Supply chain risk management and risk ranking in the automotive industry

https://doi.org/10.1590/0104-530X3800-20 Abstract: Supply chain risk management (SCRM) has a strong influence on the cooperation among partners and the performance of the entire production chain. A supply chain designed to minimize risks enables firms to establish a competitive position and provides long-term benefits to stakeholders. The SCRM system should be structured to manage both routine and extraordinary risks, such as natural disasters and major accidents. The risks should be managed both reactively, by monitoring changes in the chain, the needs of customers, technology and the strategies of suppliers and competitors, among others, to enable quick reaction to events; and proactively, to identify risks and implement actions to prevent them or minimize their impacts. The basic risk management process consists of identifying, evaluating, mitigating and controlling risks. The objective of this paper is to analyze how a carmaker identifies and manages the risk factors in its supply chain. To achieve this aim, we performed a qualitative, applied and exploratory field study of a Brazilian automaker. The data were collected by structured interviews, and the analytic hierarchy process was applied to rank the risk factors, resulting in a risk matrix that can be an instrument for making decisions by the problems, transport within the chain, information system problems, cultural differences, strategic, production capacity, infrastructure, service level, organizational, and other problems.


Introduction
According to Trkman & McCormack (2009), a company can achieve a competitive advantage by establishing a resilient supply chain that can adapt to changes in the business environment. A resilient supply chain is necessary to assure continuity of operations, as noted by Hendricks et al. (2009), who based on interviews with more than 150 executives found that 73% of the firms had experienced a supply interruption for some reason, and of these, 48% expected the risk of rupture to increase in the next three years.
Some conditions have been mentioned as increasing the vulnerability of supply chains over time and exposure to the resulting risks, among them: i) spatially dispersed links; ii) increasing interdependence of firms; iii) growing size and complexity of chains; iv) shorter product life cycles; v) uncertainty of the business climate (Colicchia & Strozzi, 2012); and vi) operational contingencies (Kleindorfer & Saad, 2005), such as damage to equipment, systemic failures and abrupt discontinuity of a supplier.
Problems in supply chain management (SCM) can lead to large losses, as happened in the previous decade to Boeing, Cisco and Pfizer, which suffered losses of US$ 2 billion, US$ 2.25 billion and US$ 2.8 billion, respectively (Hunt et al., 2010). Other examples of losses caused by supply chain failures can be found in Kern et al. (2012) and Sodhi et al. (2012).
According to Ghadge et al. (2012), the sources of risk are numerous and can originate within the company itself or in its business environment, so that risk management is becoming an integral part of holistic supply chain management projects (Christopher & Lee, 2004), giving rise to the name supply chain risk management, or SCRM.
The theme is rapidly gaining importance, both from the academic standpoint, with new challenges prompting researchers to investigate the question, and from the practical standpoint, because of the potential to improve the performance of the various stakeholders involved, generating greater competitiveness and sustainability of supply chains. Like all processes, SCRM has steps to be followed. Various authors, such as Pfohl et al. (2010), Li (2012), Rangel et al. (2014), Guo (2011), Norrman & Jansson (2004) and Kern et al. (2012), have described a process consisting of four steps: identification, evaluation, mitigation and control.
As observed by Kern et al. (2012), a crucial step for managing supply chain risks is classification of the sources of risk after their identification, to allow prioritizing risks so as to allocate scarce resources optimally to minimize those with the greatest possibility of generating losses. For Shi (2004), ranking of the sources of risk not only helps to determine which risks require immediate action, but also to provide elements by which the sources of risk can be managed individually.
To reach decisions among multiple alternatives, it is necessary to make comparisons and determine priorities. For this purpose, the analytic hierarchy process (AHP), developed by Saaty (1977), is widely used (Ishizaka & Labib, 2011). In this context, the research question addressed here is: "What are the supply chain risk factors that an automaker most needs to control? For this purpose, we examined how a Brazilian carmaker identifies and manages the risks related to its supply chain, by applying the AHP.
According to Norrman & Jansson (2004), after identifying and analyzing the sources of risk, it is necessary to prioritize them since the number is huge, to allow developing an appropriate action plan with emphasis on those that are most relevant in terms of chances of occurrence and/or potential for generating losses. As stated by Hallikas et al. (2004), firms' resources are limited, so it is necessary to formulate prevention or mitigation actions based on a hierarchical scale.
Our aim is to demonstrate a practical application of how to assess sources of risk in companies, so that management professionals can use it as a guide to make decisions involving supply chain risk management.

