Organizational Risk Prioritization Using DEMATEL and AHP towards Sustainability

Abstract

Risk management represents a challenge for organizations, as it includes environmental, social, and governance (ESG) issues that can negatively impact organizations’ investments. This article shows a general approach for prioritizing organizational risks focused on sustainability, which is applied in a particular case. Based on the analysis of global reports such as the “Global Sustainable Development Report”, “Enterprise Risk Management-Integrating with Strategy and Performance”, and the “Global Risk Report”, five typologies of organizational risks with a focus on sustainability (geopolitical, economic, social, technological, and environmental) that support the concern for sustainability in organizations are characterized, taking into account viability and equitability. Additionally, some sub-risks are proposed for each characterized typology of risk. Subsequently, the application of paired surveys assigned to a group of experts formed by executives from the service sector, auditing and consulting firms, the oil and gas sector, the manufacturing sector, and the financial sector is carried out; the responses obtained are consolidated and used in this study as input for the application of DEMATEL and AHP methods to prioritize risks and sub-risks, respectively. The result obtained via the DEMATEL method is the following risk prioritization: (1) economic, (2) geopolitical, (3) social, (4) technological, and (5) environmental. Using the AHP method, the sustainability sub-risks with the highest level of prioritization for each typology of risk are (1) massive data fraud or theft incident (technological risk), (2) deficit in economic growth (economic risk), (3) water depletion (environmental risk), (4) lack of ethics in the conduct of business (geopolitical risk), and (5) chemical safety (social risk). The sensitivity analysis presents positive and negative values, indicating that the positive results do not generate substantial changes between the characterized sub-risks. On the other hand, the negative results indicate a notable decrease in the relative importance of the sub-risks. It is crucial to highlight that the observed variations remain within realistic limits and reflect the uncertainty inherent in decision-making in a dynamic environment.

1. Introduction

According to the research conducted by Amir and Seddik (2023) [1], operational excellence (OE) represents a holistic, comprehensive, systematic, and collaborative approach that drives cultural change in organizations in order to optimize operations, providing efficient functioning and achieving the fulfillment of strategic objectives. A management system that is sustainable over time and that additionally provides confidence and profitability allows process leaders to demonstrate that they are adequately managing their assets [2]. Several organizations are pursuing or exploring the operational excellence management system (OEMS) concept; however, for many it has been an elusive goal [3]. Additionally, it is essential to bring this implementation to the next level by following up on international regulations related to the assurance of environmental, social, and governance (ESG) issues in order to reinforce the models for the proper management of organizational risks with a focus on sustainability, supported by the assurance of sustainability reports, since they significantly reduce the pressures exerted by the stakeholders of the organizations [4]. This is an integrated approach where requirements defined by various stakeholders are addressed jointly, which has three main components: (i) operational elements and scope, (ii) change management and delivery of results, and (iii) continuous performance improvement [1,3,5]. Meanwhile, to ensure that an organization is sustainable over time; that it contributes economic, environmental, and social value in the short and medium term; and that it promotes the well-being and progress of all its stakeholders, it must implement the best available practices, including the treatment of environmental, social, and governance (ESG) factors in its strategy, transformation, process organization, and assurance reporting [6].

According to the “Enterprise Risk Management: applying enterprise risk management to environmental, social and governance-related risks” report [7], which compares sustainability risk disclosures, it was found that 35% of the 170 organizations examined did not disclose any of these risks. Additionally, surveys show that more than 70% of risk and sustainability management professionals feel that risk management practices do not adequately address organizational risks with a sustainability focus [7]. In response to this challenge, an OEMS system has emerged as a valuable tool for organizations to address these risks proactively through early identification, implementation of monitoring controls, continuous improvement, and alignment with corporate strategy. The proper implementation of an OEMS supports organizations in achieving operational excellence, maintaining results, ensuring the protection of their employees and the environment, and reinforcing the sustainability and quality of their operations [3].

The control stage compares actual execution with planned execution, seeking compliance with the objectives defined in the previous stages. Effective control goes beyond pointing out deviations, since it becomes a means or guide to reorient action when necessary, ensuring the achievement of objectives. It is essential to understand that, with the definition of objectives, control is meaningful and that with actions its value as a tool for improving management is preserved. Therefore, all efforts must be focused on taking action so that all phases of risk management are developed appropriately to achieve the expected results [8,9].

In monitoring control, previously defined risk limits are used to assess an organization’s performance. Via a matrix detailing risks, key performance measures, and limits, top management can verify whether the risks align with the established tolerances. This process promotes conversations about strategic adjustments and reviews of decisions and should also be seen from a proactive perspective where resilience to future changes and disruptions is strengthened. Effective monitoring controls include (i) key performance indicators, (ii) audits and compliance checks, (iii) data analysis and reporting, and (iv) a risk register [7]. The related literature on risk treatment highlights the need for sustainable approaches to risk management from academic, professional, and governmental perspectives. The risk treatment strategy, which focuses on reducing the probability or impact of risks, stands out as crucial in managing unavoidable situations or situations beyond the direct control of organizations. The effective implementation of specific measures is the key to achieving successful risk treatment [10,11]. In this context, ensuring the effective operation of the OEMS in organizations begins with planning to mitigate risks and sub-risks, followed by monitoring control to ensure the correct implementation of planned activities. This provides transparency and accountability, which allows for real-time adjustments.

Organizational risk management focusing on sustainability often goes unnoticed in organizations despite representing significant importance to their operation, so the necessity of developing a solid methodology to assess and prioritize risks is evident. In the current dynamics, there is a growing trend towards sustainability, so evaluating organizational risks with a focus on sustainability provides an excellent decision-making tool. Sustainability assessment is a topic that has become very popular. Its objective is to provide decision-makers with a comprehensive assessment of sustainability [12].

Additionally, it is essential to highlight the importance of the 17 Sustainable Development Goals (SDGs) proposed by the United Nations; these goals focus on a master plan to achieve a sustainable future for all. The research by Heras-Saizarbitoria et al. (2021) [13], when referring to the integration of the Sustainable Development Goals (SDGs) in corporate sustainability reports, highlights a remarkable growth trend. In their research, most companies analyzed showed a lack of transparency in addressing their overall objective for or motivation towards the SDGs, with less than 10% of cases highlighting them. This pattern could contradict expectations, considering the Global Reporting Initiative (GRI) principle of the materiality of information and the increasing incorporation of the SDGs into corporate sustainability reports. Additionally, it is noted that very few organizations explicitly acknowledged potential conflicts of interest and tensions in balancing the SDGs with corporate objectives. This perspective highlights the critical need to assess net impact to determine whether an industry contributes positively or negatively to social and development goals. For their part, Cernev and Fenner (2020) [14] emphasized the importance of the synergistic interaction of all SDGs to move towards desired outcomes and reduce levels of risk. They also highlight the complexity of connecting the SDGs given the many interactions involved. This view reinforces that collaboration among the SDGs by acting together is essential for the global system’s progress towards sustainable goals and the mitigation of increasing risks.

