Resilience as a means to analyze business processes on the structure of vulnerability

(1)

Resilience as a means to analyze business processes on the

structure of vulnerability

Citation for published version (APA):

Gifun, J. (2010). Resilience as a means to analyze business processes on the structure of vulnerability. Technische Universiteit Eindhoven. https://doi.org/10.6100/IR675415

DOI:

10.6100/IR675415

Document status and date: Published: 01/01/2010

Document Version:

Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers)

Please check the document version of this publication:

• A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website.

• The final author version and the galley proof are versions of the publication after peer review.

• The final published version features the final layout of the paper including the volume, issue and page numbers.

Link to publication

General rights

Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain

• You may freely distribute the URL identifying the publication in the public portal.

If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the “Taverne” license above, please follow below link for the End User Agreement:

www.tue.nl/taverne

Take down policy

If you believe that this document breaches copyright please contact us at:

openaccess@tue.nl

providing details and we will investigate your claim.

(2)

Resilience as a Means to Analyze Business Processes

on the Structure of Vulnerability

PROEFSCHRIFT

ter verkrijging van de graad van doctor aan de

Technische

Universiteit

Eindhoven, op gezag van de

rector magnificus, prof.dr.ir. C.J. van Duijn, voor een

commissie

aangewezen

door het College voor

Promoties in het openbaar te verdedigen

op woensdag 30 juni 2010 om 16.00 uur

door

Joseph Frederick Gifun

(3)

Dit proefschrift is goedgekeurd door de promotoren:

prof.dr.ir. A.C. Brombacher

en

prof.dr. D.M. Karydas

Copromotor:

dr.ir. J.L. Rouvroye

retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the

copyright owner.

A catalogue record is available from the Eindhoven University of Technology Library ISBN: 978-90-386-2268-2

Printed by: University Printing Office, Eindhoven Cover design by: Paul Verspaget

(4)

iii

Acknowledgements

So many people have contributed to this body of work that I harbor the fear that I might miss thanking everyone. If the reader finds that my fear is founded in truth I apologize, the failure is mine alone to bear.

I am humbled and eternally grateful to Jane, my wife, for enduring much during the past few years and for doing so with love, considerable poise, understanding, and a resolute positive attitude.

I am indebted to the members of my dissertation committee; Professor Dimitrios Karydas for sharing his knowledge in many things, his dedication to my doctoral learning and research experience, his faith in my ability, but most of all his friendship; Professor Aarnout

Brombacher for his direct and kind critique of my work and his steadfast support during the entire process; Dr. Jan Rouvroye for his attention to detail, his knowledge of and ability to navigate confusing and complex processes, and for his language translation assistance; Professor George Apostolakis for demonstrating his confidence in me by granting me the opportunity to participate in his graduate students’ research and to engage his students in mine, their tough questions caused me to think much harder and learn more; and Professor Jan de Jonge and Professor Hans Pasman for their thought provoking questions and detailed comments on this dissertation.

I send many thanks to the anonymous workshop participants for their generosity and candor. Your participation made all the difference.

Thank you, thank you, thank you to Aunt Mary for her generosity, encouragement, and whose remedy for writer’s block, setbacks, and frustration is a batch of freshly baked hermits. During the years of work behind this dissertation I ate many.

It is my pleasure to thank Vicky Sirianni, an extraordinary person and leader who has helped so many people see the untapped possibilities they had within. I am honored that she took the time to convince me that there were a few within me too.

(5)

iv

My gratitude extends to the MIT DRU project team, Bill VanSchalkwyk, Susan Leite, Dave Barber, Bill McShea, and Jerry Isaacson with special thanks to Hua Li a great thinking partner from whom I learned so much.

Thanks to Jim Wallace for his support and for sharing his personal experiences regarding balancing the daily obligations of family and work with the demands of doctoral study. I value all that I learned about organizational leadership, process, behavior, and internal politics from Professor Jim Bruce. I am grateful to have learned by his example that a clever technical solution is incomplete if people affected by the solution have not participated in its development.

I am grateful to Dr. Barbara Ash for convincing an old buck like me that I should become a student once again. While I expected that the younger students might benefit from my experience I did not expect that I would learn much more than I contributed.

Special thanks to Dr. Carol Zulauf whose enthusiasm in organizational learning and systems thinking is infectious. I learned that systems can be difficult to understand completely but they are knowable if one is willing to put aside preconceptions and focus on uncovering the truth.

Thank you to Dottie Winn for her unflagging support and considerable knowledge of the state and national political landscape.

I am grateful to Walt Henry for the example of excellence that he demonstrates daily and his words of encouragement.

And thanks to Dick Amster, William Elliot, Joe Pinciaro, my colleagues, my friends at Perfecto’s Caffe, and so many others for their support and at times, words of comfort.

This dissertation is dedicated to Dr. Charles “Chuck” Devoe whose words of wisdom, humor, and encouragement always came when I needed them most.

(6)

v

Resilience as a Means to Analyze Business Processes

on the Structure of Vulnerability

Summary

The impact of global societal trends regarding product reliability provides society with great benefits and yet comes with the consequence of increased organizational vulnerability. The goal of this research was to examine these issues and develop the means for organizations to mitigate the potential negative effects of disturbances from within and external to the

organization for the purpose of sustaining organizational resilience. As a result of this research the Highly Reliable Resilient Organization (HRRO) methodology was developed to provide a consistent and customizable methodology to assess organizational vulnerability. The purpose of this methodology is to determine current and potential levels of vulnerability and to select and prioritize vulnerability elimination and mitigation initiatives and projects using pre-established monetary and non-monetary factors. Moreover, the HRRO

methodology provides the means to identify, define, and assess the prerequisite criteria of an organization that enable it to be resilient. These prerequisite criteria are the foundation for the organization’s core function; its culture, its ability to manage risk, and its governing

processes, i.e. its ability to be resilient, or at the very least available to fulfill monetary and non-monetary goals and enjoy a better chance for sustained viability. The HRRO

methodology is a generalizable analytic-deliberative process that was validated by

stakeholders, nine well known organizational models, a prioritization methodology that has been in use for several years, independent case studies, and an independent and widely used location risk quality benchmarking algorithm. To foster sustained use, the HRRO

methodology strikes a balance between complexity and simplicity, i.e. the model is sufficiently comprehensive to reflect reality and sufficiently simple to be manageable. The methodology used in this dissertation is based upon transformative-reflective design processes. The first step in this process was, in this case, the creation of a construct that was analyzed, validated and adapted during subsequent steps.

