Thematic Section - Future of Energy-efficient Operations and Production Systems

From theory to practice: a risk management model for SMEs in the context of ISO 9001

Yasmin Silva Martins; Carlos Eduardo Sanches da Silva; Juliana Helena Daroz Gaudencio

Downloads: 0
Views: 469


Paper aims: To fulfill risk-based thinking (RBT), most companies opt for widespread methods as FMEA, even with their limitations. This research aims to develop a model for small and medium-sized enterprises (SMEs) relying on literature, practical and normative aspects, to accomplish RBT required by ISO 9001:2015.

Originality: This study represents an original contribution once its analysis and results guide a highlighted need in the literature. By discussing RBT from three different perspectives, this paper provides relevant insights for researchers and practitioners in quality and risk management.

Research method: The action research was conducted within a Brazilian SME, where the risk management model was implemented and analyzed through five cycles. The techniques to collect data were participant observation, documentary analysis, and semi-structured interviews, analyzed through attribute agreement analysis.

Main findings: Unlike the isolated use of widespread methods, this model contains all the aspects needed for RBT. Its applicability is directly related to the level of experience on risks and ISO 9001, emphasizing the organizational aspects needed.

Implications for theory and practice: A comprehensive model allows SMEs to understand better the concepts associated with RBT while incorporating an adapted approach to their contexts. Researchers can use the model to analyze its applicability for SMEs from different contexts.


Quality management system, ISO 9001:2015, Risk-based thinking, Risk management, Action research


Anttila, J., & Jussila, K. (2017). ISO 9001:2015: a questionable reform. What should the implementing organizations understand and do? Total Quality Management & Business Excellence, 28(9-10), 1090-1105.

Arksey, H., & O’Malley, L. (2005). Scoping studies: towards a methodological framework. International Journal of Social Research Methodology, 8(1), 19-32.

Atan, H., Ramly, E. F., & Musli Mohammad, M. S. Y. (2017). A review of operational risk management decision support tool. In 7th Annual International Conference on Industrial Engineering and Operations Management (pp. 2669–2680) Rabat, Morocco.

Badreddine, A., Romdhane, T. B., & Amor, N. B. (2009). A multi-objective approach to implement an integrated management system: quality, security, environment. In Proceedings of IEEE International Conference on Systems, Man and Cybernetics (pp. 4728-4733). New York: IEEE.

Bonato, S. V., & Caten, C. S. T. (2015). Diagnóstico da integração dos sistemas de gestão ISO 9001, ISO 14001 e OHSAS 18001. Production, 25(3), 626-640.

Cagnin, F., Oliveira, M. C., & Cauchick Miguel, P. A. (2019). Assessment of ISO 9001: 2015 implementation: focus on risk management approach requirements compliance in an automotive company. Total Quality Management & Business Excellence, 32(9-10), 1147-1165.

Chiarini, A. (2017). Risk-based thinking according to ISO 9001:2015 standard and the risk sources European manufacturing SMEs intend to manage. The TQM Journal, 29(2), 310-323.

Chiarini, A. (2019). Why are manufacturing SMEs canceling their ISO 9001 certification? Research from Italy. Production Planning and Control, 30(8), 639-649.

Cicek, H. (2018). Difficulties and solution proposals relevant in the application of ISO 9001:2015: quality management system standards to Small and Medium-Sized (SME) companies. In Proceedings of the 8th International Conference on Information Communication and Management (ICICM ’18) (pp. 117-120). New York: Association for Computing Machinery.

Coghlan, D., & Brannick, T. (2005). Doing action in your own organization. Thousand Oaks: Sage Publications.

Cohen, J. (1960). A coefficient of agreement for nominal scales. Educational and Psychological Measurement, 20(1), 37-46.

Cooper, H. (1998). Synthesizing research: a guide for literature reviews. Thousand Oaks: Sage Publications.

Coughlan, P., & Coghlan, D. (2002). Action research for operations management. International Journal of Operations & Production Management, 22(2), 220-240.

Creswell, J. W., & Miller, D. L. (2010). Determining validity in qualitative inquiry. Theory into Practice, 39(3), 124-130.

Crovini, C., Ossola, G., & Britzelmaier, B. (2021). How to reconsider risk management in SMEs? An advanced, reasoned, and organised literature review. European Management Journal, 39(1), 118-134.

