Supply Chain Risk and its Impact on Performance: A Structured Literature Review

: Purpose: In the supply chain risk management literature, many reviews have been conducted to provide a full understanding of various aspects such as role of simulation and optimization methods in risk management, classification of risks, classification of risk mitigation strategies, and supply chain risk definitions. However, a structured review of risk impact on performance in supply chains is still lacking. Such a review is useful because the literature implies that maintaining and improving performance in risk environments are critically important to the business survival of firms in supply chains. Design/methodology/approach: This review synthesizes and analyses 48 papers published in journals from 2006 to 2020 based on the following criteria: risk type, impact mechanisms of risk (i.e., direct and indirect), performance, research method, research setting, and risk mitigation strategy. Findings: The findings conclude that the impact of risk on performance is complicated and influenced by many factors namely antecedents, mediators, and moderators. Originality/value: This review contributes to the theoretical development of SCRM research through the analysis of SCR impact mechanisms, and indicate gaps of knowledge and future research opportunities. Moreover, it helps managers to devise appropriate risk mitigation strategies thanks to a full understanding of risk impact mechanisms.


Introduction
Supply chain risk management (SCRM) has become one of the main areas of interest in the Supply Chain Management (SCM) literature with the aim of developing strategies for identification, assessment, treatment, and monitoring of risks. According to Fan and Stevenson (2018), to have a full understanding of various issues in SCRM, a structured review of the current state-of-the-art is always needed. To date many review-based papers have contributed to the advance of SCRM research, focusing on different review directions as presented in Table 1. In essence, these reviews can be classified into the following five directions.

Review direction
Authors Aim 1. SCR definitions and types Rao and Goldsby (2009) To develop a typology of SCR Tang and Musa (2011) To identify and classify potential risks related to different flows namely information, cash, and material flows Bak (2018) To explore SCR research trends and gaps 2. SCRM approaches and strategies Bandaly et al. (2013) To review the individual operational and financial risk management approaches Kilubi (2016b) To synthesize and classify various SCRM strategies into proactive and reactive approaches for the ante and the post disruption state 3. SCRM quantitative methods Tang (2006) To review quantitative models for SCRM Fahimnia et al. (2015) To present a systematic review of quantitative and analytical models for SCRM Heckmann et al. (2015) Approaches for quantitative SCRM are reviewed by focusing on definitions of SCR Oliveira et al. (2019) To analyse the role and contribution of simulation and optimization methods for SCRM Baryannis et al. (2019) To address problems relevant to SCRM using artificial intelligence approaches 4. SCRM specific themes Wilding et al. (2012) To investigate the process of knowledge creation, transfer, and development from a dynamic perspective Kilubi (2016a) To analyse the intellectual structure and research fronts of the SCRM discipline Zhu et al. (2017a) To review the literature of integrated SCRM (i.e., connecting SC integration with SCRM) 5. Broad descriptive analyses of SCRM literature Vanany, Zailani and Pujawan (2009) Papers are divided by research methodology and analysed in terms of types of risk and risk management process or strategies. Ghadge, Dani and Kalawsky (2012) Risk types, risk management process and risk mitigation approach are systematically analysed. Ho et al. (2015) To analyse SCR definitions, risk types, risk factors, and risk mitigation strategies Prakash et al. (2017) To identify the types and causes of risk, and objectives of risk management Fan and Stevenson (2018) To categorize papers according to the stages of SCRM (including risk identification, assessment, treatment, and monitoring) and evaluate the use of theories Nakano and Lau (2019) To review the concepts of strategy, structure, process, and performance in SCRM Table 1. Literature reviews and their aims The first direction attempts to develop a typology of Supply Chain Risk (SCR) (Rao & Goldsby, 2009) or to identify and classify potential risks related to different flows namely information, cash, and material flows (Tang & Musa, 2011). The aim of the second review direction is to group various SCRM strategies into proactive and reactive approaches for the ante and the post disruption state (Kilubi, 2016b) or into operational and financial approaches (Bandaly, Shanker, Kahyaoglu & Satir, 2013). The third review direction aims to assess the contribution and role of optimization and simulation methods or even artificial intelligence (Baryannis, Validi, Dani & Antoniou, 2019) for managing SCR as computer applications and simulation techniques have been widely used in improving the decision-making process in this field. Reviews in this direction consist of Tang (2006), Fahimnia, Tang, Davarzani and Sarkis (2015), Heckmann, Comes and Nickel (2015), and Oliveira, Jin, Lima, Kobza and Montevechi (2019). The fourth direction is related to analysing specific themes in the SCRM field such as Zhu, Krikke & Caniëls (2017a). Reviews often apply citation/co-citation analysis (Wilding, Wagner, Colicchia & Strozzi, 2012) and cluster diagram (Kilubi, 2016a) to analyse papers extracted from databases (e.g., Web of Science and Scopus). The most common directions are associated with descriptive analyses of the literature namely: classification of risk types (Ho, Zheng, Yildiz & Talluri, 2015); classification of papers into major variables such as process, structure, strategy, and performance (Nakano & Lau, 2019); paper classification according to the research designs namely empirical research (e.g., survey, case study, simulation of real data) and desk-based research (e.g., literature review, conceptual framework, simulation of hypothetical data) (Prakash, Soni & Rathore, 2017); and paper classification according to SCRM stages (i.e., risk identification, assessment, treatment, and monitoring) (Fan & Stevenson, 2018). However, a systematic review of the impact of SCR on performance is still lacking. It is surprising to see that although SCR has great impacts on performance, most of reviews have not yet provided a comprehensive insight into the relationship between risk and performance.
