowledge of any of the 14 techniques and/or the suggestion of including a technique previously discarded.
In the second round of Delphi, twelve techniques were covered, since the two techniques that had zero applicability in the first round were deleted. Table 5 shows the results of this round.
The lowest possible score would be 20 points if all specialists assigned a score of 1 to a particular technique, while the highest possible score would be 100 points if all participants awarded a score of 5. In this regard, Table 5 shows that five techniques were classified with a final score above 90 points (high applicability). On the other hand, the remaining techniques received scores equal to or less than 32 points (low applicability).
Thus, there was “stability” in the group’s responses, as there was a division between the most and the least recommended techniques. According to Von der Gracht [88], “stability” is defined as the consistency of responses between successive rounds of a study. Although it was dispensable [89], given the stability of the responses, we opted to conduct a third round to avoid potential doubts. Therefore, we used the Delphi method, and the experts received a report with the results of the second round so they could express agreement or disagreement with the five techniques that obtained the highest scores. All 20 experts agreed that the following techniques were the most suitable for supply chain risk management of suppliers (Tier 2) in the automotive industry:
  • Cause and consequence analysis.
  • Business impact analysis.
  • Failure mode and effect analysis (FMEA).
  • Structured what if technique (SWIFT).
  • Consequence/probability matrix.

4.2. AHP Method Results

Based on the results of the Delphi method, the AHP sought to hierarchize the five techniques selected in the previous stage through pairwise comparison of these techniques. This phase allowed the respondents to compare the techniques individually, evaluating those that stood out in relation to the others and thus defining an applicability ranking for the automotive supplier supply chain.

4.2.1. Representation of AHP

The structure of the first level is formed by the objective of the problem, that is, it prioritizes the most appropriate techniques for the SCRM of automotive industry suppliers. In the second level, based on ISO 31000, the criteria “risk analysis”, “risk evaluation”, and “risk identification” were established. Finally, we included the five techniques mentioned in the last round of Delphi in the third level. Figure 3 shows the hierarchical representation of the AHP.

4.2.2. Prioritization of Criteria

Once the hierarchy was defined, we proceeded to the peer comparison step. The judgments of decision-makers regarding the importance of one attribute when compared with another are subjectively performed and converted to a numerical value using the Saaty scale [82].
The relative importance of the elements of each level was established. Elements at the same hierarchical level were compared pairwise considering their influence on the element positioned at the level above. The first analysis was performed at the hierarchical level of the criteria: identification, analysis, and evaluation. The experts classified the importance of each criterion for risk management using a questionnaire.
The AHP software, Super Decisions (version 3.2), only has the option to perform the analysis based on the result of a single questionnaire. Thus, we used Excel 2019 spreadsheets to apply the questionnaires and matrices to the seven specialists, after which it was possible to aggregate individual priorities to insert into the software. Figure 4 shows the Excel worksheet used.
For example, Figure 4 shows that “Expert 1” prioritized “Identification” using numbers 3 and 7 of the Saaty scale, respectively [82]. This expert, however, considered “Analysis” and “Evaluation” equally important, assigning the score 1 to both items. After completing this questionnaire, we prepared joint matrices with all experts, as shown in Figure 5.
Then, the matrices were normalized, and the relative priorities of the vectors were established, as shown in Figure 6.
Also at this step, the matrix consistency test was performed according to the four steps described by Saaty [82]: (1) obtaining the vector “weight”; (2) obtaining the vector “consistency”; (3) obtaining the λmax value and consistency index (CI); and (4) determining the consistency rate (CR). Figure 7 shows the results of the four steps.
Finally, to obtain the vector “priority”, which represents the judgments of all users belonging to the group of experts, the aggregation of individual priorities was performed using the geometric mean, as shown in Table 6. Table 6 shows that “risk identification” was the most important criterion. After criteria prioritization, we constructed matrices at the hierarchical level of alternatives.

4.2.3. Prioritization of Alternatives for Identification, Analysis and Evaluation

The same steps performed to compare the criteria were used for the alternatives. Joint matrices were constructed for each of the experts and criteria. Table 7 only displays the result of “Identification” for Expert 1 due to the high number of matrices.
Then, the matrices were normalized, resulting in Table 8.
After normalization, we performed consistency analysis, as shown in Table 9.
As shown in the penultimate column of Table 9, the consistency rate presented an acceptable result (0.02), since it was lower than 0.10 [82]. This indicates that the experts’ responses are acceptable and do not require any correction in the judgments. Then, the aggregation of individual priorities from the Identification step was performed using the geometric mean, as outlined in Table 10.
Finally, the matrices were applied for the three criteria of the hierarchical structure of the AHP model (identification, analysis, and evaluation), considering the results from the seven experts interviewed. Table 11 shows the aggregated priorities of these experts for each alternative (technique) under each criterion (SCRM step).
When different criteria had the same degree of importance, Table 11 was sufficient to estimate the result of the AHP. However, in Table 6 we identified that the criterion “Identification” had a higher weight than “Analysis” and “Assessment”. Therefore, we elaborated the next subsection.

4.2.4. Final AHP Result Using Super Decisions Software

We used the Super Decisions software to enter all the aggregated data of the prioritizations to obtain the result of the AHP. Figure 8 refers to the data from the aggregation of individual priorities of the criteria associated with the hierarchical level below the objectives.
We also inserted data from the aggregation of individual priorities of each alternative associated with the three criteria of the hierarchical level. Finally, after inserting all the data obtained through the AHP calculation matrices, the Super Decisions software determined the result of prioritization of each technique, as shown in Figure 9.
Thus, the most appropriate ISO 31010 techniques for performing SCRM in suppliers, in order of priority, are FMEA, SWIFT, cause and consequence analysis, business impact analysis (BIA), and consequence/probability matrix.