As highlighted previously, it is pertinent to use multi-criteria methods to reflect the complexity of the assessment for decision-makers to holistically address sustainability risks (economic, environmental, geopolitical, social, and technological) [15,16,17]. The proposed methodology starts from a characterization of risks and sub-risks supported by international organizations. Then, a group of experts in the area of interest is formed, and surveys are administered to assess these risks and sub-risks. Finally, multi-criteria decision-making techniques are applied to structure, order, and give meaning to the information gathered.

Different researchers have implemented the combined analytic hierarchy process (AHP)–decision-making assessment and testing laboratory (DEMATEL) model. Among them are the studies by Zheng, Shen, Zhou, and Lyu (2022) [18], where the authors evaluated risks associated with flooding, showing the importance of DEMATEL together with AHP to effectively identify those critical risk areas more effectively than with the fuzzy analytical hierarchical process (FAHP); by Gökler and Boran (2023) [19], who studied a supplier selection model and highlighted that the proposed combined AHP and DEMATEL model does not present any major effects due to subjective evaluations, as it was demonstrated to be a robust method in the case study; and Balsara, Kumar Jain, and Ramesh (2019) [20], who evaluated strategies to mitigate climate change in the cement industry based on the use of the integrated AHP and DEMATEL methods and proposed that the model can be applied to other industries in several countries. It is important to highlight that the study by Fargnoli et al. (2018) [21] shows the complexity from the point of view of accidents in the construction industry, which makes hazard analysis and safety management difficult. The proposed MCDM method integrates quality function deployment (QFD) and analytical network methods, which allows for correlating work activities, hazardous events, and potential consequences. This contributes to improved decision-making and reduces the misrepresentation of qualitative assessment criteria. Additionally, the research by Fargnoli, Lombardi, and Haber (2018) [22] presents a QFD-based safety methodology design focused on identifying and analyzing specific occupational hazards effectively. Extending QFD with Delphi methods and fuzzy logic reduces subjectivity and increases consistency in risk assessment. This approach is implemented and validated, demonstrating its effectiveness in the comprehensive and exhaustive analysis of occupational hazards and risks in the agricultural sector. The authors emphasize the need for validation in different contexts. These two studies propose innovative approaches to improve safety management by implementing MCDM methods. These studies were intended to determine the importance and/or relevance of their respective criteria. However, implementing this hybrid model depends exclusively on experts’ judgment. It is important to highlight that the related literature on the prioritization of organizational risks with a focus on sustainability is practically nonexistent. Due to this lack of information, it is pertinent to address and fill this knowledge gap.

In particular, according to Tzeng and Huang (2011) [23], selecting the members of a group of experts has a critical role due to the nature of the issues involved and the need to implement the appropriate multi-criteria decision-making (MCDM) technique. This need is based on the fact that the selected experts must have a deep understanding of the specific field of analysis, allowing them to effectively evaluate and weigh the multiple criteria involved in the decision-making. Sustainability professionals have a broad and highly accurate understanding of stakeholder expectations, potential risks and opportunities associated with sustainable development, and how best to avoid or take advantage of those opportunities. They work in collaboration with organizational risk management professionals with a focus on sustainability who have extensive knowledge and skills in identifying, assessing, and prioritizing risks; this allows them to address the risk by unifying efforts in a relevant way, as well as developing and implementing responses and monitoring the effectiveness of the process of prioritizing them [7].

As studied by Moravčík et al. (2013) [24], the analysis of perspectives via the use of multi-criteria decision models and methods highlights that they will be of interest for generating the proposal of new indicators that consider decision-making, taking into account the benefits of the identified opportunities and their associated costs, as well as the approach to organizational risks with a focus on sustainability that allow their prioritization and related controls to be identified. As highlighted above, since there are several sources of uncertainty, it is appropriate to use MCDM methods where the opinions of the selected group of experts provide the necessary information to reflect the complexity of the evaluation for decision-making. In this way, organizational risks with a focus on sustainability are covered holistically, and thus, the most assertive solution is chosen among the options based on both qualitative and quantitative factors, ensuring high accuracy and reliability of MCDM methods in solving real-world problems [15,25,26].

As highlighted above, this study is divided into five parts: (i) a definition of the methodology to be developed throughout the research; (ii) an analysis of the characterization of organizational risks and sub-risks, with a focus on sustainability; (iii) elaboration and development of a survey to prioritize risks through DEMATEL and five surveys to prioritize sub-risks through AHP; (iv) data processing using the theoretical equations of the proposed MCDM methodologies (DEMATEL and AHP), resulting in the prioritization of risks and sub-risks, respectively; and finally, (v) the development of a sensitivity analysis to reduce uncertainty and provide stability in the results.

2. Proposed Methodology

Organizations seek to implement a sustainable development model, for which it is important to identify, evaluate, prioritize, and control the interactions between organizational risk factors, with a focus on sustainability. To carry out this process, it is necessary to recognize the risks and how they can be prioritized. Starting from this, organizations can define the controls that they need to implement according to their respective economic sectors. Similarly, value judgments must be incorporated into the risk assessment to verify and analyze the proposed model along with the results obtained, thus finding the appropriate controls to avoid the materialization of risks [16]. The methodology proposed for this case study is explained below:

Global reports provide an initial collection of risks, which are used as a starting point for the characterization of organizational risks with a focus on sustainability. For example, in the “Enterprise Risk Management: applying enterprise risk management to environmental, social and governance-related risks” report, three risks are considered (environmental, social, and governance). In the “Global Sustainable Development Report 2019: The Future is Now—Science for Achieving Sustainable Development,” five risks are framed, as in the Global Risk Report, so the proposed characterization ensures that all sub-risks are duly considered both in the characterization process and when applying the DEMATEL and AHP models, which allows an analysis to be elaborated in greater detail and with a global perspective for different organizational cases, since any risk and sub-risk can have a significant impact on the organizations where this model is applied.

Following the definition of risk typologies and risk subcategories (sub-risks), a group of experts is established. This is a decisive step, as they play a crucial role in applying the AHP method, which is an approach that helps to make complex decisions in cases where MCDM techniques are applied. By building a solid group of experts, the quality and reliability of the results obtained are ensured. First, it is essential to identify experts with knowledge in the specific area being evaluated, as they must understand the criteria and sub-criteria involved and be up to date on the relevant literature, be impartial, and have no conflicts of interest that could bias the decision-making process. It is essential to have a diverse range of perspectives with opinions from experts with different backgrounds, approaches, and experiences, which enriches the assessment and provides a global view of the situation [23].

Starting from a macro view of society, many problems must be addressed from the perspective of group decisions where two approaches exist: The first is a convergent approach that is descriptive and focused in nature and dedicated to examining the causes of the problem in detail, making use of systematic methods and techniques to discover pragmatic solutions. It is often referred to as a rationality-based approach to problem solving.

Furthermore, the second is a divergent approach characterized by its sensitivity and imagination; it seeks to represent varied perspectives. It uses innovative and creative techniques, promoting extensive feedback from the parties involved in the problem [27,28].

The problems related to group decision-making (GDM) focus on the ability to generate collective solutions from the combination of the individual opinions of the participants, whether they are experts or consulted stakeholders.

