A Decision-Support Framework for Evaluating Supplier Portfolio Risk: Integrating the FMEA Action Priority Approach with Fuzzy Modeling

In contemporary business environments, organizations operate within increasingly complex supply networks characterized by intensified global competition, extensive international interdependencies, and heightened uncertainty in the availability of raw materials and production inputs. Economic volatility, geopolitical instability, and disruptions in global logistics have further increased the exposure of companies to supply-related risks. Under such conditions, supply chain risk management has become one of the central strategic challenges faced by manufacturing and industrial organizations.

Within this context, the systematic assessment of supplier-related risks represents an essential component of managerial decision-making. Suppliers directly influence production continuity, product quality, delivery reliability, and ultimately customer satisfaction and organizational performance. Consequently, the ability to identify, analyze, and prioritize potential supplier risks has become an important requirement for managers responsible for operational planning and strategic supply management.

Various analytical tools and methods have been developed to support risk identification and evaluation in industrial systems. Among these methods, Failure Mode and Effects Analysis (FMEA) [1] represents one of the most widely applied approaches. Initially developed for reliability assessment in the automotive industry, FMEA has gradually been adopted across a wide range of manufacturing and engineering sectors due to its structured and transparent framework for identifying potential failures and assessing their impact.

In the traditional FMEA approach, the level of risk associated with a failure mode is evaluated through the Risk Priority Number (RPN), calculated as the product of three risk factors: Severity (S), Occurrence (O), and Detectability (D). The factor S represents the seriousness of the consequences associated with a potential failure affecting a product or process. The factor O reflects the likelihood that such a failure will occur, while D represents the capability of detecting the failure or its cause in a timely manner before it generates significant negative effects.

Despite its long-standing practical application, the RPN-based approach has been widely criticized in the literature due to several methodological limitations [2], [3]. One of the main concerns relates to the potential ambiguity and inconsistency arising from the multiplicative calculation of risk factors, which may lead to identical RPN values representing substantially different risk situations. In response to these limitations, international industry organizations—including the Automotive Industry Action Group (AIAG) and the Verband der Automobilindustrie (VDA)—introduced an improved framework known as the Action Priority (AP) approach [4]. Instead of relying solely on a numerical risk score, the AP method uses structured decision matrices that explicitly consider the interactions between the three risk factors S, O, and D. This approach provides a clearer and more transparent classification of risk priorities and reduces the possibility of misinterpretation of the obtained results.

In modern supply chain management, risk analysis must be considered not only at the level of individual processes but also across the entire network of suppliers that support organizational operations. The integrated evaluation of supplier risks enables companies to better understand their overall exposure to disruptions that may arise from supply instability, quality problems, or operational failures within the supplier network [5], [6], [7]. Although the AP approach was originally developed for analyzing failures occurring within internal production systems or customer interfaces, it can also be effectively applied to the analysis of risks originating from suppliers.

Building upon this perspective, the present research introduces the concept of an Overall Supplier Risk Index, which represents an analytical extension of the AP framework applied to the evaluation of supplier portfolios. The motivation for this study lies in the need for a systematic and quantitatively grounded methodology capable of supporting managerial decision-making in the context of supplier risk management. In particular, organizations often face the challenge of translating qualitative expert evaluations into structured indicators that can support strategic decisions regarding supplier diversification, monitoring, and cooperation strategies.

A central methodological challenge addressed in this research concerns the transformation of qualitative risk categories—namely Low (L), Medium (M), and High (H)—into a quantitative indicator that allows aggregation and analytical interpretation at the portfolio level. To address this challenge, triangular fuzzy numbers (TFNs) are employed in order to represent the uncertainty and subjectivity inherent in expert evaluations. Through fuzzy modeling, qualitative risk assessments can be translated into numerical representations that allow aggregation across multiple suppliers.

Accordingly, the main objective of this study is to develop a decision-support model for evaluating the overall level of supplier risk within an organization by integrating the AP framework with fuzzy modeling techniques. The proposed methodology provides a structured analytical process that includes: (1) determination of supplier-level risk categories using AP decision matrices; (2) modeling of qualitative risk categories using TFNs in order to account for uncertainty; (3) aggregation of supplier risks through the fuzzy arithmetic mean operator; and (4) determination of a single quantitative indicator—referred to as the Overall Supplier Risk Index—which characterizes the overall risk exposure of the organization to its supplier base.

The applicability of the proposed model is demonstrated through a case study conducted in a company operating in the wood-processing industry. By applying the developed methodology to a real organizational context, the study provides empirical evidence of how the proposed framework can support managerial decision-making related to supplier monitoring, risk control mechanisms, and supply strategy development.

