SMES RISK MANAGEMENT: AN ANALYSIS OF THE EXISTINGLITERATURE CONSIDERING THE DIFFERENT RISK

STREAMS.

Adriana Brancia: Padua University, Vicenza, Italy

∼

Contact: Adriana Brancia, Padua University, Stradella San Nicola 3, 36100 Vicenza, Italy,(T) +39040569046, (F) +39040569046, Email: adriana.brancia@unipd.it

ABSTRACT

The analysis developed in this paper has been dedicated to the deep study of the founded papers about the risk management in SMEs and especially the comparison inside the same risk stream for evidencing the percentage of interest paid for each different risk type and the considered phase of the risk management process. At the same time have been mentioned the new practical instruments devised for SMEs for helping them in individuating the risks inside their firms by the use of simple and efficient tools.

Key words: RM, SMEs, Risk Stream, Risk Type, Risk Management Process.

INTRODUCTION

As evidenced in some literature the studies about the risk management is SMEs are still few even if the percentage of small and medium firms around the world are greater than 97% (OECD, 2002) and in particular in these last years as consequence of the great increase of China economy where SMEs cover the 99% of the total amount of enterprises present on the territory. This paper follows a previous presentation at 16th Nordic Conference on Small Business Research and is part of a doctoral research in which was constructed a multi-objective classification to highlight the different aspects of the literature and from which resulted the quantitative evidence of the interest paid to this topic that confirmed what affirmed in other studies that the interest is still rare if compared with that given for the big firms about the risk management. To proceed with an in-depth analysis has been decided to develop the process following these steps:

• At first, basing on the risk streams categorisation, to highlight in each of them the percentage presents in the different Risk Type categories;

• At second, to enhance in what phase of the Risk Management Process they have committed themselves;

• At last to mention who have developed practical instruments for aiding SMEs in their risk total management .

THEORETICAL BACKGROUND

Risk Management Concepts

One of the main concepts associated with risk is the probability that it is incurred (Daniel Bernoulli, 1700 – 1782). In mathematics handbooks, risk is defined as the combination of two variables:

The frequency of the occurrence (probability) of the risk event, that is to say the number of times that it happens during a set period of time.

The magnitude of the event, which is the set of consequences that can result if the event happens.

Considering risk as a part of managing an enterprise and knowing the difficulties in including it as an operationalisation it is worth highlighting that in all the literature definitions there are three common dimensions (Verbano and Turra, 2007):

Future event that could happen, or not, in an undefined moment. It could be caused by external or internal factor;

Probability range superior to 0% but inferior to 100% (even if we have the certainty that there is a problem to solve);

xxx

225

Consequences of the future event must be unexpected and unforeseen. They could be positive (opportunities) or negative (damages).

Traditionally, two categories of risks have been identified (Mowbray and Blanchard, 1979): a. Pure or static risks, which are the ones that cause only damages without the opportunity of

earning from their occurrence. They are always negative and have the characteristic of being unexpected because they are determined by accidental events. These risks fall perfectly under the insurance policy.

b. Speculative or dynamic risks are those that can cause either damages or earning opportunities. These are the typical entrepreneurial risks, consequences, for example, of an investment that has not generated a profit. They are normally related to the planning and managing of the different businesses and functions of the enterprise such as production, product, marketing and sales.

Furthermore, the events that can cause a risk can be divided into (COSO, 2004): a. External factors: Economic factors (capital, credits, insolvability, liquidity, financial

markets, unemployment, competition, joint-venture); Environmental factors (pollution, energy, natural disasters, sustainable development); Political factors (law, public policy, rules, political changes); Social factors (demographics, consumer behaviour, firm nationality, privacy, terrorism); and Technological factors (interruption, e-commerce, external data, emerging technologies)

b. Internal factors: Infrastructure (material resources’ availability, material resources potentiality, capital access, complexity) ; Human (human potentiality, fraud, health and safety); Process (sources, design, execution, suppliers); Technology (data integrity, data and systems availability, system choice, development, diffusion, maintenance)

Deriving from the concept of risk some definitions of RM have subsequently arisen, such as: “Risk management is a methodological approach to continuous identification, analysis, control and monitoring of risky situations and events, by proactively using adequate processes, methods and tools in order to balance the effort of managing events and the impact of these events” (IFRIMA,1994). “Risk management is the process of planning, organizing, directing, and controlling resources to achieve given objectives when surprisingly good or bad events are possible” (Head L.G., 2009) The International Organisation of Standardisation (ISO 31000, Risk Management 2009) identifies the following principles of risk management that should:

Create value Be an integral part of the organisational processes Be part of decision making that explicitly addresses uncertainty Be systematic and structured Be based on the best available information Be tailored Take into account human factors Be transparent and inclusive Be dynamic, iterative and responsive to change Be capable of continual improvement and enhancement

These definitions and others lead to another important aspect of risk management, namely what kind of objectives an enterprise wants to achieve by applying it. Most certainly these include having better control of enterprise management with less uncertainty, avoiding interruptions in productivity so that the enterprise is always present on the markets, from the financial point of view to avoid bankruptcy and finally, though by no means less important, promoting the enterprise’s external image. Control of all these factors leads consequently to greater internal and external security (Fig.1).

