key: cord-0849928-8e5ssf8b authors: Choudhary, Nishat Alam; Singh, Shalabh; Schoenherr, Tobias; Ramkumar, M. title: Risk assessment in supply chains: a state-of-the-art review of methodologies and their applications date: 2022-05-03 journal: Ann Oper Res DOI: 10.1007/s10479-022-04700-9 sha: f886cb3ee3291acabcee84b80e0e05a94107004b doc_id: 849928 cord_uid: 8e5ssf8b The year 2020 can be earmarked as the year of global supply chain disruption owing to the outbreak of the coronavirus (COVID-19). It is however not only because of the pandemic that supply chain risk assessment (SCRA) has become more critical today than it has ever been. With the number of supply chain risks having increased significantly over the last decade, particularly during the last 5 years, there has been a flurry of literature on supply chain risk management (SCRM), illustrating the need for further classification so as to guide researchers to the most promising avenues and opportunities. We therefore conduct a bibliometric and network analysis of SCRA publications to identify research areas and underlying themes, leading to the identification of three major research clusters for which we provide interpretation and guidance for future work. In doing so we focus in particular on the variety of parameters, analytical approaches, and characteristics of multi-criteria decision-making techniques for assessing supply chain risks. This offers an invaluable synthesis of the SCRA literature, providing recommendations for future research opportunities. As such, this paper is a formidable starting point for operations researchers delving into this domain, which is expected to increase significantly also due to the current pandemic. In late 2019, the novel coronavirus emerged and within a period of a few months spread across the globe causing humanitarian, economic and supply chain crises. With many observers (McKinsey, 2020a; Mishra, 2020) considering it as a black swan event due to its unpredictability and severe impact, what is of concern is that such black swan events have been happening more frequently in the recent past. For example, in the timespan between 2000 and 2010 we witnessed several low-probability events that significantly impacted supply chains, including the 2008 recession, SARS, the Indonesian Tsunami, and the Swine Flu (McKinsey, 2020b) . The occurrence of such events multiplied in the last decade, especially in the last 5 years. The zika virus, Brexit, hurricanes (e.g., Harvey, Maria and Irma), trade conflicts (e.g., between Japan and South Korea, and between the US and China), and the Australian wildfires are just some of the significant events that occurred. Researchers attribute this remarkable increase in supply chain risks and disruptions to the increasing uncertainty and complexity associated with global supply chains (Ivanov, 2020; Ivanov et al., 2017; Katsaliaki et al., 2021; Pournader et al., 2020; Sharma et al., 2021) . As such, the business environment today is much different than that in the past (cf. Choi et al., 2016) , and is destined to change at an even faster rate. A majority of associated potential risks can be classified as catastrophic (Wagner & Bode, 2008) , and include natural catastrophes, political tensions, regional instabilities, and epidemics. What makes these risks particularly challenging is their interconnectedness with other supply chain risks. While the noted black swan events are unlikely but highly impactful, what cannot be neglected as part of a comprehensive supply chain risk management (SCRM) approach are risks of various types and flavours, ranging from the delivery of a wrong part from a supplier to a line shutdown-any of these has the potential to wreak havoc and affect other risks rendering careful risk assessment paramount. Along similar lines, the 'Global Risk Report 2020' (World Economic Forum, 2020) , which identified 30 risks that can have a significant negative impact across countries, recognizes the inter-connectedness of risks. In an era of globalisation, this interconnectedness causes system complexities (cf. Sharma et al., 2021) , which make the identification and assessment of supply chain risks a difficult undertaking. This is exacerbated by the fact that no disruption is likely the same, necessitating a nuanced and deliberate approach to truly understand how to manage a particular risk (DuHadway et al., 2019) . One way to address these challenges is by considering various ways to classify, categorize, and assess risks (Sodhi et al., 2012) . The rapid rise and prevalence of global risks have led to a proliferation of the supply chain risk literature over the last decade, which has also resulted in various definitions of and perspectives on SCRM (Sodhi et al., 2012) . As such, one of the ways SCRM can be approached is to determine risk sources and associated vulnerabilities, followed by their assessment and mitigation (Hermoso-Orzáez & Garzón-Moreno, 2021; Kleindorfer & Saad, 2009) . Another view considers the link between SCRM and enterprise risk management (Sodhi et al., 2012) , while yet another view takes the perspective of network structure (Kim et al., 2015; Wang et al., 2020) . This existence of multiple perspectives is due to SCRM being multi-disciplinary in nature, and as such, this multifaceted view is needed for a thorough understanding of risk management. This however makes SCRM a complex domain that is not easily deducible, especially by scholars aiming to jump-start an SCRM research agenda. We believe that many may want to do so, given the criticality of SCRM that was brought to the fore again by the pandemic, and thus offering a synthesis of the literature, which we have done in this research, will be helpful. The SCRM literature is broad, and no matter what type of classification is chosen, it will not be fully accurate. Based on the definition provided by Ho et al. (2015) , SCRM is comprised of the stages of risk identification, risk assessment, risk mitigation, and risk recovery or resilience. Risk identification includes the recognition of events or activities that have the potential to cause a direct or indirect negative influence on supply chain performance (Ho et al., 2015) . What needs to be noted in this vein is that the understanding of supply chain performance has widened, and expanded from a mere focus on economic parameters, like benefits and costs, to parameters capturing geopolitical, technological, social, and environmental dynamics (Chaudhuri et al., 2021; Ponomarov & Holcomb, 2009) . Risk assessment refers to the analysis of risks based on stakeholder needs and the objectives of the firm. Risk mitigation then ensues, which involves the systematic deployment of resources to address the risks. Even if they cannot be mitigated, these plans may still be valuable in helping firms recover from the risk effects, making them more resilient. Resilience in the context of SCRM can be understood as an ability of a system to quickly bounce back and reach equilibrium again after a temporary disturbance (Ponomarov & Holcomb, 2009 ). This is also in line with Petit et al. (2010) , who developed a conceptual framework for supply chain resilience, based on vulnerabilities and capabilities, highlighting supply chain risk assessment (SCRA) as a critical aspect of SCRM. Nevertheless, SCRA has been largely neglected in the literature compared to identification and mitigation. Further research in the area of SCRA is thus needed (Giannakis et al., 2022) . We therefore focus on SCRA in this review, with a particular emphasis on the parameters, techniques and characteristics of decision-making methodologies. In doing so, we build on prior literature surveys in SCRM. Specifically, while Ho et al. (2015) updated and compiled definitions of the above SCRM stages, Fahimnia et al. (2015) reviewed quantitative SCRM models. Both studies are comprehensive and serve as milestones for our discipline and foundation for our work. More recently, Xu et al. (2020) and Pournader et al. (2020) published SCRM reviews applying bibliometric and network analysis to develop literature clusters and discover underlying research themes. In addition, Katsaliaki et al. (2021) offered a content analysis of papers on supply chain disruptions and resilience, including an overview of some of the most popular modelling strategies. These papers approach SCRM from a holistic perspective and encourage a further focus on the assessment stage of the SCRM process. We respond to these calls with the present research. Such a focused review is needed, since despite the prevalence of literature reviews on risk management, it is undeniable that SCRM is a maturing topic. What is therefore needed are finer-grained reviews to capture the entirety of the field, highlighting SCRM angles that have not been covered extensively. We therefore focus on the assessment stage, which is a largely overlooked aspect within SCRM. We believe that such a more focused review enables a deeper classification of the literature that will subsequently help the field advance even more. Our review was guided by the framework displayed in Fig. 1 . Specifically, in a first stage, a review of prior relevant literature reviews aided us in the identification of prominent authors and SCRA literature streams, as well as the pinpointing of missing aspects in need of further investigation. For example, Ho et al. (2015) focused on the application of SCRA in different contexts, without however capturing the various decision-making techniques. Similarly, Fahimnia et al. (2015) concentrated on broader aspects surrounding quantitative SCRM models, and also Xu et al. (2020) did not cover the intricacies of decision-making techniques. These are however critical, especially in risk assessment, to help decision makers focus on the most relevant risks (see Table 1 for a comparative analysis). In this vein, we complement the review of Katsaliaki et al. (2021) the provision of citation analyses. As such, we for instance uncover that the chosen decisionmaking technique must also be aligned with the context (which was not always done)-an issue we identified as an area in need of further investigation in the planning stage of our research. This led us to the development of the following three research questions that guided our study: RQ1. What are the major themes in SCRA? RQ2. What are the key parameters on which supply chain risks are assessed? To answer these research questions developed in the first stage of our review, we compiled in the second stage our repository of relevant papers on SCRA. The third stage focused on the bibliometric and visual network analysis of the papers, followed by a critical analysis of the multi-criteria decision-making (MCDM) techniques in stage four. The fifth stage then served as a synthesis of these findings, assimilating a holistic understanding of SCRA and its applied decision-making techniques. Instrumental in this step was in particular the visual network analysis, which is a form of exploratory data analysis (Venturini et al., 2019 ) that led to the generation of network clusters. Since the foundation of the network is based on citations, studies deploying similar decision-making techniques are likely grouped together as they either cite each other or are foundational studies for the specific technique. Exploring these topics by cluster allows us to better understand the application scope of the decisionmaking techniques, offering an invaluable foundation for operations researchers to further advance the domain of SCRA. Within this context, our contributions are three-fold. First, we enhance the overall SCRM literature by concentrating on its early stage of risk assessment. Second, we identify common parameters applied in SCRA decision-making. And third, we critically review the decision-making tools and techniques and map them based on the SCRA characteristics. The remainder of the paper is structured as follows. Section 2 describes the methodology, with Sects. 