Enterprise risk management has always been important. However, the events of the twenty-first century have made it even more critical. Nature has caused massive disruption, such as the tsunami that hit Fukushima in March 2011. Terrorism has seemed to be on the rise, with attacks occurring in the USA, Europe, and Russia with greater regularity, not to mention the even more common occurrences in the Middle East. Human activities meant to provide benefits such as food modification and medicine have led to unintended consequences. The generation of energy involves highly politicized trade-offs between efficient electricity and carbon emissions, with the macro-level risk of planetary survival at stake. Oil transport has experienced traumatic events to include the BP oil spill in 2010. Risks can arise in many facets of business. Businesses in fact exist to cope with risk in their area of specialization. But chief executive officers are responsible to deal with any risk fate throws at their organization.

The first edition of this book was published in 2010, reviewing models used in management of risk in nonfinancial disciplines. It focused more on application areas, to include management of supply chains, information systems, and projects. It included review of three basic types of models: multiple criteria analysis, probabilistic analysis, and business scorecards to monitor risk performance. This second edition focuses more on models, with the underlying assumption that they can be applied to some degree to risk management in any context. We have updated case examples and added data mining support tools. When we return to look at risk management contexts, we demonstrate use of models in these contexts. We have added chapters on sustainability and environmental damage and risk assessment.

The bulk of this book is devoted to presenting a number of operations research models that have been (or could be) applied to supply chain risk management. We begin with risk matrices, a simple way to sort out initial risk analysis. Then we discuss decision analysis models, focusing on Simple Multiattribute Rating Theory (SMART) models to better enable supply chain risk managers to trade off conflicting criteria of importance in their decisions. Monte Carlo simulation models are the obvious operations research tool appropriate for risk management. We demonstrate simulation models in supply chain contexts, to include calculation of value at risk. We then move to mathematical programming models, to include chance constrained programming, which incorporates probability into otherwise linear programming models, and data envelopment analysis. We also discuss data mining with respect to enterprise risk management. We close the modeling portion of the book with the use of business scorecard analysis in the context of supply chain enterprise risk management.

Chapters 11 through 15 discuss risk management contexts. Financial risk management has focused on banking, accounting, and finance. ¹ There are many good organizations that have done excellent work to aid organizations dealing with those specific forms of risk. This book focuses on other aspects of risk, to include information systems and project management to supplement prior focus on supply chain perspectives. ² We present more in-depth views of the perspective of supply chain risk management, to include frameworks and controls in the ERM process with respect to supply chains, information systems, and project management. We also discuss aspects of natural disaster management, as well as sustainability, and environmental damage aspects of risk management.

Operations research models have proven effective for over half a century. They have been and are being applied in risk management contexts worldwide. We hope that this book provides some view of how they can be applied by more readers faced with enterprise risk.