5. Discussion

The results of the present paper show a higher concern from actors in the supply chain to adopt proactive methods to properly and in a timely manner identify risks within their chain, allowing them to evaluate, analyze, and mitigate risks with a reduced impact on the operational performance of the supply chain. In addition, it is relevant to highlight that the prioritization of SCRM stages and strategies proposed in this study supports better decision-making and the development of a sustainable SCRM process. This can have a positive impact in terms of reduction in the frequencies and levels of disruption, leading to increased competitiveness in the supplier market, reduction in economic damage, better image and service continuity— essential elements for the sustainability of a firm.
Although we have not conducted an empirical study on the impacts of risk management on supply chain sustainability, such as the work developed by Elmsalmi et al. [90], which classified and prioritized sustainable practices based on their impact on SCRM, the literature [37,91] indicates a growing trend of integrating supply chain risk management with sustainable practices. These studies demonstrate that companies investing in supply chain risk management reap benefits in economic, social, and environmental aspects, while the absence of such investment can result in negative impacts on corporate sustainability.
Regarding the methods used (Delphi and AHP), they complemented each other, since Delphi raised the main risk management tools and the AHP method ranked them. In addition, the decision to delimit the tools based on ISO 31010 proved to be the right one, since this standard classifies the tools as not applicable, applicable, or strongly applicable [29], which allowed us to have a starting point within hundreds of existing tools, methods, and approaches. Thus, we were able to focus the attention and efforts of specialists on the analysis of tools that were, at the very least, applicable for each of the stages of the risk management process (identification, analysis, and assessment). Subsequently, the Delphi method was essential, mainly to reduce the list of tools to be ranked, since comparing 14 tools, pair by pair, would increase the degree of complexity of the AHP method and, in the worst case, could compromise the results of the research, since, according to Saaty [82], a high number of comparisons has the potential to generate inconsistency in the experts’ judgments. Figure 10 illustrates the paths taken by the method and their respective results.
The results of this study reinforce the relevance of the risk identification phase, especially from the perspective of suppliers, who play a central role in supply chains. One of the main challenges faced by these companies is the difficulty in identifying risks related to the lack of communication between chain members, deficient management training, and low operational flexibility—factors frequently mentioned in the literature as threats to supply chain stability [63,66,67,71].
This perception is confirmed by the survey data, which indicate that 56% of respondents consider risk identification to be the most critical step, compared to analysis (20%) and assessment (24%). This finding is in line with previous research, such as that of Hallikas et al. [8], which highlights identification as an essential phase of risk management, since risks can be difficult to perceive in complex networks. By prioritizing effective strategies for addressing these challenges, suppliers can strengthen their resilience and contribute to a safer and more efficient supply chain.
In practical terms, companies can use these findings to improve their risk management strategies, especially in the identification phase, which was the most relevant for respondents. The prioritization model presented in this study can guide decision-makers in efficiently allocating resources to SCRM initiatives, ensuring that the most appropriate tools are applied at each stage of the process.
From a theoretical perspective, this study contributes to the literature by structuring the prioritization of risk management tools in the supply chain, with an emphasis on suppliers. The combination of Delphi and AHP methods enabled a systematic selection process, allowing the choice of tools to be based on technical criteria and not only on the individual perception of experts.
Despite these contributions, this study presents some limitations that should be addressed. The main one is the lack of empirical validation of the proposed prioritization model. Although the Delphi and AHP methods provided a structured approach for the analysis and ranking of risk management tools, future studies could carry out case studies or simulations to evaluate the practical effectiveness of the selected tools in real supply chains. In addition, the focus on the automotive industry may restrict the generalization of the findings to other sectors with different risk profiles and operational dynamics.
Finally, in the experts’ view, it appears that FMEA is the most suitable tool for performing SCRM in automotive industry suppliers. This result is not surprising, as FMEA has been applied by researchers and professionals in risk management in several areas [92]. It is a tool widely used in the industry and its main purpose is to provide information for decision making in risk management [93], working to identify critical components whose failures can cause physical and financial damage, thus making production systems safer and more reliable [94].