3 and 4 presenting the bibliometric and network analyses, respectively. Section 5 provides a review of the parameters on which the risks are assessed, Sect. 6 offers an overview of the predominant SCRA techniques, and Sect. 7 of some of the most common SCRA characteristics. Section 8 provides suggestions for a future research agenda, and Sect. 9 concludes. Literature reviews synthesize evidence available in a specific domain, provide the foundation for a cohesive understanding and can serve as a starting point for scholars to focus on the most pressing issues. As such, a synthesis of the literature helps us find out what we know and what we do not, as well as what works and what does not (Booth et al., 2016) . Methods applied for carrying out literature syntheses include critical reviews, citation analyses, content analyses, integrative reviews, meta-analyses, mixed-methods reviews, state-of-the-art reviews, and systematic literature reviews (Booth et al., 2016) . Systematic literature reviews differ from traditional narrative reviews in that they employ a reproducible, scientific, and transparent process that minimizes selection bias while carrying out the literature search (Petticrew & Roberts, 2008) . Some of the review techniques applied in the SCRM literature are captured in Table 1 . In our structured literature review, we followed a three-step iterative process: (I) Identification of appropriate Search Terms and Timeframe It was rather difficult to identify focused SCRA literature using only keyword searches since many SCRA papers do not include "risk assessment" as a specific keyword. As such, we sought guidance from previous review papers listed in Table 1 and commenced with the following first set of keywords: (1) "supply chain risk"; (2) "supply chain" and "risk"; and (3) "supply risk". While we also used a few additional keywords like "uncertainty", "uncertain", and "disruption", since they are closely associated with the risk management domain, their inclusion did not yield any further results. We focused on the literature since 2010 to ensure recency and applicability of the derived conclusions. We searched for the selected keywords in the title, topic and the keywords of articles found in Google Scholar, EBSCO, PROQUEST, JSTOR, Wiley, Emerald, INFORMS, Taylor and Francis, and Elsevier. This yielded a total of 1357 articles. To identify the set of papers that focuses on SCRA, we further narrowed down the results (using Microsoft Excel) by ensuring the title contained one or more of the following terms: (1) "assess", (2) "identify", or (3) "analys*". This resulted in a total of 216 articles. We then scrutinized these articles by reading the abstracts to ensure that the article is indeed about SCRA, while at the same time ensuring that the journals in which the articles are published are part of the Australian Business Dean Council (ABDC) or the Association of Business Schools (ABS) (here, we focused on journals with a rank of 2 or greater) lists. This kind of filtering criterion allows researchers to narrow down the scope without compromising on the quality of the studies. For instance, in their review of the analytic hierarchy process (AHP), Ho and Ma (2018) included only A/A*-ranked journals from the ABDC list and only 3/4/4*-ranked journals from the ABS journal lists. This selection approach yielded a set of 161 articles in our sample. We further cross-checked these identified papers in the Web of Science database, which is considered a reliable source of high-quality journals (Govindan et al., 2015) . Removing papers not listed in this database reduced the total number of articles to 136. We now continue with bibliometric and network analyses, applying both inductive and deductive approaches (Fahimnia et al., 2015; Seuring & Müller, 2008) . We commence our categorization and review with a bibliometric analysis, which has as its objective the assessment of the research's impact. This has been a common approach in literature reviews (Pournader et al., 2020; Xu et al., 2020) to identify emerging areas. Citation counts, publication trends, authors' influence, and frequency of publications in top journals are frequently-used variables. The distribution of SCRA publications across years is shown in Fig. 2 . As can be seen, the number of publications increased steadily until 2016. A short decline between 2014 and 2018 is followed by a rise in publications again in 2019. With our search concluding in September 2020, the already high number of publications on the topic indicates increasing interest. Our review set contains 58 journals, with the top four journals capturing around 33% of the literature. These four journals are the International Journal of Production Research, the International of Production Economics, Journal of Cleaner Production, and the European Journal of Operational Research. Table 2 presents the publication frequencies across the 15 journals with the most papers in our sample. Table 3 offers some further insight by providing an overview of the literature based on the context in which SCRA was investigated. Some of the articles where the context was ambiguous or difficult to identify were excluded. As can be seen, the context involving a typical supplier-manufacturer-retailer environment is the most commonly investigated Network analysis aims to capture social network dynamics and relationships. Actors in the network are represented by nodes and their relationships as lines. The software package 'Gephi 0.9.2' was used to conduct the network analysis and its graphical visualization. The package uses a 3D render engine to display large real-time networks and presents dynamic visualizations (Bastian et al., 2009) . Since Gephi requires graph form datasets in the '.NET' format, we relied on 'BibExcel' to convert the literature data from the '.txt' format (extracted from Web of Science) to the required '.NET' format. This data contained information like authors, cited references, and keywords. Utilizing datasets from Web of Science is standard practice for network analysis (Fahimnia et al., 2015; Pournader et al., 2020; Xu et al., 2020) . In addition, we utilize 'VOSviewer' to visualize the networks. Citation analysis is one of many ways for measuring the significance of a publication. By capturing the frequency with which a publication is cited by other publications, a measure of 'popularity' can be generated (Ding & Cronin, 2011) . Out of the 136 articles identified, a total of 107 articles are connected to each other through 'undirected' citations, which means that they are either cited by, or have been cited, by the connected article. Figure 3 captures the derived citation network with the nodes representing the papers. The size of the node indicates the citation strength, while the lines connected to other publications indicate the undirected citations; Table 4 lists the most highly cited papers in the network. Papers in the network are evaluated based on their local citation score, which indicates how many times an article has been cited by other papers in the network. In contrast, the global citation scores indicate how many times the papers are cited in the Web of Science database. Brin and Page (1998) developed a measure to capture the equivalence of a webpage's 'importance' through the capturing of its citations. As such, while high citations may imply popularity, this measure does not provide any indication about the paper's importance. Such assessment can however be done via the PageRank measure, which is a standard practice in literature reviews (Fahimnia et al., 2015; Pournader et al., 2020; Xu et al., 2020) . The PageRank measure can be computed as follows: where A is the paper under consideration, cited by papers T 1 , T 2 ,…,T n that have citations C(T 1 ), C(T 2 ),…,C(T n ). The parameter d is a damping factor between 0 and 1, representing the fraction of random walks that continue to propagate along the citations (Brin & Page, 1998) . Brin and Page (1998) used d 0.85, assuming an individual surfer would randomly follow about six hyperlinks giving a leakage probability of 1/6 1 − d (for d 0.85) before beginning a new search. For citation networks, d 0.5 is considered appropriate, assuming an average path length of 2 (Fahimnia et al., 2015; Pournader et al., 2020) . The PageRank forms a probability distribution, thereby producing a score between 0 and 1. For a detailed overview of this metric, the interested reader is referred to Brin and Page (1998) . Our PageRank scores, which are obtained using Gephi, range between 0.004209 and 0.011594. Table 5 displays the top 10 papers based on their PageRank score. When comparing Tables 4 and 5 it becomes evident that citations alone cannot measure the importance of a paper, as there is no overlap in publications between the two tables. What may also explain this observation is that citations require time to accumulate, as indicated by the consistent earlier publication years of the papers presented in Table 4 . While citation analysis can identify the growth of an article's popularity over time (Pilkington & Meredith, 2009 ), it has also limitations. An alternative is co-citation analysis, which is a type of network analysis that captures the network's groups, their relationship, and their evolution over time (Pilkington & Meredith, 2009 ). Co-citation analysis is widely used in bibliometric literature analysis within the field of operations and supply chain management (Ben-Daya et al., 2019; Fahimnia et al., 2015; Pournader et al., 2020; Xu et al., 2020) . With co-citation analysis, any two references can be identified that are commonly cited together by another publication (Pilkington & Meredith, 2009) . A total of 49 out of the 5504 references in our paper set were co-cited more than 10 times by the publications in our sample. The low number is not surprising, since co-citation analysis, although useful, primarily focuses on influential literature beyond the selected sample. In addition, the approach disadvantages more recent publications, which is why we complemented this analysis with bibliographic coupling (Boyack & Klavans, 2010) . Bibliographic coupling considers the relatedness of two publications based on the number of references they share. A bibliographic coupling of our sample using Gephi identifies 123 nodes (publications) and 3180 edges (citations). Gephi, by default, randomly generates positions for the nodes in a cartesian coordinate system, with the nodes being of identical sizes. In doing so, we apply the Force Atlas algorithm, which is based on attraction and repulsive strength of the linked and non-linked nodes respectively (Bastian et al., 2009 ). The resulting visualization is shown in Fig. 4 . As can be seen, two outliers were identified- Bouwknegt et al. (2015) and Ortúzar et al. (2020) . Outliers