Decoding resilience: A graph-based approach for organizational resilience assessment Sabine Janzen1,∗ , Amin Harig1 , Natalie Gdanitz1 , Hannah Stein2 , Nurten Öksüz-Köster1 and Wolfgang Maass1,2 1 Deutsches Forschungszentrum für Künstliche Intelligenz (DFKI), Saarbrücken, Germany 2 Saarland University, Saarbrücken, Germany Abstract Resilience has become crucial for manufacturing organizations in the face of various crises. However, current risk management practices often lack systematic resilience assessment due to the fuzzy nature of resilience. We introduce GRACE, a model for graph-based organizational resilience assessment in the manufacturing sector. GRACE utilizes centrality measures to model key performance indicators (KPIs) of business units for highlighting critical areas that significantly influence organizational functionality. By employing resilience metrics and a graph-based representation, simulated disruption scenarios can be induced to identify vulnerabilities in business units that may lead to lower resilience. The effectiveness of GRACE was demonstrated within a simulation service for risk and crisis management in manufacturing and evaluated in a case study. Results showcased GRACE’s performance in resilience assessment and its potential to enhance organizational preparedness with respect to response strategies. Keywords Resilience assessment, Graph-based representation, Centrality measures, Organization, Resilience metrics 1. Introduction Resilience has become crucial for manufacturing organizations, especially in the light of crises experienced in recent years, such as the COVID-19 pandemic, supply chain disruptions, rising energy prices, and political conflicts [1]. Resilience is defined as the ability of a system, organiza- tion, or individual to withstand and recover from disruptions, shocks, or adversity and to adapt and grow stronger in the face of challenges [2, 3]. Assessing resilience refers to the process of measuring the resilience of an organization by examining its capacity to withstand and recover from disruptions, adapt to changing conditions, and maintain operability. Resilience assessment is essential for companies in today’s dynamic environment [4]. It helps organizations to identify vulnerabilities, mitigate risks, maintain business continuity, be regulatory compliant, gain a competitive edge, and foster stakeholder trust [5]. Nonetheless, systematic resilience assessment is not considered in actual organizational risk management [6]. State-of-the-art approaches ER2023: Companion Proceedings of the 42nd International Conference on Conceptual Modeling: ER Forum, 7th SCME, Project Exhibitions, Posters and Demos, and Doctoral Consortium, November 06-09, 2023, Lisbon, Portugal ∗ Corresponding author. Envelope-Open sabine.janzen@dfki.de (S. Janzen); amin.harig@dfki.de (A. Harig); natalie.gdanitz@dfki.de (N. Gdanitz); hannah.stein@iss.uni-saarland.de (H. Stein); nurten.oeksuez-koester@dfki.de (N. Öksüz-Köster); wolfgang.maass@iss.uni-saarland.de (W. Maass) © 2023 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) CEUR ceur-ws.org Workshop ISSN 1613-0073 Proceedings such as enterprise risk management [7] recognize the importance of resilience, but the practical implementation of resilience assessment is still limited due to the fuzzy nature of the term resilience. For measuring resilience, several resilience indices have been developed to assess the resilience of countries, cities, and organizations, e.g., Global Resilience Index (FM Global) , City Resilience Index1 , Corporate Resilience Index (Resilinc) focusing on supply chains, Cyber Resilience Index (World Economic Forum), or the National Risk Index (US Federal Emergency Management Agency). Measuring the broader resilience of manufacturing organizations in all facets, i.e., business units, is beyond the scope of these indices. In this work, we present GRACE – a model for graph-based organizational resilience assessment in manufacturing. Our approach works with centrality measures to identify influential nodes means key performance indicators (KPIs) of organizational business units, e.g., time to fill open positions in human resources. This enables highlighting critical KPIs that play a crucial role in organization functionality. Furthermore, GRACE uses resilience metrics on KPI, business unit, and organizational level for providing numerical measures of the organization’s ability to withstand disruptions and recover from failures. By modeling those neuralgic points of the organization in the form of a graph, simulated disruption scenarios can be fired for analyzing the organization’s response to random or targeted disruptions. This helps in identifying vulnerabilities and critical points that could cause cascading disruptions. Furthermore, potential response strategies can be tested with high explainability for end users. GRACE was exemplified within a simulation service for risk and crisis management in manufacturing. We evaluated the proposed approach in a case study with the developed prototype in terms of performance in assessing the resilience of a manufacturing company for two simulated disruption scenarios. 