6. Conclusions

According to the literature, current business trends and the increasing complexity of the supply chains increase vulnerability of organizations, resulting in a greater need to manage the risks of a company’s chain, especially those linked to its suppliers. The ISO 31000 and ISO 31010 standards were essential for our study, since we considered the main risk management steps listed in ISO 31000 (identify, analyze, and evaluate), as well as the 31 risk management techniques listed in ISO 31010.
We selected seven experts in SCRM from a large multinational company that produces parts for the carmakers PSA Peugeot Citroën, Nissan, Volkswagen, and Fiat to participate in our study. These seven experts prioritized five risk management techniques using the AHP method. These techniques were pre-selected by 20 experts from their supply companies using the Delphi method.
During the application of the first round of the Delphi method, all the experts interviewed selected the techniques “FMEA” and “business impact analysis” as the most suitable for supplier risk management. The techniques “reliability-centered maintenance” and “human reliability analysis” were not selected by any of the experts. The Delphi method served as an initial filter of the 31 ISO 31010 techniques, since it determined the following risk management techniques as the most applicable in processes involving suppliers: structured what if technique (SWIFT), failure mode and effect analysis (FMEA), consequence/probability matrix, cause and consequence analysis, and business impact analysis.
The AHP method, in turn, was executed to prioritize the most appropriate techniques, considering the five techniques previously selected by Delphi and the three main phases of risk management of ISO 31000: identify, analyze, and evaluate. The identification phase was considered by the experts as having twice the priority compared with the other phases.
Figure 9 shows a relevant result: FMEA as the most relevant technique for SCRM in suppliers of companies linked to the automotive industry. Because it is a qualitative tool associated with a study of the analysis of probability of failures, FMEA transforms the information into quantitative data, used in preventive actions with suppliers and thus mitigating possible risks in the supply chain. In the opinion of the experts in this study, FMEA was the best analytical technique, because it establishes the relationships between the causes and effects of failures, as well as indicates ways to seek, resolve, and make the best decisions regarding the application of appropriate measures in suppliers in the automotive supply chain. Thus, we achieved our objective, since we identified and prioritized the most appropriate techniques for SCRM of the suppliers chosen for analysis. We also observed that the secondary objective was achieved, since we found that the risk identification step is the most relevant within the risk management process.
We recommend the following procedures for future studies: (i) to reproduce our study in other automotive companies and involving different suppliers; (ii) to further study the five techniques selected in our study, applying them to risk management of suppliers in the automotive sector and comparing their effectiveness (action research, for example); and (iii) to apply the concepts of our study in other industrial segments.

Author Contributions

Conceptualization, U.R.d.O.; Methodology, U.R.d.O. and T.F.B.; Validation, U.R.d.O., T.F.B., V.A. and G.B.A.L.; Formal analysis, U.R.d.O., T.F.B., V.A., C.R.d.S. and G.B.A.L.; Investigation, U.R.d.O., C.R.d.S. and G.B.A.L.; Resources, U.R.d.O.; Writing—original draft, U.R.d.O., T.F.B., V.A., C.R.d.S. and G.B.A.L.; Writing—review & editing, U.R.d.O., T.F.B., V.A., C.R.d.S. and G.B.A.L.; Visualization, U.R.d.O., T.F.B. and C.R.d.S.; Supervision, U.R.d.O.; Project administration, U.R.d.O. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by FAPERJ—Carlos Chagas Filho Foundation for Research Support of the State of Rio de Janeiro, Process E-26/211.508/2021—APQ1 (SEI Process 260003/015086/2021).

Data Availability Statement

The original contributions presented in this study are included in the article. Further inquiries can be directed to the corresponding authors.

