Expertise modeling and transportation risk management: an application to container transportation security risk management

Due to the globalization of trade, hundreds of millions containers pass every year through world ports. Such a situation is extremely challenging in terms of securing freight transport operations. However, costs and lead-times are still very important components of supply chains' performance models. Therefore, the drive for enhanced safety and security cannot be made at the expense of these other two factors of competitiveness, and the processes implemented by the global supply chain links, including the maritime port one, should tend to a joint optimization of trade facilitation and operational safety / security. The research on which this paper feeds back falls within the frame of this mixed performance requirement. More specifically, the paper presents a decision-support system dedicated to managing the risks associated with land and maritime container transportation; this system is based on the modeling of the knowledge of a group of experts, and covers the three phases of risk identification, assessment and avoidance / mitigation.


Introduction:
Due to the globalization of trade, hundreds of millions containers pass every year through world ports.Such a situation is extremely challenging in terms of securing freight transport operations.Thus, the entire international supply chain ranging from the original supplier to the final customer must look for solutions likely to improve the monitoring of containers, in order to better manage the risks associated with their transportation.
For the supply chain members, what is at stake is the reduction of theft and damage to the merchandise, but also more generally speaking the security of their supply and distribution networks; for public authorities and institutions governing international trade, it is to ensure homeland security and the compliance with relevant regulations.
However, costs and lead-times are still very important components of supply chains' performance models.Therefore, the drive for enhanced safety and security cannot be made at the expense of these other two factors of competitiveness, and the risk management processes implemented by the global supply chain links, including the maritime port ones, should tend to a joint optimization of trade facilitation and operational safety / security.
Based on this double requirement, a research project has been launched some time ago, involving academics (in the areas of logistics and information technology) and practitioners (port operators, transportation and logistics service providers), and aiming at developing a tool for both securing and facilitating container transport operations (Fredouet 2007).
This paper feeds back on the specific features of the decision-support system thus created, dedicated to the identification, assessment, and avoidance / mitigation of the risks stemming from the routing of containerized freight; inspired from the HACCP method, this system combines experts' knowledge in the field of container transportation risk management, with (partly) real-time data collected on the activities to be monitored, so as to generate recommendations for action against proven risks.
A first section of the paper addresses the issue of choosing a relevant risk management method, from the set of options provided by the academic literature.A second section describes the two successive phases of the decision-support system development.

Choosing the risk management method
To support organizations along the various stages of the risk management process, a wide range of tools and methods has been developed.Some risk management tools are specific to such or such field of activity, while others see their applications increasingly extended to various sectors.A method for risk analysis can be quite simple and dealing with only one step of the risk management process (identification, assessment, or avoidance / mitigation of the risks).It can also be more complex, resulting from a combination of several simpler methods.Finally, whereas some methods are based on the quality of the accumulated experience, others rely on the processing of (huge) numbers of quantitative data.
From a general standpoint, risk management methods found in the academic literature display two main characteristics: they are either quantitative or qualitative (Rot 2008), and they are either deterministic or probabilistic (Cox 1998).
Therefore, these methods may be classified into four categories: probabilistic quantitative, deterministic quantitative, probabilistic qualitative and deterministic qualitative (Tixier et al. 2002).

Probabilistic quantitative methods
In this category, the Fault Tree Analysis (FTA) method is a logical and schematic approach to assess the possibility that an accident occurs following sequences and/or combinations of failures.Originally designed in 1962 by Bell Labs to support the study of failure modes in missile launch control systems, this tool is now widely used in many applications ranging from accident investigation to prototype design, but also in applications for protection and control.This is the most popular technique to analyze the security in all systems (Villemeur 1992), and to predict the reliability of complex systems in several fields such as aerospace, petrochemical or oil pipelines; it can be applied both to software as well as to technical assets.

