Abstract
The increasing development of trade activities and the high frequency of destructive events in the business environment have exposed organizations to various disruptions and operational risks that adversely affect their financial and operational performance. Organizations must, therefore, adopt enterprise risk management approaches to manage risks and prevent/mitigate potential losses. This study proposes a novel quantitative risk management framework based on organizational resilience and business continuity planning for service-based organizations. The proposed framework includes a multi-objective model to cope with disruptions by employing optimal preventive and mitigation action plans. The inherent uncertainty of parameters is tackled using a modified version of the light robust approach. This study aims to adopt an optimal portfolio of resilience strategies and business continuity plans to minimize the average loss in the organization’s operational performance and the total post-disruption recovery time and maximize the total recovery capability of the resilience strategies and continuity plans and the number of time intervals with desirable performance based on business continuity management indicators. An e-payment service provider is also examined as a case study to ensure the reliability and applicability of the proposed model. Based on the results, adopting proper resilience strategies and business continuity plans can improve an organization's capability in managing destructive events and help the organization achieve a viable competitive advantage in the turbulent business environment.
Similar content being viewed by others
References
Akbari P (2013) A study on factors affecting operational electronic banking risks in iran banking industry (case study: Kermanshah Melli Bank). Int J Manag Bus Res 2(2):123–135
Ambulkar S, Blackhurst J, Grawe SJ (2015) Firm’s resilience to supply chain disruptions: scale development and empirical examination. Decis Sci 33:111–122
Araz OM, Choi T-M, Olson DL, Salman FS (2020) Data analytics for operational risk management. Decis Sci 51(6):1316–1319
Baghersad M, Zobel CW (2021) Organizational resilience to disruption risks: developing metrics and testing effectiveness of operational strategies. Risk Anal 42:561–579
Bertsimas D, Sim M (2004) The price of robustness. Oper Res 52(1):35–53
Bhamra R, Dani S, Burnard KPR (2011) Resilience: the concept, a literature review and future directions. Int J Prod Res 49(18):5375–5393
Brown C, Seville E, Vargo J (2017) Measuring the organizational resilience of critical infrastructure providers: a New Zealand case study. Int J Crit Infrastruct Prot 18:37–49
Buchholz P, Scheftelowitsch D (2019) Light robustness in the optimization of Markov decision processes with uncertain parameters. Comput Oper Res 108:69–81
Chafjiri MB, Mahmoudabadi A (2018) Developing a conceptual model for applying the principles of crisis management for risk reduction on electronic banking. Am J Comput Sci Technol 1(1):31–38
Cho DW, Lee YH, Ahn SH, Hwang MK (2012) A framework for measuring the performance of service supply chain management. Comput Ind Eng 62(3):801–818
Cinelli M, Ferraro G, Iovanella A, Rotundo G (2019) Assessing the impact of incomplete information on the resilience of financial networks. Ann Oper Res 299:1–25
Croitoru I (2014) Operational risk management and monitoring. Internal Audit Risk Manag 9(4):21–31
Dehghani E, Jabalameli MS, Jabbarzadeh A, Pishvaee MS (2018) Resilient solar photovoltaic supply chain network design under business-as-usual and hazard uncertainties. Comput Chem Eng 111:288–310
DehghaniSadrabadi MH, Ghousi R, Makui A (2019) An enhanced robust possibilistic programming approach for forward distribution network design with the aim of establishing social justice: a real-world application. J Ind Syst Eng 12(4):76–106
Dehghani Sadrabadi MH, Jafari Nodoushan A, Bozorgi-Amiri A (2020) Resilient supply chain under risks: a network and structural perspective. Iran J Manag Stud 111:288–310
Dupont B (2019) The cyber-resilience of financial institutions: significance and applicability. J Cybersecur 5(1):tyz013
Fatonah S, Yulandari A, Wibowo F (2018) A review of e-payment system in E-commerce. J Phys Conf Ser 1140(1):012033
Filipović D, Krišto M, Podrug N (2018) Impact of crisis situations on development of business continuity management in Croatia. Manag J Contemp Manag Issues 23(1):99–122
Fischetti M, Monaci M (2009) Light robustness. Robust and online large-scale optimization. Springer, Berlin, pp 61–84
Fischetti M, Salvagnin D, Zanette A (2009) Fast approaches to improve the robustness of a railway timetable. Transp Sci 43(3):321–335
Folkers A (2017) Continuity and catastrophe: business continuity management and the security of financial operations. Econ Soc 46(1):103–127