This process involves a complex dynamic in which individual perspectives are intertwined, and the interaction between them can be crucial to reaching an optimal decision. It is important to note that GDM addresses not only the consolidation of individual opinions but also the understanding of the relationships that exist between those opinions. Considering these interpersonal dynamics is essential to achieving an effective approach to collective decision-making and ensuring that the resulting solutions are representative and appropriate to the challenges at hand. The reduction aggregation process is defined by Equation (1).

S (op¹, op²,..., opⁿ) = op^c,

(1)

where the set op = {op¹, op²,..., opⁿ} gives rise to the opinions generated by the n participants—in this case, the experts or stakeholders consulted in making essential decisions for the problem, resulting in the collective preference op^c [29]. Decision-making regarding organizational risks with a focus on sustainability involves complex interactions between the different stakeholders, requiring the participation of all stakeholders; therefore, using MCDM techniques positively supports decision-making [30]. This is completed in the presence of multiple criteria, especially those of tactical and strategic origin, as multiple conflicting objectives and attributes are involved, which provides support to decision-makers who are challenged by numerous and conflicting alternatives. Figure 1 shows the general approaches to MCDM [23,31].

For this research, it was proposed to implement the MCDM method, focusing on multi-attribute decision-making models (MADM), which allows preferential decisions to be made about the available alternatives, which are generally multiple, usually conflicting attributes. That is, MADM models are applicable in cases such as evaluations, prioritizations, and selections, which allowed for its implementation for the development of this case [31]. The MADM models selected were (i) DEMATEL for risk prioritization, a technique that considers the specific characteristics of specific topics, confirming the interdependence between variables/attributes and generating a restriction in the relationship that reflects these characteristics addressed through an essential system and a development trend [34] and (ii) AHP, with the objective of prioritizing sub-risks. AHP is a powerful approach to multi-criteria decision-making that breaks down a complex problem into a hierarchical structure of criteria and alternatives [35]. The AHP model is a very useful technique in the systematization and structuring of decision-making since it uses pairwise comparisons based on a numerical scale. According to Dos Santos et al. (2019) [30], several studies have implemented AHP models both in isolation and in combination with other techniques for decision-making on topics related to sustainability; in the model, a weight is established for the study criteria through the creation of a comparison matrix to identify the frequency at which one criterion is more important than another [36].

Finally, a sensitivity analysis is an essential tool for assessing the stability of priorities in the decision-making process. Since weightings are often dependent on subjective judgments, it is necessary to test the prioritization in terms of variations in the weightings of the different criteria. This method provides valuable insight into the stability of the prioritization. If the prioritization is highly sensitive to minimal changes in the criteria weightings, it indicates the need to review the criteria weightings carefully. In addition, it is advisable to consider the inclusion of additional criteria, as the prioritization may be highly susceptible to being influenced by a set of criteria that is currently weak in its discriminating capacity. The application of a sensitivity analysis provides modelers and decision-makers with a guide to identifying the inputs that most influence the results [37,38,39].

3. Results

The methodology introduced in Section 2 is applied below.

3.1. Characterization of Organizational Risk with a Focus on Sustainability

The reports by the WBCSD and COSO (2018) [7], the independent group of scientists appointed by the secretary general (2019), and the WEF (World Economic Forum) (2022) [25] (see Figure 2), were used as a basis for the characterization of organizational risks with a focus on sustainability. Likewise, objectivity was supported by international standards related to ESG assurance [4]. The five typologies of organizational risks focused on sustainability, with their respective associated sub-risks, are shown in Figure 2 and Figure 3.

It is important to note that the correlation of risks shown in Figure 2 started with identifying the most common risks reflected in reports based on ESG (environmental, social, and governance) principles. Additionally, Figure 3 provides the proposed characterization of organizational risks focused on sustainability, which were the essential pillars in the development of this research.

After reviewing each of the organizational risks focused on sustainability, a segmentation proposal was suggested as follows: sub-risk ID and specific sub-risk ID for each of the risks defined in this case—geopolitical, economic, social, technological, and environmental (see

Table 1. Details of the proposed characterization of the sustainability risks.

1. Geopolitical Risks		2. Economic Risks		3. Social Risks		4. Technological Risks		5. Environmental Risks
Sub-Risk ID	Specific Sub-Risk ID	Sub-Risk ID	Specific Sub-Risk ID	Sub-Risk ID	Specific Sub-Risk ID	Sub-Risk ID	Specific Sub-Risk ID	Sub-Risk ID	Specific Sub-Risk ID
1.1	1.1.1	2.1	2.1.1	3.1	3.1.1	4.1	4.1.1		5.1.1
	1.1.2		2.1.2		3.1.2		4.1.2		5.1.2
	1.1.3		2.1.3	3.2	3.2.1		4.1.3		5.2.1
	1.1.4		2.1.4		3.2.2		4.1.4		5.2.2
1.2	1.2.1		2.1.5		3.2.3		4.1.5		5.3.1
	1.2.2		2.1.6		3.2.4		4.1.6		5.3.2
	1.2.3		2.1.7		3.2.5		4.1.7		5.3.3
	1.2.4		2.1.8		3.2.6		4.1.8		5.4.1
	1.2.5		2.1.9		3.2.7	4.2	4.2.1		5.4.2
	1.2.6		2.1.10	3.3	3.3.1		4.2.2		5.5.1
	1.2.7	2.2	2.2.1		3.3.2	4.3	4.3.1		5.5.2
	1.2.8		2.2.2	3.4	3.4.1		4.3.2		5.6.1
1.3	1.3.1		2.2.3		3.4.2	4.4	4.4.1		5.6.2
	1.3.2		2.2.4	3.5	3.5.1		4.4.2		5.7.1
1.4	1.4.1		2.2.5		3.5.2	4.5	4.5.1		5.7.2
	1.4.2		2.2.6	3.6	3.6.1		4.5.2		5.8.1
	1.4.3		2.2.7		3.6.2		4.5.3		5.8.2
	1.4.4		2.2.8	3.7	3.7.1	4.6	4.6.1		5.8.3
1.5	1.5.1		2.2.9		3.7.2		4.6.2		5.8.4
	1.5.2	2.3	2.3.1		3.7.3	-	-		5.8.5
	1.5.3		2.3.2		3.7.4	-	-		-
	1.5.4		2.3.3		3.7.5	-	-		-
1.6	1.6.1	2.4	2.4.1		3.7.6	-	-		-
	1.6.2		2.4.2		3.7.7	-	-		-
	1.6.3	2.5	2.5.1		3.7.8	-	-		-
	1.6.4		2.5.2		3.7.9	-	-		-
	1.6.5	2.6	2.6.1		3.7.10	-	-		-
	1.6.6		2.6.2		3.7.11	-	-		-
1.7	1.7.1	2.7	2.7.1	3.8	3.8.1	-	-		-
	1.7.2		2.7.2		3.8.2	-	-		-
	1.7.3		2.7.3		3.8.3	-	-		-
1.8	1.8.1	2.8	2.8.1	3.9	3.9.1	-	-		-
	1.8.2		2.8.2		3.9.2	-	-		-
	1.8.3	-	-	3.10	3.10.1	-	-		-
	1.8.4	-	-		3.10.2	-	-		-
1.9	1.9.1	-	-		3.10.3	-	-		-
	1.9.2	-	-		3.10.4	-	-		-
1.10	1.10.1	-	-		3.10.5	-	-		-
	1.10.2	-	-		3.10.6	-	-		-
-	-	-	-		3.10.7	-	-		-