Deterministic quantitative methods
They find an illustration in the Domino Effect Analysis (DEA) method: the domino effect is well identified in the field of risk and disaster management.Three elements characterize a domino event (Cozzani et al. 2005): -a primary accidental event, which triggers the domino effect, -a propagation effect, following the primary event, and resulting from the impact of the propagation vectors caused by the primary event on secondary targets, -one or more accidental side events involving the same or another part of the system.
Incidentally, an accident is defined as a domino event only if the sequence of propagation results in a worsening of the primary event.

Probabilistic qualitative methods
One of these methods the use of which is widely spread, is the DELPHI method, which can be defined as a procedure for obtaining the most possible reliable consensus on a given theme from a group of experts, through a series of alternate questionnaire submissions and feed-back sessions (Dalkey and Helmer 1963).
At a more general level, this method is seen as a means for structuring the communication between a large number of participants meeting locally and/or geographically dispersed; these people can provide valuable contributions to solve a complex problem in assessment or anticipation situations where statistical methods do not apply or cannot be implemented due to a lack of appropriate technical/economic/historical data.

Deterministic qualitative methods
In the risk management process, the identification of the hazards which may lead to accidental situations is a fundamental task.Several techniques are available to this end, the efficiency of which particularly depends upon a rigorous analysis of the scenarios generated by these hazards, featuring various levels of harm severity.
Among these techniques, the Hazard Operability (HAZOP) method is well-reckoned as the best tool for hazard identification in a qualitative analysis (Suokas 1988).A HAZOP study is aimed at identifying how a system could deviate from its normal state, by splitting this system into simpler sub-systems with specific boundaries called nodes, and providing an analysis for each separate sub-system.Khan and Abbasi (1997) have thus structured the HAZOP procedure along three main steps, performed for each component of the system under scrutiny: the identification of abnormal behavior of the component under normal conditions, the qualitative assessment of the abnormal behavior in case it spreads out to other components, and basic recommendations to mitigate this abnormality.
Based on these four categories identified in the academic literature, the choice of a relevant risk management method had to take into account the specificities of the container transportation operations.
First, container-centric transportation risk management must obviously help supply chain actors set up prevention / mitigation processes to address their collective vulnerability to human harmful behavior (Sheffi and Rice 2005).But it should also reinforce, rather than degrade, the results of other performance enhancing programs, which focus on costs and/or lead-times (Barnes and Oloruntoba 2005).So, this specific managerial process aims at setting the right balance between operational security and trade facilitation, thus providing the supply chain with a valuable source of competitive advantage.
Therefore, instead of following a typical quantitative optimization pattern for exclusively minimizing risk, and as the quality of this specific risk's management is tightly linked to the experience of the actors involved in the process, the choice was made to move towards a qualitative approach, through the collection of the relevant human expertise.
Because it is widely recognized that, including in risk management, group decision-making is more efficient than individual decision-making (Kocher and Sutter 2005), and studies have shown that companies rely more and more on teams to manage their risks (Coleman and Marks 1999;Kaplan 1992), group has been retained as the operational working unit during the knowledge acquisition phase.A working group has been set up, made of six experts whose selection was based on their experience, their professional position, their specialty, and their qualification (e.g.: Customs Service agents, specialized in container targeting).
Second, container transportation intentional risks definitely feature a strong uncertainty, as their consequences on the global supply chain operation are well specified, but their probabilities of occurrence are difficult to estimate.
Against such an uncertainty, defined as an event the consequences of which are known but the probabilities are not, the scenario-based risk analysis is more and more widely used within organizations (Baker et al. 2002;Carpenter, Bennett and Peterson 2006).Consequently, a multiple scenario analysis has been selected for the identification, assessment and avoidance / mitigation of the security risks arising from container international transportation.
Third, various solutions are available for identifying and analyzing the risks associated with maritime transportation and port activities, e.g.Formal Safety Assessment and Failure Mode Effect Analysis.
Formal Safety Assessment (FSA) is a relatively new approach to the management of risks regarding maritime safety and security.This method features five stages: identification of hazards, risk assessment, risk control, cost/benefit analysis and final decision-making (Quan-Gen et al. 2005).It can be applied to assess new regulations, but also to compare existing ones with possible improvements, as well as for the management of operational risks including the influence of the human factor (Vanem et al. 2008;Wang 2001).
Failure Mode Effect Analysis (FMEA) is widely used in industry, but has also been adopted by the maritime community to address the risks within marine systems (Wilcox 1998).The analysis is done in four steps: the definition of the system to be secured, the identification of potential failure modes and their causes, the assessment of the effects of each failure mode on the system, the specification of the failure detection methods and the corrective actions to be implemented.FMEA enables to identify areas, features and/or critical components the failure of which could lead to adverse consequences such as production losses, damages, or accidents.
However, the choice has been made to ground the decision-support system, not into one of these methods already used for security risk management in international freight transportation, but rather into the Hazard Analysis and Critical Control Point (HACCP) method.
This is a risk management method predominantly used in the food industry, but also more and more often in the health industry, and which seemed worth considering for use along the multiple links of a supply (including transportation) chain: In his research work, Sperber (2005) describes HACCP as a method for managing security risks 'from the farm to the table'.Furthermore, according to Zuurbier, Trienekens and Ziggers (1996), 'food chain' consists of organizations involved in the production and distribution of plants and animals, and Apaiah and Hendrix (2005) suggest that the food supply chain could be split into six links ranging from primary production to the final consumer through processing and distribution activities.The sentence 'from the farm to the table' may thus describe a 'food chain', and the HACCP method appear as being applied to the management of security risks within this supply chain.
Thus extending the method to other types of security risks in other supply chains, the option has been taken in this project to apply HACCP to container maritime and land transportation, as a way to handle related safety / security issues.The adaptations brought to this end to the HACCP method are summed up hereafter (Table 1).Once this qualitative, scenario-based, HACCP-inspired, approach of risk mananagement had been selected, the project could move to its second step, consisting in the development of an expertise-based decision-support system.

