Impacts of digitalisation on supply chain risks: empirical evidence from the humanitarian context Open Access

This research addresses the effects of digitalisation on Supply Chain Risk Management (SCRM) within a French humanitarian organisation. The study is grounded in the context of Industry 4.0 and focuses on understanding how the integration of advanced technologies, such as Artificial Intelligence (AI), Internet of Things (IoT), Big Data Analytics (BDA) and blockchain, modifies both traditional and technology-induced risk categories in supply chains. While literature largely examined the performance benefits of such technologies, their influence on risk dynamics remains underexplored. The main objective of this work is to investigate the correlations between traditional supply chain risks and new risks introduced by digital systems to support the development of an integrated risk management framework.

The methodological approach is based on an in-depth case study conducted within Banque Alimentaire Le Havre (BALH), a member of the Banque Alimentaire Network, a humanitarian association in France (BA-NET) humanitarian network in France. The research is structured around a four-step process. First, a literature review allowed for the classification of risks into five categories: supply, demand, process and environmental risks, along with a newly introduced digital risk category subdivided into misfit, social/human and usage-related risks. Second, an expert evaluation was conducted using the Failure Mode and Effect Analysis (FMEA) method, enabling the prioritisation of risks through the calculation of Risk Priority Number (RPN). Third, the research applied a combination of univariate and bivariate analyses, followed by Partial Least Squares (PLS) regression to assess the net impacts of digital risks. Fourth, the significance of observed differences before and after digitalisation was evaluated using an analysis of variance (ANOVA). Finally, a sensitivity analysis with regard to the weights of RPN components was performed to assess the robustness of findings.

Several findings emerge from this analysis. First, environmental risks and IS-related social/human issues appear to hold the highest RPN averages, highlighting the critical relevance of external uncertainties and workforce-related challenges in the current digital environment. Conversely, demand risk registers the lowest RPN average, suggesting that digital tools may enhance forecasting capabilities and mitigate variability in customer needs. Second, the correlation analysis reveals strong positive associations between supply risk and IS misfit on the one hand, and between process/environmental risks and IS usage on the another hand. Demand risk shows moderate correlation with IS-related social/human issues, confirming the influence of human factors on technology adoption processes.

The PLS regression models validate these trends by identifying IS misfit as the most influential factor for both supply and process risks, whereas demand risk is more sensitive to social/human issues. IS usage has been shown to have the greatest effect on environmental risks, reflecting increased exposure to cyber threats and regulatory complexities. These results confirm the dual nature of digitalisation: while certain risks are mitigated, new vulnerabilities are introduced through technological integration.

The comparative analysis, based on pre- and post-digitalisation data, reveals significant differences across all four traditional risk categories. Notably, demand risk demonstrates the most substantial change over time, with a marked decrease in RPNs. This result confirms that real-time data and improved forecasting tools reduce demand-related uncertainties. In addition, supply, process and environmental risks show notable variations, suggesting that digitalisation leads to a general transformation of the risk landscape.

The implications of these findings are twofold. On the social level, the integration of digital technologies into humanitarian supply chains (HSCs) strengthens the capacity for real-time coordination, transparency and responsiveness. At the same time, ethical and operational concerns emerge, particularly regarding data protection, system dependency and beneficiaries’ inclusion in the digital chain. From a managerial perspective, these results highlight the necessity of developing risk management strategies for digital-specific vulnerabilities such as system misfit, employee resistance and technology misuse. More specifically, the study shows that organisations must ensure the alignment between information systems and operational needs to avoid escalating supply and process risks. The human and social dimensions also require attention, particularly through capacity-building programs aimed at reducing resistance and skill mismatches. Furthermore, given the growing dependency on IS, organisations must reinforce cybersecurity measures and establish business continuity planning. Finally, the integration of digital and traditional risk categories into a single analytical framework represents a critical step towards comprehensive risk governance.

Consequently, this study contributes to the literature by providing empirical evidence on the interactions between traditional and technology-induced risks in a HSC. It also offers practical insights for organisations seeking to manage risks in an increasingly digitalised operational environment. Although the results are based on a single case, the framework developed may be adapted and tested in broader contexts, paving the way for future research on digital risk integration in SCRM.

The contribution of technology to supply chain management is well-established (Fabbe-Costes, 2000). This is particularly relevant in ensuring the continuity of global supply chain operations in today’s business environment marked by volatility, uncertainty, complexity and ambiguity. The advent of the Fourth Industrial Revolution, characterised by the integration of advanced technologies such as AI, BDA and IoT, has significantly transformed operations management. On one hand, Industry 4.0 is recognised as a source of value creation in supply chains. Managers and researchers acknowledge that the extensive integration facilitated by these technologies enhances collaboration among supply chain members, promotes better information sharing and increases both transparency and agility (Fatorachian and Kazemi, 2018). In addition, the real-time data enabled by these technologies improves supply chain resilience though accurate forecasting, proactive risk management and effective responses to unforeseen disruptions (Shah et al., 2023; Olutimehin et al., 2024). Furthermore, these technologies introduce new vulnerabilities affecting various aspects of organisational operations. Risks associated with data manipulation, disruptive technologies and the coexistence of new systems with legacy, coupled with human and social concerns, have garnered increasing attention in the literature (Zinn and Goldsby, 2017). These emerging risks compound the list of traditional supply chain risks.

Despite the necessity for effective SCRM, studies on this topic reveal a significant lack of established frameworks for proactive risk management (Cunha et al., 2019). Although efforts have been made to highlight the contributions of new technologies to supply chain performance, their specific impacts on SCRM remain insufficiently explored. While treating risks as isolated aspects can lead to sub-optimal decision-making, SCRM frameworks must now integrate both traditional risks and new technology-induced risks. This integration raises an important and underexplored question regarding the interplay between technology-induced risks and traditional supply chain risks (Schroeder and Lodemann, 2021). Understanding the correlations between these risk categories is crucial for guiding decision-makers in implementing effective risk management strategies. In this context, our research aims to address this critical gap by investigating the following question: How do new technologies impact traditional supply chain risks in the context of Industry 4.0?

This research gap is not only important, but also urgent. As digital technologies become embedded in all levels of supply chain operations, including humanitarian ones, organisations face growing exposure to systemic vulnerabilities that traditional risk models do not sufficiently address (Sandvik et al., 2017; Dubey et al., 2024). The urgency is especially pronounced in HSCs, where digital misalignment, system failure or cyber threats can delay or disrupt the delivery of essential goods or services. Moreover, resource-constrained environments often accelerate digitalisation under pressure without the necessary organisational readiness, leading to poorly anticipated misfits and amplified human and social risks. Hence, failing to bridge traditional and digital risk categories does not only hinder performance but may also directly affect human lives and the ethical quality of interventions. Our study contributes to filling this gap by providing an integrated risk analysis framework tailored to the real-world constraints of humanitarian digital transformation.

