Managing Risks in SMEs: A Literature Review and Research Agenda

 

Chiara Verbano¹, Karen Venturini²

¹Department of Management and Engineering, University of Padova, Strll.a S.Nicola, 36100Vicenza (ITALY). E-mail: chiara.verbano@unipd.it ²Department of Economics and Technology, San Marino State University, Str. della Bandirola 3, Montegiardino (RSM) E-mail: kventurini@unirsm.sm

---

Abstract

In times of crisis, companies need to carefully monitor current expenses and forecast potential costs, which could be caused by risky actions. Risk is inherent in all business functions and in every kind of activity. Knowing how to identify risks, attribute a value and a priority scale, design actions and mechanisms to minimize risks, and continuously monitor them, are essential to guarantee companies' survival and create sustainable value. This is especially true for small- and medium-sized businesses that are most exposed to the harmful effects of the risks, due to limited resources and structural features. The objective of this study is to analyze available literature on the subject of risk management for small- and medium-sized enterprises from 1999 to 2009. The analysis derives interesting characteristics from the scientific studies, highlighting gaps and guidelines for future research.

Keywords: risk management; enterprise risk management; smes; literature review.

---

 

Introduction

Risk can be seen as the possibility of economic or financial losses or gains, as a consequence of the uncertainty associated with pursuing a course of action (Chapman and Cooper, 1983). Risk pervades all human actions (to varying degrees), all kinds of business and every area of management of a company. However, in many cases, risk can be predicted on the basis of experience, trying to better govern the disorder. Risk management (RM) has the task of identifying risks, measuring the probability and the possible impact of events, and treating risks, eliminating or reducing their effect with the minimum investment of resources. RM is being developed and adopted in a lot of fields, such as environment, healthcare, public safety, and within enterprise management. This paper considers RM for small and medium enterprises (SMEs). More so than larger organizations, SMEs require the adoption of a risk management strategy and methodology, because they lack the resources to respond promptly to internal and external threats, leading to potentially huge losses that seriously threaten their survival.

A further motivation to push the implementation of RM in SMEs is to protect innovative projects, which are fundamental to gain competitive advantage and succeed in the market, but necessarily involve risky decisions and activities (Vargas-Hernandez, 2011). The early identification and management of risks is required by innovative SMEs to control the project-related risks. Risk management could enhance the ability to successfully manage all stages of the innovative projects.

It has only been a few years since the management literature started to show an interest in applying RM in SMEs; for this reason, many areas are still understudied.

The choice of this theme is determined first, by the SMEs' fundamental role in society from an economic and social point of view; in Europe they comprise 99.8% of the total number of companies, employ 67.4% of workers and generate 58.1% of the total gross value added (Ecorys, 2012). Despite the SMEs' importance, having less resources and structural features results in a greater vulnerability to risk. Thus, the second motivation is to promote the development of RM for SMEs; till now there have been limited studies to improve these firms' ability to survive and create value over time.

The research objectives are therefore to analyze the existing literature concerning the application of RM in SMEs from 1999 to 2009, synthesize and classify it based on different established categories, and then highlight the current gaps and opportunities for future research.

The next section is devoted to the theoretical framework, including the definition of risk management, risk classifications and areas of RM application. Section 3 presents the research questions and investigation methodology adopted, followed by the results and conclusion.

 

Theoretical background

Risk Management

One of the first definitions of risk is attributed to Bernoulli, who in 1738 proposed measuring risk with the geometric mean and minimizing risk by spreading it across a set of independent events (Bernoulli, 1954). Accordingly, the traditional definition of risk is measured by two combined variables: a) frequency of occurrence (probability) of the "risky" event, i.e., the number of times the risky event is repeated in a predetermined period and b) extent of the consequences (magnitude) that the event generates, i.e., all the results of its occurrence.

Following Chapman and Cooper (1983), risk is the possibility of suffering economic and financial losses or physical-material damages, as a result of an inherent uncertainty associated with the action taken.

In a later definition developed by management literature, the concept of risk comprises positive and negative consequences of an event, which may affect the achievement of strategic, operational and financial objectives of a company (BBA, et al., 1999).

Given the complexity and magnitude of the risks that companies face, scholars recognize a macro classification of risks into two main categories (Mowbray, et al., 1979). First, pure or static risk is the risk that only causes damage without the opportunity of earning from its occurrence. Always negative, it is characteristically unexpected because it is determined by accidental events. This risk falls perfectly under the insurance policy. Second, speculative or dynamic risk is the risk that can cause either damages or earning opportunities. These are the typical entrepreneurial risks, consequences, for example, of an investment that has not generated a profit. They are normally related to planning and managing the different businesses and functions of the enterprise, such as production, product, marketing and sales.

Risky events can be caused by external factors (economic, environmental, social, political and technological aspects) or internal factors (infrastructure, human resources, process and technology used by a company) (COSO, 2004).

Risk management is defined as the process intended to safeguard the assets of the company against losses that may hit it in the exercise of its activities, through the use of instruments of various kinds (prevention, retention, insurance, etc.) and in the best cost conditions (Urciuoli and Crenca, 1989). Another definition is RM refers to the process of planning, organizing, directing, and controlling resources to achieve given objectives when unexpectedly good or bad events are possible (Head, 2009).

The International Organization for Standardization (ISO 31000, 2009) identifies the following principles of RM that should: create value; be an integral part of the organizational processes; be part of decision making that explicitly addresses uncertainty; be systematic and structured; be based on the best available information; be tailored; take into account human factors; be transparent and inclusive; be dynamic, iterative and responsive to change; and be capable of continual improvement and enhancement.

The adoption of an RM methodology can lead firms to reduce the uncertainty in enterprise management, to ensure continuity in production and trading in the market, to decrease the risk of failure, and to promote the enterprise's external and internal image. Therefore, RM creates business value, maximizing business profits by minimizing costs (Urciuoli and Crenca, 1989).

Risk management (Fig. 1) follows a stage-gate process (Henschel, 2009; ISO 31000, 2009; Urciuoli and Crenca, 1989;). A preparatory step requires defining the RM plan to be consistent with strategic business objectives, and conducting a context analysis. The first stage aims to identify all the risks to which the enterprise is exposed. The second stage is the assessment and risk analysis, which aims to determine the probability and the expected magnitude associated with the occurrence of the damage. A threshold of acceptability must be defined to proceed to the next stage, depending on the risk appetite of top management and on the resources available for RM. The third stage is the treatment of unacceptable risks, which identifies the most appropriate actions to reduce the risk; and finally the process is supervised. In the literature, the first two phases (identification, evaluation and analysis) are often called risk assessment. The implementation of an RM system is a long-term, dynamic and interactive process that must be continuously improved and integrated into the organization's strategic planning (Di Serio, et al., 2011).

 

Development Paths of Risk Management

In the last decades, we have witnessed an increasing vulnerability of the industrial and social systems (e.g., related to clinical risks, natural risks, safety of workers, etc), leading to a growing social concern about this phenomenon. A proliferation of theoretical and empirical developments of RM has taken place during the same period in many fields, with specific methodologies, models and techniques, coming from different cultural contexts. After an in-depth study of the literature (Verbano and Venturini, 2011), the RM applications have been classified into nine different streams:

• Strategic risk management (SRM): an integrated and continuous process of identification and assessment of strategic risks (human, technological, brand, competition, project and stagnation risks), which are considered obstacles that prevent reaching an organization's financial and operational goals (Chatterjee, et al., 2003).

• Financial risk management (FRM): a process of creating economic value in a firm by using financial techniques and methodologies to manage exposure to risk (credit, exchange rate, inflation, interest rate, price and liquidity risk) (Crockford, 1986).

Figure 1. The Risk Management Process.

 

• Enterprise risk management (ERM): a process applied across the enterprise, designed to identify potential events that may affect the organization, and manage risk (strategic, market, financial, human, technological and operational risks) to be within its risk tolerance, to provide reasonable assurance for achieving enterprise objectives (COSO, 2004).

• Insurance risk management (IRM): a pure risk management process in a firm (where pure risk can be of environmental, social, personal and technological types), based on the observation of damaging events that have already occurred, the application of a premium and the subjective assessment based on the assessor's experiences and competencies (Gahin, 1967).

• Project risk management (PRM): a process integrated into the project's life cycle, which involves defining objectives, identifying sources of uncertainty, analyzing these uncertainties and formulating managerial responses to develop an acceptable balance between risks and opportunities (Thevendran and Mawdesley, 2004). Project risks can be of technical, operational, organizational, contractual, financial, economic and political types.

• Engineering risk management (EnRM): a complex and continuous process that involves managing the planning, design, operation and evolution of an engineering system. This is aimed to identify and choose appropriate responses to problems related to different risk factors (technical/operational risks) through the use of a systemic and proactive approach (Regan and Patè-Cornell, 1997).

• Supply chain risk management (ScRM): a shared RM process, developed in collaboration with the partners in the entire supply chain, to deal with the risks (logistics, financial, information, relationships and innovation risks) and uncertainties resulting from logistic activities and resources (Norman and Lindroth, 2002). With the diffusion of the open innovation phenomenon (Petroni et al., 2012), many companies are building strong supply chain partnerships with business partners, such as manufacturers, distributors, suppliers and customers, and consequently risks deriving from these relationships have to be managed carefully.

• Disaster risk management (DRM): a holistic and flexible approach in governing any community, involving a series of actions (programs, projects and measures) and tools aimed at reducing disaster risks (deriving from natural phenomena, terrorism, epidemics and industrial accidents) and mitigating the spread of disasters, following the processes, structures and rigour typical of RM (Garatwa and Bollin, 2002).

• Clinical risk management (CRM): an approach to improve healthcare quality, which identifies circumstances that put patients at risk of harm, and then acts to prevent or control those risks (related to human and organizational factors or technological aspects) (Walshe and Dineen, 1998). The aim is both to improve the safety and quality of care for patients and to reduce the costs of such risks for healthcare organizations (Verbano and Turra, 2010).

 

Research objectives and methodology

The objective of this paper is to search and analyze all published studies on RM for small and medium firms, written in English between 1999 and early 2009, to map the issues that have been investigated and to suggest guidelines for future research.

According to specific selection criteria, we constructed a database of 33 articles and then interpreted the data with respect to the areas of major interest for the RM field. The following steps have been performed in detail:

A. Selection of databases and identification of papers. To identify the collection of papers for review, we conducted a search of electronic journals in the following databases: Compendex, Ebsco, Emerald, Ingenta Connect, InterScience, JSTOR, Web of Science and Science Direct. The research in electronic databases required the identification of keywords, such as risk management (RM) (in the first string), SMEs (in the second string) or SMEs risk management (in the different strings).

B. Selection of papers. This led to the rejection of articles not strictly connected with RM in SMEs, which were related to the following topics: clinical risk, disaster risk and engineering risk.

C. Classification of different established categories and analysis. The papers obtained from the research and selection of the literature have been classified, following the procedure suggested by Williams and Oum-lil (1987), and adapted for the scope by considering different perspectives:

• Research type: empirical, i.e., focused on applying hypotheses or models and testing them empirically; conceptual framework, where concepts, ideas or models are developed; and literature review.

• RM streams, following the classification reported in Section 2.2.

• Risk types, following the classification of the Casualty Actuarial Society (2003):

a. "Hazard risks", comprising fire and other property

damages, windstorm and other natural perils, theft and other crimes, personal injury, business interruption, disease and disability (including work-related injuries and diseases), and liability claims.

b. "Financial risks", comprising price (e.g., asset value, interest rate, foreign exchange, commodity), liquidity (e.g., cash flow, call risk, opportunity cost), credit (e.g., default, downgrade), inflation/purchasing power, and hedging/basis risk.

c. "Operational risks", comprising business operations (e.g., human resources, product development, capacity, efficiency, product/service failure, channel management, supply chain management, and business cyclicality), empowerment (e.g., leadership and change readiness), information technology (e.g., relevance and availability), information/business reporting (e.g., budgeting and planning, accounting information, pension fund, investment evaluation, and taxation).

d. "Strategic risks", comprising damage to reputation (e.g., trademark/brand erosion, fraud, and unfavourable publicity), competition, customer wants, demographic and social/cultural trends, technological innovation, capital availability, and regulatory and political trends.