Acknowledgments

The author Gilson B. A. Lima wishes to acknowledge his support by the Brazilian National Council for Scientific and Technological Development (CNPq) through grant 311961/2023-1.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Mital, M.; del Giudice, M.; Papa, A. Comparing supply chain risks for multiple product categories with cognitive mapping and analytic hierarchy process. Technol. Forecast. Soc. Change 2018, 131, 159–170. [Google Scholar] [CrossRef]
  2. Tang, C.; Tomlin, B. The power of flexibility for mitigating supply chain risks. Int. J. Prod. Econ. 2008, 116, 12–27. [Google Scholar] [CrossRef]
  3. Jamalnia, A.; Gong, Y.; Govindan, K.; Bourlakis, M.; Mangla, S.K. A decision support system for selection and risk management of sustainability governance approaches in multi-tier supply chain. Int. J. Prod. Econ. 2023, 264, 108960. [Google Scholar] [CrossRef]
  4. Christopher, M.; Lee, H. Mitigating Supply Chain Risk Through Improved Confidence. Int. J. Phys. Distrib. Logist. Manag. 2004, 34, 388–396. [Google Scholar] [CrossRef]
  5. Samson, D.; Gloet, M. Integrating performance and risk aspects of supply chain design processes. Prod. Plan. Control 2018, 29, 1238–1257. [Google Scholar] [CrossRef]
  6. Browning, T.; Kumar, M.; Sanders, N.; Sodhi, M.M.S.; Thürer, M.; Tortorella, G.L. From supply chain risk to system-wide disruptions: Research opportunities in forecasting, risk management and product design. Int. J. Oper. Prod. Manag. 2023, 43, 1841–1858. [Google Scholar] [CrossRef]
  7. Fan, Y.; Stevenson, M.; Li, F. Supplier-initiating risk management behaviour and supply-side resilience: The effects of interpersonal relationships and dependence asymmetry in buyer-supplier relationships. Int. J. Oper. Prod. Manag. 2020, 40, 971–995. [Google Scholar] [CrossRef]
  8. Hallikas, J.; Karvonen, I.; Pulkkinen, U.; Virolainen, V.; Tuominen, M. Risk management processes in supplier networks. Int. J. Prod. Econ. 2004, 90, 47–58. [Google Scholar] [CrossRef]
  9. Kaur, H.; Singh, S.P. Disaster resilient proactive and reactive procurement models for humanitarian supply chain. Prod. Plan. Control 2020, 33, 576–589. [Google Scholar] [CrossRef]
  10. Thun, J.H.; Hoenig, D. An empirical analysis of supply chain risk management in the German automotive industry. Int. J. Prod. Econ. 2011, 131, 242–249. [Google Scholar] [CrossRef]
  11. Radjou, N. Adapting to Supply Network Change. Forrester Research Tech Strategy Report, Cambridge, MA. 2002. Available online: http://www.fipa.org/docs/input/f-in-00060/f-in-00060.pdf (accessed on 4 March 2022).
  12. Talluri, S.; Narasimhan, R.; Chung, W. Manufacturer cooperation in supplier development under risk. Eur. J. Oper. Res. 2010, 207, 165–173. [Google Scholar] [CrossRef]
  13. Kern, D.; Moser, R.; Hartmann, E.; Moder, M. Supply risk management: Model development and empirical analysis. Int. J. Phys. Distrib. Logist. Manag. 2012, 42, 60–82. [Google Scholar] [CrossRef]
  14. Dunn, S.C.; Young, R.R. Supplier assistance within supplier development initiatives. J. Supply Chain Manag. 2004, 40, 19–29. [Google Scholar] [CrossRef]
  15. Matook, S.; Lasch, R.; Tamaschke, R. Supplier development with benchmarking as part of a comprehensive supplier risk management framework. Int. J. Oper. Prod. Manag. 2009, 29, 241–267. [Google Scholar] [CrossRef]
  16. De Oliveira, U.R.; Marins, F.A.Z.; Rocha, H.M.; Salomon, V.A.P. The ISO 31000 standard in supply chain risk management. J. Clean. Prod. 2017, 151, 616–633. [Google Scholar] [CrossRef]
  17. Juttner, U.; Peck, H.; Christopher, M. Supply chain risk management: Outlining an agenda for future research. Int. J. Logist. Res. Appl. 2003, 6, 197–210. [Google Scholar] [CrossRef]
  18. Harland, C.; Brenchley, R.; Walker, H. Risk in supply networks. J. Purch. Supply Manag. 2003, 9, 51–62. [Google Scholar] [CrossRef]
  19. Ritchie, B.; Brindley, C. Supply chain risk management and performance: A guiding framework for future development. Int. J. Oper. Prod. Manag. 2007, 27, 303–322. [Google Scholar] [CrossRef]
  20. ISO 31000:2009; Risk Management—Principles and Guidelines. International Organization for Standardization: Geneva, Switzerland, 2009.
  21. Dias, G.C.; de Oliveira, U.R.; Lima, G.B.A.; Fernandes, V.A. Risk Management in the Import/Export Process of an Automobile Company: A Contribution for Supply Chain Sustainability. Sustainability 2021, 13, 6049. [Google Scholar] [CrossRef]
  22. De Oliveira, U.R.; dos Santos, C.O.; Chaves, G.E.L.; Fernandes, V.A. Analysis of the MORT method applicability for risk management in supply chains. Oper. Manag. Res. 2022, 15, 1361–1382. [Google Scholar] [CrossRef]
  23. De Oliveira, U.R.; Dias, G.C.; Fernandes, V.A. Evaluation of a conceptual model of supply chain risk management to import/export process of an automotive industry: An action research approach. Oper. Manag. Res. 2024, 17, 201–219. [Google Scholar] [CrossRef]
  24. De Oliveira, U.R.; Aparecida Neto, L.; Abreu, P.A.F.; Fernandes, V.A. Risk management applied to the reverse logistics of solid waste. J. Clean. Prod. 2021, 296, 126517. [Google Scholar] [CrossRef]
  25. Sodhi, M.S.; Son, B.; Tang, C. Researchers’ perspectives on supply chain risk management. Prod. Oper. Manag. 2012, 21, 1–13. [Google Scholar] [CrossRef]
  26. Santos, R.B.; De Oliveira, U.R.; Rocha, H.M. Failure mapping for occupational safety management in the film and television industry. Int. J. Prod. Econ. 2018, 203, 1–12. [Google Scholar] [CrossRef]
  27. Santos, R.B.; De Oliveira, U.R. Analysis of occupational risk management tools for the film and television industry. Int. J. Ind. Ergon. 2019, 72, 199–211. [Google Scholar] [CrossRef]
  28. Machado, L.D.V.; De Oliveira, U.R. Analysis of failures in the accessibility of university buildings. J. Build. Eng. 2021, 33, 101654. [Google Scholar] [CrossRef]
  29. ISO 31010:2009; Risk Management—Risk Assessment Techniques. ISO: Geneva, Switzerland, 2009.
  30. Tang, O.; Nurmaya Musa, S. Identifying risk issues and research advancements in supply chain risk management. Int. J. Prod. Econ. 2011, 133, 25–34. [Google Scholar] [CrossRef]