Jung JJ (2011) Service chain-based business alliance formation in service-oriented architecture. Expert Syst Appl 38(3):2206–2211
Kazemian I, Torabi SA, Zobel CW, Li Y, Baghersad M (2021) A multi-attribute supply chain network resilience assessment framework based on SNA-inspired indicators. Oper Res 743:1–31
Khalili-Damghani K, Nojavan M, Tavana M (2013) Solving fuzzy multidimensional multiple-choice knapsack problems: the multi-start partial bound enumeration method versus the efficient epsilon-constraint method. Appl Soft Comput 13(4):1627–1638
Khalilzadeh M, Katoueizadeh L, Zavadskas EK (2020) Risk identification and prioritization in banking projects of payment service provider companies: an empirical study. Front Bus Res China 14(1):1–27
Kindström D (2010) Towards a service-based business model–key aspects for future competitive advantage. Eur Manag J 28(6):479–490
Kondabagil J (2007) Risk management in electronic banking: concepts and best practices. Wiley, Berlin
Laisasikorn K, Rompho N (2014) A study of the relationship between a successful enterprise risk management system, a performance measurement system and the financial performance of Thai listed companies. J Appl Am Bus Econ 16(2):81–92
Maboudian Y, Rezaie K (2017) Applying data mining to investigate business continuity in petrochemical companies. Energy Sources Part B 12(2):126–131
Mavrotas G (2009) Effective implementation of the ε-constraint method in multi-objective mathematical programming problems. Appl Math Comput 213(2):455–465
Megersa K (2021) Alternative systems for managing financial transactions in humanitarian crises. Helpdesk Report, 1–19
Mohaghar A, Sadeghi Moghadam MR, Ghourchi Beigi R, Ghasemi R (2021) IoT-based services in banking industry using a business continuity management approach. J Inf Technol Manag 3(4):16–38
Moradi S, Rafiei FM (2019) A dynamic credit risk assessment model with data mining techniques: evidence from Iranian banks. Financ Innov 5(1):1–27
Muparadzi T, Rodze L (2021) Business continuity management in a time of crisis: emerging trends for commercial banks in Zimbabwe during and post the covid-19 global crisis. Open J Bus Manag 9(3):1169–1197
Niranjan TT, Weaver M (2011) A unifying view of goods and services supply chain management. Serv Ind J 31(14):2391–2410
Olivares-Benitez E, Ríos-Mercado RZ, González-Velarde JL (2013) A metaheuristic algorithm to solve the selection of transportation channels in supply chain design. Int J Prod Econ 145(1):161–172
Oparanma A, Ulunma EP (2019) Organizational resilience and corporate performance of deposit money bank in port Harcourt, Nigeria. Int J Bus Manag Future 3(2):1–12
Ostadi B, Seifi MM, Husseinzadeh Kashan A (2021) A multi-objective model for resource allocation in disaster situations to enhance the organizational resilience and maximize the value of business continuity with considering events interactions. Proc Inst Mech Eng Part O J Risk Reliab 235(5): 814–830
Panrungsri T, Sangiamkul E (2017) Business intelligence model for disaster management: a case study in Phuket. ISCRAM, Thailand
Pashapour S, Bozorgi-Amiri A, Azadeh A, Ghaderi SF, Keramati A (2019) Performance optimization of organizations considering economic resilience factors under uncertainty: a case study of a petrochemical plant. J Clean Prod 231:1526–1541
Pashapour S, Azadeh A, Bozorgi-Amiri A, Keramati A, Ghaderi SF (2020) A resource allocation model to choose the best portfolio of economic resilience plans: a possibilistic stochastic programming model. Eu J Ind Eng 14(3):301–334
Purba JHV, Septian MR (2019) Analysis of short term financial performance: a case study of an energy service provider. J Account Res Organ Econ 2(2):113–122
Rabbani M, Soufi HR, Torabi S (2016) Developing a two-step fuzzy cost–benefit analysis for strategies to continuity management and disaster recovery. Saf Sci 85:9–22
RahimiBaghi A, ArabSalehi M, VaezBarzani M (2019) Assessing the systemic risk in the financial system of iran using granger causality network method. Financ Res J 21(1):121–142
Rehak D, Senovsky P, Hromada M, Lovecek T (2019) Complex approach to assessing resilience of critical infrastructure elements. Int J Crit Infrastruct Prot 25:125–138
Sabatino M (2016) Economic crisis and resilience: resilient capacity and competitiveness of the enterprises. J Bus Res 69(5):1924–1927
Sadjadi SJ, Heidari M, Esboei AA (2014) Augmented ε-constraint method in multiobjective staff scheduling problem: a case study. Int J Adv Manuf Technol 70(5–8):1505–1514
Sadrabadi MHD, Ghousi R, Makui A (2021a) Designing a disruption-aware supply chain network considering precautionary and contingency strategies: a real-life case study. RAIRO Oper Res 55(5):2827–2860
