Enterprise Risk Management Models

Frontmatter

Chapter 1. Enterprise Risk Management in Supply Chains

Abstract

All human endeavors involve uncertainty and risk. Mitroff and Alpaslan (2003) categorized emergencies and crises into three categories: natural disasters, malicious activities, and systemic failures of human systems. Nature does many things to us, disrupting our best-laid plans and undoing much of what humans have constructed. Events such as earthquakes, floods, fires and hurricanes are manifestations of the majesty of nature. Recent events to include the tsunami in the Indian Ocean and Hurricane Katrina in New Orleans in 2005 demonstrate how powerless humans can be in the face of nature’s wrath.

David L. Olson, Desheng Wu

Chapter 2. Enterprise Risk Management Process

Abstract

Enterprise risk management (ERM) has become very important. The financial world is not immune to systemic failure, as demonstrated by many stories such as Barings Bank collapse in 1995, the failure of Long-Term Capital Management in 1998, and a handful of bankruptcy cases in the current financial crisis, e.g., the federal government’s takeover of Fannie Mae and Freddie Mac and the fall of Lehman fell and Merrill Lynch. There is no doubt that risk management is an important and growing area in the uncertain world.

David L. Olson, Desheng Wu

Chapter 3. Information Systems Security Risk

Abstract

Security breaches to computer systems have consistently been a major drain on organizations, both private and public. Providing information system security is challenged by environments containing evolving business requirements, with technology constantly being upgraded. Vendors regularly have to send alerts to their clients. The computer security industry is rapidly growing in response to the concerns of those operating organizational computing systems. Threats arise externally and internally. External threats include attacks by organized criminals as well as potential threats from terrorists. Internal threats are also present. Some problems arise due to turbulence in personnel, through new hires, transfers, and terminations. Most insider computer security incidents have been found to involve former employees.

David L. Olson, Desheng Wu

Chapter 4. Enterprise Risk Management in Projects

Abstract

Project management inherently involves high levels of risk, because projects by definition are being done for the first time. There are a number of classical project domain types, each with their own characteristics. For instance, construction projects focus on inanimate objects, such as materials that are transformed into some purposeful object. There are people involved, although as time passes, more and more work is done by machinery, with diminishing human control. Thus construction projects are among the more predictable project domains. Government projects often involve construction, but extend beyond that to processes, such as the generation of nuclear material, or more recently, the processing of nuclear wastes. Government projects involve high levels of bureaucracy, and the only aspect increasing predictability is that overlapping bureaucratic involvement of many agencies almost ensures long time frames with high levels of change.

David L. Olson, Desheng Wu

Chapter 5. Natural Disaster Risk Management

Abstract

Risks can be viewed as threats, but business exists to cope with risks. Different disciplines have different ways of classifying risks. In finance, in order to explain the risk management lessons from the Credit Crisis, Jorion classified risks into: known knowns, known unknowns and unknown unknowns. To focus on natural disaster risk management, we propose the following general way to classify risks: Field based and Property based.

David L. Olson, Desheng Wu

Chapter 6. Disaster Risk Management in China

Abstract

Disasters have been endemic throughout history. In Judeo history, the flood survived by Noah was about as complete a disaster to contemporary humankind as can be imagined. Egypt was plagued with droughts and floods of the Nile. In Greek/Roman culture, events such as eruptions of Mount Vesuvius caused tremendous suffering and damage. Similar disasters disrupted human activity throughout the world, to include unrecorded events at Easter Island. The International Federation of Red Cross and Red Crescent Societies stated that over a recent 10 year period, almost two billion people have been affected by disasters. People in Asia accounted for almost 89% of the population affected by natural disasters between 1975 and 2003.

David L. Olson, Desheng Wu

Chapter 7. Value-Focused Supply Chain Risk Analysis

Abstract

A fundamental premise of Keeney’s book (1992) is that decision makers should not settle for those alternatives that are thrust upon them. The conventional solution process is to generate alternative solutions to a problem, and then focus on objectives. This framework tends to suppose an environment where decision makers are powerless to do anything but choose among given alternatives. It is suggested that a more fruitful approach would be for decision makers to take more control over this process, and use objectives to create alternatives, based on what the decision makers would like to achieve, and why objectives are important.

David L. Olson, Desheng Wu

Chapter 8. Examples of Supply Chain Decisions Trading Off Criteria

Abstract

We encountered five recent cases in supply chain risk management that applied analytic hierarchy process (AHP) models. This approach can yield equivalent results from simple multiattribute utility models, a linear form of multiattribute utility theory. In this chapter we review these four cases, taking the original AHP input data and constructing a SMART model, an implementation of value analysis.

David L. Olson, Desheng Wu

Chapter 9. Simulation of Supply Chain Risk

Abstract

Supply chains involve many risks, as we have seen. Modeling that risk focuses on probability, a well-developed analytic technique. This chapter addresses basic simulation models involving supply chains, to include inventory modeling (often accomplished through system dynamics) and Monte Carlo simulation of vendor outsourcing decisions.

David L. Olson, Desheng Wu

Chapter 10. Value at Risk

Abstract

Value at risk (VaR) is one of the most widely used models in risk management. It is based on probability and statistics. VaR can be characterized as a maximum expected loss, given some time horizon and within a given confidence interval. Its utility is in providing a measure of risk that illustrates the risk inherent in a portfolio with multiple risk factors, such as portfolios held by large banks, which are diversified across many risk factors and product types. VaR is used to estimate the boundaries of risk for a portfolio over a given time period, for an assumed probability distribution of market performance. The purpose is to diagnose risk exposure.

David L. Olson, Desheng Wu

Chapter 11. Chance Constrained Programming

Abstract

Chance constrained programming was developed as a means of describing constraints in mathematical programming models in the form of probability levels of attainment. Consideration of chance constraints allows decision makers to consider mathematical programming objectives in terms of the probability of their attainment. If α is a predetermined confidence level desired by a decision maker, the implication is that a constraint will be violated at most (1–α) of all possible cases.

David L. Olson, Desheng Wu

Chapter 12. Data Envelopment Analysis in Enterprise Risk Management

Abstract

Charnes, Cooper and Rhodes first introduced DEA (CCR) for efficiency analysis of Decision-making Units (DMU). DEA can be used for modeling operational processes, and its empirical orientation and absence of a priori assumptions have resulted in its use in a number of studies involving efficient frontier estimation in both nonprofit and in private sectors. DEA has become a leading approach for efficiency analysis in many fields, such as supply chain management, business research and development, petroleum distribution system design, military logistics, and government services. DEA and multicriteria decision making models have been compared and extended.

David L. Olson, Desheng Wu

Chapter 13. Portfolio Selection Under Fuzzy and Stochastic Uncertainty

Abstract

Portfolio selection models are usually a must in the process of diagnosing risk exposures. This chapter presents portfolio selection under fuzzy and stochastic uncertainty. Portfolio selection regards asset selection which maximizes an investor’s return and minimizes her risk. In 1952, Markowitz published his pioneering work and laid the foundation of modern portfolio analysis. The core of the Markowitz mean variance model is to take the expected return of a portfolio as investment return and the variance of the expected return of a portfolio as investment risk. The main input data of the Markowitz mean variance model are expected returns and variance of expected returns of these securities.

David L. Olson, Desheng Wu

Chapter 14. Business Scorecard Analysis to Measure Enterprise Risk Performance

Abstract

Business scorecards are one of a number of quantitative tools available to support risk planning. An important tool is business scorecards. Olhager and Wikner reviewed a number of production planning and control tools, where scorecards are deemed as the most successful approach in production planning and control performance measurement. Various forms of scorecards, e.g., company-configured scorecards and/or strategic scorecards, have been suggested to build into the business decision support system or expert system in order to monitor the performance of the enterprise in the strategic decision analysis. This chapter demonstrates the value of small business scorecards with a case from a bank operation.

David L. Olson, Desheng Wu

Backmatter