A higher level of collaboration is needed today to optimize the costs and service levels of global SCs, and to improve the ability to generate profits (Kauppi, Longoni, Caniato & Kuula, 2016). Yet interconnections between members of a SC also lead to many risks, whose scope and magnitude of impact are more serious than ever. Furthermore, fast-changing business environments and competition are exposing firms to higher external and internal risks (Lavastre, Gunasekaran & Spalanzani, 2014). Disruptions in information and material flow caused by risks can decrease operational, market, and financial performance of firms (Christopher & Holweg, 2011). Hence, research on the impact of SCR on performance is gaining increasing amounts of attention from practitioners and academics (Ali, Nagalingam & Gurd, 2017). According to Mishra, Sharma, Kumar and Dubey (2016), SC managers need to strategically choose the right risk mitigation strategy to improve SC performance. To achieve this goal, they first need to fully understand the impact mechanisms of SCR. An understanding of risk impact would help firms better anticipate and favourably affect behaviours of different SC entities. This understanding also improves the capability of firms to continually operate and offer services and goods to the market (Jordan & Bak, 2016). Furthermore, the literature (e.g., Mishra et al., 2016) implies that maintaining and improving performance in SCR environments are critically important to the business survival of firms. For this reason, the current review aims to synthesize and review research on the SCR impact on performance. In terms of practical implications, this review provides a full understanding of risk impact mechanisms (i.e., direct and indirect) as it could be difficult for SC managers to devise appropriate risk mitigation strategies without this understanding. From the perspective of research contributions, the current review attempts to indicate gaps of knowledge and helps researchers identify further research opportunities.

Research Methodology
A structured literature review approach is adopted by this review as it is a transparent, replicable, and favourable of evidence-informed knowledge investigation. A process of structured review includes the five steps: formulation of the research question, selection of studies, evaluation of relevant studies, analysis and synthesis of findings, and reporting of results (Tranfield, Denyer & Smart, 2003).
The literature search was carried out from the middle of 2018 to February of 2020. During this time, relevant papers were continuously screened. The determination and evaluation of studies was first conducted as presented in Figure 1. In order to construct a set of papers related to the SCR impact on performance, the two most common databases are used (i.e., Web of Science and Scopus). Several search strings were applied to both databases, as follows: supply AND chain* AND (risk* OR disruption*) AND (performance OR cost* OR quality OR delivery OR innovation OR flexibility OR financ* OR organization* OR operation*); "supply chain risk management". This results in 775 publications. Only papers published in peer-reviewed journals were assessed, and. conference papers, book reviews, books, book chapters, and non-English publications were not considered. Duplicates among two databases were also removed. Publications are selected based on specific research areas, thus only 434 papers are further assessed. In the last step, title, abstract, methodology, and conclusion of 434 papers were screened. Two important exclusion criteria were used. For the first criterion, papers such as those of Blackhurst, Scheibe and Johnson (2008) were not considered because maintaining and improving performance were not the main focus of research. For the second criterion, this review only considers papers that empirically examine the risk impact on performance, thus papers theoretically presenting the impact of risk are excluded. For instance, Wieland and Wallenburg (2012); Chaudhuri, Boer & Taran (2018); and Kumar, Bak, Guo, Shaw, Colicchia, Garza-Reyes & Kumari (2018) confirmed the negative effects of risk on various performance aspects, yet no empirical evidence was provided to prove these effects. To highlight contributions to the SCRM literature, the scope of the current review is narrowed down through the two criteria above. The final set includes 48 papers that empirically investigated the impact of SCR on performance.  Table 2 lists the variables used for descriptive and content analyses. Several variables for descriptive analysis were used, namely the year of publication, journal, geographical location, and the number of papers published by each author. These variables are widely used by the papers in Table 1 to conduct reviews of literature. As the focus of the present review is on the impact of risk on performance, the variables of risk type (either disruption or operational), impact mechanism (i.e., direct and indirect), performance measures and levels (e.g., organizational, operational), industry type (e.g., manufacturing, service, construction), and research method (e.g., modelling, survey) need to be applied for content analysis. The indirect impact mechanism of risk is classified into two categories. The first implies the moderating effect of risk on the SC practice-performance relationship, while the second refers to the situation in which the impact of risk on performance is mediated by other factors. Finally, papers that include antecedents into their research frameworks or adopt risk mitigation strategies are also analysed. In the following sections, the analysis and synthesis of findings will be presented.

