Optimising the Preparedness Capacity of Enterprise Resilience Using Mathematical Programming

In today’s volatile business arena, companies need to be resilient to deal with the unexpected. One of the main pillars of enterprise resilience is the capacity to anticipate, prevent and prepare in advance for disruptions. From this perspective, the paper proposes a mixed-integer linear programming (MILP) model for optimising preparedness capacity. Based on the proposed reference framework for enterprise resilience enhancement, the MILP optimises the activation of preventive actions to reduce proneness to disruption. To do so, the objective function minimizes the sum of the annual expected cost of disruptive events after implementing preventive actions and the annual cost of such actions. Moreover, the algorithm includes a constraint capping the investment in preventive actions and an attenuation formula to deal with the joint savings produced by the activation of two or more preventive actions on the same disruptive event. The management and business rationale for proposing the MILP approach is to keep it as simple and comprehensible as possible so that it does not require highly mathematically skilled personnel, thus allowing top managers at enterprises of any size to apply it effortlessly. Finally, a real pilot case study was performed to validate the mathematical formulation.


Introduction
The frequency and intensity of disasters continue to increase [1], which is why supply chains and enterprises need to be flexible, agile, robust, organised, prepared and active in order to face any crisis in an efficient way.
Some studies and reports say that many organisations go out of business within two or three years after they experience a major disruption [2]. Therefore, companies in today's volatile business arena need to be designed to incorporate event readiness, provide an efficient and effective response, and be capable of recovering to their original state or even a better post-disaster state. The capacity to do so has been defined as enterprise resilience when it involves the intra-company level or a single company and supply chain resilience when it affects different entities of the supply chain (inter-company level) [3].
Enterprise resilience is the capacity to avoid, absorb, adapt to and recover from disruptions [4]. Woods [5] defined enterprise resilience as the capacity to anticipate unsafe and unexpected events for organisational survival in the face of threats, including preventing or mitigating failures in the system. Along the same line, Gilly et al. [6] understood enterprise resilience as an active capacity of the company to resist an external event, and a more proactive capacity to anticipate events and thus open new development pathways.

Literature Foundations
Dalziell and McManus [9], Paries [10] and Haimes et al. [11] studied the emergent properties of resilience and considered that it cannot be directly measured as an assessment of the AS IS status. Nevertheless, it is necessary to analyse, in a certain instance, how much an enterprise is prepared to face specific disruptive events. In addition to this, having a great understanding of the AS IS state is as important as improving the current status towards an enhanced preparedness capacity status (TO BE) to deal with an unstable environment.
The literature review offers attempts to assess and enhance the resilience capacity of enterprises and supply chains. However, most of them are conceptual approaches, which are highly valuable contributions for the scientific knowledge theoretical building but are not practically useful for real application. Table 1 offers an overview of these approaches, as proposed by various authors; the review is based on the work performed by [12] and highlights the limitations hindering their practical application. Table 1. Analysis of approaches related to enterprise resilience enhancement.

Reference Approach Orientation Scope
Woods et al. [13] Conceptual Framework Enterprise Approach This approach is based on the principle that in order to achieve resilience, organizations need support for decisions about production/safety trade-offs. Enterprises require mechanisms to analyse when to relax the pressure on throughput and efficiency goals, i.e., making a sacrifice decision; how to help organizations decide when to relax production pressure to reduce vulnerability. To do so, the authors point out the following aspects: (i) Management commitment, (ii) Reporting culture, (iii) Learning culture, (iv) Preparedness/Anticipation, (v) Flexibility and (vi) Opacity (and its corollary, Observability).

Approach
The authors explain that resilience is a function of the vulnerability and adaptive capacity of the company. They use a systematic view of the company and state that one of the key aspects that defined a system is its purpose. Therefore, since a company is a system, the authors directly relate its resilience capacity with the ability to achieve its objectives and purposes. Companies usually map their mission through a series of key performance indicators (KPIs). The ease with which key performance indicators can drift to undesirable levels of instability is a function of the vulnerability of the system. Furthermore, the time it takes for such performance indicators to recover and achieve resilience is a function of the adaptive capacity.
Limitation L2. Excessive specificity of the approach. The definition of KPIs based on the mission of the company means that each company has different measurable metrics. This characteristic implies that each enterprise deals with the resilience enhancement in a different way.
McManus et al. [14] Indicators/Methodology Enterprise Approach This approach considers that the resilience of an organization involves three main axes: (i) situation awareness, (ii) management of the keystone vulnerabilities of an organization and (iii) the adaptive capacity. Based on these three main pillars, the authors develop the model called Relative Overall Resilience, by defining 15 indicators to assess resilience capacity. An extended version of this study may be found in Lee et al. [15].

Limitations
L2. Excessive specificity of the approach. The 15 indicators used to assess enterprise resilience are defined through case studies of organizations. For this reason, the generalizability of the research results is limited to the organizations participating in these case studies. L3. Resilience assessment but not enhancement. This approach offers information about the resilience profile of a company, but it does not offer any additional information regarding how to improve enterprise resilience.
Falasca et al. [16] Indicators Supply chain Approach A simulation-based framework that incorporates the following three determinants of resilience: density, complexity, and node criticality into the process of supply chain design. An updated research related to this area was carried out by Kim et al. [17], who propose a set of a metrics for supply network resilience in terms of the total number of node/arc disruptions.

