1 Introduction

A traditional supply chain is transformed into an integrated end-to-end digital business environment through the process of digitization. The extensive scope of changes brought about by digitalization affects all primary and supportive activities of the value chain. Digital transformation not only enhances visibility and flexibility but also enables greater efficiencies, innovations, and risk reduction within complex supply chain networks [4, 26]. Therefore, organizations have recognized the need for supply chain digital transformation over the past decade as digitalization has become a key strategy for gaining a sustainable competitive advantage [18, 23, 44]. The time required to access or transfer necessary information across the supply chain is reduced through digital transformation, leading to improved response times [30]. Furthermore, organizational flexibility is enhanced by providing a platform for adapting to management scenarios, analyzing risk sources, and implementing performance measures to minimize potential disruptions [12]. Moreover, the digital supply chain extends beyond traditional boundaries by enabling access to global suppliers and hubs to efficiently serve globally dispersed customers [13]. Various factors contribute to successful digital transformation, including continuous collaboration, supplier alignment, integration, advanced operational management models, flexibility, and technical capabilities [3, 7, 33, 42]. For example, continuous collaboration among supply chain players has been identified as the most influential factor in achieving desired outcomes through digital transformation [2]. Additionally, the need to continue operations during disruptions, such as epidemics, requires real-time, seamless, and multi-channel relationships with supply chain players, driving supply chain digitalization [27, 37, 46].

While digital transformation offers extensive opportunities for growth and value creation across the supply chain, supply chain players are exposed to risks that can impact system performance [39, 52]. These risks are increasing in complexity with advancements in technologies such as artificial intelligence, Internet of Things (IoT), machine learning, remote sensing, big data analysis, and cloud computing [38], highlighting the importance of managing digital transformation risks.

This study identifies and assesses the potential risks of digital transformation using a hybrid decision-making and structural analysis approach. Risk assessment criteria and identified risks are ranked through Fuzzy Analytical Hierarchical and Network Processes, respectively. Experts' opinions are gathered using the Fuzzy Delphi method, and risk mitigation strategies are proposed for the top-ranked risks. These strategies are analyzed using hybrid Interpretive Structural Modeling (ISM) and Matrices Impacts Croisés Multiplication Appliquée à un Classement (MICMAC) methods. Practical insights based on the results are also provided. The key contributions of this study include:

  • Proposing a comprehensive risk assessment model for digital transformation in the supply chain, covering organizational strategy, environmental factors, supply chain management, information technology, and financial aspects.

  • Developing an integrated risk assessment model and analyzing risk mitigation strategies using a hybrid method that combines multi-criteria decision-making, interpretive structural modeling, and MICMAC.

The remainder of the study is structured as follows: Sect. 2 reviews related work on evaluating risks in digital supply chain transformation. Section 3 outlines the hybrid risk analysis method, including potential risk identification, assessment, and development of risk mitigation strategies. Section 4 presents the results of applying the proposed hybrid risk analysis method. Finally, Sect. 5 discusses the key findings of the analysis.

2 Literature review

Various important factors, such as technology, organization, and environment, are known as sources of risk in supply chain digital transformation [24]. The digitalized network will face a higher risk of privacy infringement due to changes in the process of exchanging and sharing necessary information. By expanding traditional organizational boundaries and deepening cooperation, the risk of digital transformation will increase [14, 21]. It is important to note that applying digital technologies is essential but not sufficient for an efficient digital transformation. Ensuring proper alignment between implemented digital technologies and the organization's business strategy is crucial for successful digital transformation. Smart supply chains utilize big data technology to enhance information sharing, resource-based collaboration, and supply chain integration [20]. Additionally, the performance of digitalized networks can be improved in terms of trust, regulatory traceability, and data privacy by utilizing various digital technologies such as blockchain [53].