Decision-support system development
This development step encompasses successively the formalization of the selected risk management process, and the actual construction and validation of the decision-support tool.

Formalizing the risk management process
Before being extended to the risk management process, formalization has been applied to the container transportation one.More specifically, a model of the container exportation activities has been built, with the level of granularity required by the experts to help them in the analysis of the risks associated with this export process (Figure 1).
In this model, the process is knocked down into eight key activities: -the picking of an empty container from the container yard, -the transportation of the empty container directly to the port terminal, -the transportation of the empty container to the distribution center, -the stuffing of the container at the distribution center, -the transportation of the full container to the port terminal, -the storage of the empty / full container on the port terminal, -the inspection of the container by Customs authorities within the port premises, -the loading of the empty / full container onboard the container carrier.This fragmentation of the process pointed out at six main risky areas: -the empty container yard, -the route followed from the container yard to the distribution center, -the distribution center for container stuffing, -the route followed from the distribution center to the port terminal, -the port terminal, -the route followed from the container yard to the port terminal.

Model of the container transportation process, with risky areas
The second step of formalization relates to the risk management process.It hosts three activities: risk identification, risk assessment and risk avoidance / mitigation.

The identification of risk scenarios
The first part of the HACCP method lies in the identification of hazards.Within the food industry, an analysis of scientific data based on technical standards is usually performed, leading to the identification of quantifiable food-related security risks.In the present case, human expertise has been used to identify qualifiable container-related safety risks.
At the end of the series of interviews conducted with the group of experts, a list of variables representative of the identified risk scenarios has been established as follows: -the status of the supply chain member: known or not, authorized economic operator (AEO) or not, fixed address or not, -the characteristics of the container: type, number, available safety equipment, -the characteristics of the shipping route: direct or not, with(out) transhipment, duration, countries of origin and of destination, -the characteristics of the merchandise: type, ID code, -the level of safety of the logistics sites: access conditions, -the duration of the travels between logistics sites, -the availability of information while operations are conducted.
The experts then structured these variables in scenarios pertaining to each of the risk areas previously mentioned (Table 2).