Limitations
L4. Lack of optimisation It does not incorporate cost data into the agents' decision-making function, thus limiting the possibilities of performing relevant trade-off analyses.
The approach tests supply chain responses to different strategies for improving. disaster resilience but it does not look at the determination of an "optimal" strategy under different conditions.
Stolker et al. [18] Indicators Enterprise Approach This attempt applies multi-attribute utility theory to measure the management performance of operational resilience in an organization. The approach analyses some elements such as: understanding mission-critical processes, risk management performance, reward system, and cultural aspects. This research proposes a model using graph theory which holistically considers all the major enablers of resilience (supply chain agility, collaboration among players, information sharing, sustainability in supply chain, risk and revenue sharing, trust among players, supply chain visibility, creating risk management culture, adaptive capability and supply chain structure) and their interrelationships for analysis using an interpretive structural modeling approach. Limitation L3. Resilience assessment but not enhancement. L4. Lack of optimisation The approach quantifies resilience by a single numerical index but it does not offer insights about how to enhance resilience and which are the best strategies to achieve it.
Munoz et al. [24] Indicators Supply chain Approach Proposal of a model to assess a set of metrics for operational supply chain resilience in terms of recovery, impact, performance loss, profile length, and weighted-sum.

Limitation
L2. Excessive specificity of the approach. This approach is limited in scope to a serial three-tier supply chain with no backlog.
Apart from the previous attempts, we have only found one contribution that offers a more practical approach, namely the Supply Chain Resilience Assessment and Management (SCRAM TM ) tool defined by [25]. By measuring vulnerability factors such as turbulence, deliberate threats, external pressures, and resource limits, among others, and capability factors such as flexibility, efficiency, visibility, and adaptability, among others, the tool provides an evaluation of the resilience in a supply chain. However, the main limitation is related to its industry-specificity or even firm and product-level particularities, which requires the definition of more specialized metrics. Although these tools shed light on assessing resilience, the resilience subject is under-researched and warrants further study.
Based on the analysis performed in Table 1, some limitations regarding published enterprise and supply chain resilience research have been identified. These main limitations, as well as how the present research will deal with them, are presented in Table 2. Table 2. Advances beyond the state of the art (SoA).

Limitations
Progress Beyond the SoA L1. Conceptual approach, not practically implementable.
This research defines a simple but effective MILP that can be applied without difficulty in any enterprise. The mathematical formulation has been proposed from a management and business perspective in order to make it as simple and comprehensible as possible so that it does not require highly mathematically skilled personnel, thus allowing top managers to apply it easily. Moreover, a pilot case study has been performed in a real company to validate the mathematical formulation and to show how the mathematical formulation could be applied.
L2. Excessive specificity of the approach.
The present research is based on Sanchis et al. [12] framework that encompasses 71 disruptive events that enterprises consider as threats to their continuity. Moreover, the current version of the framework also provides a set of 403 preventive actions from among whom to choose the most adequate actions to prepare in advance for disruptive events. The framework has been defined as a living approach. New disruptive events and preventive actions that companies wish to analyse may be included whenever required. Besides, it is important to highlight the generality of the approach taken in this research that allows it to be applied to any type of company, of any size and sector. Finally, the mathematical formulation offers a generic and easy-to-use mechanism to guarantee that it can be applied effortlessly.
L3. Resilience assessment but not enhancement. Most of the studies found in the literature review are mainly focused on measuring how resilient organisations are, but they do not offer guidelines and/or recommendations on how to enhance the resilience capacity. The present research optimises the activation of a set of preventive actions that enhance the preparedness capacity to reduce enterprises' proneness to disruptions and offers valuable information to support enterprises in their decision-making process aimed at becoming more resilient.

L4. Lack of optimisation
From a mathematical viewpoint, there are also very few approaches related to (i) enterprise resilience enhancement and (ii) the improvement of its constituent capacities: preparedness, adaptive and recovery. Manopiniwes and Irohara [26] developed a stochastic linear mixed-integer programming model for integrated decisions in the preparedness and response stages of pre-and post-disaster operations, taking into account three key areas of emergency logistics: facility and stock prepositioning, evacuation planning and relief vehicle planning. Sanchis and Poler developed a quantitative approach to enhance enterprise resilience by selecting optimal preventive actions using dynamic programming [27].
The use of sourcing strategies to achieve supply chain resilience under disruptions based on the definition of a scenario-based mathematical model including disruption risks and operational risks was developed in [28]. Other studies, such as [29], propose an optimisation model, and its solution determines the rerouting strategy for product flow through the supply chain under disruptions.
Other efforts have been made towards the development of fuzzy mathematical models, such as that defined in [30] for assessment of organisational resilience potential in small to medium-sized enterprises (SMEs) of the process industry. Other studies use fuzzy Delphi techniques such as [2], which defined an integrated Delphi-fuzzy logic framework for measuring SC resilience, and [31] which applied fuzzy Delphi mechanisms and a fuzzy best-worst method to identify and prioritize the relevant disaster resilience indicators for SMEs. A fuzzy linear programming enterprise input-output model was developed in [32] to determine optimal adjustments in production levels of multi-product systems when a crisis is induced by a loss of resource inputs. Another work related to resilience and mathematical modelling is that developed in [33] with the definition of a fuzzy multicriteria decision-making approach (using a fuzzy analytic hierarchical process and the fuzzy Technique for Order Preference by Similarity to Ideal Solution) to evaluate and rank organisational resilience factors with respect to user preference orders.
Tukamuhabwa et al. [34] stated that only limited research has been conducted on choosing and implementing an appropriate set of strategies to improve the capacity of resilience. Moreover, research in enterprise and supply chain resilience covers only specific contexts, such as disaster relief (e.g., [1]) and particular areas such sourcing, routing or production (e.g., [28,29,32], respectively). Based on this, and to the best of our knowledge, there have been only a very few studies addressing the optimisation of the resilient capacity of organisations to face disruptions, and those that are found are specifically focused on specific contexts and particular crises. Shirali et al. [35] also stated that sophisticated safety management systems have contributed to decreasing the number of usual accidents, but these classical approaches may not have been sufficient to prevent the occurrence of extraordinary incidents such as the COVID-19 pandemic that we are currently experiencing. There is no clear answer as to how to overcome such high-impact but low-probability events. However, it seems that some companies cope far better than others when they are resilient [36]. Consequently, there is a need for new approaches to enhance the resilience capacity.
For all these aspects, this paper proposes a mathematical formulation to optimise the implementation of actions that enhance the preparedness capacity to be more resilient. This research is based on the enterprise resilience conceptual reference framework defined by Sanchis et al. [12], shown in Figure 1. The framework is composed of three main sections:

1.
Disruption characterisation This section, based on the categorisation framework of disruption defined in [37], is in turn composed of the following: a. Source, divided into (i) the level at which the disruptive event originated and (ii) the origin and suborigin of the disruptive event. More information can be found in [38]. b.
Disruptive event per se, considered as a situation that causes a disturbance to a company's daily operations. The framework contains 71 of the most common disruptive events suffered by companies. c.
Consequences, which are a set of related effects that a specific disruptive event occurrence may cause.

2.
Constituent capacity In order to deal with the negative effects of disruptions, companies should be as resilient as possible. To accomplish this, the framework is focused on three main capacities of enterprise resilience: a. Preparedness: the readiness capacity to face disruptions, assessing whether companies have the knowledge, means and resources to be able to anticipate different disruptions [39]. b.
Adaptivity: defined as the degree to which the system can modify its circumstances and move towards a condition of stability [40]. Sandanam et al. [41] defined it as the capacity to respond to challenges through learning, managing risk and impacts, developing knowledge, and devising novel solutions. The dynamic nature of adaptive capacity allows companies to be prepared in advance and recover after having been impacted by a disruptive event.
Following [42], the dynamism of adaptive capacity is the reason why it is considered in the framework as an intrinsic characteristic of the capacities of preparedness and recovery and not a constituent capacity, per se, of enterprise resilience. c.
Recovery: the ability to respond to and bounce back from a disruptive situation, which is key to bolstering enterprise resilience.

3.
Transition elements In order to enhance preparedness and recovery capacities, companies need to take different actions. In the first case, the framework proposes preventive actions as proactive mechanisms to face inevitable disruptive events. In the second case, the framework points to knowledge management to guarantee that the necessary knowledge is available to be reused when necessary and facilitate the recovery process.
a. Preventive actions are policies and/or actions that are carried out in an attempt to reduce the probability of the occurrence or severity of a disruptive event or both [20]. They are proactive by nature. In case of inevitable disruptive events, effort should be focused on mitigating the negative consequences. b.
Regarding knowledge registration actions, Dalziell et al. [9] explained that one of the ways in which a system can recover from adverse situations is to apply available responses to deal with disruptive events. To do so, profound knowledge of the available responses to disruptive events that have already occurred is required in order to reuse the knowledge generated in past recovery actions.
knowledge, and devising novel solutions. The dynamic nature of adaptive capacity allows companies to be prepared in advance and recover after having been impacted by a disruptive event. Following [42], the dynamism of adaptive capacity is the reason why it is considered in the framework as an intrinsic characteristic of the capacities of preparedness and recovery and not a constituent capacity, per se, of enterprise resilience. c. Recovery: the ability to respond to and bounce back from a disruptive situation, which is key to bolstering enterprise resilience.

Transition elements
In order to enhance preparedness and recovery capacities, companies need to take different actions. In the first case, the framework proposes preventive actions as proactive mechanisms to face inevitable disruptive events. In the second case, the framework points to knowledge management to guarantee that the necessary knowledge is available to be reused when necessary and facilitate the recovery process. a. Preventive actions are policies and/or actions that are carried out in an attempt to reduce the probability of the occurrence or severity of a disruptive event or both [20]. They are proactive by nature. In case of inevitable disruptive events, effort should be focused on mitigating the negative consequences. b. Regarding knowledge registration actions, Dalziell et al. [9] explained that one of the ways in which a system can recover from adverse situations is to apply available responses to deal with disruptive events. To do so, profound knowledge of the available responses to disruptive events that have already occurred is required in order to reuse the knowledge generated in past recovery actions. In summary, when a disruptive event occurs, a company is pushed from a state of relative equilibrium to another state characterised by instability. The ease with which the enterprise is moved to this new unstable state is a measure of its vulnerability [9], understood as a lack of preparedness capacity to deal with disruptive events, while the ease with which the enterprise responds is a measure of its recovery capacity. In both cases, companies will be more prepared and will recover Adaptive Capacity Figure 1. Enterprise resilience conceptual reference framework (based on [12]).

II. Constituent Capacities
In summary, when a disruptive event occurs, a company is pushed from a state of relative equilibrium to another state characterised by instability. The ease with which the enterprise is moved to this new unstable state is a measure of its vulnerability [9], understood as a lack of preparedness capacity to deal with disruptive events, while the ease with which the enterprise responds is a measure of its recovery capacity. In both cases, companies will be more prepared and will recover more efficiently if they adapt more easily to changes. In order to enhance the preparedness and recovery capacities of enterprise resilience, the framework defines as proactive mechanisms the preventive actions to anticipate and be prepared for disruptive events and the knowledge registration actions to ensure that knowledge is available when required for reactive purposes. As mentioned above, this paper is only focused on mitigation policies, as they are the ones that will serve to improve the preparedness perspective of enterprise resilience. Figure 1 shows all the elements of the enterprise resilience conceptual reference framework; only the ones in blue, related to preparedness capacity, are analysed in this study through mathematical programming.

Data Modelling Approach
This section defines the data modelling approach to characterize preparedness capacity from the AS IS and TO BE model perspectives. Figure 2 shows a summary of the data-modelling approach, which consists of three main sections: (i) data definition, (ii) nomenclature definition and (iii) transformation of the data into the nomenclature used for application in the mathematical formulation through data processing. resilience conceptual reference framework; only the ones in blue, related to preparedness capacity, are analysed in this study through mathematical programming.

Data Modelling Approach
This section defines the data modelling approach to characterize preparedness capacity from the AS IS and TO BE model perspectives. Figure 2 shows a summary of the data-modelling approach, which consists of three main sections: (i) data definition, (ii) nomenclature definition and (iii) transformation of the data into the nomenclature used for application in the mathematical formulation through data processing.

Data Definition
The necessary data to quantify the current preparedness capacity status (AS IS) and related to the future ideal situation (TO BE) were gathered through a questionnaire.

Data Definition
The necessary data to quantify the current preparedness capacity status (AS IS) and related to the future ideal situation (TO BE) were gathered through a questionnaire. The study of Munoz and Dunbar [24] utilised disruptions as experimental inputs for their simulation model. Our research also identifies disruptions as the main element to analyse the preparedness capacity of enterprise resilience. A framework for data collection was designed and a questionnaire was developed to facilitate the process of data capture. The current version of the questionnaire contains 71 disruptive events to be analysed.
Tukamuhabwa et al. [34] identified a wide range of strategies for improving resilience, focusing on increasing flexibility, creating redundancy, forming collaborative supply chain relationships and improving supply chain agility. However, such a proposal does not offer concrete actions to be implemented to improve the capacity of resilience. To overcome this, and based on the conceptual framework developed in [12], the present research offers, by defining specific preventive actions per disruptive event, a set of concrete actions to be activated in order to enhance the pre-disruption capacity of enterprise resilience. Tarafdar and Qrunfleh [43] theoretically explained and empirically demonstrated how information systems' capability for agility also contributes to effecting a positive relationship between agile supply chain strategy and supply chain performance. For this reason, Mathematics 2020, 8, 1596 9 of 29 many of the preventive actions defined are related to information systems to build resilient companies. Currently, the framework for data collection offers 403 preventive actions.
The disruptive events included in the framework were identified and selected based on an exhaustive literature review, in which the most worrisome disruptive events were identified. Two types of bibliographical source were used in this identification. Firstly, the scientific literature was reviewed. However, studies focused on identifying the most common risks are scarce [4,20,[44][45][46][47][48]. For this reason, alternative information sources were used. This second type of information was obtained from reports published by well-known consulting firms that issue risk-ranking studies annually [49][50][51][52][53][54][55][56][57].
The definitions of the preventive actions were based on two approaches: (i) the conceptual approach, in which for each disruptive event, the most appropriate preventive actions were identified based on the literature review, and (ii) a Delphi study, in which a panel of experts collaborated to assess the set of preventive actions defined in the previous phase. Besides the assessment, the experts also proposed more preventive actions based on their experience and background. This iterative process was repeated in two consecutive rounds until the results obtained were the same and the assessment was finished.

Definition of Input Data Required to Analyse the AS IS State
The necessary input data were divided into two main streams, one related to the AS IS situation and one that covers the TO BE situation. Table 3 offers an overview of the required information of the current status in order to analyse preparedness capacity. Table 3. Input data required to analyse current (AS IS model) preparedness capacity.

AS IS Situation Description
Probability of occurrence of disruptive event The likelihood that a disruptive event will occur. Enterprises have to estimate the probability of occurrence according to a 5-level Likert scale (very high (VH), high (H), medium (M), low (L), and very low (VL)). Based on studies performed by Lichtenstein and Newman [58], Moore [59], Boehm [60], Hamm [61], Conrow [62] and Hillson [63], whose main aim was to determine the numerical values for each scale range, the present research uses values proposed in [63]: VH, 80.1%; H, 64.5%; M, 43.3%; L, 18%; and VL, 8.1%.

Temporal horizon
The time horizon, defined as a future point in time when the occurrence of disruptive events will be evaluated. In this research, three temporal horizons are considered: long-term (more than 10 years), medium-term (between 5 and 10 years, average 5 years) and short-term (next year). Quantification of the time horizon is used to differentiate between more and less habitual disruptive events at the same probability level.

Severity of disruptive event
The most likely consequences of a potential disruptive event. In other words, the harshness assigned to the consequences if a specific disruptive event materializes. Severity is assessed through a 5-level Likert scale in the same way as probability of occurrence. In light of this, the numerical values of severity levels are based on previous works developed by Fine  Annual cost of disruptive event The monetary amount that it would cost if a specific disruptive event materialised. If the company is working at a normal level of operation and a disruptive event occurs, this cost is the amount of money that the company will have to invest to return from the unstable state to the normal state of operation. Users of the questionnaire provide this piece of information as a percentage of annual turnover.

Definition of Input Data Required to Analyse TO BE Situation
Once the current preparedness capacity has been characterised and it is shown how vulnerable an enterprise is, a roadmap should be defined. This roadmap will include a set of optimal preventive actions to be implemented to achieve the ideal future situation in relation to the ability to be prepared in advance to face disruptive events.
The necessary input data to characterise the TO BE situation and define the roadmap are shown in Table 4. Table 4. Input data required to analyse future (TO BE model) preparedness capacity.

TO BE Situation Description
Decreased probability of occurrence/severity of disruptive event The main goal of implementing preventive actions is to diminish the probability of occurrence and/or the severity of disruptive events. Therefore, it is necessary to estimate the new range to which the probability and severity are reduced in order to quantify the improvement after such actions.
Annual cost of preventive actions The annual cost of implementing/activating a specific preventive action. The following assumptions are considered with regard to preventive actions: • The cost of preventive actions will always be lower than the cost of disruptive events. Otherwise, companies would never implement them, since it would be more profitable to let disruptive events happen. • Preventive measures will always reduce the probability of occurrence and/or severity of disruption. Otherwise, it would not be necessary to invest in them; it would be better to wait for the impact and then apply recovery policies.

•
The cost of a specific preventive action is estimated annually. For example, implementing information backups need an initial investment of €10,000. The enterprise estimates that yearly maintenance will cost €1000 and this backup system will be used for 5 years, so the annual cost of the preventive action will be €3000. For other preventive actions that must be implemented repeatedly every year, estimating the annual cost is much easier. The data are provided as a percentage of the company's annual turnover. Table 5 shows the nomenclature used to define the MILP model. Cost of preventive action j as % of annual turnover R ij Binary parameter that relates disruptive event i and preventive action j C i Expected annual cost of disruptive event i (€) C j Annual cost of preventive action j (€) C ij Expected annual cost of disruptive event i after implementing preventive action j (€) A ij Annual savings by implementing preventive action j for disruptive event i (€) Annual savings by activating one or several preventive actions for disruptive event i (€).

Data Processing
The questionnaire allows users to provide information for only those disruptive events they wish to analyse, which allows enterprises to solely focus on the main worrisome disruptive events. However, as mentioned above, the data provided through the questionnaire by end users need to be processed in order to be used as input data for MILP. Taking into account that companies provide cost information through the questionnaire as a percentage of annual turnover, the expected annual cost of disruptive event i is calculated by (1): In the same way, the annual cost of preventive action j is calculated as indicated in (2): The expected annual cost of disruptive event i after implementing preventive action j is shown in (3): Therefore, if the company implements preventive actions that enhance its preparedness capacity, the cost of the disruptive event is estimated to be lower, which will result in savings according to (4): It is assumed that the probability of occurrence of a disruptive event is equal to or higher than the probability of occurrence of the same event after a preventive action is implemented. In light of this, the same applies to severity, as shown in (5) and (6): In addition, R ij is a binary parameter that indicates the relationship between disruptive event i and preventive actions j. If the value of R ij is 1, preventive action j has a relationship with disruptive event i, reducing its probability of occurrence and/or severity. If the value of R ij is 0, it means that preventive action j has no influence on disruptive event i, as indicated in (7):

Mixed-Integer Linear Programming Model
This section formulates the mathematical programming by defining the MILP model following the nomenclature described in Section 3.2.
The objective function of Model (8) is to minimize the expected annual cost of disruptive events after implementing preventive actions, and the annual cost of preventive actions to be implemented is calculated as: Subject to the following: Constraint (9) ensures that the total cost of preventive actions to be implemented is less than the monetary resources the company is willing to invest to enhance its preparedness capacity, that is, investment in enterprise resilience: Constraint (10) calculates the expected annual cost of disruptive event i after implementing preventive actions as the difference between the expected annual cost and the annual savings that the disruptive event would generate after one or several preventive actions are activated. This value cannot be less than zero. CD Constraint (11), involving a formula that calculates a measured quantity, indicates the total savings the company would experience in the disruptive event analysed after implementing the preventive actions by E j = 1.
However, there is an aspect to be considered when a combination of preventive actions that affect the same disruptive event is activated. In this case, improvements in terms of savings are not necessarily the sum of savings provided by all activated preventive actions. This can be illustrated with examples related to the analysis of combined drug effects [69]. The study of dose-effect relationships when multiple drugs are used [70] presents the same casuistry as the analysis of the saving-effect relationship when multiple preventive actions are activated. Following this research stream, we found that Belen'kii et al. [71] defined the antagonistic drug concept (or depotentiation, negative interaction, negative synergy, etc.) as the joint effect of two or more drugs in such a way that the combined effect is less than the sum of the effects produced by each agent separately [72,73]. Based on this pattern, and as suggested in [27], the antagonism related to preparedness capacity is considered as joint savings produced by the activation of two or more preventive actions in such a way that the combined savings is less than the sum of the savings produced by each preventive action separately.
One potential solution to overcome the antagonism effect is to ask enterprises through the questionnaire about the savings generated by different combinations of preventive actions. However, based on their experience, enterprises reported that this solution was not practicable because the estimation process is complex and time-consuming. For this reason, an attenuation formula of savings after activating two or more preventive actions for the same disruptive event was defined. The attenuation formula is based on research by Sanchis and Poler [27] and is expressed in (12): where α is a parameter between 0 and 1; β is a parameter between 0 and k i ; and k i is the number of preventative actions activated for the same disruptive event i. The values of α and β will depend on the degree to which the end user wishes to attenuate the savings when more than one preventive action is activated.
When the MILP model is computed and the optimal solution is obtained, if two or more preventive actions are activated for the same disruptive event, the attenuation formula is applied, and the model is recalculated successively until there is no further attenuation. The attenuation algorithm iteratively applies MILP to calculate the optimal set of preventive actions j (optimal set of E j values) based on the previous A ij values. If MILP results in changes to E j , savings A ij for each disruptive event i is then attenuated by factor µ i , which corresponds to the updated E j value (bar the largest Aij for each event i). MILP is recalculated with the updated A ij values until two equal consecutive solutions are obtained.
To validate the MILP model with an exploratory approach, a case study of a company is presented in Section 5.

Application to a Foam Company
This application involves an international company that designs, engineers, and provides advanced foam solutions for a wide range of technical applications from insoles for footwear to soundproofing solutions for the building industry. The company operates across Europe, North America and Asia and its headquarters are located in eastern Spain.

Input Data
The company participating in this case study was interested in analysing four types of disruptive events, those related to supply (S), environment (ET), finances (F) and legislation (L), with a total of 21 disruptive events studied. Moreover, the company chose 83 preventive actions as mitigation actions to improve its preparedness capacity. A summary of the disruptive events related to supply aspects and the preventive actions to be activated is shown in Table 6 [74]. In this case, the enterprise wanted to analyse 7 events and selected 28 preventive actions to prepare in advance to face such events. Table 6. Summary of disruptive events related to supply aspects and preventive actions (based on [74]).

S1
Poor quality of raw materials or components supplied S1.1 Search for alternative raw materials or components S1.2 Search for alternative suppliers S1.3 Certify (audit) supplier quality S1.4 Implement quality systems agreed with suppliers S1.5 Conduct pre-production inspection S1  In the case of environmental and context-related events, the enterprise was also willing to analyse 7 events, for a total of 27 proposed preventive actions, as shown in Table 7.  With regard to financial issues, the enterprise selected 4 disruptive events as the most worrisome, with 14 preventive actions (Table 8). The last group of disruptive events that the enterprise wanted to analyse is related to legislation issues, with 3 events and 14 preventive actions, as shown in Table 9.  In Table 6, three preventive actions apply to different disruptive events, e.g., the preventive action "Search for alternative raw materials or components" (S1.1, S5.1 and S6.2) applies to three different events. The same occurs with preventive actions shown in Table 10. Define and implement publicity activities among customers about potential changes in focal company's processes/products from a positive approach The C j of such preventive actions is the same, as they are equal. For this reason, if in the optimal solution one of these preventive actions is activated, the MILP only records C j once, but the profits of activation, in terms of savings, are applied to all disruptive events to which it is related. From 83 preventive actions selected by the company, only 68 are unique actions.
The data related to the response of the company to the questionnaire is available in Appendix A (Table A1).
In order to compute the company's responses, the data was processed according to the data of Tables 3 and 4 Moreover, if two or more preventive actions are activated for the same disruptive event and attenuation of savings has to be applied, the company defined α as 0.3 and β as 1. It is worth mentioning that the lower α is, the greater the attenuation, and the lower β is, the less the attenuation.

Implementation and Resolution
The proposed model was developed using Julia for Mathematical Optimisation (JuMP), an algebraic modelling language embedded in Julia, a high-level, high-performance, open-source multi-platform programming language for technical computing. It is dynamically typed, provides multiple dispatch, and is designed for parallelism and distributed computation. It matches the performance of languages such as C and FORTRAN without the hassle of low-level code [75]. In order to select this language, different algebraic modelling languages were analysed, including A Mathematical Programming Language (AMPL), General Algebraic Modeling System (GAMS), Linear, Interactive, and Discrete Optimizer (LINGO) and Mathematical Programming Language (MPL), among others.
JuMP was finally selected, as it is an open-source modelling language that allows users to express a wide range of optimisation problems (linear, mixed-integer, quadratic, conic-quadratic, semidefinite and nonlinear) in a high-level algebraic syntax [76]. Moreover, JuMP takes advantage of advanced features of Julia programming such as user-friendliness, speed, solver independence, access to advanced algorithmic techniques and ease of embedding [75].
The resolution was carried out with Computational Infrastructure for Operations Research (COIN-OR) branch and cut (Cbc) [77], an open-source optimisation solver of mixed-integer programming, programmed in C++.
Finally, it is worth mentioning that the input data and model solution values were processed with MariaDB. The experiment was run on a thin client server with an Intel ® Xeon ® CPU ES-2620 O @2.00 GHz 2.00 GHz processor and 2.00 GB of RAM. The solving time was less than one minute.

Evaluation of Results
Based on the values of C i , disruptive events related to environmental aspects such as accidents and manmade circumstances, among others, are the most critical as they represent more than 77% of the expected annual cost of all disruptive events analysed, followed by supply (more than 9%), financial (more than 7%) and legislative events.
Moreover, it is important to highlight that four disruptive events (ET4, ET5, ET1 and ET3) represent 70% of the total expected annual cost of all disruptive events, which means that preventive measures should be addressed to prepare the company to face such events, as long as such actions are optimal (in monetary terms) to improve the current preparedness capacity. To do so, the company participating in this validation is willing to invest €15,000 annually to enhance its preparedness capacity. Through computation of MILP, in 16 of 21 analysed disruptive events, preventive actions are activated. In addition, in five of the events (S1, S6, ET1, ET5 and ET6), more than one preventive action is activated, and for this reason the attenuation formula is applied in order to attenuate the savings of the joint activation of two preventive actions. In this case, MILP is iterated until two consecutive solutions are equal. In this case, and as shown in Table 11, five iterations are needed. Detailed results are available in Appendix A (Table A2).   Table 11 also shows, for each disruptive event and iteration, which preventive actions are activated (E j = 1) to enhance the preparedness capacity. The CD i column represents the expected annual cost of disruptive events after activating optimal preventive actions. In the first iteration, disruptive events related to supply and context or the environment are those in which more preventive actions are activated. For disruptive events related to financial aspects, only F1 and F4 benefit from the activation of preventive actions. With regard to legislation aspects, in the three analysed events, preventive actions are applied. After the attenuation of savings when more than one preventive action was activated for the same disruptive event, the CD i column of iteration 5 shows the final optimal results. Figure 3 shows these results as the decreased C i percentage after activating the optimal set of preventive actions.  Table 11 also shows, for each disruptive event and iteration, which preventive actions are activated (Ej = 1) to enhance the preparedness capacity. The CDi column represents the expected annual cost of disruptive events after activating optimal preventive actions. In the first iteration, disruptive events related to supply and context or the environment are those in which more preventive actions are activated. For disruptive events related to financial aspects, only F1 and F4 benefit from the activation of preventive actions. With regard to legislation aspects, in the three analysed events, preventive actions are applied. After the attenuation of savings when more than one preventive action was activated for the same disruptive event, the CDi column of iteration 5 shows the final optimal results. Figure 3 shows these results as the decreased Ci percentage after activating the optimal set of preventive actions. In the case that no preventive actions are activated (e.g., S7, ET2, ET7, F2 and F4), the percentage is null as CD i = C ij . The maximum K i is related to disruptive event ET4. In this case three preventive actions are activated. In disruptive events S1, S6, ET6, F4, L2 and L3, the optimal solution activates two actions and in S2-S5, ET1, F1 and L1, only one action. The attenuation of savings caused by several preventive actions acting on the same disruptive event reduces their attractiveness; in subsequent iterations they may be replaced by other actions that might act on different events. Therefore, the effect of attenuation is diversification in preventive actions activated, thus mitigating a larger share of disruptive events. Figure 4 shows the AS IS and TO BE model in terms of expected annual cost of disruptive events before (AS IS) and after (TO BE) activating one or several preventive actions. The TO BE model has a smaller area than the AS IS model, which means that the decrease in expected annual cost is worth considering. The smaller the area of the TO BE model, the more prepared the company will be to face unforeseen situations related to supply, environmental, financial and legislative issues. Based on Figure 4, the costliest disruptive events are those related to environmental aspects. However, these are also the events for which the annual savings by implementing preventive actions is the highest of the four types. In this case, annual savings account for almost 75% of expected annual cost, followed by supply events, with an annual savings of 71%. The annual savings for legislation aspects is 58%, and events related to financial aspects have less savings: the preventive actions reduce the expected annual cost by only 39% because there are two events (F2 and F3) with no actions.
The annual savings for legislation aspects is 58%, and events related to financial aspects have less savings: the preventive actions reduce the expected annual cost by only 39% because there are two events (F2 and F3) with no actions.
All in all, Figure 5 shows the results in an aggregated way. The expected annual cost of the TO BE model is reduced by 70%, without considering the cost of implementing the optimal set of preventive actions, and by 67% considering such cost. In light of this, it is important to highlight that the investment to activate the preventive actions of the optimal solution (Cj) represents only 4% of the reduction in expected annual cost (CDi -Cij), demonstrating that a small investment is required to substantially improve the preparedness capacity.  Finally, we would like to mention, just out of curiosity, that while performing this study (September 2019), the region where the company is located suffered a cold drop (gota fría in Spanish). This is an archaic meteorological term used popularly in Spain which has commonly come to refer to any high-impact rainfall event occurring in the autumn along the country's Mediterranean coast [78]. This is related to disruptive event ET4. If the company had implemented preventive actions in advance, the effects of the cold drop would have been less, since it would have been more prepared. More information about strategies for improving flood resilience can be found in [79]. All in all, Figure 5 shows the results in an aggregated way. The expected annual cost of the TO BE model is reduced by 70%, without considering the cost of implementing the optimal set of preventive actions, and by 67% considering such cost. In light of this, it is important to highlight that the investment to activate the preventive actions of the optimal solution (C j ) represents only 4% of the reduction in expected annual cost (CD i -C ij ), demonstrating that a small investment is required to substantially improve the preparedness capacity.
(September 2019), the region where the company is located suffered a cold drop (gota fría in Spanish). This is an archaic meteorological term used popularly in Spain which has commonly come to refer to any high-impact rainfall event occurring in the autumn along the country's Mediterranean coast [78]. This is related to disruptive event ET4. If the company had implemented preventive actions in advance, the effects of the cold drop would have been less, since it would have been more prepared. More information about strategies for improving flood resilience can be found in [79].

Conclusions and Further Research
Based on the conceptual reference framework for enhancing enterprise resilience developed in [12], this paper gathered data from a real company, through an online questionnaire, about which disruptive events kept them up at night and which preventive actions they thought were suitable for Finally, we would like to mention, just out of curiosity, that while performing this study (September 2019), the region where the company is located suffered a cold drop (gota fría in Spanish). This is an archaic meteorological term used popularly in Spain which has commonly come to refer to any high-impact rainfall event occurring in the autumn along the country's Mediterranean coast [78]. This is related to disruptive event ET4. If the company had implemented preventive actions in advance, the effects of the cold drop would have been less, since it would have been more prepared. More information about strategies for improving flood resilience can be found in [79].

Conclusions and Further Research
Based on the conceptual reference framework for enhancing enterprise resilience developed in [12], this paper gathered data from a real company, through an online questionnaire, about which disruptive events kept them up at night and which preventive actions they thought were suitable for implementation to enhance their preparedness capacity. In light of this, the company provided specific data related to the AS IS model, that is, their current situation and at what level they would like to be prepared (TO BE model). All of this information was processed to apply the defined MILP model.
The MILP model minimises the expected annual cost of disruptive events after implementing a set of preventive actions and the annual cost of actions to be implemented. Moreover, it considers that enterprises have limited resources to implement such actions. At this point, it is also important to highlight the ease with which mathematical programming provides the optimal solution with a very modest effort.
The results of the application to the real enterprise show that the reduction in expected annual cost is substantial with an investment that, according to the company, does not represent a great effort. Therefore, and based on the results, it seems that the improvement in resilience capacity by enhancing the preparedness capacity is considerable.
Without practical and easy-to-use mechanisms for enhancing the preparedness capacity of enterprise resilience, enterprises will remain reluctant to invest in potentially resilience-enhancing actions and will thus remain vulnerable to disruptions. For this reason, the mathematical approach defined is not very difficult and does not require highly mathematically skilled personnel. The ease of the proposed MILP allows managers to apply it effortlessly. One of the challenges when defining the MILP was to try to define it as simply as possible, in order to facilitate its adoption not only in large companies, but also small and medium-sized enterprises (SMEs) with limited resources. In this way, SMEs could make decisions based on the results of this model to improve their preparedness capacity in advance to face adverse situations. For example, after the hard months following the first coronavirus outbreak, many companies began to take decisions and actions to be prepared for the possibility of a new outbreak. The comprehensibility of the mathematical formulation proposed in this research could be of utmost utility for enterprises of any size to identify the optimal preparatory actions in anticipation of a second COVID-19 outbreak.
From a scientific point of view, this study gives a reason to define a simple but effective approach, allowing top managers to decide which preventive actions are the optimal ones to implement in order to face up to unexpected disruptive events and to improve the proactive perspective of enterprise resilience capacity. The findings of this research suggest that with a small investment in enterprise resilience, it is possible to considerably enhance the preparedness capacity. This shows that preventive actions can be very efficient (cost-savings ratio), thus validating the appropriateness of the actions defined in the framework developed by [12]. According to the case study results, the cost of implementing the preventive actions contemplated in the MILP solution only represents, in this case, 4% of the reduction in the annual expected cost of disruptions, and the enhancement in the preparedness capacity is around 67%. These enticing results might encourage top managers to use this contribution.
Further research will focus on undertaking a sensitivity analysis considering the effect on the outcome of varying the input data. This might help guide managers in prioritizing mitigation strategies that are more economically attractive.
Moreover, the current mathematical formulation offers highly relevant information about the optimal preventive actions to implement in order to improve preparedness capacity. However, it does not provide information about the optimal sequence of implementation. Further research will be focused on working in optimisation and prioritisation of implementation, considering the enterprise's resource availability over time.
Another research line will be aimed at optimising the preparedness capacity at the inter-company level, that is, involving the whole supply chain. In this case, the focus of optimisation will evolve from an intra-company to an inter-company perspective, taking into account (i) the specific singularities and difficulties of the inter-company level, and (ii) the relationships among various preventive actions to be implemented by different entities of the supply chain. Moreover, it is planned to study how activating preventive actions by a particular entity of the supply chain influences, in a positive or negative way, other entities of the supply network.

Acknowledgments:
The authors would like to acknowledge the predisposition of the company by facilitating all necessary data to be employed in the experimental mathematical application and the support of the researchers participating in the project "Optimización de Tecnologías de Producción Cero-Defectos Habilitadoras para Cadenas de Suministro 4.0" (CADS4.0).

Conflicts of Interest:
The authors declare no conflict of interest.