  31. Juttner, U.; Maklan, S. Supply chain resilience in the global financial crisis: An empirical study. Supply Chain Manag. Int. J. 2011, 16, 246–259. [Google Scholar] [CrossRef]
  32. Park, K.C.; Yang, M.M.; Roh, J.J. Configuring lean manufacturing and supply chain risk management: A cluster analysis. Prod. Plan. Control 2023, 35, 1726–1740. [Google Scholar] [CrossRef]
  33. Rahman, T.; Paul, S.K.; Shukla, N.; Agarwal, R.; Taghikhah, F. Dynamic supply chain risk management plans for mitigating the impacts of the COVID-19 pandemic. Int. J. Syst. Sci. Oper. Logist. 2023, 10, 2249815. [Google Scholar] [CrossRef]
  34. Guerra, J.H.L.; de Souza, F.B.; Pires, S.R.I.; de Sá, A.L.R. A maturity model for supply chain risk management. Supply Chain Manag. 2024, 29, 114–136. [Google Scholar] [CrossRef]
  35. Jabbarzadeh, A.; Fahimnia, B.; Sabouhi, F. Resilient and sustainable supply chain design: Sustainability analysis under disruption risks. Int. J. Prod. Res. 2018, 56, 5945–5968. [Google Scholar] [CrossRef]
  36. Han, N.; Um, J. Risk management strategy for supply chain sustainability and resilience capability. Risk Manag. 2024, 26, 6. [Google Scholar] [CrossRef]
  37. Valinejad, F.; Rahmani, D. Sustainability risk management in the supply chain of telecommunication companies: A case study. J. Clean. Prod. 2018, 203, 53–67. [Google Scholar] [CrossRef]
  38. Silva, C.W.C.; Rathnayaka, D.D.; Fernando, M.A.C.S.S. The effect of supplier sustainability risk management strategies on supply chain performance. J. Glob. Oper. Strateg. Sourc. 2024, 17, 334–350. [Google Scholar] [CrossRef]
  39. Purdy, G. ISO 31000:2009—Setting a new standard for risk management: Perspective. Risk Anal. 2010, 30, 881–886. [Google Scholar] [CrossRef]
  40. Ekwere, N. Framework of Effective Risk Management in Small and Medium Enterprises (SMESs): A Literature Review. Bina Ekon. 2016, 20, 23–46. [Google Scholar]
  41. Resnik, D.B. Eliminating the daily life risks standard from the definition of minimal risk. J. Med. Ethics 2005, 31, 35–38. [Google Scholar] [CrossRef]
  42. Dias, G.C.; Leal Junior, I.C.; De Oliveira, U.R. Supply chain risk management at seaport container terminals. Manag. Oper. Rev. 2019, 26, e4900. [Google Scholar] [CrossRef]
  43. De Oliveira, U.R.; Espindola, L.S.; Marins, F.A.S. Analysis of supply chain risk management researches. Manag. Oper. Rev. 2018, 25, 671–695. [Google Scholar] [CrossRef]
  44. Ghadge, A.; Dani, S.; Kalawsky, R. Supply chain risk management: Present and future scope. Int. J. Logist. Manag. 2012, 23, 313–339. [Google Scholar] [CrossRef]
  45. Manuj, I.; Mentzer, J.T. Global supply chain risk management strategies. Int. J. Phys. Distrib. Logist. Manag. 2008, 38, 192–223. [Google Scholar] [CrossRef]
  46. Hunt, G.T.M.; Craighead, C.W.; Ketchen, D.J., Jr. Risk Uncertainty and Supply Chain Decisions: A Real Options Perspective. Decis. Sci. 2010, 41, 435–458. [Google Scholar]
  47. Dias, G.C.; Hernandez, C.T.; De Oliveira, U.R. Supply chain risk management and risk ranking in the automotive industry. Manag. Oper. Rev. 2020, 27, e3800. [Google Scholar] [CrossRef]
  48. Chopra, S.; Sodhi, M. Managing risk to avoid supply chain breakdown. MIT Sloan Manag. Rev. 2004, 46, 53–61. [Google Scholar]
  49. Rangel, D.A.; de Oliveira, T.K.; Leite, M.S.A. Supply chain risk classification: Discussion and proposal. Int. J. Prod. Res. 2015, 53, 6868–6887. [Google Scholar] [CrossRef]
  50. Tummala, R.; Schoenherr, T. Assessing and managing risks using the Supply Chain Risk Management Process (SCRMP). Supply Chain Manag. 2011, 16, 474–483. [Google Scholar] [CrossRef]
  51. Lavastre, O.; Gunasekaran, A.; Spalanzani, A. Supply chain risk management in French companies. Decis. Support Syst. 2012, 52, 828–838. [Google Scholar] [CrossRef]
  52. El Baz, J.; Ruel, S. Can supply chain risk management practices mitigate the disruption impacts on supply chains’ resilience and robustness? Evidence from an empirical survey in a COVID-19 outbreak era. Int. J. Prod. Econ. 2021, 233, 107972. [Google Scholar] [CrossRef]
  53. Daghfous, A.; Qazi, A.; Khan, M.S. Incorporating the risk of knowledge loss in supply chain risk management. Int. J. Logist. Manag. 2021, 32, 1384–1405. [Google Scholar] [CrossRef]
  54. Yang, J.; Xie, H.; Yu, G. Antecedents and consequences of supply chain risk management capabilities: An investigation in the post-coronavirus crisis. Int. J. Prod. Res. 2021, 59, 1573–1585. [Google Scholar] [CrossRef]
  55. Hohenstein, N.O. Supply chain risk management in the COVID-19 pandemic: Strategies and empirical lessons for improving global logistics service providers’ performance. Int. J. Logist. Manag. 2022, 33, 1336–1365. [Google Scholar] [CrossRef]
  56. Guo, Y. Research on Knowledge-Oriented Supply Chain Risk Management System Model. J. Manag. Strategy 2011, 2, 72–77. [Google Scholar] [CrossRef]
  57. Xia, D.; Chen, B. A comprehensive decision-making model for risk management of supply chain. Expert Syst. Appl. 2011, 38, 4957–4966. [Google Scholar] [CrossRef]
  58. Singhal, P.; Agarwal, G.; Mittal, M.L. Supply chain risk management: Review, classification and future research directions. Int. J. Bus. Sci. Appl. Manag. 2011, 6, 15–42. [Google Scholar] [CrossRef]
  59. Tang, C. Robust strategies for mitigating supply chain disruptions. Int. J. Logist. 2006, 9, 33–45. [Google Scholar] [CrossRef]
  60. Blackhurst, J.V.; Scheibe, K.P.; Johnson, D.J. Supplier risk assessment and monitoring for the automotive industry. Int. J. Phys. Distrib. Logist. Manag. 2008, 38, 143–165. [Google Scholar] [CrossRef]
  61. Cagnin, F.; Oliveira, M.C.; Simon, A.T.; Helleno, A.L.; Vendramini, M.P. Proposal of a method for selecting suppliers considering risk management: An application at the automotive industry. Int. J. Qual. Reliab. Manag. 2016, 33, 488–498. [Google Scholar] [CrossRef]
  62. Lockamy, A.; McCormack, K. Modeling supplier risks using Bayesian networks. Ind. Manag. Data Syst. 2012, 112, 313–333. [Google Scholar] [CrossRef]
  63. Lavastre, O.; Gunasekaran, A.; Spalanzani, A. Effect of firm characteristics, supplier relationships and techniques used on Supply Chain Risk Management (SCRM): An empirical investigation on French industrial firms. Int. J. Prod. Res. 2014, 52, 3381–3403. [Google Scholar] [CrossRef]
