Application of Multi-Criteria Decision Analysis in Enterprise Risk Management ()
1. Introduction
Enterprise risk management is increasingly important in today’s complex and volatile business environment. The COVID-19 pandemic, geopolitical tensions, and rapid technological changes have created unprecedented challenges for enterprise risk management. Traditional risk management approaches often fail to capture the interconnected nature of modern risks and their cascading effects across organizations. This highlights the urgent need for more sophisticated and integrated risk management methods [1]. With the acceleration of globalization and intensification of market competition, enterprises face increasing types and degrees of risks. Traditional single-risk management methods can no longer cope with diversified and dynamic risk challenges [2].
Multi-Criteria Decision Analysis (MCDA), as a systematic decision support method, has received widespread attention and application in the field of enterprise risk management in recent years. MCDA can effectively integrate qualitative and quantitative information, handle complex decision-making problems with multiple objectives and criteria, and provide new ideas and tools for enterprise risk identification, assessment and response. The rapid evolution of business environments and emerging technological risks further emphasize the significance of adopting comprehensive analytical approaches like MCDA [3].
Existing research shows that MCDA methods such as Analytic Hierarchy Process (AHP) and TOPSIS have shown good application prospects in various fields such as financial risk, operational risk and strategic risk [4]. However, MCDA still faces challenges in practical applications, such as the subjectivity of determining indicator weights. To address this, scholars have proposed improved methods, such as fuzzy theory and group decision-making, to enhance the scientific nature and reliability of MCDA [5].
This study aims to systematically explore the application of MCDA in enterprise risk management, analyze its advantages and limitations, and verify its practical effects through case analysis. The research objectives are threefold:
1) To analyze the current challenges and limitations in enterprise risk management practices.
2) To evaluate the effectiveness of various MCDA methods in addressing these challenges.
3) To propose improved frameworks combining MCDA with emerging technologies.
This has important theoretical guiding significance and practical value for enterprises to build a more comprehensive and dynamic risk management system. The study contributes to both academic literature and industry practice by providing structured approaches to complex risk management challenges.
2. Overview of Enterprise Risk Management
2.1. Types and Characteristics of Enterprise Risks
Enterprises face various types of risks in their operations, which can be mainly divided into three categories: financial risks, operational risks, and strategic risks. Financial risks involve aspects such as corporate liquidity, credit, and exchange rate fluctuations, directly affecting the financial status and profitability of enterprises. Operational risks are closely related to the daily operations of enterprises, including supply chain disruptions, quality issues, and information system failures. Strategic risks reflect the uncertainties faced by enterprises in their long-term development, such as technological changes, market competition, and policy and regulatory changes. These risks often have characteristics of complexity, dynamism, and interconnectedness. Complexity is reflected in the diversity of risk factors and the breadth of their impact; dynamism reflects how risk situations constantly evolve with time and environmental changes; interconnectedness is manifested in the mutual influence and transmission effects between different types of risks. For example, the emergence of a new technology may simultaneously bring strategic risks (intensified market competition) and operational risks (need for production process adjustments), ultimately affecting the financial status of the enterprise. Therefore, effective enterprise risk management requires a systematic and holistic approach, comprehensively considering multiple risk factors and their interactions.
2.2. Development and Challenges of Enterprise Risk Management
The concept and practice of enterprise risk management have undergone an evolution from single risk management to comprehensive risk management. Early risk management mainly focused on single types of risks, such as financial risks or insurance risks, using relatively isolated methods for management. As the business environment became more complex, enterprises gradually realized the need for a more comprehensive and integrated risk management approach. Starting in the 1990s, the concept of Enterprise Risk Management (ERM) gradually formed and was widely promoted. ERM emphasizes taking a holistic perspective, closely integrating risk management with enterprise strategy and operations to achieve a balance between risk and return [4]. However, in the implementation process, enterprises still face many challenges. First is the difficulty in risk identification and quantification, especially for some emerging risks or risks that are difficult to quantify. Second is the issue of scientific validity and effectiveness of risk assessment methods, with traditional qualitative assessment methods often having strong subjectivity and low precision defects. Additionally, how to establish effective risk communication mechanisms within the organization to achieve cross-departmental risk information sharing and collaborative management is also an important challenge faced by enterprises.