Descriptive Analysis
As presented in Figure 2, the largest number of papers was observed for the year 2018 (n = 10). An increasing number of papers was published between 2006 and 2018. This trend clearly signifies the importance of this research direction among researchers in recent years, although the total decreased slightly in 2019. The number of papers published in 2020 is still expected to be high, as the extraction of papers from both databases ended in February of 2020.
Note: The search of the literature was conducted until February of 2020.  Figure 3 shows the highest numbers of papers from 10 different geographical locations between 2006 and 2020. It can be seen that the largest number of contributions comes from US (n = 7), followed by China (n = 6), and UK (n = 6). The figure clearly signals the growing interest in this research area in these 10 countries.  Irani and Kamal (2014), these are key resources for researchers and practitioners in terms of advances and innovation in operations management.
The number of papers for each author was also examined. It was found that that most authors (n = 128, 96.2 percent) publish one paper and four published two papers; the latter were Federico Caniato (affiliation: Politecnico di Milano, Milan, Italy), John MacDonald (Colorado State University, Fort Collins, United States), Huy Truong Quang (Kyoto University, Kyoto, Japan), and Michael Wang (RMIT University, Melbourne, Australia). The author with most papers on the impact of SCR on performance is Yoshinori Hara (Kyoto University, Kyoto, Japan) with a total of four.

Types of Supply Chain Risk and Performance Levels
The literature has various ways in defining SCR, e.g., as the variation in the distribution of possible outcomes, their likelihoods, and their subjective values (March & Shapira, 1987). SCR is created to the occurrence of an incident where firms are unable to deal with the consequences (Zsidisin, 2003) or the possibility and impact of a mismatch between demand and supply (Jüttner, Peck & Christopher, 2003). However, the perception of SCR observed from the paper set is mostly (n = 48) consistent with the definition of Peck (2006): risk is anything that impedes or disrupts (i.e., risk has negative effects) the flows of products, material, and information from suppliers to end-users in terms of the delivery of the final product. In the context of SCs, there are two main classifications of risk: operational risk (i.e., supply, manufacturing, infrastructure, and demand risks) and disruption risk (Wakolbinger & Cruz, 2011). Disruption risk originates from natural or man-made disasters (e.g., earthquakes, terrorist attacks), while operational risk is associated with supply and demand problems and failed processes/systems (Bhattacharyya, Datta & Offodile, 2010). Thus, in the subsequent sections of this review, SCR studied by the papers is divided into two types: operational and disruption risks.

Supply (S) 30
Manufacturing (M) 19 Infrastructure (I) 17 Demand (De) 26 Disruption (Di) 30 Table 3. Types of supply chain risk The total frequency in Table 3 is greater than 48 most of the papers examined more than one type of risk (see Table 4, Table 5, and Table 6. The reviewed papers are also those listed in these three tables). It is found that operational risk (n = 92) is more studied than disruption risk. The high frequency of disruption risk (n = 30) was somewhat surprising, as this type of risk is less controllable than operational risk. Byrne (2007) concluded that most risks in SCs are operational risks, and are the source of most operational problems, so it is crucial for SCs to address this risk. Despite this fact, many of the selected studies focused attention on the impact of disruption risk. Although they have a significant impact on performance, manufacturing and infrastructure risks have not received as much attention from scholars as supply and demand risks. In particular, only two studies (Klassen & Vereecke, 2012;Cunha et al., 2019) have studied the impact of social risk, defined in SCs as process-and product-related facets of operations that affect community development, welfare, and human safety.
When SCs become more integrated and have a higher degree of interdependence, the susceptibility of firms to SCR increases, not just in terms of their operations but also in terms of activities with partners (Anastasiadis & Poole, 2015). Thus, it is important to reduce the effects of risk in order to improve the performance of a firm, before improving SC performance. Li, Fan, Lee and Cheng (2015) also agree that SCR has impacts on both a single firm and the SC as a whole, and hinders the achievement of benefits from an integrated SC. However, only about a third of the papers (n = 16) focused on firm performance, while most (n = 37) paid attention to SC performance. Operational performance is often measured based on the dimensions of quality, cost, delivery, flexibility, product innovativeness, and customer satisfaction (Kauppi et al., 2016;Zhao, Huo, Sun & Zhao, 2013). Firm performance is mainly related to nvestmentnal aspects such as corporate finance (Papadakis, 2006;Chen, 2018), market expansion and market preservation (Klassen & Vereecke, 2012) (see Table 4, Table 5, and Table 6 for specific risks and performance measures corresponding to each paper).

Research Methods
Six different research methods were applied in the selected papers. The two most used methods were survey-based research (n = 27) and modelling (n = 13), followed by conceptual framework (n = 5), case study (n = 4), interview (n = 3), and review (n = 1). Papers using the same research method will be described in the following section referring to the type of risk, effect mechanisms, performance levels, performance measures and industry. Physical experiments on SCs have technical and cost-related limitations, and it is therefore difficult to implement risk research in practice (Law & Kelton, 2000). In this situation, simulation offers an effective way to model and analyse cases of risk on a large scale. Thirteen of the 48 papers considered developed models to simulate the impacts of different types of risk (either operational or disruption) on performance (Table 4).
