Enterprise Risk Management Models

Similar documents
Transcription:

Enterprise Risk Management Models

David L. Olson Desheng Wu Enterprise Risk Management Models 123

Professor David L. Olson University of Nebraska Department of Management Lincoln, NE 68588-0491 USA dolson3@unl.edu Professor Desheng Wu University of Toronto RiskLab Toronto, ON M5S 3G3 Canada dwu@rotman.utoronto.ca ISBN 978-3-642-11473-1 e-isbn 978-3-642-11474-8 DOI 10.1007/978-3-642-11474-8 Springer Heidelberg Dordrecht London New York Library of Congress Control Number: 2010922805 Springer-Verlag Berlin Heidelberg 2010 This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Cover design: WMXDesign GmbH, Heidelberg Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com)

Preface Enterprise risk management has always been important. However, the events of the twenty-first century have made it even more critical. The top level of business management became suspect after scandals at ENRON, WorldCom, and other business entities. Financially, many firms experienced difficulties from bubbles. The most spectacular failure in the late twentieth century was probably that of Long-Term Capital Management, 1 but that was only a precursor to the more comprehensive failure of technology firms during the dot.com bubble around 2001. The problems of interacting cultures demonstrated risk from terrorism as well, with numerous terrorist attacks, to include 9/11 in the US. Risks can arise in many facets of business. Businesses in fact exist to cope with risk in their area of specialization. But chief executive officers are responsible to deal with any risk fate throws at their organization. Financial risk management has focused on banking, accounting, and finance. There are many good organizations that have done excellent work to aid organizations dealing with those specific forms of risk. In the past, we have tried to discuss other aspects of risk, to include information systems, disaster management, and supply chain perspectives. 2 In this book, we present more in-depth views of the perspective of supply chain risk management, to include frameworks and controls in the ERM process with respect to supply chains, information systems, and project management. We also discuss aspects of natural disaster management, with focus on China, where we have access to observing some of the financial aspects of risk to supply chain firms. The bulk of this book is devoted to presenting a number of operations research models that have been (or could be) applied to supply chain risk management. We include decision analysis models, focusing on Simple Multiattribute Rating Theory (SMART) models to better enable supply chain risk managers to trade off conflicting criteria of importance in their decisions. Monte Carlo simulation models are the 1 Lowenstein, R. 2000. When genius failed: The rise and fall of long-term capital management. New York: Random House. 2 Olson, D.L., and D. Wu. 2008. Enterprise risk management. Singapore: World Scientific Publishing Co. v

vi Preface obvious operations research tool appropriate for risk management. We demonstrate simulation models in supply chain contexts, to include calculation of value at risk. We then move to mathematical programming models, to include chance constrained programming, which incorporates probability into otherwise linear programming models, and data envelopment analysis. We also give a perspective of fuzzy and stochastic (probabilistic) models applied to portfolio selection. Finally, we discuss the use of business scorecard analysis in the context of supply chain enterprise risk management. Operations research models have proven effective for over half a century. They have been and are being applied in risk management contexts worldwide. We hope that this book provides some view of how they can be applied by more readers faced with enterprise risk.

Contents 1 Enterprise Risk Management in Supply Chains... 1 Unexpected Consequences.... 2 Supply Chain Risk Frameworks...... 2 Cases... 4 Models Applied.... 5 Risk Categories Within Supply Chains... 5 Process.... 7 Mitigation Strategies... 9 Conclusions...... 11 Notes... 11 2 Enterprise Risk Management Process... 15 RiskMatrix... 17 InformationSystemRiskMatrixApplication... 20 Conclusions...... 23 Appendix: Controls Numbered as in Text...... 23 Notes... 25 3 Information Systems Security Risk... 27 Definition... 28 Frameworks... 29 Security Process.... 30 Best Practices for Information System Security... 31 Supply Chain IT Risks...... 32 Outsourcing... 33 Value Analysis in Information Systems Security... 33 ObjectiveHierarchy... 34 SMARTAnalysis... 38 Conclusion... 40 Notes... 41 4 Enterprise Risk Management in Projects... 43 Project Management Risk.... 44 Risk Management Planning... 44 vii

