risk management research methodology

Home / Resources / ISACA Journal / Issues / 2021 / Volume 2 / Risk Assessment and Analysis Methods

Risk assessment and analysis methods: qualitative and quantitative.

A risk assessment determines the likelihood, consequences and tolerances of possible incidents. “Risk assessment is an inherent part of a broader risk management strategy to introduce control measures to eliminate or reduce any potential risk- related consequences.” 1 The main purpose of risk assessment is to avoid negative consequences related to risk or to evaluate possible opportunities.

It is the combined effort of:

“…[I]dentifying and analyzing possible future events that could adversely affect individuals, assets, processes and/or the environment (i.e.,risk analysis)”
“…[M]aking judgments about managing and tolerating risk on the basis of a risk analysis while considering influencing factors (i.e., risk evaluation)” 2

Relationships between assets, processes, threats, vulnerabilities and other factors are analyzed in the risk assessment approach. There are many methods available, but quantitative and qualitative analysis are the most widely known and used classifications. In general, the methodology chosen at the beginning of the decision-making process should be able to produce a quantitative explanation about the impact of the risk and security issues along with the identification of risk and formation of a risk register. There should also be qualitative statements that explain the importance and suitability of controls and security measures to minimize these risk areas. 3

In general, the risk management life cycle includes seven main processes that support and complement each other ( figure 1 ):

Determine the risk context and scope, then design the risk management strategy.
Choose the responsible and related partners, identify the risk and prepare the risk registers.
Perform qualitative risk analysis and select the risk that needs detailed analysis.
Perform quantitative risk analysis on the selected risk.
Plan the responses and determine controls for the risk that falls outside the risk appetite.
Implement risk responses and chosen controls.
Monitor risk improvements and residual risk.

Qualitative and Quantitative Risk Analysis Techniques

Different techniques can be used to evaluate and prioritize risk. Depending on how well the risk is known, and if it can be evaluated and prioritized in a timely manner, it may be possible to reduce the possible negative effects or increase the possible positive effects and take advantage of the opportunities. 4 “Quantitative risk analysis tries to assign objective numerical or measurable values” regardless of the components of the risk assessment and to the assessment of potential loss. Conversely, “a qualitative risk analysis is scenario-based.” 5

Qualitative Risk The purpose of qualitative risk analysis is to identify the risk that needs detail analysis and the necessary controls and actions based on the risk’s effect and impact on objectives. 6 In qualitative risk analysis, two simple methods are well known and easily applied to risk: 7

Keep It Super Simple (KISS) —This method can be used on narrow-framed or small projects where unnecessary complexity should be avoided and the assessment can be made easily by teams that lack maturity in assessing risk. This one-dimensional technique involves rating risk on a basic scale, such as very high/high/medium/low/very.
Probability/Impact —This method can be used on larger, more complex issues with multilateral teams that have experience with risk assessments. This two-dimensional technique is used to rate probability and impact. Probability is the likelihood that a risk will occur. The impact is the consequence or effect of the risk, normally associated with impact to schedule, cost, scope and quality. Rate probability and impact using a scale such as 1 to 10 or 1 to 5, where the risk score equals the probability multiplied by the impact.

Qualitative risk analysis can generally be performed on all business risk. The qualitative approach is used to quickly identify risk areas related to normal business functions. The evaluation can assess whether peoples’ concerns about their jobs are related to these risk areas. Then, the quantitative approach assists on relevant risk scenarios, to offer more detailed information for decision-making. 8 Before making critical decisions or completing complex tasks, quantitative risk analysis provides more objective information and accurate data than qualitative analysis. Although quantitative analysis is more objective, it should be noted that there is still an estimate or inference. Wise risk managers consider other factors in the decision-making process. 9

Although a qualitative risk analysis is the first choice in terms of ease of application, a quantitative risk analysis may be necessary. After qualitative analysis, quantitative analysis can also be applied. However, if qualitative analysis results are suﬃcient, there is no need to do a quantitative analysis of each risk.

Quantitative Risk A quantitative risk analysis is another analysis of high-priority and/or high-impact risk, where a numerical or quantitative rating is given to develop a probabilistic assessment of business-related issues. In addition, quantitative risk analysis for all projects or issues/processes operated with a project management approach has a more limited use, depending on the type of project, project risk and the availability of data to be used for quantitative analysis. 10

The purpose of a quantitative risk analysis is to translate the probability and impact of a risk into a measurable quantity. 11 A quantitative analysis: 12

“Quantifies the possible outcomes for the business issues and assesses the probability of achieving specific business objectives”
“Provides a quantitative approach to making decisions when there is uncertainty”
“Creates realistic and achievable cost, schedule or scope targets”

Consider using quantitative risk analysis for: 13

“Business situations that require schedule and budget control planning”
“Large, complex issues/projects that require go/no go decisions”
“Business processes or issues where upper management wants more detail about the probability of completing on schedule and within budget”

The advantages of using quantitative risk analysis include: 14

Objectivity in the assessment
Powerful selling tool to management
Direct projection of cost/benefit
Flexibility to meet the needs of specific situations
Flexibility to fit the needs of specific industries
Much less prone to arouse disagreements during management review
Analysis is often derived from some irrefutable facts

THE MOST COMMON PROBLEM IN QUANTITATIVE ASSESSMENT IS THAT THERE IS NOT ENOUGH DATA TO BE ANALYZED.

To conduct a quantitative risk analysis on a business process or project, high-quality data, a definite business plan, a well-developed project model and a prioritized list of business/project risk are necessary. Quantitative risk assessment is based on realistic and measurable data to calculate the impact values that the risk will create with the probability of occurrence. This assessment focuses on mathematical and statistical bases and can “express the risk values in monetary terms, which makes its results useful outside the context of the assessment (loss of money is understandable for any business unit). 15 The most common problem in quantitative assessment is that there is not enough data to be analyzed. There also can be challenges in revealing the subject of the evaluation with numerical values or the number of relevant variables is too high. This makes risk analysis technically diﬃcult.

There are several tools and techniques that can be used in quantitative risk analysis. Those tools and techniques include: 16

Heuristic methods —Experience-based or expert- based techniques to estimate contingency
Three-point estimate —A technique that uses the optimistic, most likely and pessimistic values to determine the best estimate
Decision tree analysis —A diagram that shows the implications of choosing various alternatives
Expected monetary value (EMV) —A method used to establish the contingency reserves for a project or business process budget and schedule
Monte Carlo analysis —A technique that uses optimistic, most likely and pessimistic estimates to determine the business cost and project completion dates
Sensitivity analysis —A technique used to determine the risk that has the greatest impact on a project or business process
Fault tree analysis (FTA) and failure modes and effects analysis (FMEA) —The analysis of a structured diagram that identifies elements that can cause system failure

There are also some basic (target, estimated or calculated) values used in quantitative risk assessment. Single loss expectancy (SLE) represents the money or value expected to be lost if the incident occurs one time, and an annual rate of occurrence (ARO) is how many times in a one-year interval the incident is expected to occur. The annual loss expectancy (ALE) can be used to justify the cost of applying countermeasures to protect an asset or a process. That money/value is expected to be lost in one year considering SLE and ARO. This value can be calculated by multiplying the SLE with the ARO. 17 For quantitative risk assessment, this is the risk value. 18

USING BOTH APPROACHES CAN IMPROVE PROCESS EFFICIENCY AND HELP ACHIEVE DESIRED SECURITY LEVELS.

By relying on factual and measurable data, the main benefits of quantitative risk assessment are the presentation of very precise results about risk value and the maximum investment that would make risk treatment worthwhile and profitable for the organization. For quantitative cost-benefit analysis, ALE is a calculation that helps an organization to determine the expected monetary loss for an asset or investment due to the related risk over a single year.

For example, calculating the ALE for a virtualization system investment includes the following:

Virtualization system hardware value: US$1 million (SLE for HW)
Virtualization system management software value: US$250,000 (SLE for SW)
Vendor statistics inform that a system catastrophic failure (due to software or hardware) occurs one time every 10 years (ARO = 1/10 = 0.1)
ALE for HW = 1M * 1 = US$100,000
ALE for SW = 250K * 0.1 = US$25,000

In this case, the organization has an annual risk of suffering a loss of US$100,000 for hardware or US$25,000 for software individually in the event of the loss of its virtualization system. Any implemented control (e.g., backup, disaster recovery, fault tolerance system) that costs less than these values would be profitable.

Some risk assessment requires complicated parameters. More examples can be derived according to the following “step-by-step breakdown of the quantitative risk analysis”: 19

Conduct a risk assessment and vulnerability study to determine the risk factors.
Determine the exposure factor (EF), which is the percentage of asset loss caused by the identified threat.
Based on the risk factors determined in the value of tangible or intangible assets under risk, determine the SLE, which equals the asset value multiplied by the exposure factor.
Evaluate the historical background and business culture of the institution in terms of reporting security incidents and losses (adjustment factor).
Estimate the ARO for each risk factor.
Determine the countermeasures required to overcome each risk factor.
Add a ranking number from one to 10 for quantifying severity (with 10 being the most severe) as a size correction factor for the risk estimate obtained from company risk profile.
Determine the ALE for each risk factor. Note that the ARO for the ALE after countermeasure implementation may not always be equal to zero. ALE (corrected) equals ALE (table) times adjustment factor times size correction.
Calculate an appropriate cost/benefit analysis by finding the differences before and after the implementation of countermeasures for ALE.
Determine the return on investment (ROI) based on the cost/benefit analysis using internal rate of return (IRR).
Present a summary of the results to management for review.

Using both approaches can improve process eﬃciency and help achieve desired security levels. In the risk assessment process, it is relatively easy to determine whether to use a quantitative or a qualitative approach. Qualitative risk assessment is quick to implement due to the lack of mathematical dependence and measurements and can be performed easily. Organizations also benefit from the employees who are experienced in asset/processes; however, they may also bring biases in determining probability and impact. Overall, combining qualitative and quantitative approaches with good assessment planning and appropriate modeling may be the best alternative for a risk assessment process ( figure 2 ). 20

Qualitative risk analysis is quick but subjective. On the other hand, quantitative risk analysis is optional and objective and has more detail, contingency reserves and go/no-go decisions, but it takes more time and is more complex. Quantitative data are diﬃcult to collect, and quality data are prohibitively expensive. Although the effect of mathematical operations on quantitative data are reliable, the accuracy of the data is not guaranteed as a result of being numerical only. Data that are diﬃcult to collect or whose accuracy is suspect can lead to inaccurate results in terms of value. In that case, business units cannot provide successful protection or may make false-risk treatment decisions and waste resources without specifying actions to reduce or eliminate risk. In the qualitative approach, subjectivity is considered part of the process and can provide more flexibility in interpretation than an assessment based on quantitative data. 21 For a quick and easy risk assessment, qualitative assessment is what 99 percent of organizations use. However, for critical security issues, it makes sense to invest time and money into quantitative risk assessment. 22 By adopting a combined approach, considering the information and time response needed, with data and knowledge available, it is possible to enhance the effectiveness and efficiency of the risk assessment process and conform to the organization’s requirements.

1 ISACA ® , CRISC Review Manual, 6 th Edition , USA, 2015, https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004Ko8ZEAS 2 Ibid. 3 Schmittling, R.; A. Munns; “Performing a Security Risk Assessment,” ISACA ® Journal , vol. 1, 2010, https://www.isaca.org/resources/isaca-journal/issues 4 Bansal,; "Differentiating Quantitative Risk and Qualitative Risk Analysis,” iZenBridge,12 February 2019, https://www.izenbridge.com/blog/differentiating-quantitative-risk-analysis-and-qualitative-risk-analysis/ 5 Tan, D.; Quantitative Risk Analysis Step-By-Step , SANS Institute Information Security Reading Room, December 2020, https://www.sans.org/reading-room/whitepapers/auditing/quantitative-risk-analysis-step-by-step-849 6 Op cit Bansal 7 Hall, H.; “Evaluating Risks Using Qualitative Risk Analysis,” Project Risk Coach, https://projectriskcoach.com/evaluating-risks-using-qualitative-risk-analysis/ 8 Leal, R.; “Qualitative vs. Quantitative Risk Assessments in Information Security: Differences and Similarities,” 27001 Academy, 6 March 2017, https://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/ 9 Op cit Hall 10 Goodrich, B.; “Qualitative Risk Analysis vs. Quantitative Risk Analysis,” PM Learning Solutions, https://www.pmlearningsolutions.com/blog/qualitative-risk-analysis-vs-quantitative-risk-analysis-pmp-concept-1 11 Meyer, W. ; “Quantifying Risk: Measuring the Invisible,” PMI Global Congress 2015—EMEA, London, England, 10 October 2015, https://www.pmi.org/learning/library/quantitative-risk-assessment-methods-9929 12 Op cit Goodrich 13 Op cit Hall 14 Op cit Tan 15 Op cit Leal 16 Op cit Hall 17 Tierney, M.; “Quantitative Risk Analysis: Annual Loss Expectancy," Netwrix Blog, 24 July 2020, https://blog.netwrix.com/2020/07/24/annual-loss-expectancy-and-quantitative-risk-analysis 18 Op cit Leal 19 Op cit Tan 20 Op cit Leal 21 ISACA ® , Conductin g a n IT Security Risk Assessment, USA, 2020, https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoZeEAK 22 Op cit Leal

Volkan Evrin, CISA, CRISC, COBIT 2019 Foundation, CDPSE, CEHv9, ISO 27001-22301-20000 LA

Has more than 20 years of professional experience in information and technology (I&T) focus areas including information systems and security, governance, risk, privacy, compliance, and audit. He has held executive roles on the management of teams and the implementation of projects such as information systems, enterprise applications, free software, in-house software development, network architectures, vulnerability analysis and penetration testing, informatics law, Internet services, and web technologies. He is also a part-time instructor at Bilkent University in Turkey; an APMG Accredited Trainer for CISA, CRISC and COBIT 2019 Foundation; and a trainer for other I&T-related subjects. He can be reached at [email protected] .

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

View all journals
Explore content
About the journal
Publish with us
Sign up for alerts
Open access
Published: 24 May 2024

Beyond probability-impact matrices in project risk management: A quantitative methodology for risk prioritisation

F. Acebes ORCID: orcid.org/0000-0002-4525-2610 1 ,
J. M. González-Varona 2 ,
A. López-Paredes 2 &
J. Pajares 1

Humanities and Social Sciences Communications volume 11 , Article number: 670 ( 2024 ) Cite this article

599 Accesses

1 Altmetric

Metrics details

Business and management

The project managers who deal with risk management are often faced with the difficult task of determining the relative importance of the various sources of risk that affect the project. This prioritisation is crucial to direct management efforts to ensure higher project profitability. Risk matrices are widely recognised tools by academics and practitioners in various sectors to assess and rank risks according to their likelihood of occurrence and impact on project objectives. However, the existing literature highlights several limitations to use the risk matrix. In response to the weaknesses of its use, this paper proposes a novel approach for prioritising project risks. Monte Carlo Simulation (MCS) is used to perform a quantitative prioritisation of risks with the simulation software MCSimulRisk. Together with the definition of project activities, the simulation includes the identified risks by modelling their probability and impact on cost and duration. With this novel methodology, a quantitative assessment of the impact of each risk is provided, as measured by the effect that it would have on project duration and its total cost. This allows the differentiation of critical risks according to their impact on project duration, which may differ if cost is taken as a priority objective. This proposal is interesting for project managers because they will, on the one hand, know the absolute impact of each risk on their project duration and cost objectives and, on the other hand, be able to discriminate the impacts of each risk independently on the duration objective and the cost objective.

A case study on the relationship between risk assessment of scientific research projects and related factors under the Naive Bayesian algorithm

Compound Matrix-Based Project Database (CMPD)

Risk identification approaches and the number of risks identified: the use of work breakdown structure and business process

Introduction.

The European Commission ( 2023 ) defines a project as a temporary organizational structure designed to produce a unique product or service according to specified constraints, such as time, cost, and quality. As projects are inherently complex, they involve risks that must be effectively managed (Naderpour et al. 2019 ). However, achieving project objectives can be challenging due to unexpected developments, which often disrupt plans and budgets during project execution and lead to significant additional costs. The Standish Group ( 2022 ) notes that managing project uncertainty is of paramount importance, which renders risk management an indispensable discipline. Its primary goal is to identify a project’s risk profile and communicate it by enabling informed decision making to mitigate the impact of risks on project objectives, including budget and schedule adherence (Creemers et al. 2014 ).

Several methodologies and standards include a specific project risk management process (Axelos, 2023 ; European Commission, 2023 ; Project Management Institute, 2017 ; International Project Management Association, 2015 ; Simon et al. 1997 ), and there are even specific standards and guidelines for it (Project Management Institute, 2019 , 2009 ; International Organization for Standardization, 2018 ). Despite the differences in naming each phase or process that forms part of the risk management process, they all integrate risk identification, risk assessment, planning a response to the risk, and implementing this response. Apart from all this, a risk monitoring and control process is included. The “Risk Assessment” process comprises, in turn, risk assessments by qualitative methods and quantitative risk assessments.

A prevalent issue in managing project risks is identifying the significance of different sources of risks to direct future risk management actions and to sustain the project’s cost-effectiveness. For many managers busy with problems all over the place, one of the most challenging tasks is to decide which issues to work on first (Ward, 1999 ) or, in other words, which risks need to be paid more attention to avoid deviations from project objectives.

Given the many sources of risk and the impossibility of comprehensively addressing them, it is natural to prioritise identified risks. This process can be challenging because determining in advance which ones are the most significant factors, and how many risks merit detailed monitoring on an individual basis, can be complicated. Any approach that facilitates this prioritisation task, especially if it is simple, will be welcomed by those willing to use it (Ward, 1999 ).

Risk matrices emerge as established familiar tools for assessing and ranking risks in many fields and industry sectors (Krisper, 2021 ; Qazi et al. 2021 ; Qazi and Simsekler, 2021 ; Monat and Doremus, 2020 ; Li et al. 2018 ). They are now so commonplace that everyone accepts and uses them without questioning them, along with their advantages and disadvantages. Risk matrices use the likelihood and potential impact of risks to inform decision making about prioritising identified risks (Proto et al. 2023 ). The methods that use the risk matrix confer higher priority to those risks in which the product of their likelihood and impact is the highest.

However, the probability-impact matrix has severe limitations (Goerlandt and Reniers, 2016 ; Duijm, 2015 ; Vatanpour et al. 2015 ; Ball and Watt, 2013 ; Levine, 2012 ; Cox, 2008 ; Cox et al. 2005 ). The main criticism levelled at this methodology is its failure to consider the complex interrelations between various risks and use precise estimates for probability and impact levels. Since then, increasingly more academics and practitioners are reluctant to resort to risk matrices (Qazi et al. 2021 ).

Motivated by the drawbacks of using risk matrices or probability-impact matrices, the following research question arises: Is it possible to find a methodology for project risk prioritisation that overcomes the limitations of the current probability-impact matrix?

To answer this question, this paper proposes a methodology based on Monte Carlo Simulation that avoids using the probability-impact matrix and allows us to prioritise project risks by evaluating them quantitatively, and by assessing the impact of risks on project duration and the cost objectives. With the help of the ‘MCSimulRisk’ simulation software (Acebes et al. 2024 ; Acebes et al. 2023 ), this paper determines the impact of each risk on project duration objectives (quantified in time units) and cost objectives (quantified in monetary units). In this way, with the impact of all the risks, it is possible to establish their prioritisation based on their absolute (and not relative) importance for project objectives. The methodology allows quantified results to be obtained for each risk by differentiating between the project duration objective and its cost objective.

With this methodology, it also confers the ‘Risk Assessment’ process cohesion and meaning. This process forms part of the general Risk Management process and is divided into two subprocesses: qualitative and quantitative risk analyses (Project Management Institute, 2017 ). Although Monte Carlo simulation is widely used in project risk assessments (Tong et al. 2018 ; Taroun, 2014 ), as far as we know, the literature still does not contain references that use the data obtained in a qualitative analysis (data related to the probability and impact of each identified risk) to perform a quantitative risk analysis integrated into the project model. Only one research line by A. Qazi (Qazi et al. 2021 ; Qazi and Dikmen, 2021 ; Qazi and Simsekler, 2021 ) appears, where the authors propose a risk indicator with which they determine the level of each identified risk that concerns the established threshold. Similarly, Krisper ( 2021 ) applies the qualitative data of risk factors to construct probability functions, but once again falls in the error of calculating the expected value of the risk for risk prioritisation. In contrast, the novelty proposed in this study incorporates into the project simulation model all the identified risks characterised by their probability and impact values, as well as the set of activities making up the project.

In summary, instead of the traditional risk prioritisation method to qualitatively estimate risk probabilities and impacts, we model probabilities and impacts (duration and cost) at the activity level as distribution functions. When comparing both methods (traditional vs. our proposal), the risk prioritisation results are entirely different and lead to a distinct ranking.

From this point, and to achieve our purpose, the article comes as follows. Literature review summarises the relevant literature related to the research. Methodology describes the suggested methodology. Case study presents the case study used to show how to apply the presented method before discussing the obtained results. Finally, Conclusions draws conclusions about the proposed methodology and identifies the research future lines that can be developed from it.

Literature review

This section presents the literature review on risk management processes and probability-impact matrices to explain where this study fits into existing research. This review allows us to establish the context where our proposal lies in integrated risk management processes. Furthermore, it is necessary to understand the reasons for seeking alternatives to the usual well-known risk matrices.

Risk management methodologies and standards

It is interesting to start with the definition of ‘Risk’ because it is a term that is not universally agreed on, even by different standards and norms. Thus, for example, the International Organization for Standardization ( 2018 ) defines it as “the effect of uncertainty on objectives”, while the Project Management Institute ( 2021 ) defines it as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives”. This paper adopts the definition of risk proposed by Hillson ( 2014 ), who uses a particular concept: “risk is uncertainty that matters”. It matters because it affects project objectives and only the uncertainties that impact the project are considered a ‘risk’.

Other authors (Elms, 2004 ; Frank, 1999 ) identify two uncertainty categories: aleatoric, characterised by variability and the presence of a wide range of possible values; epistemic, which arises due to ambiguity or lack of complete knowledge. Hillson ( 2014 ) classifies uncertainties into four distinct types: aleatoric, due to the reliability of activities; stochastic, recognised as a risk event or a possible future event; epistemic, also due to ambiguity; ontological, that which we do not know (black swan). Except for ontological uncertainty, which cannot be modelled due to absolute ignorance of risk, the other identified uncertainties are incorporated into our project model. For this purpose, the probability and impact of each uncertainty are modelled as distribution functions to be incorporated into Monte Carlo simulation.

A risk management process involves analysing the opportunities and threats that can impact project objectives, followed by planning appropriate actions for each one. This process aims to maximise the likelihood of opportunities occurring and to minimise the likelihood of identified threats materialising.

Although it is true that different authors have proposed their particular way of understanding project risk management (Kerzner, 2022 ; Hillson and Simon, 2020 ; Chapman and Ward, 2003 ; Chapman, 1997 ), we wish to look at the principal methodologies, norms and standards in project management used by academics and practitioners to observe how they deal with risk (Axelos, 2023 ; European Commission, 2023 ; International Organization for Standardization, 2018 ; Project Management Institute, 2017 ; International Project Management Association, 2015 ) (Table 1 ).

Table 1 shows the main subprocesses making up the overall risk management process from the point of view of each different approach. All the aforementioned approaches contain a subprocess related to risk assessment. Some of these approaches develop the subprocess by dividing it into two parts: qualitative assessment and quantitative assessment. Individual project risks are ranked for further analyses or action with a qualitative assessment by evaluating the probability of their occurrence and potential impact. A quantitative assessment involves performing a numerical analysis of the joint effect of the identified individual risks and additional sources of uncertainty on the overall project objectives (Project Management Institute, 2017 ). In turn, all these approaches propose the probability-impact or risk matrix as a technique or tool for prioritising project risks.

Within this framework, a ranking of risks by a quantitative approach applies as opposed to the qualitative assessment provided by the risk matrix. To do so, we use estimates of the probability and impact associated with each identified risk. The project model includes these estimates to determine the absolute value of the impact of each risk on time and cost objectives.

Probability-impact matrix

The risk matrix, or probability-impact matrix, is a tool included in the qualitative analysis for risk management and used to analyse, visualise and prioritise risks to make decisions on the resources to be employed to combat them (Goerlandt and Reniers, 2016 ; Duijm, 2015 ). Its well-established use appears in different sectors, ranging from the construction industry (Qazi et al. 2021 ), oil and gas industries (Thomas et al. 2014 ), to the healthcare sector (Lemmens et al. 2022 ), engineering projects (Koulinas et al. 2021 ) and, of course, project management (International Organization for Standardization, 2019 ; Li et al. 2018 ).

In a table, the risk matrix represents the probability (usually on the vertical axis of the table) and impact (usually on the horizontal axis) categories (Ale et al. 2015 ). These axes are further divided into different levels so that risk matrices of 3×3 levels are found with three levels set for probability and three others to define impact, 5 × 5, or even more levels (Duijm, 2015 ; Levine, 2012 ; Cox, 2008 ). The matrix classifies risks into different risk categories, normally labelled with qualitative indicators of severity (often colours like “Red”, “Yellow” and “Green”). This classification combines each likelihood level with every impact level in the matrix (see an example of a probability-impact matrix in Fig. 1 ).

Probability – impact matrix. An example of use.

There are three different risk matrix typologies based on the categorisation of likelihood and impact: qualitative, semiquantitative, and quantitative. Qualitative risk matrices provide descriptive assessments of probability and consequence by establishing categories as “low,” “medium” or “high” (based on the matrix’s specific number of levels). In contrast, semiquantitative risk matrices represent the input categories by ascending scores, such as 1, 2, or 3 (in a 3×3 risk matrix), where higher scores indicate a stronger impact or more likelihood. Finally, in quantitative risk matrices, each category receives an assignment of numerical intervals corresponding to probability or impact estimates. For example, the “Low” probability level is associated with a probability interval [0.1 0.3] (Li et al. 2018 ).

Qualitative matrices classify risks according to their potential hazard, depending on where they fit into the matrix. The risk level is defined by the “colour” of the corresponding cell (in turn, this depends on the probability and impact level), with risks classified with “red” being the most important and the priority ones to pay attention to, but without distinguishing any risks in the different cells of the same colour. In contrast, quantitative risk matrices allow to classify risks according to their risk level (red, yellow, or green) and to prioritise each risk in the same colour by indicating which is the most important. Each cell is assigned a colour and a numerical value, and the product of the value is usually assigned to the probability level and the value assigned to the impact level (Risk = probability × impact).

Risk matrix use is frequent, partly due to its simple application and easy construction compared to alternative risk assessment methods (Levine, 2012 ). Risk matrices offer a well-defined structure for carrying out a methodical risk assessment, provide a practical justification for ranking and prioritising risks, visually and attractively inform stakeholders, among other reasons (Talbot, 2014 ; Ball and Watt, 2013 ).

However, many authors identify problems in using risk matrices (Monat and Doremus, 2020 ; Peace, 2017 ; Levine, 2012 ; Ni et al. 2010 ; Cox, 2008 ; Cox et al. 2005 ), and even the International Organization for Standardization ( 2019 ) indicates some drawbacks. The most critical problems identified in using risk matrices for strategic decision-making are that risk matrices can be inaccurate when comparing risks and they sometimes assign similar ratings to risks with significant quantitative differences. In addition, there is the risk of giving excessively high qualitative ratings to risks that are less serious from a quantitative perspective. This can lead to suboptimal decisions, especially when threats have negative correlations in frequency and severity terms. Such lack of precision can result in inefficient resource allocation because they cannot be based solely on the categories provided by risk matrices. Furthermore, the categorisation of the severity of consequences is subjective in uncertainty situations, and the assessment of probability, impact and risk ratings very much depends on subjective interpretations, which can lead to discrepancies between different users when assessing the same quantitative risks.

Given this background, several authors propose solutions to the posed problems. Goerlandt and Reniers ( 2016 ) review previous works that have attempted to respond to the problems identified with risk matrices. For example, Markowski and Mannan ( 2008 ) suggest using fuzzy sets to consider imprecision in describing ordinal linguistic scales. Subsequently, Ni et al. ( 2010 ) propose a methodology that employs probability and consequence ranks as independent score measures. Levine ( 2012 ) puts forward the use of logarithmic scales on probability and impact axes. Menge et al. (2018) recommend utilising untransformed values as scale labels due to experts’ misunderstanding of logarithmic scales. Ruan et al. ( 2015 ) suggest an approach that considers decision makers’ risk aversion by applying the utility theory.

Other authors, such as Duijm ( 2015 ), propose a continuous probability consequence diagram as an alternative to the risk matrix, and employing continuous scales instead of categories. They also propose utilising more comprehensive colour ranges in risk matrices whenever necessary to prioritise risks and to not simply accept them. In contrast, Monat and Doremus ( 2020 ) put forward a new risk prioritisation tool. Alternatively, Sutherland et al. ( 2022 ) suggest changing matrix size by accommodating cells’ size to the risk’s importance. Even Proto et al. ( 2023 ) recommend avoiding colour in risk matrices so that the provided information is unbiased due to the bias that arises when using coloured matrices.

By bearing in mind the difficulties presented by the results offered by risk matrices, we propose a quantitative method for risk prioritisation. We use qualitative risk analysis data by maintaining the estimate of the probability of each risk occurring and its potential impact. Nevertheless, instead of entering these data into the risk matrix, our project model contains them for Monte Carlo simulation. As a result, we obtain a quantified prioritisation of each risk that differentiates the importance of each risk according to the impact on cost and duration objectives.

Methodology

Figure 2 depicts the proposed method for prioritising project risks using quantitative techniques. At the end of the process, and with the prioritised risks indicating the absolute value of the impact of each risk on the project, the organisation can efficiently allocate resources to the risks identified as the most critical ones.

Quantitative Risk Assessment Flow Chart.

The top of the diagram indicates the risk phases that belong to the overall risk management process. Below them it reflects the steps of the proposed model that would apply in each phase.

The first step corresponds to the project’s “ risk identification ”. Using the techniques or tools established by the organisation (brainstorming, Delphi techniques, interviews, or others), we obtain a list of the risks ( R ) that could impact the project objectives (Eq. 1 ), where m is the number of risks identified in the project.

Next we move on to the “ risk estimation ” phase, in which a distribution function must be assigned to the probability that each identified risk will appear. We also assign the distribution function associated with the risk’s impact. Traditionally, the qualitative risk analysis defines semantic values (low, medium, high) to assign a level of probability and risk impact. These semantic values are used to evaluate the risk in the probability-impact matrix. Numerical scales apply in some cases, which help to assign a semantic level to a given risk (Fig. 3 ).

Source: Project Management Institute ( 2017 ).

Our proposed model includes the three uncertainty types put forward by Hillson ( 2014 ), namely aleatoric, stochastic and epistemic, to identify and assess different risks. Ontological uncertainty is not considered because it goes beyond the limits of human knowledge and cannot, therefore, be modelled (Alleman et al. 2018a ).

A risk can have aleatoric uncertainty as regards the probability of its occurrence, and mainly for its impact if its value can fluctuate over a set range due to its variability. This aleatoric risk uncertainty can be modelled using a probability distribution function (PDF), exactly as we do when modelling activity uncertainty (Acebes et al. 2015 , 2014 ). As the risk management team’s (or project management team’s) knowledge of the project increases, and as more information about the risk becomes available, the choice of the PDF (normal, triangular, beta, among others) and its parameters become more accurate.

A standard definition of risk is “an uncertain event that, if it occurs, may impact project objectives” (Project Management Institute, 2017 ). A risk, if defined according to the above statement, perfectly matches the stochastic uncertainty definition proposed by Hillson ( 2014 ). Moreover, one PDF that adequately models this type of uncertainty is a Bernoulli distribution function (Vose, 2008 ). Thus for deterministic risk probability estimates (the same as for risk impact), we model this risk (probability and impact) with a Bernoulli-type PDF that allows us to introduce this type of uncertainty into our simulation model.

Finally, epistemic uncertainties remain to be modelled, such as those for which we do not have absolute information about and that arise from a lack of knowledge (Damnjanovic and Reinschmidt, 2020 ; Alleman et al. 2018b ). In this case, risks (in likelihood and impact terms) are classified into different levels, and all these levels are assigned a numerical scale (as opposed to the methodology used in a qualitative risk analysis, where levels are classified with semantic values: “high”, “medium” and “low”).

