Skip to main content

2020 | Book

Enterprise Risk Management Models

Authors: Prof. Dr. David L. Olson, Prof. Desheng Wu

Publisher: Springer Berlin Heidelberg

Book Series: Springer Texts in Business and Economics


About this book

This book offers a comprehensive guide to several aspects of risk, including information systems, disaster management, supply chain and disaster management perspectives. A major portion of the book is devoted to presenting a number of operations research models that have been (or could be) applied to enterprise supply risk management, especially from the supply chain perspective. Each chapter of this book can be used as a stand-alone module on a respective topic, with dedicated examples, definitions and discussion notes.

This book comes at a time when the world is increasingly challenged by different forms of risk and how to manage them. Events of the 21st Century have made enterprise risk management even more critical. Risks such as suspicions surrounding top-management structures, financial and technology bubbles (especially since 2008), as well as the risk posed by terrorism, such as the 9/11 attacks in the U.S. as well as more recent events in France, Belgium, and other European countries, have a tremendous impact on many facets of business. Businesses, in fact, exist to cope with risk in their area of specialization.

Table of Contents

1. Enterprise Risk Management in Supply Chains
Enterprise risk management began focusing on financial factors. After the corporate scandals in the U.S. in the early 2000s, accounting aspects grew in importance. This chapter discusses models applied to risk management in the context of supply chain management and related disciplines. In recognition of its growing importance to supply chain management environmental risk issues are also discussed.
A representative risk framework based on the work of Ritchie and Brindley is used as a beginning framework. It begins by identify causes (drivers) of risk, and influencers within the organization. Those responsible for decision making are identified, and a process outlined where risks, responses, and measures of outcomes are included.
A process of risk identification, assessment, strategy development and selection, implementation and monitoring is reviewed. Representative mitigation strategies were extracted from published sources.
David L. Olson, Desheng Wu
2. Risk Matrices
Risk matrices are a means to consider the risk components of threat severity and probability by assessing risk aspects and their varying degrees of impact. Risk matrices are described in the context of COSO’s risk management framework and process. A number of basic applications are reviewed. Cox and Levine critiques of the use of risk matrices are described, with their suggestions for more accurate quantitative analytic tools. An ideal approach would be to expend such measurement funds only if they enable reducing overall cost. The interesting aspect is that we do not really know. Thus, we would argue that if you have accurate data (and it is usually worth measuring whatever you can), you should get as close to this ideal as you can.
Risk matrices provide valuable initial tools when high levels of uncertainty are present. Quantitative risk assessment in the form of indices as demonstrated would be preferred if data to support it is available.
David L. Olson, Desheng Wu
3. Value-Focused Supply Chain Risk Analysis
Multicriteria analysis provides modeling tools to aid in identification of preference. This process begins with creating a hierarchical structure of criteria. Structuring of a value hierarchy is a relatively subjective activity, with a great deal of possible latitude. It is good to have a complete hierarchy, including everything that could be of importance to the decision maker. However, this yields unworkable analyses. Hierarchies should focus on those criteria that are important in discriminating among available alternatives. The key to hierarchy structuring is to identify those criteria that are most important to the decision maker, and that will help the decision maker make the required choice.
This chapter presents the value-focused approach to structure hierarchies, and the SMART method to provide a simple model of preference. These were demonstrated in the context of the supply chain risk management decision of selecting a plant location for production of a component. The methods apply for any decision involving multiple criteria.
David L. Olson, Desheng Wu
4. Examples of Supply Chain Decisions Trading Off Criteria
Five recent cases of risk management in supply chains are presented. The original multiple criteria analysis is redone in the framework of value analysis as was given in Chap. 3. Through value analysis, attention can be focused on features that call for the greatest improvement.
Value analysis can provide useful support to decision-making by first focusing on hierarchical development. In all five cases presented here, this was accomplished in the original articles. Nonetheless, it is important to consider overarching objectives, as well as means objectives in light of overarching objective accomplishment.
Two aspects of value analysis should be considered. First, if scores on available alternatives are equivalent on a specific criterion, this criterion will not matter for this set of alternatives. However, it may matter if new alternatives are added, or existing alternatives improved. Second, a benefit of value analysis is improvement of existing alternatives. The score matrix provides useful comparisons of relative alternative performance. If decision makers are not satisfied with existing alternatives, they might seek additional choices through expanding their search or designing them. The criteria with the greatest weights might provide an area of search, and the ideal scores provide a design standard.
David L. Olson, Desheng Wu
5. Simulation of Supply Chain Risk
Supply chains involve many risks. Modeling that risk focuses on probability, a well-developed analytic technique. Simulation is the most flexible management science modeling technique. It allows making literally any assumption you want, although the trade-off is that you have to work very hard to interpret results in a meaningful way relative to your decision.
Because of the variability inherent in risk analysis, simulation is an obviously valuable tool for risk analysis. There are two basic simulation applications in business. Waiting line models involve queuing systems, and software such as Arena (or many others) are very appropriate for that type of modeling. The other type is supportable by spreadsheet tools such as Crystal Ball, demonstrated in this chapter. Spreadsheet simulation is highly appropriate for inventory modeling as in push/pull models. Spreadsheet models also are very useful for system dynamic simulations.
David L. Olson, Desheng Wu
6. Value at Risk Models
Value at risk (VaR) is one of the most widely used models in risk management. It is based on probability and statistics. VaR can be characterized as a maximum expected loss, given some time horizon and within a given confidence interval. Its utility is in providing a measure of risk that illustrates the risk inherent in a portfolio with multiple risk factors, such as portfolios held by large banks, which are diversified across many risk factors and product types. VaR is used to estimate the boundaries of risk for a portfolio over a given time period, for an assumed probability distribution of market performance. The purpose is to diagnose risk exposure.
David L. Olson, Desheng Wu
7. Chance-Constrained Models
Chance-constrained programming was developed as a means of describing constraints in mathematical programming models in the form of probability levels of attainment. Consideration of chance constraints allows decision makers to consider mathematical programming objectives in terms of the probability of their attainment. If α is a predetermined confidence level desired by a decision maker, the implication is that a constraint will be violated at most (1 – α) of all possible cases.
A number of different types of models can be built using chance constraints. The first form is to maximize the linear expected return subject to attaining specified probabilities of reaching specified targets. The second is to minimize variance. This second form is not that useful, in that the lowest variance is actually to not invest. Here we forced investment of the 1000 capital assumed. The third form is to maximize probability of attaining some target, which in order to be useful, has to be infeasible.
Chance-constrained models have been used in many applications. Here we have focused on financial planning, but there have been applications whenever statistical data is available in an optimization problem.
David L. Olson, Desheng Wu
8. Data Envelopment Analysis in Enterprise Risk Management
Data envelopment analysis (DEA) was developed for efficiency analysis of Decision-making Units (DMU). DEA can be used for modeling operational processes, and its empirical orientation and absence of a priori assumptions have resulted in its use in a number of studies involving efficient frontier estimation in both nonprofit and in private sectors. DEA has become a leading approach for efficiency analysis in many fields, such as supply chain management, business research and development, petroleum distribution system design, military logistics, and government services. DEA and multicriteria decision making models have been compared and extended. When the data is presented with uncertainty, stochastic DEA provides a good tool to perform efficiency analysis by handling both inefficiency and stochastic error.
David L. Olson, Desheng Wu
9. Data Mining Models and Enterprise Risk Management
The advent of big data has led to an environment where billions of records are possible. Data mining is demonstrated on a financial risk set of data using R (Rattle) computations for the basic classification algorithms in data mining. We have not demonstrated that scope by any means, but have demonstrated small-scale application of the basic algorithms. The intent is to make data mining less of a black-box exercise, thus hopefully enabling users to be more intelligent in their application of data mining.
We demonstrate an open source software product. R is a very useful software, widely used in industry and has all of the benefits of open source software (many eyes are monitoring it, leading to fewer bugs; it is free; it is scalable). Further, the R system enables widespread data manipulation and management.
David L. Olson, Desheng Wu
10. Balanced Scorecards to Measure Enterprise Risk Performance
Balanced scorecards are one of a number of quantitative tools available to support risk planning. A number of applications in production planning and control performance measurement are reviewed. Various forms of scorecards, e.g., company-configured scorecards and/or strategic scorecards, have been suggested to build into the business decision support system or expert system in order to monitor the performance of the enterprise in the strategic decision analysis. This chapter demonstrates the value of small business scorecards with a case from a bank operation.
David L. Olson, Desheng Wu
11. Information Systems Security Risk
Information systems security is critically important to organizations, private and public. We need the Internet to contact the world, and have benefited personally and economically from using the Web. But there have been many risks that have been identified in the open Internet environment.
A number of frameworks are considered. Some appear in the form of standards, such as from the International Standards Organization. That set of standards provides guidance in the macro-management of information systems security. Frameworks can provide guidance in developing processes to attain IS security, to include a Security Process Cycle and a list of best practices.
Supply chains are an especially important economic use of the Internet, and involve a special set of risks. While there are many inherent risks in electronic data interchange (needed to efficiently manage supply chains), methods have been developed to make this a secure activity in well-managed supply chains.
David L. Olson, Desheng Wu
12. Enterprise Risk Management in Projects
Project management inherently involves high levels of risk, because projects by definition are being done for the first time. There are a number of classical project domain types, each with their own characteristics. Some are more predictable, such as those encountered in civil engineering. Highly unpredictable projects are encountered in software engineering, and projects involving massive undertakings or emergency response typically faced by government bureaucracies.
The chapter gives a framework for project risk analysis, based on PMBOK. This included a number of qualitative elements which can be extremely valuable in project management. But they are less concrete, and therefore we found it easier to focus on quantitative tools. We want to point out that qualitative tools are also very important.
The qualitative tools presented start with the deterministic critical path method, which assumes no risk in duration nor in resource availability. We present simulation as a very useful means to quantify project duration risk. Simulation allows any kind of assumption, and could also incorporate some aspects of resource availability risk through spreadsheet models.
David L. Olson, Desheng Wu
13. Natural Disaster Risk Management
By definition, natural disasters are surprises, and cause inconvenience and damage. Some things we do to ourselves, such as revolutions, terrorist attacks, and wars. Some things nature does to us, to include hurricanes, tornados, volcanic eruptions, and tsunamis. Some disasters are caused by combinations of human and natural causes. We dam rivers to control floods, to irrigate, to generate power, and for recreation, but dams have burst causing immense flooding. We have developed low-pollution, low-cost (at the time) electricity through nuclear power. Yet with plant failure, new protective systems have made the price very high, and we have not figured out how to acceptably dispose of the waste. While natural disasters come as surprises, we can be prepared. This chapter addresses natural domain risks in the form of disaster management.
David L. Olson, Desheng Wu
14. Sustainability and Enterprise Risk Management
The challenge of environmental sustainability is important not only as a moral imperative, but also a managerial responsibility to operate profitably. Environmental sustainability has become a critical factor in business, as the threats to environmental degradation from carbon emissions, chemical pollution, and other sources has repeatedly created liability for firms that don’t consider the environment, as well as regulatory attention. Legislators and journalists provide intensive oversight to operations of any organization. There are many cases of multi-billion dollar corporations brought to or near to bankruptcy by responsibilities for things like asbestos, chemical spills, and oil spills.
We discuss risk management as applied to production in the food we eat, the energy we use to live, and the manifestation of global economy, supply chains. The triple bottom line is a useful way to focus on the role of sustainability in business management. This chapter includes a review of enterprise risk categories along with common responses.
David L. Olson, Desheng Wu
15. Environmental Damage and Risk Assessment
The problem of environmental damage and risk assessment has grown to be recognized as critically important, reflecting the emphasis of governments and political bodies on the urgency of need to control environmental degradation. This chapter reviews a number of approaches that have been applied to support decision making relative to project impact on the environment. The traditional approach has been to apply cost-benefit analysis, which has long been recognized to have issues. Most of the variant techniques discussed in this chapter are modifications of CBA in various ways. Contingent valuation focuses on integrating citizen input, accomplished through surveys. Other techniques focus on more accurate inputs of value tradeoffs. Conjoint analysis is a means to more accurately obtain such tradeoffs, but at a high cost of subject input. Habitat equivalency analysis modifies the analysis by viewing environmental damage in terms of natural resource service loss. Compensatory restoration assessed reflects actions to compensate for interim losses. Focus is thus on cost of actual restoration. Rather than abstract estimates of the monetary value of injured resources, the focus is on actual cost of restoration to baseline.
David L. Olson, Desheng Wu
Enterprise Risk Management Models
Prof. Dr. David L. Olson
Prof. Desheng Wu
Copyright Year
Springer Berlin Heidelberg
Electronic ISBN
Print ISBN