To address our research question, we organised our work as follows. We first review the literature on SCRM to analyse its evolution with the advent of new technologies, as presented in Section 2. From this literature, we identified, aggregated and categorised the main risks faced by modern supply chains. These aggregated risk categories were subsequently assessed by experts using the FMEA technique. The RPN approach within the FMEA approach allowed us to prioritise the identified risk categories and compare their significance in a humanitarian organisation before and after the adoption of new technologies. While we detail the humanitarian case study and methodology in Section 3, we provide the statistical risk analysis in Section 4, where we analyse the distributions of risk categories, assess correlations between traditional and technology-induced risks, evaluate the net impact of information systems (IS) risks on traditional supply chain risks, validate differences of RPNs before and after IS integration and provide a sensitivity analysis to assess the findings’ robustness. Based on the comprehensive risk mapping of supply chains risk in the context of Industry 4.0 and the empirical investigation of the impacts of new technologies on supply chain vulnerabilities, we provide a discussion of results in Section 5 as well as managerial recommendations in Section 6. Finally, we conclude our paper with a summary and future research directions.

Risks are intrinsically linked to supply chains. As supply chains include a large number of stakeholders involved in many processes, disruptions can arise from many sources. The geographic dispersion of such networks has increased their vulnerability. The current business environment marked by volatility, uncertainties, complexity and ambiguity stresses the importance of developing an appropriate framework to assist managers in handling risks in global supply chains. This is the main objective of SCRM.

The literature has considered multiple causes of risks in supply chains. Several authors have investigated the types of risks and their sources. One of the earliest classifications proposed by Davis (1993), identified three main categories of uncertainties: supply risks, customer demand risks – specifically related to forecasts – and process risks, specifically related to production activities. Considering the inter-organisational characteristics of supply chains, Mason-Jones and Towill (1998) proposed five categories of risks: environmental risks (external to the supply chain), demand risks (internal to the supply chain and associated with outgoing flows), supply risks (internal to the supply chain and associated with incoming flows) and process and control risks. Similarly, Jüttner et al. (2003) identified three categories based on risk sources: environmental risks, organisational risks (arising within the boundaries of the supply chain) and network risks (stemming from interactions among supply chain organisations).

These classifications were later expanded by Mentzer (2004) who introduced a category of operational risk sources, encompassing risks originating either inside or outside the firm. Kleindorfer and Saad (2005) developed a comparable framework, grouping risks into two categories: those arising from supply and demand coordination and those associated with normal operations. In addition, Manuj and Mentzer (2008a, 2008b) supplemented Mentzer’s (2004) framework by incorporating security-related risks.

The cross-checking of the various risk categorisations shows four common categories: supply risks, demand risks, process risks and environmental risks. The environmental category commonly includes natural, political and transportation risks. The supply category clusters dependency as well as uncertain supply and cost risks. The demand category contains payment, forecast and uncertain customer demand risks. The process category regroups operational, social, capacity and intellectual property risks. Table 1 summarises these traditional supply chain risk categories.

As IS played a central role in supply chain management (Wang et al., 2004), researchers have deeply investigated their impacts on supply chain performance. IS allows to automate and improve individual processes such as Material Requirement Planning (MRP) and Warehouse Management System (WMS). They also accelerate the information flow across processes at the interfaces between the supply chain members, as well as at the interface with the supply chain environment (Narasimhan and Kim, 2001).

However, IS increase the vulnerability of supply chains as they cause heavy dependence on organisations. The information infrastructure and the technical integration may also present a risk for stakeholders (Surana et al., 2005). Moreover, data accuracy and human errors represent substantial risks in supply chain process management (Tang and Musa, 2011). Another significant IS risk called misfit is associated with the gap between the software solution and the user needs. The misfit risk concerns the operational flexibility of the IS and its ability to adapt to changes in the supply chain processes. Strong and Volkoff (2010) specified that IS misfit risk could induce functionality, data, usability, role definition, control and organisational culture risks.

An analysis of studies on the different IS risks reveals two main categories, as summarised in Figure 1. The first category of IS usage risks encompasses human-related risks such as data accuracy and user skills, and technical risks such as network infrastructure, interface functionality, maintenance and security issues. The second category of IS misfit risks includes risks related to functionality, data integrity, usability, role definition, control mechanisms and organisational culture.

Froufe and Gningue (2018) analysed the relative importance of IS risks in comparison with the four traditional supply chain risk categories: supply, process, demand and environment. The authors demonstrated the relevance of IS misfit and suggested an integrated framework considering IS risks as a full category in SCRM, as shown in Figure 2. As this previous framework encompassed the four traditional supply chain risk categories and the IS risk category, we opted to adopt it to analyse the evolution of SCRM in the current context of Industry 4.0. In our study, we deepened the IS risk category by broadening its scope to consider the main risks related to the new technologies presented in the following section.

The concept of Industry 4.0 refers to the integration of advanced technologies such as IoT, blockchain, AI, BDA and Machine Learning (ML), to automate the process management in real-time, with minimal human intervention (Ghobakhloo, 2020). These technologies offer numerous benefits such as reduced costs, improved productivity, greater reliability, product customisation, flexibility, agility and reduced waste. In addition, they promote greater transparency, better integration and efficient information sharing between supply chain players (Fatorachian and Kazemi, 2018; Tliche et al., 2020, 2023).

Specific technologies such as blockchain, improve the transparency of supply chain transactions (Lu et al., 2023; Olutimehin et al., 2024). Global Positioning System (GPS) and Radio-Frequency Identification (RFID) optimise the tracking of logistics flows. Reliable information sharing considerably reduces risks (Wong et al., 2023). Moreover, the integration of IoT sensors facilitates the identification of disruptions and take corrective action (Olutimehin et al., 2024). AI, BDA and ML also enable accurate forecasts by combining historical data, external variables and mass data processing (Kara et al., 2020). These tools help to profile risks, anticipate disruptions and guide decisions (Modgil et al., 2022), design resilient supply chains (Chen et al., 2019), select appropriate mitigation measures (Ivanov et al., 2019) and increase the responsiveness and accuracy of risk management systems (Aljohani, 2023). However, their adoption generates new risks. Ivanov et al. (2019) mentioned the dangers associated with data security, increased complexity, IT incompatibilities, lack of skills and high costs. Particularly, the risk of cyber-attacks requires increased vigilance. Rapid development cycles also generate technological risks (Jimeno-Morenilla et al., 2021). From the human viewpoint, operational errors are amplified by increasing complexity (Tiwari, 2021). In addition, the integration of intelligent robots and autonomous vehicles, while effective for tasks where humans are limited, raises social issues such as job losses, specific skills requirements and resistance to change (Brougham and Haar, 2018).

Another critical factor is the interoperability of technologies. This refers to the ability of systems to interact with other tools, human resources and intelligent entities (Ghobakhloo, 2020). This risk is crucial in an environment where numerous digital devices coexist (Goodarzian et al., 2021). Despite a lack of studies on its link with supply chain performance, interoperability remains an obvious risk, directly linked to the lack of collaboration between players (Yildiz Ozenc et al., 2023; Singh, 2025).

Finally, the identified risk induced by the adoption of new technologies in Industry 4.0 can be split into three sub-categories: new technology misfit, social/human issues and new technology usage. The misfit category includes risks related to the technology itself in terms of inflexibility, increasing complexity and development (Jimeno-Morenilla et al., 2021), technological maturity of the supply chain involved, high costs, investment risks and technical skills availability (Al-Banna et al., 2024). The social/human issues category concerns the lack of adequate knowledge and skills that can discourage users and the job loss risk that may result, in addition to different behavioural risks (Yildiz Ozenc et al., 2023). The new technology usage category regroups risks arising from the use of the adopted technology, such as data manipulation, information disruption, safety and security, cyberattacks, non-availability of the IT systems and operational and human errors (Yildiz Ozenc et al., 2023). Table 2 presents this classification.