“ Epistemic uncertainty is characterised by not precisely knowing the probability of occurrence or the magnitude of a potential impact. Traditionally, this type of risk has been identified with a qualitative term: “Very Low”, “Low”, “Medium”, “High” and “Very High” before using the probability-impact matrix. Each semantic category has been previously defined numerically by identifying every numerical range with a specific semantic value (Bae et al. 2004 ). For each established range, project managers usually know the limits (upper and lower) between which the risk (probability or impact) can occur. However, they do not certainly know the value it will take, not even the most probable value within that range. Therefore, we employ a uniform probability function to model epistemic uncertainty (i.e., by assuming that the probability of risk occurrence lies within an equiprobable range of values). Probabilistic representations of uncertainty have been successfully employed with uniform distributions to characterise uncertainty when knowledge is sparse or absent (Curto et al. 2022 ; Vanhoucke, 2018 ; Helton et al. 2006 ).

The choice of the number and range of each level should be subject to a thorough analysis and consideration by the risk management team. As each project is unique, there are ranges within which this type of uncertainty can be categorised. Different ranges apply to assess likelihood and impact. Furthermore for impact, further subdivision helps to distinguish between impact on project duration and impact on project costs. For example, when modelling probability, we can set five probability levels corresponding to intervals: [0 0.05], [0.05 0.2], [0.2 0.5], and so on. With the time impact, for example, on project duration, five levels as follows may apply: [0 1], [1 4], [4 12], …. (measured in weeks, for example).

Modelling this type of uncertainty requires the risk management team’s experience, the data stored on previous projects, and constant consultation with project stakeholders. The more project knowledge available, the more accurate the proposed model is for each uncertainty, regardless of it lying in the number of intervals, their magnitude or the type of probability function (PDF) chosen to model that risk.

Some authors propose using uniform distribution functions to model this type of epistemic uncertainty because it perfectly reflects lack of knowledge about the expected outcome (Eldosouky et al. 2014 ; Vose, 2008 ). On the contrary, others apply triangular functions, which require more risk knowledge (Hulett, 2012 ). Following the work by Curto et al. ( 2022 ), we employ uniform distribution functions.

As a result of this phase, we obtain the model and the parameters that model the distribution functions of the probability ( P ) and impact ( I ) of each identified risk in the previous phase (Eq. 2 ).

Once the risks identified in the project have been defined and their probabilities and impacts modelled, we move on to “ quantitative risk prioritisation ”. We start by performing MCS on the planned project model by considering only the aleatoric uncertainty of activities. In this way, we learn the project’s total duration and cost, which is commonly done in a Monte Carlo analysis. In Monte Carlo Methods (MCS), expert judgement and numerical methods are combined to generate a probabilistic result through simulation routine (Ammar et al. 2023 ). This mathematical approach is noted for its ability to analyse uncertain scenarios from a probabilistic perspective. MCS have been recognised as outperforming other methods due to their accessibility, ease of use and simplicity. MCS also allow the analysis of opportunities, uncertainties, and threats (Al-Duais and Al-Sharpi, 2023 ). This technique can be invaluable to risk managers and helpful for estimating project durations and costs (Ali Elfarra and Kaya, 2021 ).

As inputs to the simulation process, we include defining project activities (duration, cost, precedence relationship). We also consider the risks identified in the project, which are those we wish to prioritise and to obtain a list ordered by importance (according to their impact on not only duration, but also on project cost). The ‘MCSimulRisk’ software application (Acebes, Curto, et al. 2023 ; Acebes, De Antón, et al. 2023 ) allows us to perform MCS and to obtain the main statistics that result from simulation (including percentiles) that correspond to the total project duration ( Tot_Dur ) and to its total cost ( Tot_Cost ) (Eq. 3 ).

Next, we perform a new simulation by including the first of the identified risks ( R 1 ) in the project model, for which we know its probability ( P 1 ) and its Impact ( I 1 ). After MCS, we obtain the statistics corresponding to this simulation ([ Tot_Dur 1 Tot_Cost 1 ]). We repeat the same operation with each identified risk ( R i , i = 1, …, m ) and obtain the main statistics corresponding to each simulation (Eq. 4 ).

Once all simulations (the same number as risks) have been performed, we must choose a confidence percentile to calculate risk prioritisation (Rezaei et al. 2020 ; Sarykalin et al. 2008 ). Given that the total duration and cost results available to us, obtained by MCS, are stochastic and have variability (they are no longer constant or deterministic), we must choose a percentile (α) that conveys the risk appetite that we are willing to assume when calculating. Risk appetite is “ the amount and type of risk that an organisation is prepared to pursue, retain or take ” (International Organization for Standardization, 2018 ).

A frequently employed metric for assessing risk in finance is the Value at Risk (VaR) (Caron, 2013 ; Caron et al. 2007 ). In financial terms, it is traditional to choose a P95 percentile as risk appetite (Chen and Peng, 2018 ; Joukar and Nahmens, 2016 ; Gatti et al. 2007 ; Kuester et al. 2006 ; Giot and Laurent, 2003 ). However in project management, the P80 percentile is sometimes chosen as the most appropriate percentile to measure risk appetite (Kwon and Kang, 2019 ; Traynor and Mahmoodian, 2019 ; Lorance and Wendling, 2001 ).

Finally, after choosing the risk level we are willing to assume, we need to calculate how each risk impacts project duration ( Imp_D Ri ) and costs ( Imp_C Ri ). To do so, we subtract the original value of the total project expected duration and costs (excluding all risks) from the total duration and costs of the simulation in which we include the risk we wish to quantify (Eq. 5 ).

Finally, we present these results on two separate lists, one for the cost impact and one for the duration impact, by ranking them according to their magnitude.

In this section, we use a real-life project to illustrate how to apply the proposed method for quantitative risk prioritisation purposes. For this purpose, we choose an engineering, procurement and construction project undertaken in South America and used in the literature by Votto et al. ( 2020a , 2020b ).

Project description

The project used as an application example consists of the expansion of an industrial facility. It covers a wide spectrum of tasks, such as design and engineering work, procurement of machinery and its components, civil construction, installation of all machinery, as well as commissioning and starting up machines (Votto et al. 2020a , 2020b ).

Table 2 details the parameters that we use to define activities. The project comprises 32 activities, divided into three groups: engineering, procurement and construction (EPC). A fictitious initial activity ( Ai ) and a fictitious final activity ( Af ) are included. We employ triangular distribution functions, whose parameters are the minimum value ( Min ), the most probable value ( Mp ) and the maximum value ( Max ), to model the random duration of activities, expressed as days. We divide the cost of each activity in monetary units into a fixed cost ( FC ), independently of activity duration, and the variable cost ( VC ), which is directly proportional to project duration. As activity duration can vary, and the activity cost increases directly with its duration, the total project cost also exhibits random variations.

Under these conditions, the planned project duration is 300 days and has a planned cost of 30,000 (x1000) monetary units. Figure 4 shows the Planned Value Curve of the project.

Planned value curve of the real-life project.

The next step in the methodology (Fig. 2 ) is to identify the project risks. To do this, the experts’ panel meets, analyses all the project documentation. Based on their personal experience with other similar projects and after consulting all the involved stakeholders, it provides a list of risks (see Table 3 ).

It identifies 11 risks, of which nine have the potential to directly impact the project duration objective (R1 to R9), while six may impact the cost objective (R10 to R15). The risks that might impact project duration and cost have two assigned codes. We identify the project phase and activity on which all the identified risks may have an impact (Table 3 ).

The next step is to estimate the likelihood and impact of the identified risks (qualitative analysis). Having analysed the project and consulted the involved stakeholders, the team determines the project’s different probability and impact levels (duration and cost). The estimation of these ranges depends on the project budget, the estimated project duration, and the team’s experience in assigning the different numerical values to each range. As a result, the project team is able to construct the probability-impact matrix shown in Fig. 5 .

Estimation of the probability and impact ranges.

Each probability range for risk occurrence in this project is defined. Thus for a very low probability (VL), the assigned probability range is between 0 and 3% probability, for a low level (L), the assigned range lies between 3% and 10% probability of risk occurrence, and so on with the other established probability ranges (medium, high, very high).

The different impact ranges are also defined by differentiating between impacts in duration and cost terms. Thus a VL duration impact is between 0 and 5 days, while the same range (VL) in cost is between 0 and 100 (x1000) monetary units. Figure 5 shows the other ranges and their quantification in duration and cost terms.

The combination of each probability level and every impact level coincides in a cell of the risk matrix (Fig. 5 ) to indicate the risk level (“high”, “medium”, and “low”) according to the qualitative analysis. Each cell is assigned a numerical value by prioritising the risks at the same risk level. This work uses the matrix to compare the risk prioritisation results provided by this matrix to those provided by the proposed quantitative method.

A probability and impact value are assigned to each previously identified risk (Table 3 ). Thus, for example, for the risk called “Interruptions in the supply chain”, coded as R3 for impacting activity 13 duration, we estimate an L probability and a strong impact on duration (H). As this same risk might impact the activity 13 cost, it is also coded as R12, and its impact on cost is estimated as L (the probability is the same as in R3; Table 3 ).

Finally, to conclude the proposed methodology and to prioritise the identified risks, we use the “MCSimulRisk” software application by incorporating MCS (in this work, we employ 20,000 iterations in each simulation). Activities are modelled using triangular distribution functions to incorporate project information into the simulation application. Costs are modelled with fixed and variable costs depending on the duration of the corresponding activity. Furthermore, risks (probability and impact) are modelled by uniform distribution functions. Figure 6 depicts the project network and includes the identified risks that impact the corresponding activities.

Network diagram of the project together with the identified risks.

Results and discussion

In order to obtain the results of prioritising the identified risks, we must specify a percentile that determines our risk aversion. This is the measure by which we quantify the risk. Figure 7 graphically justifies the choice of P95 as a risk measure, as opposed to a lower percentile, which corroborates the view in the literature and appears in Methodology . In Fig. 7 , we plot the probability distribution and cumulative distribution functions corresponding to the total project planned cost, together with the cost impact of one of the risks. The impact caused by the risk on the total cost corresponds to the set of iterations whose total cost is higher than that planned (bottom right of the histogram).

Source: MCSimulRisk.

By choosing P95 as VaR, we can consider the impact of a risk on the project in the measure. In this example, for P95 we obtain a total cost value of 3.12 × 10 7 monetary units. Choosing a lower percentile, e.g. P80, means that the value we can obtain with this choice can be considerably lower (3.03 × 10 7 monetary units), and might completely ignore the impact of the risk on the total project cost. However, project managers can choose the percentile that represents their risk aversion.

Once the percentile on which to quantify the risk is chosen, the “MCSimulRisk” application provides us with the desired results for prioritising project risks (Fig. 8 ). For the chosen percentile (P95), which represents our risk appetite for this project, the planned project duration is 323.43 days. In other words, with a 95% probability the planned project will be completed before 323.43 days. Similarly, the P95 corresponding to cost is 30,339 ×1000 monetary units. The application also provides us with the project duration in the first column of Fig. 8 after incorporating all the identified risks (corresponding to a P95 risk appetite) into the planned project. Column 2 of the same figure shows the project cost after incorporating the corresponding risk into the model.

The first column corresponds to the risks identified. Columns Duration_with_Ri and Cost_with_Ri represent the simulation values, including the corresponding risk. Columns Difference_Duration_with_Ri and Difference_Cost_with_Ri represent the difference in duration and cost of each simulation concerning the value obtained for the chosen percentile. Finally, Ranking_Dur and Ranking_Cost represent the prioritisation of risks in duration and cost, respectively.

With the results in the first two columns (total project duration and cost after incorporating the corresponding risks), and by knowing the planned total project duration and cost (without considering risks) for a given percentile (P95), we calculate the values of the following columns in Fig. 8 . Thus column 3 represents the difference between the planned total project duration value (risk-free) and project duration by incorporating the corresponding risk that we wish to quantify. Column 4 prioritises the duration risks by ranking according to the duration that each risk contributes to the project. Column 5 represents the difference between the planned total project cost (risk-free) and the total project cost by incorporating the corresponding risk. Finally, Column 6 represents the ranking or prioritisation of the project risks according to their impact on cost.

To compare the results provided by this methodology in this paper we propose quantitative risk prioritisation, based on MCS. We draw up Table 4 with the results provided by the probability-impact matrix (Fig. 5 ).

The first set of columns in Table 4 corresponds to the implementation of the risk matrix (probability-impact matrix) for the identified risks. The second group of columns represents the prioritisation of risks according to their impact on duration (data obtained from Fig. 8 ). The third group corresponds to the risk prioritisation according to their impact on cost (data obtained from Fig. 8 ).

For the project proposed as an example, we find that risk R3 is the most important one if we wish to control the total duration because it corresponds to the risk that contributes the most duration to the project if it exists. We note that risks R10 to R15 do not impact project duration. If these risks materialise, their contribution to increase (or decrease, as the case may be) project duration is nil.

On the impact on project costs, we note that risk R15 is the most important. It is noteworthy that risk R5 is the fourth most important risk in terms of impact on the total project costs, even though it is initially identified as a risk that impacts project duration. Unlike cost risks (which do not impact the total project duration), the risks that can impact project duration also impact total costs.

We can see that the order of importance of the identified risks differs depending on our chosen method (risk matrix versus quantitative prioritisation). We independently quantify each risk’s impact on the cost and duration objectives. We know not only the order of importance of risks (R3, R5, etc.) but also the magnitude of their impact on the project (which is the absolute delay caused by a risk in duration terms or what is the absolute cost overrun generated by a risk in cost terms). It seems clear that one risk is more important than another, not only because of the estimation of its probability and impact but also because the activity on which it impacts may have a high criticality index or not (probability of belonging to the project’s critical path).

As expected, the contribution to the total duration of the identified risks that impact only cost is zero. The same is not valid for the risks identified to have an impact on duration because the latter also impacts the cost objective. We also see how the risks that initially impact a duration objective are more critical for their impact on cost than others that directly impact the project’s cost (e.g. R5).

Conclusions

The probability-impact matrix is used in project management to identify the risk to which the most attention should be paid during project execution. This paper studies how the risk matrix is adopted by a large majority of standards, norms and methodologies in project management and, at the same time, practitioners and academics recognise it as a fundamental tool in the qualitative risks analysis.

However, we also study how this risk matrix presents particular problems and offers erroneous and contradictory results. Some studies suggest alternatives to its use. Notwithstanding, it continues to be a widely employed tool in the literature by practitioners and academics. Along these lines, with this work we propose an alternative to the probability-impact matrix as a tool to know the most critical risk for a project that can prevent objectives from being fulfilled.

For this purpose, we propose a quantitative method based on MCS, which provides us with numerical results of the importance of risks and their impact on total duration and cost objectives. This proposed methodology offers significant advantages over other risk prioritisation methods and tools, especially the traditional risk matrix. The proposed case study reveals that risk prioritisation yields remarkably different results depending on the selected method, as our findings confirm.

In our case, we obtain numerical values for the impact of risks on total duration and cost objectives, and independently of one another. This result is interesting for project managers because they can focus decision-making on the priority order of risks and the dominant project objective (total duration or total cost) if they do not coincide.

From the obtained results, we find that the risks with an impact on the cost of activities do not influence the total duration result. The risks that impact project duration also impact the total cost target. This impact is more significant than that of a risk that impacts only the activity’s cost. This analysis leads us to believe that this quantitative prioritisation method has incredible potential for academics to extend their research on project risks and for practitioners to use it in the day-to-day implementation of their projects.

The proposed methodology will allow project managers to discover the most relevant project risks so they can focus their control efforts on managing those risks. Usually, implementing risk response strategies might be expensive (control efforts, insurance contracts, preventive actions, or others). Therefore, it is relevant to concentrate only on the most relevant risks. The proposed methodology allows project managers to select the most critical risks by overcoming the problems exhibited by previous methodologies like the probability-impact matrix.

In addition to the above, the risk prioritisation achieved by applying the proposed methodology is based on quantifying the impacts that risks may have on the duration and cost objectives of the project. Finally, we achieve an independent risk prioritisation in duration impact and project cost impact terms. This is important because the project manager can attach more importance to one risk or other risks depending on the priority objective that predominates in the project, the schedule or the total cost.

Undoubtedly, the reliability of the proposed method depends mainly on the accuracy of estimates, which starts by identifying risks and ends with modelling the probability and impact of each risk. The methodology we propose in this paper overcomes many of the problems of previous methodologies, but still has some limitations for future research to deal with. First of all, the results of simulations depend on the estimations of variables (probability distributions and their parameters, risk aversion parameters, etc.). Methodologies for improving estimations are beyond the scope of this research; we assume project teams are sufficient experts to make rational estimationsbased on experience and previous knowledge. Secondly, as risks are assumed to be independent, the contribution or effect of a particular risk can be estimated by including it in simulation and by computing its impact on project cost and duration. This is a reasonable assumption for most projects. In some very complex projects, however, risks can be related to one another. Further research should be done to face this situation.

As an additional research line, we plan to conduct a sensitivity study by simulating many different projects to analyse the robustness of the proposed method.

Finally, it is desirable to implement this methodology in real projects and see how it responds to the reality of a project in, for example, construction, industry, or any other sector that requires a precise and differentiated risk prioritisation.

Data availability

Data will be made available on request.

Acebes F, Curto D, De Antón J, Villafáñez, F (2024) Análisis cuantitativo de riesgos utilizando “MCSimulRisk” como herramienta didáctica. Dirección y Organización , 82(Abril 2024), 87–99. https://doi.org/10.37610/dyo.v0i82.662

Acebes F, De Antón J, Villafáñez F, Poza, D (2023) A Matlab-Based Educational Tool for Quantitative Risk Analysis. In IoT and Data Science in Engineering Management (Vol. 160). Springer International Publishing. https://doi.org/10.1007/978-3-031-27915-7_8

Acebes F, Pajares J, Galán JM, López-Paredes A (2014) A new approach for project control under uncertainty. Going back to the basics. Int J Proj Manag 32(3):423–434. https://doi.org/10.1016/j.ijproman.2013.08.003

Article Google Scholar

Acebes F, Pereda M, Poza D, Pajares J, Galán JM (2015) Stochastic earned value analysis using Monte Carlo simulation and statistical learning techniques. Int J Proj Manag 33(7):1597–1609. https://doi.org/10.1016/j.ijproman.2015.06.012

Al-Duais FS, Al-Sharpi RS (2023) A unique Markov chain Monte Carlo method for forecasting wind power utilizing time series model. Alex Eng J 74:51–63. https://doi.org/10.1016/j.aej.2023.05.019

Ale B, Burnap P, Slater D (2015) On the origin of PCDS - (Probability consequence diagrams). Saf Sci 72:229–239. https://doi.org/10.1016/j.ssci.2014.09.003

Ali Elfarra M, Kaya M (2021) Estimation of electricity cost of wind energy using Monte Carlo simulations based on nonparametric and parametric probability density functions. Alex Eng J 60(4):3631–3640. https://doi.org/10.1016/j.aej.2021.02.027

Alleman GB, Coonce TJ, Price RA (2018a) Increasing the probability of program succes with continuous risk management. Coll Perform Manag, Meas N. 4:27–46

Google Scholar

Alleman GB, Coonce TJ, Price RA (2018b) What is Risk? Meas N. 01(1):25–34

Ammar T, Abdel-Monem M, El-Dash K (2023) Appropriate budget contingency determination for construction projects: State-of-the-art. Alex Eng J 78:88–103. https://doi.org/10.1016/j.aej.2023.07.035

Axelos (2023) Managing Successful Projects with PRINCE2® 7th ed . (AXELOS Limited, Ed.; 7th Ed). TSO (The Stationery Office)

Bae HR, Grandhi RV, Canfield RA (2004) Epistemic uncertainty quantification techniques including evidence theory for large-scale structures. Comput Struct 82(13–14):1101–1112. https://doi.org/10.1016/j.compstruc.2004.03.014

Ball DJ, Watt J (2013) Further thoughts on the utility of risk matrices. Risk Anal 33(11):2068–2078. https://doi.org/10.1111/risa.12057

Article PubMed Google Scholar

Caron F (2013) Quantitative analysis of project risks. In Managing the Continuum: Certainty, Uncertainty, Unpredictability in Large Engineering Projects (Issue 9788847052437, pp. 75–80). Springer, Milano. https://doi.org/10.1007/978-88-470-5244-4_14

Caron F, Fumagalli M, Rigamonti A (2007) Engineering and contracting projects: A value at risk based approach to portfolio balancing. Int J Proj Manag 25(6):569–578. https://doi.org/10.1016/j.ijproman.2007.01.016

Chapman CB (1997) Project risk analysis and management– PRAM the generic process. Int J Proj Manag 15(5):273–281. https://doi.org/10.1016/S0263-7863(96)00079-8

Chapman CB, Ward S (2003) Project Risk Management: Processes, Techniques and Insights (John Wiley and Sons, Ed.; 2nd ed.). Chichester

Chen P-H, Peng T-T (2018) Value-at-risk model analysis of Taiwanese high-tech facility construction. J Manag Eng, 34 (2). https://doi.org/10.1061/(asce)me.1943-5479.0000585

Cox LA (2008) What’s wrong with risk matrices? Risk Anal 28(2):497–512. https://doi.org/10.1111/j.1539-6924.2008.01030.x

Cox LA, Babayev D, Huber W (2005) Some limitations of qualitative risk rating systems. Risk Anal 25(3):651–662. https://doi.org/10.1111/j.1539-6924.2005.00615.x

Creemers S, Demeulemeester E, Van de Vonder S (2014) A new approach for quantitative risk analysis. Ann Oper Res 213(1):27–65. https://doi.org/10.1007/s10479-013-1355-y

Article MathSciNet Google Scholar

Curto D, Acebes F, González-Varona JM, Poza D (2022) Impact of aleatoric, stochastic and epistemic uncertainties on project cost contingency reserves. Int J Prod Econ 253(Nov):108626. https://doi.org/10.1016/j.ijpe.2022.108626

Damnjanovic I, Reinschmidt KF (2020) Data Analytics for Engineering and Construction Project Risk Management . Springer International Publishing

Duijm NJ (2015) Recommendations on the use and design of risk matrices. Saf Sci 76:21–31. https://doi.org/10.1016/j.ssci.2015.02.014

Eldosouky IA, Ibrahim AH, Mohammed HED (2014) Management of construction cost contingency covering upside and downside risks. Alex Eng J 53(4):863–881. https://doi.org/10.1016/j.aej.2014.09.008

Elms DG (2004) Structural safety: Issues and progress. Prog Struct Eng Mater 6:116–126. https://doi.org/10.1002/pse.176

European Commission. (2023) Project Management Methodology. Guide 3.1 (European Union, Ed.). Publications Office of the European Union

Frank M (1999) Treatment of uncertainties in space nuclear risk assessment with examples from Cassini mission implications. Reliab Eng Syst Safe 66:203–221. https://doi.org/10.1016/S0951-8320(99)00002-2

Gatti S, Rigamonti A, Saita F, Senati M (2007) Measuring value-at-risk in project finance transactions. Eur Financ Manag 13(1):135–158. https://doi.org/10.1111/j.1468-036X.2006.00288.x

Giot P, Laurent S (2003) Market risk in commodity markets: a VaR approach. Energy Econ 25:435–457. https://doi.org/10.1016/S0140-9883(03)00052-5

Goerlandt F, Reniers G (2016) On the assessment of uncertainty in risk diagrams. Saf Sci 84:67–77. https://doi.org/10.1016/j.ssci.2015.12.001

Helton JC, Johnson JD, Oberkampf WL, Sallaberry CJ (2006) Sensitivity analysis in conjunction with evidence theory representations of epistemic uncertainty. Reliab Eng Syst Saf 91(10–11):1414–1434. https://doi.org/10.1016/j.ress.2005.11.055

Hillson D (2014) How to manage the risks you didn’t know you were taking. Paper presented at PMI® Global Congress 2014—North America, Phoenix, AZ. Newtown Square, PA: Project Management Institute

Hillson D, Simon P (2020) Practical Project Risk Management. THE ATOM METHODOLOGY (Third Edit, Issue 1). Berrett-Koehler Publishers, Inc

Hulett DT (2012) Acumen Risk For Schedule Risk Analysis - A User’s Perspective . White Paper. https://info.deltek.com/acumen-risk-for-schedule-risk-analysis

International Organization for Standardization. (2018). ISO 31000:2018 Risk management – Guidelines (Vol. 2)

International Organization for Standardization. (2019). ISO/IEC 31010:2019 Risk management - Risk assessment techniques

International Project Management Association. (2015). Individual Competence Baseline for Project, Programme & Portfolio Management. Version 4.0. In International Project Management Association (Vol. 4). https://doi.org/10.1002/ejoc.201200111

Joukar A, Nahmens I (2016) Estimation of the Escalation Factor in Construction Projects Using Value at Risk. Construction Research Congress , 2351–2359. https://doi.org/10.1061/9780784479827.234

Kerzner H (2022) Project Management. A Systems Approach to Planning, Scheduling, and Controlling (Inc. John Wiley & Sons, Ed.; 13th Editi)

Koulinas GK, Demesouka OE, Sidas KA, Koulouriotis DE (2021) A topsis—risk matrix and Monte Carlo expert system for risk assessment in engineering projects. Sustainability 13(20):1–14. https://doi.org/10.3390/su132011277

Krisper M (2021) Problems with Risk Matrices Using Ordinal Scales . https://doi.org/10.48550/arXiv.2103.05440

Kuester K, Mittnik S, Paolella MS (2006) Value-at-risk prediction: A comparison of alternative strategies. J Financ Econ 4(1):53–89. https://doi.org/10.1093/jjfinec/nbj002

Kwon H, Kang CW (2019) Improving project budget estimation accuracy and precision by analyzing reserves for both identified and unidentified risks. Proj Manag J 50(1):86–100. https://doi.org/10.1177/8756972818810963

Lemmens SMP, Lopes van Balen VA, Röselaers YCM, Scheepers HCJ, Spaanderman MEA (2022) The risk matrix approach: a helpful tool weighing probability and impact when deciding on preventive and diagnostic interventions. BMC Health Serv Res 22(1):1–11. https://doi.org/10.1186/s12913-022-07484-7

Levine ES (2012) Improving risk matrices: The advantages of logarithmically scaled axes. J Risk Res 15(2):209–222. https://doi.org/10.1080/13669877.2011.634514

Article ADS Google Scholar

Li J, Bao C, Wu D (2018) How to design rating schemes of risk matrices: a sequential updating approach. Risk Anal 38(1):99–117. https://doi.org/10.1111/risa.12810

Lorance RB, Wendling RV (2001) Basic techniques for analyzing and presentation of cost risk analysis. Cost Eng 43(6):25–31

Markowski AS, Mannan MS (2008) Fuzzy risk matrix. J Hazard Mater 159(1):152–157. https://doi.org/10.1016/j.jhazmat.2008.03.055

Article CAS PubMed Google Scholar

Menge DNL, MacPherson AC, Bytnerowicz TA et al. (2018) Logarithmic scales in ecological data presentation may cause misinterpretation. Nat Ecol Evol 2:1393–1402. https://doi.org/10.1038/s41559-018-0610-7

Monat JP, Doremus S (2020) An improved alternative to heat map risk matrices for project risk prioritization. J Mod Proj Manag 7(4):214–228. https://doi.org/10.19255/JMPM02210

Naderpour H, Kheyroddin A, Mortazavi S (2019) Risk assessment in bridge construction projects in Iran using Monte Carlo simulation technique. Pract Period Struct Des Constr 24(4):1–11. https://doi.org/10.1061/(asce)sc.1943-5576.0000450

Ni H, Chen A, Chen N (2010) Some extensions on risk matrix approach. Saf Sci 48(10):1269–1278. https://doi.org/10.1016/j.ssci.2010.04.005

Peace C (2017) The risk matrix: Uncertain results? Policy Pract Health Saf 15(2):131–144. https://doi.org/10.1080/14773996.2017.1348571

Project Management Institute. (2009) Practice Standard for Project Risk Management . Project Management Institute, Inc

Project Management Institute. (2017) A Guide to the Project Management Body of Knowledge: PMBoK(R) Guide. Sixth Edition (6th ed.). Project Management Institute Inc

Project Management Institute. (2019) The standard for Risk Management in Portfolios, Programs and Projects . Project Management Institute, Inc

Project Management Institute. (2021) A Guide to the Project Management Body of Knowledge: PMBoK(R) Guide. Seventh Edition (7th ed.). Project Management Institute, Inc

Proto R, Recchia G, Dryhurst S, Freeman ALJ (2023) Do colored cells in risk matrices affect decision-making and risk perception? Insights from randomized controlled studies. Risk Analysis , 1–15. https://doi.org/10.1111/risa.14091

Qazi A, Dikmen I (2021) From risk matrices to risk networks in construction projects. IEEE Trans Eng Manag 68(5):1449–1460. https://doi.org/10.1109/TEM.2019.2907787

Qazi A, Shamayleh A, El-Sayegh S, Formaneck S (2021) Prioritizing risks in sustainable construction projects using a risk matrix-based Monte Carlo Simulation approach. Sustain Cities Soc 65(Aug):102576. https://doi.org/10.1016/j.scs.2020.102576

Qazi A, Simsekler MCE (2021) Risk assessment of construction projects using Monte Carlo simulation. Int J Manag Proj Bus 14(5):1202–1218. https://doi.org/10.1108/IJMPB-03-2020-0097

Rehacek P (2017) Risk management standards for project management. Int J Adv Appl Sci 4(6):1–13. https://doi.org/10.21833/ijaas.2017.06.001

Rezaei F, Najafi AA, Ramezanian R (2020) Mean-conditional value at risk model for the stochastic project scheduling problem. Comput Ind Eng 142(Jul):106356. https://doi.org/10.1016/j.cie.2020.106356

Ruan X, Yin Z, Frangopol DM (2015) Risk Matrix integrating risk attitudes based on utility theory. Risk Anal 35(8):1437–1447. https://doi.org/10.1111/risa.12400

Sarykalin S, Serraino G, Uryasev S (2008) Value-at-risk vs. conditional value-at-risk in risk management and optimization. State-of-the-Art Decision-Making Tools in the Information-Intensive Age, October 2023 , 270–294. https://doi.org/10.1287/educ.1080.0052

Simon P, Hillson D, Newland K (1997) PRAM Project Risk Analysis and Management Guide (P. Simon, D. Hillson, & K. Newland, Eds.). Association for Project Management

Sutherland H, Recchia G, Dryhurst S, Freeman ALJ (2022) How people understand risk matrices, and how matrix design can improve their use: findings from randomized controlled studies. Risk Anal 42(5):1023–1041. https://doi.org/10.1111/risa.13822

Talbot, J (2014). What’s right with risk matrices? An great tool for risk managers… 31000risk. https://31000risk.wordpress.com/article/what-s-right-with-risk-matrices-3dksezemjiq54-4/

Taroun A (2014) Towards a better modelling and assessment of construction risk: Insights from a literature review. Int J Proj Manag 32(1):101–115. https://doi.org/10.1016/j.ijproman.2013.03.004

The Standish Group. (2022). Chaos report . https://standishgroup.myshopify.com/collections/all

Thomas P, Bratvold RB, Bickel JE (2014) The risk of using risk matrices. SPE Econ Manag 6(2):56–66. https://doi.org/10.2118/166269-pa

Tong R, Cheng M, Zhang L, Liu M, Yang X, Li X, Yin W (2018) The construction dust-induced occupational health risk using Monte-Carlo simulation. J Clean Prod 184:598–608. https://doi.org/10.1016/j.jclepro.2018.02.286

Traynor BA, Mahmoodian M (2019) Time and cost contingency management using Monte Carlo simulation. Aust J Civ Eng 17(1):11–18. https://doi.org/10.1080/14488353.2019.1606499

Vanhoucke, M (2018). The data-driven project manager: A statistical battle against project obstacles. In The Data-Driven Project Manager: A Statistical Battle Against Project Obstacles . https://doi.org/10.1007/978-1-4842-3498-3

Vatanpour S, Hrudey SE, Dinu I (2015) Can public health risk assessment using risk matrices be misleading? Int J Environ Res Public Health 12(8):9575–9588. https://doi.org/10.3390/ijerph120809575

Article CAS PubMed PubMed Central Google Scholar

Vose, D (2008). Risk Analysis: a Quantitative Guide (3rd ed.) . Wiley

Votto R, Lee Ho L, Berssaneti F (2020a) Applying and assessing performance of earned duration management control charts for EPC project duration monitoring. J Constr Eng Manag 146(3):1–13. https://doi.org/10.1061/(ASCE)CO.1943-7862.0001765

Votto R, Lee Ho L, Berssaneti F (2020b) Multivariate control charts using earned value and earned duration management observations to monitor project performance. Comput Ind Eng 148(Sept):106691. https://doi.org/10.1016/j.cie.2020.106691

Ward S (1999) Assessing and managing important risks. Int J Proj Manag 17(6):331–336. https://doi.org/10.1016/S0263-7863(98)00051-9

Download references

Acknowledgements

This research has been partially funded by the Regional Government of Castile and Leon (Spain) and the European Regional Development Fund (ERDF, FEDER) with grant VA180P20.

Author information

Authors and affiliations.

GIR INSISOC. Dpto. de Organización de Empresas y CIM. Escuela de Ingenierías Industriales, Universidad de Valladolid, Pº Prado de la Magdalena s/n, 47011, Valladolid, Spain

F. Acebes & J. Pajares

GIR INSISOC. Dpto. Economía y Administración de Empresas, Universidad de Málaga, Avda. Cervantes, 2, 29071, Málaga, Spain

J. M. González-Varona & A. López-Paredes

You can also search for this author in PubMed Google Scholar

Contributions

FA developed the conceptualisation and the methodology. JMG contributed to the literature review and interpretations of the results for the manuscript. FA and JP collected the experimental data and developed all the analyses and simulations. AL supervised the project. FA and JP wrote the original draft, while AL and JMG conducted the review and editing. All authors have read and agreed to the published version of the manuscript.

Corresponding author

Correspondence to F. Acebes .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Ethical approval

Ethical approval was not required as the study did not involve human participants.

Informed consent

No human subjects are involved in this study.

Additional information

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary information

Rights and permissions.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Acebes, F., González-Varona, J.M., López-Paredes, A. et al. Beyond probability-impact matrices in project risk management: A quantitative methodology for risk prioritisation. Humanit Soc Sci Commun 11 , 670 (2024). https://doi.org/10.1057/s41599-024-03180-5

Download citation

Received : 30 January 2024

Accepted : 13 May 2024

Published : 24 May 2024

DOI : https://doi.org/10.1057/s41599-024-03180-5

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Quick links

Explore articles by subject
Guide to authors
Editorial policies

Value and resilience through better risk management

Today’s corporate leaders navigate a complex environment that is changing at an ever-accelerating pace. Digital technology underlies much of the change. Business models are being transformed by new waves of automation, based on robotics and artificial intelligence. Producers and consumers are making faster decisions, with preferences shifting under the influence of social media and trending news. New types of digital companies are exploiting the changes, disrupting traditional market leaders and business models. And as companies digitize more parts of their organization, the danger of cyberattacks and breaches of all kinds grows.

Stay current on your favorite topics

Beyond cyberspace, the risk environment is equally challenging. Regulation enjoys broad popular support in many sectors and regions; where it is tightening, it is putting stresses on profitability. Climate change is affecting operations and consumers and regulators are also making demands for better business conduct in relation to the natural environment. Geopolitical uncertainties alter business conditions and challenge the footprints of multinationals. Corporate reputations are vulnerable to single events, as risks once thought to have a limited probability of occurrence are actually materializing.

The role of the board and senior executives

Risk management at nonfinancial companies has not kept pace with this evolution. For many nonfinancial corporates, risk management remains an underdeveloped and siloed capability in the organization, receiving limited attention from the most senior leaders. From over 1,100 respondents to McKinsey’s Global Board Survey for 2017 , we discovered that risk management remains a relatively low-priority topic at board meetings (exhibit).

A long way to go

Boards spend only 9 percent of their time on risk—slightly less than they did in 2015. Other questions in the survey revealed that only 6 percent of respondents believe that they are effective in managing risk (again, less than in 2015). Some individual risk areas are relatively neglected, and even cybersecurity, a core risk area with increasing importance, is addressed by only 36 percent of boards. While many senior executives stay focused on strategy and performance management, they often fail to challenge capabilities or strategic decisions from a risk perspective (see sidebar, “A long way to go”). A reactive approach to risks remains too common, with action taken only after things go wrong. The result is that boards and senior executives needlessly put their companies at risk, while personally taking on higher legal and reputational liabilities.

Boards have a critical role to play in developing risk-management capabilities at the companies they oversee. First, boards need to ensure that a robust risk-management operating model is in place. Such a model allows companies to understand and prioritize risks, set their risk appetite, and measure their performance against these risks. The model should enable the board and senior executives to work with businesses to eliminate exposures outside the company’s appetite statement, reducing the risk profile where warranted, through such means as quality controls and other operational processes. On strategic opportunities and risk trade-offs, boards should foster explicit discussions and decision making among top management and the businesses. This will enable the efficient deployment of scarce risk resources and the active, coordinated management of risks across the organization. Companies will then be prepared to address and manage emerging crises when risks do materialize.

A sectoral view of risks

Most companies operate in a complex, industry-specific risk environment. They must navigate macroeconomic and geopolitical uncertainties and face risks arising in the areas of strategy, finance, products, operations, and compliance and conduct. In some sectors, companies have developed advanced approaches to managing risks that are specific to their business models. These approaches can sustain significant value. At the same time companies are challenged by emerging types of risks for which they need to develop effective mitigation plans; in their absence, the losses from serious risk events can be crippling.

Automotive companies are controlling supply-chain risks with sophisticated monitoring models that allow OEMs to identify potential risks upfront across the supply chain. At the same time, auto companies must address the strategic challenge of shifting toward electric-powered and autonomous vehicles.
Pharma companies seek to manage the downside risk of large investments in their product portfolio and pipeline, while addressing product quality and patient safety to comply with relevant regulatory requirements.
Oil and gas, steel, and energy companies apply advanced approaches to manage the negative effects of financial markets and commodity-price volatility. As social and political demands for cleaner energy are increasing, these companies are actively pursuing growth opportunities to shift their portfolios in anticipation of an energy transition and a low-carbon future.
Consumer-goods companies protect their reputation and brand value through sound practices to manage product quality as well as labor conditions in their production facilities. Yet they are constantly challenged to meet consumers’ ever-changing tastes and needs, as well as consumer-protection regulations.

Toward proactive risk management

An approach based on adherence to minimum regulatory standards and avoidance of financial loss creates risk in itself. In a passive stance, companies cannot shape an optimal risk profile according to their business models nor adequately manage a fast-moving crisis. Eschewing a risk approach comprised of short-term performance initiatives focused on revenue and costs, top performers deem risk management as a strategic asset, which can sustain significant value over the long term. Inherent in the proactive approach are several essential components.

Strategic decision making

More rigorous, debiased strategic decision making can enhance the longer-term resilience of a company’s business model, particularly in volatile markets or externally challenged industries. Research shows that the active, regular reevaluation of resource allocation, based on sound assessments of risk and return trade-offs (such as entering markets where the business model is superior to the competition), creates more value and better shareholder returns. 1 See, for example, Yuval Atsmon, “ How nimble resource allocation can double your company’s value ,” August 2016; William N. Thorndike, Jr., The Outsiders: Eight Unconventional CEOs and Their Radically Rational Blueprint for Success , Boston, MA: Harvard Business Review Press, 2012; Rebecca Darr and Tim Koller, “ How to build an alliance against corporate short-termism ,” January 2017. Flexibility is empowering in a dynamic marketplace. Many companies use hedging strategies to insure against market uncertainties. Airlines, for example, have been known to hedge future exposures to fuel-price fluctuations, a move that can help maintain profitability when prices climb. Likewise, strategic investing, based on a longer-term perspective and a deep understanding of a company’s core proposition, generates more value than opportunistic moves aiming at a short-term bump in the share price.

Debiasing and stress-testing

Approaches that include debiasing and stress-testing help senior executives consider previously overlooked sources of uncertainty to judge whether the company’s risk-bearing capacity can absorb their potential impact. A utility in Germany, for example, improved decision making by taking action to mitigate behavioral biases. As a result, it separated its renewables business from its conventional power-generation operations. In the aftermath of the Fukushima disaster, which sharply raised interest in environmentally friendly power generation, the utility’s move led to a significant positive effect on its share price (15 percent above the industry index).

Higher-quality products and safety standards

Investments in product quality and safety standards can bring significant returns. One form this takes in the energy sector is reduced damage and maintenance costs. At one international energy company, improved safety standards led to a 30 percent reduction in the frequency of hazardous incidents. Auto companies with reputations built on safety can command higher prices for their vehicles, while the better reputation created by higher quality standards in pharma creates obvious advantages. As well as the boost in demand that comes from a reputation for quality, companies can significantly reduce their remediation costs—McKinsey research suggests that pharma companies suffering from quality issues lose annual revenue equal to 4 to 5 percent of cost of goods sold.

Comprehensive operative controls

These can lead to more efficient and effective processes that are less prone to disruption when risks materialize. In the auto sector, companies can ensure stable production and sales by mitigating the risk of supply-chain disruption. Following the 2011 earthquake and tsunami, a leading automaker probed potential supply bottlenecks and took appropriate action. After an earthquake in 2016, the company quickly redirected production of affected parts to other locations, avoiding costly disruptions. In high-tech, companies applying superior supply-chain risk management can achieve lasting cost savings and higher margins. One global computer company addressed these risks with a dedicated program that saved $500 million during its first six years. The program used risk-informed contracts, enabling suppliers to lower the costs and risks of doing business with the company. The measures achieved supply assurance for key components, particularly during market shortages, improved cost predictability for components that have volatile costs, and optimized inventory levels internally and at suppliers.

Stronger ethical and societal standards

To achieve standing among customers, employees, business partners, and the public, companies can apply ethical controls on corporate practices end to end. If appropriately publicized and linked to corporate social responsibility, a program of better ethical standards can achieve significant returns in the form of heightened reputation and brand recognition. Customers, for example, are increasingly willing to pay a premium for products of companies that adhere to tighter standards. Employees too appreciate being associated with more ethical companies, offering a better working environment and contributing to society.

The three dimensions of effective risk management

Ideally, risk management and compliance are addressed as strategic priorities by corporate leadership and day-to-day management. More often the reality is that these areas are delegated to a few people at the corporate center working in isolation from the rest of the business. By contrast, revenue growth or cost savings are deeply embedded in corporate culture, linked explicitly to profit-and-loss (P&L) performance at the company level. Somewhere in the middle are specific control capabilities regarding, for example, product safety, secure IT development and deployment, or financial auditing.

Would you like to learn more about our Risk Practice ?

To change this picture, leadership must commit to building robust, effective risk management. The project is three-dimensional: 1) the risk operating model, consisting of the main risk management processes; 2) a governance and accountability structure around these processes, leading from the business up to the board level; and 3) best-practice crisis preparedness, including a well-articulated response playbook if the worst case materializes.

1. Developing an effective risk operating model

The operating model consists of two layers, an enterprise risk management (ERM) framework and individual frameworks for each type of risk. The ERM framework is used to identify risks across the organization, define the overall risk appetite, and implement the appropriate controls to ensure that the risk appetite is respected. Finally, the overarching framework puts in place a system of timely reporting and corresponding actions on risk to the board and senior management. The risk-specific frameworks address all risks that are being managed. These can be grouped in categories, such as financial, nonfinancial, and strategic. Financial risks, such as liquidity, market, and credit risks, are managed by adhering to appropriate limit structures; nonfinancial risks, by implementing adequate process controls; strategic risks, by challenging key decisions with formalized approaches such as debiasing, scenario analyses, and stress testing. While financial and strategic risks are typically managed according to the risk-return trade-off, for nonfinancial risks, the potential downside is often the key consideration.

Finding the right level of risk appetite

Companies need to find the right level of risk appetite, which helps ensure long-term resilience and performance. Risk appetite that is too relaxed or too restrictive can have severe consequences on company financials, as the following two examples indicate:

Too relaxed. One nuclear energy company set its standards for steel equipment in the 1980s and did not review them even when the regulations changed. When the new higher standards were applied to the manufacture of equipment for nuclear power plants, the company fell short of compliance. An earlier adaptation of its risk appetite and tolerance levels would have been significantly less costly.

Too restrictive. A pharma company set quality tolerances to produce a drug to a significantly stricter level than what was required by regulation. At the beginning of production, tolerance intervals could be fulfilled, but over time, quality could no longer be assured at the initial level. The company was unable to lower standards, as these had been communicated to the regulators. Ultimately, production processes had to be upgraded at a significant cost to maintain the original tolerances.

As well as assessing risk based on likelihood and impact, companies must also assess their ability to respond to emerging risks. Capabilities and capacities needed to manage these risks should be evaluated and gaps filled accordingly. Of particular importance in crisis management is the timeliness of an effective response when things go awry. The highly likely, high-impact risk events on which risk management focuses most of its attention often emerge with disarming velocity, taking many companies unawares. To be effective, the enterprise risk management framework must ensure that the two layers are seamlessly integrated. It does this by providing clarity on risk definitions and appetite as well as controls and reporting.

Taxonomy. A company-wide risk taxonomy should clearly and comprehensively define risks; the taxonomy should be strictly respected in the definition of risk appetite, in the development of risk policy and strategy, and in risk reporting. Taxonomies are usually industry-specific, covering strategic, regulatory, and product risks relevant to the industry. They are also determined by company characteristics, including the business model and geographical footprint (to incorporate specific country and legal risks). Proven risk-assessment tools need to be adopted and enhanced continuously with new techniques, so that newer risks (such as cyberrisk) are addressed as well as more familiar risks.
Risk appetite. A clear definition of risk appetite will translate risk-return trade-offs into explicit thresholds and limits for financial and strategic risks, such as economic capital, cash-flow at risk, or stressed metrics. In the case of nonfinancial risks like operational and compliance risks, the risk appetite will be based on overall loss limits, categorized into inherent and residual risks (see sidebar, “Finding the right level of risk appetite”).
Risk control processes. Effective risk control processes ensure that risk thresholds for the specified risk appetite are upheld at all levels of the organization. Leading companies are increasingly building their control processes around big data and advanced analytics. These powerful new capabilities can greatly increase the effectiveness and efficiency of risk monitoring processes. Machine-learning tools, for example, can be very effective in monitoring fraud and prioritizing investigations; automated natural language processing within complaints management can be used to monitor conduct risk.
Risk reporting. Decision making should be informed with risk reporting. Companies can regularly provide boards and senior executives with insights on risk, identifying the most relevant strategic risks. The objective is to ensure that an independent risk view, encompassing all levels of the organization, is embedded into the planning process. In this way, the risk profile can be upheld in the management of business initiatives and decisions affecting the quality of processes and products. Techniques like debiasing and the use of scenarios can help overcome biases toward fulfilment of short-term goals. A North American oil producer developed a strategic hypothesis given uncertainties in global and regional oil markets. The company used risk modelling to test assumptions about cash flow under different scenarios and embedded these analyses into the reports reviewed by senior management and the board. Weak points in the strategy were thereby identified and mitigating actions taken.

2. Toward robust risk governance, organization, and culture

The risk operating model must be managed through an effective governance structure and organization with clear accountabilities. The governance model maintains a risk culture that strongly reinforces better risk and compliance management across the three lines of defense—business and operations, the compliance and risk functions, and audit. The approach recognizes the inherent contradiction in the first line between performance (revenue and costs) and risk (losses). The role of the second line is to review and challenge the first line on the effectiveness of its risk processes and controls, while the third line, audit, ensures that the lines one and two are functioning as intended.

Three lines of defense. Effective implementation of the three lines involves the sharp definition of lines one and two at all levels, from the group level through the lines of business, to the regional and legal entity levels. Accountabilities regarding risk and control management must be clear. Risk governance may differ by risk type: financial risks are usually managed centrally, while operational risks are deeply embedded into company processes. The operational risk of any line of business is managed by the business owning the product-development, production, and sales processes. This usually translates into forms of quality control, but the business must also balance the broader impact of risk and P&L. In the development of new diesel engines, automakers lost sight of the balance between compliance risk and the additional cost to meet emission standards, with disastrous results. Risk or compliance functions can only complement these activities by independently reviewing the adequacy of operational risk management, such as through technical standards and controls.
Reviewing the risk appetite and risk profile. Of central importance within the governance structure are the committees that define the risk appetite, including the parameters for doing business. These committees also make specific decisions on top risks and review the control environment for enhancements as the company’s risk profile changes. Good governance in this case means that risk decisions are considered within the existing divisional, regional, and senior-management governance structure of a company, supported by risk, compliance, and audit committees.
Integrated risk and compliance governance setup. A robust and adequately staffed risk and compliance organization supports all risk processes. The integrated risk and compliance organization provides for single ownership of the group-wide ERM framework and standards, appropriate clustering of second-line functions, a clear matrix between divisions and control functions, and centralized or local control as needed. A clear trend is observable whereby the ERM layer responsible for group-wide standards, risk processes, and reporting becomes consolidated, whereas the expert teams setting and monitoring specific control standards for the business (including standards for commercial, technical compliance, IT or cyberrisks) become specialized teams covering both regulatory compliance as well as risk aspects.
Resources. Appropriate resources are a critical factor in successful risk governance. The size of the compliance, risk, audit, and legal functions of nonfinancial companies (0.5 for every 100 employees, on average), are usually much smaller than those of banks (6.9 for every 100 employees). The disparity is partly a natural outcome of financial regulation, but some part of it reflects a capability gap in nonfinancial corporates. These companies usually devote most of their risk and control resources in sector-specific areas, such as health and safety for airlines and nuclear power companies or quality assurance for pharmaceutical companies. The same companies can, however, neglect to provide sufficient resources to monitor highly significant risks, such as cyberrisk or large investments.
Risk culture. An enhanced risk culture covers mind-sets and behaviors across the organization. A shared understanding is fostered of key risks and risk management, with leaders acting as role models. Especially important are capability-building programs on risk as well as formal mechanisms to assess and reinforce sound risk management practices.

An enhanced risk culture covers mind-sets and behaviors across the organization. A shared understanding is fostered of key risks and risk management, with leaders acting as role models.

3. Crisis preparedness and response

A high-performing, effective risk operating model and governance structure, with a well-developed risk culture minimize the probability of corporate crises , without, of course, completely eliminating them. When unexpected crises strike at high velocity, multinational companies can lose billions in value in the first days and soon find themselves struggling to keep their market position. A best-in-class risk management environment provides the ideal conditions for preparation and response.

Ensure board leadership. The most important action companies can take to prepare for crises is to ensure that the effort is led by the board and senior management. Top leadership must define the main expected threats, the worst-case scenarios, and the actions and communications that will be accordingly rolled out. For each threat, hypothetical scenarios should be developed for how a crisis will unfold, based on previous crises within and beyond the company’s industry and region.
Strengthen resilience. By mapping patterns that arose in previous crises, companies can test their own resilience, challenging key areas across the organization for potential weaknesses. Targeted countermeasures can then be developed in advance to strengthen resilience. This crucial aspect of crisis preparedness can involve reviewing and revising the terms and conditions for key suppliers, shoring up financials to ensure short-term availability of cash, or investing in advanced cybersecurity measures to protect essential data and software in the event of failures and breaches.
Develop action plans and communications. Once these assessments are complete and resilience-building countermeasures are in place, the company can then develop action plans for each threat. The plans must be well articulated, founded on past crises, and address operational and technical planning, financial planning, third-party management, and legal planning. Care should be taken to develop an optimally responsive communications strategy as well. The correct strategy will enable frontline responders to keep pace with or stay ahead of unfolding crises. Communications failures can turn manageable crises into irredeemable catastrophes. Companies need to have appropriate scripts and process logic in place detailing the response to crisis situations, communicated to all levels of the organization and well anchored there. Airlines provide an example of the well-articulated response, in their preparedness for an accident or crash. Not only are detailed scripts in place, but regular simulations are held to train employees at all levels of the company.
Train managers at all levels. The company should train key managers at multiple levels on what to expect and enable them to feel the pressures and emotions in a simulated environment. Doing this repeatedly and in a richer way each time will significantly improve the company’s response capabilities in a real crisis situation, even though the crisis may not be precisely the one for which managers have been trained. They will also be valuable learning exercises in their own right.
Put in place a detailed crisis-response playbook. While each crisis can unfold in unique and unpredictable ways, companies can follow a few fundamental principles of crisis response in all situations. First, establish control immediately after the crisis hits, by closely determining the level of exposure to the threat and identifying a crisis-response leader, not necessarily the CEO, who will direct appropriate actions accordingly. Second, involved parties—such as customers, employees, shareholders, suppliers, government agencies, the media, and the wider public—must be effectively engaged with a dynamic communications strategy. Third, an operational and technical “war room” should be set up, to stabilize primary threats and determine which activities to sustain and which to suspend (identifying and reaching out to critical suppliers). Finally, a deliberate effort must be made to address and neutralize the root cause of the crisis and so bring it to an end as soon as possible.

In a digitized, networked world, with globalized supply chains and complex financial interdependencies, the risk environment has grown more perilous and costly. A holistic approach to risk management, based on the lessons, good and bad, of leading companies and financial institutions, can derive value from that environment. The path to risk resilience that is emerging is an effort, led by the board and senior management, to establish the right risk profile and appetite. Success depends on the support of a thriving risk culture and state-of-the-art crisis preparedness and response. Far from minimal regulatory adherence and loss avoidance, the optimal approach to risk management consists of fundamentally strategic capabilities, deeply embedded across the organization.

Daniela Gius is a senior expert in McKinsey’s Hamburg office, Jean-Christophe Mieszala is a senior partner in the Paris office, Ernestos Panayiotou is a partner in the Athens office, and Thomas Poppensieker is a senior partner in the Munich office.

Explore a career with us

The business logic in debiasing

Are you prepared for a corporate crisis?

Nonfinancial_risk_today_1536x1536_0_Standard

Nonfinancial risk today: Getting risk and the business aligned

Managing Risk

Risk is part of all kinds of activities. Doing research carries risks characteristic of all projects which require adequate time, money and quality in the final product. Some of these overlap with ethical issues, such as ensuring that people who participate in your research aren’t exposed to unnecessary harm and ensuring that consent is informed. These are usually addressed when writing the protocols for a study and included in IRB or ethics committee applications, who will often want to see an ethics plan and copies of the proposed research instruments. Ethical considerations are foregrounded since minimising the risk to people is the most important mitigation. Aside from these, there are interrelated operational issues to consider throughout the research lifecycle.

Costs: For a lot of doctoral researchers making sure they have adequate funding throughout can be a challenge. This can be a matter of a grant not covering all of the activities required for a project; or can result from overrunning in time. Failure to correctly estimate costs when you start a project can lead to problems downstream. Managing the financial aspects is a key element in successful projects.
Time: It’s common for people writing PhDs or EdDs to feel the pressure of time, especially if they have to balance their studies alongside personal and professional commitments. Doctoral study also involves more self-regulation than other degrees. Managing your time and finding ways of being productive when you need to are important skills for researchers.
Scope: Doctoral projects can start with a well defined research question but, as the literature is reviewed, the essence of the project begins to evolve. This is no bad thing as it shows that the ideas and concepts are being developed, but if the definition of the project starts to change then care must be taken to ensure that it can still be delivered with the resources available.
Quality: Quality refers to the standard of the work being delivered, and is to some extent dependent on the other factors. At a practical level, the most important quality consideration is convincing your examiners that you meet your institutional requirements for the award of a doctorate.

At its most general level, risk management is about anticipating problems before they arise and adapting to unforeseen situations. What happens if things don’t go as anticipated? You might lose access to a data source that you were relying on. Do you have a plan B? Plan C? What happens if you fall ill and are unable to work on your project? When focused on the academic parts of a project it can be easy to overlook these kinds of considerations.

Ideas for risk mitigation:

A better research design can mitigate more risk, or build in more contingency.
Practising agile approaches develops the ability to adapt to changing circumstances while maintaining overall vision.
Writing a log of risks and their mitigation as a project is underway to record further issues that arise so you can get better at anticipating and solving problems.

Research Methods Handbook Copyright © 2020 by Rob Farrow; Francisco Iniesto; Martin Weller; and Rebecca Pitt is licensed under a Creative Commons Attribution 4.0 International License , except where otherwise noted.

Share This Book

Advanced Search

Research on Risk Management of Scientific Research Projects

Beijing Institute of Spacecraft Environment Engineering, Beijing, China

New Citation Alert added!

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

Publisher Site

ICEME '19: Proceedings of the 2019 10th International Conference on E-business, Management and Economics

The characteristics of scientific research projects determine that there are more uncertainties in project risks. In addition to common risks such as contracts, taxes and funds, more attention should be paid to the risks of time, technology, member change, coordination and target change, so that professional project managers can participate in project risk management as soon as possible.

Business Essentials
Leadership & Management
Credential of Leadership, Impact, and Management in Business (CLIMB)
Entrepreneurship & Innovation
Digital Transformation
Finance & Accounting
Business in Society
For Organizations
Support Portal
Media Coverage
Founding Donors
Leadership Team

Harvard Business School →
HBS Online →
Business Insights →

Business Insights

Harvard Business School Online's Business Insights Blog provides the career insights you need to achieve your goals and gain confidence in your business skills.

Career Development
Communication
Decision-Making
Earning Your MBA
Negotiation
News & Events
Productivity
Staff Spotlight
Student Profiles
Work-Life Balance
AI Essentials for Business
Alternative Investments
Business Analytics
Business Strategy
Business and Climate Change
Design Thinking and Innovation
Digital Marketing Strategy
Disruptive Strategy
Economics for Managers
Entrepreneurship Essentials
Financial Accounting
Global Business
Launching Tech Ventures
Leadership Principles
Leadership, Ethics, and Corporate Accountability
Leading Change and Organizational Renewal
Leading with Finance
Management Essentials
Negotiation Mastery
Organizational Leadership
Power and Influence for Positive Impact
Strategy Execution
Sustainable Business Strategy
Sustainable Investing
Winning with Digital Platforms

What Is Risk Management & Why Is It Important?

Hand holding a stack of blocks that spell risk, which are preventing a stack of dominos from toppling into human figurines

24 Oct 2023

Businesses can’t operate without risk. Economic, technological, environmental, and competitive factors introduce obstacles that companies must not only manage but overcome.

According to PwC’s Global Risk Survey , organizations that embrace strategic risk management are five times more likely to deliver stakeholder confidence and better business outcomes and two times more likely to expect faster revenue growth.

If you want to enhance your job performance and identify and mitigate risk more effectively, here’s a breakdown of what risk management is and why it’s important.

Access your free e-book today.

What Is Risk Management?

Risk management is the systematic process of identifying, assessing, and mitigating threats or uncertainties that can affect your organization. It involves analyzing risks’ likelihood and impact, developing strategies to minimize harm, and monitoring measures’ effectiveness.

“Competing successfully in any industry involves some level of risk,” says Harvard Business School Professor Robert Simons, who teaches the online course Strategy Execution . “But high-performing businesses with high-pressure cultures are especially vulnerable. As a manager, you need to know how and why these risks arise and how to avoid them.”

According to Strategy Execution , strategic risk has three main causes:

Pressures due to growth: This is often caused by an accelerated rate of expansion that makes staffing or industry knowledge gaps more harmful to your business.
Pressures due to culture: While entrepreneurial risk-taking can come with rewards, executive resistance and internal competition can cause problems.
Pressures due to information management: Since information is key to effective leadership , gaps in performance measures can result in decentralized decision-making.

These pressures can lead to several types of risk that you must manage or mitigate to avoid reputational, financial, or strategic failures. However, risks aren’t always obvious.

“I think one of the challenges firms face is the ability to properly identify their risks,” says HBS Professor Eugene Soltes in Strategy Execution .

Therefore, it’s crucial to pinpoint unexpected events or conditions that could significantly impede your organization’s business strategy .

Related: Business Strategy vs. Strategy Execution: Which Course Is Right for Me?

According to Strategy Execution , strategic risk comprises:

Operations risk: This occurs when internal operational errors interrupt your products or services’ flow. For example, shipping tainted products can negatively affect food distribution companies.
Asset impairment risk: When your company’s assets lose a significant portion of their current value because of a decreased likelihood of receiving future cash flows . For instance, losing property assets, like a manufacturing plant, due to a natural disaster.
Competitive risk: Changes in the competitive environment can interrupt your organization’s ability to create value and differentiate its offerings—eventually leading to a significant loss in revenue.
Franchise risk: When your organization’s value erodes because stakeholders lose confidence in its objectives. This primarily results from failing to control any of the strategic risk sources listed above.

Understanding these risks is essential to ensuring your organization’s long-term success. Here’s a deeper dive into why risk management is important.

4 Reasons Why Risk Management Is Important

1. protects organization’s reputation.

In many cases, effective risk management proactively protects your organization from incidents that can affect its reputation.

“Franchise risk is a concern for all businesses,“ Simons says in Strategy Execution . “However, it's especially pressing for businesses whose reputations depend on the trust of key constituents.”

For example, airlines are particularly susceptible to franchise risk because of unforeseen events, such as flight delays and cancellations caused by weather or mechanical failure. While such incidents are considered operational risks, they can be incredibly damaging.

In 2016, Delta Airlines experienced a national computer outage, resulting in over 2,000 flight cancellations. Delta not only lost an estimated $150 million but took a hit to its reputation as a reliable airline that prided itself on “canceling cancellations.”

While Delta bounced back, the incident illustrates how mitigating operational errors can make or break your organization.

2. Minimizes Losses

Most businesses create risk management teams to avoid major financial losses. Yet, various risks can still impact their bottom lines.

A Vault Platform study found that dealing with workplace misconduct cost U.S. businesses over $20 billion in 2021. In addition, Soltes says in Strategy Execution that corporate fines for misconduct have risen 40-fold in the U.S. over the last 20 years.

One way to mitigate financial losses related to employee misconduct is by implementing internal controls. According to Strategy Execution , internal controls are the policies and procedures designed to ensure reliable accounting information and safeguard company assets.

“Managers use internal controls to limit the opportunities employees have to expose the business to risk,” Simons says in the course.

One company that could have benefited from implementing internal controls is Volkswagen (VW). In 2015, VW whistle-blowers revealed that the company’s engineers deliberately manipulated diesel vehicles’ emissions data to make them appear more environmentally friendly.

This led to severe consequences, including regulatory penalties, expensive vehicle recalls, and legal settlements—all of which resulted in significant financial losses. By 2018, U.S. authorities had extracted $25 billion in fines, penalties, civil damages, and restitution from the company.

Had VW maintained more rigorous internal controls to ensure transparency, compliance, and proper oversight of its engineering practices, perhaps it could have detected—or even averted—the situation.

Related: What Are Business Ethics & Why Are They Important?

3. Encourages Innovation and Growth

Risk management isn’t just about avoiding negative outcomes. It can also be the catalyst that drives your organization’s innovation and growth.

“Risks may not be pleasant to think about, but they’re inevitable if you want to push your business to innovate and remain competitive,” Simons says in Strategy Execution .

According to PwC , 83 percent of companies’ business strategies focus on growth, despite risks and mixed economic signals. In Strategy Execution , Simons notes that competitive risk is a challenge you must constantly monitor and address.

“Any firm operating in a competitive market must focus its attention on changes in the external environment that could impair its ability to create value for its customers,” Simons says.

This requires incorporating boundary systems —explicit statements that define and communicate risks to avoid—to ensure internal controls don’t extinguish innovation.

“Boundary systems are essential levers in businesses to give people freedom,” Simons says. “In such circumstances, you don’t want to stifle innovation or entrepreneurial behavior by telling people how to do their jobs. And if you want to remain competitive, you’ll need to innovate and adapt.”

Strategy Execution | Successfully implement strategy within your organization | Learn More

Netflix is an example of how risk management can inspire innovation. In the early 2000s, the company was primarily known for its DVD-by-mail rental service. With growing competition from video rental stores, Netflix went against the grain and introduced its streaming service. This changed the market, resulting in a booming industry nearly a decade later.

Netflix’s innovation didn’t stop there. Once the steaming services market became highly competitive, the company shifted once again to gain a competitive edge. It ventured into producing original content, which ultimately helped differentiate its platform and attract additional subscribers.

By offering more freedom within internal controls, you can encourage innovation and constant growth.

4. Enhances Decision-Making

Risk management also provides a structured framework for decision-making. This can be beneficial if your business is inclined toward risks that are difficult to manage.

By pulling data from existing control systems to develop hypothetical scenarios, you can discuss and debate strategies’ efficacy before executing them.

“Interactive control systems are the formal information systems managers use to personally involve themselves in the decision activities of subordinates,” Simons says in Strategy Execution . “Decision activities that relate to and impact strategic uncertainties.”

JPMorgan Chase, one of the most prominent financial institutions in the world, is particularly susceptible to cyber risks because it compiles vast amounts of sensitive customer data . According to PwC , cybersecurity is the number one business risk on managers’ minds, with 78 percent worried about more frequent or broader cyber attacks.

Using data science techniques like machine learning algorithms enables JPMorgan Chase’s leadership not only to detect and prevent cyber attacks but address and mitigate risk.

How to Formulate a Successful Business Strategy | Access Your Free E-Book | Download Now

Start Managing Your Organization's Risk

Risk management is essential to business. While some risk is inevitable, your ability to identify and mitigate it can benefit your organization.

But you can’t plan for everything. According to the Harvard Business Review , some risks are so remote that no one could have imagined them. Some result from a perfect storm of incidents, while others materialize rapidly and on enormous scales.

By taking an online strategy course , you can build the knowledge and skills to identify strategic risks and ensure they don’t undermine your business. For example, through an interactive learning experience, Strategy Execution enables you to draw insights from real-world business examples and better understand how to approach risk management.

Do you want to mitigate your organization’s risks? Explore Strategy Execution —one of our online strategy courses —and download our free strategy e-book to gain the insights to build a successful strategy.

About the Author

Risk Management 101: Process, Examples, Strategies

Emily Villanueva

August 16, 2023

Risk Management 101: Process, Examples, Strategies

Effective risk management takes a proactive and preventative stance to risk, aiming to identify and then determine the appropriate response to the business and facilitate better decision-making. Many approaches to risk management focus on risk reduction, but it’s important to remember that risk management practices can also be applied to opportunities, assisting the organization with determining if that possibility is right for it.

Risk management as a discipline has evolved to the point that there are now common subsets and branches of risk management programs, from enterprise risk management (ERM) , to cybersecurity risk management, to operational risk management (ORM) , to supply chain risk management (SCRM) . With this evolution, standards organizations around the world, like the US’s National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO) have developed and released their own best practice frameworks and guidance for businesses to apply to their risk management plan.

Companies that adopt and continuously improve their risk management programs can reap the benefits of improved decision-making, a higher probability of reaching goals and business objectives, and an augmented security posture. But, with risks proliferating and the many types of risks that face businesses today, how can an organization establish and optimize its risk management processes? This article will walk you through the fundamentals of risk management and offer some thoughts on how you can apply it to your organization.

Unlocking Operational Risk Management: Empower the Front Line to Effectively Manage Risk

What Are Risks?

We’ve been talking about risk management and how it has evolved, but it’s important to clearly define the concept of risk. Simply put, risks are the things that could go wrong with a given initiative, function, process, project, and so on. There are potential risks everywhere — when you get out of bed, there’s a risk that you’ll stub your toe and fall over, potentially injuring yourself (and your pride). Traveling often involves taking on some risks, like the chance that your plane will be delayed or your car runs out of gas and leave you stranded. Nevertheless, we choose to take on those risks, and may benefit from doing so.

Companies should think about risk in a similar way, not seeking simply to avoid risks, but to integrate risk considerations into day-to-day decision-making.

What are the opportunities available to us?
What could be gained from those opportunities?
What is the business’s risk tolerance or risk appetite – that is, how much risk is the company willing to take on?
How will this relate to or affect the organization’s goals and objectives?
Are these opportunities aligned with business goals and objectives?

With that in mind, conversations about risks can progress by asking, “What could go wrong?” or “What if?” Within the business environment, identifying risks starts with key stakeholders and management, who first define the organization’s objectives. Then, with a risk management program in place, those objectives can be scrutinized for the risks associated with achieving them. Although many organizations focus their risk analysis around financial risks and risks that can affect a business’s bottom line, there are many types of risks that can affect an organization’s operations, reputation, or other areas.

Remember that risks are hypotheticals — they haven’t occurred or been “realized” yet. When we talk about the impact of risks, we’re always discussing the potential impact. Once a risk has been realized, it usually turns into an incident, problem, or issue that the company must address through their contingency plans and policies. Therefore, many risk management activities focus on risk avoidance, risk mitigation, or risk prevention.

What Different Types of Risks Are There?

There’s a vast landscape of potential risks that face modern organizations. Targeted risk management practices like ORM and SCRM have risen to address emerging areas of risk, with those disciplines focused on mitigating risks associated with operations and the supply chain. Specific risk management strategies designed to address new risks and existing risks have emerged from these facets of risk management, providing organizations and risk professionals with action plans and contingency plans tailored to unique problems and issues.

Common types of risks include: strategic, compliance, financial, operational, reputational, security, and quality risks.

Strategic Risk

Strategic risks are those risks that could have a potential impact on a company’s strategic objectives, business plan, and/or strategy. Adjustments to business objectives and strategy have a trickle-down effect to almost every function in the organization. Some events that could cause strategic risks to be realized are: major technological changes in the company, like switching to a new tech stack; large layoffs or reductions-in-force (RIFs); changes in leadership; competitive pressure; and legal changes.

Compliance Risk

Compliance risks materialize from regulatory and compliance requirements that businesses are subject to, like Sarbanes-Oxley for publicly-traded US companies, or GDPR for companies that handle personal information from the EU. The consequence or impact of noncompliance is generally a fine from the governing body of that regulation. These types of risks are realized when the organization does not maintain compliance with regulatory requirements, whether those requirements are environmental, financial, security-specific, or related to labor and civil laws.

Financial Risk

Financial risks are fairly self-explanatory — they have the possibility of affecting an organization’s profits. These types of risks often receive significant attention due to the potential impact on a company’s bottom line. Financial risks can be realized in many circumstances, like performing a financial transaction, compiling financial statements, developing new partnerships, or making new deals.

Operational Risk

Risks to operations, or operational risks, have the potential to disrupt daily operations involved with running a business. Needless to say, this can be a problematic scenario for organizations with employees unable to do their jobs, and with product delivery possibly delayed. Operational risks can materialize from internal or external sources — employee conduct, retention, technology failures, natural disasters, supply chain breakdowns — and many more.

Reputational Risk

Reputational risks are an interesting category. These risks look at a company’s standing in the public and in the media and identify what could impact its reputation. The advent of social media changed the reputation game quite a bit, giving consumers direct access to brands and businesses. Consumers and investors too are becoming more conscious about the companies they do business with and their impact on the environment, society, and civil rights. Reputational risks are realized when a company receives bad press or experiences a successful cyber attack or security breach; or any situation that causes the public to lose trust in an organization.

Security Risk

Security risks have to do with possible threats to your organization’s physical premises, as well as information systems security. Security breaches, data leaks, and other successful types of cyber attacks threaten the majority of businesses operating today. Security risks have become an area of risk that companies can’t ignore, and must safeguard against.

Quality Risk

Quality risks are specifically associated with the products or services that a company provides. Producing low-quality goods or services can cause an organization to lose customers, ultimately affecting revenue. These risks are realized when product quality drops for any reason — whether that’s technology changes, outages, employee errors, or supply chain disruptions.

Steps in the Risk Management Process

The six risk management process steps that we’ve outlined below will give you and your organization a starting point to implement or improve your risk management practices. In order, the risk management steps are:

Risk identification
Risk analysis or assessment
Controls implementation
Resource and budget allocation
Risk mitigation
Risk monitoring, reviewing, and reporting

If this is your organization’s first time setting up a risk management program, consider having a formal risk assessment completed by an experienced third party, with the goal of producing a risk register and prioritized recommendations on what activities to focus on first. Annual (or more frequent) risk assessments are usually required when pursuing compliance and security certifications, making them a valuable investment.

Step 1: Risk Identification

The first step in the risk management process is risk identification. This step takes into account the organization’s overarching goals and objectives, ideally through conversations with management and leadership. Identifying risks to company goals involves asking, “What could go wrong?” with the plans and activities aimed at meeting those goals. As an organization moves from macro-level risks to more specific function and process-related risks, risk teams should collaborate with critical stakeholders and process owners, gaining their insight into the risks that they foresee.

As risks are identified, they should be captured in formal documentation — most organizations do this through a risk register, which is a database of risks, risk owners, mitigation plans, and risk scores.

Step 2: Risk Analysis or Assessment

Analyzing risks, or assessing risks, involves looking at the likelihood that a risk will be realized, and the potential impact that risk would have on the organization if that risk were realized. By quantifying these on a three- or five-point scale, risk prioritization becomes simpler. Multiplying the risk’s likelihood score with the risk’s impact score generates the risk’s overall risk score. This value can then be compared to other risks for prioritization purposes.

The likelihood that a risk will be realized asks the risk assessor to consider how probable it would be for a risk to actually occur. Lower scores indicate less chances that the risk will materialize. Higher scores indicate more chances that the risk will occur.

Likelihood, on a 5×5 risk matrix, is broken out into:

Highly Unlikely
Highly Likely

The potential impact of a risk, should it be realized, asks the risk assessor to consider how the business would be affected if that risk occurred. Lower scores signal less impact to the organization, while higher scores indicate more significant impacts to the company.

Impact, on a 5×5 risk matrix, is broken out into:

Negligible Impact
Moderate Impact
High Impact
Catastrophic Impact

Risk assessment matrices help visualize the relationship between likelihood and impact, serving as a valuable tool in risk professionals’ arsenals.

Organizations can choose whether to employ a 5×5 risk matrix, as shown above, or a 3×3 risk matrix, which breaks likelihood, impact, and aggregate risk scores into low, moderate, and high categories.

Step 3: Controls Assessment and Implementation

Once risks have been identified and analyzed, controls that address or partially address those risks should be mapped. Any risks that don’t have associated controls, or that have controls that are inadequate to mitigate the risk, should have controls designed and implemented to do so.

Step 4: Resource and Budget Allocation

This step, the resource and budget allocation step, doesn’t get included in a lot of content about risk management. However, many businesses find themselves in a position where they have limited resources and funds to dedicate to risk management and remediation. Developing and implementing new controls and control processes is timely and costly; there’s usually a learning curve for employees to get used to changes in their workflow.

Using the risk register and corresponding risk scores, management can more easily allocate resources and budget to priority areas, with cost-effectiveness in mind. Each year, leadership should re-evaluate their resource allocation as part of annual risk lifecycle practices.

Step 5: Risk Mitigation

The risk mitigation step of risk management involves both coming up with the action plan for handling open risks, and then executing on that action plan. Mitigating risks successfully takes buy-in from various stakeholders. Due to the various types of risks that exist, each action plan may look vastly different between risks.

For example, vulnerabilities present in information systems pose a risk to data security and could result in a data breach. The action plan for mitigating this risk might involve automatically installing security patches for IT systems as soon as they are released and approved by the IT infrastructure manager. Another identified risk could be the possibility of cyber attacks resulting in data exfiltration or a security breach. The organization might decide that establishing security controls is not enough to mitigate that threat, and thus contract with an insurance company to cover off on cyber incidents. Two related security risks; two very different mitigation strategies.

One more note on risk mitigation — there are four generally accepted “treatment” strategies for risks. These four treatments are:

Risk Acceptance: Risk thresholds are within acceptable tolerance, and the organization chooses to accept this risk.
Risk Transfer : The organization chooses to transfer the risk or part of the risk to a third party provider or insurance company.
Risk Avoidance : The organization chooses not to move forward with that risk and avoids incurring it.
Risk Mitigation : The organization establishes an action plan for reducing or limiting risk to acceptable levels.

If an organization is not opting to mitigate a risk, and instead chooses to accept, transfer, or avoid the risk, these details should still be captured in the risk register, as they may need to be revisited in future risk management cycles.

Step 6: Risk Monitoring, Reviewing, and Reporting

The last step in the risk management lifecycle is monitoring risks, reviewing the organization’s risk posture, and reporting on risk management activities. Risks should be monitored on a regular basis to detect any changes to risk scoring, mitigation plans, or owners. Regular risk assessments can help organizations continue to monitor their risk posture. Having a risk committee or similar committee meet on a regular basis, such as quarterly, integrates risk management activities into scheduled operations, and ensures that risks undergo continuous monitoring. These committee meetings also provide a mechanism for reporting risk management matters to senior management and the board, as well as affected stakeholders.

As an organization reviews and monitors its risks and mitigation efforts, it should apply any lessons learned and use past experiences to improve future risk management plans.

Examples of Risk Management Strategies

Depending on your company’s industry, the types of risks it faces, and its objectives, you may need to employ many different risk management strategies to adequately handle the possibilities that your organization encounters.

Some examples of risk management strategies include leveraging existing frameworks and best practices, minimum viable product (MVP) development, contingency planning, root cause analysis and lessons learned, built-in buffers, risk-reward analysis, and third-party risk assessments.

Leverage Existing Frameworks and Best Practices

Risk management professionals need not go it alone. There are several standards organizations and committees that have developed risk management frameworks, guidance, and approaches that business teams can leverage and adapt for their own company.

Some of the more popular risk management frameworks out there include:

ISO 31000 Family : The International Standards Organization’s guidance on risk management.
NIST Risk Management Framework (RMF) : The National Institute of Standards and Technology has released risk management guidance compatible with their Cybersecurity Framework (CSF).
COSO Enterprise Risk Management (ERM) : The Committee of Sponsoring Organizations’ enterprise risk management guidance.

Minimum Viable Product (MVP) Development

This approach to product development involves developing core features and delivering those to the customer, then assessing response and adjusting development accordingly. Taking an MVP path reduces the likelihood of financial and project risks, like excessive spend or project delays by simplifying the product and decreasing development time.

Contingency Planning

Developing contingency plans for significant incidents and disaster events are a great way for businesses to prepare for worst-case scenarios. These plans should account for response and recovery. Contingency plans specific to physical sites or systems help mitigate the risk of employee injury and outages.

Root Cause Analysis and Lessons Learned

Sometimes, experience is the best teacher. When an incident occurs or a risk is realized, risk management processes should include some kind of root cause analysis that provides insights into what can be done better next time. These lessons learned, integrated with risk management practices, can streamline and optimize response to similar risks or incidents.

Built-In Buffers

Applicable to discrete projects, building in buffers in the form of time, resources, and funds can be another viable strategy to mitigate risks. As you may know, projects can get derailed very easily, going out of scope, over budget, or past the timeline. Whether a project team can successfully navigate project risks spells the success or failure of the project. By building in some buffers, project teams can set expectations appropriately and account for the possibility that project risks may come to fruition.

Risk-Reward Analysis

In a risk-reward analysis, companies and project teams weigh the possibility of something going wrong with the potential benefits of an opportunity or initiative. This analysis can be done by looking at historical data, doing research about the opportunity, and drawing on lessons learned. Sometimes the risk of an initiative outweighs the reward; sometimes the potential reward outweighs the risk. At other times, it’s unclear whether the risk is worth the potential reward or not. Still, a simple risk-reward analysis can keep organizations from bad investments and bad deals.

Third-Party Risk Assessments

Another strategy teams can employ as part of their risk management plan is to conduct periodic third-party risk assessments. In this method, a company would contract with a third party experienced in conducting risk assessments, and have them perform one (or more) for the organization. Third-party risk assessments can be immensely helpful for the new risk management team or for a mature risk management team that wants a new perspective on their program.

Generally, third-party risk assessments result in a report of risks, findings, and recommendations. In some cases, a third-party provider may also be able to help draft or provide input into your risk register. As external resources, third-party risk assessors can bring their experience and opinions to your organization, leading to insights and discoveries that may not have been found without an independent set of eyes.

Components of an Effective Risk Management Plan

An effective risk management plan has buy-in from leadership and key stakeholders; applies the risk management steps; has good documentation; and is actionable. Buy-in from management often determines whether a risk management function is successful or not, since risk management requires resources to conduct risk assessments, risk identification, risk mitigation, and so on. Without leadership buy-in, risk management teams may end up just going through the motions without the ability to make an impact. Risk management plans should be integrated into organizational strategy, and without stakeholder buy-in, that typically does not happen.

Applying the risk management methodology is another key component of an effective plan. That means following the six steps outlined above should be incorporated into a company’s risk management lifecycle. Identifying and analyzing risks, establishing controls, allocating resources, conducting mitigation, and monitoring and reporting on findings form the foundations of good risk management.

Good documentation is another cornerstone of effective risk management. Without a risk register recording all of a company’s identified risks and accompanying scores and mitigation strategies, there would be little for a risk team to act on. Maintaining and updating the risk register should be a priority for the risk team — risk management software can help here, providing users with a dashboard and collaboration mechanism.

Last but not least, an effective risk management plan needs to be actionable. Any activities that need to be completed for mitigating risks or establishing controls, should be feasible for the organization and allocated resources. An organization can come up with the best possible, best practice risk management plan, but find it completely unactionable because they don’t have the capabilities, technology, funds, and/or personnel to do so. It’s all well and good to recommend that cybersecurity risks be mitigated by setting up a 24/7 continuous monitoring Security Operations Center (SOC), but if your company only has one IT person on staff, that may not be a feasible action plan.

Executing on an effective risk management plan necessitates having the right people, processes, and technology in place. Sometimes the challenges involved with running a good risk management program are mundane — such as disconnects in communication, poor version control, and multiple risk registers floating around. Risk management software can provide your organization with a unified view of the company’s risks, a repository for storing and updating key documentation like a risk register, and a space to collaborate virtually with colleagues to check on risk mitigation efforts or coordinate on risk assessments. Get started building your ideal risk management plan today!

Emily Villanueva, MBA, is a Senior Manager of Product Solutions at AuditBoard. Emily joined AuditBoard from Grant Thornton, where she provided consulting services specializing in SOX compliance, internal audit, and risk management. She also spent 5 years in the insurance industry specializing in SOX/ICFR, internal audits, and operational compliance. Connect with Emily on LinkedIn .

Open Access is an initiative that aims to make scientific research freely available to all. To date our community has made over 100 million downloads. It’s based on principles of collaboration, unobstructed discovery, and, most importantly, scientific progression. As PhD students, we found it difficult to access the research we needed, so we decided to create a new Open Access publisher that levels the playing field for scientists across the world. How? By making research easy to access, and puts the academic needs of the researchers before the business interests of publishers.

We are a community of more than 103,000 authors and editors from 3,291 institutions spanning 160 countries, including Nobel Prize winners and some of the world’s most-cited researchers. Publishing on IntechOpen allows authors to earn citations and find new collaborators, meaning more people see your work not only from your own field of study, but from other related fields too.

Brief introduction to this section that descibes Open Access especially from an IntechOpen perspective

Want to get in touch? Contact our London head office or media team here

Our team is growing all the time, so we’re always on the lookout for smart people who want to help us reshape the world of scientific publishing.

Home > Books > Integrating Quality and Risk Management in Logistics

Research Methodology for Quality and Risk Management in Logistics

Submitted: 04 February 2022 Reviewed: 15 February 2022 Published: 23 March 2022

DOI: 10.5772/intechopen.103731

Cite this chapter

There are two ways to cite this chapter:

From the Compact

Integrating Quality and Risk Management in Logistics

Authored by Marieta Stefanova

To purchase hard copies of this book, please contact the representative in India: CBS Publishers & Distributors Pvt. Ltd. www.cbspd.com | [email protected]

Chapter metrics overview

320 Chapter Downloads

Impact of this chapter

Total Chapter Downloads on intechopen.com

Total Chapter Views on intechopen.com

This chapter sees an appropriate approach to build a quality management model by managing the risk of nonconforming logistics activities that result from dynamic environmental changes and contingencies. Logistics management has the misconception that reducing complaints would increase satisfaction to the same extent. Models for positively influencing satisfaction should contain much more than one variable. The customer satisfaction model used in this chapter contains six latent variables: Logistics satisfaction survey; analysis of data from the survey to measure satisfaction with logistics services; chapter to analyze the risk of noncompliant processes in logistics services; survey data analysis to measure the risk of noncompliant processes in logistics services. FMEA analysis was used as a method to investigate the consequences of emerging risks by quantifying the severity, likelihood of occurrence, and detection of nonconforming logistics services that further generated the RPN. The main objective of this chapter is to define the research design and the methods of data collection and analysis.

satisfaction
FMEA method

Author Information

Marieta stefanova *.

Department Management and Logistics, Nikola Vaptsarov Naval Academy, Varna, Bulgaria

*Address all correspondence to: [email protected]

1. Introduction

The present chapter uses the SERVQUA model to identify the gaps between customer satisfaction and the needs of logistics service users by determining the relationship between customer satisfaction and targeted actions to manage the risk of dissatisfaction by logistics service providers.

Expectations and perceptions of the logistics services studied must at least match to obtain a positive assessment of quality from users of the service.

In cases where there is a discrepancy between the target and actual values of the surveyed services, the quality score will be negative.

Based on strategic discrepancies between target and actual values (system discrepancies) in quality, the reasons for the insufficiency of the measured service quality values are analyzed.

Customer perceptions: Mismatch between customer expectations and perceptions of the management of the service received in a real environment.

Senior management perceptions: Mismatch between the perception of the service provider’s senior management and customer expectations of the proposed service quality specifications.

Process execution: Mismatch between service quality specifications and actual performance.

Communication with customers: Inconsistency between the service and the message addressed to the customer about the service.

1.1 Methodology for measuring satisfaction with logistics services

The survey was first conducted as a pilot online survey to test the feasibility of the questionnaire from 1 December 2020 to 1 January 2021. The pilot survey covered 15 respondents who were mailed the evaluation questionnaire. The results of the pilot survey showed that all the respondents understood all the questions.

The baseline survey was conducted through a questionnaire and included a sample of 115 respondents, who were required to have experience in managing logistics processes. The survey was conducted from 15 February 2021 to 15 April 2021. A total of 105 questionnaires were collected, of which 100 were valid (5 of the questionnaires were not completed correctly and some of the questions had more than one answer), with a response rate of 95%. The survey was conducted directly through a telephone interview or internet communication depending on the suitability of the respondents. The valid questionnaires were collected from 52 logistics service providers and 48 customers.

1.2 Modeling the hypothesis

The model used to conduct the chapter on customer satisfaction with logistics services contains seven latent variables. The antecedents of logistics service satisfaction are customer expectations of logistics service, perceived quality, perceived value, and image. While the two indicators of the consequences of satisfaction are: nonconformities (complaints, returns) and loyalty.

The latent variables were defined using manifest variables appropriate for the purposes of this chapter and were measured in the survey. Associations between manifest and latent variables are described using a set of equations with unknown coefficients.

Expectation: Two indicators were studied. Customer expectations related to logistics service culture. The manifestation of expectations depends on how customers perceive and interpret the factors influencing the formation of expectations. Various factors are under the control of the company and depend on the performance of logistics services, while others depend entirely on customer perceptions (psychological, cultural, and social). Therefore, the quality of feedback and personal contact with employees have the potential to create value and should be a priority. Sales staff need to understand customer perceptions before guiding them to the appropriate choice of product for order preparation. The indicator relates to the provision of a correct logistics service, the speed of response, and the ability of customer-facing staff to make timely decisions on the disposal of a nonconforming product.

Quality: Five indicators of the expected quality of logistics services were studied. Logistics service quality is the extent to which the set of inherent service characteristics satisfies the requirements of customers and stakeholders 1 .

Value: Two indicators of perceived value were investigated. The perceived value of logistics services motivates the customer to tradeoff between the quality received versus the price paid to acquire the service. The service that customers receive at the time of purchase influences the perceived value.

Image: The indicator refers to the good reputation and image of the logistics company or the ability of the service provider to inspire trust and confidence. The positive impact of this factor is achieved by measuring satisfaction through various means that provide tangibility to the logistics service and service culture including tangible items relating to the facility, environment, and all types of hardware and equipment required to provide services.

Satisfaction: Three satisfaction indicators were studied. The satisfaction indicator is related to the customer’s reaction to the comparison between the expected and actual experience of the logistics service. An essential condition for achieving good financial performance lies in finding a way to minimize the differences between the expected and actual experience of the logistics service.

Complaints: Customer discrepancies (customer complaints) that arise while providing logistics services that are unfulfilled as expected or actual customer requirements. Complaints should be used to improve any process in which a nonconformance is identified.

Loyalty: Customer loyalty is the customer’s positive attitude towards the logistics service provided because of factors that are significant to the customer.

The questionnaire required each survey participant to rate the margin of acceptability of the quality of logistics services on a 5-point scale (0 points – does not meet customer requirements and 5 points – fully meets and exceeds requirements. In cases where respondents’ perceptions did not match the two extremes of the rating, they could select any number between 1 and 5 to rate how strong their expectations and perceptions were. The accompanying instructions explicitly stated that the purpose of the survey was not to find acceptable or unacceptable responses but only to establish the exact numerical rating that reflected their opinion of the quality of the logistics service and their level of satisfaction as its users.

The survey questionnaire is shown in Table 1 .

Rate the statements on a 5-point scale: (1) completely disagree (2) disagree (3) hesitate (4) agree (5) completely agree
Indicator	Questions to respondents	Evaluation
Expectation	PLSE1. The knowledge and experience of the nominated contact person are sufficient to understand the problems encountered	1 □ 2 □ 3 □ 4 □ 5 □
Expectation	PLSE2. Problems arising are resolved by the designated contact person	1 □ 2 □ 3 □ 4 □ 5 □
Quality	PLSQ1. Ordering procedures are easy to use	1 □ 2 □ 3 □ 4 □ 5 □
	PLSQ2. Shipments rarely contain incorrect quantity	1 □ 2 □ 3 □ 4 □ 5 □
	PLSQ3. Supplies arrive on the promised delivery date	1 □ 2 □ 3 □ 4 □ 5 □
	PLSQ4. Shipments rarely contain defective products	1 □ 2 □ 3 □ 4 □ 5 □
	PLSQ5. The manner in which claims are settled is adequate	1 □ 2 □ 3 □ 4 □ 5 □
Value	PLSV1. Logistics services meet the requirements (specifications)	1 □ 2 □ 3 □ 4 □ 5 □
Value	PLSV1. Logistics services are reliable and on time	1 □ 2 □ 3 □ 4 □ 5 □
Image	PLSI1. Complaints are rarely due to the method of transportation	1 □ 2 □ 3 □ 4 □ 5 □
	PLSI2. No difficulties have ever arisen due to lack of availability	1 □ 2 □ 3 □ 4 □ 5 □
	PLSI3. The time between placing the order and receiving the delivery is short	1 □ 2 □ 3 □ 4 □ 5 □
	PLSI4. Product return procedures are easy to use	1 □ 2 □ 3 □ 4 □ 5 □
	PLSI5. The resulting products are not normally crushed damaged	1 □ 2 □ 3 □ 4 □ 5 □
Satisfaction	PLSS1. Logistics services to meet your expectations in number and scope	1 □ 2 □ 3 □ 4 □ 5 □
	PLSS2. Selected logistics services are the right choice	1 □ 2 □ 3 □ 4 □ 5 □
	PLSS3. I am satisfied with the overall logistics service	1 □ 2 □ 3 □ 4 □ 5 □
Complaint	PLSC1. The corrective actions taken following complaints are adequate for the problem encountered	1 □ 2 □ 3 □ 4 □ 5 □
Complaint	PLSC2. Corrective actions taken following complaints are timely	1 □ 2 □ 3 □ 4 □ 5 □
Loyalty	PLSL1 I would recommend the logistics services used	1 □ 2 □ 3 □ 4 □ 5 □
Loyalty	PLSL2 I would use logistics services in the long-term	1 □ 2 □ 3 □ 4 □ 5 □

Survey questionnaire.

1.3 Model of the empirical study of customer satisfaction with logistics services

Tenenhaus and Michel’s [ 1 ] study built based on the SERVQUA methodology provides the reference for the possible and expected model of interaction between the variables that would be obtained based on the results of the study ( Figure 1 ).

Key attributes of the causal model describe the causes and consequences of customer satisfaction. Source [ 1 ].

The partial least squares modeling method was used to analyze the data obtained from the survey measuring the identified gaps between satisfaction and needs of the logistics service user customers. Multivariate analyses (partial least squares path-modeling [PLS-PM]) were performed to simultaneously assess the potential relationships between different logistics service quality and satisfaction indicators. An appropriate analysis method was selected after investigating a convenient tool to examine the multiple relationships (latent variables) of variables (factors).

1.3.1 Partial least squares path-Modeling (PLS-PM)

The PLS-PM model reflects causal relationships with arrows that start in a latent variable (factor) and point to measured indicator variables. The PLS-PM was chosen as the most convenient tool to examine relationships between observed and unobserved (latent) variables. Matrices in which 15–20% of the data are missing or have experimental errors can be processed by the PLS-PM method.

The possible outcomes of the PLS-PM study are presented in Table 2 .

Outcome interpretation in PLS-PM models (multivariate analysis).

Through the assessment method, the relationship between variables acting on a particular outcome through multiple causal pathways is examined. Data processing was done using XLSTAT software [ 2 ] for modeling PLS relationships (pathways) implemented in the XLSTAT statistical analysis package of Microsoft Excel. The built-in XLSTAT-PLSPM interface [ 2 ] allows to build of a graphical representation of the model and to display results in Excel as tables or graphical images. XLSTAT-PLSPM is fully integrated with the XLSTAT package and allows different survey data analyses to be performed with other XLSTAT applications.

2. Methodology for conducting the risk analysis study of noncompliant processes in logistics services

The main objective of the risk analysis of noncompliant processes in logistics services is to identify, assess, and forecast the significant factors that affect the prosperity and development of logistics companies. The fulfillment of this objective is accomplished through the method:

Analysis of types of refusals and their consequences - Failure mode and effects analysis (FMEA). The method is defined and standardized by experts. After the expert team that has the necessary experience and knowledge of the object under study has been assembled, the methodology identifies and ranks the logistics risks under study. Irrespective of the ranking method, it is necessary to identify each logistics risk-specific program and actions to eliminate or minimize the negative impact.

The method applies to various fields of knowledge [ 3 ] but it is not known to have been applied to analyze the risks of nonconforming processes related to satisfaction in logistics services. This made it necessary to develop and apply a new methodology to assess nonconforming processes in logistics services, as one of the tasks for this chapter. The chapter investigates the risk in logistics processes that may contribute to the deterioration of satisfaction indicators in logistics services related to FMCG and, specifically, the food sector.

2.1 Assumptions and limitations in the risk analysis of noncompliant processes in logistics services

Detecting nonconforming logistics processes at a late-stage leads to higher costs for the company.

The strategy of detecting and correcting nonconforming logistics processes can be replaced by the strategy to avoid them and eliminate the causes in the planning phase.

The costs of controlling and tracking nonconforming logistics processes in the stages immediately preceding the physical delivery of goods can be minimized.

The experience gained from noncompliant logistics processes can be used to address the cause of their reoccurrence in the future.

The principle of error prevention should be prioritized in managing nonconforming logistics processes.

Quality control of logistics services should be assigned to highly competent employees who play a role in the actual execution of the processes.

The control of the risk of noncompliant logistics services is specific to each market segment and may impair its objectivity.

Despite the measures to control the risks and to neutralize the negative impact of some factors, the developed methodology cannot completely eliminate the impact of all random factors.

Although the analysis is based on real risks, the achievement of the residual risk values, after the implementation of the control measures, may not be fully consistent with the actual outcome given the influence of unknown factors in the assessment.

Control measures need to be implemented for fully measurable outcomes of noncompliant logistics processes and those that cannot be measured with complete accuracy.

The proposed control measures to manage the risks must be adapted to extreme changes in the external and internal environment.

In establishing the Risk Priority Number (RPN) and its three components of Severity (S), Likelihood (O), and Detection (D), the assessment of the degree of risk assigned by the experts conducting the analysis can be highly subjective.

The analysis based on expert opinion must also assess whether the three parameters are equally important. In cases where the experts judge that this is not the case, significance coefficients should be assigned to each of the components (S), (O), and (D).

It should be considered that each factor requires different preventive actions to prevent or minimize the risk of a negative impact of the error or noncompliance occurring even in cases where the analysis results in identical RPN scores for different factors.

2.2 Assigning scores and interpreting results in the risk analysis of noncompliant processes in logistics services

To apply the method, a separate RPN (Risk Priority Number) must be determined for each process.

The numerical value of the RPN denoted the quantification of the risk that caused the nonconformity in the logistics service obtained as the product of the probability of the nonconformity occurring, the probability of the nonconformity being detected before the customers, and the severity of the impact in case it is not detected. The values for each of the RPN components can range from 1 to 10 as indicated in Table 3 , determination of RPN risk class Table 4 .

(S) Severity of consequences	(O) Probability of occurrence	(D) Probability of detection
8–10 A small change in the risk factor can make a significant difference in satisfaction with logistics services.	8–10 The risk factor is expected to have a negative impact on satisfaction	7–10 The possibility of detecting noncompliance before it affects satisfaction is negligible
5–7 A small change in the risk factor has the potential to significantly affect satisfaction with logistics services.	5–7 Significant likelihood that the risk factor will negatively impact satisfaction	4–6 There is little possibility of detecting noncompliance before it affects satisfaction
2–4 Changes in the risk factor have only a marginal impact on satisfaction with logistics services.	2–4 Risk factors unlikely to negatively impact satisfaction	2–3 The opportunity to identify noncompliance before it affects satisfaction is significant
1 Changes in the risk factor do not affect satisfaction with logistics services.	1 Negligible likelihood that the risk factor will negatively impact satisfaction	1 The discrepancy can be detected before it affects satisfaction

Determination of RPN components.

Value of RPN	Explanatory notes
RPN over 851 Very high-risk	The potential consequences of noncompliance can cause dissatisfaction, increase the churn of current and potential customers, and significantly degrade the performance metrics of the logistics services that are important to the customer.
RPN 600–850 High risk	The potential consequences of noncompliance can significantly degrade the satisfaction and performance metrics of logistics services that are important to the customer.
RPN 150 to 599 Moderate risk	The potential risk of noncompliance is likely to negatively impact satisfaction and degrade performance metrics for logistics services that are important to the customer to a moderate degree.
RPN up to 149 Low risk	A low-risk class is defined when the potential consequences of noncompliance will result in a temporary reduction in satisfaction.
RPN up to 10 Negligible risk	A negligible class is defined when the potential consequences of the noncompliance occurring will have no impact on the company’s operations and customer satisfaction.

Determination of RPN risk class.

2.3 Setting of the empirical study for risk analysis

A pilot study was first brainstormed and conducted to test the feasibility of applying the FMEA method to analyze the risk of noncompliant logistics services related to customer satisfaction from 1 May 2020 to 15 May 2021. The pilot study was conducted with five leading logistics professionals and its results showed that all participants support the application of the FMEA method for analyzing logistics processes. Each participant in the pilot study was required to be an employed logistics manager with at least five years of experience in the field and demonstrated competence through the submission of diplomas and certificates.

The baseline survey was conducted through discussion and brainstorming from 01 June 2021 to 01 September 2021. A total of nine team meetings were held to assess the risk of noncompliant logistics processes using the FMEA method. The analysis team included 10 participants and one moderator. Each participant satisfied the criteria as an employed logistics manager (logistics as part of a manufacturing site or logistics services as an independent company) and had proven competence through the presentation of diplomas and certificates. The moderator took notes on the discussion based on which the main highlights of the participants’ opinions were extracted.

2.4 Setting the empirical study to discuss and reach a consensus on risk analysis of noncompliant processes

The consensus was reached in the team meetings by following the steps outlined in Figure 2 .

Consensus model for risk analysis of noncompliant processes in logistics services.

2.5 Setting the empirical study for risk analysis of noncompliant processes in logistics services

The method was used, based on the results obtained from the survey on customer satisfaction using the SERVQUA method conducted in the period from 15 February 2021 to 15 April 2021, to analyze possible inconsistencies and errors in the implementation of logistics processes and identify their causes and consequences. Within the framework of quality management in logistics, FMEA has been applied to enhance customer satisfaction and reliability of logistics services to prevent their nonconformance.

Potential system deficiencies are evaluated based on their significance to the customer, the likelihood of their occurrence, and the ability to detect and correct the nonconformity before losses or consequences are incurred. The method can be used to analyze not only planned but also actual processes where the risk of changes and the impact of these changes on the management of logistics activities must be assessed.

The essential advantages of the method are related to uncovering opportunities and adopting a quality management approach through risk management. The method implies performing analyses that enable a collaborative management approach within the logistics organization. In this way, quality management can be oriented towards the risks generated by dynamic changes in the external and internal environment, which are often the root cause of nonconformities in the system. Essential priorities of quality management in logistics should be the realization that quality deficits increase losses and the corporate philosophy must be changed to bring the quality management system back under the control of the logistics organization. The goal is to understand and accept that impeccable service can only be achieved through sustainable compliance and improvement. The purpose of risk analysis is to identify and promptly address gaps in the service delivery system that negatively impact customer satisfaction.

The FMEA determines the likelihood of these gaps occurring and their potential consequences by assessing, in terms of severity, the measures required to prevent the risk, their effectiveness in specific situations, and the residual risk in the event of system failures. In cases where the method is adopted as a corporate philosophy in decision-making for new service offerings, risks of compromised quality should be identified and mitigated in accordance with the principles for applying the method.

2.6 Methodology for the analysis and summary of the results of the study on the risk of noncompliant processes in logistics services

The methodology to analyze and summarize the results of the study conducted on the risk of nonconforming processes is based on the Pareto analysis. The tool is named in honor of the Italian economist Pareto, who is also its creator [ 4 ]. In 1897, after annually analyzing the distribution of wealth in Italy, Pareto found that the incomes in the public were unequally distributed [ 5 , 6 ]. The Pareto principle, also known as the 80/20 rule, states [ 7 ] that, for many events, approximately 20% of the causes contributing to 80% of the effect [ 8 ]; therefore, which are unequally distributed. The method can be applied after the significant causes of inconsistencies in the system are identified and analyzed, and losses will be minimized by eliminating them.

The method classifies quality problems in logistics services into two areas – few but essential and numerous but minor problems. This and other methods in quality management must be based on reliable information gathered from specific logistics services applied in practice. The data should reflect real events from economic processes that need to be analyzed and processed further. The analysis appropriately targets problem-solving efforts and identifies the main drivers of nonconformities. Juran interprets this principle by establishing that 20% of the causes of product defects create 80% of product problems.

The Pareto analysis was conducted simultaneously with the risk assessment of noncompliant logistics processes using the FMEA method and the same sample. The obtained data on the ex-ante and residual risk identified by the FMEA method were compared in the Pareto analysis procedure.

The values for upfront and residual risk from noncompliant logistics processes were tabulated in the procedure and the team assigned a percentage to each value such that the total was 100%. The percentages assigned were then used to construct a bar chart.

The Pareto analysis identified the differences in the ranking of causes before and after the implementation of corrective actions to the noncompliant logistics processes. The resulting diagrams have practical implications and can be used by senior management of logistics firms to prioritize actions and minimize risk.

XLSTAT software, which is embedded in Microsoft Excel’s XLSTAT statistical analysis package, was used in conducting the Pareto analysis.

Number of observations: The number N of values in the selected sample.

Number of missing values: The number of missing values in the sample that are ignored in subsequent statistical calculations of the values.

Sum of weights (Sw): The sum of the weights awarded, considering that all weights are equal to 1, Sw = n.

Mode: The mode of the sample analyzed is the most common category.

Mode frequency: The frequency of the category to which the mode corresponds.

Category: The names of the different categories present in the sample.

Relative frequency by category: The relative frequency of each category.

Cumulative relative frequency by category: The cumulative relative frequency of each category.

Methods are also applied to analyze, systematize and differentiate various requirements that form satisfaction and help manage the quality of logistics services.

All the principles and methods of building management systems and the comparative analysis between different objects are also applied in the study. In addition to the listed main methods, the principles of quality and risk management required by the international standard ISO 9000:2015 and ISO 31000 have been applied.

The methods used in the chapter have the potential to help achieve its main objective and define the chapter design and the methods of data collection and analysis.

3. Conclusion

Due to the increasing market competition, a necessary condition for increasing customer satisfaction is the provision of qualified services that help organize timely deliveries of the goods requested by the customer. Through process controls, these processes could help to prevent nonconforming services from occurring prior to customer requirements.

The chapter of the study describes the conceptual framework of two groups of methods 1. Methodology for conducting the SERVQUA Satisfaction Analysis Survey (CAP) in Logistics and 2. Methodology for conducting the risk analysis study of noncompliant processes in logistics services. All the principles and methods of building management systems and the comparative analysis between different objects are also applied in the chapter. In addition to the listed main methods, the principles of quality and risk management required by the international standard ISO 9000: 2015 and ISO 31000 have been applied. The methods used in the chapter have the potential to help achieve its main objective and define the study design and the methods of data collection and analysis.

1. Tenenhaus M, Vinzi V, Chatelin Y, Lauro C. PLS path modeling. Computational Statistics & Data Analysis. 2005; 48 :159-205. DOI: 10.1016/j.csda.2004.03.005
2. Addinsoft. XLSTAT 2021.3.1 Data Analysis and Statistics Software for Microsoft Excel. Paris, France: Addinsoft; 2021
3. Satrisno A, Moo H, Lee T, Hyon J. Improvement strategy selection in FMEA: Classification, review and new opportunity roadmaps. Operat Suppl Ch Manag. 2013; 6 :54-63
4. Alkiayat M. A Practical Guide to Creating a Pareto Chart as a Quality Improvement Tool. Global Journal on Quality and Safety in Healthcare. 2021; 4 :83-84. DOI: 10.36401/JQSH-21-X1
5. Pareto V, Lopreato J, Pareto V. Academic Dictionaries and Encyclopedias. New York: TY Crowell; 1965
6. Mandelbrot BB, Hudson RL. The (mis) behaviour of markets: a fractal view of risk, ruin and reward. Second ed. London: Profile Books; 2010
7. Wood J, McLure M. From Ethical to Economic Liberalism-the Sociology of Vilfredo Pareto: Critical Assessments of Leading Economists. Vilfredo Pareto: critical assessments of leading economists. London, New York: Taylor & Francis; 1999. pp. 430-455
8. Cirillo R. Was Vilfredo Pareto Really a ‘Precursor’of Fascism.? American Journal of Economics and Sociology. 1983; 42 :235-246. DOI: 10.1111/j.1536-7150.1983.tb01708.x
The definition of quality is adapted from Clause 3. ISO 9001:2015 Terms and definitions.

© 2022 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution-NonCommercial 4.0 License , which permits use, distribution and reproduction for non-commercial purposes, provided the original is properly cited.

Continue reading from the same book

Published: 23 March 2022

By Marieta Stefanova

301 downloads

337 downloads

646 downloads

IRB-SBS Home
Contact IRB-SBS
IRB SBS Staff Directory
IRB SBS Board Members
About the IRB-SBS
CITI Training
Education Events
Virginia IRB Consortium
IRB-SBS Learning Shots
HRPP Education & Training
Student Support
Access iProtocol
Getting Started
iProtocol Question Guide
iProtocol Management
Protocol Review Process
Certificate of Confidentiality
Deception and/or Withholding Information from a Participant
Ethnographic Research
IRB-SBS 101
IRB-SBS Glossary
Participant Pools
Paying Participants
Research in an Educational Setting
Research in an International Setting and/or Location
Risk-Sensitive Populations
Student Researchers and Faculty Sponsors
Study Funding and the IRB

Understanding Risk in Research

Vulnerable Participants
IRB-SBS PAM & Ed
Federal Regulations
Ethical Principals
Partner Offices
Determining Human Subjects Research
Determining HSR or SBS

Assessing risk in a research study is one of the primary responsibilities of an IRB and one of its most controversial tasks. By nature, studying human beings is a complicated process because the subject matter itself is complicated. The level of risk can vary because of many factors including: the population included in the study, the situations encountered by the participants, and/ or the experience of the researcher or team. Two studies may appear similar but a few factors could make one inherently more risky than the other.

This section describes what a researcher needs to consider when developing a protocol as well as the risk analysis conducted by an IRB board member. This section does not cover ever scenario nor is it meant to be all inclusive; if you have a specific question about the risks in your study, please contact our office for further guidance.

Section Topics

Appointments at Mayo Clinic

Stress management
Chronic stress puts your health at risk

Chronic stress can wreak havoc on your mind and body. Take steps to control your stress.

Your body is made to react to stress in ways meant to protect you against threats from predators and other aggressors. Such threats are rare today. But that doesn't mean that life is free of stress.

Instead, you likely face many demands each day. For example, you may take on a huge workload, pay bills or take care of your family. Your body treats these everyday tasks as threats. Because of this, you may feel as if you're always under attack. But you can fight back. You don't have to let stress control your life.

Understanding the natural stress response

When you face a perceived threat, a tiny region at the brain's base, called the hypothalamus, sets off an alarm system in the body. An example of a perceived threat is a large dog barking at you during your morning walk. Through nerve and hormonal signals, this system prompts the adrenal glands, found atop the kidneys, to release a surge of hormones, such as adrenaline and cortisol.

Adrenaline makes the heart beat faster, causes blood pressure to go up and gives you more energy. Cortisol, the primary stress hormone, increases sugar, also called glucose, in the bloodstream, enhances the brain's use of glucose and increases the availability of substances in the body that repair tissues.

Cortisol also slows functions that would be nonessential or harmful in a fight-or-flight situation. It changes immune system responses and suppresses the digestive system, the reproductive system and growth processes. This complex natural alarm system also communicates with the brain regions that control mood, motivation and fear.

When the natural stress response goes wild

The body's stress response system is usually self-limiting. Once a perceived threat has passed, hormones return to typical levels. As adrenaline and cortisol levels drop, your heart rate and blood pressure return to typical levels. Other systems go back to their regular activities.

But when stressors are always present and you always feel under attack, that fight-or-flight reaction stays turned on.

The long-term activation of the stress response system and too much exposure to cortisol and other stress hormones can disrupt almost all the body's processes. This puts you at higher risk of many health problems, including:

Depression.
Digestive problems.
Muscle tension and pain.
Heart disease, heart attack, high blood pressure and stroke.
Sleep problems.
Weight gain.
Problems with memory and focus.

That's why it's so important to learn healthy ways to cope with your life stressors.

Why you react to life stressors the way you do

Your reaction to a potentially stressful event is different from everyone else's. How you react to your life stressors is affected by such factors as:

Genetics. The genes that control the stress response keep most people at a fairly steady emotional level, only sometimes priming the body for fight or flight. More active or less active stress responses may stem from slight differences in these genes.
Life experiences. Strong stress reactions sometimes can be traced to traumatic events. People who were neglected or abused as children tend to be especially at risk of experiencing high stress. The same is true of airplane crash survivors, people in the military, police officers and firefighters, and people who have experienced violent crime.

You may have some friends who seem relaxed about almost everything. And you may have other friends who react strongly to the slightest stress. Most people react to life stressors somewhere between those extremes.

Learning to react to stress in a healthy way

Stressful events are facts of life. And you may not be able to change your current situation. But you can take steps to manage the impact these events have on you.

You can learn to identify what causes you stress. And you can learn how to take care of yourself physically and emotionally in the face of stressful situations.

Try these stress management tips:

Eat a healthy diet and get regular exercise. Get plenty of sleep too.
Do relaxation exercises such as yoga, deep breathing, massage or meditation.
Keep a journal. Write about your thoughts or what you're grateful for in your life.
Take time for hobbies, such as reading or listening to music. Or watch your favorite show or movie.
Foster healthy friendships and talk with friends and family.
Have a sense of humor. Find ways to include humor and laughter in your life, such as watching funny movies or looking at joke websites.
Volunteer in your community.
Organize and focus on what you need to get done at home and work and remove tasks that aren't needed.
Seek professional counseling. A counselor can help you learn specific coping skills to manage stress.

Stay away from unhealthy ways of managing your stress, such as using alcohol, tobacco, drugs or excess food. If you're worried that your use of these products has gone up or changed due to stress, talk to your health care provider.

There are many rewards for learning to manage stress. For example, you can have peace of mind, fewer stressors and less anxiety, a better quality of life, improvement in conditions such as high blood pressure, better self-control and focus, and better relationships. And it might even lead to a longer, healthier life.

There is a problem with information submitted for this request. Review/update the information highlighted below and resubmit the form.

From Mayo Clinic to your inbox

Sign up for free and stay up to date on research advancements, health tips, current health topics, and expertise on managing health. Click here for an email preview.

Error Email field is required

Error Include a valid email address

To provide you with the most relevant and helpful information, and understand which information is beneficial, we may combine your email and website usage information with other information we have about you. If you are a Mayo Clinic patient, this could include protected health information. If we combine this information with your protected health information, we will treat all of that information as protected health information and will only use or disclose that information as set forth in our notice of privacy practices. You may opt-out of email communications at any time by clicking on the unsubscribe link in the e-mail.

Thank you for subscribing!

You'll soon start receiving the latest Mayo Clinic health information you requested in your inbox.

Sorry something went wrong with your subscription

Please, try again in a couple of minutes

How stress affects your health. American Psychological Association. https://www.apa.org/topics/stress/health. Accessed March 19, 2021.
Stress effects on the body. American Psychological Association. https://www.apa.org/topics/stress/body. Accessed March 19, 2021.
Lower stress: How does stress affect the body? American Heart Association. https://www.heart.org/en/healthy-living/healthy-lifestyle/stress-management/lower-stress-how-does-stress-affect-the-body. Accessed March 18, 2021.
Stress and your health. U.S. Department of Health & Human Services. https://www.womenshealth.gov/mental-health/good-mental-health/stress-and-your-health. Accessed March 18, 2021.
AskMayoExpert. Stress management and resiliency (adult). Mayo Clinic. 2019.
Seaward BL. Essentials of Managing Stress. 5th ed. Jones & Bartlett Learning; 2021.
Seaward BL. Managing Stress: Skills for Self-Care, Personal Resiliency and Work-Life Balance in a Rapidly Changing World. 10th ed. Jones & Bartlett Learning; 2022.
Olpin M, et al. Stress Management for Life. 5th ed. Cengage Learning; 2020.
Hall-Flavin DK (expert opinion). Mayo Clinic. March 23, 2021.

Products and Services

Newsletter: Mayo Clinic Health Letter — Digital Edition
A Book: Mayo Clinic Guide to Home Remedies
A Book: Mayo Clinic on High Blood Pressure
A Book: Mayo Clinic Family Health Book, 5th Edition
A Book: Live Younger Longer
Headaches and stress
Stress hair loss
Stress symptoms

Mayo Clinic does not endorse companies or products. Advertising revenue supports our not-for-profit mission.

Opportunities

Mayo Clinic Press

Check out these best-sellers and special offers on books and newsletters from Mayo Clinic Press .

Mayo Clinic on Incontinence - Mayo Clinic Press Mayo Clinic on Incontinence
The Essential Diabetes Book - Mayo Clinic Press The Essential Diabetes Book
Mayo Clinic on Hearing and Balance - Mayo Clinic Press Mayo Clinic on Hearing and Balance
FREE Mayo Clinic Diet Assessment - Mayo Clinic Press FREE Mayo Clinic Diet Assessment
Mayo Clinic Health Letter - FREE book - Mayo Clinic Press Mayo Clinic Health Letter - FREE book
Healthy Lifestyle

We’re transforming healthcare

Make a gift now and help create new and better solutions for more than 1.3 million patients who turn to Mayo Clinic each year.

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Long COVID or Post-COVID Conditions

Some people who have been infected with the virus that causes COVID-19 can experience long-term effects from their infection, known as Long COVID or Post-COVID Conditions (PCC). Long COVID is broadly defined as signs, symptoms, and conditions that continue or develop after acute COVID-19 infection. This definition of Long COVID was developed by the Department of Health and Human Services (HHS) in collaboration with CDC and other partners.

People call Long COVID by many names, including Post-COVID Conditions, long-haul COVID, post-acute COVID-19, long-term effects of COVID, and chronic COVID. The term post-acute sequelae of SARS CoV-2 infection (PASC) is also used to refer to a subset of Long COVID.

What You Need to Know

Long COVID is a real illness and can result in chronic conditions that require comprehensive care. There are resources available .
Long COVID can include a wide range of ongoing health problems; these conditions can last weeks, months, or years.
Long COVID occurs more often in people who had severe COVID-19 illness, but anyone who has been infected with the virus that causes COVID-19 can experience it.
People who are not vaccinated against COVID-19 and become infected may have a higher risk of developing Long COVID compared to people who have been vaccinated.
People can be reinfected with SARS-CoV-2, the virus that causes COVID-19, multiple times. Each time a person is infected or reinfected with SARS-CoV-2, they have a risk of developing Long COVID.
While most people with Long COVID have evidence of infection or COVID-19 illness, in some cases, a person with Long COVID may not have tested positive for the virus or known they were infected.
CDC and partners are working to understand more about who experiences Long COVID and why, including whether groups disproportionately impacted by COVID-19 are at higher risk.

In July 2021, Long COVID was added as a recognized condition that could result in a disability under the Americans with Disabilities Act (ADA). Learn more: Guidance on “Long COVID” as a Disability Under the ADA .

About Long COVID

Long COVID is a wide range of new, returning, or ongoing health problems that people experience after being infected with the virus that causes COVID-19. Most people with COVID-19 get better within a few days to a few weeks after infection, so at least 4 weeks after infection is the start of when Long COVID could first be identified. Anyone who was infected can experience Long COVID. Most people with Long COVID experienced symptoms days after first learning they had COVID-19, but some people who later experienced Long COVID did not know when they got infected.

There is no test that determines if your symptoms or condition is due to COVID-19. Long COVID is not one illness. Your healthcare provider considers a diagnosis of Long COVID based on your health history, including if you had a diagnosis of COVID-19 either by a positive test or by symptoms or exposure, as well as based on a health examination.

Science behind Long COVID

RECOVER: Researching COVID to Enhance Recovery

People with Long COVID may experience many symptoms.

People with Long COVID can have a wide range of symptoms that can last weeks, months, or even years after infection. Sometimes the symptoms can even go away and come back again. For some people, Long COVID can last weeks, months, or years after COVID-19 illness and can sometimes result in disability.

Long COVID may not affect everyone the same way. People with Long COVID may experience health problems from different types and combinations of symptoms that may emerge, persist, resolve, and reemerge over different lengths of time. Though most patients’ symptoms slowly improve with time, speaking with your healthcare provider about the symptoms you are experiencing after having COVID-19 could help determine if you might have Long COVID.

People who experience Long COVID most commonly report:

General symptoms ( Not a Comprehensive List)

Tiredness or fatigue that interferes with daily life
Symptoms that get worse after physical or mental effort (also known as “ post-exertional malaise ”)

Respiratory and heart symptoms

Difficulty breathing or shortness of breath
Fast-beating or pounding heart (also known as heart palpitations)

Neurological symptoms

Difficulty thinking or concentrating (sometimes referred to as “brain fog”)
Sleep problems
Dizziness when you stand up (lightheadedness)
Pins-and-needles feelings
Change in smell or taste
Depression or anxiety

Digestive symptoms

Stomach pain

Other symptoms

Joint or muscle pain
Changes in menstrual cycles

Symptoms that are hard to explain and manage

Some people with Long COVID have symptoms that are not explained by tests or easy to manage.

People with Long COVID may develop or continue to have symptoms that are hard to explain and manage. Clinical evaluations and results of routine blood tests, chest X-rays, and electrocardiograms may be normal. The symptoms are similar to those reported by people with myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) and other poorly understood chronic illnesses that may occur after other infections. People with these unexplained symptoms may be misunderstood by their healthcare providers, which can result in a delay in diagnosis and receiving the appropriate care or treatment.

Review these tips to help prepare for a healthcare provider appointment for Long COVID.

Health conditions

Some people experience new health conditions after COVID-19 illness.

Some people, especially those who had severe COVID-19, experience multiorgan effects or autoimmune conditions with symptoms lasting weeks, months, or even years after COVID-19 illness. Multi-organ effects can involve many body systems, including the heart, lung, kidney, skin, and brain. As a result of these effects, people who have had COVID-19 may be more likely to develop new health conditions such as diabetes, heart conditions, blood clots, or neurological conditions compared with people who have not had COVID-19.

People experiencing any severe illness may develop health problems

People experiencing any severe illness, hospitalization, or treatment may develop problems such as post-intensive care syndrome (PICS).

PICS refers to the health effects that may begin when a person is in an intensive care unit (ICU), and which may persist after a person returns home. These effects can include muscle weakness, problems with thinking and judgment, and symptoms of post-traumatic stress disorder (PTSD), a long-term reaction to a very stressful event. While PICS is not specific to infection with SARS-CoV-2, it may occur and contribute to the person’s experience of Long COVID. For people who experience PICS following a COVID-19 diagnosis, it is difficult to determine whether these health problems are caused by a severe illness, the virus itself, or a combination of both.

People More Likely to Develop Long COVID

Some people may be more at risk for developing Long COVID.

Researchers are working to understand which people or groups of people are more likely to have Long COVID, and why. Studies have shown that some groups of people may be affected more by Long COVID. These are examples and not a comprehensive list of people or groups who might be more at risk than other groups for developing Long COVID:

People who have experienced more severe COVID-19 illness, especially those who were hospitalized or needed intensive care.
People who had underlying health conditions prior to COVID-19.
People who did not get a COVID-19 vaccine.

Health Inequities May Affect Populations at Risk for Long COVID

Some people are at increased risk of getting sick from COVID-19 because of where they live or work, or because they can’t get health care. Health inequities may put some people from racial or ethnic minority groups and some people with disabilities at greater risk for developing Long COVID. Scientists are researching some of those factors that may place these communities at higher risk of getting infected or developing Long COVID.

Preventing Long COVID

The best way to prevent Long COVID is to protect yourself and others from becoming infected. For people who are eligible, CDC recommends staying up to date on COVID-19 vaccination , along with improving ventilation, getting tested for COVID-19 if needed, and seeking treatment for COVID-19 if eligible. Additional preventative measures include avoiding close contact with people who have a confirmed or suspected COVID-19 illness and washing hands or using alcohol-based hand sanitizer.

Research suggests that people who get a COVID-19 infection after vaccination are less likely to report Long COVID, compared to people who are unvaccinated.

CDC, other federal agencies, and non-federal partners are working to identify further measures to lessen a person’s risk of developing Long COVID. Learn more about protecting yourself and others from COVID-19 .

Living with Long COVID

Living with Long COVID can be hard, especially when there are no immediate answers or solutions.

People experiencing Long COVID can seek care from a healthcare provider to come up with a personal medical management plan that can help improve their symptoms and quality of life. Review these tips to help prepare for a healthcare provider appointment for Long COVID. In addition, there are many support groups being organized that can help patients and their caregivers.

Although Long COVID appears to be less common in children and adolescents than in adults, long-term effects after COVID-19 do occur in children and adolescents .

Talk to your doctor if you think you or your child has Long COVID. Learn more: Tips for Talking to Your Healthcare Provider about Post-COVID Conditions

Data for Long COVID

Studies are in progress to better understand Long COVID and how many people experience them.

CDC is using multiple approaches to estimate how many people experience Long COVID. Each approach can provide a piece of the puzzle to give us a better picture of who is experiencing Long COVID. For example, some studies look for the presence of Long COVID based on self-reported symptoms, while others collect symptoms and conditions recorded in medical records. Some studies focus only on people who have been hospitalized, while others include people who were not hospitalized. The estimates for how many people experience Long COVID can be quite different depending on who was included in the study, as well as how and when the study collected information. Estimates of the proportion of people who had COVID-19 that go on to experience Long COVID can vary.

CDC posts data on Long COVID and provides analyses, the most recent of which can be found on the U.S. Census Bureau’s Household Pulse Survey .

CDC and other federal agencies, as well as academic institutions and research organizations, are working to learn more about the short- and long-term health effects associated with COVID-19 , who gets them and why.

Scientists are also learning more about how new variants could potentially affect Long COVID. We are still learning to what extent certain groups are at higher risk, and if different groups of people tend to experience different types of Long COVID. CDC has several studies that will help us better understand Long COVID and how healthcare providers can treat or support patients with these long-term effects. CDC will continue to share information with healthcare providers to help them evaluate and manage these conditions.

CDC is working to:

Better identify the most frequent symptoms and diagnoses experienced by patients with Long COVID.
Better understand how many people are affected by Long COVID, and how often people who are infected with COVID-19 develop Long COVID
Better understand risk factors and protective factors, including which groups might be more at risk, and if different groups experience different symptoms.
Help understand how Long COVID limit or restrict people’s daily activity.
Help identify groups that have been more affected by Long COVID, lack access to care and treatment for Long COVID, or experience stigma.
Better understand the role vaccination plays in preventing Long COVID.
Collaborate with professional medical groups to develop and offer clinical guidance and other educational materials for healthcare providers, patients, and the public.

Caring for People with Post-COVID Conditions
Preparing for Appointments for Post-COVID Conditions
Researching COVID to Enhance Recovery
Guidance on “Long COVID” as a Disability Under the ADA

For Healthcare Professionals

Post-COVID Conditions: Healthcare Providers

Search for and find historical COVID-19 pages and files. Please note the content on these pages and files is no longer being updated and may be out of date.

Visit archive.cdc.gov for a historical snapshot of the COVID-19 website, capturing the end of the Federal Public Health Emergency on June 28, 2023.
Visit the dynamic COVID-19 collection to search the COVID-19 website as far back as July 30, 2021.

To receive email updates about COVID-19, enter your email address:

Exit Notification / Disclaimer Policy

The Centers for Disease Control and Prevention (CDC) cannot attest to the accuracy of a non-federal website.
Linking to a non-federal website does not constitute an endorsement by CDC or any of its employees of the sponsors or the information and products presented on the website.
You will be subject to the destination website's privacy policy when you follow the link.
CDC is not responsible for Section 508 compliance (accessibility) on other federal or private website.

A Systematic Analysis of Systems Approach and Flood Risk Management Research: Trends, Gaps, and Opportunities

Open access
Published: 16 February 2024
Volume 15 , pages 45–57, ( 2024 )

Cite this article

You have full access to this open access article

Lum Sonita Awah 1 ,
Johanes Amate Belle 1 ,
Yong Sebastian Nyam 1 &
Israel Ropo Orimoloye 2

2062 Accesses

Explore all metrics

Flooding is a global threat, necessitating a comprehensive management approach. Due to the complexity of managing flood hazards and risks, researchers have advocated for holistic, comprehensive, and integrated approaches. This study, employing a systems thinking perspective, assessed global flood risk management research trends, gaps, and opportunities using 132 published documents in BibTeX format. A systematic review of downloaded documents from the Scopus and Web of Science databases revealed slow progress of approximately 11.61% annual growth in applying systems thinking and its concomitant approaches to understanding global flood risk management over the past two decades compared to other fields like water resource management and business management systems. A significant gap exists in the application of systems thinking methodologies to flood risk management research between developed and developing countries, particularly in Africa, highlighting the urgency of reoriented research and policy efforts. The application gaps of the study methodology are linked to challenges outlined in existing literature, such as issues related to technical expertise and resource constraints. This study advocates a shift from linear to holistic approaches in flood risk management, aligned with the Sendai Framework for Disaster Risk Reduction 2015–2023 and the Sustainable Development Goals. Collaboration among researchers, institutions, and countries is essential to address this global challenge effectively.

Flood Risk Management Practices in Morocco: Facts and Challenges

Development of a standardised framework with universal core indicators for flood resilience assessment

Managing flood risks in the mekong delta: how to address emerging challenges under climate change and socioeconomic developments.

Avoid common mistakes on your manuscript.

1 Introduction

Humanity and the environment are facing grave threats to their long-term sustainability posed by climate change and rapid population growth, which has increased global disasters, with hydrometeorological disasters among the worst (Mavrouli et al. 2022 ). In the last decades, there has been a tremendous increase in the number of extreme hydrological events, which has led to severe damages (Cloke et al. 2017 ). In 2013, hydrological disasters accounted for 159 (48.2%) of all major disasters globally in comparison to meteorological disasters (storms) at 32.1%; climatological disasters (extreme temperatures, droughts, and wildfires) at 10%; and geophysical disasters (earthquakes, volcanic eruptions, and dry mass movements) at 9.7% (Guha-Sapir et al. 2014 ).

According to the Intergovernmental Panel on Climate Change (IPCC) Sixth Assessment Report of 2022, a temperature increase of 1.5 °C is projected to affect approximately 24% of the global population through flood hazards and an increase of approximately 30% with an additional temperature increase of 0.5 °C, with particular emphasis in coastal cities due to anticipated increases in sea level rise, storm surges, and coastal flooding. In the United States, the risk of flooding is predicted to increase by more than 25% within the next 30 years due to climate change (Sadiq et al. 2019 ). This elevated risk not only poses a threat to human lives and infrastructure but also leads to substantial economic losses, as climate-induced flooding has already caused severe economic damage worth more than an estimated USD 147 billion between 1980 and 2019 (Newman and Noy 2023 ) and USD 30 billion in 2020, exacerbating the economic strain in areas already affected by floods (Fields 2022 ). The Organization for Economic Cooperation and Development (OECD) report highlights that economic losses associated with flood events have been consistently increasing since 1970, partially attributed to shifts in weather patterns (OECD 2021 ). This heightened risk has significant implications for the global population and economies, increasing vulnerability in flood-prone regions, especially in developing countries.

According to Polka ( 2018 ), flood risks are a near-universal threat. While developed countries suffer significant damage from floods, their lower vulnerability is attributed to better prevention and risk management strategies. The Netherlands, a developed country with high flood risk, with over half of its population at risk of flooding, exemplifies this paradox (Klijn et al. 2012 ; Jongman et al. 2014 ). Despite the available resources, developed countries face substantial economic and social losses, necessitating continued investment in flood prevention (McDermott 2022 ). Developing countries are more vulnerable due to rapid urbanization, poor land use, and population growth and are more prone to flooding, resulting in increased damage and disruptions (Kovacs et al. 2017 ). Poverty exacerbates flood exposure, with 89% of the world’s flood-exposed population in low and middle-income countries (Rentschler et al. 2022 ). According to Yuen and Kumssa ( 2010 ), Africa is one of the world’s fastest-growing continents, including large urban and coastal cities. Given that population growth and urbanization have led to unrestricted land use and encroachment on previously uninhabited swampy zones, Africa is particularly vulnerable to floods, which have caused significant losses (CRED 2015 ; WMO 2022 ). According to the United Nations ( 2022 ), Africa has an annual population growth rate of 2.5%. Between 1970 and 2019, extreme weather, climate, and hydrological events were responsible for half of all disasters, 45% of recorded deaths, and 74% of documented economic losses (WMO 2022 ). Flood risks are increasingly becoming complex, and addressing complex challenges requires a holistic and participatory approach encompassing adaptation, mitigation, and consideration of socioeconomic and environmental aspects of flood risk management (Madu 2017 ; Nur and Shrestha 2017 ; Rehman et al. 2019 ; Salazar-Briones et al. 2020 ; Costa 2021 ; Hagedoorn et al. 2021 ; Islam et al. 2022 ).

Flood risks are complex, induced through the interactions of multiple components and their underlying drivers that can sometimes lead to short- and long-term synergies and trade-off outcomes (Ceres et al. 2022 ). Consequently, to address complex interconnections and identify practical solutions to flood challenges, the systems thinking approach is widely appreciated for its holistic and practical viewpoint than other analytical approaches, given that it considers connectedness, relationships, and context (Nyam et al. 2020 ; Perrone et al. 2020 ). This methodology facilitates an accurate comprehension of the system implications of complex human–environment sustainability. Without this, there is a risk that policies and technological breakthroughs would have unanticipated implications (Saviano et al. 2019 ; Mehryar and Surminski 2022 ). The increase in flood frequency and intensity coupled with population growth has led to the emergence of concepts like “living with floods” (Hellman 2015 ; Chetry 2022 ) and “building back better” (Cheek and Chmutina 2022 ; Mendis et al. 2022 ). However, achieving successful outcomes requires scientific knowledge and evidence-based techniques to understand gaps and potential interventions in the face of increased population growth and urbanization. Despite the growing application of systems theory and its associated tools in business, water management, and economics, its application to disaster risk management has not been thoroughly evaluated empirically. Limited knowledge exists regarding the application of systems thinking to understand flood risk management, particularly in the context of developing countries, hence necessitating this study. This research evaluated published articles on systems thinking and flood risk management to identify global trends, gaps, and opportunities. It aimed to enhance an understanding of the application of system thinking approaches to flood risk management research.

Systems thinking (ST) is widely recognized as a method to address complex problems in various domains and has been extensively documented. The system dynamic (SD) methodology based on the principle of systems thinking has proven to be an innovative method for comprehending the structure and behavior of complex systems within the context of systems thinking over time (Azar 2012 ; Sterman et al. 2015 ; Saunders and Truong 2019 ; Nyam et al. 2020 ; Laurien et al. 2022 ). Using system dynamics, encompassing qualitative and quantitative models enables the perspicacity of relevant feedback and causal connections that govern the behavior and structure of intricate systems (Awah et al. 2024 ). The study of systems thinking often involves the examination of fundamental and widely used concepts such as feedback, variables, and time delays frequently explored within system dynamics, specifically through causal loop diagrams (CLD) (Wolstenholme and Coyle 1983 ; Schaffernicht 2010 ; Barbrook-Johnson and Penn 2022 ). Loop diagrams depict variables that exhibit patterns depending on particular feedback and circular causality. These concepts are used to explain the reciprocal relationships between variables, where arrows indicate the mutual influence that can be negative (balancing feedback loop) or positive (reinforcing feedback loop) as explained by Watson and Watson ( 2013 ). To thoroughly understand systems, practitioners use systems thinking as a suitable approach to describe and analyze the interactions and influences among varied factors and components (Betley et al. 2021 ; Schoenenberger et al. 2021 ).

2 Data and Methods

In this study, descriptive and network analysis techniques were employed to provide an overview of the evolution of systems thinking methodology and its application in flood risk management research. This study considered search words to retrieve scientific documents relating to system theory and flood research globally as shown in Table 1 . The bibliometric method is a good innovation for literature reviews as it tries to retrieve relevant documents needed for research through databases such as Web of Science (WoS), PubMed, Scopus, and others. The scientometric analysis provides a rigorous process allowing the analysis of various aspects of published academic materials (articles, books, and so on) to show the past and current structure of the concerned field through citation, co-authorship, bibliographic coupling, keyword occurrences, and cluster analysis. The analysis was conducted using Biblioshiny (Ogundeji and Okolie 2022 ; Salleh 2022 ) in the R-Studio environment, Vosviewer (free online analysis tool), and Scopus and WoS databases, to understand the multidimensional structure and identify the trends, gaps, and opportunities for future flood risk management research. The analysis involved projecting key aspects such as themes, authors, countries, institutions, and keywords, among others, from 2002 to 2022.

2.1 Sourcing Relevant Information on the Published Materials

The Scopus and WoS databases were employed to procure scientific publications because they are widely recognized as a comprehensive and interdisciplinary repository of peer-reviewed literature within social sciences. Compared to alternative databases such as Dimension, they exhibit a greater prevalence of keyword-based article searches that is particularly relevant for this review. Several eligibility and exclusion criteria were considered during the article search process. Locating and accessing relevant information was based on a targeted search focused on keywords, titles, and abstracts given its efficacy as previously acknowledged by Atanassova et al. ( 2019 ) and corroborated by Mejia et al. 2021 ). The analysis incorporated all published peer-reviewed documents especially articles from academic journals focused solely on environmental science and social science-related fields. The review only considered articles in English given that English is a widely known language worldwide. A span period of 21 years was considered to encompass the majority of literature on system dynamics and flood risk management. Table 1 presents comprehensive information regarding the criteria, eligibility, and exclusionary measures employed to identify pertinent articles for in-depth analysis. Document search employed keywords such as “systems thinking” AND “flood risk.” Table 1 presents the comprehensive search string.

2.2 The Review Process

The review process followed the guidelines proposed by Tranfield et al. ( 2003 ) and applied the four-phase systematic review methodology suggested by Ogundeji and Okolie ( 2022 ). The keywords on systems thinking and flood risk management were based on the research objective (Table 1 ). The search yielded a total of 234 published materials (articles, books, and so on). A screening process was conducted leading to the elimination of 102 articles from the original sample of 234 articles. The elimination of articles was done taking into consideration certain factors such as the lack of primary focus on system dynamics and flood risk management, the publication stage, and/or language.

2.3 Data Processing and Analysis

This scientometric analysis was conducted using R-Studio V.3.4.1 software in conjunction with the bibliometrix R-package. Upon conducting a comprehensive review of pertinent literature for this study, the collected data were imported into R-Studio and converted into a bibliographic format, ensuring uniformity in identifying and removing potential duplicates. The author names, keywords (DE), and keywords-plus (ID) were extracted to enhance visualization. The extraction procedure entailed meticulously examining the abstracts and comprehensively analyzing the complete articles to ascertain relevant themes and sub-themes. The study employed a qualitative content analysis technique to identify the themes and subjects related to systems thinking and flood risk management. After the selection process, the selected documents underwent descriptive and bibliometric analysis using Biblioshiny, as presented in the result section.

Studies published on system dynamics, systems thinking, and flood risk management from 2002 to 2022 were evaluated in this study as this period coincides with the increased prominence and adoption of systems thinking principles in the field of disaster management. Analyzing certain parameters/matrices helps us identify gaps or limitations regarding research outputs in a specific sector. These matrices include the (1) most cited countries, (2) highly cited articles, (3) most referred articles, (4) number of articles with a high impact factor, (5) country’s most relevant affiliations, (6) most productive authors, (7) corresponding authors and the number of articles produced from a country, and (8) number of citations per country. This article, however, focuses on identifying the publication trends, the most productive countries, collaboration networks between authors and institutions, and keyword and thematic evolution of research based on keyword search that will allow the researchers to identify gaps and opportunities for further research.

3.1 Analyzing Data Output and Thematic Evolution

The study analyzed 234 published articles on systems thinking, system dynamics, and flood risk management from 2002 to 2022. The research showed an annual growth rate of 11.61% in the number of publications, with a peak in 2021 and 2022, consistent with the findings of Yang et al. ( 2021 ) who highlighted an increase in flood-related studies globally. The average annual total citations per article fluctuated, with 2018 having the highest average. The past decade has seen a rapid upswing in using systems thinking tools, particularly in sustainability studies and natural sciences. As elucidated by Hossain et al. ( 2020 ), this upturn can be attributed to practitioners, academia, and industry recognizing the imperative need to embrace systems thinking as a novel cognitive approach for addressing contemporary intricate challenges. The number of publications in this field has gradually grown from 2 in 2002 to 11 in 2015 and 18 in 2022 (Fig. 1 ), suggesting the gradual integration of systems thinking tools in flood research worldwide.

Annual scientific production applying system dynamics and systems thinking in flood research from 2002 to 2022. AATC average annual total citations

The study used a Sankey diagram to visualize the evolution of study themes, structures, and contexts over three distinct periods: 2002–2006, 2007–2015, and 2016–2022 (Fig. 2 ). A Sankey diagram is often used to understand and visualize the thematic evolution of keywords over time (Cobo et al. 2011 ; Okolie et al. 2022 ). The themes identified during 2002–2006 were disaster management, climate change, system dynamics, and hydrology. From 2007 to 2015, themes like system dynamics and climate change persisted, while additional themes emerged, including floodplain, ecosystem, systems theory, sustainable development, floods, and flooding. The last segment (2016–2022) added hydrological modeling and simulation. It should be noted that systems theory and related themes, such as systems thinking and system dynamics, have been used in the literature but have shown limited application in flood risk management research. This highlights the application gaps in systems thinking methodologies and flood risk management research. Previous studies have demonstrated the usefulness of systems thinking in understanding complex systems, such as economic systems, agriculture, and natural resource management (Bosch et al. 2007 ; Laspidou et al. 2020 ). However, given the inherent complexities of flood systems, a holistic methodology is necessary to gain a profound and precise understanding of underlying dynamics and the systems approach is the most effective and optimal methodology (Nyam et al. 2020 ).

Thematic evolution in research on system dynamics, systems thinking, and flood risk management based on keyword occurrences from 2002 to 2022

3.2 Country Research Output

According to Wang et al. ( 2018 ), a country’s influence in a research field is often determined by parameters such as publication output, H-index, citation count, and collaboration network. For the top 15 most productive countries, the United States ranked first in terms of published documents and total citations, followed by China, Canada, the United Kingdom, South Korea, Australia, Germany, the Netherlands, Austria, India, Spain, Belgium, Denmark, South Africa, and Sweden (Fig. 3 ). The publishing frequency of the top countries varied from 0.8 to 19.8%, highlighting substantial variations in country productivity and total citations. The study found that a country’s ability to produce a considerable number of publications does not necessarily guarantee high citation rates. For example, Australia ranked sixth in total publications (n = 13, 5.5%) but was not among the top 15 in total citations. This finding aligns with the findings of Di Bitetti and Ferreras ( 2017 ) that factors like language, discipline, and accessibility (open access or not) significantly influence the total citation count of a publication.

Top 15 most productive countries in the research on system dynamics, systems thinking, and flood risk management from 2002 to 2022

Country-wise author collaboration was analyzed to gain collaboration insight. Figure 3 indicates that single-country production accounted for approximately 73.5% compared to multiple-country production, which accounted for 26.5% of research related to system dynamics, systems thinking, and flood risk management. This finding highlights the need for more collaboration among authors, countries, institutions, and continents. Collaboration within sectors, as emphasized by Peffer and Renken ( 2016 ), will enhance knowledge and productivity, thereby reducing knowledge gaps, whether in specific methodologies or broader skill sets.

The calculations based on the top 15 most productive countries in system dynamics, systems thinking, and flood risk management research publications from 2002 to 2022 indicate that the continent of America represented by the United States and Canada emerged as the leading continent with a combined total publication count of 34.9%. Asia, encompassing China, South Korea, and India, recorded total publication counts of 31.3%, standing as the second most productive continent. Europe, represented by the Netherlands, United Kingdom, Germany, Austria, Spain, Belgium, Denmark, and Sweden, ranked third, accounting for 28.9% of the total publication count. The Australian and African continents ranked fourth and fifth with a total publication count of 3.6% and 1.2%, respectively.

3.3 Most Productive Journals

Journal publications are crucial for disseminating information about a specific topic or sector of interest (El-Omar 2014 ). An analysis of journals allowed us to understand the state of flood risk management research, identify trends, and identify gaps for effective flood risk management strategies. Through journal publications, researchers become aware of the scientific outputs of scholars in their sector of interest. It was, therefore, vital to identify journals that have contributed to understanding systems thinking, system dynamics, and flood risk research through conceptual frameworks, risk analysis methodologies, or providing practical solutions for effective flood risk management. This is important as it can assist researchers in quickly identifying journals that are suitable for the publication of their research on system dynamics and flood risk management. An analysis of journals publishing research related to systems thinking and flood risk management from 2002 to 2022—based on publication frequency and total publications—revealed that the journal Science of the Total Environment ranked first (10.56%), followed by Water Resources Management and Water Resources Research (9.24%), while Water ranked third (7.92%), Earth and Environmental Science ranked fourth (6.6%), and the Journal of Cleaner Productio n ranked fifth (5.28%). The journals Advances in Global Change Research , Ecology and Society , Hydrology and Earth System Sciences , and Disaster Prevention and Management ranked sixth (3.96%).

3.4 Network Visualization Analysis

A network visualization map was used to explore the co-occurrence of author keywords (Fig. 4 ). The density network unravelled the intricate nature of the research landscape. The size of each circle in the intellectual network corresponds to the frequency of use of a specific keyword in the analyzed documents. Based on the author’s keyword search, system dynamics, floods, and flood control are the prominent keywords within this research domain. The interconnectedness and linkages observed in the network visualization indicate the complex relationships among these keywords, underscoring the shared interests of authors in advancing flood-related research with a focus on systems thinking. The size of each keyword in the density and network visualization reflects its significance and frequency of appearance in the literature on system dynamics and flood risk management. The proximity of keywords to one another suggests the likelihood of their interaction throughout the study period. The results of the literature research exhibit notable variations in the density and network visualization of co-occurring author keywords across individual articles, emphasizing the multidimensional and multifaceted nature of this scientific field. These findings align with previous studies conducted by Okolie et al. ( 2022 ) and (Orimoloye et al. ( 2021 ).

Network analysis for co-occurrence of keywords in system dynamics and flood risk management research from 2002 to 2022

4 Discussion

In the face of increasing challenges posed by climate change, urbanization, and population growth, flood risk management has emerged as a critical global concern. The following discussion delves into the current state of flood risk management research, highlighting emerging trends, identifying critical research gaps, and exploring opportunities for future studies. The evolving landscape of flood risk management demands a closer examination of the adoption of holistic approaches, particularly the shift towards systems thinking methodologies.

4.1 Trends, Gaps, and Opportunities in Flood Risk Management Research

Understanding trends, gaps, and opportunities in flood risk management studies is important as it helps identify areas where research is lacking and which areas of research require more efforts. This is important as it can help improve flood risk management strategies and policies, leading to better outcomes for communities and individuals affected by flooding.

First, three significant trends were identified by this research: (1) flood is a global phenomenon affecting both developed and developing countries (McDermott 2022 ); (2) floods have become very complex, especially with increased climate change, population growth, and urbanization (Salmon et al. 2012 ; Cavallo and Ireland 2014 ; De Ruiter et al. 2020 ); and (3) there has been a shift towards community engagement in flood risk research (Perrone et al. 2020 ; Atanga 2020 ). All of these have necessitated a shift towards a more holistic approach. This study highlights a shift from linear to nonlinear methodologies such as systems thinking approaches to enhance our understanding of complex flood systems. However, the growing adoption of systems thinking approaches in flood risk management research is visible in most developed countries as opposed to less developed countries.

The low adoption of this holistic approach in less developed countries in flood risk management research could explain the implementation of reactive rather than proactive flood risk management measures as opposed to most developed countries. Through an in-depth examination of the literature, several challenges were identified as limiting factors to adopting the systems approach in flood risk management research, as summarized in Table 2 .

Despite the gaps and challenges, adopting a systems thinking approach presents several opportunities that could inherently improve our understanding of flood risk management research. Applying systems thinking in flood risk management research offers a holistic understanding of complex interdependencies within flood systems, utilizing methodologies such as causal loop diagrams to identify feedback mechanisms and dynamic behaviors (Anisah et al. 2022 ; Awah et al. 2024 ). This approach considers physical, social, economic, and environmental factors, allowing stakeholders to pinpoint flood risk catalysts, trade-offs, and synergies, ultimately informing the development of more efficient and resilient flood risk management strategies (Rehman et al. 2019 ; Mai et al. 2020 ). Moreover, systems thinking fosters stakeholder collaboration, encourages interdisciplinary cooperation, and enhances inclusive decision making, making it a comprehensive and effective approach to addressing flood-related challenges (Perrone et al. 2020 ; Zevenbergen et al. 2020 ; Chang et al. 2021 ; Shmueli et al. 2021 ; Tate et al. 2021 ; Maskrey et al. 2022 ; Mehryar and Surminski 2022 ).

Table 3 presents some studies on systems thinking, its related methodologies, and its application in flood risk management research. It also identifies gaps and opportunities for applying systems thinking in flood risk management research. The findings and conclusions of these studies have prompted the further exploration of this methodology in Cameroon, a developing country in West Africa that faces recurrent floods annually. The study employed the systems thinking approach to collaboratively engage stakeholders to develop an integrated flood risk management framework to build resilience in flood-prone communities (Awah et al. 2024 ).

4.2 Application of Systems Thinking to Flood Risk Management Policy Discourse

The systems thinking approach is increasingly recognized as important in understanding and managing flood risks. This approach provides comprehensive methods to assess flood risks, identify interactions, and quantify feedbacks within systems (De Bruijn 2005 ; Schröter et al. 2021 ). Integrating the systems approach into flood risk management can lead to more cost-effective and resilient strategies (Mai et al. 2020 ). The transition from risk-based to resilience-based flood management is highlighted by the Sendai Framework for Disaster Risk Reduction 2015–2030, emphasizing the need for more resilient and sustainable approaches to cope with flood disasters (Wang et al. 2022 ; Vitale 2023 ). The policy discourse on systems approach and flood risk management research should focus on integrating resilience into flood risk governance and policy, addressing institutional stability, participatory practices, and sustainable flood risk management (Moon et al. 2017 ; Graveline and Germain 2022 ). Additionally, there is a need to move the discourse toward a resilience-focused approach, taking into account perspectives from engineering, ecology, and social sciences. Adopting a systems approach in flood risk management enhances resilience and sustainability. The discourse on holistic approaches to disaster resilience is closely tied to systems thinking approaches. The policy discourse should be targeted at policymakers and stakeholders at national and international levels (Kaufmann and Wiering 2022 ) to promote the integration of the systems approaches to flood risk management policies and strategies, as attaining resilience requires a coordinated effort at the national and international levels to ensure effective implementation and to address the drivers of policy change.

5 Conclusion

The concept of systems thinking has been widely explored across various domains, significantly enhancing the comprehension of systems thinking methodologies. However, its application in comprehending flood risks has been notably limited. This study revealed an upward trend in the adoption of systems thinking methodologies in flood risk management. However, developing countries still lag when it comes to its methodological application hence more research is required to understand why this disparity persists particularly in developing countries. The study systematically reviewed published research indexed in Scopus and WoS and a bibliographic analysis using R-Studio for the selected 132 published materials between 2002 and 2022. The United States, China, and Canada were the leading countries in scientific production within the study period. The journal Science of the Total Environment had the highest source impact of publications on systems thinking and flood risk management. Considering that many developing countries, particularly in Africa, continue to suffer significant losses due to the increasing frequency and intensity of floods resulting from climate change, this study advocates for a reorientation of research and policy efforts. The focus should be on research that enables a holistic approach to flood risk management. With the growing emphasis on advancing the Sendai Framework and the Sustainable Development Goals, there is a burgeoning interest in transitioning from linear to non-linear approaches for sustainable mitigation of flood risk hazards. It is anticipated that scientific production using this methodology will likely increase over time, especially given the heightened interest of prominent research organizations such as the World Bank.

The study is limited by the fact that it solely relied on publications indexed in the Scopus and WoS databases, thereby limiting its scope. Other comprehensive bibliographic databases, such as PubMed, Dimension, and Lens.org were not included. Also, including other languages such as French and Chinese, among others presents an opportunity for further exploration of this research area. It is recommended that in-depth research be conducted to examine the application of the systems thinking approach in disaster management generally, not just in flood research. This study underscores the value of applying a systems thinking approach to enhance the understanding of flood risk. A promising avenue for advancement involves active engagement with governmental and funding entities, urging them to allocate resources for this research. The potential outcomes of this approach surpass conventional statistical methodologies, offering more practical insights. While this methodology has proven innovative and successful in certain applications, its universal implementation may pose challenges under various circumstances.

Anisah, A., B.H. Santosa, and D.B. Sencaki. 2022. Conceptual framework of systems thinking based flood risk management: A preliminary study. In Proceedings of 2022 IEEE Asia-Pacific Conference on Geoscience, Electronics and Remote Sensing Technology (AGERS) , 21–22 December 2022, Surabaya, Indonesia, 1–5.

Apel, H., A.H. Thieken, B. Merz, and G. Blöschl. 2006. A probabilistic modelling system for assessing flood risks. Natural Hazards 38(1–2): 79–100.

Google Scholar

Atanassova, I., M. Bertin, and P. Mayr. 2019. Editorial: Mining scientific papers: NLP-enhanced Bibliometrics. Frontiers in Research Metrics and Analytics . https://doi.org/10.3389/frma.2019.00002 .

Article PubMed PubMed Central Google Scholar

Atanga, R.A. 2020. The role of local community leaders in flood disaster risk management strategy making in Accra. International Journal of Disaster Risk Reduction 43: Article 101358.

Awah, L.S., J.A. Belle, Y.S. Nyam, and I.R. Orimoloye. 2024. A participatory systems dynamic modelling approach to understanding flood systems in a coastal community in Cameroon. International Journal of Disaster Risk Reduction 101: Article 104236.

Azar, A.T. 2012. System dynamics as a useful technique for complex systems. International Journal of Industrial and Systems Engineering 10(4): 377–410.

Barbrook-Johnson, P., and A.S. Penn. 2022. Causal loop diagrams. In Systems mapping: How to build and use causal models of systems , ed. P. Barbrook-Johnson, and A.S. Penn, 47–59. Cham: Springer.

Bernhofen, M.V., S. Cooper, M. Trigg, A. Mdee, A. Carr, A. Bhave, Y.T. Solano-Correa, and E.L. Pencue-Fierro et al. 2022. The role of global data sets for riverine flood risk management at national scales. Water Resources Research 58(4): Article e2021WR031555.

ADS Google Scholar

Betley, E., E.J. Sterling, S. Akabas, A. Paxton, and L. Frost. 2021. Introduction to systems and systems thinking. Lessons in Conservation 11: 9–25.

Bosch, O.J.H., C.A. King, J.L. Herbohn, I.W. Russell, and C.S. Smith. 2007. Getting the big picture in natural resource management—Systems thinking as “method” for scientists, policy makers and other stakeholders. Systems Research and Behavioral Science: The Official Journal of the International Federation for Systems Research 24(2): 217–232.

Caretta, M.A., R. Fernandez, N. Zegre, and J. Shinn. 2021. Flooding hazard and vulnerability. An interdisciplinary experimental approach for the study of the 2016 west Virginia floods. Frontiers in Water . https://doi.org/10.3389/frwa.2021.656417 .

Article Google Scholar

Cavallo, A., and V. Ireland. 2014. Preparing for complex interdependent risks: A system of systems approach to building disaster resilience. International Journal of Disaster Risk Reduction 9: 181–193.

Ceres, R.L., C.E. Forest, and K. Keller. 2022. Trade-offs and synergies in managing coastal flood risk: A case study for New York City. Journal of Flood Risk Management 15(1): Article e12771.

Chang, H., A. Pallathadka, J. Sauer, N.B. Grimm, R. Zimmerman, C. Cheng, D.M. Iwaniec, and Y. Kim et al. 2021. Assessment of urban flood vulnerability using the social–ecological–technological systems framework in six US cities. Sustainable Cities and Society 68: Article 102786.

Cheek, W., and K. Chmutina. 2022. “Building back better” is neoliberal post-disaster reconstruction. Disasters 46(3): 589–609.

PubMed Google Scholar

Chetry, B. 2022. Living with floods: Community-based coping and resilience mechanism of mising from floods; A study of Majuli District of Assam. In Challenges of disasters in Asia: Vulnerability, adaptation and resilience , ed. H. Sajjad, L. Siddiqui, A. Rahman, M. Tahir, and M.A. Siddiqui, 371–411. Singapore: Springer.

Cloke, H., G. Di Baldassarre, O. Landeg, F. Pappenberger, and M.H. Ramos. 2017. Hydrological risk: Floods. https://drmkc.jrc.ec.europa.eu/portals/0/Knowledge/ScienceforDRM/ch03_s02/ch03_s02_subch0304.pdf . Accessed 8 Feb 2024.

Cobo, M.J., A.G. López-Herrera, E. Herrera-Viedma, and F. Herrera. 2011. An approach for detecting, quantifying, and visualizing the evolution of a research field: A practical application to the Fuzzy Sets Theory field. Journal of Informetrics 5(1): 146–166.

Costa, C.G.F. 2021. Disaster management and climate adaptation roadmap for coastal cities based on the ten essentials of UNDRR. Journal of Integrated Coastal Zone Management 21(1): 33–53.

CRED (Centre for Research on the Epidemiology of Disasters). 2015. EM-DAT | The international disasters database. https://www.emdat.be/ . Accessed 8 Feb 2024.

De Bruijn, K.M. 2005. Resilience and flood risk management: A systems approach applied to lowland rivers . Delft: Delft University Press.

De Bruijn, K.M., B.A. Jafino, B. Merz, N. Doorn, S.J. Priest, R.J. Dahm, C. Zevenbergen, J.C. Aerts, and T. Comes. 2022. Flood risk management through a resilience lens. Communications Earth & Environment 3(1): Article 285.

De Ruiter, M.C., A. Couasnon, M.J. van den Homberg, J.E. Daniell, J.C. Gill, and P.J. Ward. 2020. Why we can no longer ignore consecutive disasters. Earth’s Future 8(3): Article e2019EF001425.

Di Bitetti, M.S., and J.A. Ferreras. 2017. Publish (in English) or perish: The effect on citation rate of using languages other than English in scientific publications. AMBIO 46: 121–127.

PubMed ADS Google Scholar

Duncan, J. 2023. Unlocking the power of context: The crucial factor in communicating flood risk data. https://aecom.com/without-limits/article/unlocking-the-power-of-context-the-crucial-factor-in-communicating-flood-risk-data/ . Accessed 8 Feb 2024.

El-Omar, E.M. 2014. How to publish a scientific manuscript in a high-impact journal. Advances in Digestive Medicine 1(4): 105–109.

Fields, S. 2022. Flood risk to rise more than 25% in the next few decades because of climate change. Marketplace , 2 February 2022. https://www.marketplace.org/2022/02/02/flood-risk-to-rise-more-than-25-in-the-next-few-decades-because-of-climate-change/ . Accessed 8 Feb 2024.

Graveline, M.H., and D. Germain. 2022. Disaster risk resilience: Conceptual evolution, key issues, and opportunities. International Journal of Disaster Risk Science 13(3): 330–341.

Guha-Sapir, D., P. Hoyois, and R. Below. 2014. Annual disaster statistical review 2013: The numbers and trends . Brussels: CRED.

Hagedoorn, L.C., P. Bubeck, P. Hudson, L.M. Brander, M. Pham, and R. Lasage. 2021. Preferences of vulnerable social groups for ecosystem-based adaptation to flood risk in central Vietnam. World Development 148: Article 105650.

Hellman, J. 2015. Living with floods and coping with vulnerability. Disaster Prevention and Management 24(4): 468–483.

MathSciNet Google Scholar

Hossain, N.U.I., V.L. Dayarathna, M. Nagahi, and R. Jaradat. 2020. Systems thinking: A review and bibliometric analysis. Systems 8(3): Article 23.

Islam, M.A., A.L. Griffin, D.J. Paull, and S. Murshed. 2022. Assessing critical infrastructure resilience in terms of its service-providing capacity in coastal Bangladesh: A synthesis of geospatial techniques and social responses. International Journal of Disaster Risk Reduction 67: Article 102633.

Jongman, B., E.E. Koks, T.G. Husby, and P.J. Ward. 2014. Increasing flood exposure in the Netherlands: Implications for risk financing. Natural Hazards and Earth System Sciences 14(5): 1245–1255.

Kaufmann, M., and M. Wiering. 2022. The role of discourses in understanding institutional stability and change—An analysis of Dutch flood risk governance. Journal of Environmental Policy & Planning 24(1): 1–20.

Klijn, F., K.M. de Bruijn, J. Knoop, and J. Kwadijk. 2012. Assessment of the Netherlands’ flood risk management policy under global change. AMBIO 41: 180–192.

Kovacs, Y., N. Doussin, M. Gaussens, C.L. Pacoud, and O.G. Afd. 2017. Flood risk and cities in developing countries . Paris: French Development Agency.

Kreibich, H., and N. Sairam. 2022. Dynamic flood risk modelling in human-flood systems. In Climate adaptation modelling , eds. C. Kondrup, P. Mercogliano, F. Bosello, J. Mysiak, E. Scoccimarro, A. Rizzo, R. Ebrey, and M. de Ruiter et al., 95–103. Cham: Springer.

Laspidou, C.S., N.K. Mellios, A.E. Spyropoulou, D.T. Kofinas, and M.P. Papadopoulou. 2020. Systems thinking on the resource nexus: Modeling and visualisation tools to identify critical interlinkages for resilient and sustainable societies and institutions. Science of the Total Environment 717: Article 137264.

CAS PubMed ADS Google Scholar

Laurien, F., J.G. Martin, and S. Mehryar. 2022. Climate and disaster resilience measurement: Persistent gaps in multiple hazards, methods, and practicability. Climate Risk Management 37: Article 100443.

Madu, C.N. 2017. Handbook of disaster risk reduction & management: Climate change and natural disasters . Hackensack: World Scientific Publishing Company.

Mai, T., S. Mushtaq, K. Reardon-Smith, P. Webb, R. Stone, J. Kath, and D.A. An-Vo. 2020. Defining flood risk management strategies: A systems approach. International Journal of Disaster Risk Reduction 47: Article 101550.

Maskrey, S.A., N.J. Mount, and C.R. Thorne. 2022. Doing flood risk modelling differently: Evaluating the potential for participatory techniques to broaden flood risk management decision-making. Journal of Flood Risk Management 15(1): Article e12757.

Mavrouli, M., S. Mavroulis, E. Lekkas, and A. Tsakris. 2022. Infectious diseases associated with hydro-meteorological hazards in Europe: Disaster risk reduction in the context of the climate crisis and the ongoing COVID-19 Pandemic. International Journal of Environmental Research and Public Health 19(16): Article 10206.

PubMed PubMed Central Google Scholar

McDermott, T.K. 2022. Global exposure to flood risk and poverty. Nature Communications 13(1): Article 3529.

CAS PubMed PubMed Central ADS Google Scholar

Mehryar, S., and S. Surminski. 2022. Investigating flood resilience perceptions and supporting collective decision-making through fuzzy cognitive mapping. Science of the Total Environment 837: Article 155854.

Mejia, C., M. Wu, Y. Zhang, and Y. Kajikawa. 2021. Exploring topics in bibliometric research through citation networks and semantic analysis. Frontiers in Research Metrics and Analytics 6: Article 742311.

Mendis, N., S. Siriwardhana, and U. Kulatunga. 2022. Implementation of build back better concept for post-disaster reconstruction in Sri Lanka. In A system engineering approach to disaster resilience: Select proceedings of VCDRR 2021 , ed. C. Ghosh, and S. Kolathayar, 33–48. Singapore: Springer.

Moon, J., W. Flannery, and A. Revez. 2017. Discourse and practice of participatory flood risk management in Belfast, UK. Land Use Policy 63: 408–417.

Newman, R., and I. Noy. 2023. The global costs of extreme weather that are attributable to climate change. Nature Communications 14(1): Article 6103.

Nur, I., and K.K. Shrestha. 2017. An integrative perspective on community vulnerability to flooding in cities of developing countries. Procedia Engineering 198: 958–967.

Nyam, Y.S., J.H. Kotir, A.J. Jordaan, A.A. Ogundeji, A.A. Adetoro, and I.R. Orimoloye. 2020. Towards understanding and sustaining natural resource systems through the systems perspective: A systematic evaluation. Sustainability 12(23): Article 9871.

OECD (Organisation for Economic Co-operation and Development). 2021. Managing climate risks, facing up to losses and damages . Paris: OECD Publishing. https://doi.org/10.1787/55ea1cc9-en .

Book Google Scholar

Ogundeji, A.A., and C.C. Okolie. 2022. Perception and adaptation strategies of smallholder farmers to drought risk: A scientometric analysis. Agriculture 12(8): Article 1129.

Okolie, C.C., G. Danso-Abbeam, O. Groupson-Paul, and A.A. Ogundeji. 2022. Climate-smart agriculture amidst climate change to enhance agricultural production: A bibliometric analysis. Land 12(1): Article 50.

Orimoloye, I.R., J.A. Belle, and O.O. Ololade. 2021. Exploring the emerging evolution trends of disaster risk reduction research: A global scenario. International Journal of Environmental Science and Technology 18: 673–690.

Peffer, M., and M. Renken. 2016. Practical strategies for collaboration across discipline-based education research and the learning sciences. CBE Life Sciences Education 15(4): Article es11.

Perrone, A., A. Inam, R. Albano, J. Adamowski, and A. Sole. 2020. A participatory system dynamics modeling approach to facilitate collaborative flood risk management: A case study in the Bradano River (Italy). Journal of Hydrology 580: Article 124354.

Polka, B.E. 2018. Global flood risk under climate change. Public Health Post , 17 April 2018. https://www.publichealthpost.org/databyte/global-flood-risk-under-climate-change/ . Accessed 8 Feb 2024.

Rehman, J., O. Sohaib, M. Asif, and B. Pradhan. 2019. Applying systems thinking to flood disaster management for sustainable development. International Journal of Disaster Risk Reduction 36: Article 101101.

Rentschler, J., M. Salhab, and B.A. Jafino. 2022. Flood exposure and poverty in 188 countries. Nature Communications 13(1): Article 3527.

Sadiq, A.A., J. Tyler, and D.S. Noonan. 2019. A review of community flood risk management studies in the United States. International Journal of Disaster Risk Reduction 41: Article 101327.

Salazar-Briones, C., J.M. Ruiz-Gibert, M.A. Lomelí-Banda, and A. Mungaray-Moctezuma. 2020. An integrated urban flood vulnerability index for sustainable planning in arid zones of developing countries. Water 12(2): Article 608.

Salleh, S.Z. 2022. Bibliometric and content analysis on publications in digitization technology implementation in cultural heritage for recent five years (2016–2021). Digital Applications in Archaeology and Cultural Heritage 25: Article e00225.

Salmon, P.M., N. Goode, F. Archer, C. Spencer, D. McArdle, R. McClure, and M.D.R. Initiative. 2012. New perspectives on disaster response: The role of systems theory and methods. In Proceedings of the 2012 Australian and New Zealand Disaster and Emergency Management Conference , 16–18 April 2012, Queensland, Australia, 353–367.

Saunders, S.G., and V.D. Truong. 2019. Social marketing interventions: Insights from a system dynamics simulation model. Journal of Social Marketing 9(3): 329–342.

Saviano, M., S. Barile, F. Farioli, and F. Orecchini. 2019. Strengthening the science-policy-industry interface for progressing toward sustainability: A systems thinking view. Sustainability Science 14: 1549–1564.

Schaffernicht, M. 2010. Causal loop diagrams between structure and behaviour: A critical analysis of the relationship between polarity, behaviour and events. Systems Research and Behavioral Science 27(6): 653–666.

Schoenenberger, L., A. Schmid, R. Tanase, M. Beck, and M. Schwaninger. 2021. Structural analysis of system dynamics models. Simulation Modelling Practice and Theory 110: Article 102333.

Schröter, K., M. Barendrecht, M. Bertola, A. Ciullo, R.T. da Costa, L. Cumiskey, A. Curran, and D. Diederen et al. 2021. Large-scale flood risk assessment and management: Prospects of a systems approach. Water Security 14: Article 100109.

Shmueli, D.F., C.P. Ozawa, and S. Kaufman. 2021. Collaborative planning principles for disaster preparedness. International Journal of Disaster Risk Reduction 52: Article 101981.

Sterman, J., R. Oliva, K.W. Linderman, and E. Bendoly. 2015. System dynamics perspectives and modeling opportunities for research in operations management. Journal of Operations Management 39: Article 40.

Tariq, M.A.U.R., R. Farooq, and N. Van de Giesen. 2020. A critical review of flood risk management and the selection of suitable measures. Applied Sciences 10(23): Article 8752.

CAS Google Scholar

Tate, E., V. Decker, and C. Just. 2021. Evaluating collaborative readiness for interdisciplinary flood research. Risk Analysis 41(7): 1187–1194.

Tavasszy, L., and G. de Jong. 2014. Comprehensive versus simplified models. In Modelling freight transport , ed. L. Tavasszy, and G. de Jong, 245–256. Amsterdam: Elsevier.

Tranfield, D., D. Denyer, and P. Smart. 2003. Towards a methodology for developing evidence-informed management knowledge by means of systematic review. British Journal of Management 14(3): 207–222.

United Nations. 2022. Fueled by rapid growth in Africa, global population hits 8 billion. The Christian Science Monitor , 15 November 2022. https://www.csmonitor.com/World/2022/1115/Fueled-by-rapid-growth-in-Africa-global-population-hits-8-billion . Accessed 4 Sept 2023.

Vitale, C. 2023. Understanding the shift toward a risk-based approach in flood risk management, a comparative case study of three Italian rivers. Environmental Science & Policy 146: 13–23.

Vojinović, Z., Y. Abebe, A. Sanchez-Torres, N. Medina, I. Nikolic, N. Manojlovic, C. Makropoulos, and M. Pelling. 2014. Holistic flood risk assessment in coastal areas: The PEARL approach. In Proceedings of the 11th International Conference on Hydroinformatics , 17–21 August 2014, New York City, USA.

Wang, L., S. Cui, Y. Li, H. Huang, B. Manandhar, V. Nitivattananon, X. Fang, and W. Huang. 2022. A review of the flood management: From flood control to flood resilience. Heliyon 8(11): Article e11763.

Wang, Z., Y. Zhao, and B. Wang. 2018. A bibliometric analysis of climate change adaptation based on massive research literature data. Journal of Cleaner Production 199: 1072–1082.

Watson, S.L., and W.R. Watson. 2013. Chapter Six: Critical systems theory for qualitative research methodology. Counterpoints 354: 111–127.

WMO (World Meteorological Organization). 2022. State of climate in Africa highlights water stress and hazards. https://wmo.int/news/media-centre/state-of-climate-africa-highlights-water-stress-and-hazards . Accessed 8 Feb 2024.

Wolstenholme, E.F., and R.G. Coyle. 1983. The development of system dynamics as a methodology for system description and qualitative analysis. Journal of the Operational Research Society 34(7): 569–581.

Yang, Q., X. Zheng, L. Jin, X. Lei, B. Shao, and Y. Chen. 2021. Research progress of urban floods under climate change and urbanization: A scientometric analysis. Buildings 11(12): Article 628.

Yuen, B., and A. Kumssa. 2010. Africa and Asia: Two of the world’s fastest-growing regions. In Climate change and sustainable urban development in Africa and Asia , ed. B. Yuen, and A. Kumssa, 3–18. Dordrecht: Springer.

Zevenbergen, C., B. Gersonius, and M. Radhakrishan. 2020. Flood resilience. Philosophical Transactions of the Royal Society A 378(2168): Article 20190212.

Ziga-Abortta, F.R., S. Kruse, B. Höllermann, and J. Ntajal. 2021. Stakeholder participation in flood-related disaster risk management in Ghana. In Proceedings of the 23rd EGU General Assembly , held online 19–30 April 2021.

Zischg, A.P. 2018. Floodplains and complex adaptive systems—Perspectives on connecting the dots in flood risk assessment with coupled component models. Systems 6(2): Article 9.

Download references

Acknowledgements

The authors would like to acknowledge and appreciate the European Union-sponsored project Fostering Research & Intra-African Mobility & Education (FRAME) (Reference Number FRAM2000567), for the financial support in executing this research.

Author information

Authors and affiliations.

Disaster Management Training and Education Centre for Africa, University of the Free State, Bloemfontein, 9300, South Africa

Lum Sonita Awah, Johanes Amate Belle & Yong Sebastian Nyam

School of Environment, Geography, and Sustainability, Western Michigan University, Kalamazoo, MI, 49008, USA

Israel Ropo Orimoloye

You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lum Sonita Awah .

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Awah, L.S., Belle, J.A., Nyam, Y.S. et al. A Systematic Analysis of Systems Approach and Flood Risk Management Research: Trends, Gaps, and Opportunities. Int J Disaster Risk Sci 15 , 45–57 (2024). https://doi.org/10.1007/s13753-024-00544-y

Download citation

Accepted : 07 February 2024

Published : 16 February 2024

Issue Date : February 2024

DOI : https://doi.org/10.1007/s13753-024-00544-y

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Flood risk management research
Gaps and opportunities
Global trends in flood research
Systematic review
Systems thinking
Find a journal
Publish with us
Track your research

Common Comorbidities with Substance Use Disorders Research Report Part 1: The Connection Between Substance Use Disorders and Mental Illness

Many individuals who develop substance use disorders (SUD) are also diagnosed with mental disorders, and vice versa. 2,3 Although there are fewer studies on comorbidity among youth, research suggests that adolescents with substance use disorders also have high rates of co-occurring mental illness; over 60 percent of adolescents in community-based substance use disorder treatment programs also meet diagnostic criteria for another mental illness. 4

Data show high rates of comorbid substance use disorders and anxiety disorders—which include generalized anxiety disorder, panic disorder, and post-traumatic stress disorder. 5–9 Substance use disorders also co-occur at high prevalence with mental disorders, such as depression and bipolar disorder, 6,9–11 attention-deficit hyperactivity disorder (ADHD), 12,13 psychotic illness, 14,15 borderline personality disorder, 16 and antisocial personality disorder. 10,15 Patients with schizophrenia have higher rates of alcohol, tobacco, and drug use disorders than the general population. 17 As Figure 1 shows, the overlap is especially pronounced with serious mental illness (SMI). Serious mental illness among people ages 18 and older is defined at the federal level as having, at any time during the past year, a diagnosable mental, behavior, or emotional disorder that causes serious functional impairment that substantially interferes with or limits one or more major life activities. Serious mental illnesses include major depression, schizophrenia, and bipolar disorder, and other mental disorders that cause serious impairment. 18 Around 1 in 4 individuals with SMI also have an SUD.

Data from a large nationally representative sample suggested that people with mental, personality, and substance use disorders were at increased risk for nonmedical use of prescription opioids. 19 Research indicates that 43 percent of people in SUD treatment for nonmedical use of prescription painkillers have a diagnosis or symptoms of mental health disorders, particularly depression and anxiety. 20

Youth—A Vulnerable Time

Although drug use and addiction can happen at any time during a person’s life, drug use typically starts in adolescence, a period when the first signs of mental illness commonly appear. Comorbid disorders can also be seen among youth. 21–23 During the transition to young adulthood (age 18 to 25 years), people with comorbid disorders need coordinated support to help them navigate potentially stressful changes in education, work, and relationships. 21

Drug Use and Mental Health Disorders in Childhood or Adolescence Increases Later Risk

The brain continues to develop through adolescence. Circuits that control executive functions such as decision making and impulse control are among the last to mature, which enhances vulnerability to drug use and the development of a substance use disorder. 3,24 Early drug use is a strong risk factor for later development of substance use disorders, 24 and it may also be a risk factor for the later occurrence of other mental illnesses. 25,26 However, this link is not necessarily causative and may reflect shared risk factors including genetic vulnerability, psychosocial experiences, and/or general environmental influences. For example, frequent marijuana use during adolescence can increase the risk of psychosis in adulthood, specifically in individuals who carry a particular gene variant. 26,27

It is also true that having a mental disorder in childhood or adolescence can increase the risk of later drug use and the development of a substance use disorder. Some research has found that mental illness may precede a substance use disorder, suggesting that better diagnosis of youth mental illness may help reduce comorbidity. One study found that adolescent-onset bipolar disorder confers a greater risk of subsequent substance use disorder compared to adult-onset bipolar disorder. 28 Similarly, other research suggests that youth develop internalizing disorders, including depression and anxiety, prior to developing substance use disorders. 29

Untreated Childhood ADHD Can Increase Later Risk of Drug Problems

Numerous studies have documented an increased risk for substance use disorders in youth with untreated ADHD, 13,30 although some studies suggest that only those with comorbid conduct disorders have greater odds of later developing a substance use disorder. 30,31 Given this linkage, it is important to determine whether effective treatment of ADHD could prevent subsequent drug use and addiction. Treatment of childhood ADHD with stimulant medications such as methylphenidate or amphetamine reduces the impulsive behavior, fidgeting, and inability to concentrate that characterize ADHD. 32

That risk presents a challenge when treating children with ADHD, since effective treatment often involves prescribing stimulant medications with addictive potential. Although the research is not yet conclusive, many studies suggest that ADHD medications do not increase the risk of substance use disorder among children with this condition. 31,32 It is important to combine stimulant medication for ADHD with appropriate family and child education and behavioral interventions, including counseling on the chronic nature of ADHD and risk for substance use disorder. 13,32

Go back to Main Menu
Client Log In
MSCI Client Support Site
Barra PortfolioManager
MSCI ESG Manager
MSCI ESG Direct
Global Index Lens
MSCI Real Assets Analytics Portal
RiskManager 3
CreditManager
RiskManager 4
Index Monitor
MSCI Datscha
MSCI Real Capital Analytics
Total Plan/Caissa
MSCI Fabric
MSCI Carbon Markets

Insights on MSCI One

Institutional client designed indexes (icdis), total portfolio footprinting, esg trends to watch, factor models, visualizing investment data.

Our Solutions
Go back to Our Solutions
Analytics Overview
Crowding Solutions
Fixed Income Analytics
Managed Solutions
Multi-asset Class Factor Models
Portfolio Management
Quantitative Investment Solutions
Regulatory Solutions
Risk Insights
Climate Investing
Climate Investing Overview

Implied Temperature Rise

Trends 2024.

Biodiversity
Carbon Markets
Climate Lab Enterprise
Real Estate Climate Solutions
Sustainable Investing
Sustainable Investing Overview

ESG and Climate Funds in Focus

What is esg, role of capital in the net-zero revolution.

Sustainability Reporting Services
Factor Investing
Factor Investing Overview

MSCI Japan Equity Factor Model

Equity Factor Models
Factor Indexes
Indexes Overview

Index Education

Msci climate action corporate bond indexes.

Client-Designed
Direct Indexing
Fixed Income
Private Real Assets

Thematic Exposure Standard

Go back to Indexes
Resources Overview

MSCI Indexes Underlying Exchange Traded Products

Communications
Equity Factsheets
Derivatives
Methodology
Performance
Private Capital
Private Capital Overview

Global Private Capital Performance Review

Total Plan (formerly Caissa)
Carbon Footprinting
Private Capital Indexes
Private Company Data Connect
Real Assets
Real Assets Overview

2024 Trends to Watch in Real Assets

Index Intel
Portfolio Services
Property Intel
Private Real Assets Indexes
Real Capital Analytics
Research & Insights
Go back to Research & Insights
Research & Insights Overview
Multi-Asset Class
Real Estate
Sustainability
Events Overview

Capital for Climate Action Conference

Data Explorer
Developer Community
Technology and Data

2022 Annual Report

Go back to Who We Are
Corporate Responsibility
Corporate Responsibility Overview
Enabling Sustainable Investing
Environmental Sustainability
Governance Practices
Social Practices
Sustainability Reports and Policies
Diversity, Equity and Inclusion

Henry A. Fernandez

Recognition

Main Search

Esg rating hero banner, esg ratings.

Measuring a company’s resilience to long-term, financially relevant ESG risks

Social Sharing

Esg rating intro para, what is an msci esg rating.

MSCI ESG Ratings aim to measure a company’s management of financially relevant ESG risks and opportunities. We use a rules-based methodology to identify industry leaders and laggards according to their exposure to ESG risks and how well they manage those risks relative to peers. Our ESG Ratings range from leader (AAA, AA), average (A, BBB, BB) to laggard (B, CCC). We also rate equity and fixed income securities, loans, mutual funds, ETFs and countries.

ESG Ratings video

How do MSCI ESG Ratings work? What are significant ESG risks? What does a poor rating look like? How can you use them?

Download Transcript (PDF, 120 KB) (opens in a new tab)

ESG ratings

Download brochure (PDF, 1.08 MB) (opens in a new tab)

How do MSCI ESG Ratings work?

How does msci esg ratings work.

ESG risks and opportunities can vary by industry and company. Our MSCI ESG Ratings model identifies the ESG risks, (what we call Key Issues), that are most material to a GICS® sub-industry or sector. With over 13 years of live track history we have been able to examine and refine our model to identify the E, S, and G Key Issues which are most material to an industry.

View our Key Issues framework | ESG Methodologies (opens in a new tab) | What MSCI’s ESG Ratings are and are not

ESG Ratings module

A company lagging its industry based on its high exposure and failure to manage significant ESG risks

A company with a mixed or unexceptional track record of managing the most significant ESG risks and opportunities relative to industry peers

A company leading its industry in managing the most significant ESG risks and opportunities

Explore our ESG transparency tools

Contact sales

Explore our ESG Transparency Tools content - part 1

Explore the Implied Temperature Rise, Decarbonization Targets, MSCI ESG Rating and Key ESG Issues of over 2,900 companies.

Explore E, S & G Key Issues by GICS® sub-industry or sector and their contribution to companies' ESG Ratings.

Example: Explore the data metrics and sources used to determine the MSCI ESG Rating of a US-based producer of paper products.

Explore our ESG Transparency Tools content - part 2

ESG Fund Ratings aim to measure the resilience of mutual funds and ETFs to long term risks and opportunities.

Explore ESG and climate metrics for all MSCI equity, fixed income and blended indexes regulated by the EU.

ESG ratings Tabs

Integrating esg ratings into the investment process: key features.

A growing body of client, industry and MSCI research has shown the value of integrating MSCI ESG Ratings to manage and mitigate risks and identify opportunities. We are proud to work with over 1,700 clients worldwide that help inform and improve our ESG Research, including our ESG Ratings methodology and coverage. Investor clients use MSCI ESG Ratings as follows.

Fundamental / quant analyses

Portfolio construction / risk management, benchmarking / index-based product development, disclosure and reporting for regulators and stakeholders, engagement & thought leadership.

Stock analysis
ESG Ratings used for security selection or within systematic strategies
ESG Factor in quant model- identify long term trends and arbitrage opportunities
Adjust discounted cashflow models
Identify leaders and laggards to support construction
Use ratings and underlying scores to inform asset allocation
Stress testing, and risk and performance attribution analysis
ESG as a Factor in Global Equity Models
MSCI ESG Ratings are used in many of MSCI’s 1,500 equity and fixed indexes
Select policy or performance benchmark
Develop Exchange-Traded-Funds and other index-based products
Make regulatory disclosures
Report to clients & stakeholders
Demonstrate ESG transparency and leadership
Engage companies and external stakeholders
Provide transparency through client reporting
Conduct thematic or industry research

ESG rating Key benefits

Key product features:.

We rate over 8,500 companies (14,000 issuers including subsidiaries) and more than 680,000 equity and fixed income securities globally (as of October 2020), collecting thousands of data points for each company.

We monitor emerging risks and opportunities and focus on the industry issues that are most relevant to its companies’ core business models

While corporate disclosure is an important input into our model, we also gather alternative data from hundreds of media, academic, NGO, regulatory and government sources to supplement those disclosures and uncover additional insights. Our cutting-edge modelling capabilities transform varied sources of unstructured data into meaningful insights

We use artificial intelligence (AI) and other technologies to increase the timeliness and precision of data collection and analysis, and to check and validate data. Our 200+ strong team of analysts review, validate and transform the data into meaningful insights

MSCI ESG Research is constantly evaluating new datasets, monitoring emerging ESG issues and exploring new technologies to improve our research process and the value for clients. We review and recalibrate the ESG Ratings model annually, and seek feedback from our clients on potential changes and enhancements via our annual consultation process. Over the last seven years, MSCI ESG Research has consulted more than 55 of some of the largest investors globally, to refine our ESG Ratings methodology and expand our coverage

MSCI ESG Research Experience and Leadership

Msci esg research experience and leadership.

We have over 40 years 2 of experience measuring and modelling ESG performance of companies. We are recognized as a ‘Gold Standard data provider’3 and voted 'Best Firm for SRI research' and ‘Best Firm for Corporate Governance research' for the last four years 3
We were the first ESG provider to assess companies based on industry materiality, dating back to 1999. Only dataset with live history (13+ years) demonstrating economic relevance
Objective rules based ESG ratings, with an average 45% of data, 5 coming from alternative data sources, utilizing AI tech to extract and verify unstructured data
First ESG ratings provider to measure and embed companies’ ESG risk exposure 4

ESG Ratings Related Content

Related content, .rel-cont-head{ font-size: 31px important; line-height: 38px important; } sustainable investing.

Companies with strong MSCI ESG Ratings profiles may be better positioned for future challenges and experience fewer instances of bribery, corruption and fraud. Learn how our sustainability solutions can provide insights into risks and opportunities.

Climate and Net-Zero Solutions

To empower investors to analyze and report on their portfolios’ exposures to transition and physical climate risk. 1 .

Sustainable Finance

ESG and climate regulation and disclosure resource center for institutional investors, managers and advisors.

ESG ratings footnotes

MSCI ESG Research LLC. is a Registered Investment Adviser under the Investment Adviser Act of 1940. The most recent SEC Form ADV filing, including Form ADV Part 2A, is available on the U.S. SEC’s website at www.adviserinfo.sec.gov (opens in a new tab) .

MIFID2/MIFIR notice: MSCI ESG Research LLC does not distribute or act as an intermediary for financial instruments or structured deposits, nor does it deal on its own account, provide execution services for others or manage client accounts. No MSCI ESG Research product or service supports, promotes or is intended to support or promote any such activity. MSCI ESG Research is an independent provider of ESG data, reports and ratings based on published methodologies and available to clients on a subscription basis.

ESG ADV 2A (PDF, 354 KB) (opens in a new tab) ESG ADV 2B (brochure supplement) (PDF, 232 KB) (opens in a new tab)

1 GICS®, the global industry classification standard jointly developed by MSCI Inc. and S&P Global.

2 Through our legacy companies KLD, Innovest, IRRC, and GMI Ratings.

3 Deep Data Delivery Standard http://www.deepdata.ai/

4 Through our legacy companies KLD, Innovest, IRRC, and GMI Ratings. Origins of MSCI ESG Ratings established in 1999. Produced time series data since 2007.

5 Source: MSCI ESG Research 2,434 constituents of the MSCI ACWI Index as of November 30, 2017.

UtmAnalytics

Research on risk management methods for power operation data oriented to multi scenario data

Zhang, Ximing
Yang, Qiuyong
Li, Jieshan
Zhao, Jiaqi

In order to improve the security of power operation data, a risk management method for multi scenario data is proposed. Based on blockchain technology, a power operation data storage model was constructed, and a data risk management model was constructed using federated reinforcement learning algorithm. Through this model, risk management processing was implemented on the data. It can be seen from the experimental results that the highest value of the Factor of safety of this method is 0.95, the lowest value is 0.78, and the highest value of the number of times of data theft prevention is 58, which indicates that this method can effectively improve the effect of data theft prevention, and the power operation data has a high Factor of safety, which indicates that this method can fully ensure the security of power operation data

	You might be using an unsupported or outdated browser. To get the best possible experience please use the latest version of Chrome, Firefox, Safari, or Microsoft Edge to view this website.

How To Start A Business In 11 Steps (2024 Guide)

Updated: Apr 7, 2024, 1:44pm

How To Start A Business In 11 Steps (2024 Guide)

Before you begin: get in the right mindset, 1. determine your business concept, 2. research your competitors and market, 3. create your business plan, 4. choose your business structure, 5. register your business and get licenses, 6. get your finances in order, 7. fund your business, 8. apply for business insurance, 9. get the right business tools, 10. market your business, 11. scale your business, what are the best states to start a business, bottom line, frequently asked questions (faqs).

Starting a business is one of the most exciting and rewarding experiences you can have. But where do you begin? There are several ways to approach creating a business, along with many important considerations. To help take the guesswork out of the process and improve your chances of success, follow our comprehensive guide on how to start a business. We’ll walk you through each step of the process, from defining your business idea to registering, launching and growing your business.

Featured Partners

ZenBusiness

$0 + State Fees

Varies By State & Package

On ZenBusiness' Website

On LegalZoom's Website

Northwest Registered Agent

$39 + State Fees

On Northwest Registered Agent's Website

The public often hears about overnight successes because they make for a great headline. However, it’s rarely that simple—they don’t see the years of dreaming, building and positioning before a big public launch. For this reason, remember to focus on your business journey and don’t measure your success against someone else’s.

Consistency Is Key

New business owners tend to feed off their motivation initially but get frustrated when that motivation wanes. This is why it’s essential to create habits and follow routines that power you through when motivation goes away.

Take the Next Step

Some business owners dive in headfirst without looking and make things up as they go along. Then, there are business owners who stay stuck in analysis paralysis and never start. Perhaps you’re a mixture of the two—and that’s right where you need to be. The best way to accomplish any business or personal goal is to write out every possible step it takes to achieve the goal. Then, order those steps by what needs to happen first. Some steps may take minutes while others take a long time. The point is to always take the next step.

Most business advice tells you to monetize what you love, but it misses two other very important elements: it needs to be profitable and something you’re good at. For example, you may love music, but how viable is your business idea if you’re not a great singer or songwriter? Maybe you love making soap and want to open a soap shop in your small town that already has three close by—it won’t be easy to corner the market when you’re creating the same product as other nearby stores.

If you don’t have a firm idea of what your business will entail, ask yourself the following questions:

What do you love to do?
What do you hate to do?
Can you think of something that would make those things easier?
What are you good at?
What do others come to you for advice about?
If you were given ten minutes to give a five-minute speech on any topic, what would it be?
What’s something you’ve always wanted to do, but lacked resources for?

These questions can lead you to an idea for your business. If you already have an idea, they might help you expand it. Once you have your idea, measure it against whether you’re good at it and if it’s profitable.

Your business idea also doesn’t have to be the next Scrub Daddy or Squatty Potty. Instead, you can take an existing product and improve upon it. You can also sell a digital product so there’s little overhead.

What Kind of Business Should You Start?

Before you choose the type of business to start, there are some key things to consider:

What type of funding do you have?
How much time do you have to invest in your business?
Do you prefer to work from home or at an office or workshop?
What interests and passions do you have?
Can you sell information (such as a course), rather than a product?
What skills or expertise do you have?
How fast do you need to scale your business?
What kind of support do you have to start your business?
Are you partnering with someone else?
Does the franchise model make more sense to you?

Consider Popular Business Ideas

Not sure what business to start? Consider one of these popular business ideas:

Start a Franchise
Start a Blog
Start an Online Store
Start a Dropshipping Business
Start a Cleaning Business
Start a Bookkeeping Business
Start a Clothing Business
Start a Landscaping Business
Start a Consulting Business
Start a Photography Business
Start a Vending Machine Business

Most entrepreneurs spend more time on their products than they do getting to know the competition. If you ever apply for outside funding, the potential lender or partner wants to know: what sets you (or your business idea) apart? If market analysis indicates your product or service is saturated in your area, see if you can think of a different approach. Take housekeeping, for example—rather than general cleaning services, you might specialize in homes with pets or focus on garage cleanups.

Primary Research

The first stage of any competition study is primary research, which entails obtaining data directly from potential customers rather than basing your conclusions on past data. You can use questionnaires, surveys and interviews to learn what consumers want. Surveying friends and family isn’t recommended unless they’re your target market. People who say they’d buy something and people who do are very different. The last thing you want is to take so much stock in what they say, create the product and flop when you try to sell it because all of the people who said they’d buy it don’t because the product isn’t something they’d buy.

Secondary Research

Utilize existing sources of information, such as census data, to gather information when you do secondary research. The current data may be studied, compiled and analyzed in various ways that are appropriate for your needs but it may not be as detailed as primary research.

Conduct a SWOT Analysis

SWOT stands for strengths, weaknesses, opportunities and threats. Conducting a SWOT analysis allows you to look at the facts about how your product or idea might perform if taken to market, and it can also help you make decisions about the direction of your idea. Your business idea might have some weaknesses that you hadn’t considered or there may be some opportunities to improve on a competitor’s product.

Asking pertinent questions during a SWOT analysis can help you identify and address weaknesses before they tank your new business.

A business plan is a dynamic document that serves as a roadmap for establishing a new business. This document makes it simple for potential investors, financial institutions and company management to understand and absorb. Even if you intend to self-finance, a business plan can help you flesh out your idea and spot potential problems. When writing a well-rounded business plan, include the following sections:

Executive summary: The executive summary should be the first item in the business plan, but it should be written last. It describes the proposed new business and highlights the goals of the company and the methods to achieve them.
Company description: The company description covers what problems your product or service solves and why your business or idea is best. For example, maybe your background is in molecular engineering, and you’ve used that background to create a new type of athletic wear—you have the proper credentials to make the best material.
Market analysis: This section of the business plan analyzes how well a company is positioned against its competitors. The market analysis should include target market, segmentation analysis, market size, growth rate, trends and a competitive environment assessment.
Organization and structure: Write about the type of business organization you expect, what risk management strategies you propose and who will staff the management team. What are their qualifications? Will your business be a single-member limited liability company (LLC) or a corporation ?
Mission and goals: This section should contain a brief mission statement and detail what the business wishes to accomplish and the steps to get there. These goals should be SMART (specific, measurable, action-orientated, realistic and time-bound).
Products or services: This section describes how your business will operate. It includes what products you’ll offer to consumers at the beginning of the business, how they compare to existing competitors, how much your products cost, who will be responsible for creating the products, how you’ll source materials and how much they cost to make.
Background summary: This portion of the business plan is the most time-consuming to write. Compile and summarize any data, articles and research studies on trends that could positively and negatively affect your business or industry.
Marketing plan: The marketing plan identifies the characteristics of your product or service, summarizes the SWOT analysis and analyzes competitors. It also discusses how you’ll promote your business, how much money will be spent on marketing and how long the campaign is expected to last.
Financial plan: The financial plan is perhaps the core of the business plan because, without money, the business will not move forward. Include a proposed budget in your financial plan along with projected financial statements, such as an income statement, a balance sheet and a statement of cash flows. Usually, five years of projected financial statements are acceptable. This section is also where you should include your funding request if you’re looking for outside funding.

Learn more: Download our free simple business plan template .

Come Up With an Exit Strategy

An exit strategy is important for any business that is seeking funding because it outlines how you’ll sell the company or transfer ownership if you decide to retire or move on to other projects. An exit strategy also allows you to get the most value out of your business when it’s time to sell. There are a few different options for exiting a business, and the best option for you depends on your goals and circumstances.

The most common exit strategies are:

Selling the business to another party
Passing the business down to family members
Liquidating the business assets
Closing the doors and walking away

Develop a Scalable Business Model

As your small business grows, it’s important to have a scalable business model so that you can accommodate additional customers without incurring additional costs. A scalable business model is one that can be replicated easily to serve more customers without a significant increase in expenses.

Some common scalable business models are:

Subscription-based businesses
Businesses that sell digital products
Franchise businesses
Network marketing businesses

Start Planning for Taxes

One of the most important things to do when starting a small business is to start planning for taxes. Taxes can be complex, and there are several different types of taxes you may be liable for, including income tax, self-employment tax, sales tax and property tax. Depending on the type of business you’re operating, you may also be required to pay other taxes, such as payroll tax or unemployment tax.

Start A Limited Liability Company Online Today with ZenBusiness

Click to get started.

When structuring your business, it’s essential to consider how each structure impacts the amount of taxes you owe, daily operations and whether your personal assets are at risk.

An LLC limits your personal liability for business debts. LLCs can be owned by one or more people or companies and must include a registered agent . These owners are referred to as members.

LLCs offer liability protection for the owners
They’re one of the easiest business entities to set up
You can have a single-member LLC
You may be required to file additional paperwork with your state on a regular basis
LLCs can’t issue stock
You’ll need to pay annual filing fees to your state

Limited Liability Partnership (LLP)

An LLP is similar to an LLC but is typically used for licensed business professionals such as an attorney or accountant. These arrangements require a partnership agreement.

Partners have limited liability for the debts and actions of the LLP
LLPs are easy to form and don’t require much paperwork
There’s no limit to the number of partners in an LLP
Partners are required to actively take part in the business
LLPs can’t issue stock
All partners are personally liable for any malpractice claims against the business

Sole Proprietorship

If you start a solo business, you might consider a sole proprietorship . The company and the owner, for legal and tax purposes, are considered the same. The business owner assumes liability for the business. So, if the business fails, the owner is personally and financially responsible for all business debts.

Sole proprietorships are easy to form
There’s no need to file additional paperwork with your state
You’re in complete control of the business
You’re personally liable for all business debts
It can be difficult to raise money for a sole proprietorship
The business may have a limited lifespan

Corporation

A corporation limits your personal liability for business debts just as an LLC does. A corporation can be taxed as a C corporation (C-corp) or an S corporation (S-corp). S-corp status offers pass-through taxation to small corporations that meet certain IRS requirements. Larger companies and startups hoping to attract venture capital are usually taxed as C-corps.

Corporations offer liability protection for the owners
The life span of a corporation is not limited
A corporation can have an unlimited number of shareholders
Corporations are subject to double taxation
They’re more expensive and complicated to set up than other business structures
The shareholders may have limited liability

Before you decide on a business structure, discuss your situation with a small business accountant and possibly an attorney, as each business type has different tax treatments that could affect your bottom line.

Helpful Resources

How To Set Up an LLC in 7 Steps
How To Start a Sole Proprietorship
How To Start a Corporation
How To Start a Nonprofit
How To Start a 501(c)(3)

There are several legal issues to address when starting a business after choosing the business structure. The following is a good checklist of items to consider when establishing your business:

Choose Your Business Name

Make it memorable but not too difficult. Choose the same domain name, if available, to establish your internet presence. A business name cannot be the same as another registered company in your state, nor can it infringe on another trademark or service mark that is already registered with the United States Patent and Trademark Office (USPTO).

Business Name vs. DBA

There are business names, and then there are fictitious business names known as “Doing Business As” or DBA. You may need to file a DBA if you’re operating under a name that’s different from the legal name of your business. For example, “Mike’s Bike Shop” is doing business as “Mike’s Bikes.” The legal name of the business is “Mike’s Bike Shop,” and “Mike’s Bikes” is the DBA.

You may need to file a DBA with your state, county or city government offices. The benefits of a DBA include:

It can help you open a business bank account under your business name
A DBA can be used as a “trade name” to brand your products or services
A DBA can be used to get a business license

Register Your Business and Obtain an EIN

You’ll officially create a corporation, LLC or other business entity by filing forms with your state’s business agency―usually the Secretary of State. As part of this process, you’ll need to choose a registered agent to accept legal documents on behalf of your business. You’ll also pay a filing fee. The state will send you a certificate that you can use to apply for licenses, a tax identification number (TIN) and business bank accounts.

Next, apply for an employer identification number (EIN) . All businesses, other than sole proprietorships with no employees, must have a federal employer identification number. Submit your application to the IRS and you’ll typically receive your number in minutes.

Get Appropriate Licenses and Permits

Legal requirements are determined by your industry and jurisdiction. Most businesses need a mixture of local, state and federal licenses to operate. Check with your local government office (and even an attorney) for licensing information tailored to your area.

Best LLC Services
How To Register a Business Name
How To Register a DBA
How To Get an EIN for an LLC
How To Get a Business License

Start an LLC Online Today With ZenBusiness

Click on the state below to get started.

Open a Business Bank Account

Keep your business and personal finances separate. Here’s how to choose a business checking account —and why separate business accounts are essential. When you open a business bank account, you’ll need to provide your business name and your business tax identification number (EIN). This business bank account can be used for your business transactions, such as paying suppliers or invoicing customers. Most times, a bank will require a separate business bank account to issue a business loan or line of credit.

Hire a Bookkeeper or Get Accounting Software

If you sell a product, you need an inventory function in your accounting software to manage and track inventory. The software should have ledger and journal entries and the ability to generate financial statements.

Some software programs double as bookkeeping tools. These often include features such as check writing and managing receivables and payables. You can also use this software to track your income and expenses, generate invoices, run reports and calculate taxes.

There are many bookkeeping services available that can do all of this for you, and more. These services can be accessed online from any computer or mobile device and often include features such as bank reconciliation and invoicing. Check out the best accounting software for small business, or see if you want to handle the bookkeeping yourself.

Determine Your Break-Even Point

Before you fund your business, you must get an idea of your startup costs. To determine these, make a list of all the physical supplies you need, estimate the cost of any professional services you will require, determine the price of any licenses or permits required to operate and calculate the cost of office space or other real estate. Add in the costs of payroll and benefits, if applicable.

Businesses can take years to turn a profit, so it’s better to overestimate the startup costs and have too much money than too little. Many experts recommend having enough cash on hand to cover six months of operating expenses.

When you know how much you need to get started with your business, you need to know the point at which your business makes money. This figure is your break-even point.

In contrast, the contribution margin = total sales revenue – cost to make product

For example, let’s say you’re starting a small business that sells miniature birdhouses for fairy gardens. You have determined that it will cost you $500 in startup costs. Your variable costs are $0.40 per birdhouse produced, and you sell them for $1.50 each.

Let’s write these out so it’s easy to follow:

This means that you need to sell at least 456 units just to cover your costs. If you can sell more than 456 units in your first month, you will make a profit.

The Best Business Checking Accounts
The Best Accounting Software for Small Business
How To Open a Bank Account

There are many different ways to fund your business—some require considerable effort, while others are easier to obtain. Two categories of funding exist: internal and external.

Internal funding includes:

Personal savings
Credit cards
Funds from friends and family

If you finance the business with your own funds or with credit cards, you have to pay the debt on the credit cards and you’ve lost a chunk of your wealth if the business fails. By allowing your family members or friends to invest in your business, you are risking hard feelings and strained relationships if the company goes under. Business owners who want to minimize these risks may consider external funding.

External funding includes:

Small business loans
Small business grants
Angel investors
Venture capital
Crowdfunding

Small businesses may have to use a combination of several sources of capital. Consider how much money is needed, how long it will take before the company can repay it and how risk-tolerant you are. No matter which source you use, plan for profit. It’s far better to take home six figures than make seven figures and only keep $80,000 of it.

Funding ideas include:

Invoice factoring: With invoice factoring , you can sell your unpaid invoices to a third party at a discount.
Business lines of credit: Apply for a business line of credit , which is similar to a personal line of credit. The credit limit and interest rate will be based on your business’s revenue, credit score and financial history.
Equipment financing: If you need to purchase expensive equipment for your business, you can finance it with a loan or lease.
Small Business Administration (SBA) microloans: Microloans are up to $50,000 loans that can be used for working capital, inventory or supplies and machinery or equipment.
Grants: The federal government offers grants for businesses that promote innovation, export growth or are located in historically disadvantaged areas. You can also find grants through local and regional organizations.
Crowdfunding: With crowdfunding , you can raise money from a large group of people by soliciting donations or selling equity in your company.

Choose the right funding source for your business by considering the amount of money you need, the time frame for repayment and your tolerance for risk.

Best Small Business Loans
Best Startup Business Loans
Best Business Loans for Bad Credit
Business Loan Calculator
Average Business Loan Rates
How To Get a Business Loan

You need to have insurance for your business , even if it’s a home-based business or you don’t have any employees. The type of insurance you need depends on your business model and what risks you face. You might need more than one type of policy, and you might need additional coverage as your business grows. In most states, workers’ compensation insurance is required by law if you have employees.

Work With an Agent To Get Insured

An insurance agent can help determine what coverages are appropriate for your business and find policies from insurers that offer the best rates. An independent insurance agent represents several different insurers, so they can shop around for the best rates and coverage options.

Basic Types of Business Insurance Coverage

Liability insurance protects your business against third-party claims of bodily injury, property damage and personal injury such as defamation or false advertising.
Property insurance covers the physical assets of your business, including your office space, equipment and inventory.
Business interruption insurance pays for the loss of income if your business is forced to close temporarily due to a covered event such as a natural disaster.
Product liability insurance protects against claims that your products caused bodily injury or property damage.
Employee practices liability insurance covers claims from employees alleging discrimination, sexual harassment or other wrongful termination.
Workers’ compensation insurance covers medical expenses and income replacement for employees who are injured on the job.
Best Small Business Insurance
Best Commercial Auto Insurance
How To Get Product Liability Insurance
Your Guide to General Liability Insurance
13 Types of Small Business Insurance

Business tools can help make your life easier and make your business run more smoothly. The right tools can help you save time, automate tasks and make better decisions.

Consider the following tools in your arsenal:

Accounting software : Track your business income and expenses, prepare financial statements and file taxes. Examples include QuickBooks and FreshBooks.
Customer relationship management (CRM) software : This will help you manage your customer relationships, track sales and marketing data and automate tasks like customer service and follow-ups. Examples include Zoho CRM and monday.com.
Project management software : Plan, execute and track projects. It can also be used to manage employee tasks and allocate resources. Examples include Airtable and ClickUp.
Credit card processor : This will allow you to accept credit card payments from customers. Examples include Stripe and PayPal.
Point of sale (POS) : A system that allows you to process customer payments. Some accounting software and CRM software have POS features built-in. Examples include Clover and Lightspeed.
Virtual private network (VPN) : Provides a secure, private connection between your computer and the internet. This is important for businesses that handle sensitive data. Examples include NordVPN and ExpressVPN.
Merchant services : When customers make a purchase, the money is deposited into your business account. You can also use merchant services to set up recurring billing or subscription payments. Examples include Square and Stripe.
Email hosting : This allows you to create a professional email address with your own domain name. Examples include G Suite and Microsoft Office 365.

Many business owners spend so much money creating their products that there isn’t a marketing budget by the time they’ve launched. Alternatively, they’ve spent so much time developing the product that marketing is an afterthought.

Create a Website

Even if you’re a brick-and-mortar business, a web presence is essential. Creating a website doesn’t take long, either—you can have one done in as little as a weekend. You can make a standard informational website or an e-commerce site where you sell products online. If you sell products or services offline, include a page on your site where customers can find your locations and hours. Other pages to add include an “About Us” page, product or service pages, frequently asked questions (FAQs), a blog and contact information.

Optimize Your Site for SEO

After getting a website or e-commerce store, focus on optimizing it for search engines (SEO). This way, when a potential customer searches for specific keywords for your products, the search engine can point them to your site. SEO is a long-term strategy, so don’t expect a ton of traffic from search engines initially—even if you’re using all the right keywords.

Create Relevant Content

Provide quality digital content on your site that makes it easy for customers to find the correct answers to their questions. Content marketing ideas include videos, customer testimonials, blog posts and demos. Consider content marketing one of the most critical tasks on your daily to-do list. This is used in conjunction with posting on social media.

Get Listed in Online Directories

Customers use online directories like Yelp, Google My Business and Facebook to find local businesses. Some city halls and chambers of commerce have business directories too. Include your business in as many relevant directories as possible. You can also create listings for your business on specific directories that focus on your industry.

Develop a Social Media Strategy

Your potential customers are using social media every day—you need to be there too. Post content that’s interesting and relevant to your audience. Use social media to drive traffic back to your website where customers can learn more about what you do and buy your products or services.

You don’t necessarily need to be on every social media platform available. However, you should have a presence on Facebook and Instagram because they offer e-commerce features that allow you to sell directly from your social media accounts. Both of these platforms have free ad training to help you market your business.

Best Website Builders
How To Make a Website for Your Business
The Best E-Commerce Platforms
Best Blogging Platforms
Best Web Hosting Services

To scale your business, you need to grow your customer base and revenue. This can be done by expanding your marketing efforts, improving your product or service, collaborating with other creators or adding new products or services that complement what you already offer.

Think about ways you can automate or outsource certain tasks so you can focus on scaling the business. For example, if social media marketing is taking up too much of your time, consider using a platform such as Hootsuite to help you manage your accounts more efficiently. You can also consider outsourcing the time-consumer completely.

You can also use technology to automate certain business processes, including accounting, email marketing and lead generation. Doing this will give you more time to focus on other aspects of your business.

When scaling your business, it’s important to keep an eye on your finances and make sure you’re still profitable. If you’re not making enough money to cover your costs, you need to either reduce your expenses or find ways to increase your revenue.

Build a Team

As your business grows, you’ll need to delegate tasks and put together a team of people who can help you run the day-to-day operations. This might include hiring additional staff, contractors or freelancers.

Resources for building a team include:

Hiring platforms: To find the right candidates, hiring platforms, such as Indeed and Glassdoor, can help you post job descriptions, screen résumés and conduct video interviews.
Job boards: Job boards such as Craigslist and Indeed allow you to post open positions for free.
Social media: You can also use social media platforms such as LinkedIn and Facebook to find potential employees.
Freelance platforms: Using Upwork, Freelancer and Fiverr can help you find talented freelancers for one-time or short-term projects. You can also outsource certain tasks, such as customer service, social media marketing or bookkeeping.

You might also consider partnering with other businesses in your industry. For example, if you’re a wedding planner, you could partner with a florist, photographer, catering company or venue. This way, you can offer your customers a one-stop shop for all their wedding needs. Another example is an e-commerce store that partners with a fulfillment center. This type of partnership can help you save money on shipping and storage costs, and it can also help you get your products to your customers faster.

To find potential partnerships, search for businesses in your industry that complement what you do. For example, if you’re a web designer, you could partner with a digital marketing agency.

You can also search for businesses that serve the same target market as you but offer different products or services. For example, if you sell women’s clothing, you could partner with a jewelry store or a hair salon.

Best Recruiting Software
How To Hire Employees
Where To Post Jobs
Best Applicant Tracking Systems

To rank the best states to start a business in 2024, Forbes Advisor analyzed 18 key metrics across five categories to determine which states are the best and worst to start a business in. Our ranking takes into consideration factors that impact businesses and their ability to succeed, such as business costs, business climate, economy, workforce and financial accessibility in each state. Check out the full report .

Starting a small business takes time, effort and perseverance. But if you’re willing to put in the work, it can be a great way to achieve your dreams and goals. Be sure to do your research, create a solid business plan and pivot along the way. Once you’re operational, don’t forget to stay focused and organized so you can continue to grow your business.

How do I start a small business with no money?

There are several funding sources for brand-new businesses and most require a business plan to secure it. These include the SBA , private grants, angel investors, crowdfunding and venture capital.

What is the best business structure?

The best business structure for your business will depend entirely on what kind of company you form, your industry and what you want to accomplish. But any successful business structure will be one that will help your company set realistic goals and follow through on set tasks.

Do I need a business credit card?

You don’t need one, but a business credit card can be helpful for new small businesses. It allows you to start building business credit, which can help you down the road when you need to take out a loan or line of credit. Additionally, business credit cards often come with rewards and perks that can save you money on business expenses.

Do I need a special license or permit to start a small business?

The answer to this question will depend on the type of business you want to start and where you’re located. Some businesses, such as restaurants, will require a special permit or license to operate. Others, such as home daycare providers, may need to register with the state.

How much does it cost to create a business?

The cost of starting a business will vary depending on the size and type of company you want to create. For example, a home-based business will be less expensive to start than a brick-and-mortar store. Additionally, the cost of starting a business will increase if you need to rent or buy commercial space, hire employees or purchase inventory. You could potentially get started for free by dropshipping or selling digital goods.

How do I get a loan for a new business?

The best way to get a loan for a new business is to approach banks or other financial institutions and provide them with a business plan and your financial history. You can also look into government-backed loans, such as those offered by the SBA. Startups may also be able to get loans from alternative lenders, including online platforms such as Kiva.

Do I need a business degree to start a business?

No, you don’t need a business degree to start a business. However, acquiring a degree in business or a related field can provide you with the understanding and ability to run an effective company. Additionally, you may want to consider taking some business courses if you don’t have a degree to learn more about starting and running a business. You can find these online and at your local Small Business Administration office.

What are some easy businesses to start?

One of the easiest businesses to start also has the lowest overhead: selling digital goods. This can include items such as e-books, online courses, audio files or software. If you have expertise in a particular area or niche, this is a great option for you. Dropshipping is also a great option because you don’t have to keep inventory. You could also buy wholesale products or create your own. Once you create your product, you can sell it through your own website or third-party platforms such as Amazon or Etsy.

What is the most profitable type of business?

There is no one answer to this question because the most profitable type of business will vary depending on a number of factors, such as your industry, location, target market and business model. However, some businesses tend to be more profitable than others, such as luxury goods, high-end services, business-to-business companies and subscription-based businesses. If you’re not sure what type of business to start, consider your strengths and interests, as well as the needs of your target market, to help you choose a profitable business idea.

Best Registered Agent Services
Best Trademark Registration Services
Top LegalZoom Competitors
Best Business Loans
Best Business Plan Software
ZenBusiness Review
LegalZoom LLC Review
Northwest Registered Agent Review
Rocket Lawyer Review
Inc. Authority Review
Rocket Lawyer vs. LegalZoom
Bizee Review (Formerly Incfile)
Swyft Filings Review
Harbor Compliance Review
Sole Proprietorship vs. LLC
LLC vs. Corporation
LLC vs. S Corp
LLP vs. LLC
DBA vs. LLC
LegalZoom vs. Incfile
LegalZoom vs. ZenBusiness
LegalZoom vs. Rocket Lawyer
ZenBusiness vs. Incfile
How to Set Up an LLC
How to Get a Business License
LLC Operating Agreement Template
501(c)(3) Application Guide
What is a Business License?
What is an LLC?
What is an S Corp?
What is a C Corp?
What is a DBA?
What is a Sole Proprietorship?
What is a Registered Agent?
How to Dissolve an LLC
How to File a DBA
What Are Articles Of Incorporation?
Types Of Business Ownership

Next Up In Business

Best Online Legal Services
How To Write A Business Plan
How To Start A Candle Business
Starting An S-Corp
LLC Vs. C-Corp
How Much Does It Cost To Start An LLC?
How To Start An Online Boutique
Most Recession-Proof Businesses In 2024

How To Start A Print On Demand Business In 2024

HR For Small Businesses: The Ultimate Guide

How One Company Is Using AI To Transform Manufacturing

Not-For-Profit Vs. Nonprofit: What’s The Difference?

How To Develop an SEO Strategy in 2024

How To Make Money On Social Media in 2024

Katherine Haan is a small business owner with nearly two decades of experience helping other business owners increase their incomes.

IMAGES

Five Core Steps of the Risk Management Process
Risk Assessment Methodology Steps
Quality Risk Management: A Proven 4-Step Process
Risk management methodology
Risk Management
The formal risk management cycle.

VIDEO

Project Risk Analysis: Introduction to Project Risk Mitigation and Risk Response Planning
By Priya choudhary -Advanced Risk management in servicenow
Choosing an RBI Risk Methodology
Why Insurance Companies Reject Claims ? The Video discusses the reasons of claims rejection
MS Project Management Research Methodology Lecture 2 -Szabist Islamabad
Introduction to Risk Management

COMMENTS

Risk Assessment and Analysis Methods: Qualitative and Quantitative
A risk assessment determines the likelihood, consequences and tolerances of possible incidents. "Risk assessment is an inherent part of a broader risk management strategy to introduce control measures to eliminate or reduce any potential risk- related consequences." 1 The main purpose of risk assessment is to avoid negative consequences related to risk or to evaluate possible opportunities.
Risk assessment and risk management: Review of recent advances on their
Risk assessment and management was established as a scientific field some 30-40 years ago. Principles and methods were developed for how to conceptualise, assess and manage risk. These principles and methods still represent to a large extent the foundation of this field today, but many advances have been made, linked to both the theoretical ...
Beyond probability-impact matrices in project risk management: A
This process forms part of the general Risk Management process and is divided into two subprocesses: qualitative and quantitative risk analyses (Project Management Institute, 2017).
(PDF) Risk assessment and risk management: Review of ...
Risk assessment and management was established as a scientific field some 30-40 years ago. Principles and methods were developed for how to conceptualise, assess and manage risk.
A holistic approach to risk management
To change this picture, leadership must commit to building robust, effective risk management. The project is three-dimensional: 1) the risk operating model, consisting of the main risk management processes; 2) a governance and accountability structure around these processes, leading from the business up to the board level; and 3) best-practice crisis preparedness, including a well-articulated ...
Risk Management Articles, Research, & Case Studies
by Carolin E. Pflueger, Emil Siriwardane, and Adi Sunderam. This paper sheds new light on connections between financial markets and the macroeconomy. It shows that investors' appetite for risk—revealed by common movements in the pricing of volatile securities—helps determine economic outcomes and real interest rates.
PDF WHO Guidance on Research Methods for Health Emergency and Disaster Risk
WHO guidance on research methods for health emergency and disaster risk management, revised 2022 Editors and contributors WHO wishes to recognize particularly the following experts for their technical and coordination contributions to the Guidance (in alphabetical order): Content editors Ryoma Kayano, Virginia Murray, Mike Clarke, Emily Y.Y. Chan.
Narratives of Project Risk Management: From Scientific Rationality to
It is further widely accepted that the actuality of risk management invariably differs from current mainstream prescriptions (Olechowski et al., 2016; Papke-Shields et al., 2010; Taylor, 2006; Kutsch & Hall, 2009).There nevertheless remains a paucity of research that explores the reasons for this widely observed variance between theory and practice.
Managing Risk
Managing Risk. Risk is part of all kinds of activities. Doing research carries risks characteristic of all projects which require adequate time, money and quality in the final product. Some of these overlap with ethical issues, such as ensuring that people who participate in your research aren't exposed to unnecessary harm and ensuring that ...
Project Risk Management Methodology
Risk management is the only way to get project approval because it presents risks as clearly identified and therefore controlled. The goal of creating a methodology is to increase the confidence of quantifying project risk assessment and speed up decision-making by creating a risk management methodology.
Research on Risk Management of Scientific Research Projects
The characteristics of scientific research projects determine that there are more uncertainties in project risks. In addition to common risks such as contracts, taxes and funds, more attention should be paid to the risks of time, technology, member change, coordination and target change, so that professional project managers can participate in project risk management as soon as possible.
The Different Types of Risk Assessment Methodologies
Types of Risk Assessment Methodologies. Risk assessments can be either of two types: quantitative or qualitative. Quantitative risk refers to the numerical value of the probability and potential impact of a threat. This type of risk assessment requires data collection and statistical analysis to arrive at those numbers.
Research Methods in Quantitative Finance and Risk Management
Econometric models are the necessary research tools in the research of quantitative finance and risk management. The major econometric methods used in the modern finance research include but not limited to the following subjects: linear regression models, time series modeling, multiple equations models, generalized methods of moments, and panel ...
What Is Risk Management & Why Is It Important?
4 Reasons Why Risk Management Is Important. 1. Protects Organization's Reputation. In many cases, effective risk management proactively protects your organization from incidents that can affect its reputation. "Franchise risk is a concern for all businesses," Simons says in Strategy Execution. "However, it's especially pressing for ...
Risk management methodology in the supply chain: a case ...
This work provides a general risk management procedure applied to synchronized supply chains. After conducting a literature review and taking the international standard ISO 28000 and ISO 31000 as a reference. The most important steps that enable organizations to carry out supply chain risk management are described. Steps such as defining the context, identifying and analyzing risks or avoiding ...
Managing risk and uncertainty in research projects with experiments
Techniques for managing risks according to the management process, the phase of the project life cycle and risk maturity in the organisation (adapted from: Cagliano et al. (2015, p. 243-244) and ...
Risk Management 101: Process, Examples, Strategies
The six risk management process steps that we've outlined below will give you and your organization a starting point to implement or improve your risk management practices. In order, the risk management steps are: Risk identification. Risk analysis or assessment. Controls implementation.
Research Methodology for Quality and Risk Management in Logistics
All the principles and methods of building management systems and the comparative analysis between different objects are also applied in the chapter. In addition to the listed main methods, the principles of quality and risk management required by the international standard ISO 9000: 2015 and ISO 31000 have been applied.
How About Safety and Risk Management in Research and Education?
This methodology is mainly process oriented and does not satisfy the global approach of how global safety management process should be implemented in a research or teaching dedicated environment. Eguna et al. [8] presented some comments about the management of chemical laboratories in developing countries.
(PDF) Risk Management approach
Abstract. The choice of methodology and activities for risk management can be succeed only if the role of risk in the project is properly understood. First, it is important to understand that risk ...
Understanding Risk in Research
Understanding Risk in Research. Assessing risk in a research study is one of the primary responsibilities of an IRB and one of its most controversial tasks. By nature, studying human beings is a complicated process because the subject matter itself is complicated. The level of risk can vary because of many factors including: the population ...
Chronic stress puts your health at risk
Stress management. Chronic stress puts your health at risk. Chronic stress can wreak havoc on your mind and body. Take steps to control your stress. By Mayo Clinic Staff. Your body is made to react to stress in ways meant to protect you against threats from predators and other aggressors. Such threats are rare today.
Long COVID or Post-COVID Conditions
Research suggests that people who get a COVID-19 infection after vaccination are less likely to report Long COVID, compared to people who are unvaccinated. CDC, other federal agencies, and non-federal partners are working to identify further measures to lessen a person's risk of developing Long COVID.
Browse journals and books
The Nuclear Research Foundation School Certificate Integrated, Volume 1. Book ... Testing, Engineering, and Management Tools for Lean Development. Book • 2004. Accelerating MATLAB with GPU Computing. A Primer with Examples. ... Achieve Lasting Process Improvement. Reach Six Sigma Goals without the Pain. Book • 2002. Achievements in the Life ...
A Systematic Analysis of Systems Approach and Flood Risk Management
Flooding is a global threat, necessitating a comprehensive management approach. Due to the complexity of managing flood hazards and risks, researchers have advocated for holistic, comprehensive, and integrated approaches. This study, employing a systems thinking perspective, assessed global flood risk management research trends, gaps, and opportunities using 132 published documents in BibTeX ...
Part 1: The Connection Between Substance Use Disorders and Mental
Many individuals who develop substance use disorders (SUD) are also diagnosed with mental disorders, and vice versa. 2,3 Although there are fewer studies on comorbidity among youth, research suggests that adolescents with substance use disorders also have high rates of co-occurring mental illness; over 60 percent of adolescents in community-based substance use disorder treatment programs also ...
(PDF) Process of Risk Management
Risk Management is the ide ntification, evaluation, and prioritization o f risks followed b y coordinat ed. and an economical application of resources to minimise, monit or, and control the pro ...
Sustainable Investing: ESG Ratings
MSCI ESG Ratings aim to measure a company's management of financially relevant ESG risks and opportunities. We use a rules-based methodology to identify industry leaders and laggards according to their exposure to ESG risks and how well they manage those risks relative to peers. Our ESG Ratings range from leader (AAA, AA), average (A, BBB, BB ...
Research on risk management methods for power operation data oriented
In order to improve the security of power operation data, a risk management method for multi scenario data is proposed. Based on blockchain technology, a power operation data storage model was constructed, and a data risk management model was constructed using federated reinforcement learning algorithm. Through this model, risk management processing was implemented on the data. It can be seen ...
How To Start A Business In 11 Steps (2024 Guide)
The best way to accomplish any business or personal goal is to write out every possible step it takes to achieve the goal. Then, order those steps by what needs to happen first. Some steps may ...


	$500 for the first month
	40 cents per birdhouse
	$1.50
	$500/($1.50 - 40 cents)

Home / Resources / ISACA Journal / Issues / 2021 / Volume 2 / Risk Assessment and Analysis Methods

Qualitative and Quantitative Risk Analysis Techniques

THE MOST COMMON PROBLEM IN QUANTITATIVE ASSESSMENT IS THAT THERE IS NOT ENOUGH DATA TO BE ANALYZED.

USING BOTH APPROACHES CAN IMPROVE PROCESS EFFICIENCY AND HELP ACHIEVE DESIRED SECURITY LEVELS.

Volkan Evrin, CISA, CRISC, COBIT 2019 Foundation, CDPSE, CEHv9, ISO 27001-22301-20000 LA

Beyond probability-impact matrices in project risk management: A quantitative methodology for risk prioritisation

Similar content being viewed by others

A case study on the relationship between risk assessment of scientific research projects and related factors under the Naive Bayesian algorithm

Compound Matrix-Based Project Database (CMPD)

Risk identification approaches and the number of risks identified: the use of work breakdown structure and business process

Literature review

Risk management methodologies and standards

Probability-impact matrix

Methodology

Project description

Results and discussion

Conclusions

Data availability

Acknowledgements

Author information

Contributions

Corresponding author

Ethics declarations

Ethical approval

Informed consent

Additional information

Supplementary information

About this article

Share this article

Quick links

Value and resilience through better risk management

Stay current on your favorite topics

The role of the board and senior executives

A long way to go

A sectoral view of risks

Toward proactive risk management

Strategic decision making

Debiasing and stress-testing

Higher-quality products and safety standards

Comprehensive operative controls

Stronger ethical and societal standards

The three dimensions of effective risk management

Would you like to learn more about our Risk Practice ?

1. Developing an effective risk operating model

Finding the right level of risk appetite

2. Toward robust risk governance, organization, and culture

3. Crisis preparedness and response

Explore a career with us

The business logic in debiasing

Are you prepared for a corporate crisis?

Nonfinancial risk today: Getting risk and the business aligned

Managing Risk

Share This Book

Research on Risk Management of Scientific Research Projects

New Citation Alert added!

New Citation Alert!

ICEME '19: Proceedings of the 2019 10th International Conference on E-business, Management and Economics

Business Insights

What Is Risk Management & Why Is It Important?

What Is Risk Management?

4 Reasons Why Risk Management Is Important

2. Minimizes Losses

3. Encourages Innovation and Growth

4. Enhances Decision-Making

Start Managing Your Organization's Risk

About the Author

Risk Management 101: Process, Examples, Strategies

What Are Risks?

What Different Types of Risks Are There?

Strategic Risk

Compliance Risk

Financial Risk

Operational Risk

Reputational Risk

Security Risk

Quality Risk

Steps in the Risk Management Process

Step 1: Risk Identification

Step 2: Risk Analysis or Assessment

Step 3: Controls Assessment and Implementation