(7)

(8)

vii

Preface

This dissertation is directed to organizational resilience by the assessment of the vulnerability of complex technical operational systems, the relative comparison of vulnerabilities, and the prioritization of vulnerability elimination and mitigation efforts. A practical objective of this research was to identify, analyze, and incorporate as many existing organizational models and methods as was needed. Although the models analyzed within were suitable for their intended purposes they were deficient in terms of the organizational prerequisites needed to enable resiliency. These deficiencies were the motivation for the development of the Highly Reliable Resilient Organization (HRRO) methodology. However, two of the criteria within the HRRO methodology are rated by acquired existing methods. Because of the requirement to

customize the HRRO methodology for specific organizations one may find and incorporate different and more suitable methods for other applications. The HRRO methodology was designed with the flexibility for customization.

This dissertation is presented as follows.

Chapter 1 establishes the context for the research described herein by providing an example of the pervasiveness and magnitude of organizational vulnerability and the overall negative effect thereon by societal trends for reliability. This chapter also provides the reader with definitions of primary terms and concepts, a brief historic overview, and several success stories.

Chapter 2 focuses on the reason organizational vulnerability is a problem and identifies and explains the sources of vulnerability including inherent vulnerabilities, the multi-domain nature of the problem of vulnerability, and the deleterious effects that can be caused by cognitive bias. The research questions answered by this dissertation are included. Chapter 3 describes the process used to accomplish the research within this dissertation. Chapter 4 describes the development of the Highly Reliable Resilient Organization (HRRO) methodology by examining existing organizational models and extracting relevant criteria. This chapter also describes the stakeholder workshop process and aspects of the HRRO

(9)

viii

methodology such as its constructed scales and survey forms. Supporting examples from results achieved by stakeholder workshops are provided wherever applicable.

Chapter 5 describes the use of the HRRO methodology by way of flowcharts showing several applications of the methodology as means to assess and prioritize; including the use of

benefit-to-cost concepts.

Chapter 6 is devoted to discussions validating the methodology by way of relevant literature, the author’s experiences, case studies, a comparison made using a complex and independent risk quality benchmarking algorithm, and user feedback.

Chapter 7 presents the conclusion of this research by way of the answers to the research questions, commentary regarding generalizability of the HRRO methodology, and recommendations for related future research.

Appendices provide information that is necessary to this dissertation yet so voluminous that the reader could find the dissertation difficult to follow. These appendices show the results of the mapping exercise to determine the effect of societal trends on vulnerability, descriptions of organizational models used to create the HRRO methodology, workshop results, various worksheets used to develop the HRRO methodology, constructed scales, the complete set of stakeholder survey forms, stakeholder feedback, and several case studies used to support the validity of this research.

(10)

ix

List of figures

Figure 1 HRRO hierarchical tree 38

Figure 2 Example: constructed scale for safety culture based on Hearts

and Minds 43

Figure 3 Example: safety culture survey form based on Hearts and Minds 45

Figure 4 HRRO process flowchart for baseline assessment purposes 50

Figure 5 HRRO process flowchart for estimating effect of potential

disturbance of prerequisite organizational criteria 50

Figure 6 HRRO process flowchart for organizational improvement

prioritization purposes 52

Figure 7 Disturbance elimination and mitigation project prioritization

Process 55

Figure 8 Implied HRO hierarchical tree 108

Figure 9 Implied DRU hierarchical tree 113

Figure 10 DRU at MIT framework 116

Figure 11 ERM objectives, components, and units 126

Figure 12 Hierarchical tree, (partially shown), Risk-based Process

Safety 129

Figure 13 Reactor Oversight Process 130

Figure 14 The health, safety, and environment culture ladder 135

Figure 15 Hearts and Minds hierarchical tree 136

Figure 16 HRDRO hierarchical tree (max score = 1.00) 183

Figure 17 HRDRO hierarchical tree (max score = 100) 184

Figure 18 HRRO constructed scales 195

(14)

xiii

List of tables

Table 1 Mapping of vulnerabilities, General Motors, to reliability trends

(sample) 11

Table 2 Example: biased assessment of covariation 15

Table 3 Mapping of decision-making styles to requirements 23

Table 4 Mapping of decision-making models to requirements 25

Table 5 Analysis by model decomposition for Risk-based Process

Safety 28

Table 6 Example of themes derived from criteria by category and

application 29

Table 7 Summary criteria numbers by themes 30

Table 8 Categories and applications 40

Table 9 Stakeholder summary sheet – Assessor A 47

Table 10 Prioritized criteria improvement opportunities from second

workshop (without deliberation) 61

Table 11 Comparison of recommendations from Baker Panel report and

HRRO 66

Table 12 Comparison of recommendations from COT Institute for

Security and Crisis Management and HRRO 68

Table 13 Comparison of recommendations from Ernst and Young and

HRRO 69

Table 14 Mapping of vulnerabilities, General Motors, to reliability trends 87

Table 15 Impact on People 109

Table 16 Corrective example based on Li et al 120

Table 17 Performance indicator, initiating events 131

Table 18 High Reliability Organization, analysis of model decomposition

and criteria 145

Table 19 Disaster Resistant University, analysis of model decomposition

and criteria 149

Table 20 Disaster Resistant University @ MIT, analysis of model decomposition

(15)

xiv

Table 21 Resilient Enterprise, analysis of model decomposition

and criteria 151

Table 22 Enterprise Risk Management, analysis of model decomposition

and criteria 155

Table 23 Risk-Based Process Safety, analysis of model decomposition

and criteria 160

Table 24 Reactor Oversight Process, analysis of model decomposition

and criteria 162

Table 25 Hearts and Minds, analysis of model decomposition

and criteria 163

Table 26 Business Continuity Planning, analysis of model decomposition

and criteria 166

Table 27 Decomposition of models to extract themes 168

Table 28 Summary: Criteria Number by Theme 176

Table 29 Assessor responses and priority 193

Table 30 Chronology 230

Table 31 Compilation of stakeholder feedback 233

Table 32 Comparison of recommendations from Baker Panel report and

HRRO 237

Table 33 Comparison of recommendations from COT Institute for

Security and Crisis Management and HRRO 243

Table 34 Comparison of recommendations from Ernst and Young

(16)

xv

External publications related to the dissertation

The following publications refer to prior research in which the author had participated.

References to these works are made in this dissertation wherever each publication specifically applies. Moreover, as these works represent the author’s journey in the subjects of

organizational vulnerability and risk-informed decision-making they are considered to be overarching influences.

Gifun, J. F., & Karydas, D. M. (2010). Organizational attributes of highly reliable complex systems. Quality Reliability Engineering International, 26(1), 53-62.