Traditional concepts of supply chain management (SCM) may not adequately support modern organizations in today's challenging and complex market conditions. For example, stakeholders' coordination abilities and strategy consistency significantly impact the quality of information exchange between stakeholders [51]. Furthermore, a lack of information technology results in a decrease in the service quality of digital supply and demand provision. As a result, digital transformation risks have emerged due to inadequate digital technology that fails to effectively integrate network resources [1, 31, 35]. Discordant information technology strategies among supply chain stakeholders lead to inconsistent matching of digital resources and collaboration risks. Digital transformation focuses on the process of cooperative knowledge innovation, where gaining innovative organizational cultural knowledge is significantly influenced by organizational strategy. Cooperation stability among players and the smoothness of digital transformation in supply chain activities are regulated by cooperation strategy [19, 54]. High uncertainty in a volatile market leads to a high level of digital transformation risk. The complexity of network structures increases the complexity of decision-making environments. In such complex conditions, implementing an effective trust mechanism among supply chain players significantly impacts the success of digital transformation. Therefore, the true power of digital transformation is significantly diminished in underdeveloped industrial environments [15, 22, 43]. Utilizing robust preventive measures for potential risks can reduce the likelihood of risk occurrence. Controlling an organization's performance and preventing risks are influenced by the organization's ability to make decisions under risk using prediction methods and timely notifications based on understanding and analyzing digital transformation risk information [5, 25, 50].

Digital transformation can be described as a specific process that enhances each entity by instigating substantial changes to its specifications through a comprehensive set of data management, computing, and communication technologies [45]. This advancement aims to achieve various objectives, such as maximizing performance and minimizing risks by implementing new and disruptive digital technologies [32, 55]. Therefore, supply chain digital transformation offers potential benefits such as cost reduction, real-time responsiveness, and data-driven solutions [11, 40, 47]. These benefits may be influenced by potential risks that may arise. Studies show that the acceptance of digital transformation as an innovative strategy relies on the organization's approach to supply chain risk management to ensure uninterrupted key activities [10, 17, 45]. Supply chain digital transformation is a significant choice for organizations due to its potential to respond to identified risks by enhancing supply chain agility, connectivity, and collaboration among stakeholders [28]. For example, digital supply chain transformation has been adopted as a risk mitigation strategy to address disruptions such as the COVID-19 pandemic by facilitating digital connectivity among supply chain stakeholders [28, 34]. In this context, disruptive technologies like blockchain can play a crucial role in innovating business models and shifting attitudes toward traditional businesses to be more cost-effective and reliable [16]. However, the implementation of these emerging technologies poses various risks for organizations. Results suggest that over seventy percent of all supply chain digital transformation initiatives are not entirely successful [41]. Therefore, it is expected that not all transformation efforts will achieve their planned objectives. Despite the importance of analyzing the risks of supply chain digital transformation, few studies have addressed this critical issue, and a comprehensive risk assessment model for digital transformation is yet to be developed [55].

3 Hybrid risk analysis method

In this study, FAHP, FANP, and ISM-MICMAC techniques are integrated for a comprehensive risk analysis. Required data is collected in multiple successive phases. Initially, potential risks are identified from conducted studies in the literature to identify risks of supply chain digital transformation. Secondly, experts' opinions are collected through an online survey based on the two-phase fuzzy Delphi technique. The relevant risk mitigation strategies are identified in a similar approach to identifying the risks. Finally, risk prioritization criteria and interrelationships among risk mitigation strategies are assessed based on the experts' opinions. To achieve this, a purposive sampling method is applied to gather experts' opinions, including 25 industry experts in digital transformation and supply chain management. Table 1 presents detailed information about the research experts, while Fig. 1 illustrates the overall research methodology.

Table 1 Details of experts' profiles [executive director (ED), senior manager (SM), senior engineer (SE), manager (M), engineer (E), postgraduate (P), bachelor (B)]
Full size table
Fig. 1
figure 1

Overview of applied research methodology

Full size image

3.1 Potential risks identification

A traditional supply chain transformation to the digital era faces various risks, including information technology risks, organizational strategy risks, environmental risks, digital SCM risks, and financial risks. In this study, the Fuzzy Delphi method is applied to identify and evaluate potential risks based on experts' opinions, which are extracted through verbal expressions. Initially, a semi-open questionnaire was developed to identify and assess potential risks based on existing literature. The proposed risk names, definitions, and classifications were validated using expert opinions, with experts able to propose new risks and related information. The fuzzy technique was used to handle the uncertainty of risk assessment by representing verbal expressions with triangular fuzzy numbers (TFN) (see Table 2). Following the results of phase one, a questionnaire for phase two was developed. In the second phase, experts evaluated the importance weights of identified risks. Consensus was achieved by calculating the convergence status at the end of phase two, with the Delphi evaluation process concluding if the consensus measure (i.e., the difference between the averages of two successive defuzzy findings) is less than 0.1. The Delphi method was stopped at the second phase.