are weakly connected nodes, suggesting dissimilar characteristics from the densely connected nodes, thereby not aiding in cluster identification. After removing these outliers, the Force Atlas algorithm was applied to generate the visualization in Fig. 5 . We further classified the literature via data clustering using the modularity function based on Blondel et al. (2008) in Gephi (cf. Fahimnia et al., 2015) , which yielded a total of six clusters (Fig. 6) . The bibliographic network's modularity index of our sample is 0.105 (modularity index values range between − 1 and + 1), indicating a moderate connection between the nodes. Three clusters (clusters 1-3) comprise 77% of our literature sample, which is why we focus in our discussion and interpretation on these three clusters. Papers in clusters 4-6 do not reveal any identifiable theme, but rather have characteristics similar to either clusters 1, Cluster 1 has an average PageRank score of 0.0090 and contains 40 publications. The use of MCDM techniques stands out in this cluster: out of the top 20 publications listed in Table 6 , 16 use MCDM techniques to assess supply chain risks. The techniques are either in the form of a combination of or integration with multiple MCDM techniques. Contextually, the cluster contains publications related to sustainability (Mangla et al., 2016 Rostamzadeh et al., 2018; Wu et al., 2017 Wu et al., , 2019 Yan et al., 2020; Zimmer et al., 2017) , most of them having appeared in the Journal of Cleaner Production. With sustainable SCRM being in an early phase, conceptual frameworks with strong methodological foundations are lacking, positioning this as an intriguing area to investigate further. Supply chains moving agricultural products and food also represent a large part of this cluster (Mohib & Deif, 2020; Wang, Li, et al., 2012; Yan et al., 2019; Zhao et al., 2020) . This carries promise, since food crises rank high in 'The Global Risk Report 2020' (World Economic Forum, 2020) on both impact and likelihood of occurrence. Risks inherent to food supply chains therefore represent a promising research domain going forward. Further themes of this cluster are approaches to reduce industry-specific risks. In addition, uncertainty plays a large role in this cluster, and hence the use of fuzzy logic is predominant. What is further striking is that most of the literature in this group considers risk hierarchies, which are however not reflective of a holistic approach to SCRM. A further pattern was the use of the two dimensions of impact and likelihood of occurrence, and the empirical model testing involving single case studies. The average PageRank score of cluster 2 is 0.0075, which is lower than the scores of clusters 1 and 3. Cluster 2 contains 37 articles, with relatively few papers including MCDM techniques. Only eight publications in the top 20 articles of cluster 2 deploy some form of MCDM technique (Atwater et al., 2014; Garvey et al., 2015; Kwak et al., 2018; Nooraie et al., 2020; Pournader et al., 2016; Talluri et al., 2013) . Publications in this cluster are characterized by risk assessments at the network level, rather than tier-level risks. As such, supply chains are studied on the general, rather than on an industry-specific or category level (Nooraie & Parast, 2015; Pournader et al., 2016; Sherwin et al., 2016) . The few industry-specific studies included are within the automobile and electronics supply chains. What is also striking is that low probability disruptive risks, like natural disasters, form a dominant theme in this group (Cantor et al., 2014; Dixit et al., 2020; Simchi-Levi et al., 2015) . Various approaches to deal with multiple aspects of supply chain risk are used, with methods applied including vignette-based field experiments (Cantor et al., 2014) , genetic algorithms (Nooraie et al., 2020) , and Branch and Reduce algorithms (Huang & Goetschalckx, 2014) . Further approaches include simulation and predictive modelling considering different scenarios and multiple objectives. Another feature of this group is that there are very few articles that assess risks based on impact and likelihood, contrary to the other clusters. However, this cluster acknowledges to a greater degree the effect of risk propagation in the network (Dixit et al., 2020; Garvey et al., 2015; . A further theme is risk assessment via supply chain network optimization. An interesting observation was also that a large proportion of this cluster's work was published in 2017 and prior. The average PageRank score of cluster 3 is 0.0093. The 28 articles in this cluster contain both MCDM techniques and more empirically-focused qualitative analyses of supply chain risks. Supply chain risks are studied in general as well as with a specific focus. Dominant industries in this cluster are the food, fashion and automobile industries (Diabat et al., 2012; Lockamy, 2014; Nakandala et al., 2017; . With most of the articles in this group having been published between 2010 and 2015, a further theme within this group is the application of cause-and-effect analysis to risks. Interpretive structural modelling (ISM) is commonly used (Diabat et al., 2012; Pfohl et al., 2011; Prakash et al., 2017; Venkatesh et al., 2015) , as are empirical analyses and matrix-based assessment tools. We also observe a diverse set of SCRA factors, including not only impact and likelihood, but also safety, dependence, quality and efficiency parameters on which risks are assessed. A further characteristic of this cluster was that articles studied risks associated with multiple modes of transportation (Vilko & Hallikas, 2012; Zhang et al., 2012) , and a major theme included the assessment of risks found in product-based supply chains. Thus, in most cases, risks were related to demand, processes, quality, logistics, new product development and procurement. These risks are not new, and hence the assessment of such risks was primarily done in the earlier years in our review timeframe. We now delve deeper into the various parameters on which risks are assessed. Risks come in various shapes and forms, and thus need to be assessed for instance based on their origin (e.g., whether they are supply-or demand-based) or their type (e.g., environmental, social, political). Clearly, there is no one-size-fits-all approach that would allow assessment to be conducted in a standard, optimal way due to the various dynamics and influences at play. For example, risks related to the food supply chain are different to those of the automotive supply chain, while risks in product-based industries are dissimilar to those in service-oriented industries. Based on our analysis on the prevalence of certain parameters in our sample paper set, we integrated common approaches into a framework presented in Fig. 8 and elaborate on each of them in the following. While risk probability and severity are key parameters, there are a multitude of other parameters that have been explored. One of these is the detectability of the risks. Wang, Li, et al. (2012) and Kumar et al. (2013) considered detectability as an important parameter when organizations consider business continuity as a strategy along with efficiency. Early detection of risks fosters faster reaction, and better preparedness from severe consequences. Another parameter is risk exposure, which captures how many risk events or potential sources of risks the focal organization or the supply chain is being exposed to, and to what extent. For example, Tabrizi and Razmi (2013) developed a mathematical model managing potential sources of risks the supply chain network is exposed to using fuzzy logic. Another parameter is a firm's strategy to avoid the effect of risks when they are exposed to them. For instance, Thun and Hoenig (2011) empirically analysed SCRM in the German automobile industry and categorized it into reactive and preventive approaches. This categorization stems from the fact that certain risks are avoidable while some are not. Analysing the extent to which risks can be avoided should help in resource allocation and efficiency. The above three parameters-detectability, risk exposure and avoidance-streamline the approach of risk assessment and further quantification of the Another parameter that offers value is the duration of the risk's impact as demonstrated by Simchi-Levi et al. (2015) and their engagement with Ford Motor Company. A final dimension of risk assessment identified in our review is the expected utility, which is usually measured in terms of costs and benefits (Mehrjoo & Pasek, 2016; Pournader et al., 2016; Xingli & Liao, 2020) . Detectability, which refers to the likelihood with which risks can be detected before they manifest, should not be confused with likelihood of occurrence, which indicates how probably a risk is to manifest (Giannakis & Papadopoulos, 2016) . It is frequently measured on a ratio scale and is an integral component of the Failure Mode and Effect Analysis (FMEA; Ghadge et al., 2017; Kara et al., 2020) . Risk exposure is often a combination of several risk-related indicators, reflecting an assessment of multiple entities at one point in time or the assessment of a single entity over a span of time. This assessment can then be captured in risk exposure indices (Kara et al., 2020; Ojha et al., 2018; Roehrich et al., 2014) . The use of such indices is practical as multiple factors can be incorporated, alleviating decision-makers to assess risks on a continuous basis. SCRA models have either a preventive or a reactive orientation . For the former, a crucial factor is how easily risks can be avoided. For instance, risks related to demand and supply can be avoided by developing capabilities, such as information sharing or the strategic selection of suppliers, locations, or customers. Risk avoidance as a strategy is however not always a viable option (Viswanadham & Samvedi, 2013) , which is where reactive approaches come into play that aim to reduce a risk's impact while it is manifesting. Both serve as important elements in the assessment of risks, and the degree to which risks can be avoided can be considered a means to capture the resulting level of risk exposure. Impact intensity captures the 'severity' associated with the risk and is the most common factor on which risks are assessed. However, the measurability of impact lacks a common standard, with most studies relying on experts' judgement to evaluate and understand risks (Ma & Wong, 2018; Samvedi et al., 2013) ; in many of these instances, risk is rated on Likert scales anchored at negligible/no-impact and catastrophic/crisis. Another practice of identifying impact or severity is to categorize levels of severity as done by Tummala and Schoenherr (2011) . In their illustrative assessment, severity is negligible if the service level is not affected due to sufficient safety stock, severity is marginal if service levels decrease with depleting stocks, severity is critical if the plant is shut down for a week, and severity is catastrophic if the plant is shut down for a month. Such pre-determined thresholds can serve as guidance to trigger certain actions once risks manifest. Supply chain risks can also be assessed based on the duration of a risk's impact, which cannot only include the actual time during which the risk manifests, but also include the recovery time. This is indeed a critical dimension, since supply delays tend