Sadrabadi MHD, Jafari-Nodoushan A, Bozorgi-Amiri A (2021b) Resilient supply chain under risks: a network and structural perspective. Iran J Manag Stud 14(4):735–760
Sahebjamnia N, Torabi SA, Mansouri SA (2015) Integrated business continuity and disaster recovery planning: towards organizational resilience. Eur J Oper Res 242(1):261–273
Sahebjamnia N, Torabi SA, Mansouri SA (2018) Building organizational resilience in the face of multiple disruptions. Int J Prod Econ 197:63–83
Sahebjamnia N, Torabi A, Mansouri A, Salehi N (2011) A new multi-objective scenario-based robust stochastic programming for recovery planning problem, POMS 23rd Annual Conference Chicago, Illinois, U.S.A. April 20 to April 23, 025–1484
Sanchis R, Canetta L, Poler R (2020) A conceptual reference framework for enterprise resilience enhancement. Sustainability 12(4):1464
Sax J, Andersen TJ (2019) Making risk management strategic: Integrating enterprise risk management with strategic planning. Eur Manag Rev 16(3):719–740
Shahin A, Samea M (2010) Developing the models of service quality gaps: a critical discussion. Bus Manag Strategy 1(1):1
Tang CS (2006) Perspectives in supply chain risk management. Int J Prod Econ 103(2):451–488
Tasic J, Sulfikar A, Jethro T, Majeed K (2020) A multilevel framework to enhance organizational resilience. J Risk Res 23(6):713–738
Torabi S, Soufi HR, Sahebjamnia N (2014) A new framework for business impact analysis in business continuity management (with a case study). Saf Sci 68:309–323
Torabi SA, Giahi R, Sahebjamnia N (2016) An enhanced risk assessment framework for business continuity management systems. Saf Sci 89:201–218
Torki L, Rezaei A, Razmi SF (2020) The effects of electronic payment systems on the performance of the financial sector in selected Islamic countries. Int J Econ Polit 1(1):113–121
Torres P, Augusto M (2019) Building resilience to negative information and increasing purchase intentions in a digital environment. J Bus Res 101:528–535
Van Trijp JM, Ulieru M, Van Gelder PH (2012) Quantitative modeling of organizational resilience for Dutch emergency response safety regions. Proc Inst Mech Eng Part O J Risk Reliab 226(6):666–676
Wood MD, Wells EM, Rice G, Linkov I (2019) Quantifying and mapping resilience within large organizations. Omega 87:117–126
Xu D, Tsang IW, Chew EK, Siclari C, Kaul V (2019) A data-analytics approach for enterprise resilience. IEEE Intell Syst 34(3):6–18
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix 1
Appendix 1
The sets, parameters, and decision variables related to the proposed model for the problem of this research are described in this section.
Sets
D | Set of disruptive incidents (incl. disruption risks and critical operational risks) | dϵD |
P | Set of core (critical) organizational processes | pϵP |
L | Set of operational levels in the organization | lϵL |
R | Set of existing resources | rϵR |
N | Set of dynamic (contingent) resilience strategies | nϵN |
M | Set of static (preventive) resilience strategies | mϵM |
H | Set of BCPs corresponding to each resilience strategy | hϵH |
F | Set of fortification levels of organization against crises | fϵF |
I | Types of effects risk have on organizational performance | iϵI |
T | Set of time periods | tϵT |
S | Set of probabilistic scenarios | sϵS |
Parameters
\(\pi_{s}\) | Occurrence probability of scenario s |
\(\pi_{ds}\) | Occurrence probability of critical disruptive incident d under scenario s |
\(\beta_{p}\) | MTPD value of core process p |
\(\alpha_{pt}\) | MBCO value of core process p at period t |
\(AR_{rt}^{Ex}\) | Nominal value of available external resource r at period t |
\(AR_{rt}^{In}\) | Nominal value of available internal resource r at period t |
\(NR_{rp}^{ls}\) | Amount of resource r required to implement core process p at level l under scenario s |
\(\gamma_{dr}^{ts}\) | Impact of critical disruption d on internal resource r at period t under scenario s (%) |
\(\gamma_{drf}^{{{\prime }ts}}\) | Impact of critical disruption d on internal resource r at fortification level f at period t under scenario s (%) |
\(\chi_{dr}^{ts}\) | Impact of critical disruption d on external resource type r at period t under scenario s (%) |
\(\chi_{drf}^{\prime ts}\) | Impact of critical disruption d on external resource r at fortification level f at period t under scenario s (%) |
\(\kappa_{r}^{st}\) | Average recovery rate of disrupted external resource r at period t under scenario s |
\(\theta_{r}^{st}\) | Average recovery rate of disrupted internal resource r at period t under scenario s |
\(CE_{st}^{r}\) | Average cost of using external resource r under disruption at period t under scenario s |
\(FC_{rft}^{ER}\) | Average fortification cost of acquiring external resource r at level f at period t |
\(FC_{rft}^{org}\) | Average fortification cost of organizational processes at level f at period t |