Figure 1. Main objectives in applying RM Once the enterprise has decided to initiate a policy of risk management, it must apply a process that is developed following some steps (IFRIMA, 1994; Henschel, 2009). First, the internal context analysis is carried out regarding the organisation’s main identity, how people within the enterprise act, the risk management philosophy (fixing also the degree of risk acceptance), integrity and ethical values and the

To create enterprise added value:

max profit and min costs

a. To have less uncertainty in enterprise management b. To ensure continuity of production and trading on the market c. Mitigate or eliminate the risk of bankruptcy d. To promote a good image and internal and external security

xxx

226

work environment in general. In a second phase, the risk analysis is developed which highlights and measures the incumbent risks, their source, the variability of the risk factors, and the risk consequences creating also a risk registers and risk mapping along with both quantitative and qualitative analysis of the exposures. The next step is the risk treatment i.e. the mitigation and the transfer of the risks, when all risk mitigation strategies have been evaluated and implemented as appropriate, through a combination of insurance, hedging and other alternative techniques applying the minimum transfer cost. The last phase is the continuous monitoring and control of the highlighted risks based on an internal report for verifying the effectiveness and relevance of policies and procedures relating to risk management. This process must be periodically completely reviewed because new risks can occur while old ones could have been eliminated (Fig.2).

Figure 2. The Risk Management Process.

Development Paths of Risk Management

Risk Management has been developed over time in theoretical and empirical contexts that are very different from each other and independent. Risk Management has been classified, after an in-depth study of the literature (Verbano and Turra, 2007), into nine different streams. Below are the definitions, fields of application and considered risks of each stream.

Strategic Risk Management (SRM): “The implementation of an integrated and continuous process of identification and assessment of strategic risks that are considered to be obstacles to reach the financial and operational goals of an organization” (Chatterjee et al. 2003; Miller 1992). This kind of RM has a wide application because it is useful as support to the strategic policies and decisions at corporate and business level and the risks considered are “speculative” risks, namely sector, human, technological, brand, competition, project and stagnation risks.

Financial Risk Management (FRM): “The practice of creating economic value in a firm by using financial techniques and methodologies to manage exposure to risk” (Crockford 1986). Born as instrument for credit institutions and the financial sector it treats “financial risks” such as, for example, credit, exchange rate, inflation, interest rates, prices and liquidity.

Enterprise Risk Management (ERM): “A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” (COSO 2004). What has emerged from a study of various ERM definitions (IBM Institute for Business Value, 2005) is that all have highlighted three main characteristics that must be included in the concept of ERM:

Integrated: ERM must span all lines of business.

Risk Identification

Subjects exposed to risks (unit of analysis)

Threats Facilitating or restraining factors

Risk Analysis Risk Evaluation

Expected Intensity of the events evaluated both qualitatively and quantitatively

Context Analysis

Risk Treatment or Handling

Retention: acceptation, evaluation of the economic impact on the enterprise

Avoidance

Sharing: transfer, outsource or insure

Reduction: optimisation, mitigation

Monitoring and Control Applicability of revision

xxx

227

Comprehensive: ERM must include all types of risks. Strategic: ERM must be aligned with overall business strategy.

This is the most complete RM approach because it can be applied to all industrial and service enterprises processes and at each level considering the “global risks” as well as the strategic, market, financial, human, technological and operational risks.

Insurance Risk Management (IRM): “The process of management of pure risk (understood as a risk that can be insured) in a firm, based on the observation of damaging events that have already occurred, the application of a premium and the subjective assessment based on the experiences and competences of the assessor” (Gahin, 1967; Petroni 1996). This is the instrument most used by all the enterprises to transfer risks. In this case, we speak about “pure risks” that is to say natural, social, personal, and technological risks that cause only damages. It is relevant to emphasise the recent development in IRM, namely using the best combination of protection/prevention and insurance with the aim of achieving an economic and efficient management of risks.

Project Risk Management (PRM): “A formal, systematic process integrated into the life cycle of any project that involves defining objectives, identifying sources of uncertainty, analyzing these uncertainties and formulating managerial responses to them in order to develop an acceptable balance between risks and opportunities”. (Thevendran and Mawdesley, 2004; Jaafari, 2001) The analysis of this kind of risk is applied to all the enterprises that work by project (such as for example: building, naval, construction, etc). The risks that are considered are “project risks” which can be technical, operational, organisational, contractual, financial, economic and political risks.