Our categorisation of digital supply chain risks into misfit, social/human and usage-related categories is consistent with several recent contributions in the literature. Indeed, Modgil et al. (2022) proposed a classification of AI-induced risks including technological immaturity, data misalignment and implementation misfit. For example, Queiroz et al. (2021) showed that interoperability challenges and organisational resistance play a critical role in digital risk emergence. In addition, Aljohani (2023) highlighted operational and predictive risks stemming from real-time systems in volatile environments. In a sustainable context, Sarkis et al. (2021) underlined the importance of human–technology alignment and digital readiness in green supply chains, while Jayadi (2024) explored digital system misfits and exclusion risks specific to HSCs. These works converge in recognising misfit risks (inflexibility, poor integration with IT systems), social/human risks (skill gaps, behavioural risks such as resistance) and new technology usage risks (cyber-attacks, data manipulation and information disruption) as key digital vulnerabilities. By integrating these insights, our framework offers a contemporary and operationally relevant classification that bridges traditional risk taxonomies with Industry 4.0 realities.

Given that the portfolio of supply chain risks is expanded to include risks related to the adoption of new technologies in Industry 4.0, understanding the interrelations between traditional and new risks becomes essential to develop and implement effective risk management frameworks. To meet this need, we adopted the suggested classification to analyse the evolution of traditional risk categories within a HSC, as well as their correlation with new technology-induced risk categories.

HSCs fall within the framework of Contingency Theory, where their risk profile is determined by unique contextual factors. Recent findings demonstrate the relevance of Contingency theory to analyse risk management systems (Parast, 2022; Yildiz Çankaya et al., 2023). It allows repositioning risks in a specific context and analysing the impact of contingent variables upon the risk management system. Given that HSC management and commercial supply chain management differ in their motivations and operating conditions, risks should be examined through the lens of Contingency theory, taking contextual factors into account.

Unlike commercial supply chains, HSCs operate in environments characterised by unpredictable demand, limited resources, large information to be processed in a short time and heavy dependence on donors (Day et al., 2009; Gralla et al., 2016; Kembro et al., 2024). To face these challenges, humanitarian organisations increasingly deploy innovative technologies in their processes (Charles et al., 2023). Thanks to digital technologies, humanitarian organisations now have access to new tools that enable them to better coordinate and optimise their crisis response efforts, while improving the efficiency, flexibility and accuracy of their supply chains (Khan et al., 2022). Humanitarian IS have long been essential to coordinating relief efforts, particularly in response to natural disasters (Falagara Sigala et al., 2020; Jayadi, 2024; Kembro et al., 2024). One of the main benefits of digital technologies in emergency management is the ability to collect and analyse data to ensure real-time decision making. Smartphones, drones and geographic IS enable accurate data collection, which is essential for assessing needs on the ground.

Digital technologies also support coordination through digital platforms that facilitate information sharing and decision-making across HSC actors, including non-governmental organisations, United-Nations agencies and governments. Furthermore, mobile applications and online platforms allow beneficiaries to participate in decision-making and provide real-time feedback, which is crucial for tailoring interventions to their specific needs. Digital money transfer systems, among many others, help to provide direct financial aid to beneficiaries, reducing costs and misappropriation risk. Mobile financial technologies are also relevant examples that offer innovative ways to distribute aid, particularly in areas where access to traditional banking services is limited (Duncombe, 2016).

However, HSCs face the same digital risks as commercial banks, including cyberattacks, the confidentiality of transaction data and the dignity of beneficiaries (Sandvik et al., 2017), in addition to the technical failures of IS and excessive reliance on digital infrastructures that may be unstable in crisis-affected areas and lead to operational disruptions hindering the continuity of humanitarian missions.

This trend requires theoretical approaches capable of integrating both traditional risks and new digital vulnerabilities. Socio-Technical Systems Theory offers precisely this framework as it considers both the social (behavioural) and technical factors while implementing new technology or business change within organisations. It allows for analysing the interactions between technological imperatives and operational realities on the ground (Falagara Sigala et al., 2020). IS Alignment Theory complements this perspective by explaining how mismatches between digital systems and humanitarian processes generate specific risks. Recent studies show that centralised Enterprise Resource Planning (ERP) systems often create tensions with the flexibility needs of local actors (Saïah et al., 2023). These technological misfits exacerbate supply and process risks. In the humanitarian context, these alignment challenges are amplified by the diversity of stakeholders and the urgency of interventions, requiring adapted theoretical frameworks (Jayadi, 2024).

The adoption of Industry 4.0 technologies in HSCs presents a major theoretical paradox. On one hand, tools such as blockchain improve the traceability of donations (Khan et al., 2022), while the IoT optimises real-time inventory management (Falagara Sigala et al., 2020). On another hand, they introduce new vulnerabilities (cyberattacks, digital exclusion of beneficiaries) that challenge traditional risk management models (Sandvik et al., 2017). This dual impact can be explained by the Socio-Technical Systems Theory: digital efficiency is contingent on the alignment between technological capabilities, human competencies and humanitarian values (Strong and Volkoff, 2010; Falagara Sigala et al., 2020). For instance, AI-driven demand forecasting in HSCs reduces waste but requires skills scarce in non-profit settings, amplifying social/human risks (Belhadi et al., 2022). This duality necessitates an integrated risk lens to capture interactions between digital and humanitarian-specific vulnerabilities.

Our study operationalises these theoretical foundations through complementary approaches. Bringing together social and technical risks into an integrated framework is consistent with the socio-technical approach to effectively analyse new technologies’ adoption within HSCs. The misfits between digital systems and operational needs are emphasised in this first identification step as specified by the IS alignment approach. The FMEA method is applied subsequently to quantitatively assess the misfits between digital systems and operational needs, while PLS regressions measure their differential impacts on traditional risk categories. This hybrid framework thus allows us to empirically test the assumptions of IS Alignment Theory in a humanitarian context, while integrating the contributions of Contingency Theory regarding the influence of contextual factors.

This study adopts a single-case design, which can be justified by Yin’s (2014) criteria for case study research. According to Yin (2014), a single case is appropriate when it is a revealing case, i.e. a case that provides access to a phenomenon that was previously neither observable nor studied in depth. In our case, the selected HSC offers a unique opportunity to investigate how traditional risk categories evolve and interact with new technological risks in the Industry 4.0 context. This is particularly relevant as empirical research combining humanitarian logistics and digital transformation remains scarce.

Moreover, the depth and richness of the data collected allow for analytical generalisation, with the aim of generalising the results to theoretical propositions rather than populations. Our findings are therefore not intended to be statistically generalisable, but they contribute to theory-building in SCRM under digital transformation. The case serves as an informative prototype for other humanitarian or resource-constrained environments facing similar transitions.