As the construction of simulation models is somewhat complex (often involving algorithms), most papers only examine the direct impacts of risk. It is not easy to include the indirect effects of risk (e.g., mediating, moderating) in complex mathematical models. Only two papers included moderators in their models, examining the moderating effect of the efficacy of a risk management process on the linkage between risk and performance (Qazi, Dickson, Quigley & Gaudenzi, 2018) and the moderation of risk-performance linkage by ecosystem and resilience-inducing investments (Macdonald, Zobel, Melnyk & Griffis, 2018). One interesting finding was that these 13 papers focused on the performance of the entire SC, rather than of a single firm. Most studies were interested in a single aspect of performance, usually cost and inventory (n = 9). Moreover, all of these modelling studies were carried out in a manufacturing setting.  It emerged that survey-based research has constituted the complexity of risk impact mechanisms on performance. Nearly half of the papers (n = 27) used survey to collect data to prove hypotheses of research frameworks (i.e., interactions between risk, performance, SC practices, and other factors such as antecedents, mediators, or moderators). Twenty-one papers examined the direct impacts of risk (mostly disruption risk), while 15 looked at the indirect impacts of risk on performance; of the latter, 11 and 4 papers examined mediators and moderators, respectively, in hypothesized frameworks (Table 5). In terms of the level of performance, 10 and 18 studies focused on the performance of the firm and the SC, respectively. Compared to the modelling papers, the survey papers had a greater diversity of settings, including agri-food (Nyamah, Jiang, Feng & Enchill, 2017), service (Quang & Hara, 2019a), construction (Truong Quang & Hara, 2018), and textiles (Ali, Gongbing, Mehreen & Ghani, 2019). Case studies are widely used to generate insights into various areas of management (Yin, 1984). When performing case studies, interviews with a small number of firms are able to provide a better understanding of relationships between constructs (e.g., Tate, Ellram, Bals & Hartmann, 2009). Despite their strengths, case studies were rarely used by the researchers in the selected papers (n = 7). Most of the studies in Table 6 considered the direct impact of risk, whereas its indirect impact on performance was only studied by Ali et al. (2017). An analysis of the papers revealed that SCR affects performance through two different mechanisms: direct and indirect effects. Indirect effects are divided into two types, mediating and moderating effects. A mediating effect refers to a case where the effect of risk on performance is mediated by other factors (e.g., SC integration), while a moderating effect means that risk moderates the relationship between SC practices (e.g., partnership) and performance. Direct effects of risk on performance are also classified into two types: with and without a moderating variable in the risk-performance relationship. It was observed that most of the papers investigated the direct impacts of risk (n = 39), while only 13 studied the indirect impacts of risk (mediating effect: n = 9, moderating effect: n = 4). Among the studies examining the direct influence of risk on performance, six considered a variety of factors as moderators in the risk-performance (or SC practices) relationship. These factors are very different in nature, and can be divided into specific categories. SCRM aims to mitigate the impacts of risk that lead to negative consequences. This is achieved by anticipating disruptions prior to their occurrence, through continuously monitoring possible disruptions in the environment. Donadoni et al. (2018) and Qazi et al. (2018) examined the moderating effects of SCRM, while Zhu et al. (2017b) and Macdonald et al. (2018) considered collaboration and investments in resilience as moderators of the relationship between performance and risks (e.g., legal changes, socio-technical accidents, natural disasters). Table 7 summarizes these moderators in more detail.

The Indirect Impact of Risk
Chopra and Sodhi (2004) emphasized the importance of understanding SCR in order to strengthen firms' capabilities to effectively manage it. It is useful to understand how environmental factors (i.e., risks) influence the effectiveness of SC practices. It has been posited that risk is inherent in SC relationships (Hult, Craighead & Ketchen, 2010), and thus exploring their moderating effect can help in gaining a better understanding of why some SC practices (e.g., flexibility, integration) lead to higher performance while others do not.
Only four of the 48 papers considered risk as a moderator between SC practices and performance (Table 8).
Practices moderated by risk included partnership, flexibility, integration, and SCRM. A common feature of these studies was the requirement of collecting data from surveys to prove the hypotheses associated with frameworks.
Only two studies (Srinivasan et al., 2011;Brusset & Teller, 2017) focused on the effects of operational risk, whereas the others assessed the impacts of disruption risk (e.g., political, environmental, economic risks or even weak rule of law). This finding is rather surprising, because Byrne (2007) states that disruption risk is less controllable in SCs than operational risk.