Engineering Risk Management (EnRM): “A complex and continuous process that involves managing the planning, design, operation and evolution of an engineering system in order to identify and choose appropriate responses to problems related to different risk factors through the adoption of a systemic and proactive approach” (Patè-Cornell 1990; Regan and Patè-Cornell 1997). It is applied as support to the management of complex socio-technical systems (aerospace, nuclear, chemical, etc) and considers the “technical/operational risks” which are those associated with human and organisational errors and those that regard the environment.

Supply Chain Risk Management (ScRM): “The collaboration with the partners in the entire supply chain with the aim of developing a shared RM process in order to deal with the risks and uncertainties resulting from logistic activities and resources” (Norman and Lindroth 2002). The field of application regards firms with important relationships with other enterprises in a supply chain (extended firms, virtual enterprises, etc) and treats “supply chain risks” which can be logistics, financial, information, relationships and innovation risks.

Disaster Risk Management (DRM): “A holistic and flexible approach, and an integral part of the governing of any community, involving a series of actions (programs, projects and measures) and tools expressly aimed at reducing disaster risks in regions at risk and mitigating the spread of disasters, maintaining the processes, structures and rigor typical of RM” (Garatwa and Bollin 2002; Tatano and Major 2003). These kinds of risks are monitored at government level because they treat safety in a geographical area and are defined as “systemic risks” such as for example: natural phenomena, terrorism, epidemics, and industrial accidents with environmental impact.

Clinical Risk Management (CRM): “An approach to improving quality in healthcare which places special emphasis on identifying circumstances which put patients at risk of harm, and then acting to prevent or control those risks. The aim is both to improve safety and quality of care for patients as to reduce the costs of this kind of risks for health care providers” (Walshe and Dineen 1998). It is applied specifically in healthcare companies and institutions and considers “clinical risks” related to human and organisational factors (diagnostic, therapeutic, surgical etc, delays or errors) or with technological aspects that can affect patient safety.

RESEARCH OBJECTIVES AND METHODOLOGY

The main objective of this study is that of evidencing if the studies till now developed about the RM for SMEs have created useful and easy to use instruments for the firms for checking, evaluating and handling the risks (mitigating, eliminating or accepting them) at an integrated level. This aspect is very

xxx

228

important because in the majority of the case in a small or medium enterprise often is very rare that exist the risk manager, instead almost always present in a corporate, and so the opportunity of having at disposal a practical instrument for evidencing the risks in all the sector of the firm could be a less expensive way of avoiding the occurrence of the risks.

Literature classification and analysis

The papers obtained from the research and selection of the literature have been classified, following the procedure suggested by Williams and Oumlil (1987) and adapted for the scope by considering different perspectives:

1. The Risk Stream classification has followed the different approaches listed in the previous paragraph

2. The Risks type. The “type” is based on the classification of the Casualty Actuarial Society (2003)

a. “Hazard risks” that include: fire and other property damages, windstorm and other natural perils, theft and other crime, personal injury, business interruption, disease and disability (including work-related injuries and diseases), liability claims

b. “Financial risks” that include: price (e.g. asset value, interest rate, foreign exchange, commodity), liquidity (e.g. cash flow, call risk, opportunity cost), credit (e.g. default, downgrade), inflation/purchasing power, hedging/basis risk

c. “Operational risks” that include: business operations (e.g. human resources, product development, capacity, efficiency, product/service failure, channel management, supply chain management, business cyclicality), empowerment (e.g. leadership, change readiness), information technology (e.g. relevance, availability), information/business reporting (e.g. budgeting and planning, accounting information, pension fund, investment evaluation, taxation)

d. “Strategic risks” such as: reputational damage (e.g. trademark/brand erosion, fraud, and unfavourable publicity), competition, customer wants, demographic and social/cultural trends, technological innovation, capital availability, regulatory and political trends

3. The Risk Management Process namely the context analysis, the risk identification and evaluation, the risk treatment or handling and the risk monitoring and control:

a. “Total” in which all the steps are applied b. “Single” where one or more steps are applied

RESULTS

Among the 44 papers the big percentage is shared between two risk streams and precisely 20 deal with Enterprise Risk Management and 14 with Financial Risk Management then follows 5 about Supply Chain Risk Management, 3 on Project Risk Management and 2 on Strategic Risk Management (Fig.3). What is strongly emerged inside the ERM stream, and in particular in the operational risk type, are the studies more recently developed about the Information Technology Risk Management that ones was considered only as a technological problem inside this stream but nowadays with the increase of the e-commerce and all the firm activity controlled by a software system could surely become a self standing stream. There are no evidence about Disaster Risk Management because no pertinent with the treated topic since this kind of risk is more related with governmental decision and not with the management politics of a Small and Medium firm. The Clinical Risk Management emerge only in the case of big institution that could be public or private.

Figure 3. The percentage of the Risk Streams considered.