\(CID_{nt}\) | Cost spent to provide appropriate infrastructure for implementing dynamic resilience strategy n at period t |
\(CIS_{mt}\) | Cost spent to provide appropriate infrastructure for implementing static resilience strategy m at period t |
\(RC_{rts}^{Ex}\) | Recovery cost of a disrupted external resource r at period t under scenario s |
\(RC_{rts}^{In}\) | Recovery cost of a disrupted internal resource r at period t under scenario s |
\(AQS_{md}^{s}\) | Expected average quality of recovery from disruption when adopting static resilience strategy m during critical disruption d under scenario s |
\(AQD_{nd}^{s}\) | Expected average quality of organization's recovery from disruption when adopting dynamic resilience strategy n during critical disruption d under scenario s |
\(ERQ_{d}^{s}\) | Expected minimum quality of organization's recovery from critical disruption d under scenario s |
\(\phi_{p}^{s}\) | Relative importance of core process p under scenario s |
\(POP_{p}^{ts}\) | Operational level planned for core process p at period t under scenario s |
\(OP_{l}\) | Operational performance of organization at operational level l (%) |
\(BU_{t}^{s}\) | Available budget at period t under scenario s |
\(\omega_{hm}\) | A binary parameter that equals one if implementation of business plan h leads to implementation of static resilience strategy m; otherwise, it equals zero |
\(\xi_{hn}\) | A binary parameter that equals one if implementation of business plan h leads to implementation of dynamic resilience strategy n; otherwise, it equals zero |
\(NR_{rhm}^{ts}\) | Amount of resource r required to implement BCP h related to static resilience strategy m at period t under scenario s |
\(NR_{rhn}^{ts}\) | Amount of resource r required to implement BCP h in dynamic resilience strategy n at period t under scenario s |
\(RAS_{hn}^{is}\) | A binary parameter that equals 1 if BCP h in static resilience strategy m has impact i associated with disruptions under scenario s; otherwise 0 |
\(RAD_{hn}^{is}\) | A binary parameter that equals 1 if BCP h in dynamic resilience strategy n has impact i associated with disruptions under scenario s; otherwise 0 |
\(RES_{m}^{s}\) | Organization's ability to recover from impact of disruption using static strategy m under scenario s |
\(RED_{n}^{s}\) | Organization's ability to recover from impact of disruption using dynamic strategy n under scenario s |
\(\mu_{di}^{s}\) | Probability of disruption d having impact i on organization under scenario s |
\(\upsilon_{ip}^{s}\) | Probability of disruption d having impact i on core process p under scenario s |
\(\delta_{i}^{s}\) | Probability of impact i under scenario s during a disruptive incident |
\(\Gamma_{i}^{s}\) | Importance of impact i based on its potential effect on organizational performance under scenario s |
\(\omega_{n}\) | Importance weight of dynamic resilience strategy n |
\(\omega_{m}\) | Importance weight of static resilience strategy m |
Decision variables
\(\pi_{s}\) | A binary variable related to dynamic resilience strategy n at period t under scenario s |
\(\pi_{ds}\) | A binary variable related to static resilience strategy m at period t under scenario s |
\(\beta_{p}\) | A binary variable related to selecting BCP h in dynamic strategy n at period t under scenario s |
\(\alpha_{pt}\) | A binary variable of selecting BCP h in static strategy n at period t under scenario s |
\(AR_{rt}^{Ex}\) | A binary variable related to fortification of organization at level f at period t |
\(AR_{rt}^{In}\) | A binary variable related to fortification of acquisition of external resource r at level f at period t |
\(NR_{rp}^{ls}\) | A binary variable that equals 1 if core process p is implemented at operational level l at period t under scenario s; otherwise 0 |
\(\gamma_{dr}^{ts}\) | Amount of external resource r at period t under scenario s |
\(\gamma_{drf}^{{{\prime }ts}}\) | Amount of internal resource r at period t under scenario s |
\(\chi_{dr}^{ts}\) | Recovered operational level of core process p at period t under scenario s |
\(\chi_{drf}^{\prime ts}\) | Time required to recover core process p under scenario s |
\(\kappa_{r}^{st}\) | External resource r recovered from disruptive incident at period t under scenario s |
\(\theta_{r}^{st}\) | Internal resource r recovered from disruptive incident at period t under scenario s |
Rights and permissions
About this article
Cite this article
Ghezelhesar, A.J., Bozorgi-Amiri, A. A novel approach to selection of resilient measures portfolio under disruption and uncertainty: a case study of e-payment service providers. Oper Res Int J 22, 5477–5527 (2022). https://doi.org/10.1007/s12351-022-00709-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12351-022-00709-x