Theoretical framework
This section presents a brief review of the literature on the main themes that are addressed in this study.

Supply chains and supply chain management
According to Mentzer et al. (2001), a supply chain is a set of three or four parties (organizations or individuals) that are directly involved from the start to finish of the flow of inputs, services, financing and/or information from a supplier to a consumer. This concept is important, because competition in the market is not among autonomous entities, but instead among chains, and the final success of each company depends on its ability to administer its complex network of commercial relations (Lambert & Cooper, 2000).
Thus, it is necessary to understand the supply chain not only as a relation between a supplier and customer, but an interconnected network, where the quality, cost and risk of a product offered is a function of the performance of this entire network. The same authors also affirm that making decisions regarding supply chains stands apart because it involves various members, each one playing a role and aggregating value to the final result. Therefore, each decision made by a single link has repercussion along the whole chain (Trkman & McCormack, 2009). For this reason, management of the network is highly relevant for companies (Lambert et al., 1998).
Supply chain management involves managing the multiple relationships that occur along the chain. It is a process that offers the opportunity to capture intra and inter-organizational synergies to assure the excellence of the business processes and efficient relations with the members (Lambert & Cooper, 2000).
According to Mentzer et al. (2001), Rao & Goldsby (2009) and Blos et al. (2009), supply chain management involves strategic and systematic coordination of traditional business activities inside and outside the firm, with the objective of improving the performance of the chain as a whole. And Boyson (2014) adds that this process includes managing production operations and other activities, such as marketing, sales, product design and financing.
In turn Trkman & McCormack (2009) have a broader definition, according to which supply chain management (SCM) is a set of multifunctional and multidisciplinary activities that involve not only tangible physical aspects, but also intangible aspects like behavior. They also consider SCM to be a relationship involving proactive integration among the various members of the chain.

Risks and their management in supply chains
The particular and complex characteristics of supply chains require tailor-made risk management actions, given that the unit of analysis is a business relationship among several companies that are susceptible to different risks (Pfohl et al., 2011).
Risk has a huge range of definitions depending on the field of research. These can be found in the literature on risk in the areas of finance, marketing, management and psychology among others (Wagner & Bode, 2008). Another characteristic presented by these and other authors, such as Pfohl et al. (2010), is that a constant dichotomy exists between a purely negative risk and one that can also provide an opportunity.
Specifically in supply chains, risk is generally perceived for its undesirable consequences (Norrman & Jansson, 2004;Khan & Burnes, 2007;Trkman & McCormack, 2009;Hallikas et al., 2004;Tuncel & Alpan, 2010;Kern et al., 2012), so that its negative character prompts the need for its management. Goh et al. (2007) and Tummala & Schoenherr (2011) employ a specific concept for risk in supply chains, according to which it is the potential occurrence of an incident, associated with failings of suppliers that can result in the inability to meet demand correctly and/or safely. Pfohl et al. (2011) and Kanyoma et al. (2013) add that the satisfaction of demand can be in terms of aggregate value, cost, time or quality.
It is possible to identify in the literature business trends and other reasons able to make the chain more vulnerable, such as opportunities to compete globally, increasing the exposure of the chain and adding new risk dimensions. According to Thun & Hoenig (2011), firms are forced by current trends to think about global markets, both regarding customers and suppliers. While internationalization provides opportunities to increase revenues and lower costs, it also raises the complexity of supply chains, and hence their vulnerability to risks and the difficulty of managing them.
Further regarding vulnerability, Ritchie & Brindley (2007b) state that the number of members of the chain and the level of interdependence among them increase the sources of risk. Because of this characteristic, Shi (2004) argues that supply chain risks are very difficult to identify due to the complex interactions of their members.
For Cheng et al. (2012) and Norrman & Jansson (2004), risk management is a process where decisions are made to accept, avoid, transfer or share a known risk, or also to implement actions to reduce the consequences or probability of occurrence of an adverse event.
Blome & Schoenherr (2011) expand the scope by stating that risk management is a process that needs to be applied inside and outside the company with the objective of identifying potential events that can affect it and dealing with the risk so as to assure reaching the company's objectives. Norrman & Jansson (2004) consider the sharing of risks and rewards to be a key factor for the continuity and good performance of supply chains, hence there is a need to explore this aspect with greater rigor. Thun & Hoenig (2011) add that the consequences of supply interruptions go beyond financial losses and include harm to the firm's reputation and loss of demand.
In particular, according to Trkman & McCormack (2009), supply chain risk management (SCRM) is an offshoot of supply chain management whose study has been gradually attracting more attention, to analyze the theoretical imperatives and practical needs to mitigate the risks to which supply chains are subject.
Some aspects that increase interest in the subject are mentioned by Ritchie & Brindley (2007a), among them strategies and structures related to chains, which are growing quickly and evolving in the effort to find competitive advantages. Despite the benefits, technological advances pose a certain threat to existing supply chains.
In turn, Kamalahmadi & Parast (2016) consider SCRM to involve identification of potential sources of risk and implementation of appropriate strategies to reduce vulnerability to them, through concerted actions among the chain's members. Lavastre et al. (2012) add to those concepts by saying that SCRM implies assessment of the risks that can affect the flows of information, materials and money, and involves agility to identify risks in advance or to react to them to reduce the adverse effects.
Regarding the relevance of the theme, Xia & Chen (2011) believe that SCRM has a strong influence on the establishment of cooperation among commercial partners and the performance of the entire chain. In turn, Scannell et al. (2013) conclude that a focus on managing risks in supply chains establishes a competitive position and long-term benefits to stakeholders. Opportunities to compete globally increase the exposure of chains and add new risk dimensions: Thun & Hoenig (2011) state that firms are forced by current trends to think globally, both in terms of customers and suppliers. Wiengarten et al. (2016) point out some of the advantages of globalization to supply chains, such as access to new sources of raw materials and more specialized and/or cheaper labor and better installations for production and distribution in strategic markets. However, despite the opportunities for higher revenues and lower costs, internationalization increases the complexity of chains, and hence the vulnerability to risks, making them harder to manage. Zeng & Yen (2017) affirm that while global operations substantially reduce costs, they also make supply chains more vulnerable to risks. Pfohl et al. (2010) state that the costs are significantly higher to coordinate dispersed chains. Jia & Rutherford (2010) add that the factors related to cultural adaptation are another source of risk of global chains. The distance and dispersion between their members increase the risks of interrupted flows, such as due to the longer transportation distances (Giunipero & Aly Eltantawy, 2004). Thun & Hoenig (2011) add two other important factors that make global chains more complex: fluctuating exchange rates and import/export regulations;