45,45

31,81

11,36 6,814,54

Risk StreamsEnterprise RMFinancial RMSupply chain RMProject RMStrategic RM

xxx

229

The Enterprise Risk Management Stream Inside the Enterprise RM stream the majority of the study, about the 63%, concern the operational risks type that can occur inside a firm, follows the strategic risks (18,51%), the financial risks (11,11%) and at last the hazard (7,4%) as is shown in the figure 4.

Figure 4. Main risks type components inside the Enterprise Risk Management Stream. Other subcategories has been evidenced for avoiding a simple generalisation of the risk type in four groups, so in the Operational type, always considering the Casualty Actuarial Society (2003), have been highlighted six groups where the IT risk problem cover the majority of the studies (about 52,38%) followed with the same level of interest for the Business Operation and Suppliers risks (14,28%), then with a 9,52% there are the Organisation risks and in the last position the Process and Empowerment risks (4.76% for each one). (Fig.5).

Figure 5. Operational Risks Types – Subcategories in ERM stream. In the Strategic type, four more categories have emerged namely the Technological Innovation with 37,5%, followed by Competition and Policy with the same value of 25% and at the end the Reputation aspect (12,5%)(Fig.6).

ERMOperational

(62,96%)

Strategic(18,51%)

Financial(11,11%)

Hazard (7,4%)

OPERATIONALIT

SUPPLIERS

BUSINESSOPERATION

ORGANISATION

EMPOWERMENT

PROCESS

xxx

230

Figure 6. Strategic Risks Type – Subcategories in ERM stream. In the Financial Type the kind of subcategories are equally shared between Loans, Invoicing, Equity, Liquidity and Credit with 14,28% for each one meanwhile there is a little bit more interest for the Interest Rate risk with 28,57%. (Fig. 7).

Figure 7. Financial Risks Type – Subcategories in ERM stream. At last in the Hazard Type the interest have been developed for the Natural Perils (66.7%) and for the Health and Safety risks (33,3%).(Fig.8).

Figure 8. Hazard Risks Type – Subcategories in ERM stream. Analysing what part of the Risk Management Process have been considered in the ERM stream is emerged that the Evaluation phase was studied by the highest percentage with 32,56%, follows the Identification (30,23), the Treatment (16,28%), the Context Analysis (11,63%) and last the Monitoring (9,3%)(Fig.9). Only in four cases have been considered all the five phases (Total process).

Strategic

Technical Innovation

Competition Policy

Reputation

FinancialInterest Rate

Credit

Equity Invoicing

Liquidity

Loans

Hazard

Natural Perils Health and Safety

xxx

231

Figure 9. Percentage in the ERM stream of the phase of the RM Process The Financial Risk Management Stream The FRM stream at difference with the ERM cover less type of risks, namely only two the Financial Risks Type in which are distributed with this kind of percentage: Credit Risks (47,09%), Loans Risks (29,41%), Revenue Risks (11,76%), Price and Liquidity Risks both with 5,88% and the Strategic type that consider only the Competition aspect by the financial point of view (Fig.10).

Figure 10. The FRM Stream and its Risk Type components. About the Risk Management Process phase inside this stream they are distributed among three of them: Identification (38,09%), Evaluation (47,62%) and Treatment 14,29%) (Fig.11).

Figure 11. Percentage in the FRM stream of the phase of the RM Process

11,63

30,23

32,56

16,289,3

RM Process Phase

Context Analysis

Identification

Evaluation

Treatment

Monitoring

FinancialCredit

Loans

Revenue

PriceLiquidity

Competition

Strategic

FRM

38,09

47,62

14,29

RM Process Phase

Identification

Evaluation

Treatment

xxx

232

The Supply Chain Risk Management Stream In the ScRM stream only the Operational Risk type is considered and inside it the 60% has dealt with the Business Operations problem and the remaining 40% with the IT aspect for a better management of the suppliers (Fig.12).

Figure 12. The ScRM Stream and its Risk Type component. By the point of view of the RM Process phase considered half has studied the Identification Problem and at the same percentage of 16,67% have been treated the Context Analysis, the Treatment and the Monitoring (Fig.13).

Figure 13. Percentage in the ScRM stream of the phase of the RM Process The Project Risk Management Stream Considering the Project RM Stream the risk type are equally divided between the Operational Type and the Strategic one. Inside the first type the Business Operation has the 50%, while with 25% each one are the IT and the Empowerment. In the Strategic type with 50% for each one has been studied the Customer Wants and the Technical Innovation (Fig.14).

Figure 14. The PRM Stream and its Risk Type components.

Opera-tional

BusinessOperations

IT

ScRM

16,67

50

16,6716,67

RM Process Phase

Context analysis

Identification

Treatment

Monitoring

Opera-tional

Business Operations

IT

Empowerment

CustomerWants

TechnicalInnovation

Strategic

PRM

xxx

233

About the phase of the RM process the Identification hold the 27,27% and Context Analysis, Evaluation, Treatment and Monitoring with 18,18% each one (Fig.15).