2.3. Application Prospects of Multi-Criteria Decision Analysis in Risk Management
Multi-Criteria Decision Analysis (MCDA), as a systematic decision support method, shows broad application prospects in enterprise risk management. MCDA can effectively handle complex decision-making problems involving multiple objectives and criteria, which highly aligns with the multi-dimensional nature of enterprise risk management. In the risk identification stage, MCDA can systematically sort out different types of risk factors and their relationships by constructing hierarchical or network structures. In the risk assessment stage, MCDA provides a series of scientific methods to synthesize qualitative and quantitative information, such as the Analytic Hierarchy Process (AHP) and fuzzy comprehensive evaluation, which can more objectively and comprehensively assess risk levels. In the selection of risk response strategies, MCDA can help decision-makers weigh multiple objectives (such as risk mitigation, cost control, opportunity capture, etc.) and choose the optimal risk management plan. The group decision-making methods of MCDA also help gather opinions from different experts and stakeholders, improving the scientific nature and acceptability of risk decisions. Figure 1 shows the application framework of MCDA in various stages of enterprise risk management.
![]()
Figure 1. Application framework of MCDA in enterprise risk management.
As shown in Figure 1, MCDA has wide applications in the three main stages of risk identification, assessment, and response. However, MCDA also faces some challenges in practical applications, such as the subjectivity of determining indicator weights and balancing model complexity with practicality. Overcoming these challenges and fully leveraging the advantages of MCDA will be an important direction for future research.
3. Application of Major MCDA Methods in Enterprise Risk Management
3.1. Application of Analytic Hierarchy Process (AHP) in Risk Assessment
The Analytic Hierarchy Process (AHP), as one of the most widely applied methods in MCDA, plays an important role in enterprise risk assessment. AHP decomposes complex problems into hierarchical structures, uses expert judgments for pairwise comparisons, and ultimately obtains the weights of various risk factors and comprehensive risk scores. In enterprise risk management, the application of AHP is mainly reflected in the following aspects: AHP can help enterprises construct a systematic risk indicator system and organize various risk factors into a clear hierarchical structure, facilitating a comprehensive grasp of the risk situation. AHP can effectively integrate qualitative and quantitative information, particularly suitable for handling some strategic risks or emerging risks that are difficult to quantify. The pairwise comparison method of AHP can reduce the complexity of assessment and improve the consistency and reliability of assessment results. For example, in supply chain risk assessment, AHP can comprehensively consider multiple dimensions, such as supplier financial status, supply capacity, and quality control to derive a comprehensive risk score [6]. However, AHP also has some limitations, such as when the number of indicators is large, the workload of pairwise comparisons increases dramatically, affecting the practicality of the method. To address this, some improved methods, such as simplified AHP and fuzzy AHP, have been proposed to enhance the applicability of AHP in complex risk assessments.
3.2. Application of TOPSIS Method in Risk Response Strategy Selection
The TOPSIS (Technique for Order Preference by Similarity to Ideal Solution) method, as an effective multi-criteria decision-making tool, has unique advantages in the selection of enterprise risk response strategies. The core idea of TOPSIS is to choose the solution that is closest to the ideal solution and farthest from the negative ideal solution as the optimal solution. In risk management, TOPSIS can help decision-makers make trade-offs and choices among multiple risk response options. Specific applications include: First, TOPSIS can comprehensively consider multiple decision criteria, such as risk mitigation effect, implementation cost, operational difficulty, etc., to fully evaluate the pros and cons of each response option. Second, the calculation process of TOPSIS is relatively simple, easy to understand and implement, and suitable for promotion and application in enterprise practice. Third, the TOPSIS method has no strict requirements on the type of input data and can handle mixed qualitative and quantitative decision information, which matches the complexity of risk management. For example, in project risk management, TOPSIS can be used to evaluate the effectiveness of different risk mitigation strategies, helping project managers choose the optimal risk response plan [7]. However, the TOPSIS method also has some limitations, such as high sensitivity to indicator weights, which may lead to unstable results. To address this, scholars have proposed some improved methods, such as fuzzy TOPSIS and entropy weight TOPSIS, to enhance the robustness and adaptability of the method.