to propagate through the supply chain, resulting organizations to lose significant market share long after the risk event has ended. Even for low-probability, high-impact events, the time-to-recovery and time-to-service are valuable parameters to assess risks (Simchi-Levi et al., 2014). Likelihood of occurrence is an important factor in SCRA since it assesses the probability of the risk manifesting. Likelihood of occurrence is often measured on a Likert scale using expert judgments (Aqlan & Lam, 2015; Tazelaar & Snijders, 2013) . The probability can also be obtained through simulation (Qazi et al., 2018) . Cost plays an important role in SCRA, since risks manifesting themselves generally result in higher costs, with risk avoidance and prevention mechanisms also being associated with costs (Nooraie & Parast, 2016) . Decision-makers are responsible to find the right balance between the cost associated with a disruption versus the costs incurred for mechanisms aimed at preventing or mitigating such a disruption. Cost (or the avoidance of costs by preventing a risk from happening) can be used as a motivation to analyse risks and work towards their prevention (Brun et al., 2006) . As a measure of efficiency, cost is an important factor and is widely used in supplier selection studies (Viswanadham & Samvedi, 2013) , both from the perspective of manufacturing (Xu et al., 2013) and procurement (Zhuo et al., 2018) . Utility theory motivates this factor, with the expected utility capturing the value obtained conditional on the risk's influence. While the risk level may be high, taking these risks may be associated with a potential higher return (as the saying goes-high risks, high rewards-which however also entails potential risk of failure). For example, investing in an innovative but uncertain technology may be risky, but if the venture is successful, it may yield significant returns. Decision-makers' behaviours play a significant role within this context (Qazi et al., 2018; Xu et al., 2013; Yan et al., 2019) . We now proceed with a review of the various SCRA techniques covered in our literature sample. Our analysis captured more than 100 techniques to assess supply chain risks, with a majority of them being quantitative. Table 7 presents some of the most frequently applied techniques in our sample, Fig. 9 captures them across the years, indicating a general increasing trend of MCDM techniques, and Table 8 presents their distribution across the eight journals with the highest frequencies. Some of the most commonly applied techniques are further assessed in the remainder of this section. Lofti A. Zadeh conceptualized fuzzy sets in 1965 (Zadeh, 1988) , with the notion that fuzzy logic is a matter of degree that can describe everything. It is a multi-valued logic that deals with imprecise reasoning. This thus seems to be a fitting application for assessing the impact or severity of supply chain risks due to the inherent subjectivity and unpredictability of the associated values. As Ma and Wong (2018) suggested, determining a precise value for these dimensions is both infeasible and impractical. The application of fuzzy sets has thus received significant attention by researchers when quantifying and assessing risks. In fact, risk is not the only parameter that is commonly captured by a fuzzy set. Some additional settings in which fuzzy sets were applied include performance (Rostamzadeh et al., 2018) , criteria weight determination , the influence on sustainability (Wu et al., 2017) , and risky events' likelihood of occurrence (Nakandala et al., 2017) . There are different ways to develop a fuzzy set. Normally, a three-set number is denoted as a fuzzy set. To illustrate, Pournader et al. (2016) developed a triangular fuzzy numbered set to identify the influence of risks as follows: "Extremely low" (1, 1, 3), "Low" (1, 3, 5), "Fair" (3, 5, 7), "High" (5, 7, 9), and "Extremely high" (7, 9, 9) . A four-number fuzzy set representing a trapezoidal fuzzy number is also commonly used. These fuzzy values are then de-fuzzified to obtain a single value. To develop a better understanding of fuzzy set theory's applications, we refer the interested reader to Zimmermann (1985) . Although fuzzy sets are helpful in quantifying uncertain, imprecise variables, they alone are not sufficient to assess risks. In the SCRA literature, fuzzy set theory is therefore used in combination with other methods. One of the most commonly MCDM techniques is the AHP. Saaty (2004) developed the AHP that consists of three main steps, i.e., hierarchy construction, priority analysis, and consistency verification. The hierarchy captures the goal, the criteria, and the alternatives. Once the hierarchy is constructed, the alternatives are compared against each other based on the criteria, with the weights then being developed through pairwise comparisons. The criteria are also compared against each other, and weights are developed in a similar fashion. A consistency ratio is calculated based on the pair-wise comparison, which provides a validity check for the results obtained. Illustrative studies include Viswanadham and Samvedi (2013) and Wang, Chan, et al. (2012) , who used performance attributes as criteria to identify risky suppliers, and Schaefer et al. (2019), who developed a ranking of water risks based on AHP. It is interesting to note that AHP has received various extensions in the SCRA literature. Consider for instance fuzzy AHP, Monte Carlo AHP, DEA-AHP, Grey-AHP, and Delphi AHP (Duleba et al., 2021; Mital et al., 2018; Rathore et al., 2017; Salehi Heidari et al., 2018; Samvedi et al., 2013; Viswanadham & Samvedi, 2013; Wang, Li, et al., 2012; Zimmer et al., 2017) . The interested reader aiming to find out more about the various integrated forms of AHP and its applications is referred to Ho (2008) and Ho and Ma (2018) . While AHP is a powerful decision-support tool, its limitations must be realized. To obtain realistic outcomes, an imprecise real-life understanding must first be transformed into a precise mathematical one-as such, it represents an approximation of reality. This requires expertise in understanding the concerned subject, which in our case is supply chain risk. Also, the criteria and alternatives along with their respective weights must be consistent to yield acceptable results. Another limitation is the non-consideration of feedback or interdependency between criteria and alternatives. If these limitations are however kept in mind, then AHP offers a formidable approach and process to facilitate decision-making. The Analytic Network Process (ANP), also attributed to Saaty (2004) , is an adaptation of the general AHP structure and considers feedback or dependency of the alternatives and criteria, the absence of which we noted as a major limitation of AHP. As the choice of alternatives is determined by the presence of criteria, the alternatives also affect the decision-makers criteria evaluation. The SCRA literature using MCDM techniques considers risks as criteria as well as alternatives. In the former, alternatives are the solutions for different risk criteria, whereas in the latter, risks are evaluated based on different parameters as criteria. In both cases there is a dependency between alternatives and criteria. ANP is thus well suited for SCRA. For example, Chand et al. (2017) considered four risk types as criteria and four supply chain types as solutions, capturing green supply chains, agile supply chains, lean supply chains and reverse supply chains. The risks are dependent on the supply chain type an organization is adopting, a scenario that can effectively leverage ANP to assess the risks. Similarly, Martino et al. (2017) developed risk ranks in the retail fashion industry based on multiple supply chain objectives. Although the use of ANP solves the feedback or dependency of criteria and alternatives, risks in supply chains form complex networks where risks percolate from one level to another. ANP does not consider such flow or cause-and-effect analysis of risks, illustrating that all approaches have some drawbacks that need to be considered. A Bayesian model is an acyclic graphical depiction of uncertain events (Heckerman et al., 1995) . Specifically, in a Bayesian network, an event is represented by a child node that is triggered by another event representing a parent node. All nodes have associated probabilities, with the Bayes Rule of conditional probability indicating the child node's occurrence. With a disruption being triggered by previous events, Bayesian networks can utilize either deterministic or probabilistic data. What makes them especially amenable to the area of SCRA is that risk assessment can be done using either historical data or expert judgment. For example, Lawrence et al. (2020) developed a Bayesian Network to analyse supplier disruption following extreme weather risks. Similarly, Kumar Sharma and Sharma (2015) proposed a model to predict disruption risks in a supply chain, and Zheng and Zhang (2020) developed a Bayesian Network model to assess supply chain risk parameters. The latter paper concludes that the probability of a risk occurring becomes stable after a certain time. Further, Garvey et al. (2015) studied disruption effects on multiple firms in a supply chain and suggested that a Bayesian Network is an appropriate tool to measure risk propagation through a supply chain. It should also be noted that Bayesian Network models are highly useful when the assessment criteria are primarily based on the likelihood of events. Interested readers are advised to consult Heckerman et al. (1995) for a thorough introduction to Bayesian Networks and their applications. FMEA is a popular approach to analyse risks (Schneider, 1996) . Traditional FMEA is based on three criteria: the likelihood of occurrence, the impact of the risk, and its detectability. Events are rated based on these three criteria, which are multiplied to form a Risk Priority Number (RPN). This facilitates decisions on which risk to focus on first-namely that with the highest RPN. While the technique is widely used in project management (Carbone & Tippett, 2004) , it is also frequently applied in the SCRA literature (Chen & Wu, 2013; Kumar et al., 2013) . It is easy to apply, but generally has to be integrated with other techniques, like Fuzzy sets or Grey theory, to capture the inherent uncertainty. A further limitation is that the interdependencies of the events are not accounted for. Julong Deng proposed the grey theory concept in 1982 by combining principles of system theory, space theory, and control theory. The approach provides a measure to analyse relationships between discrete quantitative and qualitative series that are independent by nature (Chang et al., 1999) . Grey theory has the advantage to be able to deal with partial information and uncertainty when multi-attribute decision-making problems arise (Chang et al., 1999; Rahimnia et al., 2011) . It has thus been widely accepted in the SCRA literature (Ali et al., 2019; Rao et al., 2017) , as having only partial information is inherent to risks. Conditional Value at Risk (CVaR) is a measure that is helpful when dealing with lowprobability, high-impact risks (Dixit et al., 2020) . The concept of CVaR is borrowed from the finance literature (Rockafellar & Uryasev, 2002) where an expected loss is estimated for a given event. The amount of losses is the financial risk determined through a statistical measure called Value-at-Risk. If the probability distribution of the losses due to risky events are known, the losses at the tail can be identified though VaR, and the events causing these losses can be highlighted (Mehrjoo & Pasek, 2016) . This concept is frequently applied in the SCRA literature, especially when considering risks with low probabilities (Mehrjoo & Pasek, 2016; Xu et al., 2013; Yan et al., 2019) . When assessing supply chain risks it is difficult to determine their interdependencies, which is however important as risks can influence each other, yielding complex network structures. ISM is used to identify those complex structures (Kwak et al., 2018) . For instance, Prakash et al. (2017) and Diabat et al. (2012) used ISM to identify risks in the food supply chain, while Venkatesh et al. (2015) used ISM to identify risks in the fashion supply chain. Specifically, Diabat et al. (2012) categorized forecasting-based risk in the top of the hierarchy, and Venkatesh et al. (2015) integrated fuzzy logic to deal with uncertainty in experts' decisionmaking. The study recognized globalization, behavioural aspects of employees, and safety and security as risks that have highest dependencies. Further, Kwak et al. (2018) developed an empirical model to identify risks and determine how certain risks in supply chains cause other risks. The study found that conflicts between trade partners, dependency upon logistics service providers, failure in logistics control, and failure in information exchange play pivotal roles in propagating risks in the supply chain. These risks are low in probability of occurrence but severe in their impact. In a further study, Prakash et al. (2017) used ISM to evaluated risks in a perishable food supply chain providing a hierarchy of risks. The ISM technique is often followed by Matrice d'Impacts Croisés-Multiplication Appliquée à un Classement (MICMAC) analysis, an approach that allows the categorization of risks based on dependence and driving power. The categorization identifies for instance natural disasters and terrorist attacks as high-level risks that are beyond the control of the organization. In this vein, Pfohl et al. (2011) confirmed natural disasters and terrorist attacks as risks having high driving power. In contrast, lowerlevel risks can be in the form of supplier capabilities, transportation issues, forecast errors, and point-of-sales data errors. The study further integrated both the RPN and the Risk Mitigation Number (RMN), with the RMN representing the products of the RPNs and the Risk Mitigation Indices (RMIs) of all risks-the RMI captures feasible mitigation strategies, with its value ranging from 1 to 0 (and 1 representing an effective risk mitigation strategy). Overall, we note that ISM is widely used as an exploratory research approach, necessitating the validation of the model via Structural Equation Modelling. The Delphi technique was originally developed by Dalkey and Helmer to forecast future events (Murry & Hammons, 1995) . However, it has seen wide application in qualitative research in areas such as problem solving and decision-making. The strength of the method lies in its assumptions that group decisions are better than decisions made by a single person. To avoid confrontations possible in face-to-face meetings, it employs anonymous, controlled feedback procedures from experts whose responses are validated statistically. The minimum number of experts acceptable for this technique varies. Amongst our literature sample reviewed, Moktadir et al. (2018) considered ten experts, Markmann et al. (2013) included 80 experts, Vilko and Hallikas (2012) had 22 experts, and Kwak et al. (2018) solicited input from 36 experts. It should be noted that as a decision-making tool, the Delphi method is restricted to the initial identification of risks. It can however be easily integrated with other techniques, like AHP, FMEA, ISM, and DEMATEL, for further assessment and analysis. The Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is a MCDM technique for a finite set of alternatives (Lai et al., 1994; Yoon & Hwang, 1995) . It defines both a positive ideal solution and a negative ideal solution from the list of alternatives, and then compares the distance of the alternatives to them. The alternative that is the closest to the positive ideal solution and the farthest from the negative ideal solution is considered the best solution. The technique is highly suitable for SCRA decision-making as it is easy to implement. For example, Abdel-Basset and Mohamed (2020) considered six risk areas with 33 underlying risks as sub-criteria, to identify the best telecommunication equipment segment in a Chinese telecommunication company for sustainable SCRM. Rostamzadeh et al. (2018) developed 7 sustainable risks as criteria, with 44 underlying risks as sub-criteria to evaluate the best petrochemical complex location in Iran. Common risks considered in both studies are financial, organizational, supply-related, environmental and information-technology related risks. It should also be noted that the Criteria Importance Through Inter-criteria Correlation (CRITIC) method can be integrated to determine the objective weights of the criteria (i.e., the risks). Fuzzy sets are also used to extract the uncertainty of the decision-makers' choice. For instance, Rathore et al. (2017) used TOPSIS to rank the risks in a food supply chain based on criteria like impact, probability, risk type, cost, and duration, with Fuzzy AHP then being used to allocate criteria weights. A very similar technique was adopted by Samvedi et al. (2013) and Viswanadham and Samvedi (2013) for a holistic view on SCRM and supplier selection, respectively. The use of TOPSIS has not been that prevalent in the literature and requires integration with other techniques to yield substantial conclusions. Decision-making and trial evaluation laboratory (DEMATEL) was developed by the Geneva Research Centre of the Battelle Memorial Institute (Gabus & Fontela, 1972) . It is a method of structural modelling that aims to identify the strength of relationships between system elements, which is thus a formidable approach when it comes to supply chain risks, as they are interconnected and interdependent. There are obvious advantages associated with considering the independencies of risks rather than assessing them in isolation. The approach was applied for instance by Ali et al. (2019) , who used it to investigate the cause-and-effect relations among supply chain risks. The study identified food supply chain risks related to a lack of skilled personnel, man-made disruptions, IT system failures, legal and regulatory risks, and capacity to be in the 'cause' group, while risks related to poor customer relationships, poor-quality products, supplier bankruptcy, change in customer taste, and poor leaderships are in the 'effect' group. A similar study was conducted by Song et al. (2017) , who identified the relationship strength between risks in a sustainable supply chain, categorizing them into cause and effect groups. also modelled enablers of supply chain risk mitigation using DEMATEL. An approach that is commonly integrated with DEMATEL is Grey theory, leading to the development of Grey-DEMATEL. Grey theory, as discussed above, can deal with imperfect information. Therefore, such combination of approaches ensures a better ability to identify structural dependencies between supply chain risks. Mean-Variance analysis in SCRA is derived from portfolio risk management theory in finance, developed by Nobel Laureate Harry Markowitz. The idea behind the theory is to obtain an expected value of the payoff given by the mean, and an expected variation of the payoff given by the variance. Tsan-Ming Choi is a prominent author who has worked extensively using this method (Choi et al., 2008a (Choi et al., , 2008b (Choi et al., , 2019 . For instance, Choi et al. (2019) explained that the Mean-Variance method can be applied as an analytical measure for risk aversion, can be included in an optimization objective, and as a performance measure to capture the risk of operations. When assessing supply chain risk, there are two approaches with which this can be done. The first one is to maximise the expected profit and subjecting the variance to some constraints, with the second one minimising the risk and subjecting the expected profit and other variables to some constraints. Unlike the previous techniques that considered certain criteria to assess risks, or use risk as a criterion to assess alternatives, mean-variance models in SCRA take into consideration the attitude of the decision-maker, which can be categorized into being risk-averse, risk-neutral or risk-seeking. As such, model assumptions change based on the decision makers. It is also important to note that in most studies using the Mean-Variance approach, risk is primarily captured in the form of financial losses to stakeholders. For example, Zhuo et al. (2018) analysed an option contract in a decentralized supply chain considering a retailer and a supplier. Chen et al. (2014) studied the risk sharing behaviour when Radio Frequency Identification (RFID) technology is used to reduce misplaced inventory, and Choi et al. (2019) analysed the supply chain risk with air logistics considering the application of blockchain technology. What makes the Mean-Variance approach so powerful in supply chain risk analysis is that the attitude of the decision-maker is considered. The Mean-Variance method can be applied as an analytical measure within the context of risk aversion, but can also be integrated in the optimization objective or as a performance measure to capture the risk of profit or loss. For a more detailed background and technical aspects of the Mean-Variance approach, the interested reader is referred to Chiu and Choi (2016) . Fault Tree Analysis (FTA) is another tool that uses logic diagrams from a directed graph of the system's model being analysed and describes relationships between variables and events in the system. It was developed by Bell Telephone Laboratories in 1961. Our review of SCRA literature detected several studies deploying this technique. For example, Sherwin et al. (2016) formulated a fault-tree to assess supply chain disruption risk caused by the delay in delivery. Lei and MacKenzie (2019) studied risks in different types of supply chains using FTA. The types are categorized based on competition and cooperation between material suppliers. The use of Boolean Logic gates like AND, OR etc., makes the formulation of the system easy to comprehend. It must be noted though that FTA does not capture the causes of failures. However, FTA can be integrated with other techniques to consider a comparison of different risks or risky events in a system. In this vein, Mangla et al. (2016) for example developed a logic diagram of risks in sustainable supply chains using FTA and integrated it with fuzzy sets and AHP to rank them. The application of FTA is limited in SCRA as the logic diagram is based on some form of causality, which the method does not establish. Our bibliometric and network analysis of the literature helped in disintegrating themes and uncovering layers of supply chain risks, and-combined with a critical analysis of decisionmaking techniques-helped us in identifying dominant characteristics of