2. Graph-based resilience assessment: Model and case study Related work shows several contributions with predominantly qualitative approaches for assess- ing resilience in manufacturing organizations [8], e.g., in supply chain management [9]. Still, an open issue is the practical operational measurement of the fuzzy term resilience [10, 11].Graph theory and network analysis have been applied to assessing the resilience in processes, , socio- technical systems [12], or supply chains [13]. The latter aims at developing a model to quantify supply chain resilience as a single numerical value - the resilience index, that measures the resilience capability of a company’s supply chain. We present GRACE, a model for organiza- tional resilience assessment in manufacturing extending the aforementioned work on supply chains by Agarwal et al. [13] in terms of multiple resilience metrics for capturing all business units of organizations (cf. Figure 1). GRACE operates on a knowledge graph obtained from organizational data of relevant KPIs of business units and potential disruption categories in the domain of interest of an organization. KPIs and DisruptionScenarios represent Nodes within an Undirected Graph. KPIs, as for instance, employee satisfaction, are operationalized by a metric [0...1] and belong to a Scope, i.e., a business unit such as production, or human resources (cf. Figure 1). With a ScopeIndex [0...1], Scopes also define a metric for assessing the resilience of single business units. Those indices are aggregated to the ResilienceIndex [0...1], measuring the resilience of the whole organization, including all business units. DisruptionScenarios 1 https://www.cityresilienceindex.org/ Figure 1: Model for graph-based organizational resilience assessment in manufacturing (GRACE) are classes of disruptions that are learned from historical data of the organization, e.g., past power outages, fluctuations in energy prices, and supplier failures. They are characterized by a TimeDimension representing the time horizon a disruption has an influence on an organization’s functionality, e.g., 1-3 hours, several weeks (cf. Figure 1). Based on historical data, DisruptionScenarios define potential ActionCategories that can be applied in case of such a disruption, e.g., increase inventories, expand supplier network. They are characterized by a list of KPIs they load on, means KPIs that would be influenced positively or negatively by the action (KPI-Influence). Combined with the aggregated degree of those KPI nodes (KPI-Correlation) and learned probabilities of action success, we can measure the loading power of an action, means the impact of a conducted action on an organization’s functionality (cf. Figure 1). Last, DisruptionScenarios have a BackgroundRisk that combines the learned probability of occurrence of a DisruptionScenario with a weight given by its expected TimeDi- mension. Actual disruptions or crisis events, e.g., regulatory changes with respect to per- and polyfluorinated chemicals (PFAS), can be induced as DisruptionItems that are classified as one of the known DisruptionScenarios and instantiated with an ActualImpact combining the derived BackgroundRisk with a probability for the concrete event (cf. Figure 1). GRACE implements a process of graph-based resilience assessment consisting of three steps: (1) system modeling, (2) attributes assignment, and (3) disruption scenario evaluation. In system modeling, the organization is modeled as a graph with nodes representing KPIs and DisruptionScenarios. Edges between both types of nodes are created based on historical data on past disruption events, applied actions, and changes in KPIs during this time. Last, KPIs are clustered in Scopes (business units). Second, attributes are assigned to nodes and edges for quantifying their char- acteristics and interdependencies. KPIs are operationalized by a metric, representing their status quo, e.g., based on ERP data. This enables the deduction of the actual ScopeIndex as well as the ResilienceIndex. For all DisruptionScenarios, attributes such as the TimeDimension, BackgroundRisk, and potential actions are determined and assigned. The edges between KPIs and DisruptionScenarios are characterized by the ActionCategories that can be applied in case of disruptions and that have an influence on KPIs. Graph-based analyses are applied to determine degree centrality for the concepts KPI-Influence and KPI-Correlation. Last, scenario-based evaluations are performed to assess the organization’s resilience under potential disruptions. This involves simulating specific events, such as epidemics, cyber-attacks, or natural disasters, and analyzing their impact on the robustness and performance of business units and the overall organization. Thus, concrete DisruptionItems are fired onto the graph, inducing changes in KPIs, indices of scopes as well as the ResilienceIndex. Potential ActionCategories are proposed by showing their impact on the resilience metrics and thus the organization’s ability to withstand disturbances and recover from failures. In summary, potential weaknesses can be identified and strategies to enhance resilience can be designed based on GRACE. Based on the proposed