A Conceptual Reference Framework for Enterprise Resilience Enhancement

: Enterprise resilience is a key capacity to guarantee enterprises’ long-term continuity. This paper proposes the enterprise resilience Conceptual Reference Framework to characterize enterprise resilience capacity. The framework is composed of 71 disruptive events that enterprises consider as endangerments to their continuity. The framework also comprises constituent capabilities of enterprise resilience in terms of preparedness and recovery capabilities and elements that support the transition from the AS IS situation to the TO BE one, which are preventive actions (for preparedness capability) and knowledge registration actions (for recovery capability). From the preparedness perspective, 403 preventive actions are currently deﬁned. Each preventive action is speciﬁc for every disruptive event. However, it is worth noting that a preventive action can also be applied to di ﬀ erent disruptive events. From the recovery perspective, the proposed framework indicates knowledge registration related to (i) the occurrence of disruptive events; (ii) the recovery actions performed to re-establish the normal enterprise operation level. Further research lines are addressed to develop quantitative methods and tools to assess the extent of enterprises’ resilience following the foundations of the proposed conceptual framework.


Introduction
Currently, industries have to face challenges and continuous changes given their own dynamism as well as the changing conditions of the environment in which they operate. Moreover, the current businesses complexity, due to the vast amount of physical and information transactions performed to guarantee that goods are manufactured according to consumer specifications and in the appropriate quantity to be delivered on time and in the right place cost-efficiently, has made industries more sensitive to disruptive events [1,2]. For this reason, companies are increasingly demanding responsibility to deal with such adversity. They usually entrust safety and insurance professionals who have risk management and business continuity backgrounds to deal with disruptive events. However, global and aggregate perspectives of resilience are not usually considered. Thus, building resilient enterprises seems necessary by designing an iterative process for long-term organization development and not only as a crisis management tool to face specific disruptions [3]. There are numerous case studies in the literature that provide details of the survival or the failure of enterprises in situations of crisis [2,[4][5][6], but, at first glance, no universal standards that ensure resilient capacity to face disruptive events are apparently available. Table 1. Definitions of resilience applied to diverse disciplines.

Psychology
The ability of individuals to recover from adversity. [12] Positive ability of individuals to cope with stress and catastrophic events, as well as their level of resistance to future events. [13] Material Science A material's tendency to return to its original form after applying a force or stress that has produced elastic deformation. [14] Communication/Computational Networks The ability of a network to defend against and maintain an acceptable level of service in the presence of such challenges. [15]

Discipline Definition Authors
Sociology Ability to recover from adversity and become stronger than before. [16] Infrastructures Ability of an infrastructure to reduce the probability of failure, the consequences of such failure, and the response and recovery time. [17] Cyber Ability to continuously deliver the intended outcome despite adverse cyber events. [18] Tourism Ability of organisms, communities, ecosystems, and populations to withstand the impacts of external forces while retaining their integrity and ability to continue functioning. [19] The paper is structured as follows. Section 2 offers the literature review foundations on which the conceptual reference framework is based. Section 3 describes the research methodology used to define the conceptual reference framework. Section 4 describes, on the one hand, the assumptions taken to build the conceptual reference framework and, on the other hand, the main elements of this framework. Moreover, this section also shows, by way of illustration, a small sample of the conceptual reference framework that serves as a basis to develop mechanisms to assess the ER capacity. Finally, Section 5 offers the main conclusions of this paper and proposes some future research steps.

Literature Review Foundations
Several works have studied the ER concept at both the individual (people working in an enterprise) and the global levels of a company by considering it as a whole. This concept has also been studied at the supply chains level in which several different entities are involved. Home and Orr [20] define resilience as the quality of individuals, groups, organizations, and systems, as a whole, to respond productively to a meaningful change that alters the expected pattern of events without waiting for a prolonged period of time, e.g., regressive behavior.
As resilience is viewed as a systemic property, Riolli and Savicki [21] argue that ER should encompass individual and enterprise levels because both levels have a reciprocal influence on one another. These authors also consider that ER is built upon the resilience of an enterprise's members. However, it should be noted that resilience at the individual level does not guarantee ER [20].
From the enterprise point of view, the capacity of resilience has different meanings and connotations. Table 2 compiles different visions of the concept according to the literature review. Table 2. Enterprise resilience (ER) definitions.