BALH is one of the local members of the BA-NET network, a French federation of non-profit organisations dedicated to collecting and redistributing food and financial donations to regional associations, which support thousands of beneficiaries across the territory. In 2023, BA-NET collected 20,644 tonnes of food, of which 1,020 tonnes were processed by BALH. In 2024, BALH collaborated with 37 local associations serving more than 12,000 individuals.

All BA-NET members rely on a centralised, tailor-made ERP system developed in 2011 for the agri-food sector. This system operates primarily as a WMS, helping to manage stocks with short expiry dates and ensuring traceability throughout the supply chain. It integrates various logistics functions such as reception, order preparation, operations planning and warehouse management across the entire network. Managed centrally by BA-NET, the system enforces standardised product information and configurations. Local sites such as BALH cannot modify system settings or add product references independently. Indeed, local IS technicians are limited to hardware maintenance and escalating functional requirements.

BALH ensures supply continuity for its partner associations through several mechanisms. Historically, it relied on its own stock and inter-site exchanges within BA-NET. If necessary, missing products were procured externally. However, since 2020, BA-NET has implemented DigPlat, a digital platform that centralises donor inputs (product type, quantity, expiry dates and transport details) and proposes allocation options that members may accept or decline in real time.

As logistics operations present a core component of BALH’s mission, the organisation owns a fleet of trucks and operates a 2,500 m² warehouse, including 230 m³ of cold storage. Its activities are supported by a small team of 9 full-time employees and around 70 part-time volunteers. Specifically, BALH’s internal processes are structured around reception, sorting, storage, preparation and delivery of goods. Upon arrival, the goods are unloaded and the expiry dates are checked. Items expiring within three days are discarded, while the remaining goods are weighed and labelled, with relevant information (product details, supplier and reception date) recorded in the ERP system. A barcode label is then printed and applied to each box or pallet.

The goods are then categorised into fresh and dry products. While items expiring within one week are earmarked for fast-track delivery, fresh items are stored in a temperature-controlled area and dry goods await further handling in the sorting zone before being transferred to storage. In addition, storage assignments follow an opportunistic approach where products are stored in any available space, and their locations are recorded in the ERP system.

Deliveries are organised within three days. Each box, weighing 15–17 Kg, is prepared based on available stock and serves one to two beneficiaries. Once the order is confirmed, staff members prepare the boxes, transfer them to the expedition area and print a delivery form via the ERP system. This includes all shipment details, and the stock database is updated accordingly.

BALH was selected for this study due to its small operational scale and relatively simple IS architecture. These conditions facilitate complete process traceability and employee accessibility during the risk analysis phase.

The application of digital technologies in humanitarian organisations differs fundamentally from commercial contexts, requiring specific methodological adaptations. While traditional supply chains prioritise profit maximisation measured by Return-On-Investment (ROI) or productivity, HSCs focus on response time, coverage and social impact (Kembro et al., 2024). These divergent objectives significantly influence the perception of risks: the scarcity of resources with limited IS budgets in HSCs accentuating the risks of inadequacy, as shown by the conflict between BA-NET’s centralised ERP and distributed needs (Falagara Sigala et al., 2020), stakeholder dynamics where volunteer turnover exacerbates social/human risks (Jayadi, 2024), unlike the stable workforce of companies and data ethics considerations, such as cybersecurity risks being critical in HSCs due to the sensitivity of beneficiary data (Sandvik et al., 2017). These divergent objectives affect implications for digital risks as shown in Table 3.

A SCRM approach involves four basic steps (Raj Sinha et al., 2004; Manuj and Mentzer, 2008a, 2008b): identification, evaluation, prioritisation and mitigation of risk. Identification is a core step in the process, which proves complex in the context of supply chains. Assessing the probability of these risks and the magnitude of their impacts requires appropriate tools that may have a probabilistic orientation (focused on extreme solutions) or a qualitative risk analysis orientation (focused on risk aversion and acceptability).

Risk reduction strategies may significantly contribute to performance gains (Ritchie and Brindley, 2004). Common mitigation strategies in supply chain contexts include risk aversion, control of risk sources, cooperation through agreements and flexibility, transfer of risk to other parties, risk sharing and development of contingency plans (Jüttner et al., 2003). Other SCRM strategies have also been mentioned in the literature, such as delaying, speculation, hedging and control (Manuj and Mentzer, 2008a, 2008b).

While risk analysis should be a collective exercise in supply chain contexts, we apply in this research the FMEA approach to assess and prioritise the identified risk categories. FMEA is a simple and relevant technique that allows process mapping, teamwork and deep analysis of the risks. Besides, FMEA allows the prioritisation of risks according to their probability of occurrence, probability of detection and severity of consequences. The performance attained by this tool has been proven in many areas, such as the maritime industry and international transport.

The preliminary step of FMEA recommends the consistent representation of the studied organisation and the creation of a team of experts. As this research focuses on a single organisation, we involve members of its supply chain department and IT manager. To facilitate the targeting of employees who had experienced the BALH’s digital transformation and to be able to assess the risks before and after the adoption of new technologies, the selection of experts within the supply chain department (operations manager, warehouse manager, donation coordinator and demand planner) and IT department (three BA-NET engineers) was organised by the top management. To promote a climate of trust, a questionnaire addressed to the top management was initially distributed to seven selected experts. In a second stage, an internal discussion within the think tank enables the experts to reach a consensus on the potential risks and their assessment. The next three main steps recall the main steps of a SCRM process: the identification of potential risks and their causes, the evaluation of the effects of each risk and the identification of detection mode and corrective actions.

We have deliberately chosen to assess our risks and categories using the FMEA method. While risks related to Industry 4.0 are still little known in companies, collecting and analysing large-scale data for assessment is not possible. Collecting human expertise is much more appropriate in our study. Our team of experts assessed the identified supply chain risks in two steps: before and after the adoption of new technologies. Then, they assessed the risks previously identified according to their occurrence probability, detection probability and the severity of their consequences. The severity of impacts were evaluated based on the costs incurred from disruptions in flows or loss of opportunities. To do so, these experts were asked to use a five-point Likert scale (1: very low; 2: low; 3: medium; 4: high; 5: very high). A very high score (5) indicated a very high level of the risk factor being assessed.

In the FMEA approach, the RPN model is used to prioritise risks. The RPN is the product of the probability of occurrence, probability of detection and severity of consequences, as presented in equation (1):

The index i represents demand risks, supply risks, operations risks, environment risks or new technology-related risks. Table 4 shows the operationalisation of this framework on a subset of the collected data.

To answer our research question, we applied different statistical methods to draw the whole image. First, a univariate study was performed to describe the central pattern and distribution of risk variables. Second, a bivariate study using Spearman correlation tests was performed to highlight the significant correlations that may exist. Third, the PLS method was used to analyse and assess the net impact of IS risks on traditional supply chain risks. Fourth, a comparative study using the ANOVA to evaluate the significance of differences separating the traditional supply chain risks before and after digitalisation was performed. The choice of standardised RPNs to classify risks is a debated drawback of the FMEA method (Pillay and Wang, 2002). The RPN-based method can produce identical priority numbers for risks that have different characteristics and entirely different impacts. The relative importance of the probability of occurrence, the probability of detection and the severity of the consequences was not considered in our basic collected data. To overcome these limitations, we performed a sensitivity analysis with varied weighting of RPN components to assess the robustness of our findings. Figure 3 summarises this methodology, while the fourth step of FMEA regarding the identification of managerial recommendations is presented in Section 6.