)—taking into account that the reports by the WBCSD and COSO (2018) [7], the independent group of scientists appointed by the secretary general (2019) [40], and the WEF (World Economic Forum) (2022) [25] were used. In the state-of-the-art research, there was no evidence of a study showing a global reference framework aligned with the previously mentioned reports. Therefore, the details of this characterization corresponding to the sub-risk ID and the specific sub-risk ID can be consulted in annexes A1 to A5. It is important to emphasize that the organizational risk characterization with a focus on sustainability did not have prior prioritization, but this was conducted through the DEMATEL method. This study provides a general methodology for organizations to obtain an adequate prioritization of their organizational risks with a focus on sustainability. The results of the case study are shown below, taking into account that the organizations surveyed belong to different economic sectors.

3.2. Group of Experts

The selection of the members of the group of experts consulted is very relevant to the definition and evaluation of the problem posed. In this case, the problem was organizational risks with a focus on sustainability, and the MCDM technique was considered [23]. Experts can be selected based on their experience, the quality of their work, their recognition, or suggestions from group members or others. However, even the most qualified expert may have only some knowledge [41].

The group of experts for this research comprised profiles of high-level executives from organizations in the service sector, auditing and consulting firms, the oil and gas sector, the manufacturing sector, and the financial sector. The professionals consulted for this study included CEOs, department directors, and senior managers at the country level, with the diverse professions described in

Table 2. Group of experts.

Type of Position	Number of People	Years of Experience
Accountants specializing in and/or with a master’s degree in auditing, digital transformation, and/or sustainability	22	20
Economists specializing in risk management	18	15
Industrial engineers specializing in occupational health and safety, sustainability, and/or risk management	12	15
Systems engineering professionals specializing in cybersecurity	7	25
Psychologists specializing in human resources	10	25
Environmental professionals specializing in risk management	10	15

. As they had several years of experience in the execution of their professional activities, the answers obtained were compiled based on their professional judgement and according to their experience in the materialization of risks in the industries in which they worked. This group was formed by considering that the professionals were experts in organizational risks with a focus on sustainability (economic, environmental, geopolitical, social, technological) and corporate risk factors in business governance. When analyzing each risk or sub-risk, a different probability and impact assessment was obtained depending on the expert consulted and the type of industry to which he or she belonged. However, with the selection of this group of experts, the purpose was to obtain different levels of prioritization of the five typologies of sustainability risks consulted using the DEMATEL methodology; in the case of AHP, the purpose was to obtain the prioritization of the sub-risks in order to obtain a holistic overview of the methodologies applied in this research. Similarly, the previously mentioned professionals were leading decision-makers in the organization of this research and ultimately responsible for managing its risks. It is important to mention that the developer of the proposed DEMATEL and AHP methods is a professional in industrial engineering, a specialist, and has a master’s degree. They have extensive experience in the development of models associated with MCDM models and were in charge of processing the data collected through the 1AK survey (one-click survey), which collected the opinions of the experts consulted.

Surveys were designed to consolidate the responses of the group of experts associated with the prioritization of organizational risks with a focus on sustainability, for which it was decided to use the 1AK (one-click survey) tool. Taking into account the area of expertise of the professionals surveyed, information was collected with the appropriate guidance according to their level of exposure and risk management in their daily work. The formulated surveys asked the group of experts to select the level of influence and relevance of the characterized organizational risks and sub-risks with a focus on sustainability, taking into account the scale in

Table 3. Linguistic comparison scale for DEMATEL and AHP methods.

Linguistic Scale	AHP Value	DEMATEL Value
No influence	1	1
Very low influence	3	2
Low influence	5	3
High influence	7	4
Very high influence	9	5

. The respondent indicated the level that he/she considered to be in accordance with the paired comparison first between the risks for the DEMATEL case and subsequently between the sub-risks for the AHP case.

The DEMATEL and AHP methods were used to solve problems in GDM. This began with the collection of the opinions of each expert. Each expert assigned ratings to the options considering the linguistic scale (see Table 3), and the data were collected through the 1AK survey (one-click survey). Once the survey was completed, the comparison matrix was constructed, which was the result of comparing the risk typologies (geopolitical, economic, social, environmental, and technological) with each other. At the same time, a comparison of sub-risks belonging to the same risk typology was carried out. These comparisons provided values that indicated relative preferences, reflecting the importance of one element compared to another. Finally, matrix calculations were used to obtain the vectors and eigenvalues, which allowed the relative weightings of criteria and options to be determined, generating as a result the hierarchy of the risk typologies and the hierarchy of the sub-risks of the same typology and reflecting the collective opinions of the group of experts. This approach provided details on the entire process generated during decision-making based on the data obtained.

It should be clarified that the data were provided by the group of experts through a process of mutual evaluation. By means of the paired survey, the experts used the linguistic comparison scale to assess the degree of mutual influence between the different risk typologies. Additionally, they assessed the mutual influence relationships between the sub-risks belonging to the same typology. These data were collected and used to construct matrices that reflected the influencing relationships between risk typologies and respective sub-risks. Within this framework, to carry out the appropriate aggregation of the information collected with the survey, the construction of individual comparison matrices was carried out as follows:

For each pair of factors (i) and (j), where i and j represent the risk and sub-risk typologies (of the same risk typology), respectively, a comparison matrix (Cij) was constructed for this purpose using the values assigned by the 79 experts:

$$Cij=\left[\begin{array}{cc}0& cij\\ 0& 1\end{array}\right]$$

(2)

Each element Cij was computed through the utilization of the geometric mean method (GMM), which involved the opinions of the 79 experts [42]:

$$c_{ij}={\left(\prod _{p=1}^{79}{C}_{ij}^p\right)}^{\raisebox{1ex}{$1$}\!\left/ \!\raisebox{-1ex}{$79$}\right.}$$

(3)

where p refers to the assessment of each of the experts. In accordance with Equation (3), this process was iterative, comparing the different types of risks and sub-risks. The next step corresponds to the summation of all the individual comparison matrices to obtain a total matrix $C_{total}$.

$$C_{total}=\sum C_{ij}$$

(4)

Finally, the total matrix ($C_{total}$) was normalized by dividing each element by the sum of the elements in its row in order to prepare the information to perform the analysis in the AHP and DEMATEL methods.

$$N_{ij}=\frac{C_{total,ij}}{{\sum }_j{C}_{total,ij}}$$

(5)

This approach allowed the experts to provide their opinions in the form of scores in a structured manner, facilitating the risk hierarchy. The following sections explain the development of the proposed methods in greater detail.