However, the results of the four papers were contradictory. Most of the papers concluded that risk enhanced the linkage between SC practices and performance. For example, Srinivasan et al. (2011) argued for a positive link between performance and quality of partnership, which can be enhanced by the presence of high supply and demand risks. Kauppi et al. (2016) found that manufacturers in riskier countries characterised by political instability, terrorism, natural hazards and high operational contingencies could adopt a combination of risk management practices and external SC integration arcs. This combined approach could result in better operational performance. Wiengarten et al. (2016) noted that firms are able to improve the effects of supplier integration on performance by SCRM practices in risky environments (i.e., weak rule of law). Conversely, a positive moderating effect of risk was to some extent not observed by Brusset and Teller (2017), who concluded that there was a significant negative moderating effect of external risk on the relationship between resilience and external capabilities. An interesting observation from these works is that scholars have paid a great deal of attention to SCI. This interest may be due to the fact that integration is one of the main research directions in the SCM literature, and has been regarded as an effective managerial tool with the potential to generate competitive advantages for firms (Flynn, Huo & Zhao 2010). The general consensus is that SCI can help to enhance performance, and most empirical research analyzing the link between SCI and performance has shown positive results. This is in line with the results of a meta-analysis by Leuschner, Rogers and Charvet (2013). Yet several works could not prove this relationship or even show that there was a negative relationship between these factors (see Schoenherr & Swink, 2012;Flynn et al., 2010). In recent years, a contingency view of SCI has been applied, in which the integration-performance linkage is said to be dependent on various factors (van der Vaart, van Donk, Gimenez & Sierra, 2012; Wong, Boon-Itt & Wong, 2011). In the papers selected for our review, most researchers recognized SCR as the most significant contingency factor.
In addition, most of the above studies were carried out in a manufacturing setting, and in particular, some studies (Wiengarten et al., 2016;Kauppi et al., 2016) collected data from global databases (e.g., the International Manufacturing Strategy Survey). These global data could provide a more comprehensive view of the moderating role of risk, and can also help researchers to understand manufacturing strategies and practices in different national and industrial contexts. Eight of the studies (Table 9)  The second view argued that risk is a barrier to SC practices, and particularly to integration. SC integration is considered to be a powerful weapon for gaining competitive advantage, but many questions remain unanswered regarding the implementation mechanism of integration (Zhao et al., 2013). Thus, further empirical studies are required in order to identify barriers to SC integration. In view of this, some authors (Zhao et al., 2013;Yu et al., 2015;Villena et al., 2009) attempted to empirically explore the impact of risks (e.g., supply, demand, environment risks) on different types of integration (i.e., customer, internal, and supplier integration). One limitation of these studies was that they only considered direct relationships between risk and practices, or between practices and performance, meaning that the indirect effect of risk on performance was typically not assessed. Only Jajja et al. (2018) tested the mediating role of SC integration in the risk-performance relationship. According to Zhao, Lynch and Chen. (2010), an estimate of the indirect and direct effects of independent (i.e., risk) and dependent (i.e., performance) variables can help to explain the presence of mediators.
With respect to the types of risk studied, most studies did not consider a full set of operational risks (i.e., supply, manufacturing, infrastructure, and demand risks). Although the focus of the studies by Jajja et al. (2018) and Zhao et al. (2013) was on operational risk, the former did not consider demand risk, while the latter did not assess the impact of manufacturing risk. Donadoni et al. (2018) and Villena et al. (2009) only studied the impact of very specific risks (e.g., product complexity, compensation and environmental risk), while Zhu et al. (2017b) directed their focus towards disruption risks, such as legal changes, socio-technical accidents, and natural disasters. It is interesting to note that Cunha et al. (2019) developed a theoretical framework to present interactions between social risk, stakeholder reactions, and consequences. Social risk occurs when stakeholders identify a vulnerability of a firm in respect to a social issue (e.g., practice, ethics, policy) and then pressure the firm to change its approach.
Although the findings confirm the detrimental impacts of risk on performance, only two of the eight studies proposed specific strategies to minimise these impacts. Donadoni et al. (2018) investigated the relationships between performance, disruption, and product complexity using the roles of resilience capabilities (e.g., SCRM, redundancy, visibility, and collaboration) as moderating factors in these relationships. They concluded that resilience allows SCs to mitigate the adverse impacts of a disruption. Meanwhile, Zhu et al. (2017b) argued that SC collaboration weakens the negative impacts of legal, infrastructure, and catastrophic risks on customer value.