Table 2 Triangular fuzzy numbers for a five-point scale
Full size table

3.2 Potential risks assessment

The digital supply chain transformation involves various sectors that are prone to risks, such as information technology, organizational strategy, decision-making environment, supply chain management, and financial aspects. These key administrative sectors are particularly susceptible to potential risks, and if not properly managed, various threats may arise. A group of twenty-five skilled managers and engineers from medical supply chains across Iran contributed as experts in a case study focused on identifying risks in digital transformation and assessing criteria weights. Subsequently, the twelve most skilled experts from this group participated in an integrated ISM-MICMAC analysis. Potential risks, identified based on literature findings and experts' feedback, are consolidated into a single generalized risk list.

3.3 Risk assessment criteria

Five main criteria are regarded for assessing identified risks (see Fig. 2).

Fig. 2
figure 2

The main considered criteria for risk assessment

Full size image

Fuzzy representation is utilized to manage uncertainty in pairwise comparisons to yield more dependable results. A fuzzy group-based AHP is employed to assess the risk assessment criteria [8]. The stages of the fuzzy group-based AHP applied are outlined as follows:

  • Phase 1: Experts' opinions are consolidated by computing geometric means for each lower, middle, and upper number (i.e., points) triangular fuzzy representation (Eq. 1).

    $$\begin{array}{*{20}c} {ag_{i} = \left( {\left( {\mathop \prod \limits_{j = 1}^{n} l_{ij} } \right)^{\frac{1}{n}} ;\left( {\mathop \prod \limits_{j = 1}^{n} m_{ij} } \right)^{\frac{1}{n}} ;\left( {\mathop \prod \limits_{j = 1}^{n} u_{ij} } \right)^{\frac{1}{n}} } \right)} & {\forall i = 1, \ldots ,n} \\ \end{array}$$
    (1)

  • Phase 2: For each criterion, the summation vector includes geometric means for each point of fuzzy triangular number and then its inverse vector are calculated and sorted in ascending order.

  • Phase 3: The criteria weight is calculated by multiplying \({ag}_{i}\) with the inverse vector summation. The \({ag}_{i}\) related to the l, m, and u points of a specific criterion are multiplied by the smallest, middle, and largest inverse summation values to find the related fuzzy weights for each criterion, respectively.

  • Phase 4: After determining the fuzzy weights of criteria as well as the crisp weights of alternatives, following the technique presented by Saaty, alternative weights are multiplied by the related criterion weights.

  • Phase 5: For each expert's responses, the aforementioned phases are done to calculate each expert's fuzzy weight.

  • Phase 6: The calculated weights for each alternative are combined two times via simple as well as geometric means.

  • Phase 7: The final combined weights are normalized for evaluation with the confidence intervals produced via a group-based analytic hierarchy process.

Finally, identified risks are prioritized via the fuzzy ANP method [36]. The phases of the applied fuzzy group-based ANP are as follows:

  • Phase 1: Criteria comparison: based on the considered network, the relative importance of the criteria is evaluated via established fuzzy comparison matrices. The interval type2-fuzzy scale of the linguistic variables is presented in Table 3.

  • Phase 2: Final fuzzy weights calculation—After normalizing the final weights that were obtained, the geometric mean of each row can be calculated. Ultimately, \({\widetilde{FW}}_{i}\) represents the alternative fuzzy utility.

    $$\begin{array}{*{20}c} {\widetilde{ar}_{i} = \left( {\tilde{a}_{i1} \otimes \ldots \otimes \tilde{a}_{in} } \right)^{\frac{1}{n}} } & {\forall i} \\ {where} & {} \\ {\left( {\tilde{a}_{ij} } \right)^{\frac{1}{n}} = \left( {\begin{array}{*{20}c} {\left( {\left( {a_{ij1}^{U} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ,\left( {a_{ij2}^{U} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ,\left( {a_{ij3}^{U} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ,\left( {a_{ij4}^{U} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ;H_{1}^{U} \left( {a_{ij} } \right),H_{2}^{U} \left( {a_{ij} } \right)} \right),} \\ {\left( {\left( {a_{ij1}^{L} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ,\left( {a_{ij2}^{L} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ,\left( {a_{ij3}^{L} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ,\left( {a_{ij4}^{L} } \right)^{{{\raise0.7ex\hbox{$1$} \!\mathord{\left/ {\vphantom {1 n}}\right.\kern-0pt} \!\lower0.7ex\hbox{$n$}}}} ;H_{1}^{L} \left( {a_{ij} } \right),H_{2}^{L} \left( {a_{ij} } \right)} \right)} \\ \end{array} } \right)} & {} \\ \end{array}$$
    (2)
    $$\begin{array}{cc}{\widetilde{we}}_{i}={{\widetilde{ar}}_{i}\otimes \left({\widetilde{ar}}_{1}\otimes \dots \otimes {\widetilde{ar}}_{n}\right)}^{-1}& \forall i\\ where& \\ \frac{{\widetilde{a}}_{ij}}{{\widetilde{a{\prime}}}_{ij}}=\left(\begin{array}{c}\left(\frac{{a}_{1}^{U}}{{a{\prime}}_{4}^{U}}\right),\left(\frac{{a}_{1}^{U}}{{a{\prime}}_{3}^{U}}\right),\left(\frac{{a}_{1}^{U}}{{a{\prime}}_{2}^{U}}\right),\left(\frac{{a}_{1}^{U}}{{a{\prime}}_{1}^{U}}\right),min\left({H}_{1}^{U}\left(a\right),{H}_{1}^{U}\left(a{\prime}\right)\right),min\left({H}_{2}^{U}\left(a\right),{H}_{2}^{U}\left(a{\prime}\right)\right)\\ \left(\frac{{a}_{1}^{L}}{{a{\prime}}_{4}^{L}}\right),\left(\frac{{a}_{1}^{L}}{{a{\prime}}_{3}^{L}}\right),\left(\frac{{a}_{1}^{L}}{{a{\prime}}_{2}^{L}}\right),\left(\frac{{a}_{1}^{L}}{{a{\prime}}_{1}^{L}}\right),min\left({H}_{1}^{L}\left(a\right),{H}_{1}^{L}\left(a{\prime}\right)\right),min\left({H}_{2}^{L}\left(a\right),{H}_{2}^{L}\left(a{\prime}\right)\right)\end{array}\right)& \end{array}$$
    (3)
    $$\widetilde{FW}_{i} = \mathop \sum \limits_{i = 1}^{n} \widetilde{we}_{j} .\widetilde{ar}_{ij}$$
Table 3 Linguistic variables representation in a type of trapezoidal interval fuzzy scales
Full size table

  • Phase 3: This phase involves finding defuzzified matrices through the calculation of super matrices. An unweighted supermatrix is created that includes all inner and outer dependencies and feedbacks. This supermatrix is then normalized based on the weights obtained, as shown in Eq. (4).

    $${\text{Super}}\;\;{\text{matrix}} = ({\text{Weighted}}\;\;{\text{supermatrix}})^{{2^{k + 1} }} \quad \quad {\text{k}}\;{\text{is}}\;{\text{large}}\;\;{\text{positive}}\;\;{\text{number}}$$
    (4)

  • Phase 4: This phase involves calculating alternative weights by multiplying the main criteria weights with the weights assigned by experts to each alternative. The normalization process is carried out for each criterion.

  • Phase 5: In this phase, the best alternative is selected based on the one with the highest weight.

3.4 Risk mitigation strategies analysis

Required pairwise comparisons for the assessment of risk mitigation strategies are conducted through a questionnaire based on opinions extracted from twelve experts (refer to Table 4). Subsequently, aggregated evaluation responses are presented (refer to Table 5). By utilizing experts' opinions on developed risk mitigation strategies, a structural self-interaction matrix (SSIM) is applied [29]. The phases of the proposed integrated ISM-MICMAC method are outlined as follows:

  • Phase 1: Extracting experts’ opinions through a developed questionnaire based on pairwise comparisons regarding the critical powers of risk mitigation strategies, including driving and dependence status.

  • Phase 2: Using the obtained pairwise comparisons to generate the structural self-interaction matrix to illustrate the influence of one variable over another based on the following criteria:

    • V: Variable i influences variable j, but variable j does not influence variable i,

    • A: Variable j influences variable i, but variable i does not influence variable j,

    • X: Variable i influences variable j, and variable j influences variable i,

    • O: Variable i does not influence variable j, and variable j does not influence variable i.

  • Phase 3: The reachability matrix (RM) is created by replacing the symbols mentioned above with 1s or 0s from the structural self-interaction matrix. The n × n adjacency matrix displays the direct relationships between n digital transformation risks. Equation (5) defines each binary element of the adjacency matrix.

    $$am_{ij} = \left\{ {\begin{array}{*{20}c} 1 & {risk\; i\; has\; an\; impact\; on\; risk\; j} \\ 0 & {o.w.} \\ \end{array} } \right.$$
    (5)
Table 4 Rules for substituting SSIM symbols
Full size table
Table 5 Template for aggregated evaluation response for ISM-MICMAC analysis
Full size table

The reachability matrix is manipulated based on the developed adjacency matrix by integrating matrix and Boolean algebra operation rules. The multiplication of matrix A  = [aij]m×n and A'  = [a'ij]n×q results in B = [bij]m×q  =  [ai1.a'1j+ ai2.a'2j+…ain.a'nj], where i = 1,…,m; j = 1,…,q. The Boolean algebra operation for binary variable aij is defined as follows: values 0 and 1 represent false (no reachability of relation between two variables) and true (reachability of relation between two variables) status, respectively.

$${1} \times {1} = {1},{ 1}\left( 0 \right) \, \times 0\left( {1} \right) = 0, \, 0 \times 0 = 0,{ 1} + {1} = {1},{ 1}\left( 0 \right) + 0\left( {1} \right) = {1},\;{\text{ ad }}0 + 0 = 0$$
(6)

The reachability matrix is evaluated based on the satisfaction of relations for the adjacency matrix. According to Eq. (7), the matrix M=\({(\text{A}+\text{E})}^{n}\) defines the reachability matrix of the adjacency matrix A and the identity matrix E by adhering to Boolean algebra operation rules.

$${(\text{A}+\text{E})}^{n+1}={(\text{A}+\text{E})}^{n}\ne {\left(\text{A}+\text{E}\right)}^{n-1}\ne \dots \ne {\left(\text{A}+\text{E}\right)}^{2}\ne {\left(\text{A}+\text{E}\right)}^{1}$$
(7)

  • Phase 4: Level partitioning is accomplished by defining sets of reachability, antecedents, and intersections. The level partitioning of risk mitigation strategies is done by analyzing the reachability matrix and dividing strategies into different levels. The set of strategies that can be reached by each scenario Si and antecedent is defined by R(Si) and Q(Sj), which include elements of 1 in row i and column j, respectively. The intersection of reachability and intersection is proposed as A = R(Si) \(\cap\) Q(Sj). To determine strategies at each level of the ISM, strategies that cannot reach other elements except for themselves are identified at each iteration. For example, the intersection A = R(Si) \(\cap\) Q(Sj), when i = j, satisfies R(Si) = R(Si) \(\cap\) Q(Sj) as the first level strategy set. The related rows and columns to the determined set for each level are deleted at the end of each iteration.

  • Phase 5: An interpretive structural model of the risk mitigation strategies is generated after completing the required iterations.

  • Phase 6: MICMAC analysis is applied using the graphical model of the driving and dependence powers in four types: Autonomous, Dependent, Linkage, and Independent.

The SSIM rules considered are used for initial reachability matrix (IRM) generation (see Table 6). The transitivity of the initial reachability matrix should be verified. The transitivity condition verifies that if entity B is affected by entity A and entity C is affected by entity B, then entity C is affected by entity A.

Table 6 Rules for substituting SSIM symbols
Full size table

Level partitioning iterations are performed by analyzing variables' reachability, antecedent, and intersection. The total impact of one variable on other variables and the total impact of all variables on one variable are considered through the reachability and antecedent measures, respectively. The level partitioning iteration is determined by combining reachability and antecedent measures. As a result, all considered risk mitigation strategies take their place in the fifth iteration. Five partitioning levels are identified by five iterations. By calculating the sum of rows (columns) in the final reachability matrix, the driving (dependence) power values are calculated, respectively. These final power values are used to categorize understudied strategies into distinct clusters: autonomous, dependent, linkage, and independent. Weak driving and dependence power are characteristics of autonomous strategies. Weak driving but strong dependence power are characteristics of dependent strategies. Strong driving and dependence power are characteristics of linkage strategies. Weak dependence power is a characteristic of independent strategies. Digital supply chain transformation is impacted by potential risks, and if not managed properly with risk mitigation strategies, various threats could arise. Twenty-one skilled staff, including managers and engineers from digital supply chains across Iran, contributed as study experts in analyzing risk mitigation strategies. Then, the eleven most skilled experts were selected for a second round of hybrid ISM-MICMAC analysis. Risk mitigation strategies identified through literature and expert opinions are compiled into a specific generalized strategy list (see Table 2).

4 Results analysis

In the first step, experts' opinions are gathered through an initial questionnaire with five potential risks identified from the literature findings. Three additional risk indicators of digital transformation risks are added based on experts' suggestions, including R15, R16, and R47. No risks from the primary list have been removed, and three new risks have been added based on the experts' opinions (see Table 7).

Table 7 Summary of identified risks as input of Delphi method
Full size table

Next, appropriate risk mitigation strategies for the top-ranked risks are developed using a similar method for finding risks, and the potential interrelationships between them are assessed. Fuzzy weights of assessment criteria are evaluated using fuzzy AHP with an inconsistency rate of less than 0.1 (see Fig. 3). The importance order of the assessment criteria is the severity (0.225), manageability (0.214), likelihood (0.201), time frame (0.198), and extent (0.162). Identified risks are prioritized using fuzzy ANP (see Figs. 4 and 5). In this study, information technology risk is ranked first, SCM risk is second, financial risk is third, organizational strategy risk is fourth, and environmental risk is last.

Fig. 3
figure 3

Final weights of risk assessment criteria via Fuzzy ANP

Full size image
Fig. 4
figure 4

Weights of sub-criteria assessment via ANP method

Full size image
Fig. 5
figure 5

Final weights of risk assessment criteria

Full size image

Identified risk mitigation strategies based on experts' opinions using the fuzzy Delphi method are as follows: Modernize risk identification (S1), Consider an integrated data strategy that includes security, role-based advantage, and recognizing single sources of truth (S2), Automate controls (S3), Create multiple digital channels (S4), Introduce rapid, small, and short-term pilots of digitalization (S5), Invest in shifting mindsets (S6), Use anonymized data when possible (S7), Implement multi-cloud or hybrid cloud infrastructures (S8), Limit connections of organization devices to each other (S9), Propose comprehensive business agreements with supply chain players focusing on potential risks and responsibilities (S10), Manage big data partnerships with comprehensive contracts (S11), Increase risk ownership at the first line of defense (S12), Identify and manage risk in a more agile way (S13), Share responsibility with subcontractors (S14), Minimize data usage (S15).

Table 8 presents the structural self-interaction matrix. ISM analysis shows that S9 is assigned to level 1 with the weakest driving and strongest dependence powers. S6, S7, S11, and S15 strategies are assigned to level 2 (see Fig. 6).

Table 8 Structural self-interaction matrix
Full size table
Fig. 6
figure 6

Interpretive structural model

Full size image

Tables 9 and 10 demonstrate the initial and final reachability matrix (FRM) after satisfying all required transitivity necessities. The * symbol in the final reachability matrix indicates transitivity. Risk mitigation strategies assigned to level 1 have less driving power and greater dependence power than those assigned to level 2. S1, S3, and S14 strategies are assigned to level 3 with greater driving and less dependence powers than strategies assigned to levels 1 and 2. S5, S12, and S13 strategies are assigned to level 4. S4 and S8 strategies are assigned to level 5. S2 and S10 strategies are assigned to level 6 with the strongest driving and weakest dependence powers among all strategies.

Table 9 Initial reachability matrix
Full size table
Table 10 Final reachability matrix
Full size table

Risk mitigation strategies assigned to levels 1–2, level 3, and levels 4–6 of the ISM analysis are categorized as 'dependent,' 'linkage,' and 'independent' status in MICMAC analysis (see Fig. 7). It should be noted that none of the considered risk mitigation strategies were assigned to the 'autonomous' group. Strategies S2 and S10 are critical due to their high driving power compared to other strategies. Figures 7 and 8 present the MICMAC analysis of risk mitigation strategies for direct influence/dependence and direct influence maps, respectively. Risk mitigation strategies 2, 4, 6, 8, 10, 12, and 13 are grouped as independent strategies. Risk mitigation strategies 5, 7, 9, and 11 are grouped as dependent strategies. Risk mitigation strategies 1, 3, and 14 are grouped as linkage strategies. Based on direct influences, risk mitigation strategies 2, 4, 10, 12, and 13 could be considered key driver strategies.

Fig. 7
figure 7

Identified direct influence/dependence

Full size image
Fig. 8
figure 8

Identified direct influence network

Full size image

4.1 Managerial insights

The obtained results emphasize the critical importance of severity, manageability, and likelihood measures for digital transformation risk assessment. Decision-makers must pay attention to a broader scope affected by the aforementioned measures for prioritizing and analyzing digital transformation risks in the healthcare supply chain. Additionally, information technology risks, SCM risks, and financial risks are identified as the most critical digital transformation risks. Decision makers must consistently observe the key aspects of digital transformation with high importance and apply appropriate related risk mitigation strategies. Furthermore, proper readiness is required for the potential feedback of digital transformation risks and to recognize suitable retrieval measures to minimize costs and potential losses.

The obtained results show that having a comprehensive data strategy that consists of security, role-based privileges, and recognizing single sources of truth (S2), as well as proposing comprehensive business agreements with supply chain players focusing on potential risks and responsibilities (S10), are the strongest risk mitigation strategies for managing digital transformation risks. Therefore, managers should prepare and implement related activities for digital transformation, and train staff to effectively drive other strategies to significantly decrease potential risks. The consecutive process of employing risk mitigation strategies would help managers make strategic decisions more efficiently and effectively while facing organizational limitations such as budget restrictions and specific planning periods. Additionally, the proposed hybrid research method applied in this study could be used in other related applications with little or no adjustments. Decision makers can gain valuable insights from the digital transformation risks analysis and mitigation framework employed in this research.

5 Conclusion

Digital transformation risks are prioritized using a hybrid method that incorporates fuzzy ANP and fuzzy AHP in healthcare SCM in Iran. Data are gathered from experts in the digital supply chain via questionnaires to determine evaluation criteria weights. Risk mitigation strategies are proposed for top-ranked risks based on experts' opinions, which are extracted via linguistic variables. Qualitative opinions of experts are transformed into TFN as input information for Fuzzy AHP and Fuzzy TOPSIS methods for criteria and risk evaluations, respectively. The potential relations between risk mitigation strategies are analyzed by integrated ISM and MICMAC methods based on the identified driving and dependence powers of each scenario. The obtained results emphasize that severity, manageability, and likelihood are the most important factors for prioritizing digital transformation risks. Information technology risks, SCM risks, and financial risks have the highest importance in this study for healthcare supply chain digital transformation. Risk mitigation strategies in level 1 have higher power and greater dependence power than strategies in level 2. "Modernize risk identification, automate controls," and "sharing responsibility with subcontractors" are assigned to level 3 with greater driving power and less dependence power than levels 1 and 2. Additionally, level 4 includes "introduce rapid, small, and short-term pilots of digitalization," "increase risk ownership at the first line of defense," and "identify and manage risk in a more agile way," while level 5 includes "creating multiple digital channels and multi-cloud or hybrid cloud infrastructures." "Considering an integrated data strategy that consists of security, role-based advantage, and recognizing single sources of truth" and "Proposing comprehensive business agreements with supply chain players focusing on potential risks and responsibilities" are assigned to level 6 with the strongest driving and weakest dependence powers. The risk mitigation strategies assigned to levels 1–2, level 3, and levels 4–6 of the ISM analysis are grouped as “dependent,” “linkage,” and “autonomous” strategies in the MICMAC analysis. "Considering an integrated data strategy that consists of security, role-based advantage, and recognizing single sources of truth" as well as "Proposing comprehensive business agreements with supply chain players focusing on potential risks and responsibilities" are assessed as critical risk mitigation strategies because of their high driving powers.

For future research directions, using hybrid decision-making methods for handling complex relations between a large number of assessment criteria, such as DNP (DEMATEL-based ANP) and best–worst, is proposed. Additionally, using new methods such as total interpretive structural modelling (TISM) is suggested for analyzing interrelationships between risk mitigation strategies by focusing on ‘why?’ besides ‘what?’ and ‘how?’ aspects.