3.3. Application of DEMATEL

This method represents the interrelationships and effects between cause-and-effect groups by obtaining a visual representation according to the opinions of the surveyed experts [43,44]. The method can be divided into the following steps:

Step 1: Develop an initial matrix described by scores (see Table 3). The described scales of influence should be established as follows: 0 (no influence), 1 (low influence), 2 (medium influence), 3 (high influence), and 4 (very high influence). Ask the group of expert respondents to make paired comparisons according to the influence and direction between the criteria—in this case, the five characterized risks (see Figure 3). Once these paired comparisons are obtained, the direct relationship matrix is constructed, in which aij is denoted as the degree of influence on the criterion that i has on j; then, the average matrix is obtained [45].

Table 4. Initial influence matrix.

	Geopolitical	Economic	Social	Technological	Environmental
Geopolitical	0.0000	3.9351	4.0248	3.4798	3.5775
Economic	4.3954	0.0000	4.2446	3.7131	3.4077
Social	3.6508	3.6674	0.0000	2.8910	3.6010
Technological	3.1113	3.8640	3.4798	0.0000	3.2451
Environmental	2.9463	3.1480	3.4729	2.6096	0.0000

shows the initial influence matrix using Equation (1) (see Section 2).

Step 2: Normalize the relationship matrix, which is denoted by M and is obtained with Equations (6) and (7), taking into account that all the main elements of the diagonals are equal to zero [45,46].

$$M=k·\mathrm{A}$$

(6)

$$\begin{gathered} k=Min\left[\frac{1}{\begin{array}{c}max\\ 1\le i\le n\end{array}{\sum }_{j=1}^n\left|a_{ij}\right|},\frac{1}{\begin{array}{c}max\\ 1\le j\le n\end{array}{\sum }_{i=1}^n\left|a_{ij}\right|}\right] \\ i,j\in \left\{\mathrm{1,2},3\dots n\right\} \end{gathered}$$

(7)

Based on the initial direct ratio matrix in Table 4, the normalized direct ratio matrix in

Table 5. Normalized direct relationship matrix.

	Geopolitical	Economic	Social	Technological	Environmental
Geopolitical	0.0000	0.2497	0.2554	0.2208	0.2270
Economic	0.2789	0.0000	0.2693	0.2356	0.2162
Social	0.2316	0.2327	0.0000	0.1834	0.2285
Technological	0.1974	0.2452	0.2208	0.0000	0.2059
Environmental	0.1869	0.1997	0.2203	0.1656	0.0000

is obtained using the DEMATEL model, considering Equations (6) and (7).

Step 3: To obtain the total ratio matrix once the normalized direct ratio matrix M is obtained, derive Equations (8) and (9), where I is denoted as the identity matrix (see

Table 6. Total relationship matrix.

	Geopolitical	Economic	Social	Technological	Environmental	D	D + R	D − R
Geopolitical	1.6541	1.8944	1.9597	1.6911	1.8080	9.0073	17.5842	0.4304
Economic	1.9420	1.7659	2.0421	1.7644	1.8687	9.3832	18.1739	0.5925
Social	1.7323	1.7704	1.6397	1.5655	1.7014	8.4092	17.5177	-0.6994
Technological	1.7011	1.7703	1.8113	1.4026	1.6774	8.3627	16.1976	0.5278
Environmental	1.5474	1.5898	1.6558	1.4113	1.3639	7.5681	15.9876	-0.8513
R	8.5769	8.7907	9.1086	7.8349	8.4194

) [45,46].

$$S=M+M^2+M^3+\cdots =\sum _{i=1}^{\infty }{M}^i$$

(8)

$$S={M\left(I-M\right)}^{-1}$$

(9)

Step 4: To calculate the dispatcher group and receiver group, use the values denoted as (D − R) and (D + R), where R is denoted as the sum of the columns and D is the sum of the rows in the matrix S, as described in Equation (10). The level of influence for others and the level of relationship with others are defined as shown in Equations (11) and (12), respectively [34,45,47]. For some of the criteria with positive values (D − R), the conclusion is that they have a more significant influence on themselves and therefore have higher priority. These are called dispatchers, and others with negative values (D − R) receive greater inclusion by others. Therefore, it is concluded that they have lower priority and are called receivers. Thus, the (D + R) value indicates the degree of relationship of each criterion with the others, and criteria with higher values of (D + R) and lower values of (D + R) have less of a relationship with the others [45,46].

$$S={\left[s_{ij}\right]}_{nxn’} i,j\in \left\{\mathrm{1,2},3\dots n\right\}$$

(10)

$$D=\sum _{j=1}^n{s}_{ij}$$

(11)

$$R=\sum _{i=1}^n{s}_{ij}$$

(12)

The total relationship matrix described in Table 6 is obtained using Equation (8) (Appendix B.1). Then, by applying Equations (10) and (11), the diagram describing influence and relevance is calculated using the data set (D + R, D − R).

Step 5: Set a threshold value, obtain the impact digraph map, and set a threshold value for the level of influence. For the elements whose influence level in the S-matrix is higher than the threshold that can be chosen and converted into the impact digraph map, the threshold value should be defined by the decision-maker or expert group [48]. To finally obtain the impact digraph map, the horizontal axis (D + R) and vertical axis (D − R) should be set according to the data obtained with (D + R, D − R) [47].

All organizational risks with a focus on sustainability described in the characterization, such as geopolitical, economic, social, technological, and environmental risks, with a positive value (D + R) are in the relevant group, whereas risks with a negative value (D − R) are in the influence group, which means that those risks are affected or influenced by other factors, adjusting to the actual conditions. Finally, the weighting matrix is created.

Table 7. Final DEMATEL weightings for each set of risks.

Risk 1 Geopolitical	Risk 2 Economic	Risk 3 Social	Risk 4 Technological	Risk 5 Environmental
0.2108	0.2196	0.1968	0.1957	0.1771

shows the prioritization of organizational risks with a focus on sustainability.

However, as mentioned in Section 3.1, in order for organizations to provide global assurance of all their organizational risks with a focus on sustainability, it is important to take into account the five risks characterized in Figure 3, as it allows the most common risks to be highlighted from a holistic perspective and from a global level and provides a complete overview of the essential controls that mitigate their materialization by the most representative changes in the global scenario. In addition, it is important to mention that the risks were studied with DEMATEL from an assessment perspective that was oriented to the organization of this case study to understand its main organizational risks with a focus on sustainability. For this reason, in Section 3.4, an AHP model is developed with the five risks studied throughout this research in order to show their globality.

3.4. Aplication of AHP

The essential steps of the AHP model according to Saaty (1980) [35] are described below, together with the key equations and formulas involved in its implementation. Taking into account the results obtained with the DEMATEL model, an AHP model was applied to prioritize the sub-risks corresponding to each risk, as defined in Table 1. To identify and prioritize the sub-risks according to their potential impact on the organization and their probability of occurrence, the AHP model was applied, taking into account Equations (13) to (16).