Cusmano, L., Koreen, M., & Pissareva, L. (2018). OECD ministerial conference on SMEs: key issues paper (OECD SME and Entrepreneurship Papers, No. 7). Paris: OECD Publishing.

Ezrahovich, A. Y., Vladimirtsev, A. V., & Livshitz, I. I. (2017). Risk-based thinking of ISO 9001:2015 - the new methods, approaches, and tools of risk management. In Proceedings of International Conference Quality Management, Transport, and Information Security, Information Technologies (IT&QM&IS) (pp. 506-511). New York: IEEE.

Fonseca, L. M. (2015). From quality gurus and TQM to ISO 9001:2015: a review of several quality Paths. International Journal of Qualitative Research, 9, 167-180.

Fonseca, L. M., & Domingues, J. P. (2018). Empirical research of the ISO 9001:2015: transition process in portugal: motivations, benefits, and success factors. Quality, Innovation. Prosperity, 22(2), 16-46.

Fonseca, L. M., Domingues, J. P., Baylina-Machado, P., & Harder, D. (2019). ISO 9001:2015 adoption: a multi-country empirical research. Journal of Industrial Engineering and Management, 12(1), 27-50.

Fonseca, L., Amaral, A., & Oliveira, J. (2021). Quality 4.0: the EFQM 2020 model and industry 4.0 relationships and implications. Sustainability, 13(6), 3107.

Fraser, J. R. S., & Simkins, B. J. (2016). The challenges of and solutions for implementing enterprise risk management. Business Horizons, 59(6), 689-698.

Hale, D., Fallon, E. F., & Fitzgerald, C. (2020). An equipment qualification framework for healthcare. IISE Transactions on Healthcare Systems Engineering, 10(1), 47-59.

Hillson, D. (2002). Extending the risk process to manage opportunities. International Journal of Project Management, 20(3), 235-240.

International Organization for Standardization – ISO. (2015). Quality management systems requirements (ISO standard No ISO 9001:2015). Geneva: ISO. Retrieved in 2021, April 30, from

International Organization for Standardization – ISO. (2016). ISO 9001-2015 for small enterprises: what to do? Geneva: ISO. Retrieved in 2021, April 30, from

International Organization for Standardization – ISO. (2018). Risk management: guidelines (ISO standard No ISO 31000:2018). Geneva: ISO. Retrieved in 2021, April 30, from

International Organization for Standardization – ISO. (2019). Risk-based thinking in ISO 9001:2015. Geneva: ISO. Retrieved in 2021, April 30, from

Jagodzińska, N. (2018). Key changes to the ISO 9001, ISO 14001, ISO 27001 management standards in the approach to the organizational context, including risk management. Transport Economics and Logistics, 78, 103-112.

Lalonde, C., & Boiral, O. (2012). Managing risks through ISO 31000: a critical analysis. Risk Management, 14(4), 272-300.

Li, J., Burnham, J. F., Lemley, T., & Britton, R. M. (2010). Citation Analysis: Comparison of Web of Science®, ScopusTM, SciFinder®, and Google Scholar. Journal of Electronic Resources in Medical Libraries, 7(3), 196-217.

Luburić, R. (2018). Creating a new model of managing change based on quality management principles and risk management principles. Quality and Excellence, 1-2, 35-40.

Maron, S., Lussier, R. N., & Sonfield, M. (2019). Entrepreneurial strategy: The relationship between firm size and levels of innovation and risk in small businesses. Journal of Small Business Strategy, 29(3), 33-45.

Martins, Y. S., & Silva, C. E. S. (2019). A risk management model for quality management systems based on ISO 9001:2015. In Proceedings on 25th International Joint Conference on Industrial Engineering and Operations Management – IJCIEOM, Lecture Notes on Multidisciplinary Industrial Engineering. Cham: Springer.

Medić, S., Karlović, B., & Cindrić, Z. (2016). New standard ISO 9001:2015 and its effect on organizations. Interdisciplinary Description of Complex Systems, 14(2), 188-193.

Mello, C. H. P., Turrioni, J. B., Xavier, A. F., & Campos, D. F. (2012). Pesquisa-ação na engenharia de produção: proposta de estruturação para sua condução. Revista Produção, 22(1), 1-13.

Melo, F. J. C., & Medeiros, D. D. (2020). Applying interpretive structural modeling to analyze the fundamental concepts of the management excellence model guided by the risk-based thinking of ISO 9001:2015. Human and Ecological Risk Assessment, 27(3), 742-772.

Mongeon, P., & Paul-Hus, A. (2016). The journal coverage of Web of Science and Scopus: a comparative analysis. Scientometrics, 106(1), 213-228.

Oliveira, J. A., Nadae, J., Oliveira, O. J., & Salgado, M. H. (2011). Um estudo sobre a utilização de sistemas, programas e ferramentas da qualidade em empresas do interior de São Paulo. Produção, 21(4), 708-723.

Perdigão, F., Jacinto, C., Lopes, S., & Matos, A. S. (2017). ISO 9001:2015 and its new requirement to address risk: a demonstration case-study. International Journal of Systematic Innovation, 4(4), 46-55.

Popa, F., & Gulie, N. (2018). Risk management, challenge, or good practice? Quality - Access to Success, 19(166), 30-34.

Rampini, G. H. S., Berssaneti, F. T., & Saut, A. M. (2019). Insertion of risk management in quality management systems with the advent of ISO 9001:2015: descriptive and content analyzes. In Industrial Engineering and Operations Management II. IJCIEOM 2018. Springer Proceedings in Mathematics & Statistics (Vol. 281). Cham: Springer.

Rossiter, J. R. (2002). The C-OAR-SE procedure for scale development in marketing. International Journal of Research in Marketing, 19(4), 305-335.

Rybski, C., Jochem, R., & Homma, L. (2017). An empirical study on the status of preparation for ISO 9001:2015. Total Quality Management & Business Excellence, 28(9-10), 1076-1089.

Samani, M. A., Ismail, N., Leman, Z., & Zulkifli, N. (2017). Development of a conceptual model for risk-based quality management system. Total Quality Management & Business Excellence, 30(5-6), 483-498.

Sampaio, P., Saraiva, P., & Rodrigues, A. G. (2009). ISO 9001 certification research: questions, answers, and approaches. International Journal of Quality & Reliability Management, 26(1), 38-58.

Sarstedt, M., Diamantopoulos, A., & Salzberger, T. (2016). Should we use single items? Better not. Journal of Business Research, 69(8), 3199-3203.

Sitnikov, C. S., & Bocean, C. G. (2015). The role of risk management in ISO 9001:2015. In Proceedings of 9th International Management Conference: Management and Innovation for Competitive Advantage. Bucharest, Romania.

Testa, J. (1998). A base de dados ISI e seu processo de seleção de revistas. Ciência da Informação, 27(2), 233-235.

Thiollent, M. (2007). Metodologia da pesquisa-ação. São Paulo: Cortez.

Tranchard, S. (2018, February 15). The new ISO 31000 keeps risk management simple. Geneva: ISO. Retrieved in 2021, April 30, from

Tranfield, D., Denyer, D., & Smart, P. (2003). Towards a methodology for developing evidence-informed management knowledge by means of systematic review. British Journal of Management, 14(1), 207-222.

Vasile, F. (2017). A critical approach to thinking risk-based existing in the new issue of ISO 9001: 2015 standard. EEA - Electrotehnica, Electronica, Automatica, 65, 19-23.

Wynd, C. A., Schmidt, B., & Schaefer, M. A. (2003). Two quantitative approaches for estimating content validity. Western Journal of Nursing Research, 25(5), 508-518. PMid:12955968.

Zec, S., Soriani, N., Comoretto, R., & Baldi, I. (2017). High agreement and high prevalence: the paradox of Cohen’s Kappa. The Open Nursing Journal, 11(1), 211-218. PMid:29238424.

Zimon, D. (2016). Influence of quality management systems on improving processes on small and medium-sized organizations. Quality - Access to Success, 17(150), 61-64.

Zuber-Skerritt, O. (2018). An educational framework for participatory action learning and action research (PALAR). Educational Action Research, 26(4), 513-532.

Submitted date:

Accepted date:

6179351aa953953f6e6e8263 production Articles
Links & Downloads


Share this page
Page Sections