  64. Sarker, S.; Engwall, M.; Trucco, P.; Feldmann, A. Internal visibility of external supplier risks and the dynamics of risk management silos. IEEE Trans. Eng. Manag. 2016, 63, 451–461. [Google Scholar] [CrossRef]
  65. Kirilmaz, O.; Erol, S. A proactive approach to supply chain risk management: Shifting orders among suppliers to mitigate the supply side risks. J. Purch. Supply Manag. 2017, 23, 54–65. [Google Scholar] [CrossRef]
  66. Li, S.; Chen, X. The role of supplier collaboration and risk management capabilities in managing product complexity. Oper. Manag. Res. 2019, 12, 146–158. [Google Scholar] [CrossRef]
  67. Wang-Mlynek, L.; Foerstl, K. Barriers to multi-tier supply chain risk management. Int. J. Logist. Manag. 2020, 31, 465–487. [Google Scholar] [CrossRef]
  68. Rashid, A.; Rasheed, R.; Ngah, A.H.; Pradeepa Jayaratne MD, R.; Rahi, S.; Tunio, M.N. Role of information processing and digital supply chain in supply chain resilience through supply chain risk management. J. Glob. Oper. Strateg. Sourc. 2024, 17, 429–447. [Google Scholar] [CrossRef]
  69. Jerome, J.J.; Sonwaney, V.; Bryde, D.; Graham, G. Achieving competitive advantage through technology-driven proactive supply chain risk management: An empirical study. Ann. Oper. Res. 2024, 332, 149–190. [Google Scholar] [CrossRef]
  70. Li, S.; Xu, T.; Park, K.C.; Kang, M. The effect of supply chain collaboration on firms’ risk management under technology turbulence. Prod. Plan. Control 2023, 35, 1991–2006. [Google Scholar] [CrossRef]
  71. Shou, Y.; Hu, W.; Kang, M.; Li, Y.; Park, Y.W. Risk management and firm performance: The moderating role of supplier integration. Ind. Manag. Data Syst. 2018, 118, 1327–1344. [Google Scholar] [CrossRef]
  72. Senna, P.; Reis, A.; Marujo, L.G.; Ferro de Guimarães, J.C.; Severo, E.A.; dos Santos, A.C.d.S.G. The influence of supply chain risk management in healthcare supply chains performance. Prod. Plan. Control 2023, 35, 1368–1383. [Google Scholar] [CrossRef]
  73. Senna, P.; Guimarães Marujo, L.; Santos, A.C.; Freitag, A.E.; França, S.L. Supply chain risk management to achieve healthcare supply chain operational excellence: A fsQCA and PLS-SEM approach. Int. J. Lean Six Sigma 2024, 15, 177–200. [Google Scholar] [CrossRef]
  74. Rao, C.; Xiao, X.; Goh, M.; Zheng, J.; Wen, J. Compound mechanism design of supplier selection based on multi-attribute auction and risk management of supply chain. Comput. Ind. Eng. 2017, 105, 63–75. [Google Scholar] [CrossRef]
  75. Eckerd, A.; Girth, A.M. Designing the Buyer–Supplier Contract for Risk Management: Assessing Complexity and Mission Criticality. J. Supply Chain Manag. 2017, 53, 60–75. [Google Scholar] [CrossRef]
  76. Da Silva, E.M.; Ramos, M.O.; Alexander, A.; Jabbour, C.J.C. A systematic review of empirical and normative decision analysis of sustainability-related supplier risk management. J. Clean. Prod. 2020, 244, 118808. [Google Scholar] [CrossRef]
  77. Wong, J.T. Dynamic procurement risk management with supplier portfolio selection and order allocation under green market segmentation. J. Clean. Prod. 2020, 253, 119835. [Google Scholar] [CrossRef]
  78. Zhao, Y.; Cao, H. Risk management on joint product development with power asymmetry between supplier and manufacturer. Int. J. Proj. Manag. 2015, 33, 1812–1826. [Google Scholar] [CrossRef]
  79. Hasson, F.; Keeney, S.; McKenna, H. Research guidelines for the Delphi survey technique. J. Adv. Nurs. 2000, 32, 1008–1015. [Google Scholar] [CrossRef]
  80. Douglas, Z.; Holly, C.; Stellefson, M.L. Internet-Based Delphi Research: Case Based Discussion. Environ. Manag. 2013, 51, 511–523. [Google Scholar]
  81. Brill, J.M.; Bishop, M.J.; Walker, A.E. The competencies and characteristics required of an effective project manager: A web-based Delphi study. Educ. Technol. Res. Dev. 2006, 54, 115–140. [Google Scholar] [CrossRef]
  82. Saaty, T.L. How to make a decision: The analytic hierarchy process. Eur. J. N. Holl. 1990, 9, 9–26. [Google Scholar] [CrossRef]
  83. Forman, E.; Peniwati, K. Aggregating individual judgments and priorities with the analytic hierarchy process. Eur. J. Oper. Res. 1998, 108, 165–169. [Google Scholar] [CrossRef]
  84. Saaty, T.L. Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 2008, 1, 83–98. [Google Scholar] [CrossRef]
  85. Harker, P.T.; Vargas, L.G. The theory of ratio scale estimation: Saaty’s analytic hierarchy process. Manag. Sci. 1987, 33, 1383–1403. [Google Scholar] [CrossRef]
  86. Roy, B. The Optimisation Problem Formulation: Criticism and Overstepping. J. Oper. Res. Soc. 1981, 32, 427–436. [Google Scholar] [CrossRef]
  87. Vaidya, O.S.; Kumar, S. Analytic hierarchy process: An overview of applications. Eur. J. Oper. Res. 2006, 169, 1–29. [Google Scholar] [CrossRef]
  88. Von der Gracht, H.A. Consensus measurement in Delphi studies. review and implications for future quality assurance. Technol. Forecast. Soc. Change 2012, 79, 1525–1536. [Google Scholar] [CrossRef]
  89. Van de Linde, E.; Van der Duin, P. The Delphi method as early warning. Linking global societal trends to future radicalization and terrorism in The Netherlands. Technol. Forecast. Soc. Change 2011, 78, 1557–1564. [Google Scholar] [CrossRef]
  90. Elmsalmi, M.; Hachicha, W.; Aljuaid, A.M. Prioritization of the Best Sustainable Supply Chain Risk Management Practices Using a Structural Analysis Based-Approach. Sustainability 2021, 13, 4608. [Google Scholar] [CrossRef]
  91. Deng, X.; Yang, X.; Zhang, Y.; Li, Y.; Lu, Z. Risk propagation mechanisms and risk management strategies for a sustainable perishable products supply chain. Comput. Ind. Eng. 2019, 135, 1175–1187. [Google Scholar] [CrossRef]
  92. Selim, H.; Yunusoglu, M.G.; Balaman, S.Y. A Dynamic Maintenance Planning Framework Based on Fuzzy TOPSIS and FMEA: Application in an International Food Company. Qual. Reliab. Eng. Int. 2016, 32, 795–804. [Google Scholar] [CrossRef]
  93. Kutlu, A.C.; Ekmekçioğlu, M. Fuzzy failure modes and effects analysis by using fuzzy TOPSIS based fuzzy AHP. Expert Syst. Appl. 2012, 39, 61–67. [Google Scholar] [CrossRef]