Karydas, D. M., & Gifun, J. F. (2006). A method for the efficient prioritization of infrastructure renewal projects. Reliability Engineering & System Safety, 91(1), 84-99. Gifun, J. F., Karydas, D. M., Brombacher, A. C., & Rouvroye, J. L. (Submitted for publication). Resilience as a means to analyze business processes on the structure of vulnerability.

Li, H., Apostolakis, G. E., Gifun, J. F., VanSchalkwyk, W., Leite, S., & Barber, D. (2009). Ranking the risks from multiple hazards in a small community. Risk Analysis, 29(3), 438-456.

(17)

xvi

Acronyms

AHP Analytic Hierarchy Process

BCP Business Continuity Planning

BCR DRU

Benefit-to-cost ratio

Disaster Resistant University

ERM Enterprise Risk Management

FEMA Federal Emergency Management Administration

FY Fiscal Year

H&M Hearts and Minds

HRRO Highly Reliable Resilient Organization

HRO High Reliability Organization

MAUT Multi-Attribute Utility Theory

MIT Massachusetts Institute of Technology

RBPS Risk-Based Process Safety

RE Resilient Enterprise

(18)

xvii

Glossary

Analytic hierarchy Process: AHP is a method where the criteria of a decision are arranged in a hierarchy and weighted according to a 1 to 9 scale. This scale provides the means for decision maker to assign a degree of preference of the criteria relatively by way of pairwise comparisons. The numerals 1 to 9 indicate the extremes of the scale where 1 represents equal preference and 9 represents absolute preference of one criterion to another. Numerals between 1 and 9 represent intermediate levels of preference. The result of each pairwise comparison is placed in a square matrix and squared until the difference of normalized row sums of sequential iterations equals or closely approximates zero. Once achieved, the values in the normalized row sums represent the matrix’s eigenvector and the weight of each attribute relative to each other (Saaty, 1980).

Cognitive bias: A distorted perception of reality caused by beliefs of the likelihood of uncertain events. Occasionally such beliefs are expressed numerically as subjective probabilities and to reduce the complex tasks associated with assessing probabilities and predicting values to simpler judgmental operations, heuristics are employed. While economical in the decision-making process the reliance on heuristics can result in poor decisions when situations are overly simplified and important data is not considered (Tversky & Kahneman, 1974).

Complex system: To explain the difference between simple and complex systems, the terms interconnected or interwoven are somehow essential. Qualitatively, to understand the behavior of a complex system we must understand not only the behavior of the parts but how they act together to form the behavior of the whole. It is because we cannot describe the whole without describing each part, and because each part must be described in relation to other parts, that complex systems are difficult to understand. This is relevant to another definition of complex: not easy to understand or analyze (Bar-Yam, 1997). A system is complex if it consists of diverse agents who are connected whose behaviors and actions are interdependent and who adapt (Page, 2009).

(19)

xviii

Disturbance: A generic term used to denote an unintended interruption or variation in regular process or system state. Disturbance refers to the result caused by any credible agent that could upset or adversely influence the core business of an organization or actual does so.

Hazard: A generic term used to denote natural or human induced threats including but not limited to flood, earthquake, influenza, fire, and terrorism.

Impact: According to the Commission of the European Communities’ Green Paper on the European Programme for Critical Infrastructure Protection (Commission of the European Communities, 2005):

Impacts are the total sum of the different effects of an incident that take into account at least the following qualitative and quantitative effects:

• Scope: The loss of a critical infrastructure element is rated by the extent of the geographic area which could be affected by its loss or unavailability - international, national, regional or local.

• Severity: The degree of the loss. Among the criteria which can be used to assess impact are:

o Public (number of population affected, loss of life, medical illness, serious injury, evacuation);

o Economic (effect on gross domestic product, significance of economic loss and/or degradation of products or services, interruption of transport or energy services, water or food shortages);

o Environment (effect on the public and surrounding location); o Interdependency (between other critical infrastructure elements). o Political effects (confidence in the ability of government);

o Psychological effects (may escalate otherwise minor events) both during and after the incident and at different spatial levels (e.g. local, regional, national and international).

• Effects of time: This criterion ascertains at what point the loss of an element could have a serious impact (i.e. immediate, 24-48 hours, one week, other).

(20)

xix

Model: A representation of a system that allows for investigation of the properties of the system and, in some cases, prediction of future outcomes (Investorwords, n.d.).

Organization: An organization, a group of people intentionally organized to accomplish an overall common goal or set of goals, is a system of systems, an organized collection of parts that are highly integrated in order to accomplish said overall goal. Feedback among the various parts ensures that they are and remain aligned. The system has various inputs which are processed to produce certain outputs that together, accomplish the overall goal desired by the organization. Inputs include resources, i.e. raw materials; money,

technologies, and people. Outputs are 1) tangible results produced by the system’s

processes, i.e. products or services for consumers and 2) benefits for consumers, e.g. jobs for workers and enhanced quality of life for customers.

An organization operates according to an overall purpose or mission and culture. Organizations consist of numerous subsystems, e.g. departments, programs, projects, teams, and processes, each with its own boundaries, inputs, processes, outputs, and outcomes. The organization is defined by its legal documents (e.g. articles of

incorporation and bylaws), mission, goals and strategies, policies and procedures, and operating manuals and is depicted by its organizational charts, job descriptions, and marketing materials. Furthermore, the organizational system is maintained or controlled by policies and procedures, budgets, information management systems, quality

management systems, and performance review systems (McNamara, n.d.). Reliability: The ability of a [system] to perform a required function, under given

environmental and operational conditions and for a stated time (Murthy, Rausand, & Osteras, 2008).

Resilience: The ability of a system to withstand a major disruption within acceptable degradation parameters and to recover within an acceptable time and composite costs and risks (Haimes, 2009).

Stakeholder: The individuals and organizations that could benefit from a decision and the individuals and organizations that could be affected by a decision (Accorsi, Zio, &

(21)

xx

investors, society, customers and suppliers, employees and subcontractors, and local communities (Solvay S.A., n.d.). In this dissertation the term stakeholder is used in the generic case as well as when referring to the participants in the first workshop. Assessor is a synonymous term and is used to differentiate stakeholders who participated in the second workshop.

Technical Operational System: an organizational system that uses technology in its day-to-day activities.

Threat: The intent and capability to adversely affect (cause harm or damage to) the system by adversely changing its states (National Research Council, 1996).

Vulnerability: Vulnerability is a characteristic of a critical infrastructure’s design,

implementation, or operation that renders it susceptible to destruction or incapacitation by a threat (International Risk Governance Council, 2006; President's Commission on Critical Infrastructure Protection, 1997).