Step 1. Definition of hierarchy: The first stage in the application of the AHP involves the construction of a hierarchy representing the criteria and alternatives involved in the decision. If there are “n” criteria, the hierarchy will consist of “n + 1” levels, including the top level for the overall goal and subsequent levels for the criteria and alternatives. The formula for calculating the total number of elements in the hierarchy is given by:

$$N=1+\sum _{i=1}^n{m}_i$$

(13)

where N is the total number of elements in the hierarchy (the characterized risks) and m_i is the number of alternatives at level i (each of the characterized sub-risks).

Step 2. Criteria comparison matrix (CM): The experts compared the relative importance of the criteria, in this case the characterized sub-risks (see Figure 3), and positive values were assigned in the criterion comparison matrix CM, a square matrix of size n × n. Each element CM(i,j) represents the importance relationship between criteria i and j. For example, if CM(i,j) = 3, it means that criterion i is three times more important than criterion j.

Table 8. Average geopolitical comparison matrix.

	1.1	1.2	1.3	1.4	1.5	1.6	1.7	1.8	1.9	1.10
1.1	1	1.7745	1.2842	1.5209	1.2702	1.7047	3.1159	2.6607	2.4989	1.9248
1.2	0.5635	1	0.6796	0.6577	0.8052	1.3230	2.2885	1.6491	2.2962	2.5357
1.3	0.7787	1.4714	1	0.9744	1.1974	1.2471	1.9183	2.1898	2.4358	2.9487
1.4	0.6575	1.5204	1.0263	1	0.9748	1.9746	2.1569	2.0719	2.8310	2.5731
1.5	0.7873	1.2419	0.8352	1.0259	1	2.0037	3.0362	2.5451	3.7171	3.1848
1.6	0.5866	0.7559	0.8018	0.5064	0.4991	1	2.1725	2.0712	2.5636	2.6211
1.7	0.3209	0.4370	0.5213	0.4636	0.3294	0.4603	1	1.4342	1.2065	1.0113
1.8	0.3758	0.6064	0.4567	0.4826	0.3929	0.4828	0.6972	1	1.4875	1.6129
1.9	0.4002	0.4355	0.4105	0.3532	0.2690	0.3901	0.8288	0.6723	1	1.1127
1.10	0.5195	0.3944	0.3391	0.3886	0.3140	0.3815	0.9888	0.6200	0.8987	1

,

Table 9. Average economic comparison matrix.

	2.1	2.2	2.3	2.4	2.5	2.6	2.7	2.8
2.1	1	0.4163	0.4932	1.2654	0.9240	0.3689	0.5080	0.8642
2.2	2.4018	1	0.9081	1.9324	0.9583	0.8750	0.4959	1.0429
2.3	2.0276	1.1012	1	0.7211	0.7302	0.2986	0.7044	0.7346
2.4	0.7902	0.5175	1.3867	1	0.6513	0.8860	0.7262	0.7262
2.5	1.0823	1.0435	1.3695	1.5355	1	1.0000	0.9701	1.0000
2.6	2.7109	1.1428	3.3490	1.1287	1.0000	1	0.7757	1.2429
2.7	1.9686	2.0165	1.4196	1.3771	1.0309	1.2891	1	0.7757
2.8	1.1571	0.9589	1.3612	1.3771	1.0000	0.8046	1.2891	1

,

Table 10. Average social comparison matrix.

	3.1	3.2	3.3	3.4	3.5	3.6	3.7	3.8	3.9	3.10
3.1	1	0.8046	0.5397	0.6667	0.7619	0.5401	0.3870	0.3578	0.5172	0.3665
3.2	1.2429	1	0.6513	0.9642	0.9245	0.6279	0.6054	0.9418	1.0237	0.7762
3.3	1.8530	1.5355	1	1.1079	1.3197	0.6018	0.8702	0.6631	1.4453	1.2134
3.4	1.4999	1.0372	0.9026	1	0.6792	0.7661	0.6548	0.4784	0.5240	0.5338
3.5	1.3125	1.0816	0.7578	1.4724	1	0.5269	0.4216	0.7172	0.8090	1.5926
3.6	1.8513	1.5926	1.6618	1.3053	1.8980	1	1.5271	1.6517	1.7548	1.9686
3.7	2.5837	1.6517	1.1491	1.5271	2.3721	0.6548	1	0.9245	1.1280	0.8755
3.8	2.7946	1.0618	1.5082	2.0902	1.3943	0.6054	1.0816	1	1.1484	0.7484
3.9	1.9335	0.9768	0.6919	1.9085	1.2361	0.5699	0.8865	0.8707	1	1.0372
3.10	2.7282	1.2884	0.8241	1.8734	0.6279	0.5080	1.1421	1.3362	0.9642	1

,

Table 11. Average technological comparison matrix.

	4.1	4.2	4.3	4.4	4.5	4.6
4.1	1	1.6151	2.2180	0.6020	0.2695	1.0959
4.2	0.6192	1	0.8503	0.3861	0.2443	0.7080
4.3	0.4509	1.1760	1	0.3598	0.3598	0.8327
4.4	1.6610	2.5900	2.7795	1	1.0502	2.9398
4.5	3.7103	4.0936	2.7795	0.9522	1	2.4998
4.6	0.9125	1.4124	1.2009	0.3402	0.4000	1

and

Table 12. Average environmental comparison matrix.

	5.1	5.2	5.3	5.4	5.5	5.6	5.7	5.8
5.1	1	2.0370	0.6420	1.1270	0.8683	1.7082	1.7210	1.5816
5.2	0.4909	1	0.3754	0.3575	0.3498	0.5045	0.3650	0.4509
5.3	1.5577	2.6637	1	0.6192	0.7980	0.8154	0.9067	1.8860
5.4	0.8873	2.7974	1.6151	1	1.8086	1.5715	1.0889	1.2272
5.5	1.1517	2.8585	1.2532	0.5529	1	1.0000	0.4509	0.8689
5.6	0.5854	1.9820	1.2264	0.6363	1.0000	1	0.6063	1.0212
5.7	0.5811	2.7394	1.1029	0.9184	2.2180	1.6493	1	1.5478
5.8	0.6323	2.2180	0.5302	0.8149	1.1509	0.9793	0.6461	1

show the comparison matrices created by the experts, where they compared the relative importance of each of the risks and their respective sub-risks and assigned values to the comparative relationships. The comparison matrix of each expert was then averaged (see Appendix B.1, Appendix B.2, Appendix B.3, Appendix B.4, Appendix B.5 and Appendix B.6). These values represent the importance of one criterion compared to another. Comparisons were made using a numerical scale, e.g., 1 to 9, where 1 means equal importance and 9 means that one is extremely more important. These comparisons were recorded in a CM matrix, which is a symmetric square matrix.

Step 3. Calculation of eigenvectors and eigenvalues: The next step involves calculating the eigenvectors and eigenvalues of the CM matrix. To do this, the eigenvalue problem is solved:

$$CM·v=\lambda v$$

(14)

where v is the eigenvector and λ is the corresponding eigenvalue. Then, the eigenvector v is normalized by dividing each element by the sum of the elements of the vector. The consistency ratio (CI) is calculated using:

$$CI=\frac{\lambda \max -n}{n-1}$$

(15)

where λmax is the maximum eigenvalue and n is the number of criteria.