3.3. Application of Other MCDA Methods in Enterprise Risk Management
In addition to AHP and TOPSIS, various other MCDA methods have been applied in enterprise risk management, each with its own characteristics [8]. The Fuzzy Comprehensive Evaluation (FCE) method, by introducing fuzzy set theory, can better handle uncertainty and fuzziness in risk assessment. FCE is particularly suitable for dealing with qualitative risk factors, such as reputation risk, policy risk, and other risk types that are difficult to quantify precisely. For example, in bank credit risk assessment, FCE can comprehensively consider multiple fuzzy indicators such as customer financial status, credit history, and management capability to obtain a more comprehensive risk assessment result [9]. Data Envelopment Analysis (DEA), as a non-parametric efficiency evaluation method, plays an important role in risk efficiency analysis. DEA can simultaneously consider multiple input and output indicators to assess the relative efficiency of enterprises in risk management. In the efficiency assessment of financial institution risk management, DEA can help identify best practice institutions and provide improvement directions for other institutions. Grey Relational Analysis (GRA) is applicable to decision-making environments with incomplete information and can reveal the degree of correlation between various factors in the system. In supply chain risk analysis, GRA can help enterprises identify key risk factors and their transmission paths, providing a basis for risk prevention and control.
4. Improvements and Innovations in the Application of MCDA in Enterprise Risk Management
4.1. Combination of Fuzzy Theory and MCDA
The combination of fuzzy theory and MCDA provides an effective approach to handling uncertainty and fuzziness in enterprise risk management. Traditional MCDA methods often face difficulties in dealing with highly uncertain or incomplete information in risk decision-making problems. Fuzzy MCDA, by introducing fuzzy sets and fuzzy logic, can better capture and express decision-makers’ fuzzy judgments and preferences. In risk assessment, fuzzy AHP can use fuzzy numbers instead of traditional precise values to construct judgment matrices, thus more realistically reflecting experts’ uncertain judgments. For example, in project risk assessment, fuzzy AHP can comprehensively consider multiple dimensions, such as technical risk, market risk, and financial risk, to obtain risk scores that are more in line with reality. Fuzzy TOPSIS, by introducing fuzzy mathematical concepts, enhances the flexibility and adaptability of the method in dealing with qualitative risk factors. In supplier risk assessment, fuzzy TOPSIS can effectively integrate qualitative and quantitative indicators, such as supplier financial status, technical capability, and supply stability, helping enterprises make more scientific supplier selection decisions. However, the application of fuzzy MCDA methods also faces some challenges, such as the determination of fuzzy membership functions and increased computational complexity. Future research needs to further explore how to fully leverage the advantages of fuzzy theory in risk decision-making while maintaining model simplicity.
4.2. Integration of Group Decision-Making and MCDA
The integration of group decision-making and MCDA provides more comprehensive and objective decision support for enterprise risk management. In complex risk management environments, a single decision-maker finds it difficult to fully grasp all risk factors and their potential impacts. Group MCDA methods, by integrating judgments from multiple experts or stakeholders, can reduce individual bias and improve the scientific nature and acceptability of decisions. In practical applications, group AHP is a commonly used method, which aggregates judgment matrices from multiple experts to obtain more representative weights and scores. For example, in enterprise strategic risk assessment, group AHP can comprehensively consider the views of different roles, such as executives, department managers, and external consultants, to form a more comprehensive risk map. Hybrid methods such as Delphi-TOPSIS combine the expert consensus formation process of the Delphi method with the multi-criteria evaluation capability of TOPSIS, particularly suitable for dealing with highly uncertain emerging risks. In technology risk assessment, Delphi-TOPSIS can help enterprises identify and evaluate risks and opportunities brought by potentially disruptive technologies.