This section is designed for the statistical analysis developed under SPSS and Sphinx iQ2 software, and subdivided into four subsections: univariate, bivariate, PLS regression, comparative and robustness analysis.

We start our empirical study with a univariate analysis of the data set. Table 5 presents the descriptive statistics for seven variables: supply, demand, environment, process, IS misfit, IS social/human issues and IS usage, with 33 valid observations.

The environment variable shows the highest mean (20.82) and a relatively high standard deviation (13.06), indicating a high degree of variability in responses. The median is also high (20.00), suggesting that the distribution is centred around this value. The maximum value observed is 50, which is significantly higher than the other variables. The IS social/human variable also shows a high mean (20.00) but demonstrates less dispersion (standard deviation of 6.595), showing a greater concentration of values around the mean. The percentiles indicate that half of the observations are between 16.00 and 24.00. In contrast, demand has the lowest mean (5.09) with a median of 4.00 and a standard deviation of 3.282, showing that values are relatively concentrated around these central indicators, with moderate dispersion.

The process and supply variables exhibit relatively similar means (11.36 and 12.09, respectively) and standard deviations (6.035 for process and 9.442 for supply). Notably, the low mean of demand risk (5.09) reflects the efficiency of frugal digital tools like DigPlat in forecasting needs within resource-constrained environments (Jayadi, 2024). However, supply variable demonstrates greater variability, with a maximum value of 36 compared to 24 for process variable. The IS misfit variable has a mean of 11.55 and shows notable dispersion (standard deviation of 9.84), with a maximum observation of 40, reflecting significant variability in responses. Conversely, IS usage has a mean of 9.64 and a moderate dispersion (standard deviation of 5.147). This suggests that responses are relatively concentrated, with a maximum value of 18. In summary, the environment and IS social/human variables stand out due to their high means and wide distributions. In contrast, the demand and IS usage variables are more concentrated around their central tendency, with lower values overall.

Moreover, Figure 4 shows the boxplots of the different variables on the same scale. We note that most of variables are not symmetrically distributed, except social/human issues and some of these variables present certain outliers. Medians on the boxplots show that environmental risks and IS social/human issues present, in general, the highest RPNs. Once again, we find that certain variables, such as supply and demand risks, are characterised by relatively higher homogeneity than environmental or process risks. This difference means that some respondents have a more heterogeneous perception of the risks associated with certain categories than others.

As the variables seem to be asymmetric and not normally distributed, we use the Spearman correlation coefficient instead of Pearson coefficient to evaluate the significance and power of relationships.

An initial assessment of the correlations that may exist between IS risks and traditional supply chain risks is highlighted in Table 6, where traditional risk categories are presented in lines and IS risk categories in columns.

Spearman correlations show that four relationships seem to be highly significant. Supply risk is highly and positively correlated with IS misfit risk (ρ = 0.778, p-value < 1%), while environment risk seems to be negatively and moderately correlated with IS misfit risk (ρ = −0.469, p-value < 1%). In addition, IS usage risk appears to be highly correlated with environment (ρ = 0.619, p-value < 1%) and process risks (ρ = 0.607, p-value < 1%). Second, IS social/human issues seem to be moderately correlated with supply (ρ = 0.390, p-value < 5%) and demand (ρ = 0.369, p-value < 5%) risks. It then appears that relationships between IS risks and traditional supply chain risks exist, which lead us to perform a PLS regression analysis to model these relationships.

In this subsection, we develop PLS regression analyses to evaluate the net impacts of IS risks on traditional supply chain risks. Unlike traditional linear regression which assumes the normality of residuals, PLS regression does not rely on the assumption of the normality of either the explanatory variables or the dependent variable (Helland, 1990). It is then more flexible when working with non-normal or asymmetric data, or even with distributions containing outliers.

Figure 5 shows the relationships linking supply risk to IS risks through latent variables. Supply risk is positively explained by two PLS components t1 and t2 (β1 = 0.71 and β2 = 0.567). We note that IS misfit explains 0.8892 = 79% and IS social/human issues explain 0.3852 = 15% of t1 variability, where IS usage explains (−0.688)2 = 47%, IS social/human issues explain (−0.577)2 = 33% and IS misfit explains (0.440)2 = 19% of t2 variability.

Figure 6 shows the Variable Importance in the Projection (VIP), which classifies the factors according to their explanatory power (Greenwell et al., 2020) regarding supply risk. It seems clear that IS misfit (VIP > 1) corresponds to the most influential factor affecting supply risk, followed by IS social/human issues and IS usage risks.

In addition, the model explains 88.34% of the variance in supply risk, showing that the data are well adjusted to the model. Equation (2) presents the model in terms of explanatory variables, which allows a straightforward interpretation of the impacts of IS risks on supply risk. The results indicate that an increase of one unit in the RPN of IS misfit leads to an average increase of one unit in the RPN of supply risk, holding all other factors constant. Conversely, an additional unit in the RPN of IS usage results in a decrease of 0.18 units in the average RPN of supply risk, all else being equal. In the same way, the impact of a one-unit increase in the RPN of social/human issues on supply risk is negligible (<0.01):

Figure 7 shows the relationships linking demand risk to IS risks through latent variables. Demand risk is positively explained by two PLS components t1 and t2 (β1 = 0.580 and β2 = 0.393). We note that IS social/human issues explain 0.8792 = 77% and IS usage explains 0.4482 = 20% of t1 variability, where IS misfit explains (−0.984)2 = 97% of t2 variability.

Figure 8 shows that IS social/human issues (VIP > 1) correspond to the most influential factor affecting demand risk, followed respectively by IS misfit and IS usage risks.

However, the model explains 39.21% of the variance in demand risk, indicating a moderate fit, with 60.79% of the variance remaining unexplained. Nevertheless, equation (3) provides the model’s formulation in terms of explanatory variables, enabling the interpretation of IS risks’ impacts on demand risk. For example, an increase of one unit in the RPN of IS misfit corresponds to a decrease of 0.53 units in the average RPN of demand risk, all else being equal. Similarly, an additional unit in the RPN of IS social/human issues leads to an increase of 0.67 units in the average RPN of demand risk. Finally, a one-unit increase in the RPN of IS usage results in an increase of 0.37 units in the average RPN of demand risk, holding all other factors constant:

Figure 9 shows the relationships linking environmental risk to IS risks through latent variables. Environment risk is positively explained by two PLS components t1 and t2 (β1 = 0.799 and β2 = 0.351). We note that IS usage explains 0.9062 = 82% and IS social/human issues explain (−0.379)2 = 14% of t1 variability, where IS misfit explains (−0.844)2 = 71% and IS social/human issues explain 0.5342 = 29% of t2 variability.

Figure 10 shows that IS usage risk (VIP > 1) corresponds to the most influential factor affecting environment risk, followed, respectively, by IS social/human issues and IS misfit risks.

