Search results

This study aims to evaluate performance and map the science of research on International Organization for Standardization (ISO) 31000 standard through published articles. Specifically, this study determines the current state of the art, identifies research gaps and guides future studies related to ISO 31000.

This work investigates and examines the research papers acquired from the Scopus and Web of Science databases. Inclusion and exclusion criteria were applied to obtain relevant papers. Bibliometric analysis using Biblioshiny was conducted to answer the research objectives.

The results show growing interest in ISO 31000 research but limited interconnectivity among articles. Influential journals have emerged, highlighting key research trends in risk management's (RM) practical application and its significance in organizational decision-making. Key research areas include risk assessment (RA) methods, enterprise RM and system integration, endorsing ISO 31000 as a valuable tool. Future research should prioritize longitudinal studies to track ISO 31000's impact, study effective risk communication strategies, explore sector-specific RM practices and assess ISO 31000's application in emerging technologies.

This research reveals key themes and diverse methods that aid practitioners in customizing industry risk strategies, adapting to emerging trends, engaging global collaboration and improving risk communication. Nevertheless, the study might overlook non-English contributions, urging broader language inclusion for ISO 31000's profundity.

This paper's originality lies in its comprehensive bibliometric analysis of ISO 31000 research, providing valuable insights into the standard's growing significance and global impact. The study identifies key research themes and influential authors, guiding future research and improving RM practices.

Businesses are increasingly vulnerable and exposed to physical climate change risks, which can cascade through local, national and international supply chains. Currently, few methodologies can capture how physical risks impact businesses via the supply chains, yet outside the business literature, methodologies such as sustainability assessments can assess cascading impacts.

Adopting a scoping review framework by Arksey and O'Malley (2005) and the PRISMA extension for scoping reviews (PRISMA-ScR), this paper reviews 27 articles that assess climate risk in supply chains.

The literature on supply chain risks of climate change using quantitative techniques is limited. Our review confirms that no research adopts sustainability assessment methods to assess climate risk at a business-level.

Alongside the need to quantify physical risks to businesses is the growing awareness that climate change impacts traverse global supply chains. We review the state of the literature on methodological approaches and identify the opportunities for researchers to use sustainability assessment methods to assess climate risk in the supply chains of an individual business.

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence?

In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel.

This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn.

Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations.

Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats.

Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

This study’s main objective is to explore the ISO 9001 implementation model and identify a future research agenda. This is important because not all organizations find it easy to implement ISO 9001, and not all organizations get positive benefits after implementing it.

The paper presents a comprehensive review of the literature on ISO 9001 implementation models using the preferred reporting items for systematic reviews (PRISMA) methodology to systematically review the existing literature on ISO 9001 implementation models. Relevant studies published from 2003 to early 2023 are explored to reveal the research landscape, gaps and trends.

Many ISO 9001 implementation methods have been developed for actual implementation in organizations, including models, frameworks, special variable considerations, application uses and integration. These methods were developed and applied to cover gaps regarding constraints, unbeneficial, special conditions, implementation objectives and organization types in ISO 9001 implementation. Current issues and future research on ISO 9001 implementation models were found, namely ISO 9001 implementation models specific to SMEs, ISO 9001 implementation levels, ISO 9001 implementation models that are agile to change, and affordable certification models.

Only a few researchers have systematically reviewed the literature or taken a bibliometric approach in their analyses to provide an overview of the current trends and links to ISO 9001 implementation models. The ISO 9001 standard is a general standard and can be applied by all organizations with the implementation method left to the implementer. Many implementation methods have been developed, but several implementation obstacles and disadvantages are still found. It is important to know the extent of current research and discover future research gaps regarding methods of implementing the ISO 9001 standard.

Introduction: A company or organisation must resolve various problems in the business environment for better operation in any corporate environment. Such issues are traditionally handled in multiple ways. A small sector unit with many employees encounters this corporate issue, for example, the handicraft sector. The impact of handicraft issues and their intensity, speed, and regularity is growing in our system.

Purpose: This chapter studies how small businesses might succeed in the handcraft industry in a volatile, uncertain, complex, and ambiguous (VUCA) environment. There is a lack of proper knowledge of how the VUCA affects business proficiency in the Indian handicraft sector. A novel business strategy for the handicraft sector, like other business proficiency called best practices in handicraft business in a VUCA environment, will be presented along with a discussion about VUCA environments. This considers both the individual influences of each particular word and the overall impact of VUCA.

Methodology: The study included a thorough literature analysis for three learning areas: performance improvement, including VUCA, and the leadership incorporation of risk and quality. Awareness in the trade will be examined in further sections, as the mastery of VUCA is achieved with various traditional and digital management ideas.

Findings: The research defined a new unorganised firm concept to maintain and succeed in a high VUCA environment in the handicraft sector, identifying 18 important success characteristics through a comprehensive literature review. The authors proposed a conceptual framework for fusing quality management to attain proficiency in the handicraft sector VUCA environment.

This study aims to explore the adoption of enterprise risk management (ERM) in developing and developed countries. Is there a similarity or difference between the two contrasting institutional markets and the reasons behind them?

The adoption of ERM is analyzed on the basis of the institutional framework. The author draws empirical evidence by comparing the cases of a British and an Indian insurance company using evidence from multiple sources. This paper focuses on extra-organizational pressures exerted by economic, social and political situations across two countries that influenced the adoption decision of ERM.

The findings of this research revealed that early adopters of ERM in different institutional markets face coercive and normative pressure but not mimetic pressure. The adoption of ERM in India and the UK is dissimilar. Companies in the British insurance market encounter higher institutional forces than those in the Indian market because of higher coercive and normative pressure. The aspirations to adopt ERM in the Indian and UK markets included improved strategic decision-making to maintain stakeholder expectations and higher standards of corporate governance. In the UK, ERM was adopted to reduce surprises and fluctuations under flexible regulations but with stricter adoption and to improve credit ratings.

Previous literature has discussed ERM adoption in similar markets or within one market with similar institutional pressure. In contrast, this research is a comparative study that explains the analysis of institutional theory in two different institutional environments in the adoption of ERM.

The vulnerability of the tourism industry to an array of risks, encompassing family-related, small- and medium-sized enterprise-specific, strategic, tourism-specific and external factors, highlights the landscape within which small and medium family enterprises (SMFEs) operate. Although SMFEs are an important stakeholder in the dynamic tourism sector, they are not one homogenous group of firms, but have different strategic orientations. This study aims to investigate the interplay between strategic orientation and risk perception to better understand SMFEs risk perception as it is impacting their decision-making processes, resilience and long-term survival. The authors investigate how different strategic orientations contribute to different perspectives on risk among owner-managers.

Based on a qualitative data corpus of 119 face-to-face interviews, the authors apply various coding rounds to better understand the relationship between strategic orientations and the perceptions of risks. Firstly, the authors analysed the owner–manager interviews and identified three groups of different strategic orientations: proactive and sustainability-oriented SMFE, destination-affirmative and resilience-oriented SMFE and passive SMFE. Secondly, the authors coded the interviews for different risks identified. The authors identified that the three groups show differences in the risk perceptions.

The data unveil that the three groups of SMFEs have several differences in how they perceive risks. Proactive and sustainability-oriented SMFEs prioritize business risks, demonstrating a penchant for innovation and sustainability. Destination-affirmative and resilience-oriented SMFEs perceive a broader range of risks, tying their investments to destination development, emphasizing family and health risks and navigating competitive pressures. Passive SMFEs, primarily concerned with external risks, exhibit limited awareness of internal and strategic risks, resist change and often defer decision-making to successors. The findings underscore how different strategic orientations influence risk perceptions and decision-making processes within SMFEs in the tourism industry.

The authors contribute to existing knowledge include offering a comprehensive status quo of perceived risks for different strategic orientations, a notably underexplored area. In addition, the differences with respect to risk perception shown in the paper suggest that simplified models ignoring risk perception may be insufficient for policy recommendations and for understanding the dynamics of the tourism sector. For future research, the authors propose to focus on exploring the possible directions in which strategic orientation and risk perception influence one another, which might be a limitation of this study due to its qualitative nature.

Varying strategic orientations and risk perceptions highlight the diversity within the stakeholder group of SMFE. Recognizing differences allows for more targeted interventions that address the unique concerns and opportunities of each group and can thus improve the firm’s resilience (Memili et al., 2023) and therefore leading to sustainability destinations development. The authors suggest practical support for destination management organizations and regional policymakers, aimed especially at enhancing the risk management of passive SMFEs. Proactive SMFE could be encouraged to perceive more family risks.

Viewing tourism destinations as a complex stakeholder network, unveiling distinct risk landscapes for various strategic orientations of one stakeholder has the potential to benefit the overall destination development. The proactive and sustainability-oriented SMFEs are highly pertinent as they might lead destinations to further development and create competitive advantage through innovative business models. Passive SMFEs might hinder the further development of the destination, e.g. through missing innovation efforts or succession.

Although different studies explore business risks (Forgacs and Dimanche, 2016), risks from climate change (Demiroglu et al., 2019), natural disasters (Zhang et al., 2023) or shocks such as COVID-19 (Teeroovengadum et al., 2021), this study shows that it does not imply that SMFE as active stakeholder perceive such risk. Rather, different strategic orientations are in relation to perceiving risks differently. The authors therefore open up an interesting new field for further studies, as risk perception influences the decision-making of tourism actors, and therefore resilience.

Identifying and prioritizing supply chain risk is significant from any product’s quality and reliability perspective. Under an input-process-output workflow, conventional risk prioritization uses a risk priority number (RPN) aligned to the risk analysis. Imprecise information coupled with a lack of dealing with hesitancy margins enlarges the scope, leading to improper assessment of risks. This significantly affects monitoring quality and performance. Against the backdrop, a methodology that identifies and prioritizes the operational supply chain risk factors signifies better risk assessment.

The study proposes a multi-criteria model for risk prioritization involving multiple decision-makers (DMs). The methodology offers a robust, hybrid system based on the Intuitionistic Fuzzy (IF) Set merged with the “Technique for Order Performance by Similarity to Ideal Solution.” The nature of the model is robust. The same is shown by applying fuzzy concepts under multi-criteria decision-making (MCDM) to prioritize the identified business risks for better assessment.

The proposed IF Technique for Order Preference by Similarity to the Ideal Solution (TOPSIS) for risk prioritization model can improve the decisions within organizations that make up the chains, thus guaranteeing a “better quality in risk management.” Establishing an efficient representation of uncertain information related to traditional failure mode and effects analysis (FMEA) treatment involving multiple DMs means identifying potential risks in advance and providing better supply chain control.

In a company’s supply chain, blockchain allows data storage and transparent transmission of flows with traceability, privacy, security and transparency (Roy et al., 2022). They asserted that blockchain technology has great potential for traceability. Since risk assessment in supply chain operations can be treated as a traceability problem, further research is needed to use blockchain technologies. Lastly, issues like risk will be better assessed if predicted well; further research demands the suitability of applying predictive analysis on risk.

The study proposes a hybrid framework based on the generic risk assessment and MCDM methodologies under a fuzzy environment system. By this, the authors try to address the supply chain risk assessment and mitigation framework better than the conventional one. To the best of their knowledge, no study is found in existing literature attempting to explore the efficacy of the proposed hybrid approach over the traditional RPN system in prime sectors like steel (with production planning data). The validation experiment indicates the effectiveness of the results obtained from the proposed IF TOPSIS Approach to Risk Prioritization methodology is more practical and resembles the actual scenario compared to those obtained using the traditional RPN system (Kim et al., 2018; Kumar et al., 2018).

This study provides mathematical models to simulate the supply chain risk assessment, thus helping the manufacturer rank the risk level. In the end, the authors apply this model in a big-sized organization to validate its accuracy. The authors validate the proposed approach to an integrated steel plant impacting the production planning process. The model’s outcome substantially adds value to the current risk assessment and prioritization, significantly affecting better risk management quality.

This study aims to assess the knowledge-sharing risks and controls in the government sector from the knowledge workers’ perspective.

This qualitative study combines two techniques. First, the study uses the Delphi technique to identify the risks and rank them. Second, the study used a follow-up interview approach to identify the needed controls to mitigate these identified risks.

The Delphi study revealed the top knowledge-sharing risks are related to organizational and individual risks. Furthermore, the study identified the top controls that needed to mitigate these identified risks from technology, process and people dimensions. The study findings suggested that implementing controls on people and processes is the most important, and the focus must be on them, especially in the government sector.

The study offers several practical implications for the government sector to establish a knowledge-sharing risks management strategy. Such study has been given little attention in previous research, especially in developing countries.

Organizational technologies can be classified according to the roles they play as either commodity or strategic. Commodity technologies support common operations, while strategic technologies address perceived threats to competitiveness, often identified by strategic foresight. These must go through an adoption process before playing an effective role in strategy execution. The adoption process includes known activities, ranging from sourcing (itself from in-house development to turn-key acquisition) to operational integration. This paper aims to reveal strategic technology adoption risks that arise during strategy execution.

A gradually developed causal loop diagram model, supported by general literature, introduces three general classes of technology adoption risks: mismatched requirements, supplier dependence and unmanaged life cycles.

Rather than managed, these risks are incurred or avoided depending on decisions made during the adoption process.

Despite the scarce literature coverage for the approach, examples revealing the presence of adoption risks are nevertheless available in the well-documented history of enterprise resource planning (ERP).

Although ERP is presented as a general-purpose strategic technology, the unique business features of maritime container terminals pose serious challenges to its adoption, which provides additional support to the discussion and reinforces the conclusions.

The approach to identifying risks in strategic technology adoption departs from the current risk paradigm in two significant ways. First, it emphasizes policy decision-making rather than external events. Second, it views risks as systemic rather than occurring independently.