• RM process, classified as "total" when all the stages of the process are applied, or as "identification", "evaluation" and "treatment" when a single phase(s) is (are) applied.

To complete the analysis, the data has been integrated with the geographic origin of the articles and the year of publication.

 

Results: main characteristics of literature analyzed

The database obtained is composed of 33 articles. Table 1 shows the balanced spread of articles across academic journals, conference proceedings and other sources, such as reports, while Figure 2 illustrates each author's country of origin and the article's year of publication.

First, it can be observed that the topic of risk management for SMEs is of interest in various fields of study, from purely business management to new applications of statistical and mathematical models, and computer software design. The Production Planning & Control journal had published more (four articles), while the rest of the journals devoted only one article on this topic during the 1999-2009 period.

Table 1. The different sources for the literature research

 

From 1999 to 2005, very few papers were published per year, while a growing trend can be noticed from 2006 (four publications) till 2009 (seven publications); as for the country of the first author cited per article, most of the papers came from China and the United Kingdom (Fig. 2).

Table 2 lists the classification of papers by main characteristics: research type, sector, risks type, RM stream and process.

The majority of papers are not focused on a specific sector, but the sector most analyzed by the literature is manufacturing, while a minority of papers evaluate enterprises that were operated by project (construction, aeronautical and automotive).

Considering the research type (Fig. 3), the majority of studies are empirical (64%), presenting a model or a method application or a theoretical framework tested with empirical case studies, followed by conceptual modelling (30%) and literature review (6%). As for "risk type" (Fig. 3), it shows that the articles mainly deal with operational risks (54%); in particular, the most considered concern information technology management, followed by production planning and process management. This is followed by articles about financial risks (29%) that mainly involve credit problems, both from the viewpoint of the lenders (banks or credit institutions) and of the SMEs, assuring the credit institutions of their stability and solvency. Strategic risks are considered by 14% of the total papers, where particular attention is paid to innovation aspects, and only one paper discusses hazard risks, specifically personal injuries.

Based on the risk management process (Fig. 4), the total process is studied by 36% of the articles, while as a single phase, evaluation is the most analyzed (42%), followed by identification (15%); less studied are risk treatment (6%) and context analysis (3%). Regarding the risk streams (Fig.4), the papers cover almost all of them, but the highest interest is in the studies about ERM (43%), followed by FRM (27%), ScRM (15%), PRM (9%) and SRM (6%).

 

Discussion: Gap analysis and emerging research agenda

To verify if the literature on risk management for SMEs is complete and properly deals with all streams and risk types, a cross-analysis table has been built (Tab. 3).

Figure 2: Countries and years of publications

Figure 3: Research Type and risk considered

Table 2: Paper classification

 

From the analysis of Table 3, some considerations can be made about risks and streams. Regarding risk types, the above table shows that scholars have mainly analyzed operational risks. As expected, the articles dedicated to operational risks in almost all cases belong to the ERM stream, which is the activity responsible for the global risks of an enterprise, such as strategic, market, financial, human, technological and operational risks. The SMEs engaged in manufacturing daily face internal and external disturbances to their operations, which create risks and reduce business performance in terms of production, production capacity, human resources, market share and financial losses. In view of this, it is important for SMEs to adequately manage these potential risks to ensure their survival in the market. Other studies devoted to operational risks are located in the ScRM stream (five) and the PRM stream (three). In any case, operational risks are those that most of the others are distributed among different streams, partly because they refer to a great number of business activities.

In the second position are the studies on financial risks, nine in FRM and just one in ERM. The limitation of the financial risk type to the FRM stream poses some important questions, for example, why is it not considered a significant risk in PRM, where liquidity is extremely important? For instance, in the construction sector, a liquidity problem can lead to closing building sites.

Strategic risks, which follow in terms of the number of studies, include four articles in ERM (the most studied area of interest for SMEs) and one in SRM.