Step 4. Alternative comparison matrices: For each criterion i, for this particular case, an alternative comparison matrix Ai was constructed. Similar to the CM matrix, experts compared alternatives based on criterion i and assigned positive values in Ai.

Step 5. Calculation of weightings: The weightings of the criteria are calculated by averaging the normalized eigenvectors of the Ai matrices. The normalized weightings wi of the criteria are obtained by:

$$W=\frac{\sum _j^n{v}_{ij}}{n}$$

(16)

where v_ij is the element i,j of the normalized eigenvector vi.

Step 6. Verification of consistency: The consistency ratio (CR) is calculated. This ratio is designed so that values exceeding 0.10 are a sign of inconsistent judgments; it is likely that in these cases the decision-maker will want to reconsider and modify the original values of the paired comparisons matrix. Consistency ratio values of 0.10 or less are considered to signal a reasonable level of consistency in paired comparisons. In order to obtain the total priority of all network elements, the total score for each criterion is calculated, with the highest being considered the best option.

Table 13. Prioritization matrix and consistency index.

Item	1. Geopolitical	Item	2. Economical	Item	3. Social	Item	4. Technological	Item	5. Environmental
1.1	0.1611	2.1	0.0823	3.1	0.0539	4.1	0.1365	5.1	0.1527
1.2	0.1073	2.2	0.1315	3.2	0.0811	4.2	0.0820	5.2	0.0533
1.3	0.1329	2.3	0.1002	3.3	0.1046	4.3	0.0899	5.3	0.1386
1.4	0.1368	2.4	0.0976	3.4	0.0735	4.4	0.2638	5.4	0.1645
1.5	0.1491	2.5	0.1315	3.5	0.0877	4.5	0.3172	5.5	0.1189
1.6	0.1005	2.6	0.1683	3.6	0.1541	4.6	0.1106	5.6	0.1089
1.7	0.0566	2.7	0.1577	3.7	0.1216			5.7	0.1575
1.8	0.0597	2.8	0.1310	3.8	0.1173			5.8	0.1056
1.9	0.0474			3.9	0.0985
1.10	0.0485			3.10	0.1077
CI	0.0125	CI	0.0348	CI	0.0208	CI	0.0144	CI	0.0274

shows a compilation of the priority matrices for each of the organizational risks with a focus on sustainability, including the respective consistency indices (CIs).

Step 7. Sensitivity analysis: Sensitivity analysis is an essential tool for assessing the robustness and stability of AHP model results. This section explores how sensitivity analysis is performed and how variations in the results are interpreted.

Step 7.1. Modification of comparison matrices: To perform the sensitivity analysis, the comparison matrices of criteria and alternatives are modified in a controlled manner. Each element of these matrices is adjusted by a certain percentage to reflect changes in the original comparisons.

Step 7.2. Recalculation of modified weightings and priorities: With the modified comparison matrices, the weightings and priorities of the criteria and alternatives are recalculated using the same procedure as in Step 1. This provides new results based on the modified inputs.

Step 7.3. Interpretation of the sensitivity analysis results: Variations in weightings and priors between the original and modified results are interpreted to assess the sensitivity of the AHP model. The main points to consider include:

• Sensitivity criteria: Identify the criteria showing the highest variations in weightings and priorities. These criteria are more sensitive to change and may require special attention in decision-making.
• Trends in variations: Analyze whether there are consistent trends in the variations of weightings and priorities. This can reveal how certain inputs affect overall results.
• Stability: Evaluate whether variations are acceptable and whether inputs changes lead to reasonable and consistent results.

4. Discussion

The results presented in this research, considering the characterization of the proposed organizational risks focused on sustainability and through the application of the DEMATEL method, show that taking into account the expert opinions consulted allowed for an analysis of the structure of the components of each of the geopolitical, economic, social, technological, and environmental risks in this case. As part of the presentation of the results, the final DEMATEL weightings for each risk typology were obtained, as shown in Figure 4.

Additionally, there was a presentation and analysis showing the direction and intensity of the direct and indirect relationships that generated influence between the risks that were initially presumed to be well defined in the process of characterizing organizational risks with a focus on sustainability. Figure 5 shows a graph of influence and relevance divided into four quadrants using the DEMATEL model. The elements in the upper right quadrant (I) are those with high influence and relevance. Those are the critical aspects that require priority attention, and as a result, they represent a hierarchy of sustainability risk typologies that need to be addressed, based on the opinions of the experts consulted. The elements in the upper left quadrant (II) have high influence but less relevance, whereas the elements in the lower right quadrant (IV) have high relevance but lower influence. The elements in the lower left quadrant (III) have low influence and relevance. Given the above, it is essential to reinforce efforts in strategic decision-making for the elements in the upper right quadrant and thus address organizational risks effectively.

Using the AHP method, the best alternatives among the alternatives considered were evaluated and selected. With this method, a hierarchical structure was provided, which allowed the prioritization of the sub-risks for each organizational risk focusing on sustainability that was prioritized with the DEMATEL model (geopolitical, economic, and social) to be broken down and identified. The prioritization of the five organizational risks with a focus on sustainability that were characterized is presented (see Table 13), as is the presentation and sensitivity analysis, so that controlled variations in the input values, such as the values in the comparison matrices, could be performed in order to observe the variation in the results. This allowed for an evaluation of the stability of the decisions made through the AHP and an understanding of whether the most preferred choices remained consistent in different scenarios.

Based on the results obtained from the AHP model (see Table 13), the following sub-risk prioritizations were obtained:

-

The sub-risks with the highest prioritization in the geopolitical field were (1.1) lack of ethics in the conduct of business, (1.5) corruption and instability, and (1.4) non-compliance with regulations.

-

The sub-risks with the highest priority in the economic field were (2.6) deficit in economic growth; (2.7) low growth in industry, innovation, and infrastructure; and (2.5) water and sanitation shortage.

-

The sub-risks with the highest prioritization in the social field were (3.6) chemical safety, (3.7) demographic and health risks, and (3.8) lack of well-being and health.

-

The most highly prioritized sub-risks in the technological field were (4.5) massive data fraud or theft incident, (4.4) large-scale cyber-attacks, and (4.1) information security risks and technological changes.

-

The most highly prioritized sub-risks in the environmental field were (5.4) water depletion, (5.7) toxic emissions and waste, and (5.1) carbon emissions.

In the calculation of the sensitivity analysis, the first step was to define the relevant variables that would influence the AHP model. Once identified, the ranges of variation for each variable were established. This involved deciding whether to increase or decrease percentages or fixed amounts associated with these variables. The parameters of the AHP model were then modified according to the established variations and the results were recalculated. The next phase consisted of meticulously recording the results obtained for each modified scenario.