Reference
Definition [22] Ability of an organization to strengthen the creation of robust and flexible processes in a proactive way. [23] The maintenance of positive adjustment under challenging conditions such that the organization emerges from those conditions strengthened and more resourceful. [24] The capability to self-renew over time through innovation. [25] Resilience conveys the properties of being able to adapt to the requirements of the environment and being able to manage the environments variability. [26] Enterprise capacity to absorb changes and ruptures, both internal and external, without affecting its profitability and even though developing a flexibility that, through processes of rapid adaptation, the enterprise may obtain extra benefits, whether these are pecuniary or intangible, arising from adverse and/or unforeseen circumstance. Reference Definition [27] Resilience encompasses the actions to avoid, adsorb, adapt, and recover from disruptions. [28] Ability to anticipate key events related to emerging trends, to adapt constantly to change, and to recover quickly after disasters and crises. [13] Enterprise ability to reduce vulnerability, ability to change and adapt as well as the ability to recover quickly against unforeseen events.
[ 29] Ability to repair, replace, patch, or otherwise reconstitute lost capability or performance (and hence effectiveness), at least in part and over time, from misfortune, damage, or a destabilizing perturbation in the environment. [30] Ability not only to recover from disruptions but to avoid them completely. [31] Reactive ability of the company to withstand an external event and active ability to anticipate events and therefore open new paths of development.
From this research viewpoint, ER is the capacity to anticipate and be prepared to face disruptive events and, if unavoidable occurrence takes place, the capacity to recover as quickly and efficiently as possible.
In their review, Kamalahmadi and Parast [32] addressed enterprises and supply chains and define the directions for future research as regards resilience aspects. They conclude that it is critical to develop measures that can evaluate supply chain (SC) resilience. Limnios et al. [33] state that organizational resilience has been inadequately theorized, and related work appears scattered in the literature. In light of this, the need to define a conceptual reference framework as a first step to continue investigating ER and to fulfil some further research lines suggested by [32] is recognized. One of the gaps identified in the literature is lack of tools to quantify ER capacity and to make its measurement easier for enterprises. Some attempts have been made to assess the capacity of resilience in the literature [34][35][36][37][38][39][40][41]. Table 3 summarizes these attempts classified by nature: (i) conceptual reference framework; (ii) indicators proposal; (iii) methodology; (iv) tools. Moreover, whether they focus mainly on the enterprise level or the SC level is indicated.
To the best of our knowledge, only a few conceptual approaches for assessing and enhancing the resilience capacity have been identified [6,38,[42][43][44][45]. The study of previous contributions evidences that they have been specially defined by taking into account certain specificities. Apart from the previous analysis, the only contribution that has completed the cycle by defining a conceptual approach and, based on it, proposed a set of metrics and a tool, is [38]. By measuring vulnerabilities factors such as turbulence, deliberate threats, external pressures, and resource limits, among others, and capabilities factors such as flexibility, efficiency, visibility, and adaptability, among others, the tool entitled Supply Chain Resilience Assessment and Management (SCRAM TM ) can provide an evaluation of an SC's current level of resilience. However, as the authors point out, industry-specific or even firmor product-level particularities may require the definition of more specialized metrics. Although the previous tool sheds light on measuring resilience, this area is not fully developed and warrants further research. On the one hand, a generic conceptual reference framework is required to guarantee that it can be generally applied but, on the other hand, a detailed approach is also necessary to cover all the characteristics of industry and/or firms. Table 3. Enterprise (E) and supply chain (SC) resilience assessment attempts.

Conceptual Approach Indicators Methodology
Tool E Or SC [42] Conceptual framework based on the key attributes of ER (agility, flexibility, adaptability, interoperability, and connectivity) in the extended enterprises context. It is based on two enablers: (i) the capability of an enterprise to become more connected and responsive to the environment; (ii) the alignment of information technology with business goals.
√ [43] Conceptual approach for the trade-off between operational and ER objectives based on sacrifice decisions, measurement of organizational resilience, visualizing the side effects of organizational decisions on disruptions, and organizational feedback control.
√ E [44] Conceptual approach to assess ER based on key performance indicators (KPIs) related to the objectives defined in the enterprise's mission.
Proposal of the SC Resilience Index (in diversity, adaptability, and cohesion terms) and the SC Resilience Indicator (in terms of the amount of change that a system can undergo and the degree of self-organization).
√ SC [3] Methodology and definition of indicators for the evaluation and improvement of organizations' resilience in terms of situation awareness, management of keystone vulnerabilities and adaptive capacity √ √ E [35] Quantitative approach for assessing supply chain resilience to face disasters in terms of density complexity and nodes critically. SC [6] A conceptual approach to assess operational resilience by applying a multiattribute utility theory through value trees that is constructed and contains the attributes contributing to resilience management.
√ √ E [38,45] Conceptual approach, tool, and implementation methodology to assess and enhance resilience in SCs through a portfolio of capabilities by balancing enterprises' inherent pattern of vulnerabilities.
For this reason, the goal of the conceptual reference framework herein proposed is twofold. Firstly, the proposed framework should guarantee the coverage of any disruptive event (that must be generic enough to be applied to any specific industry domain) and should, at the same time, consider the particularities and the casuistry of particular cases to improve resilience capacity. Moreover, lack of assessment tools to quantify the degree of ER acts as a trigger to define this conceptual reference framework, which may be used to develop tools that facilitate enterprises to practically assess ER capacity. To do so, it is necessary to establish the skeleton that structures all the elements that influence ER capacity. In this way, the ER conceptual reference framework involves three main elements: disruptions, the elements that negatively affect this capacity; the constituent capabilities of ER, in terms of preparedness and recovery capabilities; the elements supporting the transition from the AS IS situation to the TO BE one, which are preventive actions (for preparedness capability) and knowledge registration actions (for recovery capability).

Research Methodology
The research methodology consists of three steps that mainly encompass a literature review to analyze current knowledge contributions related to ER and a Delphi study to validate the findings and the proposal. Figure 1 represents the research process and the main results obtained in each step.
Step 1. Definition of Research Questions.
Some research questions to address this research were defined. The research questions mainly move in three research directions: (i) the events that have a negative effect on ER; (ii) the enterprise capabilities needed to build resilient companies; (iii) the actions to enhance previous enterprise capabilities. The research formulated questions are as follows:

1.
What is ER and why is it so important? 2.
What events negatively affect ER? 3.
What enterprise capabilities are necessary for a company to be resilient? 4.
What actions help companies to improve their ER capacity?
Step 2. Literature Review The literature review consisted of the following steps: (i) search terms formulation; (ii) electronic searches; and (iii) selection and analysis. To perform the first step, the employed keywords differed according to all the above-formulated questions. For Question 1, the English search was based on the following words: resilience, ER, and supply chain resilience as so: TITLE-ABS-KEY ("resilien *" AND ("enterprise" OR "supply chain")). Question 2 was about loss of ER, and the search for keywords encompassed the following terms: disruption, disruptive event, interruption, disturbance, crisis, perturbation, risk, and disruption source, as so: TITLE-ABS-KEY ("resilien *" AND ("disruption" OR "disruptive event" OR "interruption" OR "disturbance" OR "crisis" OR "perturbation" OR "risk" OR "disruption source")). The keywords employed in the search to answer Research Question 3 were similar to those used for Research Question 1 because the main enterprise capacities to make companies more resilient were identified in the results of Research Question 1.
Finally, in order to answer Research Question 4, the used keywords were: enhancement, improvement, assessment, and actions, following this search: TITLE-ABS-KEY ("resilien *" AND ("enhancement" OR "improvement" OR "assessment" OR "actions")). The search for all these terms was carried out in conjunction with the keyword par excellence of this work: ER.
Regarding the second step, electronic searches were performed using two relevant databases: Web of Science and Scopus. The literature review firstly included a review of publications according to theirs Journal Citation Reports (JCR) impact index. Subsequently, the review was extended to other information sources, such as conference proceedings, books, book chapters, theses, technical reports, deliverables of research projects, etc., by following the references of the journals' publications. With all this information, the literature review analyzed 180 publications from 1967 to 2019. Any publications prior to the year 2000 primarily included publications of two types: on the one hand, publications of the first definitions of the resilience concept; on the other hand, publications of the case studies and disruptive events from the past, such as the cyanide contamination of Johnson & Johnson's Tylenol drug capsules in 1982 [50] or the benzene contamination of Perrier water bottles in 1990 [51].
Moreover, it is worth mentioning that, in order to respond to Research Question 2, alternative information sources were used because the previous scientific databases did not provide the necessary insights to identify the most frequent events that negatively affected ER. To do so, the reports issued by consulting firms that perform annual surveys to study the disruptive events that keep most business up at night were used (from 2009-2019) [52][53][54][55][56][57][58][59][60].  [50] or the benzene contamination of Perrier water bottles in 1990 [51]. Moreover, it is worth mentioning that, in order to respond to Research Question 2, alternative information sources were used because the previous scientific databases did not provide the necessary insights to identify the most frequent events that negatively affected ER. To do so, the reports issued by consulting firms that perform annual surveys to study the disruptive events that keep most business up at night were used (from 2009-2019) [52][53][54][55][56][57][58][59][60].

Step 3. Delphi Study
The outputs obtained in the previous step focused on: (i) identification of the most critical disruptive events that negatively affect ER; (ii) recognition of the enterprise capabilities that can support the enhancement of ER; (iii) definition of the actions to make enterprises more resilient were validated in a Delphi study until no further updates were possible. The Delphi study was based on the following activities: (i) formulation of the problem; (ii) choice of experts; (iii) preparing and launching questionnaires; and (iv) practical development and exploitation of the results [61]. Problem formulation consisted of assessing the most critical previously identified disruptive events and proposing actions to improve ER. Different criteria were used for the choice of experts by considering, for instance, level of education, profession, position, years of experience, and knowledge domain,  Step 3. Delphi Study The outputs obtained in the previous step focused on: (i) identification of the most critical disruptive events that negatively affect ER; (ii) recognition of the enterprise capabilities that can support the enhancement of ER; (iii) definition of the actions to make enterprises more resilient were validated in a Delphi study until no further updates were possible. The Delphi study was based on the following activities: (i) formulation of the problem; (ii) choice of experts; (iii) preparing and launching questionnaires; and (iv) practical development and exploitation of the results [61]. Problem formulation consisted of assessing the most critical previously identified disruptive events and proposing actions to improve ER. Different criteria were used for the choice of experts by considering, for instance, level of education, profession, position, years of experience, and knowledge domain, among others. Some studies have suggested calculating the expert competence coefficient that it is obtained from the self-assessment of experts' opinions about their level of knowledge about the research problem as well as the sources that allow experts to reason the established criteria [62]. In this research, choice of experts was performed by qualitatively following the expert competence coefficient principle.
The questionnaire included the disruptive events identified in Step 2 and the proposal of preventive actions for each disruptive event. The questionnaire included a three-point Likert scale, where experts had to indicate the interest of each proposed preventive action (much, average, or little interest). Experts were also invited to add new interesting preventive actions to each disruptive event. The questionnaire was answered by 12 experts experienced in different areas and with diverse expertise, as shown in Table 4 based on the recommendation performed by [61], who state that the optimal number of experts should lie between seven and 30. With regards to the results, it is worth mentioning that the proposed framework initially included 56 disruptive events, 310 actions to enhance ER from a proactive point of view and the outline of actions to enhance ER from a reactive viewpoint. The experts suggested 18 more disruptive events, of which only 15 were included in the conceptual reference framework during a second round. Of the 310 preventive actions, 3% were eliminated after the first round, and 125 preventive actions were included upon the experts' request. During the second analysis round, the experts assessed the new situation after eliminating the preventive actions and adding the new ones. Twenty-two preventive actions were eliminated, as they were classified as not interesting. This left a conceptual reference framework with 403 preventive actions. However, it should be noted that the same preventive action can apply to several disruptive events and, therefore, this left 312 different preventive actions. In order to validate the actions to enhance ER from a reactive viewpoint, the analysis was performed from a qualitative perspective and the experts made suggestions with open questions.

Developing the Conceptual Reference Framework
Based on the research foundations analyzed with the literature review in Section 2, three assumptions were defined as truths to provide the required basis for building the ER theory in the present research work.

Assumption A: Disruptions have a negative impact on enterprises' performance.
This assumption is coherent with the literature review because many authors [5,29,47,63] state that any significant disruption has negative consequences on enterprises' performance, whether they are measured as sales, production levels, profits, customer services, or other relevant metrics.
In this research, disruptions were considered to be either foreseeable or unforeseeable situations that negatively affect an enterprise's normal operation and stability. The theoretical framework must include the widest possible range of disruptive events that negatively influence enterprises' operation.