Only one paper is dedicated to hazard risks, highlighting a gap in literature and a possible new area of research. Especially for SMEs, this kind of risk often leads to failure of the enterprise (for example, fire or another catastrophic accident) because of the difficulty in rebuilding or immediately restoring the facilities to restart production, and also for the loss of the warehoused products. It would be more interesting to consider hazard risks across different streams.

It emerges from the analysis of the operational and strategic risks that no study has tackled the human resources problem, particularly regarding key-people who possess exclusive knowledge, competencies and experiences, and are therefore not easy to replace. Often, the entrepreneur of a small firm is an extremely important key person, whose role is crucial for the positive and regular performance of an enterprise and even more for its continuous growth.

Figure 4: Risk management process and risk stream

 

However, considering not the risk type but the area of study, ERM is the most studied stream. It is also evident that ERM covers almost all risk types, although the most important one is the operational aspect, which ensures the continuity of operations.

The fact that ERM and FRM are the streams most discussed is quite expected. Small firms suffer in the management of operational risks and financial conditions. In these times of crisis, banks are much more cautious in lending money to SMEs and set up stricter evaluation mechanisms to avoid risks.

Project RM is less studied, an area that also covers the risks of innovative projects. Considering the strategic need to invest in innovation and adopt practices that help facilitate ground-breaking processes, it seems appropriate that scholars develop models and procedures to manage risks in innovative activities. Another evident gap is that the IRM stream seems to be a neglected topic for a research study; this may be because enterprises usually insure their assets, but often without applying any kind of RM process.

The research agenda would like to analyze why IRM and hazard risks have been disregarded, and in a second phase, propose specific instruments for RM in SMEs. The research agenda would also consider evaluating (perhaps by using a qualitative perspective) the importance of key people within an enterprise, to understand the degree of risk in the event they abandon the firm, and to prevent this occurrence with adequate measures (for example, knowledge sharing and personnel retention).

 

Conclusions

In the debate among managers, there seems to be a fruitful interest in RM applied to SMEs. However, this is not accompanied by a substantial body of studies in the literature.

The impression is that RM for SMEs is still a "spot" subject, despite their wide diffusion and importance from an economic and social perspective, and the fact that they are structurally weaker and exposed to the danger of failure when facing unexpected risks.

From the analysis of the years of publication, the increasing trend in the number of studies demonstrates the growing interest in this topic. The majority of the articles are empirical, adopting a case study methodology typical of the explorative investigation, according to the novelty of this research field.

Moreover, there is a significant concern about the financial aspect. The problem most dealt with is not obtaining a bank credit, but developing an instrument to evaluate the financial solidity of the small enterprise and therefore avoiding the problem of insolvency.

Another emerging pattern from this study is that scholars mainly designed instruments for the identification and evaluation of risks. This is in line with Keizer et al.'s definition (2002): ''Risk processes do not require a strategy of risk avoidance but an early diagnosis and management''. At the same time, there is a lack of focus on risk treatment as a general principle, as well as for the specific industrial sector. Only 6% of the papers highlight risk treatment; while many articles consider the total process, the treatment phase typically lists only the four possible types of solutions (i.e., retention, avoidance, sharing and reduction), without suggesting how to select and apply the best combination of techniques. Particularly important for SMEs, there is a lack of interest in the risk connected with the presence of the key person in personnel management.

Table 3: Emerging Gap

 

Other possible future research topics emerging from the gap analysis include more considerations on hazard risks and insurance risk management, as well as strategic and financial risks in the context of project management and supply chain management. As has been observed from analyzing the RM literature for all companies, the most recent challenge is the drive towards an integrated management of all risk types (ERM), where it is hoped that the experience gained in different paths can be pooled (Verbano and Venturini, 2011).

This paper's contribution is to emphasize a new research stream that studies the implementation of RM in the context of smaller companies, detailing the first contributions and suggesting future directions. Although the current study provides an input to the field, knowledge of the issues is inadequate at this early stage, and practical and academic studies are still very limited. Many useful implications are expected in the future from this emerging stream, especially in this period of economic recession, where the companies' survival is so threatened and important.

 

References

ALQUIER, AM.B., Tignol, M.H.L. (2006). Risk Management in Small and Medium-sized Enterprises. Production Planning and Control, 17(3), 273-282.