(22)

1

Chapter 1 Context

This chapter provides the reader with a glimpse of the current state of organizational

resilience and vulnerability knowledge and introduces the effect of technology trends thereon as the motivation for this research. Several terms and concepts are defined in the manner that they are used throughout this dissertation. Also several cases describing the benefit of

mitigating the potential impact of risk are provided as successful examples where

organizations addressed threats to resilience and vulnerability in a preemptive manner. The intent of this chapter is to provide the reader with a sense of the author’s motivation for this dissertation.

1.1 Trends and consequences

Our global society is faced with four trends regarding product reliability (Brombacher, de Graef, den Ouden, Minderhoud, & Lu, 2001):

1) The increasing integration of (increasingly complex) technology in our society and the increasing expectation of users that these systems will function at all times 2) The increasing dynamics of business processes where stability (due to ever changing

economic demands) and overview (due to globalization and outsourcing) are hard to establish

3) The increasing role of information and communications technology and the increasing dependence on computer systems by society

4) The increasing withdrawal of government from the social infrastructure in favor of private business. For example, non-government control of the internet

Society has gained many benefits from technology and the inclusion of thoughts and actions from people throughout the world; however, such benefits come with consequences;

increasing complexity, unpredictability, vulnerability, and the ease by which a disturbance can propagate through a system. While both trends and consequences apply to individuals and organizations this dissertation focuses on vulnerability within organizations and leaves the several combinations of trends and consequences to future research. The potential effect of these trends on organizational vulnerabilities is discussed in detail in §2.1.

(23)

2 1.2 Primary terms and concepts

To align reader with the author’s intent a few definitions of terms and concepts used in this dissertation are in order: These terms are shown directly below and supplement those provided in the glossary.

• Complexity: an inherent state of an organization that is a group of diverse, interacting, interrelated, interdependent, and adaptive agents [that include components and criteria or attributes, physical and intangible, to form a unified whole] (Page, 2009).

• Unpredictability: a state of difficulty foreseeing, declaring or indicating in advance, a specific outcome on the basis of observation, experience, or scientific reason (Merriam-Webster, 2010). Organizations that do not even attempt to predict the risk of a disturbance by way of identifying and analyzing the potential for the disturbance to occur and the potential consequences that could result, and then take measures to eliminate or mitigate the impact of the disturbance

preemptively will most likely suffer therefrom (ASIS International, 2009; British Standards Institute, 2006).

• Vulnerability: a characteristic of a critical infrastructure’s design, implementation, or operation that renders it susceptible to destruction or incapacitation by a threat (International Risk Governance Council, 2006; President's Commission on Critical Infrastructure Protection, 1997). Thus, organizations with high levels of vulnerability recover less quickly, or not at all, and spend more money to do so when compared to organizations with low levels of vulnerability [resilience] (Sheffi, 2005). Organizations are at risk for spending money inappropriately or making ineffective funding choices when such actions or inactions drain monetary resources from core business needs and reserves for contingencies and the

recovery from disturbances.

• Propagation: the measure of the depth a disturbance passes into an organizational system. The safety and risk management literature contains many examples of relatively small and in some instances unpredictable or difficult to predict

(24)

3

disturbances that have resulted in catastrophic results because the disturbance had the ability to pass unchecked deep into the system. A classic example tells of a March 2000 lightning strike that caused a fire in a Philips’ semiconductor fabrication plant in New Mexico that was extinguished in 10 minutes and yet caused a shift in the balance of corporate power between Ericsson, Philips’s radio frequency chip customer, and Nokia, Ericsson’s competitor. The impact of the shutdown of the Philips plant took more than nine months to resolve and at the end of 2000 Ericsson announced a $2.34 billion loss in its mobile phone division where at least $400 million is due to loss of potential revenue directly attributed to the cascading results of the fire while Nokia took over a major part of the

market.(Latour, 2001). 1.3 Targeted historic overview

The following represents a short targeted portion of the history of risk management as the first of two examples of the reason organizations are subject to vulnerability and the need for its elimination or mitigation. The second example is introduced and explained in §2.1. In 2002 a McKinsey & Company survey found that due to nonexistent or ineffective risk management processes, extra-financial risks received only anecdotal treatment in the board room (Felton & Watson, 2002) as cited in (Tonello & Brancato, 2007). In 2004 The

Conference Board conducted research on 271 companies and found that despite a positive disposition toward Enterprise Risk Management (ERM) most firms were in the early stages of designing a comprehensive risk management structure where only 18% had the most basic elements in place, 16% had integrated advanced ERM thinking into business practices, and 4% of responders had addressed performance metrics or compensation policies (Gates & Hexter, 2005) as cited in (Brancato, Tonello, Hexter, & Newman, 2006). In 2004

PricewaterhouseCoopers found that 20% of 1,400 chief executives surveyed reported that they understood their accountability with respect to managing business risk

(PricewaterhouseCoopers, 2004). In June 2006 The Conference Board and McKinsey & Company and KPMG’s Audit Committee Institute showed that few executives can point to the use of robust ERM techniques by their companies (Brancato et al., 2006). From these results, while one can conclude that corporate executives understand the need to mitigate or eliminate vulnerability they give little attention to implementing vulnerability elimination and

(25)

4

mitigation efforts. Thus, while most likely not the intent of these corporate executives, the little attention given to identifying, analyzing, eliminating and mitigating vulnerabilities makes their organizations vulnerable.

1.4 Success stories

While the safety and risk management literature is rich with failures and dreadful accidents resulting in deaths, injuries, large monetary losses, and protracted legal proceedings all is not hopeless as there are organizations that have dealt well with the potential for vulnerability; several examples are provided below.