Assumption B: Prevention against disruptions guarantees the enterprise's long-term overall operation.
In the literature, we found prevention, anticipation, and avoidance synonymously. Reference [32] highlights that enterprises should anticipate the occurrence of disruptions and prepare their SCs for any expected and unexpected changes in the environment.
Melnyk et al. [64] state that the preparedness capacity is composed of four phases, the first of which is avoidance, if at all possible, of the disruption occurring. Moreover, there are definitions of ER that explicitly encourage prevention to guarantee business continuity, such as "the capacity to anticipate unsafe and unexpected events for organizational survival in the face of threats, including the prevention or mitigation of failures in the systems" [65].
Assumption C: Recovery competences enhance the response to disruptions for enterprises to get back to their normal operation.
Dalziell et al. [44] state that a key concept in system resilience is the system's ability to respond and recover from an event. Melnyk et al. [64] point out that the capacity of resilience is a key element in its recovery competences to find a return path (recovery) to a steady state of functionality (stabilization) once disruption has occurred. Ponomarov and Holcomb [66] place much emphasis on the efficient and effective response of enterprises to be able to recover to their original state or to improve their state after disruption. Moreover, the proposed conceptual reference framework is also based on the notion that enterprises with high preparedness and recovery capabilities will be more resilient.
Enterprises that encourage proactive strategies will be more prepared to face expected-but also unexpected-events, which will confer enhanced ER. Moreover, if enterprises have well-defined recovery strategies and actions plans, when a disruption is inevitable, they will recover from that negative situation more resiliently.
This is based on the definition of ER (see Table 2), which mainly highlights the importance of avoiding [27] and anticipating [28] disruptive events and, when their occurrence is certain, the importance of recovering normal enterprise operation [13,27,28,30,31].
Another conception on which the framework is based is that the preparedness capability is enhanced as preventive actions are activated and implemented.
A proactive policy emphasizes preventive plans that define what can be done to avoid specific disruptive events or to avoid them from occurring as much as possible. Building resilience is not a one-time experience but spans over time from pre-event strategies [67]. Many studies support the notion that resilience-related processes include functions and tasks to prevent disruptions [13].
For those unavoidable disruptive events, this research believes that efforts should focus on mitigating their negative consequences. For this reason, the proposed framework was built based on the notion that recovery capability enhances as knowledge registration actions are performed.
To improve ER, an enterprise's better ability to recover as quickly and efficiently as possible is performed through its knowledge. For this reason, enterprises should be constantly learning and innovating to face the recovery process with the necessary available knowledge to facilitate returning to their normal operation. This is supported by the literature with the studies of Sutcliffe and Vogus [23], who assert that ER is obtained through processes that create cognitive, emotional, relational, or structural resources in a sufficiently flexible, storable, convertible, and malleable form to allow companies to successfully cope and to earn from what is unexpected. In this way, the most resilient companies will be those with a structure that facilitates learning and reusing knowledge. Dalziell et al. [44] also explain that one of the ways by which a system can recover from adverse situations is by applying available responses to deal with disruptive events. To do so, in-depth knowledge of the available responses to face the disruptive events that have already occurred is required to reuse the knowledge generated from past recovery actions.

Conceptual Reference Framework Elements
Through the different ER definitions shown in Table 2, disruptions were identified as the common element to trigger lack of ER. For this reason, disruptions deserve special attention because they are the reason why companies must react to face them and guarantee their survival. In addition, from the definitions of the term resilience, different authors point out some main capacities, such as building a resilient organization and preparedness and recovery capacities [13,27,28,30,31]. The literature also reveals that one of the suitable mechanisms to anticipate disruptive events occurring is by implementing preventive actions. Moreover, once the disruptive event has occurred, it is also adequate to register all the information related to this disruption. Therefore, knowledge registration actions will provide valuable information to recover more quickly and efficiently. In light of this, the proposed conceptual reference framework comprised three main elements: (i) disruptions; (ii) constituent ER capacities (preparedness and recovery); (ii) transition elements (preventive and knowledge registration actions). They will allow the transition from a company's current status (AS IS) to a future one (TO BE). Figure 2 represents the ER conceptual reference framework. A proactive policy emphasizes preventive plans that define what can be done to avoid specific disruptive events or to avoid them from occurring as much as possible. Building resilience is not a one-time experience but spans over time from pre-event strategies [67]. Many studies support the notion that resilience-related processes include functions and tasks to prevent disruptions [13].
For those unavoidable disruptive events, this research believes that efforts should focus on mitigating their negative consequences. For this reason, the proposed framework was built based on the notion that recovery capability enhances as knowledge registration actions are performed.
To improve ER, an enterprise's better ability to recover as quickly and efficiently as possible is performed through its knowledge. For this reason, enterprises should be constantly learning and innovating to face the recovery process with the necessary available knowledge to facilitate returning to their normal operation. This is supported by the literature with the studies of Sutcliffe and Vogus [23], who assert that ER is obtained through processes that create cognitive, emotional, relational, or structural resources in a sufficiently flexible, storable, convertible, and malleable form to allow companies to successfully cope and to earn from what is unexpected. In this way, the most resilient companies will be those with a structure that facilitates learning and reusing knowledge. Dalziell et al. [44] also explain that one of the ways by which a system can recover from adverse situations is by applying available responses to deal with disruptive events. To do so, in-depth knowledge of the available responses to face the disruptive events that have already occurred is required to reuse the knowledge generated from past recovery actions.