viii Contents RiskIdentification... 45 Qualitative Risk Analysis... 46 Quantitative Risk Analysis... 46 Risk Response Planning.... 47 RiskMonitoringandControl... 47 Project Management Tools... 48 Simulation Models of Project Management Risk...... 49 GovernmentalProject... 51 Conclusions...... 54 Notes... 55 5 Natural Disaster Risk Management... 57 Emergency Risk Management in China... 58 Natural Disaster and Financial Risk Management... 59 NaturalDisasterRiskandFirmValue... 62 Financial Issues... 64 SystematicandUnsystematicRisk... 65 InvestmentEvaluation... 66 StrategicInvestment... 66 Risk Management and Compliance... 67 Conclusions...... 67 Notes... 68 6 Disaster Risk Management in China... 71 Chinese Earthquake Disaster Management..... 72 Earthquake Response..... 73 Chinese Earthquake Response..... 76 Database Support... 76 Example Database Support... 77 Data Mining Support... 78 Data Mining Process..... 78 Quantitative Model Support... 80 Example Emergency Management Support Systems..... 81 RODOS System for Nuclear Remediation.... 83 Chinese Catastrophe Bond Modeling... 84 Conclusions...... 88 Notes... 88 7 Value-Focused Supply Chain Risk Analysis... 91 HierarchyStructuring... 91 Hierarchy Development Process.... 93 Suggestions for Cases Where Preferential Independence Is Absent. 95 Multiattribute Analysis.... 95 The SMART Technique..... 95 Plant Siting Decision..... 97 Conclusions...... 100 Notes... 101

Contents ix 8 Examples of Supply Chain Decisions Trading Off Criteria... 103 Case 1: Blackhurst et al. (2008)...... 103 ValueAnalysis... 105 Case 2: Wu et al. (2006)..... 105 ValueAnalysis... 106 Case 3: Kull and Talluri (2008)...... 107 ValueAnalysis... 108 Case 4: Schoenherr et al. (2008)...... 109 ValueAnalysis... 110 Case 5: Gaudenzi and Borghesi (2006)... 111 ValueAnalysis... 113 Conclusions...... 114 Notes... 114 9 Simulation of Supply Chain Risk... 115 InventorySystems... 115 Basic Inventory Simulation Model... 116 System Dynamics Modeling of Supply Chains... 119 PullSystem... 121 PushSystem... 124 MonteCarloSimulationforAnalysis... 127 Notes... 130 10 Value at Risk... 131 Definition... 131 TheUseofValueatRisk... 132 HistoricalSimulation... 133 Variance-Covariance Approach..... 134 MonteCarloSimulationofVaR... 135 The Simulation Process.... 135 DemonstrationofVaRSimulation... 136 Conclusions...... 140 Notes... 141 11 Chance Constrained Programming... 143 Chance Constrained Applications..... 144 PortfolioSelection... 145 Demonstration of Chance Constrained Programming..... 147 Maximize Expected Value of Probabilistic Function.... 147 Minimize Variance...... 148 Solution Procedure...... 149 Maximize Probability of Satisfying Chance Constraint...... 150 RealStockData... 150 Chance Constrained Model Results... 153 Conclusions...... 156 Notes... 156

x Contents 12 Data Envelopment Analysis in Enterprise Risk Management... 159 BasicData... 159 Multiple Criteria Models..... 161 Scales... 162 Stochastic Mathematical Formulation... 162 DEA Models...... 167 Conclusions...... 168 Notes... 169 13 Portfolio Selection Under Fuzzy and Stochastic Uncertainty... 171 Fuzzy Random Variables.... 172 Expected Value for a Fuzzy Random Variable... 172 The λ Mean Ranking Method...... 172 HybridEntropy... 173 Possibility Theory... 174 Possibilistic Mean Value and Variance...... 174 Mean Variance Portfolio Selection Model with Safety-First.... 175 HybridEntropyBasedPortfolioSelection... 176 ReturnOptimization... 176 NumericalExample... 180 Conclusions...... 182 Notes... 183 14 Business Scorecard Analysis to Measure Enterprise Risk Performance... 185 ERM and Balanced Scorecards...... 186 Small Business Scorecard Analysis.... 188 ERM Performance Measurement.... 188 Data... 189 ResultsandDiscussion... 190 Conclusions...... 194 Notes... 194 References... 197 Index... 209

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback