Search results

The purpose of this paper is to ease the ISO 31000 standard understanding and provide mechanisms that allow organizations to adopt and adapt this standard to their reality.

The research methodology adopted in this research was the design science research methodology.

Key finding is that enterprise architecture (EA) models and EA tools can help reduce the complexity of the ISO 31000 standard and improve the communication between stakeholders.

The research proposal serves the purpose of supporting the evidence collection for an enterprise risk management (ERM) initiative in an as-was, as-is, or to-be perspective.

Traditional ERM efforts operate on silos, limiting the sharing of risk information and the achievement of an organization-wide view of risks. EA can provide a common way to model complex business systems, from the strategic level to implementation details. This paper proposes the use of an EA model and an EA tool (Atlas) to represent ISO 31000, allowing a better understanding on the value of assets that can be affected from the manifestation of some risks over time.

There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation.

The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic.

The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives.

There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

The purpose of this paper is to theorize and prioritize the main categories of risk sources for the European manufacturing small- and medium-sized enterprises (SMEs) in accordance with the International Organization for Standardization (ISO) 9001:2015 requirement “risk based thinking.” Furthermore, the research analyses how these organizations intend to manage the risks and their effects.

A first exploratory interview with 28 experts from international certification bodies and manufacturing companies which revealed 11 risk sources has been performed. Then, quality managers from European manufacturing SMEs were surveyed to determine whether or not they intended to manage the risk sources suggested by the experts. A 95 percent confidence interval was performed to evaluate the range of plausible values for the population. The quality managers were also asked to comment on each category of risk source.

The research shows that the most taken into account categories of risk sources were the internal production of nonconforming products followed by poorly trained workers with a lack of skills and awareness, supplier nonconforming products and lack of risk-based assessment. The least taken into account category was nonconforming technical results in the design process. The quality managers’ qualitative comments also brought to light interesting issues which represented avenues for new research.

The limitations of this research lie in the first exploratory interview with the 28 experts. This process could be improved by means of a larger sample of experts. Furthermore, these experts could have included risk source categories which could fall outside of an ISO 9001 quality management system (QMS) scope and application.

Quality managers in SMEs can now address the new ISO 9001:2015 requirement knowing what the priorities from a statistical point of view are. This implication is also relevant to QMS consultants who are implementing ISO 9001:2015 QMS together with their customers.

The novelty of this research is that it has been tried for the first time to theorize what the main categories of risk sources in accordance with the risk-based thinking requirement are for European manufacturing SMEs.

Proper risk management is a critical requirement for the success of every project. This is, to a large extent, due to the role risk plays in determining project outcomes. The mining sector usually is linked with high environmental, social and economic risks. Hence, the process of systematic risk management applied to a single case study of a tailings re-mining project in Ghana holds the potential for invaluable insights on risk management in the mining sector. The paper aims to discuss these issues.

Mining organization experts were asked to identify project risks, and 50 staff from the organization were invited to make subjective assessments of the probability of occurrence and consequences for each of 15 identified risks. From this assessment, a risk severity matrix was developed.

The findings show that the most severe risks for a tailings re-mining project include spillage caused by leakage from pipes; vandalism by illegal mining operators; late deliveries of mining materials; the effect of rainfall; and failure to gain project approval from the Environmental Protection Agency. Risk treatment options are suggested for these risks.

The study is limited to only the risk issues associated with tailings re-mining projects.

Practically, this study highlights for mining companies and operators, the critical risks factors that militate against successful tailings re-mining projects.

This study, essentially, reveals the threat of illegal mining operations to such an important project and hence the need for strong security to avoid such threats.

This study contributes to the debate on the risk factors that affect tailings re-mining, especially, from a developing country’s point of view.

Data centres (DC) serve as critical infrastructure and require a sustainable and uninterrupted building operation. Effective risk management (RM), as a component of enterprise RM (ERM), is the basis for secure DC operations. The purpose of this paper is to determine, whether holistic and integrated RM solutions already exist or what they might look like.

A literature review of laws, norms, standards, methods and certifications combined with transcribed paper and pencil expert interviews with DC, facility service companies and consulting firms has been conducted. The study also investigates RM practices of 23 large international DC and facility service companies.

Results of literature research and intensive interviews with experienced DC experts, covering the entire life cycle of buildings, indicate that there are no holistic and integrated RM practice applications for DC on a sound academic basis.

Findings suggest that there is a need for developing a holistic and integrated RM framework for DC. This paper is a contribution to the expansion of ERM research and can be very valuable for builders and operators. The results of this research form the basis for the development of a structured RM framework for DC that improves performance.

The study allows professionals to understand the operational state-of-the-art of RM in critical environments and shed light on the wide spectrum of conceptualities and definitions.

The purpose of this paper is to focus, explore, and provide an in-depth analysis of the relationship between company resources and the process of enterprise risk management (ERM) in order to strengthen corporate structures against emerging uncertainties.

This paper proposes a strategic risk management framework for the development and sustainability of corporate performance by focussing on the dimension of firm resources extracted from the resources-based theory. This paper focussed on using Malaysia listed firms under Malaysian Bourse as sample frame using the random sampling technique whereby questionnaire were distributed among head of risk management department. Of the 600 questionnaires distributed, 223 were returned completed.