  94. Pillay, A.; Wang, J. Modified Failure Mode and Effects Analysis using approximate reasoning. Reliab. Eng. Syst. Saf. 2003, 79, 69–85. [Google Scholar] [CrossRef]
Applsci 15 04169 g001
Figure 1. Execution of Delphi method.
Figure 1. Execution of Delphi method.
Applsci 15 04169 g001
Applsci 15 04169 g002
Figure 2. Hierarchical level defined for AHP.
Figure 2. Hierarchical level defined for AHP.
Applsci 15 04169 g002
Applsci 15 04169 g003
Figure 3. Hierarchical level of the AHP.
Figure 3. Hierarchical level of the AHP.
Applsci 15 04169 g003
Applsci 15 04169 g004
Figure 4. AHP questionnaire model.
Figure 4. AHP questionnaire model.
Applsci 15 04169 g004
Applsci 15 04169 g005
Figure 5. Joint comparison of criteria by the seven experts.
Figure 5. Joint comparison of criteria by the seven experts.
Applsci 15 04169 g005
Applsci 15 04169 g006
Figure 6. Standardized matrices for criteria.
Figure 6. Standardized matrices for criteria.
Applsci 15 04169 g006
Applsci 15 04169 g007
Figure 7. Vector “consistency”.
Figure 7. Vector “consistency”.
Applsci 15 04169 g007
Applsci 15 04169 g008
Figure 8. Insertion of the prioritization data of the criteria into Super Decisions Software.
Figure 8. Insertion of the prioritization data of the criteria into Super Decisions Software.
Applsci 15 04169 g008
Applsci 15 04169 g009
Figure 9. Final AHP result in Super Decisions Software.
Figure 9. Final AHP result in Super Decisions Software.
Applsci 15 04169 g009
Applsci 15 04169 g010
Figure 10. Methodological course of research versus results achieved.
Figure 10. Methodological course of research versus results achieved.
Applsci 15 04169 g010
Table 1. Supply chain risk classification.
Table 1. Supply chain risk classification.
ProcessRisk
PlanStrategic
Inertia
Information
Capacity
SupplyDemand
Supply
Finance
Relationship
ProduceOperation
Rupture
DeliverCustomer
ReturnLegal
OthersEnvironmental
Culture
Source: Rangel, de Oliveira, and Leite [49].
Table 2. Experts who participated in the Delphi method.
Table 2. Experts who participated in the Delphi method.
Supplier CodeYears of Professional
Experience		Years in Supply ChainCurrent Position
1103Engineering Analyst
265Quality Supervisor
31910Quality Manager
4228Head of Engineering
5166Quality Manager
6127Logistics Analyst
7138Logistics Supervisor
872Quality Analyst
9104Logistics Supervisor
1053Engineering Analyst
11136Quality Technician
12169Head of Quality Systems
13208Logistics Manager
14114Logistics Assistant
15104Engineering Analyst
1692Head of Logistics
1753Quality Foreman
1895Production Analyst
1997Production Foreman
2084Logistics Analyst
Table 3. Experts interviewed.
Table 3. Experts interviewed.
ExpertPositionProfessional Experience
1Quality Manager16 years
2Logistics Supervisor15 years
3Head of Quality Systems9 years
4Buyer8 years
5Engineering Supervisor18 years
6Engineer13 years
7Engineer15 years
Table 4. Delphi first round for the fourteen applicable/highly applicable tools of ISO 31010.
Table 4. Delphi first round for the fourteen applicable/highly applicable tools of ISO 31010.
Risk Management ItemsQuantityPercentage
Failure mode and effect analysis (FMEA)20100%
Business impact analysis (BIA)20100%
Cause and consequence analysis1890%
Structured what if technique (SWIFT)1785%
Consequence/probability matrix1785%
Hazard and operability studies (HAZOP)1155%
Cost/benefit analysis840%
Scenario analysis420%
Multi-criteria decision analysis (MCDA)420%
Risk index315%
FN curves210%
Environmental risk assessment15%
Reliability centered maintenance00%
Human reliability analysis (HRA)00%
Table 5. Delphi second round result.
Table 5. Delphi second round result.
Risk Management Techniques:12345Total Score
Cause and consequence analysis 21898
Business impact analysis 51595
Failure mode and effect analysis (FMEA) 71393
Structured what if technique (SWIFT) 81292
Consequence/probability matrix 91191
Multi-criteria decision analysis (MCDA)812---32
Cost/benefit analysis1082--32
Risk index911---31
Hazard and operability study (HAZOP)1181--30
Scenario analysis155---25
FN curves155---25
Environmental risk assessment182---22
Table 6. Vector “priority” consolidated for criteria.
Table 6. Vector “priority” consolidated for criteria.
Consolidation
Identification0.56
Analysis0.20
Evaluation0.24
Table 7. Joint matrix of Expert 1 for the “Identification” step.
Table 7. Joint matrix of Expert 1 for the “Identification” step.
E1C/P MatrixFMEASWIFTBusiness Impact Analysis (BIA)C. C. Analysis
C/P matrix11/71/511
FMEA71133
SWIFT51133
BIA11/31/311
C. C. Analysis11/31/311
Table 8. Normalized matrix of Expert 1 for the “Identification” step.
Table 8. Normalized matrix of Expert 1 for the “Identification” step.
E1C/P MatrixFMEASWIFTBIAC. C. AnalysisRelative Priority *
C/P matrix0.070.050.070.110.110.082
FMEA0.470.360.350.330.330.368
SWIFT0.330.360.350.330.330.341
BIA0.070.120.120.110.110.105
C. C. Analysis0.070.120.120.110.110.105
* Any differences of 1.00 in the sum of each column refer to rounding.
Table 9. Consistency test matrix for Expert 1 in the “Identification” step.
Table 9. Consistency test matrix for Expert 1 in the “Identification” step.
E1C/P MatrixFMEASWIFTBIAC. C. AnalysisVector WeightVector
Consistency		λ MaxCICR
C/P matrix0.080.050.070.100.100.415.035.080.022%
FMEA0.570.370.340.310.311.915.20
SWIFT0.410.370.340.310.311.755.12
BIA0.080.120.110.100.100.535.04
C. C. Analysis0.080.120.110.100.100.535.04
Table 10. Aggregation of individual priorities for Identification step.
Table 10. Aggregation of individual priorities for Identification step.
TechniqueIdentification *
C/P matrix0.10
FMEA0.44
SWIFT0.26
Business impact analysis0.09
C. C. Analysis0.10
* Any difference of 1.00 in the sum of the column refers to rounding.
Table 11. Aggregation of individual priorities of the seven experts.
Table 11. Aggregation of individual priorities of the seven experts.
TechniqueIdentification *AnalysisEvaluation *
C/P matrix0.100.090.12
FMEA0.440.280.34
SWIFT0.260.210.33
Business impact analysis0.090.190.12
C. C. Analysis0.100.230.10
* Any differences of 1.00 in the sum of each column refer to rounding.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