Figure 15. Percentage in the PRM stream of the phase of the RM Process The Strategic Risk Management Stream At last in the Strategic RM stream only the Strategic Risk type is considered and the subclasses analysed are the Competition and the Technical Innovation (16).

Figure 16. The SRM Stream and its Risk Type component.

For the RM Process the Evaluation have 33%, while the other four phases 16,67 each one (fig.17).

Figure 17. Percentage in the SRM stream of the phase of the RM Process

18,18

27,2718,18

18,18

18,18

RM Process Phase

Context analysis

Identification

Evaluation

Treatment

Monitoring

Strategic

Technical Innovation

Competition

SRM

16,6716,67

33,33

16,6716,67

RM Process Phase

Context analysis

Identification

Evaluation

Treatment

Monitoring

xxx

234

DISCUSSION The work developed in the previous paragraph can be synthesised in some tables for having an immediate glance and evidence to the obtained results regarding the relationship between the different risk streams and the risk types (Table 1).

Stream Type ERM FRM ScRM PRM SRM

Operational 62.96% 100% 50% Strategic 18.51% 50% 50% Financial 11.11% 50% 100% Hazard 7.4%

*(Total of the paper for each Risk Stream in comparison with each Risk Type). Table 1. Crossed values expressed in percentage between the Risk Streams and the Risk Types What is clear looking at the results is that there are some evident lack about the risk type study especially in three categories, namely Supply Chain RM, Project RM and Strategic RM where only the risk type strictly pertinent with their field of interest have been considered. Surely the results are also conditioned by the fact that till now there is not a great amount of study about the RM for SMEs despite the high percentage of this kind of enterprise all around the world. Analysing then in the Operational Risk Type its subcategories, always considering the belonging Risk Stream, is enhanced that the majority of the study are concentrated on the IT problem, followed by the Business Operations and the Empowerment as shown in Table 2.

Stream

Operational Type Subc.

ERM ScRM PRM

IT 52.38% 40% 25% Suppliers 14.28% Business Operations 14.28% 60% Organisation 9.52% Empowerment 4.76% 25% Process 4.76%

Table 2. Crossed values expressed in percentage between the Risk Streams present in the Operational Risk Type subcategories. There is not any study for the suppliers in two important categories as the Supply Chain and the Strategic RM while for a small and medium enterprise is really important to create a sure and trust net of suppliers for avoiding unforeseen stop of the production especially when we speak about project by order. Also the organisation voice seems to be not important at all, perhaps because its wrongly thought that in a little firm it is not so decisive to have a structured organisation as in the corporate. More justified the lack of study about the process risk in the supply chain RM but not in the project RM because the damage in case of problem during the process phase for arriving to the final product could arise economic damages very high, as the lack in the organisational and business operations categories. Also crossing the data between the RM streams and the strategic Risk Type subcategories some lack are enhanced that is difficult to explain why but that can give opportunity for future studies(Table 3).

Stream

Strategic Type Subc. ERM FRM PRM SRM

Tech. Innovation 37.5% 50% 50% Competition 25.0% 50% 50% Policy 25.0% Reputation 12.5% Customer wants 50%

Table 3. Crossed values expressed in percentage between the Risk Streams and the Strategic Risk Type subcategories The last comparison is for the Financial Type sub categories where only two risk streams are involved the Enterprise RM and the Financial RM (Table 4)

xxx

235

Stream

Financial Type Subc.

ERM FRM

Credit 14.28% 47.09% Liquidity 14.28% 5.88% Loans 14.28% 29.41% Interest rate 28.57% Equity 14.28% Invoicing 14.28% Revenue 11.56% Price 5.88%

Tab. 4. Crossed values expressed in percentage between the Risk Streams and the Financial Risk Type subcategories Another important aspect that emerges from the literature analysis is that about the comparison between the risk streams and the different phases of the risk management process(Table 5).

Stream RM process phase

ERM FRM ScRM PRM SRM

Percentage of interest paid for

each phase Context Analysis 11.63% 16.67% 18.18% 16.67% 12,63% Identification 30.23% 38.09% 50% 27.27% 16.67% 32,45% Evaluation 32.56% 47.62% 18.18% 33.33% 26,34% Treatment 16.28% 14.29% 16.67% 18.18% 16.67% 16,42% Monitoring 9.3% 16.67% 18.18% 16.67% 12,16%

Table 5. Crossed values expressed in percentage between the Risk Streams and the RM Process Phase. Analysing the data it is interesting to note that the two phases that are more studied are those of the identification and evaluation while less importance is given to the context analysis, probably because request the assumption of knowing very well all the firm sector, and the monitoring of the risk after that a treatment have been applied, and also this phase seems to be an hard passage to face.

CONCLUSION

In this phase of my study I have argued that there are big opportunity for developing new research in the field of the risk management for SMEs, and it is enhanced both in the gap showed in the tables but also by the degree of percentage derived crossing the different items considered as means of comparison. Another important aspect that I have found analysing the references of each paper is that even though they have been collected under the some risk stream, expect for really rare common source, each author have a completely different literature list. This could demonstrate that the field of the risk management is so transversal with a lot of disciplines that is really difficult to establish which could be the basic study to consider as pillar for each risk stream; instead for the risk management process phases the basic theory is common for all. About the practical instruments developed, only in a paper presented in 2003 by Mikkonen & Uusitalo that are researchers in the Finnish Research Centre (VTT), starting from original concepts have been created a practical toolkit for the holistic individuation of risks for SMEs that than have been developed and amended for the UK by the Institution of Occupational Safety and Health (IOSH).

xxx

236

REFERENCES Alquier A., Tignol M. (2006). “Risk Management in Small- and Medium-sized Enterprises.” Production Planning & Control. Vol. 17, iss.3, pp. 273-282. Altman E., Sabato G. ( 2007). “Modelling Credit Risk for Smes: Evidence from the US Market.” Abacus. Vol. 43, iss.3, pp. 332-357. Altman E., Sabato G., Wilson N. (2009). The Value of Qualitative Information in SME Risk Management. CMRC, Leeds University Business School, UK Arnold M., Holmes S. (1999). Relative Risk Measurement in Small and Medium Enterprises. Department of Accounting and Finance, University of Newcastle, Australia. Beachboard J., Cole A., Mellor M., Hernandez S., Aytes K., Massad N. (2008). “Improving Information Security Risk Analysis Practices for Small and Medium-Sized Enterprises: A Research Agenda.” Journal of Issues in Informing Science and Information Technology Education. Vol. 5, pp. 73-85. Behr P., Guttler A. (2007). “Credit Risk Assessment and Relationship Lending: An Empirical Analysis of German Small and Medium-Sized Enterprises.” Journal of Small Business Management. Vol 45, iss.2, pp. 194-213. Berry A., Sweeting R., Holt R. (2007). “Constructing Risk Management: Framing and Reflexivity of Small Firm Owner-Manager.” Proceeding of 1st European Risk Management Conference, University of Munster, September 5-7,pp. 1-23. Changhui Y. (2007). “Risk Management of Small and Medium Enterprise Cooperative Innovation Based on Network Environment.” WiCOM 2007 3rd International Conference on Wireless Communications, Networking, and Mobile Computing. Proceedings pp. 4560-4563. Chatterjee, S., Wiseman, R.M., Fiegenbaum, A., Devers, C.E. (2003). “Integrating Behavioural and Economic Concepts of Risk into Strategic Management: The Twain Shall Meet.” Long Range Planning. Vol. 36. pp. 61-79. Chen Z., Wei-Dong Z., Allen G., Yong W. (2008). “A Risk Assessing Approach on Hi-Tech SMEs of China: Based on Multi-Stage Compound Real Options.” J. Serv. Sci. & Management. Vol. 1, pp. 67-75 Chendrowski H., Mair C. (2009). Enterprise Risk Management and COSO. A Guide for Directors, Executives, and Pratictioners. John Wiley & Sons, Inc. Cheng Q. (2009). “Risk Analysis and Evaluation of the Destructive Innovation in Small and Medium-Sized Enterprises.” International Conference on Management and Service Science, MASS 2009, IEEE Computer Society. COSO (Committee of Sponsoring Organizations of the Treadway Commission) (2004). Enterprise Risk Management – Integrated Framework: Application Techniques, 2° vol. COSO. Crockford, N. (1986). An Introduction to Risk Management (2nd eds). Cambridge: Woodhead-Faulkner. Davidson R., Lambert S. (2004). “Applying the Australian and New Zealand Risk Management Standards to Information Systems in SMEs.” Australian Journal Information Systems (AJIS). Vol. 12, n. 1, pp 4-16. Ellegaard C. (2008). “Supply Risk Management in a Small Company Perspective.” Supply Chain Management: An International Journal. Vol. 13, iss.6, pp. 425-434. Faisal M., Banwet D., Shankar R. (2006). “An Analysis of the Dynamics of Information Risk in Supply Chains of Select Sme Clusters.” The Journal of Business Perspective. Vol. 10, iss.4, pp. 49-61. Gahin, F.S. (1967). “A theory of Pure Risk Management in the Business Firm.” The Journal of Risk and Insurance. Vol. 34, iss.1. pp. 121-129. Garatwa, W., Bollin, C. (2002). Disaster Risk Management: Working Concept. Deutsche Gesellschaft für Technische Zusammenarbeit (GTZ). Guoyu H., Qinfen W., Zhingjian L., Juling D., Ruihua C. (2008). “A New Quantitative Analysis Method for Financial Risk Early Warning of Unlisted Small and Medium Enterprise.” International Conference on Management of e-Commerce and e-Government, IEEE Computer Society. Proceedings, pp. 289-296 Gurau C., Ranchhod A. (2007). “Flexible Risk Management in New Product Development: The Case of Small- and Medium-Sized Biopharmaceutical Enterprises.” International Journal of Risk Assessment and Management. Vol. 7, iss.4, pp. 474-490. Hamelin A. (2008). Performance et Risque des Entreprises Appartenant à des Groupes de PME. Université Luis Pasteur, Laboratoire de Recherche en Gestion & Economie, Strasbourg. Papier n°2008-14.

xxx

237

Head G. (2009). Risk Management – Why and How. An Illustrative Introduction to Risk Management for Business Executives. International Risk Management Institute, Inc. 12222 Merit Drive, Suite 1450, Dallas, Texas. Henschel T. (2009). Implementing a Holistic Risk Management in Small and Medium Sized Enterprises (SMEs). Edinburgh Napier University School of Accounting, Economics & Statistics, UK. Henschel T. (2010). “Typology of Risk Management Practices: An Empirical Investigation into German SMEs.” Journal of International Business and Economic Affairs. Vol.1, pp. 1-29. Henson R., Hallas B. (2009). “SMEs, Information Risk Management and ROI.” ATINER SMEs Conference 2009, 10-13 August, Athens, Greece IFRIMA (International Federation of Risk and Insurance Management Associations)(1994). International Risk Management Lexicon: International Federation of Risk and Insurance Management Associations ISO International Organisation of Standardisation (2009). ISO 31000, Principles and generic guidelines on risk management. www.iso.org Iskanius P. (2009). “Risk Management in ERP Project in the Context of SMEs.” Engineering Letters. Vol. 17, iss.4. Islam M., Tedford J., Haemmerle E. (2006). “Strategic Risk Management Approach for Small and Medium-Sized Manufacturing Enterprises (SMEs): A Theoretical Framework.” ICMIT2006 International Conference on Management of Innovation and Technology. IEEE, Vol. 2, pp. 694-698. Jaafari A. (2001). “Management of risks, uncertainties and opportunities on projects: time for a fundamental shift.” International Journal of Project Management. Vol 19, iss. 2, pp. 89-101. Jibin M., Cheng Y. (2008). “Study on the Risk of Small and Medium-Sized Enterprises Securitization Based on Unascertained Measure Model.” ISBIM 2008 International Seminar on Business and Information Management. IEEE Computer Society, Vol. 2, pp.285-288. Jobst A. (2004). Asset Securitisation as a Risk management and Funding Tool: What Does It Hold in Store for SMEs. Goethe-Universität Frankfurt am Main, Germany. Karduck A., Sienou A., Lamine E., Pingaud H. (2007). “Collaborative Process Driven Risk Management for Enterprise Agility.” DEST2007: International Conference on Digital Ecosystems and Technologies. IEEE, pp 535-540. Kefan X. , Liu J., Peng H., Chen G., Chen Y. (2009). “Early-warning Management of Inner Logistics Risk in SMEs Based on Label-card System.” Production Planning & Control. Vol. 20, iss.4, pp. 306-319. Keizer J, Halman J.I.M., Song X. (2002). “From Experience: Applying the Risk Diagnosing Methodology.” Journal Product Innovation Management. Vol. 19 iss. 3. pp. 213–232. Kirytopoulos K., Leopoulos V., Malandrakis C. (2006). “Risk Management: A Powerful Tool for Improving Efficiency of Project Oriented SMEs. Manufacturing Information Systems.” Proceedings of The Fourth SMESME International Conference. Klemen M., Biffl S. (2002). “Economic Aspects and Needs in IT-Security Risk Management for SMEs.” Institute of Software Technology and Interactive Systems, Vienna University of Technology, Austria. Lane C., Quack S. (1999). “The social dimension of risk: bank financing of SMEs in Britain and Germany.” Organisation Studies. Vol. 20, pp. 987-1010. Leopoulos V., Kirytopoulos K., Malandrakis C. (2006). “Risk Management for SMEs: Tools to Use and How.” Production Planning & Control. Vol. 17, iss.3, pp. 322-332. Love P., Irani Z., Standing C., Lin C., Burna J. (2005). “The Enigma of Evaluation: Benefits, Costs and Risks of IT in Australian Small–Medium-Sized Enterprises.” Information & Management. Vol. 42, iss.7, pp. 947-964. Menardi G. (2009). “Some Issues Emerging in Evaluating the Risk of Default for SMEs.” Department of Economic and Statistic Science, Trieste University, Italy. Mikkonen P. Uusitalo T. (2003). “On E-Business Possibilities of a Holistic Risk management Toolkit for Enterprises.” Frontiers of e-Business Research, pp. 139-147. Morais T. da Costa G. (2007). “A Importancia de la Auditoria Interna en las Pyme: Caso de las Pyme Portuguesas.” Ayala Calvo, J.C. y grupo de investigaciòn FEDRA-Conocimiento innovaciòn y emprendedores: Camino al Futuro, pp. 2931-2945. Murzacheva E. (2010). “Risk Indicator of the Small Business Efficiency in the Macroeconomic Context: Methodological Issues.” Proceedings of 16th Nordic Conference on Small Business Research, Kolding, 19-21 May, Denmark. Norman, A., Lindroth, R. (2002). “Supply Chain Risk Management: Purchasers' vs planners' Views on Sharing Capacity Investment Risks in the Telecom Industry.” Paper presented at the 11th International Annual IPSERA Conference, Twente University, March 25-27, in The Netherlands.

xxx

238

Patè-Cornell, M.E., (1996). “Uncertainties in Risk Analysis: Six Levels of Treatment.” Reliability Engineering and System Safety. Vol. 54, iss. 2, pp. 95-111. Petroni, A. (1996). Il Risk Management nelle Piccole e Medie Imprese. CEDAM, Padova. Poba-Nzaou P., Raymond L., Fabi B. (2008). “Adoption and Risk of ERP Systems in manufacturing SMEs: A Positivist Case Study.” Business Process Management Journal. Vol.14, iss.4, pp. 530-550. Reboud S., Mazzarol T. (2004). Intérêt d’un Outil d’Evaluation du Risque lié à l’Innovation pour les PME.” Proceedings 13eme Conférence de l’AIMS Regan P.J., Patè-Cornell M. E. (1997). “Normative engineering risk management systems.” Reliability Engineering and System Safety. Vol. 57, iss.2, pp 159-169. Rigaud E., Guarnieri F. (2003). “De l’Apport du Concept d’Organisation Virtuelle Pour la Gestion des Risques dans le PME-PMI. » SIRTECH 2003, Ecole de Mines de Paris, Pole Cindyniques, BP 20706904 Sophia-Antipolis Ritchie B., Brindley C. (2000). “Disintermediation, Disintegration and Risk in the SME Global Supply Chain.” Management Decision. Vol. 38, iss.8, pp. 575-583. Saluja U. Norbik B. (2006). “Risk Management: Small and Medium Enterprises.” MoMM2006 & iiWAS2006 Workshop Proceedings, pp 497-504. St. Pierre J., Delisle S., Beaoudoin R. (2004). “Développement d’un Outil Stratégique pour Evaluer et Gérer le Risque des PME afin d’Améliorer leur Financement Externe.” Presse de l'Université du Québec, Sainte-Foy Tatano, Y., Major, (2003). “Characteristics of Disaster Risk and Its Management.” Journal of Research Institute of Science and Technology for Society, Vol. 1,pp. 141-148. Thevendran V., Mawlesley M.J. (2004). “Perception of Human Risk Factors in Construction Projects : an exploratory analysis.” International Journal of Project Management. Vol 22. pp. 131-137 Tissot P. (2006). “ Méthodes et Outils pour Traiter les Risques Opérationnelles dans les PME. Proceedings of 8th CIFEPME, Congres International Francophone en Entrepreneuriat et PME, pp1-16 Verbano C., Turra F. (2007). “Linee Evolutive del Risk Management: Approcci, Metodi ed Ambiti Applicativi.” Quaderni di Management. Vol.28, pp. 6-25 Walshe, K., Dineen, M. (1998). Clinical Risk Management. Making a difference?, The NHS Confederation, University of Birmingham, Birmingham. Williams A., Oumlil B. (1987). “A Classification and Analysis of JPMM Articles.” Journal of Purchasing and Materials Management. Vol. 23 iss. 3 Fa11, pp. 24–28. Wu D., Olson D. (2009). “Enterprise Risk Management: Small Business Scorecard Analysis.” Production Planning & Control. Vol. 20, iss.4, pp. 362-369. Xiaohong C., Ying Z., Jian S. (2007). “A study of SMEs Growth Evaluation Considering Value at Risk - Empirical Research of Listed SMEs.” International Conference on Service Systems and Service Management. IEEE, pp. 1-5. Yeo K .T., Lai W.C. (2004). “Risk Management Strategies for SME Investing in China: a Singaporean Perspective.” IEMC2004, International Engineering Management Conference. IEEE, Vol. 2 pp. 794-798. Zhi-Qiaang M., Tao H. (2008). “Risk Evaluation on Technological Innovation of Chinese SMEs Based on Fuzzy Neural Network.” 4th International Conference on Wireless Communication, Networking and Mobile Computing. IEEE, pp. 1-7.

xxx

239