Antecedents of Supply Chain Risk
It was found that 10 papers included antecedents in their frameworks. In order to gain a more comprehensive view of the interactions between risk and performance, it is necessary to consider the antecedents of risk, as their occurrence can alter (increase or decrease) the impact of risk on performance. These antecedents may include uncertainty, other risks (e.g., disruption risk leads to operational risk (Quang & Hara, 2019a)), or even inhibitors of risk, and may have both positive and negative effects on different types of risk (Table 10). Five studies included certain risks as predecessors of other risks in their research (Quang & Hara, 2019a, 2019bDonadoni et al., 2018;Chen, 2018;Zeng & Yen, 2017). Disruption risk is associated with threats from the external environment of SCs, caused by geographical, social, political, and economical factors (Rogers, Srivastava, Pawar & Shah, 2016). Hara (2019a, 2019b) stated that these risks occur rarely, but that they always have negative impacts and result in the appearance of operational risks (e.g., supply, manufacturing, information, demand). Meanwhile, according to Donadoni et al. (2018), Chen (2018), and Zeng and Yen (2017), some operational risks can amplify the negative impacts of other risks on performance; for example, product complexity shapes SC complexity, resulting in a higher frequency of disruption (Donadoni et al., 2018), and industry-specific and firm-level risks lead to supply and demand risks (Chen, 2018). Although investigating the impact of a given risk can generate a great deal of insight, SCRs typically occur simultaneously rather than independently. For this reason, Quang and Hara (2019b) proposed and validated a conceptual framework that linked various dimensions of risk to SC performance. Manufacturers with product lines characterised by the frequent introduction of offerings and a high degree of customisation find it hard to predict product demand (Lo & Power, 2010). According to Ho, Tai, Tai and Chi (2005), demand uncertainty is one of the main causes of SC uncertainty, and there are also other causes of uncertainty, such as those associated with supply and manufacturing. Calantone, Harmancioglu and Droge (2010) note that although highly customised products can help manufacturers to achieve sustainable competitive advantage, they also generate complexities in procurement and production activities (Randall & Ulrich, 2001). It was observed that only one study (i.e., Sreedevi & Saranga, 2017) recognized environmental uncertainty as an antecedent of risk; however, one limitation of this study was a lack of evidence for the impact of operational risk on performance, and it only established direct links between uncertainty and risks.
Three studies (Wang, Jie & Abareshi, 2018;Afshar & Fazli, 2018;Ali et al., 2019) added inhibitors of risk to their frameworks; for example, Wang et al. (2018) focused on key logistics capabilities (customer response, innovation) as a way to reduce company, customer, and environmental risks, while Afshar and Fazli (2018) examined the possible impacts of relational capital on SCR. In their work, relational capital was a composite of reliability, commitment, trust, and information exchange. Finally, Ali et al. (2019) argued that SC finance has a significant effect on risk. SC finance was defined as a solution to financial issues based on improving the financial performance of partnered firms (Johnson & Templar, 2011), thus decreasing operational and financial risks.

Risk Mitigation Strategies
Although the literature confirms the negative impact of risk, it is surprising that only 11 of the 48 papers proposed specific risk reduction strategies. According to Kilubi (2016a), there are basically two main risk mitigation strategies in the context of SCs: reactive and proactive strategies. The former involves taking actions after the occurrence of risk, and are related to impact rather than cause (i.e., they concentrate on reducing the consequences of risk instead of its likelihood) (Thun & Hoenig, 2011). Common reactive strategies include redundancy, multiple sourcing, flexible contracts, and postponement. Conversely, many researchers have proposed proactive strategies to reduce the possible occurrence of SCR (e.g., Trkman & McCormack, 2009). This approach not only detects the probable causes of risk and measures its likelihood, but also plans and activates appropriate counteractions before risk occurs (Craighead, Blackhurst, Rungtusanatham & Handfield, 2007). The most widely used proactive strategies are integration, collaboration, and SCRM. Of the 11 papers, three applied reactive strategies, six applied proactive strategies, and two applied both (Table 11). In essence, two different impact mechanisms for these strategies can be identified in these studies. The first involves establishing a direct negative relationship between mitigation strategies and risk Mishra et al., 2016;Klassen & Vereecke, 2012;Hong, Marvel & Modi, 2015;Chen et al., 2013;Ali et al., 2019). However, the way in which performance can be maintained in different risk situations is unknown, meaning that these authors have ignored the importance of the indirect effects of mitigation strategies on performance (in this case, risk mediates the link between mitigation strategies and performance). The second mechanism highlights the moderating effect of mitigation strategies on the connection between performance and risk (e.g., Donadoni et al., 2018;Kauppi et al., 2016;Zhu et al., 2017b;Yu et al., 2015;Wiengarten et al., 2016). These studies have provided evidence of how mitigation strategies both reduce the impacts of risk and maintain performance.
It was also discovered that Kauppi et al. (2016), Donadoni et al. (2018), and Wiengarten et al. (2016) were among the few authors that considered a full SCRM process in which many specific steps were taken to reduce the impact of risk. These authors have different viewpoints on the operationalisation of the SCRM construct. According to Donadoni et al. (2018) and Kauppi et al. (2016), SCRM consists of several stages, including preventing, detecting, responding, and recovering from risk, while Wiengarten et al. (2016) note that it is a process of rethinking and restructuring supply strategy, implementing supplier rating programs, rethinking and restructuring distribution strategy, and implementing early warning system and contingency programmes. The ways in which the above studies define a SCRM process are somewhat different from the definitions in the literature. According to ISO 31000 (2018), the main steps in SCRM consist of risk identification, risk evaluation (determining the probability of occurrence and the severity of the consequences), risk treatment (reducing the occurrence and consequences of risk), and risk monitoring (to see if a treatment is effectively adopted). Again, it was concluded that previous researchers have paid particular attention to SC integration in interactions between risk and performance. Five of the 11 papers included the constructs of integration or collaboration into their frameworks.

Further Research Opportunities
The following section describes further research opportunities in terms of research methods, risks, the effect mechanisms of risk, risk mitigation strategies, performance measures, research settings, and contextual factors.