ALTMAN, E., Sabato, G. ( 2007). Modelling Credit Risk for Smes: Evidence from the US Market. Abacus. 43(3), 332-357.

ALTMAN, E., Sabato, G., Wilson, N. (2009). The Value of Qualitative Information in SME Risk Management. CMRC, Leeds University Business School, UK. http://people.stern.nyu.edu/ealtman/SME_EA_GS_NW.pdf [Last accessed June 18, 2013]

ARNOLD, M., Holmes, S. (1999). Relative Risk Measurement in Small and Medium Enterprises. Department of Accounting and Finance, University of Newcastle, Australia. http://www.sbaer.uca.edu/research/icsb/1999/22.pdf [Last accessed June 18, 2013]

BBA - British Bankers' Association, International Swaps and Derivatives Association, PricewaterhouseCoopers LLP (1999). Operational risk: the next frontier, RMA, Philadelphia.

BEACHBOARD, J., Cole, A., Mellor, M., Hernandez, S., Aytes, K., Massad, N. (2008). Improving Information Security Risk Analysis Practices for Small and Medium-Sized Enterprises: A Research Agenda. Journal of Issues in Informing Science and Information Technology Education, 5, 73-85.

BERNOULLI, D. (1954). Exposition of a new theory on the measurement of risk. Econometrica, 22(1), 23-36.

CASUALITY ACTUARIAL SOCIETY (2003). Overview of Enterprise Risk Management. The CAS Enterprise Risk Management Committee, Forum Summer 2003.

CHANGHUI, Y. (2007). Risk Management of Small and Medium Enterprise Cooperative Innovation Based on Network Environment. 3rd International Conference on Wireless Communications, Networking, and Mobile Computing, Shanghai, China. pp. 4560 - 4563.

CHAPMAN, C.B., Cooper, D.F. (1983). Risk engineering: Basic controlled interval and memory models. Journal of the Operational Research Society, 34(1), 51-60.

CHATTERJEE, S., Wiseman, R.M., Fiegenbaum, A., Devers, C.E. (2003). Integrating Behavioural and Economic Concepts of Risk into Strategic Management: The Twain Shall Meet. Long Range Planning, 36, 61-79.

CHENG, Q. (2009). Risk Analysis and Evaluation of the Destructive Innovation in Small and Medium-Sized Enterprises. International Conference on Management and Service Science, MASS IEEE Computer Society.

COSO (Committee of Sponsoring Organizations of the Treadway Commission), (2004). Enterprise Risk Management - Integrated Framework,Vol. 2. http://www.coso.org/erm-integratedframework.htm [Last accessed June 18, 2013]

CROCKFORD, N. (1986). An Introduction to Risk Management (2nd eds). Woodhead-Faulkner, Cambridge.

DAVIDSON, R., Lambert, S. (2004). Applying the Australian and New Zealand Risk Management Standards to Information Systems in SMEs. Australian Journal Information Systems,12(1), 4-16.

DI SERIO, L.C., de Oliveira, L.H., Siegert Schuch, L.M., (2011). Organizational Risk Management: A Study Case in Companies that Have Won the Brazilian Quatity Award Prize. Journal of Technology Management and Innovation, 6(2), 230-243.

ECORYS, (2012). EU SMEs in 2012: at the crossroads: Annual report on small and medium-sized enterprises in the EU 2011/12, European Commission, Rotterdam. http://ec.europa.eu/enterprise/policies/sme/facts-figures-analysis/ performance-review/files/supporting-documents/2012/an-nual-report_en.pdf [Last accessed June 18, 2013]

ELLEGAARD, C. (2008). Supply Risk Management in a Small Company Perspective. Supply Chain Management: An International Journal, 13(6), 425-434.

FAISAL, M.N., Banwet, D.K., Shankar, R. (2006). An Analysis of the Dynamics of Information Risk in Supply Chains of Select Sme Clusters. The Journal of Business Perspective, 10(4), 49-61.

GAHIN, F.S. (1967). A theory of Pure Risk Management in the Business Firm. The Journal of Risk and Insurance, 34(1), 121-129.

GARATWA, W., Bollin, C. (2002). Disaster Risk Management: Working Concept. Deutsche Gesellschaft für Technische Zusammenarbeit (GTZ), Eschborn. http://www2.gtz.de/dokumente/bib/02-5001.pdf [Last accessed June 18, 2013]

GUOYU, H., Qinfen, W., Zhingjian, L., Juling, D., Ruihua, C. (2008). A New Quantitative Analysis Method for Financial Risk Early Warning of Unlisted Small and Medium Enterprise. IEEE International Conference on Management of e-Commerce and e-Government, Nanchang, China. pp. 289 - 296

GURAU, C., Ranchhod, A. (2007). Flexible Risk Management in New Product Development: The Case of Small- and Medium-Sized Biopharmaceutical Enterprises. International Journal of Risk Assessment and Management, 7(4), 474-490.

HEAD, L.G. (2009). Risk Management - Why and How. International Risk Management Institute, Dallas, Texas.

HENSCHEL, T. (2009). Implementing a Holistic Risk Management in Small and Medium Sized Enterprises (SMEs). Edinburgh Napier University School of Accounting, Economics and Statistics, UK. http://sbaer.uca.edu/research/icsb/2009/pa-per173.pdf

ISKANIUS, P. (2009). Risk Management in ERP Project in the Context of SMEs. Engineering Letters, 17(4). http://web.nchu.edu.tw/pweb/users/arborfish/lesson/8613.pdf

ISLAM, M.A., Tedford, J.D., Haemmerle, E. (2006). Strategic Risk Management Approach for Small and Medium-Sized Manufacturing Enterprises (SMEs):ATheoretical Framework. Proceedings of IEEE International Conference on Management of Innovation and Technology, Singapore pp.694-698.

ISO - International Organisation of Standardisation (2009). ISO 31000, Principles and generic guidelines on risk management. http://www.iso.org [Last accessed June 18, 2013]

JIBIN, M., Yi, C. (2008). Study on the Risk of Small and Medium-Sized Enterprises Securitization Based on Unascertained Measure Model. Proceedings of the IEEE International Conference on Business and Information Management, Wuhan, China, pp. 285-288.

JOBST, A. (2004). Asset Securitisation as a Risk management and Funding Tool: What Does It Hold in Store for SMEs. Goethe-Universitat Frankfurt am Main, Germany. http://www.kantakji.com/fiqh/files/markets/70081.pdf [Last accessed June 18, 2013]

KARDUCK, A.P., Sienou, A., Lamine, E., Pingaud, H. (2007). Collaborative Process Driven Risk Management for Enterprise Agility. IEEE-IES Digital EcoSystems and Technologies Conference Proceedings, Cairns, Australia, pp.535-540.

KEFAN, X. , Liu, J., Peng, H., Chen, G., Chen, Y. (2009). Early-warning Management of Inner Logistics Risk in SMEs Based on Label-card System. Production Planning and Control, 20(4), 306-319.

KEIZER, J., Halman, J.I.M., Song, X. (2002). From Experience: Applying the Risk Diagnosing Methodology. Journal Product Innovation Management, 19(3), 213-232.

KIRYTOPOULOS, K., Leopoulos, V., Malandrakis, C. (2001). Risk Management: A Powerful Tool for Improving Efficiency of Project Oriented SMEs, Proceedings of the 4th SMESME International Conference, Denmark, pp. 331-339.

KLEMEN, M., Biffl, S. (2002). Economic Aspects and Needs in IT-Security Risk Management for SMEs. Institute of Software Technology and Interactive Systems, Vienna University of Technology, Austria, http://www.soberit.hut.fi/edser-6/PDF/10_Klemen_EDSER6.pdf [Last accessed June 18, 2013]

LANE, C., Quack, S. (1999). The social dimension of risk: bank financing of SMEs in Britain and Germany. Organisation Studies, 20(6), 987-1010.

LEOPOULOS, V.N., Kirytopoulos, K.A., Malandrakis, C. (2006). RM for SMEs: Tools to Use and How. Production Planning and Control, 17(3), 322-332.

LOVE, P.E.D., Irani, Z., Standing, C., Lin, C., Burna, J.M. (2005). The Enigma of Evaluation: Benefits, Costs and Risks of IT in Australian Small-Medium-Sized Enterprises. Information and Management, 42(7), 947-964.

MENARDI, G. (2009). Some Issues Emerging in Evaluating the Risk of Default for SMEs. Department of Economic and Statistic Science, Trieste University, Italy. http://www2.mate.polimi.it/ocs/viewpaper.php?id=140&cf=7 [Last accessed June 18, 2013]

MOWBRAY, A.M., Blanchard, R.H. , Williams, C.A. (1979). Insurance, Krieger publishing Co., Huntington.

NORMAN, A., Lindroth, R. (2002). Supply Chain Risk Management: Purchasers' vs planners' Views on Sharing Capacity Investment Risks in the Telecom Industry. Proceedings of the 11th International Annual IPSERA Conference, Twente, The Netherlands, pp. 577-595.

PETRONI G., Venturini K., Verbano C. (2012). Open innovation and new issues in R and D organization and personnel management, The International Journal of Human Resource Management, 23(1), 147-173

POBA-NZAOU, P., Raymond, L., Fabi, B. (2008). Adoption and Risk of ERP Systems in manufacturing SMEs: A Positivist Case Study. Business Process Management Journal, 14(4), 530-550.

REGAN, PJ., Patè-Cornell, M.E. (1997). Normative engineering risk management systems. Reliability Engineering and System Safety, 57(2), 159-169.

RIGAU, E. (2003). Définition et Opérationalisation d'une Organisation Virtuelle à Base d'Agents Pour Contribuer à de Meilleures Pratiques de Gestion des Risques dans les PME-PMI. Ph.D. Thesis, Ecole de Mines, Paris.

RITCHIE, B., Brindley, C. (2000). Disintermediation, Disintegration and Risk in the SME Global Supply Chain. Management Decision, 38(8), 575-583.

THEVENDRAN, V., Mawlesley, M.J. (2004). Perception of human risk factors in construction projects : an exploratory analysis. International Journal of Project Management, 22, 131-137.

URCIUOLI, V., Crenca, G., 1989. Risk Management: strategie e processi decisionali nella gestione dei rischi puri d'impresa. ISBA, Rovereto.

VARGAS-HERNÁNDEZ, J.G. (2011). Modelling Risk and Innovation Management. Advances in Competitiveness Research, 19 (3-4), 45-57.

VERBANO, C., Turra, F. (2010). A human factors and reliability approach to clinical risk management: Evidences from Italian cases. Safety Science, 48(59), 625-39.

VERBANO, C., Venturini, K. (2011). Development Paths of Risk Management: Approaches, Methods and Fields of Application. Journal of Risk Research, 14(5-6), 519 - 550.

WALSHE, K., Dineen, M. (1998). Clinical Risk Management. Making a difference? The NHS Confederation, University of Birmingham, Birmingham.

WILLIAMS, A., Oumlil, B. (1987). A classification and analysis of JPMM articles. Journal of Purchasing and Materials Management, 23(3), 24-28.

WU, D.D., Olson, D. (2009). Enterprise Risk Management: Small Business Scorecard Analysis. Production Planning and Control, 20(4), 362-369.

XIAOHONG, C., Ying, Z., Jian, S. (2007). A study of SMEs Growth Evaluation Considering Value at Risk. IEEE International Conference on Service Systems and Service Management Proceedings. Chengdu, China. pp.1-5

YEO, K.T., Lai, W.C. (2004). Risk Management Strategies for SME Investing in China: a Singaporean Perspective. IEEE International Engineering Management Conference Proceedings. Singapore, pp. 794-798.

ZHI-QIANG, M., Tao, H. (2008). Risk Evaluation on Technological Innovation of Chinese Small and Medium-Sized Enterprises SMEs Based on Fuzzy Neural Network. IEEE International Conference on Wireless Communication, Networking and Mobile Computing Proceedings, Niagara Falls, Canada, pp.13067-13073.

Received Jun. 28, 2013 / Accepted Sep. 18, 2013