SCRA. These include uncertainty, hierarchy, propagation, expected impact and cause-effect relationships. SCRA literature is largely framed by these five aspects, with various decision-making techniques being incorporated and modified to analyse one or more of these aspects (Table 9 ). This section focuses on these SCRA characteristics and suggests promising analysis techniques for their investigation. The term uncertainty is used in a variety of contexts among our sample. In fact, it is one of the most frequently used keywords in the SCR literature. Other terms closely associated with uncertainty are volatility, instability, and lack of clarity. The probabilistic nature of future events is one of the major contexts in which uncertainty is studied. Unpredictable customer demands and unreliable supply reflect uncertainty. There are however also other variables leading to uncertainty, including material prices, capacity availability, lack of information, and political instability. All of these can lead to decision-making under uncertainty. Two of the most commonly used techniques to address this context are Fuzzy Logic and Grey Theory. Most SCRA studies involve decisions made by experts, reflecting the fact that most decisions cannot be reduced to a deterministic value. As such, experts may be able to most accurately capture the attributes associated with risks, but when studied in diverse contexts, converting these into measurable values can contain imprecision, uncertainty, or vagueness. Nevertheless, reflecting on the risk is valuable as it allows to uncover underlying phenomena. The uncertainty that is still inherent is captured by using Fuzzy Set and Grey Theory. Grey Theory closely resembles Fuzzy Logic, with the difference being in their properties. Grey Theory generally has an upper and a lower limit for the imprecise value, covering the range of imprecision. In contrast, fuzzy sets define a membership function, thus accounting for the imprecision. Both theories have their own technique of converting the imprecise value to a precise (crisp) value. The evaluation procedure steps for grey relations are less than those for fuzzy logic (Hsu & Wen, 2000) . However, there are no significant advantages of one technique over the other. One of the outcomes of risk assessment is the generation of risk priorities in a supply chain. These priorities are not easy to identify until the right criteria are defined. The criteria on which risks are evaluated can be hierarchical, with such hierarchy generally identified by experts. Popular tools in this regard include the AHP and the ANP. AHP and ANP are two frequently used MCDM techniques for SCRA. The use of both implies a priori knowledge of all elements (goal, criteria and alternatives). Since it is commonly accepted that supply chain risks are interconnected, it would be naïve to develop assessments models without an understanding of risk interactions. Nevertheless, both AHP and ANP are great approaches to prioritize resources and develop capabilities. Supply chains function in a highly interdependent network of organizations, rendering the effect of any event or activity difficult to be analysed in isolation. Risks also do not happen in isolation, but are rather interactive (Qazi et al., 2018) and propagate in a complex network (Mizgier, 2017) . The Global Risk Report (World Economic Forum, 2020) presents a diagrammatic network of how experts believe risks are interconnected. However, the network is developed by identifying pairs of interconnected risks, and a higher level of sophistication is required to understand the propagation of risk effects in a complex supply chain network. A simple hierarchical network developed through AHP and ANP is insufficient, which is why studies have used Bayesian Belief Networks and FTA to understand risk propagation. Assessment studies relating to a network of events focus on their conditional occurrence probabilities. As such, Bayesian Network Analysis and FTA are good techniques to assess the dependency of supply chain events. Flows are a fundamental part of supply chain networks, captured for instance by the flow of materials, the flow of information, or the flow of money. In this vein, Sherwin et al. (2016) noted the risks of delay in material flow using FTA. In most cases, FTAs are static and assume independent probabilities. Lei and MacKenzie (2019) developed a dynamic fault-tree where these assumptions are removed to reflect a realistic network. The ease of developing a fault-tree is a great advantage for decision-makers, as the relationships are represented though Boolean Logic. However, the ease comes with a costly assumption of statistical independence of underlying events. Bayesian Networks somewhat alleviate this issue (Garvey et al., 2015; Lawrence et al., 2020; Lockamy, 2014; Qazi et al., 2018; Sharma & Routroy, 2016; Zheng & Zhang, 2020) . Two advantages in particular need to be noted. First, expert opinions can be integrated when a risky event cannot solely be treated based on historical events. And second, conditionalities of risky events on other events can be incorporated. This is highlighted by 'The Global Risk Report (World Economic Forum, 2020), which captures how experts around the globe think about one global risk triggering another. An alternate technique similar to Bayesian Networks is the use of Artificial Neural Networks, which however require extensive data sets, thus making predictive models for low-probability, high-impact risks difficult. A consideration of SCRA is incomplete without analysing the impact the risk under study can have. MCDM techniques like AHP, TOPSIS and ANP are capable to rank and categorize risks based on their impact, but techniques like CVaR and Mean-Variance are better in their quantitative assessment of the expected risk outcome. In the above discussion we identified studies using techniques revolving around the probability of occurrence and the severity of impact, often quantified in terms of financial losses. As such, tools from finance were relied on to advance the SCRM field, which led to the development of the Mean-Variance approach and CVaR. While the application of CVaR has shown more predominance in the literature of SCRA than Mean-Variance, both approaches hold great promise for SCRA. In our view, the SCRA literature has not applied cause-and-effect analysis to its fullest potential. This can be explained by the fact that developing a causal, generalized structural network is difficult, and often does not make sense as the uncertainty aspect of risks poses different challenges across industries. Narrowing it down to specific industry or case-based approaches helps identify certain cause-based and effect-based events separately. ISM and DEMATEL are two techniques frequently used in SCRA in this regard. SCRA includes the identification of structural interrelationships between elements in a supply chain. This involves the dependencies, interactions, and strengths of the elements. Both ISM and DEMATEL are unique in their way while at the same time having some similarities. As such, both involve expert judgements to compare a pair of elements, and both involve developing a diagraph representing the sequence of elements, with most of the elements being in the form of risks (Diabat et al., 2012; Kwak et al., 2018; Prakash et al., 2017; Song et al., 2017; Venkatesh et al., 2015) . The use of ISM provides a hierarchy of risks that cannot be obtained in DEMATEL, which however is able to obtain relative interaction strengths between the risks. Nevertheless, both methods come with limitations, including the bias that may be inherent in the experts' decision-making, and the lack of a relative importance weight for the variables. While the first limitation can be overcome by using Structural Equation Modelling, the second limitation can be overcome by integrating the approaches with other techniques like AHP or ANP. Future research opportunities in SCRA are abundant. While earlier work has developed ways to identify and classify risks, the assessment aspect has received lesser attention in review studies. We addressed this shortcoming in this review, which we believe was critical as risks can be multifarious and guidance was needed on appropriate assessment approaches. The multitude of contexts was also illustrated in Table 3 . We observed a shift in studies starting in 2015 to focus more on risks related to a specific industry rather than the supply chain in general. Furthermore, it is also observable that service industries, like healthcare, tourism, and retailing, do not have adequate representation from a supply chain context perspective. In this vein, Ho et al. (2015) conceded that service supply chain risks are largely unexplored in SCRM literature, and our review suggests that not much has changed since then. As such, service supply chains consider risks primarily as a deviation in service levels, in addition to risky behaviours of both buyers and suppliers (Wang et al., 2015) ; however, what has received very limited attention is the identification of a broader set of risks and their assessment. We identified sustainability-related supply chain risks and operational risks as two clusters in the SCRA literature. The former is an emerging area while the latter is a perennial topic that however is in needs of constant revision and updating. Sustainability-related risks associated with the social dimension have a wider scope due to their rise in awareness. For example, Ahmadi et al. (2017) highlighted social sustainable criteria that affect supply chains, stressing the importance of contractual stakeholders' influence, work health and safety, and training and community influence. Assessment approaches towards social risks in the supply chain may require additional parameters than already discussed. For example, risks posed by involuntary mass migration of workers, social instability, inter-state conflict, and infectious diseases, are characteristically unique and so are their repercussions in the supply chain. Further research exploring these risks will be an intriguing area of research. Certain environmental risks are also yet to be addressed within the purview of the supply chain, such as biodiversity loss and climate action failure. For example, Levner and Ptuskin (2018) addressed the adverse ecological effects due to supply chain activities, conceptualizing the ripple effect and utilizing entropy theory. Alternatively, environmental issues can also be a source of supply chain risks. We recommend future researchers to delve into these domains. The network perspective, discussed in the second cluster, has also been getting particular attention in the recent past. Multiple objectives, along with the propagation of risks, increase the difficulty to model uncertainty and its effects. Bayesian Belief Networks can be useful in this regard as they are able to capture these complexities. The use of Network Theory, which is commonly used in the analysis of supply network idiosyncrasies, can also be integrated with the above discussed techniques. Furthermore, the techniques discussed have an abundant scope of further development through their integration. While we have highlighted the rising trend in the application of MCDM techniques within the SCRA literature, we encourage researchers to explore the integration of inter-disciplinary tools and