This sensitivity analysis was used to evaluate the stability of the results obtained through the AHP. Among the advantages of implementing this analysis were (i) the identification of criteria with higher criticality, which assisted decision-makers with better focusing controls against risks; (ii) an analysis of the robustness of the decisions against changes in the values or conditions of the criteria, which allowed the resistance to uncertainty and variations to be determined; and (iii) improved decision-making since, when combined with MCDM techniques, it provided the consideration of multiple criteria and scenarios and more informed decisions, taking into account the complexity of the criteria [49]. The values of the average comparison matrix for each risk were taken into account, and these values re increased by 10% to evaluate how changes in these matrices would affect the selection of the preferred alternative. The values of the comparison matrices for criteria and alternatives were adjusted to assess how changes in these matrices would affect the selection of the most preferred alternative.

The sensitivity analysis was specifically designed to explore how variations in input data can affect decisions, which is a common practice in risk management. In representing these results, bar or line graphs are used. Each bar or dot on the graph represents the result corresponding to a specific variation in the variables. This visual representation allows for easy interpretation of how changes in the sub-risk variables affected the results of the AHP model, providing a clear and accessible perspective for sensitivity analysis (see Figure 6, Figure 7, Figure 8, Figure 9 and Figure 10).

The sensitivity analysis of the AHP model generated a wide range of results, showing how fluctuations in key variables influence risk prioritization. Values close to zero indicate sub-risks with low sensitivity to the variations introduced. These components maintained a relatively constant and stable contribution across different scenarios. Although their influence was minor compared to others, their stability suggests consistency in decision-making. Positive variations of up to 40% indicate that, in certain scenarios or with specific modifications, the sub-risk had a positive impact. This sub-risk was less sensitive to adverse changes compared to others, which might suggest greater stability under various conditions. In contrast, negative variances of up to −60% indicate that changes in the input values significantly influenced the model results, yielding significant negative changes in the relative priorities of the criteria. This indicates that certain changes in the input values induced a noticeable decrease in the relative importance of some criteria in relation to their original weights. It is important to note that, although variations in the results were identified through the sensitivity analysis, these should not undermine the robustness of the conclusions drawn. The variations observed were within realistic ranges and reflected the uncertainty inherent in decision-making in a dynamic environment. The recommendations were robust, and the proactive approach to addressing variability in the data ensured more informed decision making and resilience in the face of possible changes in model input conditions.

This research provides the reader with a significant contribution to the field of sustainability risk management, especially when considering the breadth of challenges it encompasses, taking into account the five typologies of risks characterized and their respective sub-risks. It was possible to determine the most relevant risk typologies through the DEMATEL method and the most relevant sub-risks through the AHP method for adequate decision-making in the organizations regarding their treatment and controls. The results obtained highlight the relevance of sustainability risks typified as economic, social, geopolitical, environmental, and technological. This provides valuable guidance for various organizations. From a methodological point of view, the appropriate application of the DEMATEL and AHP models indicates the effectiveness of these tools in the prioritization of risks and sub-risks. The above takes into account that the opinions of a group of experts from different sectors have the same weighting and avoid biases of opinions without taking into consideration the industry in which each expert works. This study not only deepens in the identification of key risks but also highlights the importance of sensitivity analysis in decision-making, offering a realistic and contextualized view of the results obtained.

Among the limitations of this study, it was found that, in the characterization proposed in Table 1 of specific sub-risks, it would be exciting to continue with the analysis proposed from the approach of risk prioritization and deepen the analysis through the application of other MCDM methodologies.

According to the OEMS and the literature consulted in this regard, it would be very relevant to continue investigating how to propose a model that addresses, from the perspective of risk management obtained in this research, an approach to establish a control strategy for each of the elements analyzed.

The results obtained with the applied methodology not only strengthen consistency in decision-making but also contribute to more objective and accurate risk management. Overall, this methodology adapts in a versatile way to the organizational environment, providing a comprehensive and accurate approach to efficiently identify and hierarchize risks in a variety of contexts.

5. Conclusions

This investigation considered the opinions of a group of experts to conclude the relevance and preference of the proposed organizational risk characterization with a focus on sustainability by using MCDM models for decision-making that allow the prioritization to be determined via the DEMATEL analytical method with the following categories: (1) economic, (2) geopolitical, (3) social, (4) technological, and (5) environmental, with which it was possible to obtain the consensus of the opinions collected, having gained enough clarity on those opinions. Additionally, based on the proposed characterization of sustainability risks and considering their risk assessment, the calculation results were obtained through the model generated in Google Colab, and the opinions addressed are presented rationally.

Additionally, based on the AHP method, the sub-risks were prioritized for each typology of risk characterized—in this case, economic, geopolitical, social, technological, and environmental—obtaining the following:

• The geopolitical sub-risks with the highest prioritization were (1.1) lack of ethics in the conduct of business (0.1611), (1.5) corruption and instability (0.1491), and (1.4) non-compliance with regulations (0.1368).
• The economic sub-risks with the highest prioritization were (2.6) deficit in economic growth (0.1683); (2.7) low growth in industry, innovation, and infrastructure (0.1577); and (2.5) water scarcity and sanitation (0.1315).
• The social sub-risks with the highest prioritization were (3.6) chemical safety (0.1541), (3.7) demographic and health risks (0.1216), and (3.8) lack of well-being and health (0.1173).
• The technological sub-risks with the highest prioritization were (4.5) massive data fraud or theft incident (0.3172), (4.4) large-scale cyber-attacks (0.2638), and (4.1) information security risks and technological changes (0.1365).
• The environmental sub-risks with the highest prioritization were (5.4) water depletion (0.1645), (5.7) toxic emissions and waste (0.1575), and (5.1) carbon emissions (0.1527).

Based on the consultation with the experts in this research, it can be concluded that the application of sensitivity analysis to the AHP model revealed that changes in the comparison matrices impacted risk prioritization. Negative variations of up to -60% were identified, which had a negative impact on the weightings of certain criteria. Positive variations of up to 40% indicated a positive impact on the weighting of certain sub-risks under certain conditions, suggesting that these elements have a favorable impact on identifying strategic decisions. For sub-risks with low sensitivity close to zero and stable contributions were maintained under various scenarios and had consistent results. The proactive approach to data variability ensures informed decisions and resilience to change.

It is important to consider the significant relevance of the adequate characterization of organizational risks with a focus on sustainability, as it is a key factor for the planning of all strategies at the organizational level, to ensure adequate treatment of them and to make the best decisions in the organizations regarding how to manage them adequately.

Through the prioritization of risks established in this research using the DEMATEL and ANP methods, organizations can find a structured reference based on the group of experts consulted on organizational risks with a focus on sustainability. A comprehensive and detailed approach to the typified risks is provided, along with a clear vision of the risks, which thus enables organizations to focus on really effective controls. This depends on the risks and sub-risks defined in each business sector that requires the implementation of this methodology.

In accordance with the scope of the research, some issues must still be addressed, for which it is suggested to extend the proposed analysis, starting with the characterization of the organizational risks with a focus on sustainability (risks and sub-risks) in the present study. It is suggested to extend the prioritization analysis by applying other MCDM methodologies to identify variations in the prioritization of risks and sub-risks. Furthermore, it is proposed that detailed comparisons be carried out to determine the most representative risks and sub-risks. Finally, it is recommended that, based on this research, the information on monitoring controls associated with the prioritized risks and sub-risks be expanded, thus contributing to organizational risk management with a focus on sustainability.