GRACE model (cf. Figure 1), we implemented a service for risk and crisis management in manufacturing in form of a web interface2 . The service accepts descriptions of Scopes and DisruptionScenarios as well as initial KPI values in JSON format. Based on this, the organizations’ system is modeled as a graph, and attributes, e.g., resilience metrics, are assigned to nodes and edges according to the aforementioned process of graph-based resilience assessment. The graph is displayed, and users can select DisruptionItems for disruption scenario evaluation. Impacts of the disruption as well as potential ActionCategories with respect to KPIs, scopes, and resilience indices are shown within the graph as well as in table format. As a preliminary validation of the proposed model, we conducted a case study with the implemented service to evaluate its performance in assessing the organizational resilience for two simulated disruption cases using data from German manufacturing organizations of the research project SPAICER3 . The first case simulated supply chain disruptions, e.g., closure of key logistics hubs due to COVID-19, affecting KPIs as the dependence on suppliers and machines’ fault tolerance in production. The second case simulated an influenza epidemic, impacting KPIs like employee retention and time-to-fill open positions in human resources. In both cases, the service imple- menting GRACE successfully identified and located decreases in the organizations’ resilience and recommended appropriate actions to mitigate the impact. Detailed results, including the changes in relevant KPIs and recommended actions can be found in our Git repository2 . 3. Conclusion We introduced GRACE, a graph-based model for organizational resilience assessment in man- ufacturing. By employing resilience metrics at different levels, GRACE provides numerical measures of the organization’s ability to withstand disruptions and recover from failures. This provides valuable insights for end users, enhancing their understanding of the organization’s response and facilitating the development of effective response strategies. The evaluation of 2 Demo video: https://youtu.be/pko9xMVA7To; Code and details of case study: https://github.com/ InformationServiceSystems/pairs-project/tree/main/Modules/GRACE. 3 https://www.spaicer.de/en/ GRACE within a simulation service for risk and crisis management in manufacturing demon- strated its potential in quantifying organizational resilience under different disruption scenarios. In future work, we aim to conduct multiple long-term case studies to evaluate GRACE’s impact on decision-making in resilience management in manufacturing organizations. Acknowledgement This work was partially funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK) under the contracts 01MK21008B and 01MK20015A. References [1] M. Ardolino, A. Bacchetti, D. Ivanov, Analysis of the covid-19 pandemic’s impacts on manufacturing: a systematic literature review and future research agenda, Operations Management Research 15 (2022) 551–566. [2] E. Hollnagel, Resilience engineering in practice: A guidebook, Ashgate Publishing, 2013. [3] R. Francis, B. Bekera, A metric and frameworks for resilience analysis of engineered and infrastructure systems, Reliability engineering & system safety 121 (2014) 90–103. [4] X. Wang, R. K. Mazumder, B. Salarieh, A. M. Salman, A. Shafieezadeh, Y. Li, Machine learning for risk and resilience assessment in structural engineering: Progress and future trends, Journal of Structural Engineering 148 (2022) 03122003. [5] L. Holbeche, Designing sustainably agile and resilient organizations, Systems Research and Behavioral Science 36 (2019) 668–677. [6] N. R. Sikula, J. W. Mancillas, I. Linkov, J. A. McDonagh, Risk management is not enough: a conceptual model for resilience and adaptation-based vulnerability assessments, Envi- ronment Systems and Decisions 35 (2015) 219–228. [7] S. G. Anton, A. E. A. Nucu, Enterprise risk management: A literature review and agenda for future research, Journal of Risk and Financial Management 13 (2020) 281. [8] D. Kantur, A. I. Say, Measuring organizational resilience: A scale development, Journal of Business Economics and Finance 4 (2015). [9] M. Negri, E. Cagno, C. Colicchia, Building sustainable and resilient supply chains: a framework and empirical evidence on trade-offs and synergies in implementation of practices, Production Planning & Control (2022) 1–24. [10] J. Hillmann, E. Guenther, Organizational resilience: a valuable construct for management research?, International Journal of Management Reviews 23 (2021) 7–44. [11] I. Khurana, D. K. Dutta, A. S. Ghura, Smes and digital transformation during a crisis: The emergence of resilience as a second-order dynamic capability in an entrepreneurial ecosystem, Journal of Business Research 150 (2022) 623–641. [12] W. Eljaoued, N. B. Yahia, N. B. B. Saoud, A qualitative-quantitative resilience assessment approach for socio-technical systems, Procedia Computer Science 176 (2020) 2625–2634. [13] N. Agarwal, N. Seth, A. Agarwal, Evaluation of supply chain resilience index: a graph theory based approach, Benchmarking: An International Journal 29 (2022) 735–766.