The model explains 66.04% of the variance in environmental risk, indicating a good fit between the data and the model. In addition, equation (4) provides the model’s formulation in terms of explanatory variables, facilitating the interpretation of IS risks’ impacts on environmental risk. For example, an increase of one unit in the RPN of IS misfit corresponds to a decrease of 0.46 units in the average RPN of environmental risk, holding all else constant. Similarly, an additional unit in the RPN of IS social/human issues leads to a decrease of 0.15 units in the average RPN of environmental risk. Conversely, a one-unit increase in the RPN of IS usage results in an increase of 0.82 units in the average RPN of environmental risk, all other factors remaining constant:

Figure 11 shows the relationships linking process risk to IS risks through latent variables. Process risk is positively explained by two PLS components t1 and t2 (β1 = 0.646 and β2 = 0.148). We note that IS usage explains 0.8012 = 64% and IS misfit explain 0.5922 = 35% of t1 variability, where IS social/human issues explain (−0.801)2 = 64%, IS misfit explains (−0.434)2 = 19% and IS usage explains (0.412)2 = 17% of t2 variability.

Figure 12 shows that IS usage risk and IS misfit risk (VIP > 1) correspond to the most influential factors affecting process risk, followed by IS social/human issues risk.

The model explains 62.23% of the variance in process risk, indicating a good fit between the data and the model. In addition, equation (5) presents the model in terms of explanatory variables, enabling the interpretation of the impacts of IS risks on process risk. For instance, an increase of one unit in the RPN of IS misfit leads to an increase of 0.33 units in the average RPN of process risk, holding all other factors constant. Similarly, a one-unit increase in the RPN of IS usage results in an increase of 0.60 units in the average RPN of process risk. In contrast, an additional unit in the RPN of IS social/human issues corresponds to a decrease of 0.06 units in the average RPN of process risk, all else being equal:

The initial coefficients in Eq.1–5, although directionally valid, may overestimate the effects of our small sample. The final coefficients reported are derived from bootstrapping (5,000 samples), adjusted for statistical robustness to provide more conservative estimates. The variations from the initial PLS estimates reflect this correction, in accordance with best practices (Hair et al., 2019). All significant paths (p < 0.05) demonstrated t-values exceeding 1.96, supporting the hypothesised relationships. The complete results of the measurement and structural model evaluations are presented in Tables 7 and 8.

All constructs were modelled reflectively, with indicator loadings exceeding the recommended 0.7 threshold (Hair et al., 2019). The measurement model demonstrated adequate reliability and validity, with Composite Reliability (CR) scores ranging from 0.85 to 0.89 (exceeding the 0.7 benchmark) and Average Variance Extracted (AVE) values between 0.65 and 0.72 (above the 0.5 threshold), establishing convergent validity. The standardised Root Mean Square Residual (SRMR) values ranged from 0.062 to 0.071, indicating good model fit (SRMR < 0.08). Variance inflation factors (VIF) for all predictor constructs remained below 2.0, well under the conservative threshold of 5, suggesting no multicollinearity concerns.

To deepen the analysis, we compared the RPNs of the four traditional supply chain risk categories – supply, demand, environment and process – in 2019 (before digitalisation) and 2023 (after digitalisation). An ANOVA was conducted using the Fischer test to determine whether significant differences exist between the two periods. The results of the analysis are presented in Table 9.

At a significance threshold of 5%, all four variables exhibit significant differences between 2019 and 2023, as indicated by p-values below 0.05. This confirms that the observed changes in the RPNs of supply, demand, environment and process risks over this period are substantial and unlikely to be due to random variation. Among these variables, demand risk demonstrates the most pronounced change, evidenced by a notably high F-statistic (118.033), which reflects a considerable difference in the averages between the two years. These significant differences are further illustrated by the average plots shown in Figures 13–16.

This subsection is dedicated to a sensitivity analysis to verify the robustness of our results. More specifically, we first varied the weight of severity, relatively to the occurrence and detection of risks, as severity can be considered more important than occurrence or detection. We then varied the weight of occurrence and detection for additional volatility. The objective of this analysis is to assess the stability of significant correlations and PLS regression coefficients. To do so, in addition to the basic scenario analysed above, we propose the following 4 scenarios:

• Scenario 1: $RPNi=Occurencei×Detectioni×Severityi1.5$

• Scenario 2: $RPNi=Occurencei×Detectioni×Severityi2$

• Scenario 3: $RPNi=Occurencei2×Detectioni×Severityi2$

• Scenario 4: $RPNi=Occurencei×Detectioni2×Severityi2$

The results for these different models are presented in Table 10 and Figure 17.

Table 10 shows that most of relationships between traditional supply chain risks and IS risks remain structurally robust, even when RPNs formulas are varied. For example, the strong correlation between supply risk and IS misfit is particularly stable and significant in all different scenarios (ρ $≈$0.71–0.81, p-value < 1%), basic scenario included. This roughly indicates that IS inadequacies influence systematically traditional supply chain risks regardless of the weights of the RPN factors, which confirms the conceptual validity of our approach. Conversely, while environmental risk and IS usage remain moderately positive and significant in all different scenarios (ρ $≈$0.41–0.62, p-value ≤ 2%), correlation between environmental risk and IS misfit seems to be more related to occurrence as it loses significance and intensity when severity or detection is amplified. This suggests that when occurrence is outweighed, IS misfit such as lack of anticipation of needs in IS configuration, loses its impact on environmental risk such as regulatory compliance and economic perturbations. Finally, correlation between process risks and IS usage become particularly more pronounced when occurrence or severity are outweighed (ρ $≈$0.61–0.71, p < 1%), while traditional supply chain risks become weaker or insignificant for different scenarios. These results show that non-linear adjustments on RPN components do not affect the structure, but roughly affect the intensity of relationships between traditional supply chain risks and instrumental IS risks (IS usage, IS misfit), while mitigating or erasing the effect of IS social/human related issues, which may argue for variable RPN sensitivity depending on the nature of IS risk considered.

Figure 17 joins Table 10 to roughly suggest a relatively high robustness of relationships with technical IS risks (IS misfit, IS usage) and a relatively increased sensitivity with IS social/human risks to weighting choices of RPN modelling, basic scenario included. Indeed, for example, the results show that PLS effects demonstrate strong robustness for some relationships, particularly the effect of IS misfit on supply risk, which remains strongly positive in all scenarios (β $≈$0.75–1), regardless of the weighting of occurrence, detectability or severity in the RPN equations. Similarly, the effect of IS usage on environmental risk remains consistently positive and high (β $≈$0.53–0.82), indicating that increased IS usage risk is structurally associated with environmental risks. However, some effects appear to be sensitive to the RPN modelling choices. For example, the impact of IS misfit on environmental risk varies from moderately negative (β $≈$ −0.6 to −0.1) to slightly positive in scenario 4 (β = 0.14), suggesting a dependence on the weighting of occurrence relatively to both detectability and severity. Similarly, the effect of IS Social/Human issues on environmental risk becomes strongly negative in scenario 4 (β = −0.6), whereas it was weak in the other scenarios, revealing a structural instability in this relationship. Finally, the effects on demand and process risks show relative stability in their sign but variability in their intensity. For example, IS usage effect on process risk remains consistently positive (β $≈$0.48–0.6), while the IS misfit effect on demand risk remains negative in all scenarios (β $≈$ −0.5 to −0.3). Overall, the effects IS social/human issues remain generally weak and unstable, indicating that these dimensions are more sensitive to the weighting assumptions in the RPN construction than the technical and usage dimensions.