Mount Pinatubo

On the morning of June 15, 1991, Mount Pinatubo on the island of Luzon in the Philippines erupted. In anticipation of such a possibility due to a series of small steam-blast explosions, monitoring equipment was put in place in April 1991 by the Philippine Institute of

Volcanology and Seismology and the U.S. Geological Survey. The purpose of monitoring volcanic activity was to mitigate vulnerability by providing advance knowledge of an

eruption so that evacuations could be undertaken and protective measures put in place before the eruption commenced. The advanced notice and preemptive implementation of protective measures saved the lives of 5,000 to 20,000 people and avoided property losses estimated to be between $350 million and $475 million. The cost to monitor the volcano, protect property, and evacuate people amounted to $56 million (United States Geological Survey, 2005). Flood Hazard Mitigation in North Carolina

The state of North Carolina has a long history of destruction by hurricanes because its protruding coastline falls in line with the track for tropical cyclones that curve northward in the western Atlantic Ocean. A hurricane or tropical storm makes landfall in North Carolina on the average of once every 4 years and a tropical cyclone affects the state every 1.3 years (State Climate Office of North Carolina, n.d.).The federally funded Hazard Mitigation Grant Program provided matching funds to the State of North Carolina to elevate structures above flood water levels and prior to Hurricane Isabel (category 2) in 2003 182 structures had been elevated. In Belhaven, North Carolina the cost to mitigate the damage from flooding caused

(26)

5

by hurricanes was $7.1 million and the losses avoided by Hurricane Isabel alone were $2.6 million (Flood Insurance and Mitigation Division, n.d.). If one assumes that the life-cycle of the construction required to raise the structures above flood waters is 20 years, a hurricane similar to Isabella occurs every 4 years of the life-cycle, losses due to each storm occurrence are $2.6 million, and the discount rate is 2% then the present value of the avoided risk is $12.91 million. A similar case can be made for efforts undertaken in Kinston, North Carolina where 100 homes were acquired and demolished prior to Hurricane Floyd in September 22, 1999 saving $6.4 million in avoided losses for a cost of $2.1 million (Division of Emergency Management, 2002).

Nokia

The shift in market share described in §1.2 highlights Nokia’s ability to manage risk particularly its ability to identify and analyze potential disturbances and develop and implement solutions. That is once the extent and potential effect of the disturbance on Nokia’s production capability became known Nokia focused efforts aggressively on acquiring radio frequency chips from Philips and other suppliers with whom Nokia had relationships. The result being that Nokia’s share in the world handset market increased from 27% to 30% while Ericsson’s fell from 12% to 9% (Latour, 2001).

United States Coast Guard and Hurricane Katrina

Success regarding diminishing the vulnerability for others was exemplified by the preparation for and execution of emergency response activities by the United States Coast Guard for Hurricane Katrina in 2005. The Coast Guard’s ability to be flexible and decentralized and take measured risks set it apart from the sluggish centralized bureaucracy of the Department of Homeland Security of which it is part thereof. Prior to the strike of Hurricane Katrina and before the mandatory evacuation order given by the mayor of New Orleans the Coast Guard, mitigating vulnerability to its assets, moved personnel and equipment out of the area so that it could be moved back in behind the storm no matter which direction it took. The Coast Guard gives extraordinary responsibility to enlisted personnel so decisions can be made quickly by the person closest to the situation. Despite the fact that almost half of Coast Guard personnel lost their own homes due to the hurricane they rescued or evacuated 33,500 people (Ripley, 2005).

(27)

6 Incident Command System

The incident command system (ICS) is an emergence response and management structure currently used in the United States by federal and state public safety agencies; municipal police, fire, and public works departments; and many other organizations, including universities. ICS enables the control the temporary systems deployed to manage personnel and equipment at a wide range of emergencies that could require expansion, contraction, or modification of response assets. ICS was the result of knowledge gained from the harmful disorder that occurred among various organizations during the suppression of extensive wildland fires in California during the 1970s. The ICS is a formal hierarchical structure that consists of five major functions: command, planning, operations, logistics, and finance and administration and is modifiable and scalable to any type of emergency. It represented a significant departure from previous large-scale emergency management methods and since its inception in the 1970s it has been tested broadly by way of actual events, modified

accordingly, and because of its demonstrated success it is now required by the Federal government for state, local, or tribal entities as a condition for Federal preparedness

assistance under the National Incident Management System (Bigley & Roberts, 2001; Ridge, 2004).

1.5 Chapter Summary

Organizations are vulnerable because of the inherent complex nature of organizational systems, the unpredictability of potential disturbances, and the uncertain path a disturbance may take into an organization as well as the confounding effect of societal trends regarding product reliability. The societal trends were introduced as they provide one with a way to test an organizational system in terms of the future and will be discussed in greater detail in Chapter 2. Astonishing results were presented from research by others for the purpose of bringing into the discussion the potential deleterious effect on an organization by

organizational leaders who are not aware of the risks their organizations face and the management efforts in place to counter such risk. The value of planning and preemptive action is one of the foundations of this dissertation and several successful examples were provided. These examples tell of the plans and preemptive actions put in place to mitigate the effects of a disturbance, e.g. the planning and staging operation by the United States Coast

(28)

7

Guard prior to the strike of Hurricane Katrina in 2005. Chapter 2 is founded on the reality presented in Chapter 1 and describes why organizational vulnerability is a problem.

(29)

(30)

9

Chapter 2 Why is organizational vulnerability a problem?

Discussed in this chapter are sources of vulnerability including external, internal, and inherent vulnerabilities such as vulnerabilities due to cognitive bias. A comprehensive list of vulnerabilities, compiled by General Motors, was mapped to the societal trends introduced in Chapter 1. The purpose of the mapping is to use the vulnerabilities provided by General Motors as an example to determine whether vulnerability would increase, decrease, or

remain the same should the manifestation of the societal trends occur. This chapter concludes with the research questions that were the motivation for this dissertation.

2.1 Sources of vulnerability Organizational vulnerability

Organizational vulnerability is a multi-domain problem. Organizations are vulnerable to disruptions that originate from directly identifiable causes internal and external to the organization and to disruptions that are due to the inherent characteristics of the

organizational system. Inherent vulnerability will be discussed in the following sub-section. Organizations are also vulnerable to the uncertainty associated with the magnitude of the disruption and its ability to propagate through the organizational system. The basis of Table 1 is a list of the types of vulnerabilities, internal and external, faced by General Motors (GM) (Elkins, 2003). Knowing that the list does not represent the vulnerabilities of every

organization the author suggests that it is comprehensive enough to familiarize the reader with a fundamental, albeit incomplete, list of organizational vulnerabilities. The original list was augmented to map each of GMs vulnerabilities against the societal trends introduced earlier in §1.1 for the purpose of determining whether organizational vulnerability is a valid problem. This analysis provides the second of two examples of the reason organizations are subject to vulnerability and the need for its elimination or mitigation. Table 1 should be read as follows; for each trend would organizational vulnerability due to; for example, disruptions to the organizations debt and credit rating; become more of an issue or get worse (indicated by -), become less of an issue or get better (indicated by +), or remain neutral (indicated by o) under trend 1, 2, 3, or 4 or any combination thereof. In this example the author believes that the societal trends 2 and 4, for the reasons stated in Table 1 could increase the level of

(31)

10

vulnerability for an organization should they occur. To refresh the reader’s mind the four trends regarding product reliability are (Brombacher, de Graef, den Ouden, Minderhoud, & Lu, 2001):

