Enterprise risk management (ERM) has become an important topic in today's more complex, interrelated global business environment, replete with threats from natural, political, economic, and technical sources. The development and current status of ERM is presented, with a demonstration of how risk modelling can be applied in supply chain management. Within supply chain management, a major managerial decision is vendor selection. We start with discussion of the advanced ERM technology, i.e. value-at-risk (VaR) and develop DEA VaR model as a new tool to conduct risk management in enterprises. A vendor selection set of data is used to demonstrate how this model can be used to assess supply risks in ERM. Such models provide means to quantitatively improve decision making with respect to risk.