The literature has mainly focused on the use of modelling and surveys to collect data for risk impact analysis, while case studies have rarely been used. Future researchers are encouraged to conduct case studies, because these are considered to be a means of gaining a deep understanding of a phenomenon in a real-life setting (Yin, 2009). For example, in the study by Brusset and Teller (2017), although external and supplier risks are assumed to have positive moderating effects on the relationships between capabilities (external, integration) and resilience, their results show that external risks have negative effects while supplier risks have positive effects. In this situation, a case study or interviews could help in explaining why risk has different effects within the same setting. Case studies with firms from different industries or firms from the same industry but located in different regions (or even in the same firm but in different years) may be performed. Shi, Liu, Zuo, Pan and Ma (2015) also stated that multiple case studies should be carried out to validate or extend previous findings, particularly when the case findings from the literature are completely contradictory, e.g., the findings of Jajja et al. (2018) which stand in contrast to those of Zhao et al. (2013).
Regarding the types of data used, future studies may combine primary and secondary data to better reflect the impacts of typical risks in each country or industry. For instance, Kauppi et al. (2016) used both primary data from a survey and secondary data on disruption risk at the country level to investigate how this risk was associated with the combined adoption of external integration and risk management. Wiengarten et al. (2016) used the rule of law index developed by the World Bank to measure the risk of opportunistic behaviour. According to Rabinovich and Cheon (2011), many calls have been made for the application of secondary data in SC research; however, very few of the reviewed studies relied on secondary data. Moreover, the use of triangulation could provide more information than a single research method. Despite the advantages of this approach, only Lockamy (2014) adopted a mixed-method approach (interviews and a survey). Future researchers should apply this approach to enhance the generalisation of findings.
The impact of SCR on performance has been widely investigated using surveys and modelling, while few studies have used case studies and interviews. Empirical research on many risks and their simultaneous impacts on performance is still limited, although there are some notable works such as those by Hara (2019a, 2019b). As concluded by Ho et al. (2015), future studies of interactions between various risks instead of standalone risks could effectively assist the process of SCRM decision making. The literature has strongly focused on supply and demand risks. However, Norrman and Jansson (2004) posit that ripple effects in SCs make it necessary to manage risks in relationships with all members. A SC includes a focal firm, suppliers, and customers, and its competence is therefore not only weakened by risks related to supply but also by those related to customers and manufacturing. Although any approach of risk management is applied, Rao and Goldsby (2009) affirm that risk needs to be understood and managed as a whole for an end-to-end SC. Future research should devote more attention to all operational risks (i.e., supply, manufacturing, infrastructure, demand) and particularly social risks. Klassen and Vereecke (2012) and Cunha et al. (2019) have developed theoretical frameworks related to interactions between social risks, practices (e.g., stakeholder reactions, social management capabilities), and performance; validating these frameworks based on large-scale data (e.g., surveys) is suggested as an avenue for further study.
Future research should focus more on operational risk than disruption risk, as most risks in SCs are related to operational risk. In their studies, Brusset and Teller (2017) Studies in this field typically use cross-sectional data (e.g., surveys), meaning that the long-term effects of risk and SC practices (especially integration) on performance have not been tested. Srinivasan et al. (2011) concluded that their cross-sectional design did not allow for the investigation of interactions between risk, uncertainty, partnership, and performance over a longitudinal time frame, and hence caution should be used in causal inferences from their study. Because integration with partners is usually deployed over a long period, it would be more useful to examine the effect of integration practices on a longitudinal basis. Moreover, focus group discussions and interviews with SC managers could help in achieving a better understanding of why some SC practices do not affect performance while others do; for example, Brusset and Teller (2017) showed that external capabilities (i.e., adopting a vendormanaged inventory policy and customer response policy) do not impact on resilience, while other capabilities (i.e., integration, flexibility) do. In some works (Srinivasan et al., 2011;Wiengarten et al., 2016), data were primarily gathered from the perspective of focal firms, and further research should broaden this scope by considering the perspectives of suppliers and customers; for instance, the study by Srinivasan et al. (2011) was restricted to studying the links between performance and partnership in the presence of uncertainty and risk only between focal firms and suppliers. All studies taking this research direction (e.g., Wiengarten et al., 2016;Kauppi et al., 2016) were carried out in a manufacturing setting, except the study by Srinivasan et al. (2011) in which the setting was not clear. It can be observed that the effects of different industries and SC stages on performance have not yet attracted much attention, and research on these effects could therefore yield additional insights (Brusset and Teller, 2017).
The majority of the selected papers regarded integration as one of the most common SC practices, the overall results are unclear due to the two contradictory views of the risk-integration relationship (i.e., risks can both promote and hinder integration). Further work could therefore analyse contextual factors (e.g., developed versus developing countries, service versus manufacturing sectors, competitive levels) which may have significant impacts on this relationship. Specifically, future research could examine the mediating and moderating effects of contextual factors to help explain the two contradictory views found here (Sousa & Voss, 2008). An analysis of mediating and moderating effects may also answer the question of why integration has different levels of impact under different circumstances in the risk-performance relationship. Researchers should also examine the indirect effect of risk on performance in the case where this effect is mediated by other factors; of the eight papers, only one (i.e., Jajja et al., 2018) (Table 11) assesses the mediating effects of integration aspects on the risk-performance relationship.