Conceptual Reference Framework Elements
Through the different ER definitions shown in Table 2, disruptions were identified as the common element to trigger lack of ER. For this reason, disruptions deserve special attention because they are the reason why companies must react to face them and guarantee their survival. In addition, from the definitions of the term resilience, different authors point out some main capacities, such as building a resilient organization and preparedness and recovery capacities [13,27,28,30,31]. The literature also reveals that one of the suitable mechanisms to anticipate disruptive events occurring is by implementing preventive actions. Moreover, once the disruptive event has occurred, it is also adequate to register all the information related to this disruption. Therefore, knowledge registration actions will provide valuable information to recover more quickly and efficiently. In light of this, the proposed conceptual reference framework comprised three main elements: (i) disruptions; (ii) constituent ER capacities (preparedness and recovery); (ii) transition elements (preventive and knowledge registration actions). They will allow the transition from a company's current status (AS IS) to a future one (TO BE). Figure 2

Characterization of Disruption
In the literature, no unanimity has been reached about the most appropriate term to designate disruption as concepts such as crisis, perturbation, uncertainty, risk, etc., which are used synonymously [47,[68][69][70][71][72][73][74]. Likewise, the literature review revealed that no consensus has been reached on the terms to designate disruption, their causes or sources, along with their consequences, impact, or effects. All terms are sometimes used with the same meaning, which can lead to much confusion. For example, a fire in a supplier (where the supplier's production system is actually damaged) that has to deliver components to a customer may be considered the reason (source) why the customer does not receive components in time, as it delayed the delivery of components (the disruptive event for the customer), whose long-term consequences may involve interrupting the customer's production system. However, from the supplier's point of view, the fire is both the source and the disruptive event at the same time because it is the cause of and the origin by which the supplier also interrupts its production with delays for delivering components (Table 5). For this reason, it is important to characterize disruptions and to classify clearly and concisely: what actually causes disruptions (source), what exactly the disruptive events are, and what their consequences are. Sanchis and Poler [75] consider that a disruption is constituted by the following three components: • Source: the origin that causes the disruption. Moreover, these authors divide the source component into two subcomponents: -Level: the level of a disruption is related to the different segments in which a disruptive event occurs. Based on the works of [1,50,53,76], three different levels are considered: The intra-enterprise level from which the disruption stems within the enterprise; The inter-enterprise level that encompasses all the supply network entities (in this case, the level of the disruption source can be any entity of the supply network); The extra-enterprise level from which the disruption originated in other entities beyond the supply network. Aspects such as natural phenomena, political factors, etc., are also categorized at the extra-enterprise level [77,78].
-Origin: based on the work by Sanchis and Poler [79], the conceptual reference framework involves the following origins-customers, distribution, energy, environmental, financial, inventory, legislation, production, social, supply, and technology.
• Disruptive event: disruptive events are considered situations and realities that cause a disturbance to and/or alteration in companies' daily operations. Some authors [47,73,80] argue that a disruptive event always interrupts business activity. For these authors, a disruptive event is considered to be any alteration in the flow of materials, monetary, information, etc., that interrupts the enterprise's normal operational conditions and thus makes it vulnerable by reducing its performance and competitiveness. However, in the present research work, a disruptive event is a foreseeable or unforeseeable event that affects an enterprise's usual operation and stability but does not necessarily interrupt its activities. Currently, the conceptual reference framework is composed of a collection of 71 disruptive events classified according to the previous 11 origins of disruption sources. • Consequence: any disruptive event with negative effects on the enterprise. Sheffi and Rice [5] explain that the effects of any significant disruptive event cause loss of business performance. The disruptive events effects could be of diverse natures. The Business Continuity Institute, in its annual resilience survey [56], points out that the most important consequences in order of their importance are: loss of productivity, customer complaints, increased production costs, loss of revenue, poor services prevision, stakeholder concern, reputational, image and brand damage, delays in delivering products, delays in cash flows, withdrawal of products, expected increase in regulations, scrutiny, loss of regular customers, payment of service credits, fines due to repeated breaches, and loss in share prices.
The understanding of disruption consequences has progressed following the works of scholars such as Sanchis and Poler [75], who developed a categorization framework of disruptions in which the consequences of disruptive events are classified as: (i) business interruption; (ii) damage to reputation/brand; (iii) delays to and failed due dates; (iv) failure to attract or retain top talent; (v) failure to meet customer needs; (vi) high inventories; (vii) impossibility to pay personnel, suppliers, taxes; (viii) increase in final product prices; (ix) increased production costs; (x) injury to end customers; (xi) injury to workers; (xii) loss of intellectual property/data; (xiii) loss of networked communication; (xiv) physical damage; (xv) reduced sales; (xvi) understaffing; (xvii) unfulfilled orders. The conceptual reference framework is built on the bases defined by these authors as their classification involves the most usual and easy ones to understand and quantify (by companies) consequences.
Finally, it is noteworthy that there is also much confusion in the literature about differentiating disruption sources, disruptive events, and their consequences. Some authors point out that, for example, a company's bad reputation is a disruptive event. However, in the present research work, a company's bad image is not a disruptive event per se, but the consequence of some adverse situations that have occurred and have damaged the company's image.

Constituent Capacities of ER
Another component of the ER conceptual reference framework is the constituent capacities of ER. The different definitions of ER frequently include features that address this concept. Aspects such as anticipation and preparation, adaptation, and recovery are used in the different ER definitions in Table 2. These aspects are related to the resilience capabilities identified by Ponomarov et al. [66]: (i) disposition and preparation; (ii) response and adaptation; (iii) recovery or adjustment.
Mitroff et al. [81] affirm that resilient companies are proactive and, thanks to their preparation and anticipation, they recover better from difficulties. Bhamra et al. [82] state that the resilience concept is both multidisciplinary and multifaceted; multidisciplinary because different areas manage the resilience applied to their knowledge domains, as defined in the convergent approach by Caralli et al. (2010); multifaceted because resilience comprises different capacities, such as the capacities of preparedness, adaptation, and recovery. Ponomarov et al. [66] also consider the resilience concept to be multidimensional and multidisciplinary. Mitroff et al. [81] assert that resilient enterprises are proactive and, thanks to their preparation and anticipation, they rebound better from difficulties. Ivanov et al. [83] highlight two main basic approaches to hedging SCs against negative impacts of different disruptions: (i) proactive approaches to create certain protections and to take possible perturbations into account without recovery considerations; (ii) reactive approaches that aim to adjust SC processes and structures in the presence of unexpected events. However, resilience is not only supported by preparedness and recovery capabilities but also implies adaptation to flexibly change and adjusting to new circumstances.

• Preparedness Capacity
With today's fierce competition and enormous competitive pressures, companies tend to take more "calculated risks" [69], which are risks that must be accepted to improve competitiveness, reduce costs, and enhance profitability. However, those enterprises that take more calculated risks may have adverse consequences that jeopardize their ability to serve ordered products to end customers, which will affect the enterprise fulfilling its long-term objectives [69].
Paton and Johnston [84] argue that human beings tend to think that we are better prepared for any adverse circumstances than we really are. This way of thinking also affects companies. These authors state that, when individuals receive information about how prepared he/she is to deal with a specific disruptive event, they overestimate their potential to cope with it. In most cases, input information does not cause, as would be desirable, the activation of appropriate measures to improve the preparedness capacity. Haimes et al. [67] argue that a balance must be sought between protection actions and resilience as means to improve the overall efficiency of preparedness.
An enterprise's ability to be prepared to face disruptive events is related to its vulnerability to such events. The more vulnerable a company is, the less prepared it is. For this reason, it is important for enterprises to get ahead of themselves to minimize the negative effects of disruptions.

• Recovery Capacity
The ability to respond and recover from a disruptive situation is key for bolstering ER. In today's highly dynamic environments, a company is never a static entity. Some sectors are more stable than others, but a company that remains static in the same position over time will lose its potential to achieve its goals. Businesses must also change in response to changing environments in order to preserve their competitive advantage [85]. These authors also argue that after a disruptive event occurs, a company should not aim to recover and overcome that disorder by returning to its initial state but must recover and reach the level (maybe the same as the initial one, or a lower or higher one) at which its competitive advantages are maintained. The dynamism of the environment may mean that, during the recovery period, the changes that occurred in the environment mean that the state the enterprise must reach after its recovery differs from the initial state at which the company operated before being impacted by such a disruptive event. Therefore, the steady state that it reaches must be aligned with the conditions of its current external environment [44].

• Adaptive Capacity
Adaptive capacity is defined as the degree of the system to modify its circumstances and move towards a condition of stability [86]. Dovers and Handmer [87] also highlight the importance of the adaptive capacity by describing that proactive resilience accepts the inevitability of change and attempts to create a system that is capable of adapting to new conditions and imperatives. Thus, the company must be prepared for disruptive events, and the more adaptable it is, the easier for it to anticipate such events.
The term adaptative capacity is also a key concept in today's business continuity strategies. Adaptive capacity is defined by Starr et al. [88] as a company's ability to modify its strategy, operations, systems management, structure, and decision capabilities to endure disruptive events. McManus et al. [3] considers adaptive capacity to be a measure of business culture and dynamics to appropriately make decisions in the time required in both daily activities and in the face of crises and disruptive events. Ricciardi et al. [89] also support this and highlight that a firm's performance in turbulent business environments strongly depends on the adaptive (re)generation of their business models.
Christopher [90] states that resilient processes are flexible, agile, and capable of rapidly changing. The dynamic nature of adaptive capacity allows companies to recover after having been impacted by a disruptive event so they return to their original state or reach a more desirable one. Following the works of [90], the dynamicity of the adaptive capacity also allows companies to be prepared before disruptive events occur by them implementing anticipation actions flexibly and agilely. This is why the adaptive capacity in the present ER conceptual reference framework is considered an intrinsic characteristic of the capacities of preparedness and recovery and not a constituent capacity, per se, of ER.
In a nutshell, when a disruptive event occurs, a company is pushed from a state of relative equilibrium to another state characterized by instability. The ease with which the company moves to this new unstable state is a measure of its vulnerability [44], understood as a lack of the preparedness capacity to deal with the disruptive event, while the degree with which the company responds to this change is a measure of its recovery capacity.

Transition Elements to Enhance ER
To improve ER, the actions to be implemented are defined according to the time when they are adopted to mitigate the effects of disruptive events. Tomlin [91] describes two general approaches to deal with disruptive events: mitigation and contingency policies. Sanchis and Poler [92] also argue that actions must encompass two perspectives: on the one hand, proactive actions to be prepared to face adverse situations; on the other hand, reactive actions that are applied to facilitate the recovery process. Both must be planned before the disruptive event occurs, although mitigation policies are implemented prior to the event occurring, while contingency policies are generally implemented after an event has taken place. In this research work, mitigation policies are preventive actions to enhance the preparedness capacity, while contingency ones are the knowledge registration actions that improve the recovery capacity.

• Actions to Enhance the Preparedness Capacity: Preventive Actions
The company implements preventive actions before disruptive event occurs and, therefore, they are essentially proactive in nature [4]. A proactive policy emphasizes preventive plans for defining what may be done to avoid specific disruptive events or for preventing them from occurring as much as possible. For those inevitable disruptive events, effort should focus on mitigating their negative consequences.
Preventive actions are policies and/or actions that attempt to reduce the probability of the occurrence and/or severity of a disruptive event. Barroso et al. [47] state that preventive actions should be address: (i) reducing the probability of disturbance occurring; (ii) reducing the negative impact of disturbance; (iii) both.
Chopra et al. [70] point out the following preventive actions as being effective for improving ER: increased capacity, safety stock, redundancy in the supplier base, increased flexibility, aggregate demand, increased and improved business skills, and diversification regarding customers, so that dependence on a single key customer is not strong. All these preventive actions are perfect for facing a specific disruptive event and can be of much help to companies globally. However, not all preventive actions are adequate for all disruptive events, and they must be adapted according to the specificity and the characteristics of potential disruptive events.
The conceptual reference framework to assess ER offers a collection of preventive actions that have been customized to each type of disruptive event. The proposal of preventive actions, which was developed based on an exhaustive literature review, was verified by a panel of experienced experts in each origin of disruption sources during two consecutive rounds in a Delphi study, as described in Section 3 (more information in [93]). Initially, the proposal included 310 preventive actions, of which 3% were eliminated after the first round, and 103 preventive actions were included upon the experts' request. During the second analysis round, the experts evaluated the new situation after eliminating the preventive actions and including the new ones by drawing up the list of the definitive preventive actions making up the predefined list of preventive actions for each disruptive event. Currently, the conceptual reference framework contains 403 preventive actions, but it is noteworthy that the same preventive action can apply to different disruptive events, which left 312 different preventive actions.

• Actions to Improve the Recovery Capacity: Knowledge Registration Actions
ER is in accordance with the ability to anticipate and be prepared for disruptive events (by implementing preventive actions) but also with the ability to recover once a disruptive event has occurred. To improve ER, the company's ability to recover as quickly and efficiently as possible is performed by managing its knowledge. Ponomarov et al. [66] argue that one of the most difficult aspects of the recovery phase is the restoration of social routines and economic activities. These authors explain that part of the recovery process consists of restoring people's psychological stability after the disruptive event, and it also involves learning positive lessons from the experience to be applied in the future if the same event or another one with similar effects happens.
Wildavsky [94] argues that resilient organizations are vitally prepared for adversity, which requires improving the company's recovery capacity to research, learn, and act without knowing in advance what will happen. Vogus and Sutcliffe [95] point out that recovery is based on both past and future learning. Following the same line of thought, the recovery capacity is based on the human capacity to learn and act in a timely manner with valid information [96].
Sutcliffe and Vogus [23] argue that ER is obtained through processes that create cognitive, emotional, relational, or structural resources in a sufficiently flexible, storable, convertible, and malleable form that enables companies to successfully cope and learn from the unexpected. In this way, the most resilient companies are those with a structure that facilitates learning and reusing knowledge from an organized knowledge storage basis.
Dalziell et al. [44] also explain that one of the ways in which a system can recover from adverse situations is applying available responses to deal with disruptive events. To do so, profound knowledge of the available responses to disruptive events that have already occurred is required to reuse the knowledge generated in past recovery actions.
In light of this, information availability is basic and, for this purpose, registering information about (i) the disruptive events that took place and (ii) the measures taken to recover in the shortest possible time and with at the lowest cost is vitally important to improve the recovery capacity, one of the two vital cornerstones of ER. In 1996, Del Olmo and Sáiz [97] already pointed out the need for companies to increase the resources addressed to knowledge acquisition. However, it is not only important to record historic information, but a company's commitment to record knowledge about future events as and when they occur is also vital. Long-term continuity in knowledge registration of all the disruptive events that have affected the company at some point in its life cycle is required to ensure that knowledge is available whenever required.
The conceptual reference framework is based on the fact that knowledge management will improve companies' resilience because it will: (i) be reused whenever necessary (e.g., when the same disruptive event occurs or a similar one with related effects); (ii) be shared with all stakeholders so that they all are aware of the consequences of disruptive events and which steps are to be taken to recover efficiently; (iii) be systematically and continuously improved with new experiences; (iv) be used for continuous learning. Therefore, one of the most important factors for improving the recovery capacity after disruption is having an appropriate knowledge management system. The conceptual reference framework emphasizes this aspect with the design of a knowledge resilience structure.

Global Overview of the ER Conceptual Reference Framework
The ER Conceptual Reference Framework is represented in Table 6. This table shows a small section of the conceptual reference framework. The characterization of disruptions is composed of: the level at which the disruptive event originated, the origin and the suborigin of the disruptive event's origin, and the disruptive events' collection and consequences (based on the categorization framework of disruption defined by Sanchis et al. [81]).
From the preparedness perspective, the complete framework can be found in the Supplementary Materials Table S1 and in reference [98]. More than 400 preventive actions are currently defined in the conceptual reference framework. Each preventive action is specific for each disruptive event. However, it is worth noting that preventive action could also be applied to different disruptive events.       From the recovery perspective, the ER conceptual reference framework addresses the registration of knowledge about: (i) the occurrence of disruptive events; (ii) the recovery actions performed to re-establish the enterprise's normal operation. The conceptual reference framework offers guidelines about the information required per disruptive event to set up a knowledge basis in order to improve the recovery capability. This small section (Table 6) of the ER Conceptual Reference Framework involves 11 disruptive events and one per disruption origins. However, it is worth mentioning that the framework involves seven events from the supply origin, nine disruptive events related to customers, six from distribution issues and six related to technological problems, two related to energy aspects, 11 regarding environmental issues, four financial disruptive events, seven related to inventory features and seven social aspects, three events about legislation problems, and nine of production aspects. This totals 71 disruptive events.
By way of example, one of the disruptive events shown in Table 6 is "Poor quality of the raw materials or components supplied". This event takes place at the inter-enterprise level because it involves the enterprise's suppliers. For this reason, the origin of the disruptive event is "supply ", and the suborigin is "quality", as the disruptive event is also related to problems about the quality conditions of the supplied materials. If this disruptive event occurs, the potential impact on the enterprise involves the following consequences: (i) business interruption; (iii) delays to and failed due dates; (v) failure to meet customer needs; (x) injury to end customers; (xvii) unfulfilled orders. Once the enterprise has characterized the disruptive event based on the information provided in the conceptual reference framework, the company will be able to analyze which preventive actions it could implement to be prepared to face such disruptive events. Following the previous example, in this case, the conceptual reference framework offers seven alternatives to improve the preparedness capacity. For instance, if the enterprise has a safety stock, it will be able to continue operating at its normal operation level, while the supplier manages the situation to supply raw materials in perfect state. In this case, implementing such a preventive action will avoid the enterprise having to interrupt its production line while it awaits raw materials of the required quality. Finally, if this event occurs and the enterprise has not implemented any preventive action or those implemented fail, recovery will be easier and more efficient if the enterprise has recorded past information about the same disruptive event and how the situation was solved on that occasion. For this reason, the conceptual reference framework offers recommendations about the information to be registered for future events.

Conclusions
This paper proposes the Enterprise resilience Conceptual Reference Framework to characterize ER capacity. To do so, this paper reviews different ER definitions in Section 2 to identify its main characteristics and the importance of being resilient. In this way, Research Question 1 is answered. Moreover, this review evidences that only a few ER assessment attempts have been developed. The main objective of the proposed conceptual framework is for it to be a reference basis to develop mechanisms that assess the ER capacity of companies and, thus, to take support companies' decision makers about which actions have to be implemented to enhance the ER capacity.
The first conceptual framework element is to identify the most frequent events with a negative impact on the ER capacity. To do so, a literature review validated by a panel of experts was performed so that Research Question 2 was answered. The current framework version contains 71 disruptive events that have been classified as the most worrisome in recent years by companies.
Moreover, by analyzing ER definitions, the main enterprise capabilities for companies to be resilient were identified. This identification responded to Research Question 3 by pointing out that, among others, preparedness and recovery capabilities are the two most quoted one in the analysis of ER definitions. From the small sample of ER definitions (11 definitions) in Table 2, 54% of them highlight disposition and preparation as the ways to be more resilient [13,22,25,27,28,30,31], and 72% of the ER definition points out either recovery or adjustment [13,[25][26][27][28][29][30][31]. With a sample of 56 ER definitions, the results follow the same tendency. In light of this, the ER Conceptual Reference Framework is based on the proactive and the reactive perspective by considering the preparedness capacity and the recovery capacity, respectively, to be constituent capacities of ER.
In addition, the conceptual reference framework also proposes actions to support companies to enhance the ER process that has been designated as transition elements. It is assumed that the preparedness capability can be enhanced as preventive actions are activated and implemented. This is supported by [70], who second that preventive actions are effective mechanisms for improving ER, and by [47], who state that the preventive actions are directed to: (i) reduce the probability of the disruptive event occurring; (ii) reduce the negative impact of the disturbance; (iii) both, which will enhance the preparedness capacity. Moreover, it is theorized that the recovery capability can be enhanced by implementing knowledge registration actions. This is supported by [44,66,94,95], who state that the recovery capability can be improved by implementing past actions, which means that it is very important to register the knowledge of such past actions to learn positive lessons from those experiences, which facilitates the restoring process.
Moreover, the Delphi study performed by a panel of experts from different knowledge domains (academics, industry professionals, consultants, researchers, etc.) was used to validate all the transition elements included in the ER Conceptual Reference Framework. The current framework version contains 403 preventive actions and the design for knowledge registration actions, which supports the response to Research Question 4.
The ER Conceptual Reference Framework has much potential to provide management insight into disruptive events that need prior attention given their critical nature and periodicity. This framework will support managers to identify highly rated critical disruptive events that can severely degrade ER. This approach must be based on assessing the frequency and the severity of an enterprise's disruptive events.
Besides, the framework also contributes by facilitating the decision-making process by proposing sets of anticipatory actions to acquire further information about what they can do to be prepared for the unexpected.
Finally, the framework provides managerial guidance for designing the knowledge resilience structure to create a learning and knowledge strategy to improve ER.
The ER Conceptual Reference Framework needs to be followed by empirical validation. To date, the feedback received by the Delphi study's experts was very positive and conferred the proposed framework much potential.
Further research will focus on developing quantitative methods and tools to assess to what extent enterprises are resilient based on this framework. The literature review evidenced a lack of measurement and assessment tools to support the ER capacity analysis. For this reason, the present research work will continue by addressing measurement and implementation issues. Indeed, the conceptual reference framework will be the basis for developing a mechanism to measure and enhance the ER capacity. To do so, further research lines will focus on measuring the ER capacity from both proactive and reactive perspectives. The current preparedness and the recovery capacity status (AS IS ER model) of companies should be quantitatively assessed and, based on this characterization, the TO BE ER model will be defined. From the preparedness viewpoint, this definition should involve selecting the optimal preventive actions based on some criteria, such as costs, operating usefulness of the implemented actions, and implementation time, to mention just a few. This will require using optimization and simulation algorithms. Well-adapted ones can be the algorithms addressed to solve mixed-integer linear programming. Other potential approaches may involve mathematical programming in deterministic and fuzzy contexts, genetic algorithms, fuzzy cognitive maps, system dynamics, discrete events simulation, and agent-based simulation. From the recovery point of view, the TO BE ER model definition can benefit from the knowledge management system structure design of the proposed framework.
At this point, it is worth mentioning that resilience is not a static goal but future research lines proposed to measure resilience as an evaluation of current and future states in terms of preparedness and recovery capabilities. For this reason, it is important to highlight that the conceptual reference framework is an openly dynamic approach that can be updated whenever necessary by including more disruptive events that we presently do not even think could happen.
Future further research areas will also involve analyzing the resilient capacity of organizations whose main activity does not purely focus on manufacturing products but those entities that offer services, such as healthcare and tourism sectors.
Finally, other researchers are also expected to benefit from this proposal to help them to support their current ER-related research.
Author Contributions: This work forms part of the research of R.S., supervised by R.P and L.C. R.S., which defined the enterprise resilience conceptual reference framework based on a set of disruptive events with potential preventive actions to improve the preparedness capability and the knowledge registration actions design to improve the recovery capability. R.P. and L.C. supported the definition of the research assumptions and assessed all the ER Conceptual Reference Framework elements. Likewise they both revised and oversaw all the issues related to this research. All authors have read and agreed to the published version of the manuscript.