A review of contemporary literature in supply chain management shows that organizations increasingly rely on structured analytical methods to support risk identification and evaluation, even when such approaches are not explicitly required by formal standards or regulatory frameworks. Among these methods, FMEA has become one of the most widely applied tools due to its transparency, methodological simplicity, and adaptability across various industrial sectors.

The traditional FMEA framework evaluates risk using the RPN, calculated from three factors: Severity, Occurrence, and Detectability. However, numerous studies have pointed out important methodological limitations of the RPN approach [3], [8], [9]. In particular, the multiplicative structure of the RPN index may produce identical numerical values for substantially different risk situations, which can lead to ambiguity in risk prioritization. For this reason, many researchers have proposed integrating FMEA with fuzzy approaches in order to better capture the uncertainty and subjectivity inherent in expert evaluations and decision-making processes.

Several studies have explored the integration of fuzzy logic with established multi-criteria decision-making (MCDM) methods in supply chain risk analysis. For example, Trenggonowati et al. [10] proposed a methodology combining fuzzy FMEA with the fuzzy Analytical Hierarchy Process (AHP) in order to improve the identification and prioritization of supply chain risks. Similarly, Zandi et al. [11] integrated fuzzy Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) with classical FMEA to evaluate supply chain risks in the agricultural sector. The results demonstrated that fuzzy-based approaches allow more precise differentiation between risk levels and enable a more refined prioritization process compared with traditional numerical scoring methods.

Supply chain risk assessment is also closely related to supplier selection and evaluation. In study [12], the FMEA framework was applied to rank suppliers according to potential sources of operational risk. The proposed model, which combines FMEA with MCDM techniques, significantly improved the decision-making process in supplier evaluation. A similar methodological perspective was adopted in study [13], where fuzzy MCDM approaches were also shown to produce effective results when addressing supplier-related risks.

More recent research has continued to expand the methodological toolkit for supply chain risk prioritization. Study [14], for instance, employed intuitionistic fuzzy numbers together with the TOPSIS method to determine risk priorities and develop structured mitigation strategies. These approaches illustrate the growing importance of advanced decision models capable of incorporating uncertainty and expert knowledge into risk evaluation frameworks.

In addition to MCDM-based approaches, numerous studies have explored extensions of FMEA through fuzzy inference systems and fuzzy logic-based models. For example, Ivančan and Lisjak [15] introduced a framework consisting of four fuzzy logic subsystems designed to improve the robustness and interpretability of risk evaluation results. Such models demonstrate that fuzzy logic can provide a more detailed representation of risk conditions compared with conventional deterministic approaches.

Furthermore, hybrid analytical frameworks have been proposed in order to capture the multidimensional nature of supply chain risks. Study [16] combined fuzzy methods with FMEA and Fault Tree Analysis to improve risk assessment in green supply chains, highlighting the complexity of risk factors that cannot easily be represented by a single deterministic value. Similarly, study [17] demonstrated that the integration of fuzzy logic with FMEA constitutes a reliable framework for situations in which expert assessments are imprecise or where clear boundaries between risk categories are difficult to define.

Although these studies provide valuable contributions to supply chain risk analysis, most existing approaches primarily focus on evaluating risks at the level of individual suppliers or specific failure modes. Comparatively limited attention has been given to the systematic evaluation of supplier risk at the portfolio level, where organizations must assess their overall exposure to supply disruptions across multiple suppliers simultaneously.

In this context, the integration of the AP framework with fuzzy modeling represents a promising analytical direction. The AP methodology, which has become an established component of contemporary FMEA practice, offers a structured mechanism for prioritizing risks based on the interaction of severity, occurrence, and detectability factors. When combined with fuzzy modeling, it becomes possible to translate qualitative risk classifications into quantitative indicators that can support more comprehensive risk evaluation.

The main contribution of this study therefore lies in integrating the AP framework with fuzzy modeling in order to develop a systematic approach for assessing supplier risk at the portfolio level. In addition, the study introduces the concept of the Overall Supplier Risk Index, which enables the aggregation of individual supplier risks into a single analytical indicator, thereby providing a structured basis for evaluating a company’s overall exposure to supplier-related risk.

In this research, a supplier risk assessment was performed based on their importance for the realization of the production process. The paper applies an approach based on the FMEA framework, specifically the FMEA analysis defined in the AIAG and VDA Handbook [4], which is based on AP. Based on expert evaluations, namely those of the executive director, the production manager, and the procurement manager, all identified suppliers that may have an impact on the realization of the production process and on the company’s overall business operations were assessed. By applying the rules from AP, the priority of each supplier, i.e., its category, was determined.