Factors that generate supply chain risks and their classification
• Increasing interdependence of members: Solid partnerships are important positive factors for companies, by reducing transaction costs, allowing firms to concentrate on their core activities and facilitating access to technology and information (Hallikas et al., 2004). However, this interdependence can also pose risks, such as resistance to change, disagreement over practices among the members and relationship conflicts. Moreover, there is a much greater need for efficient and reliable information and production systems. Blome & Schoenherr (2011), in their study of supply chain risk management during periods of financial crisis, detected evidence of a higher number of bankruptcies in 2008 and 2009 (financial crisis in the USA) compared to previous years, suggesting a chain reaction, explained as the consequence of increasing interdependence; • Outsourcing: According to Chatterjee & Kar (2016), outsourcing has become a very effective strategy for firms to focus on their core business. Among the advantages are reduction of labor costs and more specialized attention by outside parties to non-core activities. Tang (2006) and Thun & Hoenig (2011) explain that outsourcing makes companies increasingly interdependent and the respective supply chains harder to control. The occurrence of accidents and other risks affecting suppliers can cause large losses. For example, in 2001 Land Rover had to spend millions of dollars to prevent the shutdown of production and loss of 1,500 jobs due to the bankruptcy of a supplier; • Strategies like Lean Six Sigma and Just in Time: According to Norrman & Jansson (2004) and Thun & Hoenig (2011), these methods are efficient and implementing them has become a factor of status of companies, often seen as the only way to remain competitive. However, the authors point out that this makes supply chains more vulnerable, because, as also noted by Pfohl et al. (2010), the reserve stocks of input materials and/or finished products can be insufficient in case of a disruption in the chain, jeopardizing revenues, image and trust of customers. Kirilmaz & Erol (2017) state that supply chain managers typically focus mainly on cutting costs, overlooking the importance of continuity and resilience of the supply chain, which also has significant impacts on costs; • Reduction of the base of suppliers: Wagner & Bode (2008) and Norrman & Jansson (2004) highlight the risks of this strategy to business continuity, since firms should not only be concerned with risks related to their own continuity, but rather that of the entire chain. Another risk related to reducing the base of suppliers is the lead time required by each of them. According to Bandaly et al. (2016), companies face substantial increases in risks of shutting down production lines, and thus reducing their return on investments, when they have a single supplier and there are changes in its lead time; • Natural and/or manmade disasters: According to Norrman & Jansson (2004), one of the aims of supply chain risk management is to avoid the effects of natural disasters or other events that interrupt the flows in the chain, such as Hurricane Floyd in North Carolina (USA), which flooded farms and interrupted the supply of food for seven days, and a fire in 1997 that forced Toyota to close 18 factories for two weeks, at a cost of US$ 195 million in direct expenses for supply chain adjustments and US$ 325 million in lost vehicle sales. Tang (2006) cites as examples Ericsson, which lost US$ 400 million also due to a fire in a supplier's plant, and Apple, which had to shut down production after an earthquake in Taiwan that interrupted the supply of chips. Ebrahim Nejad et al. (2014) mention the widespread supply chain interruptions due to the terrorist attacks on September 11, 2001 due to the grounding of air traffic, including Ford, which had to stop production at five plants. Ghadge et al. (2012), Giunipero & Aly Eltantawy (2004) and Mentzer & Manuj (2008) all mention that interest in the theme among academics increased after the September 11th attacks. Shi (2004)  Several researchers have classified the various types of supply chain risks, as presented in Chart 1.
Chart 1. Classification of supply chain risks.

Authors
Classification (Pfohl et al., 2011) Internal risks of the company, external risks inside the supply chain, and risks outside the chain. (Singhal et al., 2011) Risks with operational, market, strategic, product or mixed characteristics. (Khan & Burnes, 2007) Technological or strategic risks. (Wagner & Bode, 2008) Risks of demand; supply; regulatory, legal or bureaucratic; infrastructure; and catastrophes. (Ghadge et al., 2012) Organizational risks; inventory risks; process or operational risks; quality risks; network, relationship risks; environmental risks. (Rangel et al., 2014) Development of 20 risk classifications, and identification of 56 types of risks within the classifications, to support the process of possible mitigation. The categories are: production flow, relationships, competitiveness, global problems, main competency problems, lack of control of the external environment, regulatory and legal, financial market, financial capacity, demand forecast, logistic problems, transport within the chain, information system problems, cultural differences, strategic, production capacity, infrastructure, service level, organizational, and other problems.
Source: The authors.

Classification of the study
This study can be classified as having a qualitative approach, because according to Gerhardt & Silveira (2009), in this type of study the researchers are subjects and objects at the same time, and the objective is to produce in-depth and illustrative information from a sample, whether large or small. And according to Minayo (2001), qualitative research involves examination of the universe of meanings, motives and attitudes, in line with the design of this study.
It is also an applied study, because it generates knowledge for practical application, aimed at solving specific problems. With respect to objectives, it can be considered an exploratory study, which generally involves literature review, interview with people to elicit their practical experiences and analysis of examples to facilitate understanding (Gil, 2002).
According to the technical procedures employed, this is a case study. According to Miguel (2007), a case study is a type of history of a phenomenon, extracted from sources of evidence where any relevant fact to the events is a target of analysis. The procedures are described next.

Procedures
Step 1: Literature Review -We conducted a bibliographical search for relevant articles using the Web of Science™ database, filtered by topic (considering the title, abstract and keywords): "Supply Chain Risk Management", and also filtered by article type and by language (English and Portuguese). Of the 145 articles found, we read 130.
Step 2: Case Study -We formulated a structured questionnaire considering the risk taxonomy presented in Chart 2. This taxonomy was prepared based on the literature covering SCRM and the questionnaire was applied in an automotive company.
Chart 2. Risk taxonomy used in the study.

Risks Description Authors
Supply Based on disturbances in the flow between the firm and supplier, any risk that keeps the supplier from delivering inputs reliably.

Discrete
Among the risks exogenous to the chain are discrete events, generally unforeseeable and with large negative impacts, such as terrorist attacks, contagious disease outbreaks and natural disasters.

Operational
These risks are related to technical failures, losses during the production process, alterations in production and technological changes, etc. Diabat et al. (2012), Tang (2006), Shi (2004).

Rupture
These risks are associated with disruptions caused by natural catastrophes and human actions, such as terrorist attacks, earthquakes, floods, hurricanes, etc. They can be caused by a single factor or a set of factors.
The questionnaire had items associated with the six risk categories identified above. The respondent was asked to assign a score of the gravity of each source of supply chain risk faced by the company, from 1 to 5, where: 5= critical; 4 = high; 3 = moderate; 2 = low; and 1 = negligible. Other questions were included to ascertain the respondent's opinions on the frequency of each risk and the possibilities of treatment.
This instrument was first tested on two experts (PhDs) in the logistics area to obtain feedback for improvements.
Step 3: Data Treatment -To analyze the ranking of the criteria, we used the analytic hierarchy process (AHP), developed by Saaty, which is a multi-criteria method to support decision-making (Saaty, 1977). According to Ishizaka & Labib (2011), the AHP is widely used by companies to address problems involving relevant decisions.
The AHP method uses pairwise comparison to measure the level of importance among criteria or alternatives. These comparisons are converted into numbers to calculate the respective weights for making decisions, as explained by Bernasconi et al. (2010) and Dong et al. (2008).
According to Zahedi (1987), Moran et al. (2007) and Swait & Adamowicz (2001), the method requires less cognitive effort to compare pairs of attributes. The application of the AHP can be divided into four steps, as described by Colin (2007): 1. Representation of the hierarchy: development of the decision-making hierarchy associated with the various related levels; 2. Comparison of pairs: analysis of preferences related to each decision element of each hierarchical level; 3. Eigenvalue calculation: estimation of the relative weights of the decision elements of each hierarchical level and evaluation of the consistency of the pairwise comparison; 4. Aggregation of priorities: aggregation of the relative priorities to assess the result obtained in relation to the objective.
We chose to use a separate comparison matrix for each of the criteria. Since this comparison was carried out according to the gravity (impact) attributed to each source of risk mentioned by the respondent, we created a chart for comparison of the possible scores (1 to 5), based on the scale of Saaty, presented in Chart 3.  The respondent was presented with various sources of risks, divided into the six categories identified in Chart 2, allowing them to attribute a score from 1 to 5 according to the gravity. Since the AHP involves pairwise comparisons, we prepared Table 1, which relates the scores from 1 to 5 to the Saaty scale. For example, when a source of risk was assigned a score of 2 and another one a score of 1, since 2 is slightly greater than 1, this pairwise relationship was assigned a value of 3 on the Saaty scale. After forming the comparison matrix, we computed the priority vector of each of the criteria and tested the consistency of each of them to validate the results found. After the consistency tests, we ranked the sources of risk within their categories.

Empirical literature applying SCRM in the automotive industry
For this purpose we searched for empirical studies of individual automakers or groups of carmakers, to obtain a base for comparison with the results of this study, presented in section 4.2. Thun & Hoenig (2011) conducted an empirical analysis of the supply chain risk management practices in 67 German automotive companies. Their aim was to investigate the vulnerability of supply chains and identify the main risks, as well as to estimate the probability of occurrence of risks and their potential impact on the supply chain. The study differentiated the companies regarding their risk management approach: preventive or reactive. The results showed that the firms with a preventive approach tended to have greater flexibility and larger security inventories, while firms with a reactive stance obtained better results regarding resilience of the chain in moments of interruption. Besides this, the authors mentioned the tendency for globalization in terms of both supply and demand and the huge product mix variety were important risk factors for the chains, increasing their predominant characteristic of vulnerability. Another conclusion was that firms with low levels regarding risk management instruments obtained worse results with respect to resilience to external interruptions, flexibility and ability to react.
Another empirical study was that of Shahbazi et al. (2013), who after a literature review found 16 sources of risk, divided between internal and external to the company, and then applied this framework to Volvo in Sweden. The authors presented the following sources of risk: Of the risks presented, increase in raw material price, breakdown of equipment and failure of suppliers were tied for first place among those with the greatest negative impact on the company studied there.
Tainton & Nakano (2014) conducted a study with another focus, to identify behavioral patterns of the supply chain under the effect of extreme events, such as financial crises and large earthquakes. The focus was on companies in the automotive sector in Japan in the period from January 2006 to December 2012, which includes the financial crisis of 2008, the Tohoku earthquake in 2011.
Another study that can be mentioned is that of Chen et al. (2016), who empirically investigated the criteria for selection of suppliers using global performance measurements to identify optimal supply resources and locations in an uncertain environment of a company in the automotive sector. That study found that the proposed global measurement process can lead to a more resilient supply chain by mitigating the effects of unexpected risks. And in line with the other articles mentioned, they found that the strategy of having a small base of suppliers or a single one for a determined input makes the firm more vulnerable.
The theme of a more robust method to select suppliers has relevant space in the literature on supply chain risk management. Another example is Cagnin et al. (2016), who also conducted an empirical study in the automotive industry, but using the FMEA method to select suppliers. They stated that companies that have a systematic supplier selection method obtain the main advantage of identifying potential risks before contracting a supplier.
A study with a distinct focus in relation to others is that of Davarzani et al. (2015), who investigated the impacts of political and economic risks on the supply chains of companies in the automotive sector. It was conducted in a developing country, described by the authors as having suffered strong political and economic sanctions in the previous 30 years. More specifically, they examined the largest automotive company in the Middle East. The authors found that the financial and material flows of the supply chain were immediately influenced by political and economic factors, and that the impacts were aggravated by the fact the company in question relied on a large number of international connections. They also stated that supply chain risks can affect operational, tactical and strategic aspects. Finally, they mentioned that one of the contributions of the work was to provide empirical evidence regarding developing countries, which are becoming increasingly important in supply chains in many sectors.
Finally, the study of Ceryno et al. (2014) presented an "initial risk" profile of the supply chains of three Brazilian automotive companies, segmented in two categories of risks, one related to the product mix and the other production volume. Our results (see section 4.2) expand the results of those authors.