In the selected papers, much attention is paid to studying the effect of integrated relationships with SC members on performance (see Tables 7 to 11). In addition, most papers examining the indirect effects of risk did not comprehensively consider operational risks in their research frameworks. Several recommendations can therefore be made in regard to studying the interactions between operational risk, integration, and performance, because research on these interactions has hitherto been limited. This was confirmed by Zhao et al. (2013), who concluded that future research should look at interactions between these constructs. Wiengarten et al. (2016) and Brusset and Teller (2017) examined whether risk could moderate the link between integration and performance. Meanwhile, Jajja et al. (2018) and Zhao et al. (2013) concluded that risk can either motivate or impede firms in terms of integrating SCs. However, these papers do not analyse the direct effects of operational risk on performance, and it is not clear whether integration could have moderating effects on the operational risk-performance relationship. For this reason, it would be more useful to discover which types of integration (customer, internal, or supplier integration) can moderate the impact of operational risk and maintain performance, through empirical investigations with large-scale data (e.g., surveys).
Further research could investigate the moderating role of SCRM on the risk-performance relationship. Although some papers (Donadoni et al., 2018;Wiengarten et al., 2016) explored this role of SCRM, they did not operationalise the construct of SCRM as a process of risk identification, assessment, treatment, and monitoring. Kauppi et al. (2016) and Wiengarten et al. (2016) examined the combined effects of SCRM and SCI on performance, but their focus was on disruption risk rather than operational risk. Thus, future works could study the combined effect of operational RM and SCI. Based on the impact levels of risk, firms are able to determine the most appropriate practices of risk management and integration approaches to fit their environment. Moreover, further research could shed light on how contextual factors such as the industry and country can impact on risk, integration, and performance as well as the links between them. The reviewed papers have not paid a great deal of attention to improving firm performance under the impact of risk. According to Kauppi et al. (2016), risks have impacts on both a given firm and the whole SC, often at a global scale. Typically, SCR will cause domino effects, due to which detrimental consequences are more likely to escalate at the network level. For this reason, the significance of SCM is that it can help individual firms survive in a riskier environment (Donadoni et al., 2018). Thus, future studies should pay more attention to improving firm performance under the impact of risk, because the reviewed papers mostly focused on the improvement of SC performance. Although many papers included contextual factors in their models, most did not consider the significant effects of contextual factors in explaining performance and risk impacts. The three most common factors were firm size, industry type, and geographical location, which could potentially affect the hypotheses used in research frameworks (Brusset & Teller, 2017). There were also several papers that looked at other contextual factors such as cross-cultural differences, levels of globalisation (Wiengarten et al., 2016), and power position (Zhu et al., 2017b), but firm size was still the most commonly considered contextual factor. It would be valuable for future studies to examine the importance of firm size in explaining risk impacts and performance, and especially differences in performance between SMEs and large firms, because SMEs have scant resources and more difficulties while large firms often have sophisticated tools for managing risk.
Although the authors of the papers attempted to include all dimensions of risk in their research frameworks, it would be more useful to validate frameworks in a range of different settings, as almost all of the 48 studies involved a manufacturing setting. According to Quang and Hara (2019b), each industry has dissimilar characteristics, meaning that SCRs could be different between different industries and SCs, such as the manufacturing, service, and public sectors. This would help in reflecting the characteristics of the industries or the SCs in each industry, and more comprehensive models could be defined. Moreover, future works could consider past risk behaviours and the likelihood of occurrence, instead of examining solely the impact levels of risk.

Conclusion
The current review is intended to provide SC researchers and managers with insights into the SCR impact on performance. In terms of the practical implication, this review attempts to provide SC managers with a full understanding of risk effect mechanisms and to help them propose risk mitigation strategies by the comprehension of these mechanisms. Indeed, the selection of a risk mitigation strategy needs to be based on various risk environments, for instance, the level of risk impact and its likelihood (Knemeyer, Zinn & Eroglu, 2009). This is also affirmed by Manuj and Mentzer (2008) when they devise risk management strategies for SCs based on different supply and demand risks. The present review also contributes to the theoretical development of SCRM research through the analysis of SCR impact mechanisms. Exposure of these mechanisms enables a more complete view towards the risk-performance relationship. It is seen that the impact of risk has been complicated and influenced by many factors such as antecedents, mediators, and moderators. However, it is not necessary to all include these factors into a single research model because different SCs (e.g., manufacturing, construction, service) may be affected by different risks (i.e., operational and disruption risks). Despite its attempts, the current review still has some limitations that could be considered by further research. First, this review only considers journal papers; conference and non-English publications as well as book chapters are excluded, thus some findings from these types of publication may be missing. Second, academic databases (i.e., Scopus, Web of Science) are continuously updated, so newly published papers by journals could have been unreported.