The experts of this company expressed their assessments using the standard FMEA scale from 1 to 10 for three different risk factors, namely Severity, Occurrence, and Detectability. The assessments were explained and aligned during a one-hour panel discussion organized at the company’s premises. The final decision was reached by consensus.

These risk factors are adapted versions for the problem under consideration and can be interpreted as follows:

• Severity represents the potential negative impact that would arise in the event of a supply disruption, delay, or error by the supplier under consideration. More precisely, this risk factor indicates the extent to which a supplier’s failure can affect the realization of production, the quality of products delivered to customers, the company’s reputation, or even the company’s financial performance.

• Occurrence denotes the probability that a certain problem will occur at the supplier. The assessment of probability is based on the supplier’s reputation, historical records, and the stability of its business operations.

• Detectability (or Possibility of Detection) represents the ability to identify in a timely manner a problem, i.e., a failure, related to the supplier under consideration. In other words, it refers to the ability to anticipate supplier delays, inadequate quality, and other failures in order to undertake appropriate preventive and detection actions in due time.

After determining the risk level for each analyzed supplier, that is, assigning them to a specific category L, M, or H, the overall risk level at the level of all suppliers is calculated. This procedure relies on the previously performed classification; however, in order to ensure finer tuning, the uncertain values of the L, M, and H categories are modeled using TFNs. Thus, each of these categories is represented by a predefined TFN defined on the interval [0,1]. In this way, uncertainty between different zones is taken into account, that is, the overlap between categories is considered.

The overall risk level at the level of all suppliers is determined by aggregating all L, M, and H values using the fuzzy arithmetic mean operator, after which these values are defuzzified using the center of gravity method. In this manner, a single value of the risk level is obtained, which is then normalized and referred to as the overall supplier risk index.

In the first part of the proposed methodology, the risk at the level of each supplier is determined by applying a modified AP approach through the following steps:

Step 1. Definition of the set of suppliers, $i, i=1, \ldots, I$, where $i$ denotes the supplier index and $I$ is the total number of suppliers.

Step 2. Expert assessment of the risk factor values using the standard FMEA scale [1 – 10]. The assessments were made by consensus, as in standard FMEA analysis (where the evaluation is performed by the FMEA team). Table 1 provides an explanation for each risk factor rating.

Step 3. Determination of risk at the level of each supplier by applying the AP approach. The standard approach presented in Table 2 [4] is used.

In this way, the risk at the level of each supplier is determined. The methodology is fully aligned with the standard AP approach, which makes it transparent and consistent with established practice.

After determining the risk level at the level of each supplier, the calculation of the overall supplier risk index is performed according to the following steps:

Step 1. Transformation of the L, M, and H risk levels into fuzzy numbers, i.e., modeling uncertain values using TFNs (illustrated in Figure 1):

- $L=(0,0,0.6)$

- $M=(0.1,0.5,0.9)$

- $H=(0.4,1,1)$

Step 2. Aggregation of suppliers’ fuzzy values using the arithmetic mean operator:

Where the risk level (L, M, and H) at the supplier level is formally represented as:

Step 3. Defuzzification of the aggregated fuzzy value, $\tilde{A}$, using the centroid method:

Step 4. Normalization of the value and determination of the Overall Supplier Risk Index:

where:

$A_{\min }$—the theoretical minimum risk level corresponding to the case where all suppliers are classified at the L risk level (i.e., the defuzzified value of the L fuzzy number).

$A_{\max }$—the theoretical maximum risk level corresponding to the case where all suppliers are classified at the H risk level (i.e., the defuzzified value of the H fuzzy number).

In this way, the value of $OSI$ is reduced to the interval [0,1], which makes it more intuitive and easier to analyze.

Step 5. Categorization of the $OSI$ is performed based on five defined risk levels as follows:

[0.00–0.20]—Very low risk level. The company’s supply is stable.

[0.21–0.40]—Low risk level. Sporadic risks occur, but the continuity of production is not threatened.

[0.41–0.60]—Medium risk level. Refers to moderate risk exposure where monitoring and the implementation of preventive measures are required.

[0.61–0.80]—High risk level. The company is highly dependent on its suppliers. A multi-sourcing supply strategy is necessary.

[0.81–1.00]—Very high risk level. The company is exposed to serious threats that may endanger its operations. Defining supply strategies and having alternative suppliers is mandatory.

In the following section of the paper, a case study on which the presented methodology was tested is presented.

Within the case study, an example of a company from the wood-processing industry is presented, whose headquarters are located in western Serbia. The company’s main production assortment is based on the manufacture of furniture, such as wardrobes, dressers, TV stands and similar products. However, the company also produces kitchen elements, bedroom furniture, upholstered program, as well as certain components of office furniture. It can be said that the main raw materials used in the production process of this company are particle boards, laminated particle boards and solid wood.