Results of the case study and their analysis
We considered that all the risks had the same importance, so we did not compare them. Regarding the sub-criteria, we conducted pairwise comparison to measure the importance of each risk factor. This comparison is presented in the form of matrices in this section, accompanied by priority vectors for each criterion, in line with the AHP method. The priority vectors were validated after determining the consistency rate of each matrix, which were all under 0.10. Tables 2, 3, 4, 5, 6 and 7 show these results.
• Supply: For this criterion, the risk factor with highest priority was delivery (0.6). This is in accordance with the data gathered, since the respondent assigned a score of 5 (scale of 1-5). Besides this, when asked about the frequency, the respondent stated that late delivery occurs daily and is a risk that can be avoided. Therefore, among the sub-criteria (late delivery, product outside specifications and incorrect quantity), delivery delay could be at the top of the list in a mitigation plan. Table 2 reports these results. These results are in line with the literature, especially the study of Shahbazi et al. (2013), who reported supplier failures and quality problems to be among the three main risks found in an empirical study in an automotive company.
• Environmental: With respect to this criterion, the sub-criterion with the highest priority vector value was normative changes. The respondent stated that the gravity of this sub-criterion was 5, while strikes and economic crises had score of 3, in his opinion. The respondent also stated there are two types of normative changes: internal, from the company's or its parent company's management, and external, in the form of changes in the legislation applicable to the sector. Since in these cases, large structural and procedural changes in the company can occur, the impact on the supply chain can be critical. The respondent gave a score of 3 for strikes and political crises. These sub-criteria can affect any company and are not susceptible to internal control, so that the company should trace out strategic measures to circumvent or minimize the impacts. Table 3 reports these results. According to the literature consulted, these risks can be classified as external, following the logic of Shahbazi et al. (2013). Normative alterations had the highest priority vector in the environmental category, which is in line with the study of Davarzani et al. (2015), who prioritized political and economic risk factors, such as restrictive sanctions.
• Discrete: This criterion has three sub-criteria: terrorist attacks, natural disasters and contagious diseases. Among them, terrorist attacks and natural disasters obtained the same relative priority (0.446). In the interview, the respondent stated that the gravity of a terrorist attack would be 5 (highest value on the scale) but that its frequency was "never happened". For contagious diseases, although its gravity was indicated as 3, its frequency was annual. The respondent mentioned a situation where many employees of a large supplier came down with conjunctivitis, which hampered the supply of inputs from that company. Table 4 reports these results. The results regarding discrete risks run counter to the literature. For example, Shahbazi et al. (2013) found the risk of terrorist attacks to be the last in the ranking. In turn, the risk of natural disasters had the same priority vector. This type of risk has been examined in various studies due to its potential to cause large losses in supply chains. Examples are mentioned in section 2.5, of authors who have reported companies that suffered losses due to natural disasters.
• Demand: For this criterion, its two sub-criteria (variations in demand and inventory problems) had equal priority (see Table 5). In the interview, both these sub-criteria obtained a weight of 4 in terms of gravity, and their frequency was considered to be monthly. This explains why the priority values were equal, indicating the company should examine both of these sources of risk and analyze its availability of resources to mitigate them. Volatility of demand and inventory problems presented the same priority vector. In contrast, in the study by Shahbazi et al. (2013), demand volatility is not a priority risk factor and there is no mention of inventory problems. Indeed, the latter aspect is not mentioned in the other studies surveyed, which mention other factors, such as natural disasters and political-economic factors.
• Rupture: The result for this criterion was the same as for demand, in that its two sub-criteria obtained the same relative priority value, and in the interview received the same weight regarding gravity. In this case, the company should analyze its availability of resources to deal with these two risk sources, or find another way to prioritize them. Table 6 reports these results. The risk of the supplier not delivering the needed material can be classified in the study of Shahbazi et al. (2013) as a supplier failure or delivery interruption in the chain. Due to the distinction between the items proposed here and with those of the other authors, it was not possible to appropriately compare these results. However, our study has the originality of including the failure to exchange information in this risk category, indicated by the respondent as being equally relevant as failure to deliver material by the supplier, because the respondent considered contact with the members of the chain to be essential for its continuity and efficiency.
• Operational: This criterion has the largest number of sub-criteria, the first of which is alterations in production. In the interview, this factor received the highest weight in terms of gravity, although its frequency was weekly, while the other sub-criteria were reported to have daily frequency, but lower severity. The alterations in production involve changes in its planning and control. This affects not only the receipt of supplies by the company, but also all its other processes. Planning and control of production starts with alteration of the production lines, which need to be adjusted to produce more or less. The inventory control team needs to verify whether the stock of inputs is sufficient to increase production or if reduced production will cause an overload of inputs. If insufficient stock is available, the procurement team will have to contact the suppliers to find out if they can meet the new demand, and the logistics team will have to verify the possibility for the supply to reach the factory within the necessary time frame (Table 7).  Technical failures, equipment breakdowns and technological changes are risk sources also cited by Shahbazi et al. (2013), but we added other operational risks found in the literature, namely losses during the production process and alterations of production, the latter having the highest priority vector, mentioned by the respondent from the target company as a major hurdle to the continuity and planning of the supply chain.
The final ranking of the risk factors is shown in Figure 1.

Conclusion
The results of the survey indicated the factors considered by the respondent to have the highest priority in each category, as can be observed in the boxes in Figure 1. For example, delivery delay had a priority of 0.6 while failure to deliver material had a priority of 0.5.
In general, the objective of the study was achieved, of ranking the risk factors by applying the AHP. It is a technique to support decisions, and the results can serve to help not only the company studied, but other researchers and practitioners, who can use it to prioritize risk factors. Considering the attributes of risk (frequency and gravity), it is possible to establish a work flow in companies to analyze and measure risks.
The literature on SCRM describes the steps for risk management, namely identification, evaluation, mitigation and control. In line with these steps, to conduct an AHP it is first necessary to identify the risk factors. This can be done through brainstorming or by consulting historical data on the company's operations. Each area of the firm should be heard to identify these factors.
Next, evaluation is necessary, as presented in the theoretical framework, to prioritize the criteria/sub-criteria by comparing the probabilities and consequences. The questionnaire used in the interview indicates the attributes of the risk factors, to enable their evaluation. This is the step of risk management where the AHP contributes the most. Based on the identification of the risk factors and their attributes, a method is necessary to evaluate them. This can be done subjectively, based on the experience and gut feeling of the professionals involved, but this can lead to a biased assessment.
The AHP offers a mathematical model for this evaluation, reducing its subjectivity and indicating the risk factors that should be prioritized, since firms have limited financial and human resources and time and cannot give equal attention to mitigation of all the risk factors of their supply chains.
As a limitation of this study, the analysis was based on an interview with a single person, whose vision is intrinsic to his particular activity and is thus subject to his opinion regarding the risk criteria presented.
Opportunities for future research, since the company studied is part of an automotive cluster, would be to analyze the other companies so as to obtain more general results applicable to that sector, or to analyze other sectors for comparison purposes.