1) The increasing integration of (increasingly complex) technology in our society and the increasing expectation of users that these systems will function at all times 2) The increasing dynamics of business processes where stability (due to ever changing

economic demands) and overview (due to globalization and outsourcing) are hard to establish

3) The increasing role of information and communications technology and the increasing dependence on computer systems by society

4) The increasing withdrawal of government from the social infrastructure in favor of private business. For example, non-government control of the internet

The complete Table 1 reveals that the societal reliability trends affect the 105 vulnerabilities as follows; the vulnerability becomes more of an issue or gets worse 54, the vulnerability

becomes less of an issue or gets better 12, and the vulnerability remains neutral 14 times. In

25 instances vulnerabilities were affected by multiple trends, i.e. becomes more of an issue or

gets worse plus becomes less of an issue or gets better. Breakdown by individual trend is not

relevant to the present paper. Overwhelmingly the trends have a deleterious effect on the vulnerabilities identified by GM.

(32)

11 Vulnerability Trend 1 Trend 2 Trend 3 Trend 4 Reason (example)

Debt & credit

rating - -

Trend 2 - Negative interpretation of dynamical state of business by

conservative financial markets result in less flexibility regarding debt.

Trend 4 - Less government involvement results in increasing degradation of oversight, data collection capability, information transfer, and consistently applied controls

Health care &

pension costs - +

Trend 1 - More expensive treatment costs to offset drug and diagnostic equipment development costs. Higher costs passed to employers therefore fewer funds available for other employee benefits, e.g. pensions. Trend 4 - Less government involvement increases competition in the marketplace and results in lower costs

Uncompetitive

cost structure o o o o

Not related to trends as poorly priced products and services will not be competitive

Legend: - indicates that selected vulnerability becomes more of an issue or gets worse, + indicates that selected vulnerability becomes less of an issue or gets better, and o

indicates neutrality

Table 1 – Mapping of Vulnerabilities, General Motors, (Elkins, 2003) to Societal Reliability Trends (Brombacher et al., 2001) (sample, entire table in Appendix A) Inherent vulnerability

Organizations are subject to vulnerabilities from internal and external sources as well as vulnerabilities inherent to the organization. A discussion of internal and external sources of vulnerability was presented in the previous sub-section addressing organizational

vulnerability while a discussion related to inherent vulnerability, albeit a kind of organizational vulnerability is presented separately as follows. To be clear inherent

vulnerabilities are not to be confused with errors in the vulnerability assessment process but with vulnerabilities due to aspects of the system that make vulnerabilities hard to see due to system complexities such as the remoteness of interdependent operations and the negative effects imposed on the organizational system due to cognitive bias on organization leadership decisions.

(33)

12

While the list of vulnerabilities provided in Appendix A is fairly comprehensive it does not specifically identify sources of vulnerabilities that are inherent to systems both locally and remotely. For example, an earthquake occurring near the site of a manufacturer’s

organization, even if it does not cause physical damage to the organizations assets can damage transportation systems and hinder the movement of supplies, product, and personnel to and from their intended destinations or destroy the utility infrastructure that supports the manufacturer. Similarly, an earthquake could occur in the vicinity to the manufacturer’s primary supplier but remote to the manufacturer and still have devastating effects on the manufacturer’s ability to fulfill its core responsibilities by way of damage to the suppliers physical assets, transportation systems between the supplier and manufacturer, and utility infrastructures Organizational structures put in place because of manufacturing concepts such as lean manufacturing are particularly vulnerable, although the vulnerability is not intended. The reason is that lean organizations are designed to function at high levels of efficiency; however, when a disturbance occurs there is little or no slack in the system to accommodate the disturbance. For example, in the instance mentioned above where an earthquake, remote to both the supplier and manufacturer, prevents the movement of materials from the

supplier’s location to the manufacturing plant the impact to the manufacturer’s production capabilities could be devastating if an alternative supplier is not available. In this instance it is prudent to find a balance between organizational lean-ness and profit while taking into

consideration credible potential impact due to the potential occurrence of a particular vulnerability. Thus, to mitigate the vulnerability of material delivery interruption due to an earthquake a manufacturer should develop relationships with alternative suppliers, stock some materials on site, or a combination of both (Sheffi, 2005). Another example of vulnerability inherent to systems has to do with the desire for a company to provide its customers with a high level of support through unimpeded access to its employees and product information by way of the internet also provides access to individuals wishing to commit cyber crime.

Cognitive bias

A systematic approach such as the HRRO methodology also mitigates the destructive effects of cognitive bias (defined in the glossary of this dissertation) on behalf of the decision makers as cognitive biases can play a strong role in the decision-making process where they can

(34)

13

diminish the correctness of the decision. Thus, cognitive bias is a source of human error in the decision-making process, especially in decisions that are made by intuition and

inexperienced decision makers. With decisions that require consideration of various courses of action and their implications, a structured formal approach can help reduce the risk of error. Some of the more common cognitive biases are listed below.

1. Confirmation: The migration to evidence that supports a preexisting hypothesis. Not

only is this evidence found more persuasive and convincing, contradicting evidence is discounted (Roberto, 2009).

2. Overconfidence: Human beings are systematically over confident and optimistic in

their judgments (Roberto, 2009). Overconfidence occurs most often when the estimator lacks expertise or knowledge about the quantity they are estimating, thus fails to include all of the possibilities (Goodwin & Wright, 2000)

3. Sunk cost trap: The tendency for people to escalate commitment to a course of action

in which they have made substantial prior investments of time, money, and other resources (Roberto, 2009)

4. Availability bias: Ease of recall is not associated with probability, i.e. easily recalled

events are not necessarily highly probable. Also, easily imagined events are not necessarily the most probable, therefore associated risks could be overestimated and in situations where expertise is lacking, underestimated. In addition, current

information could be problematic in estimating quantities as decision makers may anchor on the current value and make insufficient adjustments for the anticipated effect of future conditions (Goodwin & Wright, 2000)

5. Illusory correlation: A form of the availability bias where fact less based

preconceptions could lead one to the wrong conclusion about the relationship between two variables when no causal relationship exists (Goodwin & Wright, 2000; Roberto, 2009). For example, if one had the opinion that foreign made products were less reliable; the frequency of unreliable foreign made products could be overestimated

6. Anchoring bias: Anchoring refers to the notion that we sometimes allow an initial

reference point to distort our estimates (Roberto, 2009). People tend to overestimate the probability of the occurrence of conjunctive events because they anchor on the probability of one of the events occurring. Overestimating probabilities for

(35)