However, the production process also requires other materials such as fittings and other mechanisms including hinges, sliding systems, handles, screws, dowels, and so on. In addition, adhesives, varnishes and other coating and wood protection materials are used. Upholstery materials are also used, including various types of sponges, foam and similar materials. Furthermore, the company also requires various packaging materials such as cardboard, foils or pallets.

In addition to all of the above, the company also needs tools, spare parts, machinery and equipment. Naturally, the company is also dependent on energy and infrastructure suppliers, while companies that provide logistics and other support services can also be considered suppliers, such as IT systems, ERP software and similar services.

In cooperation with the company’s top management, primarily through discussions with the executive director and operational management, a list of a total of 39 suppliers was identified as significant for the realization of the production process and for the uninterrupted operation of the company (see Figure 2). This list does not include suppliers that are not of great importance, primarily those without strategic significance for the company’s operations, such as suppliers of food for workers, suppliers of consumables, i.e., office supplies, hygiene product suppliers and similar.

Table 3 presents the supplier that are important for the realization of the production process, as well as for the overall business operations of the company. As previously mentioned, the ratings were provided by the executive director, the production manager, and the procurement manager. They reached their assessments by consensus. Based on the S, O, and D values, the risk level for each supplier was determined.

By examining Table 3, it can be concluded that there are a total of 18 suppliers in category L, 19 suppliers in category M, and 2 suppliers in category H. Subsequently, the aggregation of suppliers’ fuzzy values is performed using the arithmetic mean operator:

$\tilde{A}=\frac{1}{39} \cdot(2.7,11.5,29.9)=(0.07,0.29,0.77)$

Subsequently, defuzzification is performed using the centroid method:

$A=\frac{0.07+0.29+0.77}{3}=0.377$

In the final step, the value is normalized and the Overall Supplier Risk Index is determined:

$OSI=\frac{0.377-0.20}{0.80-0.20}=0.295$

Based on the Overall Supplier Risk Index, it was determined that the analyzed company has a second-category risk level, as shown in Figure 3.

Based on the $OSI$ value of 0.295, it can be concluded that the analyzed company belongs to the second risk category, meaning that it has a low overall risk level when all suppliers are taken into account. Therefore, the company’s supply chain can be considered relatively stable, as it successfully produces and delivers its final products. It can also be clearly observed that, at this moment, there are no long-term threats that could jeopardize the continuity of production, although sporadic risks do exist. This implies that specific control mechanisms should be implemented for suppliers classified in the H risk category, and preferably also for those in the M category, given their considerable number.

This study proposes a structured analytical model for evaluating the overall level of supplier-related risk within an organizational supply network by integrating the AP framework with fuzzy modeling techniques. Through the proposed methodology, qualitative risk assessments assigned to individual suppliers are transformed into quantitative fuzzy representations and subsequently aggregated into a single analytical indicator. In this way, the model provides a transparent and systematic basis for evaluating risks arising from a company’s supplier base.

The application of the proposed framework through a case study has demonstrated its practical applicability in identifying and analyzing the structure of risks within a supplier portfolio. The resulting quantitative indicator, referred to as the Overall Supplier Risk Index, provides managers with a clear representation of the organization’s overall exposure to supplier-related risks. Such an indicator may support managerial decision-making related to supplier monitoring, diversification strategies, and the development of control mechanisms within supply networks.

An important contribution of this study lies in extending the application of the AP framework beyond its traditional context by integrating it with fuzzy modeling techniques for supplier risk evaluation. Through this integration, the proposed model enables the aggregation of risk values at the level of the entire supplier portfolio, thereby providing a more comprehensive analytical perspective on supply-related risks.

Despite these contributions, several limitations of the proposed approach should be acknowledged. First, the evaluation of risk factors relies on expert assessments, which inevitably reflect the knowledge, experience, and subjective judgment of the participating experts. Second, the proposed model represents a static analytical framework, as it captures the state of supplier-related risks at a specific moment in time and does not explicitly incorporate dynamic changes that may occur over time. Third, the methodology treats suppliers as having equal structural importance within the aggregation process; although this limitation is partially mitigated through the Severity factor, which reflects the operational impact of supplier failure, differences in strategic supplier importance may still exist.

In addition to these methodological considerations, the empirical validation of the model is based on a single case study involving one company, which limits the generalizability of the findings. Future research may therefore extend the application of the proposed model to different industrial sectors and multiple organizational contexts in order to enable comparative analysis. Further methodological development may also focus on the integration of additional risk factors and dynamic evaluation mechanisms capable of capturing temporal changes in supplier-related risks.