decision-making techniques to capture real-life contexts with limited assumptions. The use of CVaR, a financial concept, as a measure of resilience integrated with network modelling techniques (Dixit et al., 2020) is one such example. Our analysis and discussion should guide researchers to map their objectives with such techniques. In this vein, we also highlight a limitation of the articles we reviewed, i.e., their lack of application of the models in real life cases. The application of models in real life cases should be encouraged, enabling practitioners to easily incorporate and validate them. We reviewed 136 articles from top international journals from 2010 to 2020 in the specific area of SCRA, focusing on the decision-making techniques applied. With our review, we make several contributions to the field of SCRM. First, we provide more specificity for the area of SCRA. To the best of our knowledge, while SCRA is of critical importance, there exists no comprehensive and focused review in this domain. Through both a bibliometric and a network analysis, we demonstrated the influence of certain SCRA aspects. As such, our analysis and interpretation now provide a clearer and more holistic understanding of the subject, highlighting the major themes in SCRA. This overview is thus invaluable for researchers in designing impactful studies on SCRA by considering the assumptions and variables outlined in this review paper. Second, we highlighted eight important parameters to be considered when assessing risks in supply chains: avoidance, cost, impact intensity, impact time, detectability, likelihood, risk exposure and expected utility. Risk assessment based on these factors covers almost all risk aspects and should aid researchers and practitioners in the risk management process. Third, a critical evaluation of the decision-making techniques used in the SCRA literature and their characteristics was provided, offering researchers a clear and concise understanding of technique application areas. With the help of this review, researchers can easily narrow down their research area and the most appropriate technique to study SCRA. Finally, the five SCRA aspects identified provide crucial guidance for researchers, since the decision-making techniques and methods all have limitations, and thus their use must be carefully weighted. To overcome this shortcoming, an integration of multiple techniques is an accepted practice. Robust decision-making techniques can be developed to incorporate all five aspects. However, the more approaches that are integrated, the greater the ensuing complexity, which may prevent practitioners from adopting the approach. Through this study we uncovered many promising research directions. Specifically, we found that risk assessment related to sustainability is underrepresented in mainstream operations and supply chain literature. Especially the social and environmental aspects are under-researched. Yet, the importance of these risks is clear, as demonstrated in the 'The Global Risk Report' (World Economic Forum, 2020). As such, climate risks are widely regarded as the risks that can have high impact. Researchers may thus find it compelling to assess climate risks for the supply chain of a specific industry. Research on mitigation models can be a successive step for the achievement of this objective. In addition, our review did not lead to the identification of many health-related risks, representing a pressing research opportunity for our discipline, as illustrated by the havoc that COVID-19 has wreaked on global supply chains. While we believe this review to be providing an invaluable foundation for scholars to get a "head-start" in the SCRA literature, enabling them to jump-start their SCRA research agenda, we acknowledge its limitations. As such, while our selection procedure for narrowing down the articles helped us to derive a focused set of papers within the domain of SCRA, other relevant works may have been missed, such as conference papers, theses, dissertations, and books. Also, with the review being targeted to the academic community, we did not review practitioner journals. Nevertheless, we believe that our exposition of the variety of techniques and their application can be invaluable for practitioners as well. Another angle that the review took was its focus on decision-making techniques. While this provides a unique perspective, it is also limited in that other angles were not considered. We however hope that the review provided offers motivation and inspiration for scholars to delve deeper into the fascinating domain of SCRA, interest in which is expected to increase as triggered by the pandemic. The authors declare that they have no conflict of interest. A novel plithogenic TOPSIS-CRITIC model for sustainable supply chain risk management Assessing the social sustainability of supply chains using Best Worst Method. Resources, Conservation and Recycling Framework for evaluating risks in food supply chain: Implications in food wastage reduction A fuzzy-based integrated framework for supply chain risk assessment Coordination in supply chains with uncertain demand and disruption risks: Existence, analysis, and insights Measuring supply chain risk: Predicting motor carriers' ability to withstand disruptive environmental change using conjoint analysis Gephi: An open source software for exploring and manipulating networks visualization and exploration of large graphs Agribusiness supply chain risk management: A review of quantitative decision models Internet of things and supply chain management: A literature review Optimization, risk assessment and resilience in LNG transportation systems Fast unfolding of communities in large networks Quantitative farm-to-fork risk assessment model for norovirus and hepatitis A virus in European leafy green vegetable and berry fruit supply chains Co-citation analysis, bibliographic coupling, and direct citation: Which citation approach represents the research front most accurately The anatomy of a large-scale hypertextual web search engine. Computer Networks and ISDN Systems Value and risk assessment of supply chain management improvement projects An integrated approach to supply chain risk analysis Enhancing EPC supply chain competitiveness through procurement risk management The clock is ticking: The role of uncertainty, regulatory focus, and level of risk on supply chain disruption decision making behavior Project risk management using the project risk FMEA Select the best supply chain by risk analysis for Indian industries environment using MCDM approaches Failure mode and effects analysis using fuzzy method and grey theory Improving social sustainability and reducing supply chain risks through blockchain implementation: Role of outcome and behavioural mechanisms An assessment of the impact of disaster risks on dairy supply chain performance in Zimbabwe Supply chain risk assessment during new product development: A group decision making approach using numeric and linguistic data A modified failure mode and effects analysis method for supplier selection problems in the supply chain risk environment: A case study Mean-risk analysis of radio frequency identification technology in supply chain with inventory misplacement: Risk-sharing and coordination Internal liquidity risk, financial bullwhip effects, and corporate bond yield spreads: Supply chain perspectives Supply chain risk analysis with mean-variance models: A technical review Mean-variance analysis of a single supplier and retailer supply chain under a returns policy Channel coordination in supply chains with agents having mean-variance objectives Emerging production optimization issues in supply chain systems The mean-variance approach for global supply chain risk analysis with air logistics in the blockchain technology era Raw material criticality assessment as a complement to environmental life cycle assessment: Examining methods for product-level supply risk assessment Supply chain risk management and its mitigation in a food industry Popular and/or prestigious? Measures of scholarly esteem. Information Processing and Management Assessment of pre and post-disaster supply chain resilience based on network structural parameters with CVaR as a risk measure An orders-of-magnitude AHP supply chain risk assessment framework Estimating vulnerability to risks: An application in a biofuel supply chain. Clean Technologies and Environmental Policy Understanding risk management for intentional supply chain disruptions: Risk detection, risk mitigation, and risk recovery Creating a common priority vector in intuitionistic fuzzy AHP: A comparison of entropy-based and distance-based models Supply chain risk analysis and assessment: Cargo Theft A combined approach for supply chain risk management: Description and application to a real hospital pharmaceutical case study Toward robust concurrent product development across the supply chain: A risk assessment framework Quantitative models for managing supply chain risks: A review World problems, an invitation to further thought within the framework of DEMATEL An analytical framework for supply network risk propagation: A Bayesian network approach Identifying strategies to mitigate handling risks in the Canadian grain supply chain A systems approach for modelling supply chain risks. Supply Chain Management Supply chain risk assessment approach for process quality risks Social media and sensemaking patterns in new product development: Demystifying the customer sentiment Supply chain sustainability: A risk management approach Reverse logistics and closed-loop supply chain: A comprehensive review to explore the future Setting a baseline for Integrated Landscape Design: Cost and risk assessment in herbaceous feedstock supply chains Risk assessment of the life-cycle of the used cooking oil-to-biodiesel supply chain Learning Bayesian networks: The combination of knowledge and statistical data A critical review on supply chain risk-Definition, measure and modeling Extending the geopolitical supply risk indicator: Application of life cycle sustainability assessment to the petrochemical supply chain of polyacrylonitrile-based carbon fibers Risk management methodology in the supply chain: A case study applied Integrated analytic hierarchy process and its applications-A literature review The state-of-the-art integrations and applications of the analytic hierarchy process Supply chain risk management: A literature review Manufacturer's return policy in a two-stage supply chain with two risk-averse retailers and random demand Application of Grey theory and multiobjective programming towards airline network design Strategic robust supply chain design based on the Pareto-optimal tradeoff between efficiency and risk Risk uncertainty and supply chain decisions: A real options perspective Predicting the impacts of epidemic outbreaks on global supply chains: A simulation-based analysis on the coronavirus outbreak (COVID-19/SARS-CoV-2) case Literature review on disruption recovery in the supply chain* Supply chain risk assessment and control of port enterprises: Qingdao port as case study Business lawyers are in a unique position to help their clients identify supply-chain risks involving labor trafficking and child labor A data mining-based framework for supply chain risk management Supply chain disruptions and resilience: A major review and