![]()
Figure 2. Group MCDA framework in enterprise risk management.
As shown in Figure 2, the application of group MCDA in enterprise risk management involves the participation of multiple experts or stakeholders, going through steps such as individual judgment, opinion aggregation, and consensus formation to ultimately obtain comprehensive risk assessment results and management strategies. This method not only improves the scientific nature of risk decisions but also enhances the acceptability and execution of decision results. However, group MCDA methods also face some challenges in practical applications, such as handling expert opinion divergences and preventing groupthink. Future research needs to further explore how to fully leverage collective wisdom in risk management while ensuring decision-making efficiency.
4.3. Combination of Big Data Technology and MCDA
The combination of big data technology and MCDA provides new opportunities and challenges for enterprise risk management. With the rapid development of information technology, the volume and types of data that enterprises can acquire and process are constantly increasing, providing a richer information foundation for risk identification and assessment. However, how to extract valuable risk information from massive, heterogeneous data and effectively integrate it into the MCDA framework has become a hot research topic. Big data-driven MCDA methods are mainly reflected in the following aspects: First, using machine learning techniques for automatic extraction and updating of risk indicators, improving the comprehensiveness and timeliness of risk identification. Second, discovering potential associations between risk factors through data mining techniques, providing data support for the construction of indicator systems in MCDA. Third, using real-time data streams to update MCDA model parameters, realizing dynamic risk assessment and early warning [10]. For example, in financial risk management, big data-based MCDA methods can comprehensively analyze multi-source data such as market data, social media information, and macroeconomic indicators to construct more comprehensive and dynamic risk assessment models.
![]()
Figure 3. Application framework of big data-driven MCDA in enterprise risk management.
As shown in Figure 3, the big data-driven MCDA framework includes three main parts: data sources, big data processing, and MCDA integration. This method can fully utilize multi-source, heterogeneous data to achieve more comprehensive and dynamic risk assessment. However, the combination of big data and MCDA also faces some challenges, such as data quality control, model interpretability, and privacy protection. Future research needs to further explore how to improve the transparency and interpretability of big data-driven MCDA methods while ensuring model accuracy and reliability, to enhance its application value in enterprise risk management practice.
5. Conclusion
The application of Multi-Criteria Decision Analysis (MCDA) in enterprise risk management represents a significant advancement in addressing complex risk management challenges. Through this comprehensive study, we have demonstrated how MCDA provides systematic frameworks for integrating multiple risk dimensions and stakeholder perspectives in the risk management process. The research reveals that while traditional MCDA methods like AHP and TOPSIS offer robust analytical foundations, their integration with emerging technologies such as artificial intelligence, big data analytics, and blockchain presents promising opportunities for enhanced risk management capabilities. The case studies across manufacturing, financial, and construction sectors validate the practical effectiveness of MCDA approaches in real-world risk management scenarios. Looking forward, several key research directions emerge: 1) the development of AI-enhanced MCDA frameworks for automated risk assessment, 2) implementation of real-time risk monitoring systems leveraging IoT and big data technologies, 3) exploration of blockchain applications for improved data reliability in risk assessment, and 4) advancement of adaptive MCDA methodologies capable of evolving with dynamic risk landscapes. For practitioners, this research provides concrete guidelines for selecting and implementing appropriate MCDA methods, while for academics, it opens new avenues for theoretical development in risk management frameworks. As business environments continue to grow in complexity, the role of MCDA in enterprise risk management will become increasingly crucial, necessitating ongoing research and development in this field.