Enterprise Risk Management Models, Third Edition
By David L Olson and Desheng Wu
Contents
1 Enterprise Risk Management in Supply Chains . . . . . . . . . . . . . 1
2 Risk Matrices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3 Value-Focused Supply Chain Risk Analysis . . . . . . . . . . . . . . . . 33
4 Examples of Supply Chain Decisions Trading Off Criteria . . . . . 45
5 Simulation of Supply Chain Risk . . . . . . . . . . . . . . . . . . . . . . . . 59
6 Value at Risk Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
7 Chance-Constrained Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
8 Data Envelopment Analysis in Enterprise Risk Management . . . 109
9 Data Mining Models and Enterprise Risk Management . . . . . . . 123
10 Balanced Scorecards to Measure Enterprise Risk Performance . . . 137
11 Information Systems Security Risk . . . . . . . . . . . . . . . . . . . . . . . 149
12 Enterprise Risk Management in Projects . . . . . . . . . . . . . . . . . . 165
13 Natural Disaster Risk Management . . . . . . . . . . . . . . . . . . . . . . 179
14 Sustainability and Enterprise Risk Management . . . . . . . . . . . . . 199
15 Environmental Damage and Risk Assessment . . . . . . . . . . . . . . . 213
Preface
Enterprise risk management has always been important. However, the events of the twenty-first century have made it even more critical. Nature has caused massive disruption, such as the tsunami that hit Fukushima in March 2011. Terrorism seems to be on the rise, with attacks occurring in the USA, Europe, and Russia with greater regularity, not to mention the even more common occurrences in the Middle East. Human activities meant to provide benefits such as food modification and medicine have led to unintended consequences. The generation of energy involves highly politicized trade-offs between efficient electricity and carbon emissions, with the macro-level risk of planetary survival at stake. Oil transport has experienced traumatic events. Risks can arise in many facets of business. Businesses in fact exist to cope with risk in their area of specialization. But chief executive officers are responsible to deal with any risk fate throws at their organization.
The first edition of this book was published in 2010, reviewing models used in management of risk in nonfinancial disciplines. It focused more on application areas, to include management of supply chains, information systems, and projects. It included review of three basic types of models: multiple criteria analysis, probabilistic analysis, and business scorecards to monitor risk performance. The second edition in 2017 focused more on models, with the underlying assumption that they can be applied to some degree to risk management in any context. The third edition adds material on risk-adjusted loss in Chap. 2, updates value analysis cases in Chap. 4, and corrects an error in a chance constrained programming example in Chap. 7.
The bulk of this book is devoted to presenting a number of operations research models that have been (or could be) applied to supply chain risk management. We begin with risk matrices, a simple way to sort out initial risk analysis. Then we discuss decision analysis models, focusing on Simple Multi-attribute Rating Theory (SMART) models to better enable supply chain risk managers to trade off conflicting criteria of importance in their decisions. Monte Carlo simulation models are the obvious operations research tool appropriate for risk management. We demonstrate simulation models in supply chain contexts, to include calculation of value at risk. We then move to mathematical programming models, to include chance constrained programming, which incorporates probability into otherwise linear programming models, and data envelopment analysis. We also discuss data mining with respect to enterprise risk management. We close the modeling portion of the book with the use of business scorecard analysis in the context of supply chain enterprise risk management.
Chapters 11 through 15 discuss risk management contexts. Financial risk management has focused on banking, accounting, and finance.1 There are many good organizations that have done excellent work to aid organizations dealing with those specific forms of risk. This book focuses on other aspects of risk, to include information systems and project management to supplement prior focus on supply chain perspectives. 2 We present more in-depth views of the perspective of supply chain risk management, to include frameworks and controls in the ERM process with respect to supply chains, information systems, and project management. We also discuss aspects of natural disaster management, as well as sustainability, and environmental damage aspects of risk management.
Operations research models have proven effective for over half a century. They have been and are being applied in risk management contexts worldwide. We hope that this book provides some view of how they can be applied by more readers faced with enterprise risk.
Lincoln, NE David L. Olson
Beijing, China
Stockholm, Sweden
Desheng Wu
September 2019