Risk areas
Instances of risk scenarios container yard the yard operator is not AEO and the yard is not secured the yard operator is AEO route from the container yard to the distribution center the transportation operator is not AEO and the container stays for longer than expected on a non-secured parking lot the transportation operator is AEO distribution center the distribution center operator is not AEO and the seal is not properly affixed to the container the distribution center operator is AEO

The assessment of the risk scenarios
In this second part, the experts worked as a group to qualitatively assess each risk scenario, relying then on their respective experience.As applied in the food industry, HACCP handles hazard control through detection devices and the measuring of probabilities of occurrence, and of harm severity of consequences.Therefore, it does not take into account the probability that risks would be actually detected.However, regarding container security risk management, such an information stands out as an important decision factor, so the risk detection probability has here been added to the assessment criteria.
Consequently, the experts' evaluation of the risk scenarios has been led based on the probabilities of risk occurrence, on the probabilities of risk detection and on the harm severity of the risk consequences, using the following qualitative scales: -very high, high, medium, low and very low, for occurrence and detection probabilities, -very strong, strong, medium, weak and very weak, for the harm severity of the consequences.
An extract from the results of this qualitative assessment is given hereunder (Table 3).

The handling of risk scenarios
During this last part, it is up to the experts to define the behaviors to adopt, depending upon the results of the combined assessment of occurrence and detection probabilities, as well as the potential harm severity of the scenarios.While, in the case of any proven risk, one standard recommendation is to alert the Customs authorities so that they carry out a physical check of the container, other courses of action are also likely to be suggested, especially in terms of status verification for the actors involved in the scenarios (Table 4).

Construction and validation of the decision-support tool
Because risk management decision-making processes are of a rather poorly structured nature, their modeling requires a set of specific tools, both different and non-exclusive one from another (Vidalis 2004).In this set, together with purely quantitative options such as genetic algorithms, stands out expertise modeling, one instantiation of which consists in the development of an expert system.
As the principle of such a tool is to model the process by which a human expert implements his knowledge to provide a solution for a problem within his field of specialty (Turban 1992), an expert-system architecture consists of three elements: -a knowledge database, that hosts the knowledge acquired from the experts, -a facts database, in which is fed the information on the specific problem to be solved, -an inference engine, which searches through the knowledge base, and then activates, all the problem-solving bits of expertise that are related to the characteristics of the problem as described in the facts database.The user of an expert system may therefore call for help upon his tool in the same way he would with a human expert: just like this one would do, the expert-system looks for information about the situation to be handled, including by asking questions to its user, provides its comments and recommendations, and, if required by its user, details the successive steps of his reasoning process (Turban and Aronson 2001).
Expert-systems have been widely used in the field of risk management, more specifically in project risk management (Ramamoorthy and Chandras 1993;Tah and Carr 2001;Zoysa and Russell 2003).Based on an analogy between project management and supply chain management (both face a complex, dynamic and uncertain environment), Putu, Berman and Sami (2007) have suggested a comprehensive framework for the development of an expert-system dedicated to suppy chain risk management (Figure 2).

Figure 2.
Framework for the development of an expert system for the supply chain risk management (Putu, Berman and Sami 2007) In order to optimize the security of container transportation while not impeding its speed, the proposed decision-support tool must -identify / assess all possible risks, through the collection of data on all movements of containers towards the port premises, -help handle proven risks, by providing in due time to the relevant operators specific recommendations for avoiding / mitigating those risks.
To that end, the expert-system features a facts database storing the data on the transportation operations to be monitored, a knowledge database holding the risk management expertise, and an inference engine combining both database contents for risk identification / assessment and the provision of courses of action for risk avoidance / mitigation.
The development of the decision-support system has gone through the two typical stages of model building and model validation.