The survey results indicate that intangible resources play a significant roles in resources – performance relationship while the other two main dimension that are tangible resources and capabilities have shown contradictory results.

This paper only focussed on using Malaysia listed firms under Malaysian Bourse as sample frame.

The management of risk is a dynamic phenomenon and the change of management that parallel with its evolution demand a revisiting and revamping over and over again promptly. In order to adapt and survive the volatile environment time and again, the effort to ensure long-term sustainability has to be made by the firm as success and failure can quickly replace one another in a relatively short period. The results highlight the various insight that might be helpful to managers in terms of managing the performance of the firm by concentrating entirely on its risk management and resources managements process.

Overall it was shown that only certain dimension of resources within the firm has strong relationship with the performance variation. As such, the company has to ensure that deployment of resources has to be optimized accordingly by focussing on the types of resources that matters so that possibility of improving the outcome of the firm in the volatile global environment can be realized.

The purpose of this paper is to analyze the identification, evaluation and treatment of risks, as well as the appetite and corporate maturity in relation to enterprise risk management in the urban bus market of the city of São Paulo, Brazil.

A qualitative case study was formulated in two stages: the first one includes an interview with a bus market specialist and the second stage comprehends eight interviews with executives from bus chassis and coachwork manufacturers and bus fleet operators of this market.

The results show that larger companies tend to manage their risks in a more structured way when compared with smaller ones, although there are some exceptions. The most critical risks evaluated concerns to the political type followed by the economic/financial, strategic, environmental, social, operational, technological, image and ethical types; and the risk appetites are generally consistent with the risks criticality level.

This case study of an important sector in the economy can be emblematic for the adoption of good practices of risk management by managers.

Risk appetites are generally consistent with criticality and the main forms of treatment are to reduce, share and follow, linked to participation in representative associations.

In any information security risk assessment, vulnerabilities are usually identified by information‐gathering techniques. However, vulnerability identification errors – wrongly identified or unidentified vulnerabilities – can occur as uncertain data are used. Furthermore, businesses' security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost‐effectively. This paper aims to resolve vulnerability errors by analysing the security requirements of information assets in business process models.

Business process models have been selected for use, because there is a close relationship between business process objectives and risks. Security functions are evaluated in terms of the information flow of business processes regarding their security requirements. The claim that vulnerability errors can be resolved was validated by comparing the results of a current risk assessment approach with the proposed approach. The comparison is conducted both at three entities of an insurance company, as well as through a controlled experiment within a survey among security professionals.

Vulnerability identification errors can be resolved by explicitly evaluating security requirements in the course of business; this is not considered in current assessment methods.

It is shown that vulnerability identification errors occur in practice. With the explicit evaluation of security requirements, identification errors can be resolved. Risk assessment methods should consider the explicit evaluation of security requirements.

The purpose of this paper is to propose a generic model of Integrated Management System of Quality, Environment and Safety (IMS-QES) that can be adapted and progressively to assimilate various Management Systems, of which highlights: ISO 9001 for Quality; ISO 14001 for Environment; OHSAS 18001 for Occupational Health and Safety.

The model was designed in the real environment of a Portuguese Organization and 160 employees were surveyed. The rate response was equal to 86 percent. The conceived model was implemented in a first phase for the integration of Quality, Environment and Safety Management Systems.

Among the main findings of the survey the paper highlights: the elimination of conflicts between individual systems with resources optimization; creation of added value to the business by eliminating several types of wastes; the integrated management of sustainability components in a global market; the improvement of partnerships with suppliers of goods and services; reducing the number of internal and external audits.

This case study is one of the first Portuguese empirical researches about IMS-QES and the paper believes that it can be useful in the creation of a Portuguese guideline for integration, namely the Quality Management Systems; Environmental Management Systems and Occupational Health and Safety Management Systems among others.

The growing importance of risk management programmes and practices in different industries has given rise to a new risk management approach, i.e. enterprise risk management. The purpose of this paper is to better understand the necessity, benefit, approaches and methodologies of managing risks in healthcare. It compares and contrasts between the traditional and enterprise risk management approaches within the healthcare context. In addition, it introduces bow tie methodology, a prospective risk assessment tool proposed by the American Society for Healthcare Risk Management as a visual risk management tool used in enterprise risk management.

This is a critical review of published literature on the topics of governance, patient safety, risk management, enterprise risk management and bow tie, which aims to draw a link between them and find the benefits behind their adoption.

Enterprise risk management is a generic holistic approach that extends the benefits of risk management programme beyond the traditional insurable hazards and/or losses. In addition, the bow tie methodology is a barrier-based risk analysis and management tool used in enterprise risk management for critical events related to the relevant day-to-day operations. It is a visual risk assessment tool which is used in many higher reliability industries. Nevertheless, enterprise risk management and bow ties are reported with limited use in healthcare.

The paper suggests the applicability and usefulness of enterprise risk management to healthcare, and proposes the bow tie methodology as a proactive barrier-based risk management tool valid for enterprise risk management implementation in healthcare.