14

tendency is to anchor on one event and underestimate the probability (Goodwin & Wright, 2000; Tversky & Kahneman, 1974)

7. Hindsight bias: The more time passes, the more that we think that we predicted, or

could have predicted, the eventual outcome to a situation (Roberto, 2009)

8. Egocentricism: When we attribute more credit and blame to ourselves for a particular

group or collective outcome than an outside party would attribute (Roberto, 2009)

9. Ignoring base-rate frequencies: People tend to base probability estimates on how

representative a subject or item is to descriptive information not the statistics representing the base-rates (Tversky & Kahneman, 1974)

10. Expecting sequences of events to appear random: When a sequence of events is

generated by random processes we expect the sequence to represent the characteristics of randomness. This bias could lead to errors in forecasts when data from few events is misinterpreted as representative of the systematic patterns of many events

(Goodwin & Wright, 2000)

11. Expecting chance to be self correcting: This is another consequence of the belief that

random sequences of events should be representative of what the random process is perceived to look like. For example, if a fair coin is tossed, given that no trickery is present, the probability of the occurrence of a head or tail is 0.5. In a sequence of tosses one expects the resulting number of heads and tails to be approximately equal. However, in a sequence of tosses resulting in heads, many people will think that the occurrence of a tail is overdue (Goodwin & Wright, 2000)

12. Ignoring regression to the mean: People expect extremes to be followed by similar

extremes; however, the unusual event is probably a result of a particularly favorable, or unfavorable, combination of chance factors which are unlikely to recur in the following period. Failure to consider this bias could result in overestimating or underestimating resources needed to address the most likely event (Tversky & Kahneman, 1974)

13. The conjunction fallacy: The co-occurrence of two events cannot be more probable

than each event on its own (Tversky & Kahneman, 1974)

14. Believing desirable outcomes are more probable: People tend to view desirable

outcomes as more probable than those which are undesirable (Goodwin & Wright, 2000)

15. Biased assessment of covariation: A bias similar to illusory correlation that can occur

(36)

15

or failed to occur together. For example, consider the following information, Table 2, based on the records of 27 patients:

Illness Present Illness Absent

Symptom Present 12 6

Symptom Absent 6 3

Table 2 – Example: Biased Assessment of Covariation

According to research by Arkes, Harkness, and Biber, as cited in Impediments to

Accurate Clinical Judgment and Possible Ways to Minimize Their Impact by H. Arkes

(Arkes, 1986), many people would conclude that there was a relationship between symptom and disease. In Table 2, the large value 12 and the suggestion that people only consider the frequency of cases where both symptom and disease are present creates the illusion of a relationship; however, the conditional probabilities reveal that the probability of a relationship between illness and symptom is 12/18 = 2/3 and the probability of no relationship between illness and symptom is 6/9 = 2/3. Therefore, the presence or absence of the symptom has no effect on the probability of having the illness.

The author observed the following instance of cognitive bias. The subject was an organizationally powerful and highly competent stakeholder (a secondary stakeholder

external to the process but a person who could enable the improvement of the process and its proliferation throughout the broader organization) who believed that the only viable method for selecting and funding projects was to initiate as many projects as could be afforded and to do so as quickly as possible. A method the stakeholder referred to as going after the low hanging fruit. In this instance the manifestation of the confirmation bias was observed. The stakeholder was comfortable in a discipline where quick response reflects due diligence. Thus, one should select projects that could be implemented quickly. While some of the low hanging fruit could have been projects that were low in cost and high in benefits there was no guarantee that this practice would result in funding and implementing the optimal set of projects based on the combination of benefit and cost. One might conclude that this stakeholder had adopted a satisficing strategy, i.e. a decision-making strategy where an

(37)

16

adequate non-optimal solution is acceptable, but because of this persons emphatic position in context of due diligence the author rejects this notion.

Some decision makers do not experience such judgment difficulties as shown above and in these situations cost can be considered an attribute within the hierarchical tree (Goodwin & Wright, 2000). Because of the uncertainty of knowing how well the decision-makers are able to judge costs versus intangible benefits, particularly in a group decision making process; the author recommends that monetary and non-monetary aspects be kept separate unless

experience with the decision makers proves otherwise. This process aligns with the

traditional concept of benefit-to-cost analysis where the goal is to maximize net benefits from an allocation of resources (Federal Highway Administration, 2007).

2.2 Research questions

The impact of vulnerability described in the historic overview regarding corporate leadership and ERM, the mapping example provided in Table 1, and the impact of vulnerability caused by inherent characteristics of systems support the conclusion that organizational vulnerability is a problem. Vulnerability presents a multi-domain problem whose magnitude and ability to penetrate into an organization is difficult to determine with certainty. Also, organizational vulnerability is hard for an organization’s leaders to support because the benefit-to-cost relationship of risk avoidance is hard to prove (Karydas & Rouvroye, 2006), information related to terrorism is impossible to get for the typical business organization (Pate-Cornell & Guikema, 2002), the impact of risks, especially large impacts, are perceived as rare events and ignored (Sheffi, 2005), and the role of cognitive bias in organizational decision-making is not often taken into consideration (Page, 2009).

The major contributions by this paper are the responses to the following research questions. 1. By what means can an organization systematically identify and assess and either

eliminate or mitigate vulnerability that takes into consideration prerequisite organizational factors and cost?

2. How would an organization prioritize vulnerability mitigation or elimination projects or initiatives

(38)

17 2.3 Chapter summary

Organizational vulnerability is a problem because if unaddressed the organizational system could suffer and in turn the organizations ability to fulfill its core responsibilities, e.g. the fabrication and delivery of a product to a customer. Organizations are systems of complex systems therefore knowing the vulnerabilities the organization could face, whether internal, external, or inherent are essential to the sustainability of the organization. The research questions at the conclusion of §2.2 target the underlying, prerequisite, organizational factors and practices that enable an organization to identify and assess and either eliminate or mitigate vulnerability. The methodology undertaken to accomplish this research is described in Chapter 3.

(39)

(40)

19

Chapter 3 Research methodology

This chapter describes the methodology undertaken to understand the magnitude of organizational vulnerability and decision-making processes in context of the stakeholders associated with the process. During the present phase of the research existing models were identified and analyzed for the purpose of determining whether they are suitable as models for examining vulnerability in context of organizational prerequisites in their entirety or whether they should be incorporated in a new model.

3.1 Methodology

To resolve the problems described in the previous chapter the main goal of the present research is to develop a systematic, consistent, and customizable methodology to assess organizational vulnerability for the purpose of supporting organization decision-making. A desired outcome of this methodology is the ability to determine current and potential levels of vulnerability and to select and prioritize vulnerability elimination and mitigation initiatives and projects using both monetary and non-monetary factors. The process behind this research consists of the ten major steps below.

1. Reflect on personal experience gained during 36 years of professional practice and reflections offered by others,

2. Review relevant literature

3. Identify requirements in context of user perspective

4. Identify and analyze decision-making styles for selection consideration 5. Map decision-making styles to requirements

6. Select decision-making process that fits requirements best

7. Identify and analyze decision-making models consistent with decision-making process

8. Map decision-making models to requirements 9. Develop new model that mitigates deficiencies, and; 10. Validate new model

(41)

20

Each of these steps will be explained in detail below or in appendices as referenced.

Step 1: Reflect on personal experience gained during 36 years of professional practice and reflections offered by others

This step provided the basis for this research, i.e. the author’s reflection upon experiences (sometimes painful) and learning acquired recently and over the years as a professional engineer and as a facility manager of an academic and research university. This step also incorporates invaluable reflections by other practitioners whether offered directly to or sought out by the author. Since the research process is iterative and took place over several years this step is considered overarching as experiences were recalled and reflected upon throughout the research.

Step 2: Review relevant literature

Like Step 1 the review of literature was an overarching activity as every newly discovered idea and journal article or recommendation offered by a practitioner resulted in deeper review of the relevant literature and learning.

Step 3: Identify requirements in context of user perspective

Knowing that the methodology would be validated by stakeholders the author, including the input from others, made a first pass at identifying its requirements using personal experience and relevant literature particular to organizational structure, reliability, and resilience as guides. These requirements are criteria an organization must possess as prerequisites in addition to those needed to conduct its core function. The intent was to put before the stakeholders text they could react to and revise, including discarding, if necessary. This process is explained in §4.3. The requirements and a brief description are provided as follows.

• Culture – the ability of the methodology to capture the degree the organization values

and protects its employees and how the employees value and protect the organization. Also, how the organization elicits ideas and feedback from employees and how the organization and employees learn from experiences,

(42)

21

• Risk management – use of the methodology to identify, analyze, eliminate, mitigate

risks including its ability to manage emergencies when they occur,

• Governance – application of the methodology as a means to measure an

organization’s overarching leadership and management structure including its functions, policies, and procedures,

• Expressed / expressible as hierarchical tree – the ease by which a methodology can be

structured in levels of attributes representing important aspects of the organization,

• Preemptive use – use of the methodology to predict the magnitude of an impact before

it occurs,

• Corrective use – use of the methodology as a means to determine the magnitude of an

impact after it occurs,

• Customizable – the ease by which the methodology can be modified to fit specific

user requirements,

• Defendable – a clearly defined process,

• Repeatable – the ability of the methodology to yield identical results when provided

with identical inputs,

• Implementable – the readiness by which the methodology can be put into practice in

an organization,

• Quantifiable – the outcome of a methodology where a numerical value provides a

decision makers with the means of comparing and selecting alternatives in relative terms,

• Systematic – structured logical approach, i.e. set of steps, and;

• Monetary application – the ability of the methodology to take into consideration cost.

Step 4: Identify and analyze decision-making styles for selection consideration Since most decision scenarios in organizations are participative to varying degrees four decision-making styles particular to participative process will be explained and then

evaluated (in Step 5) according to suitability to stakeholder requirements identified in Step 3. The four types of participative decision-making are (Daugherty, 1997):

(43)

22

• Autocratic – the leader maintains total control and ownership of the decision • Consultative – the leader encourages input from other participants regarding ideas,

perception, knowledge, and information but maintains total control of the decision and is the sole decision maker

• Democratic – the leader relinquishes control and lets other participants vote. While a decision can be rendered quickly no one takes responsibility for the decision

• Consensus – the leader gives up complete control and responsibility for the decision to all of the participants. All must agree and come to the same decision. While the decision process can be lengthy the best decisions are rendered because the skills and ideas of many people are involved

Step 5: Map decision-making styles to requirements

In Table 3 decision-making styles are mapped against requirements to determine the most beneficial style, i.e. to determine whether specific requirements are included in a specific decision-making style. For example the autocratic style defines an organizational structure with a single decision maker that does not take advantage of feedback from employees, thus the requirement of culture, as defined earlier, is not included. Table 3 reveals by a factor of 2 that the consensus decision-making style matches best with the requirements.

(44)

23

Decision-Making Styles

Requirements Autocratic Consultative Democratic Consensus

Culture (generic) - - + + Risk Management (generic) + + - + Governance (generic) + + - + Expressed or expressible as hierarchical tree - - - + Preemptive use + + + + Corrective use + + + + Customizable - - - + Defendable + + - + Repeatable - - - + Implementable + + + + Quantifiable - - - + Systematic - - - + Monetary application + + + + Ratio (number of responses reflecting inclusion) / (total possible responses) 0.54 0.54 0.38 1.0 Legend: + indicates that the selected decision-making style incorporates the specific requirement, - indicates that the selected decision-making style does not incorporate the specific requirement

Table 3 – Mapping of Decision-Making Styles to Requirements Step 6: Select decision-making process that fits requirements best

Multi-attribute utility decision support processes support consensus-based decision-making by including additive utility functions [such as the requirements listed above] and displays objectives and sub-objectives of the decision making process formatted in a hierarchical tree (Clemen, 1996). Thus, a methodology based on the principles of multi-attribute utility theory (MAUT) is preferred.

Resilience as a means to analyze business processes on the structure of vulnerability

Resilience as a means to analyze business processes on the

structure of vulnerability

Resilience as a Means to Analyze Business Processes

on the Structure of Vulnerability

PROEFSCHRIFT

ter verkrijging van de graad van doctor aan de

Technische

Universiteit

Eindhoven, op gezag van de

rector magnificus, prof.dr.ir. C.J. van Duijn, voor een

commissie

aangewezen

door het College voor

Promoties in het openbaar te verdedigen

op woensdag 30 juni 2010 om 16.00 uur

door

Joseph Frederick Gifun

Dit proefschrift is goedgekeurd door de promotoren:

prof.dr.ir. A.C. Brombacher

en

prof.dr. D.M. Karydas

Copromotor:

dr.ir. J.L. Rouvroye

Acknowledgements

Resilience as a Means to Analyze Business Processes

on the Structure of Vulnerability

Summary

Preface

Table of contents

List of figures

List of tables

External publications related to the dissertation

Acronyms

Glossary

Chapter 1 Context

Chapter 2 Why is organizational vulnerability a problem?

Chapter 3 Research methodology