The expert-system building stage
Two databases need to be designed and fed during the expert-system building stage: the knowledge database and the facts database.
Regarding the knowledge database, the first step of its construction consists in knowledge acquisition, whereas the second step deals with knowledge representation.
Extraction of knowledge is the most difficult task in the process of knowledge engineering, and the choice of an appropriate method for this purpose is a key success factor in the building of an expert-system.
Here, the method which has been implemented is the semi-structured interview, which is the most commonly used to for knowledge acquisition in the field of managerial decision-making; more precisely, the interviews have been conducted with a group of experts, and structured through an initial question: 'What do you use as indicators for targeting containers when you visit such or such link of the supply chain?'.
The standard protocol collected from this question spells out like 'Within a given link, we focus on the people handling the container, on the physical environment and on the movements of goods; if there appears a potential risk, we ask for inspecting the container'.
Depending upon the link under control, extra comments are made, such as, along the route from the distribution center to the port terminal: 'The main actor being the transportation operator, it is important to know -his status (AEO or not), and whether he is already known or not, because if he is new, there is a risk, -the time elapsed since the container has left the stuffing area, because if there has been a long stop in a non-secured location, there is a risk, -the type of merchandise stuffed in the container, because if it is unusual and / or dangerous, there is a risk, -the status of the full container, equipped or not with a door open / close detector; if the detector is a seal, what is the state of the seal, because if it is not properly affixed, there is a risk.' At the end of the interviewing process, the contents of all the protocols provided by the experts have been transcripted, using a formal structure made of four components: -indicators, such as 'trucking company', 'merchandise', 'container', -operators, such as 'is', 'is not', -values, such as 'known', 'dangerous', 'equipped', -actions, such as 'scan', 'inspect'.
The transcription of the protocols serves as a transition between knowledge acquisition and knowledge representation.
Expert knowledge may be represented using several available types of formalisms, which can be classified into three broad groups (Hoffman 1987): procedural representations, declarative representations and structured representations.Procedural representations include finite automata and programs; declarative representations include the predicate calculus and production rules; structured representations include semantic networks and frames.
Given the nature of the risk management knowledge, and its deductive implementation mode, production rules have been retained as the knowledge representation formalism for the proposed tool.The risk scenarios identified by the experts are therefore represented through sequences of 'IF <conditions> THEN <actions>' assertions: e.g.: 'IF the full container has been transshipped only once and the shipper in not AEO and the container has already been checked at the port of export, THEN the container must be scanned' When all the conditions of a given rule are supported by the data describing the transportation operation to be secured, the 'actions' part of the rule is performed, therefore advancing the risk management process to a further step.
Parallel to the construction of the knowledge database, the facts database needs also to be built.
Here, collection and transmission of field data are supported by such tools as GPS devices or RFID tags.These data allow for the identification of routes followed by the containers, for the detection of long time staging of the containers, or even for the control of goods segregation.They are supplemented with other data, drawn from the information systems of the actors involved in the transportation of the containers, and relating to the nature of the merchandise, to the countries of origin / destination of the shipments, and also for instance to the use of non-secured container yards or to the status (AEO or not) of the transportation and handling operators.
On the basis of this data set, the expert system generates alerts in response to any event that might impact the safety of the transportation operation, as well as recommendations for action to those of the involved actors who are empowered to make the risk avoidance / mitigation decisions.

3.2.2.The expert-system validation stage
It focuses on the quality of the expert system, essentially on its degree of accuracy and of robustness (O'Keefe and Preece 1996); it thus consists of a triple evaluation (CAracaValente and Morant 1999): -a laboratory evaluation seeks to identify any difference between the acquired knowledge and its representation in the expert-system knowledge database, -a performance evaluation mainly relates to the interaction with the user (ergonomics of the interface, operational responsiveness, ability of the system to explain its reasoning process), -a field evaluation has for primary objective to estimate the quality of the solutions provided by the expert-system as compared to the decisions actually made in real-life situations.
The methodology adopted for the present expert-system validation globally fits within this frame.The universe of discourse used in the writing of the production rules has been applied to the description of a set of real-life situations having formerly been assessed by the experts in terms of being risky or not risky.These descriptions have then been submitted to the expert-system which has consequently provided a number of recommendations.These recommendations have in turn been compared to those previously made by the experts, leading to the calculation of an accuracy rate which has been used as a validation criterion.
More precisely, fifty real-life situations have been identified and formally transcribed before being fed into the expert-system's facts database (Table 5).Out of these 50 real-life situations which have been submitted to the decision-support tool, 40 have been recognized by the expert-system, which has provided recommendations (check or no check of the container) 100% identical to those made by the experts.
For instance, in one of the real-life cases submitted to the expert-system, the ID code of the goods stuffed in the container had proven to be wrong (the critical control point for this information is right after the goods to be exported have been declared to the Customs).As the probability of occurrence and the criticity of the risks associated with such an event were deemed as "average", and the likeliness of risk detection considered as "high", the system's recommendation, consistent with that of the expert, was to check the container.
Leading to the same "check the container" conclusion, another real-life example was that of a container holding goods the ID of which was correct, but the address of the exporter appeared to have changed since the last shipment (the critical control point for this latter information is at the time of the export documents' validation by the freight forwarder).Here, risk occurrence and detection probabilities were both "high", as well as its criticity.
A third illustration comes from a situation where an empty container was stored in a yard owned by a non-OEA operator and with no safety / security devices on its premises (the critical control point for these information stands when the booking is validated by the shipping company).As the risk occurrence probability and the risk criticity were both qualified as "weak", and the detection probability was specified as "high", the recommendation supplied by the decision-support system was "no check", just like what had been decided in the real situation.
The 10 other scenarios which have not been identified by the expert-system led to a second round of knowledge collection for further filling of the expert-system database ; obviously, this knowledge updating process needs to be conducted on a permanent basis to ensure the proper adjustment of the database content to the characteristics of the various scenarios likely to be encountered.
Beyond supplying a first and positive level of validation of the expert-system, these tests have highlighted the valuable opportunity brought by this kind of decision-support system: the automated targeting of export containers, on the basis of multiple criteria, and the screening of risky containers prior to their loading at the port of export; both contribute to the global safety/security mission trusted to the Customs authorities, as well as to the various international initiatives aimed at improving the safety of ships and port facilities.
Besides, thanks to its specific design, the expert-system easily lends itself to the continuous improvement of the quality of its risk management process, including through such external data sources as the blacklist of companies, the list of risky countries, or also the list of goods ID codes.
Finally, as they are likely to be provided in real-time via appropriate traceability tools, information on the containers' risk level (probability of risk occurrence, probability of risk detection and harm severity of risk consequences) contribute to improve the responsiveness of the risk avoidance / mitigation decision-makers.Incidentally, these decision-makers may also call for help upon the experts anytime they are facing a new situation, or when a level of risk seems to them to be over-or under-estimated by the decision-support system.

Conclusion
In a highly competitive environment, securing container transportation networks stands out as a necessity for performance-aware global supply chains: considering the ever-increasing volume of sea-borne freight throughout the world, whatever disturbance is brought to global transportation networks is likely to impact, and possibly disrupt, the goods supply and distribution processes, leading to (extremely) serious consequences for the industrial and commercial world trade.
Consequently, the emerging field of research on supply chain security risk management is drawing growing interest from both academics and practitioners.In such a context, this paper contributes to the promotion of non-quantitative, expertise modeling-based, academic approach of risk management; from a managerial standpoint, the proposed tool may hopefully act as a helpful decision-support system for transportation risk management practitioners.
Figure 1.Model of the container transportation process, with risky areas

Table 1 .
Adapting HACCP to container transportation risk management

Table 3 .
Samples of results from the qualitative evaluation of the scenarios

Table 4 .
Samples of scenario handling procedures

Table 5 .
Samples of expert-system validation test cases