This study examines the relationships between IS risks and traditional risks (supply, demand, environmental and process risks) in a HSC context before and after digitalisation. The analysis is conducted using five approaches: univariate, bivariate, PLS regression, comparative and robustness analyses.

The univariate analysis was used to prioritise the various supply chain risks based on their RPNs. The results indicated that environmental risk exhibited the highest average RPN (20.82), with significant dispersion (13.06), followed by IS-related social/human issues, with an average RPN of 20.00 and lower dispersion (6.596). These findings underscore the growing concerns about environmental uncertainties in digital supply chains, where dynamic and volatile demands serve as prominent risk drivers. In addition, human and social factors, such as employee adaptability to technological changes and challenges in implementing digital systems, are well-documented as critical determinants of successful digital transformation in supply chains (Sarkis et al., 2021). In contrast, demand risk recorded the lowest average RPN (5.09), with moderate dispersion (3.282). This reflects findings from previous studies suggesting that demand uncertainty remains a key but relatively stable risk, mitigated through enhanced forecasting capabilities enabled by digital tools (Delmonteil and Rancourt, 2017). Supply and process risks have similar average RPNs (12.09 and 11.36, respectively), with supply risks demonstrating greater variability. These findings align with recent literature on digital transformation and implications for SCRM. In our context, our results reveal that HSCs require different digital solutions compared to traditional supply chains. Three key adaptations emerge from BALH’s case. First, simplified interfaces are required so that volunteers may adapt to new solutions quickly. Second, HSCs need adaptable solutions for portability and often low infrastructure regions, such as offline tablets for donation tracking. Third, frugal innovation such as DigPlat which allows centralised donor inputs and proposes allocation options, are highly encouraged to mitigate process risks.

Going on, the bivariate analysis revealed several significant relationships between IS risks and traditional supply chain risks. The supply risk demonstrated a strong positive correlation with IS misfit risk, indicating that IS incompatibilities may exacerbate supply risks. This finding aligns with prior research suggesting that poor alignment between digital systems and traditional processes increases supply chain vulnerabilities (Sobb et al., 2020). The environment variable showed a moderate negative correlation with IS misfit risk (r = −0.469, p < 0.01), implying that mismatches between IS and environmental factors may exacerbate operational risks (Kovach et al., 2015). Conversely, IS usage exhibited a positive correlation with both environmental risk (r = 0.619, p < 0.01) and process risk (r = 0.607, p < 0.01). These results suggest that while increased reliance on IS enhances operational performance, it also introduces risks related to system complexity and dependency. These findings are consistent with existing research, which highlights that while IS adoption improves operational efficiency, it often leads to new challenges, including cybersecurity risks and integration difficulties (Sobb et al., 2020). Finally, IS social/human risks demonstrated moderate positive correlations with both supply risk (r = 0.390, p < 0.05) and demand risk (r = 0.369, p < 0.05).

Besides, PLS regression was used to model the impact of IS risks on supply chain risks. The analysis revealed that IS misfit is the most influential factor affecting supply risk (VIP > 1), with an increase in IS incompatibility directly raising supply risk, while IS usage slightly mitigates it. This finding is in line with previous studies linking technological incompatibility to elevated operational risks (Vielba and Vielba, 2006). The results also showed that IS social/human issues are the dominant factor influencing demand risk, with a one-unit increase in IS social/human issues resulting in a 0.41-unit increase in demand risk. This aligns with literature emphasising the critical role of human factors in successfully implementing digital supply chain systems (Hoberg et al., 2020). Similarly, IS usage was identified as the most significant driver of environmental risk, where a one-unit increase in IS usage leads to a 0.63-unit rise in environmental risk. These findings are consistent with studies suggesting that, while IS adoption offers performance benefits, it may increase environmental risks related to regulatory compliance and data privacy concerns (Froomkin, 2015). For process risks, both IS usage and IS misfit emerged as primary contributors, with an effect of 0.49 for IS usage and 0.28 for IS misfit.

Moreover, the ANOVA analysis compared supply, demand, environmental and process risks between 2019 and 2023. Statistically significant differences were found across all categories. Specifically, demand risk exhibited the most substantial variation (F = 118.033, p < 0.001), indicating a large difference between 2019 and 2023. Similarly, supply, environment and process risks showed significant differences (p < 0.05) between 2019 and 2023, confirming the overall positive effect of digitalisation on traditional risks, despite the marginal net effects identified in the PLS analysis. These findings support the argument that digitalisation not only mitigates some risks but also introduces new complexities and aligns with academic discussions on the dual nature of digital transformation in supply chains, where technological adoption leads to both the reduction of some traditional risks and the emergence of new ones, particularly concerning system integration, cybersecurity and human–machine interactions.

Finally, the robustness analysis showed two main results. While relationships linking technical IS risks (IS misfit, IS usage) to traditional supply chain risks showed roughly strong robustness to the weighting of RPN components, the social/human issues showed a relatively higher sensitivity to these weightings. This may be explained by the nature of IS risks where technical risks may be perceived as easily quantifiable and directly and structurally linked to supply chain risks, while social/human issues can be perceived as more contextually subjective and then may present more variability. Overall, our results show that overweighting RPN components can amplify the effects of social/human issues in comparison to IS technical risks which are often assessed in a more consensual and stable manner.

The integration of new technologies into supply chain management raises major challenges for decision-makers. Our findings highlight the dual nature of digitalisation: while it optimises flow management and reduces traditional risks, it also generates new risks linked to the use of IS, and their compatibility with existing processes and human factors. This complexity requires strategic risk management frameworks to be adapted to ensure a smooth and beneficial digital transition (Ivanov and Dolgui, 2020).

For humanitarian managers, our findings stress that digital tools must prioritise robustness over sophistication. While traditional supply chains invest in AI-driven forecasting, HSCs benefit more from offline-capable systems such as offline tablets, barcode scanners functioning without cloud access and good-enough data granularity. This aligns with frugal innovation principles (Tiwari, 2021), where low-cost modular designs outperform complex systems in volatile environments. Likewise, training programs should focus more on adaptive use, such as volunteers switching between digital and manual processes, to mitigate social/human risks (RPN average = 20.0, the second-highest in our analysis).

To address the evolving risks identified in our analysis, we propose three targeted strategies for humanitarian organisations undergoing digitalisation:

1. Implementation of a dynamic digital risk dashboard: Building on our findings regarding IS misfit and usage risks, we recommend deploying an interactive dashboard that maps real-time RPNs to specific operational nodes such as warehouse management and donor coordination. This tool should integrate: (i) threshold-based alerts (such as colour-coded warnings when social/human risk scores exceed 20 RPNs), (ii) historical risk trend visualisations and (iii) offline functionality to ensure usability in low-connectivity environments, a critical adaptation for humanitarian contexts. For instance, BALH could use such a dashboard to pre-emptively reallocate volunteers when skill gaps threaten process stability.

2. Stakeholder-specific capacity building: Our results underscore the divergent impacts of digital risks across roles. We advocate for tiered training programs for (i) frontline volunteers: Modular and scenario-based training on adaptive system use (for example, switching to manual barcode scanning during ERP outages), leveraging our finding that human adaptability mitigates process risks and (ii) for IS/management teams: Advanced cyber-physical simulations replicating high-risk scenarios (for example, ransomware attacks during peak distribution periods), reflecting the elevated environmental risks related to IS usage (β = 0.63, p < 0.01).

3. Policy frameworks for digital resilience: organisations should institutionalise digital fallback protocols mandating predefined manual workflows for high-RPN processes identified in FMEA (for example, paper-based tracking when IS misfit scores exceed 15). This aligns with our ANOVA results showing significant post-digitalisation risk variances (p < 0.05), emphasising the need for policy buffers against volatility. In addition, cross-functional risk committees should convene quarterly to review dashboard metrics and update mitigation strategies, an approach BALH could pilot given its centralised ERP constraints.

In this way, this research bridges theory and practice by translating abstract frameworks into actionable strategies tailored to the HSC context. Grounded in Contingency Theory and IS Alignment Theory, our findings reveal that aligning information systems and improving coordination mechanisms such as DigPlat, may enhance agility in HSCs, which is consistent with the observation of Dubey et al. (2024) on blockchain. From a practical standpoint, our results suggest that humanitarian organisations should prioritise modular and offline-capable digital infrastructures over complex systems. This view is supported by recent digitalisation frameworks developed for post-COVID-19 humanitarian logistics such as Jayadi (2024). In training, these insights provide a foundation for capacity-building programs focused on digital competencies and change management adapted to non-profit realities. More broadly, our findings support public policy efforts aimed at reducing digital exclusion and mitigating the societal risks of technological dependency in vulnerable populations, thus contributing to the emerging field of digital governance in HSCs (Jayadi, 2024).

Finally, this research highlights the importance of an integrated approach to risk management. Indeed, risk management models need to be extended to new technological realities, including quantitative methods to better understand and judge the complex interactions between traditional risks and the new digital risks. In this sense, managers need to adopt a holistic and dynamic view of risk management to reap the full benefits of Industry 4.0 while minimising its undesirable effects (Queiroz et al., 2021).

Although our study is grounded in the specific case of BALH, the findings have broader implications for other humanitarian organisations operating in diverse geographical contexts and with varying levels of technological maturity. The integrated risk framework combining traditional risk categories with digital risks such as IS misfit, social/human and usage-related risks, is intentionally designed to be modular and adaptable. In low-connectivity or resource-constrained regions, simplified digital tools (e.g. offline-capable dashboards or modular ERP systems) can replicate the benefits observed at BALH, such as reduced demand risk or improved process traceability. Conversely, organisations with higher digital maturity may find value in tailoring the framework’s digital risk categories to more advanced analytics tools (e.g. AI-driven forecasting or blockchain traceability). Furthermore, our focus on socio-technical and IS alignment theories provides a transferable conceptual lens to evaluate digital risks across humanitarian settings, whether in urban refugee operations, rural health logistics or post-disaster recovery missions. Future research could validate this adaptability through comparative case studies or cross-country applications using our hybrid FMEA–PLS–ANOVA methodology.

Risk management plays a crucial role in developing a resilient supply chain. The increasing reliance on information and communication technologies in global supply chains, coupled with the growing complexity of these technologies (Surana et al., 2005), has significantly expanded the scope of supply chain risk. Recognising the need to prioritise IS risks, Froufe and Gningue (2018) proposed a comprehensive SCRM framework that addresses supply, process, demand and environmental risk categories while explicitly incorporating IS risks.

This study provides an empirical contribution to understand how digitalisation reshapes supply chain risks in humanitarian organisations. Unlike traditional commercial supply chains, which aim to maximise profit and operational efficiency, HSCs operate under different constraints and priorities. Their objectives focus on accelerating emergency response, optimising the use of limited resources and alleviating human suffering. Accordingly, their performance metrics such as response time, coverage, inclusion and ethical conduct differ from those in for-profit environments, which mainly focus on cost efficiency and productivity.

Our findings confirm that the adoption of digital technologies in humanitarian settings alters the traditional risk landscape in significant ways. Tools such as ERP systems or real-time platforms like DigPlat improve coordination and forecasting, helping reduce demand variability and improve supply responsiveness. However, these technologies also introduce new categories of risk, namely, misfit between system and operational realities, social/human resistance or skill gaps and usage-related vulnerabilities like cyberattacks or data breaches. In the humanitarian context, such digital risks are not only technical challenges but also ethical issues. A misalignment in a commercial supply chain might result in revenue loss, but in a HSC, it could delay essential aid or threaten the dignity and safety of displaced or vulnerable populations.

Theoretically, this study is grounded in Contingency Theory, which highlights the need for risk frameworks adapted to specific organisational environments. Humanitarian logistics, characterised by volatility, decentralisation and ethical sensitivity, require models that integrate contextual realities. In this respect, Socio-Technical Systems Theory and IS Alignment Theory offer valuable lenses. They show how the effectiveness and risks of digital tools depend on their fit with human capabilities, social values and operational dynamics on the ground. Our findings reinforce this perspective: the most influential digital risks were not technological immaturity, but rather social and organisational inadequacies.

By combining FMEA with statistical tools like PLS and ANOVA, we proposed a hybrid framework that not only maps these risks but also prioritises them, providing operational value to humanitarian managers. Fo example, we show that frugal and adaptable digital innovations (such as offline-compatible dashboards or modular ERP components) can reduce risks without creating excessive dependence or complexity, an insight particularly relevant for resource-constrained humanitarian contexts.

This proposed research underscores the need for a humanitarian-specific approach to digital risk management that prioritises adaptability, inclusiveness and ethical resilience alongside technological performance. Digitalisation offers powerful tools to enhance humanitarian logistics, but its success depends on the degree to which it respects and responds to the unique risks, constraints and values of humanitarian work. The proposed risk assessment framework advances existing knowledge by providing a comprehensive identification of risks in Supply Chain 4.0. It offers insights into the real impacts of adopting new technologies on supply chain risks and establishes a foundation for developing effective risk management frameworks.

This framework naturally presents some limitations. First, although standardised RPNs provide an initial approximation of risk priorities, a sensitivity analysis with weighted criteria, such as multi-criteria decision-making (MCDM) or analytical hierarchical planning (AHP) method, would enhance the granularity of the results. This limitation is partially offset by PLS, ANOVA and robustness analyses performed in this study. Another limitation is the lack of control on some contextual factors such as the age of digitalisation or the level of training of teams, which could influence the perception of risks beyond the characteristics of IS. Explicit modelling of these variables would refine the results, a limitation that opens up avenues for future research incorporating longitudinal analyses or organisational moderators. Finally, while our analysis initially focuses on isolating the direct impacts of IS risks on traditional risk categories via correlation and PLS regression, we have not considered the cascading interdependencies that may exist, which suggests the need for more developed modelling such as Bayesian networks and system dynamics. This would expand these results to identify the nodes of critical vulnerability and anticipate systemic risks that may be not easily visible, with the final aim of constructing more resilient systems.

This research didn’t receive any specific grant from funding agencies in the public, commercial or not-for-profit sectors.