future research agenda Supply network disruption and resilience: A network structural perspective Managing disruption risks in supply chains. Production and Operations Management Scenario-based Supply Chain Network risk modeling A company-oriented model for the assessment of raw material supply risks, environmental impact and social implications Developing a Bayesian network model for supply chain risk assessment. Supply Chain Forum Managing recalls in a consumer product supply chain-Root cause analysis and measures to mitigate risks Risk assessment and operational approaches to manage risk in global supply chains Risk interaction identification in international supply chain logistics: Developing a holistic model TOPSIS for MODM Supply chain risk management in French companies Leveraging a Bayesian network approach to model and analyze supplier vulnerability to severe weather risk: A case study of the U.S. pharmaceutical supply chain following Hurricane Maria Assessing risk in different types of supply chains with a dynamic fault tree Entropy-based model for the ripple effect: Managing environmental risks in supply chains Research on hotel supply chain risk assessment with dual generalized triangular fuzzy Bonferroni mean operators Supply chain coordination with risk-averse retailer and option contract: Supplier-led vs Retailer-led Assessing disaster risks in supply chains. Industrial Management and Data Systems A fuzzy-based House of Risk assessment method for manufacturers in global supply chains. Industrial Management and Data Systems An integrated methodology of FTA and fuzzy AHP for risk assessment in green supply chain Benchmarking the risk assessment in green supply chain using fuzzy approach to FMEA: Insights from an Indian case study A Delphi-based risk analysis-Identifying and assessing future challenges for supply chain security in a multi-stakeholder environment Supply chain risk assessment in the fashion retail industry: An analytic network process approach Analyzing the impact of intermodal-related risk to the design and management of biofuel supply chain COVID-19: Implications for business Why now is the time to stress-test your industrial supply chain Supply chain risk management is back Risk assessment for the supply chain of fast fashion apparel industry: A system dynamics framework An extended generalized TODIM method for risk assessment of supply chain in social commerce under interval type-2 fuzzy environment Measuring the supply chain risk in offshoring countries using data envelopment analysis and the analytic hierarchy process COVID-19, Black Swan events and the future of disaster risk management in India Comparing supply chain risks for multiple product categories with cognitive mapping and Analytic Hierarchy Process Global sensitivity analysis and aggregation of risk in multi-product supply chain networks Supply chain multi-state risk assessment using universal generating function. Production Planning and Control Decision modeling of risks in pharmaceutical supply chains. Industrial Management and Data Systems Delphi: A versatile methodology for conducting qualitative research. The Review of Higher Education Development of a hybrid fresh food supply chain risk assessment model A multi-objective approach to supply chain risk management: Integrating visibility with supply and demand risk Mitigating supply chain disruptions through the assessment of tradeoffs among risks, costs and investments in capabilities A multiobjective model for risk mitigating in supply chain design Bayesian network modelling for supply chain risk propagation Risk management models for supply chain: A scenario analysis of outsourcing to China Quantitative assessment of microbial quality and safety risk: A preliminary case study of strengthening raspberry supply system in Chile A three-level supply chain network design model with risk-pooling and lead times Post-seismic supply chain risk management: A system dynamics disruption analysis approach for inventory and logistics planning Systematic reviews in the social sciences: A practical guide Ensuring supply chain resilience: Development of a conceptual framework Interpretive structural modeling of supply chain risks The evolution of the intellectual structure of operations management-1980-2006: A citation/co-citation analysis Understanding the concept of supply chain resilience A review of the existing and emerging topics in the supply chain risk management literature An analytical model for systemwide and tier-specific assessment of resilience to supply chain risks Risk analysis and mitigation for perishable food supply chain: A case of dairy industry Supply chain risk network management: A Bayesian belief network and expected utility based approach for managing supply chain risks Proximal point algorithms for convex multi-criteria optimization with applications to supply chain risk management Application of grey theory approach to evaluation of organizational vision Decision-making models for supply chain risk mitigation: A review Modeling enablers of supply chain risk mitigation in electronic supply chains: A Grey-DEMATEL approach Selection of risk mitigation strategy in electronic supply chains using grey theory and digraph-matrix approaches Supply chain risk classification: Discussion and proposal Compound mechanism design of supplier selection based on multi-attribute auction and risk management of supply chain A quantitative risk assessment methodology and evaluation of food supply chain A framework of the risk assessment for the supply chain of hazardous materials Conditional value-at-risk for general loss distributions Reputational risks and sustainable supply chain management: Decision making under bounded rationality Evaluation of sustainable supply chain risk management using an integrated fuzzy TOPSIS-CRITIC approach Analysis of SCOR's approach to supply chain risk management Decision making-The analytic hierarchy and network processes (AHP/ANP) Flexibility assessment and risk management in supply chains A model for supply chain risk management in the automotive industry using fuzzy analytic hierarchy process and fuzzy TOPSIS Quantifying risks in a supply chain through integration of fuzzy AHP and fuzzy TOPSIS Financial risk assessment and optimal planning of biofuels supply chains under uncertainty Integrated selection of suppliers and scheduling of customer orders in the presence of supply chain disruption risks Optimization of cost and service level in the presence of supply chain disruption risks: Single vs. multiple sourcing Water risk assessment in supply chains MITIGATE: A dynamic supply chain cyber risk assessment methodology A quantitative analysis of disruption risk in a multi-echelon supply chain Failure mode and effect analysis: FMEA from theory to execution From a literature review to a conceptual framework for sustainable supply chain management Modeling information risk in supply chain using Bayesian networks Supply chain vulnerability assessment for manufacturing industry Strategic action grids: A study on supply chain risk management in manufacturing industries in India Proactive cost-effective identification and mitigation of supply delay risks in a low volume high value supply chain using fault-tree analysis From superstorms to factory fires: Managing unpredictable supply-chain disruptions Identifying risks and mitigating disruptions in the automotive supply chain Researchers' perspectives on supply chain risk management Identifying critical risk factors of sustainable supply chain management: A rough strength-relation analysis method Introducing a mixed-integer non-linear fuzzy model for risk management in designing supply chain networks Assessing the efficiency of risk mitigation strategies in supply chains Operational risk assessments by supply chain professionals: Process and performance An empirical analysis of supply chain risk management in the German automotive industry Managing uncertainty-An empirical analysis of supply chain risk management in small and medium-sized enterprises Assessing and managing risks using the Supply Chain Risk Management Process (SCRMP) Identifying supply risks by mapping the cobalt supply chain. Resources, Conservation and Recycling Analysis on supply chain risks in Indian apparel retail chains and proposal of risk prioritization model using interpretive structural modeling What do we see when we look at networks. In An introduction to visual network analysis and force-directed layouts Risk assessment in multimodal supply chains Supplier selection based on supply chain ecosystem, performance and risk criteria An empirical examination of supply chain performance along several dimensions of risk A comparison of supply chain vulnerability indices for different categories of firms An advanced fuzzy Bayesian-based FMEA approach for assessing maritime supply chain risks A two-stage fuzzy-AHP model for risk assessment of implementing green initiatives in the fashion supply chain Manage risk of sustainable product-service systems: A case-based operations research approach A fuzzy model for aggregative food safety risk assessment in food supply chains Service supply chain management: A review of operational models The importance of contextual factors in the success of outsourcing contracts in the supply chain environment: The role of risk and complementary practices The Global Risk Report Fuzzy multi-objective programming for supplier selection and risk modeling: A possibility approach Toward sustainability: Using big data to explore the decisive attributes of supply chain risks and uncertainties Risk assessment of electric vehicle supply chain based on fuzzy synthetic evaluation Utility-based hybrid fuzzy axiomatic design and its application in supply chain finance decision making with credit risk assessments Supply chain sustainability risk and assessment Disruption risks in supply chain management: A literature review based on bibliometric analysis A tri-level programming model based on Conditional Value-at-Risk for three-stage supply chain management CVaR-based risk assessment and control of the agricultural supply chain Risk assessment of new energy vehicle supply chain based on variable weight theory and cloud model: A case study in China Multiple attribute decision making: An introduction A multi-objective approach to supply chain visibility and risk Fuzzy logic Risk assessment of supply chain finance with intuitionistic fuzzy information Mitigating the risk of information leakage in a two-level supply chain through optimal supplier selection Study on risk assessment of pharmaceutical distribution supply chain with bipolar fuzzy information Risk analysis of the agrifood supply chain: A multi-method approach Risk assessment of supply-chain systems: A probabilistic inference method Quality risk ratings in global supply chains Forecasting SMEs' credit risk in supply chain finance with an enhanced hybrid ensemble machine learning approach Mean-variance analysis of option contracts in a two-echelon supply chain Assessing social risks of global supply chains: A quantitative analytical approach and its application to supplier selection in the German automotive industry Applications of fuzzy set theory to mathematical programming Identifying and managing supply quality risk Publisher's Note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations Hsieh and Lu (2010)