de Oliveira, U.R.; Brasil, T.F.; Aprigliano, V.; Santos, C.R.d.; Lima, G.B.A. Evaluation of ISO 31010 Techniques for Supply Chain Risk Management in Automotive Suppliers. Appl. Sci. 2025, 15, 4169. https://doi.org/10.3390/app15084169

AMA Style

de Oliveira UR, Brasil TF, Aprigliano V, Santos CRd, Lima GBA. Evaluation of ISO 31010 Techniques for Supply Chain Risk Management in Automotive Suppliers. Applied Sciences. 2025; 15(8):4169. https://doi.org/10.3390/app15084169

Chicago/Turabian Style

de Oliveira, Ualison Rébula, Tommy Figueiredo Brasil, Vicente Aprigliano, Ciro Rodrigues dos Santos, and Gilson Brito Alves Lima. 2025. "Evaluation of ISO 31010 Techniques for Supply Chain Risk Management in Automotive Suppliers" Applied Sciences 15, no. 8: 4169. https://doi.org/10.3390/app15084169

APA Style

de Oliveira, U. R., Brasil, T. F., Aprigliano, V., Santos, C. R. d., & Lima, G. B. A. (2025). Evaluation of ISO 31010 Techniques for Supply Chain Risk Management in Automotive Suppliers. Applied Sciences, 15(8), 4169. https://doi.org/10.3390/app15084169

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop