Enterprise Risk Management Models

Transcription

1 Enterprise Risk Management Models

2

3 David L. Olson Desheng Wu Enterprise Risk Management Models 123

4 Professor David L. Olson University of Nebraska Department of Management Lincoln, NE USA Professor Desheng Wu University of Toronto RiskLab Toronto, ON M5S 3G3 Canada ISBN e-isbn DOI / Springer Heidelberg Dordrecht London New York Library of Congress Control Number: Springer-Verlag Berlin Heidelberg 2010 This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Cover design: WMXDesign GmbH, Heidelberg Printed on acid-free paper Springer is part of Springer Science+Business Media (

5 Preface Enterprise risk management has always been important. However, the events of the twenty-first century have made it even more critical. The top level of business management became suspect after scandals at ENRON, WorldCom, and other business entities. Financially, many firms experienced difficulties from bubbles. The most spectacular failure in the late twentieth century was probably that of Long-Term Capital Management, 1 but that was only a precursor to the more comprehensive failure of technology firms during the dot.com bubble around The problems of interacting cultures demonstrated risk from terrorism as well, with numerous terrorist attacks, to include 9/11 in the US. Risks can arise in many facets of business. Businesses in fact exist to cope with risk in their area of specialization. But chief executive officers are responsible to deal with any risk fate throws at their organization. Financial risk management has focused on banking, accounting, and finance. There are many good organizations that have done excellent work to aid organizations dealing with those specific forms of risk. In the past, we have tried to discuss other aspects of risk, to include information systems, disaster management, and supply chain perspectives. 2 In this book, we present more in-depth views of the perspective of supply chain risk management, to include frameworks and controls in the ERM process with respect to supply chains, information systems, and project management. We also discuss aspects of natural disaster management, with focus on China, where we have access to observing some of the financial aspects of risk to supply chain firms. The bulk of this book is devoted to presenting a number of operations research models that have been (or could be) applied to supply chain risk management. We include decision analysis models, focusing on Simple Multiattribute Rating Theory (SMART) models to better enable supply chain risk managers to trade off conflicting criteria of importance in their decisions. Monte Carlo simulation models are the 1 Lowenstein, R When genius failed: The rise and fall of long-term capital management. New York: Random House. 2 Olson, D.L., and D. Wu Enterprise risk management. Singapore: World Scientific Publishing Co. v

6 vi Preface obvious operations research tool appropriate for risk management. We demonstrate simulation models in supply chain contexts, to include calculation of value at risk. We then move to mathematical programming models, to include chance constrained programming, which incorporates probability into otherwise linear programming models, and data envelopment analysis. We also give a perspective of fuzzy and stochastic (probabilistic) models applied to portfolio selection. Finally, we discuss the use of business scorecard analysis in the context of supply chain enterprise risk management. Operations research models have proven effective for over half a century. They have been and are being applied in risk management contexts worldwide. We hope that this book provides some view of how they can be applied by more readers faced with enterprise risk.

7 Contents 1 Enterprise Risk Management in Supply Chains... 1 Unexpected Consequences Supply Chain Risk Frameworks Cases... 4 Models Applied Risk Categories Within Supply Chains... 5 Process Mitigation Strategies... 9 Conclusions Notes Enterprise Risk Management Process RiskMatrix InformationSystemRiskMatrixApplication Conclusions Appendix: Controls Numbered as in Text Notes Information Systems Security Risk Definition Frameworks Security Process Best Practices for Information System Security Supply Chain IT Risks Outsourcing Value Analysis in Information Systems Security ObjectiveHierarchy SMARTAnalysis Conclusion Notes Enterprise Risk Management in Projects Project Management Risk Risk Management Planning vii

8 viii Contents RiskIdentification Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning RiskMonitoringandControl Project Management Tools Simulation Models of Project Management Risk GovernmentalProject Conclusions Notes Natural Disaster Risk Management Emergency Risk Management in China Natural Disaster and Financial Risk Management NaturalDisasterRiskandFirmValue Financial Issues SystematicandUnsystematicRisk InvestmentEvaluation StrategicInvestment Risk Management and Compliance Conclusions Notes Disaster Risk Management in China Chinese Earthquake Disaster Management Earthquake Response Chinese Earthquake Response Database Support Example Database Support Data Mining Support Data Mining Process Quantitative Model Support Example Emergency Management Support Systems RODOS System for Nuclear Remediation Chinese Catastrophe Bond Modeling Conclusions Notes Value-Focused Supply Chain Risk Analysis HierarchyStructuring Hierarchy Development Process Suggestions for Cases Where Preferential Independence Is Absent. 95 Multiattribute Analysis The SMART Technique Plant Siting Decision Conclusions Notes

9 Contents ix 8 Examples of Supply Chain Decisions Trading Off Criteria Case 1: Blackhurst et al. (2008) ValueAnalysis Case 2: Wu et al. (2006) ValueAnalysis Case 3: Kull and Talluri (2008) ValueAnalysis Case 4: Schoenherr et al. (2008) ValueAnalysis Case 5: Gaudenzi and Borghesi (2006) ValueAnalysis Conclusions Notes Simulation of Supply Chain Risk InventorySystems Basic Inventory Simulation Model System Dynamics Modeling of Supply Chains PullSystem PushSystem MonteCarloSimulationforAnalysis Notes Value at Risk Definition TheUseofValueatRisk HistoricalSimulation Variance-Covariance Approach MonteCarloSimulationofVaR The Simulation Process DemonstrationofVaRSimulation Conclusions Notes Chance Constrained Programming Chance Constrained Applications PortfolioSelection Demonstration of Chance Constrained Programming Maximize Expected Value of Probabilistic Function Minimize Variance Solution Procedure Maximize Probability of Satisfying Chance Constraint RealStockData Chance Constrained Model Results Conclusions Notes

10 x Contents 12 Data Envelopment Analysis in Enterprise Risk Management BasicData Multiple Criteria Models Scales Stochastic Mathematical Formulation DEA Models Conclusions Notes Portfolio Selection Under Fuzzy and Stochastic Uncertainty Fuzzy Random Variables Expected Value for a Fuzzy Random Variable The λ Mean Ranking Method HybridEntropy Possibility Theory Possibilistic Mean Value and Variance Mean Variance Portfolio Selection Model with Safety-First HybridEntropyBasedPortfolioSelection ReturnOptimization NumericalExample Conclusions Notes Business Scorecard Analysis to Measure Enterprise Risk Performance ERM and Balanced Scorecards Small Business Scorecard Analysis ERM Performance Measurement Data ResultsandDiscussion Conclusions Notes References Index