# The impact of enterprise risk management on the performance of companies in transition countries: Serbia case study

## Marija Panić, Milica Veličković, Danijela Voza, Živan Živković and Zuzana Virglerová

#### Need to know

• A theoretical model has developed on the basis of seven hypotheses.
• The influence of business risks on the performance of Serbian companies was examined.
• The impact of business risks on the risk of loss of market position was determined.

#### Abstract

The market position of a company influences its performance. In hazard conditions, all the factors that determine a company’s market position and business are exposed to risk. An effective program of enterprise risk management (ERM) decreases the level of risk and improves company performance. ERM is a process that identifies and evaluates all potential losses that can occur in business organizations and selects techniques that can handle and prevent such losses in accordance with the requirements of International Standard ISO 31000. In this paper, seven hypotheses are defined, on the basis of which a theoretical model is developed to examine how different sources of enterprise risk affect the operational performance of Serbian companies and their risk of losing market position.

## 1 Introduction

Effective risk management is considered a major competitive advantage that guarantees the survival and success of a company in a very uncertain business environment (Bartram 2000). Bearing in mind that an inadequate risk management system can become a social problem, as the global financial crisis in 2008 showed, recommendations were made by the Organisation for Economic Co-operation and Development (OECD) and the European Commission to introduce changes to inadequate existing systems (OECD 2009). As a result, many organizations have shifted from traditional risk management (TRM), which involves the individual treatment of risk factors without taking into account their possible correlation, to enterprise risk management (ERM), a corporate risk management system that examines all risks simultaneously and evaluates the overall exposure of the organization to all possible risks (Hoyt and Liebenberg 2011). The ERM process requires top management to identify and assess the overall risk that can affect the value of the firm, address individual risks via an effective business strategy and establish a risk management strategy (Meulbroek 2005). The main objective of ERM is to maximize shareholder value (Casualty Actuarial Society 2003; Committee of Sponsoring Organizations of the Treadway Commission 2004; Pagach and Warr 2011; Hoyt and Liebenberg 2011).

Unfortunately, at the beginning of the twenty-first century only a small number of organizations recognized the importance of the ERM approach, and most of them refused to introduce it. On the other hand, most of the companies that introduced the ERM process did so because they were forced to by auditors, credit rating agencies or other authorities. What position ERM has within an organization depends on the top manager’s attitude regarding this issue. If they see the ERM as a strategic function, then it will be headed by a chief risk officer (CRO). The CRO submits reports to the chief financial officer (CFO) or chief executive officer (CEO), and in some companies the CRO reports directly to the board of directors (Lam 2000). Daud et al (2012) examined the relationship between the quality of the CRO and level of ERM in Malaysia; they focused on the level of ERM adopted in Malaysian companies and on the importance of the CRO in ERM implementation. Their results showed that only 43% of the companies investigated had a complete ERM program and, significantly, that the CRO plays a very important role in the adoption of ERM in companies.

International Standard ISO 31000:2009 aims to support firms in their development and implementation of a risk management strategy. It identifies eleven principles for effective ERM. According to this standard, ERM should: create value; be an integral part of all processes; be integrated in the decision-making process; explicitly examine uncertainty; be systematic, structured and timely; rely on the best available information; be adapted to specific needs; take into account human and cultural factors; be transparent and inclusive; respond to changes; and enable continuous improvement (International Standards Organization 2009a,b). The ISO 31000 framework emphasizes the integration of risk management into a firm’s value chain management in order to support decision making (International Standards Organization 2009a,b).

In many companies, it has become very clear that the application of this standard has huge benefits in both financial and operational terms (Corbett et al 2002). In addition to ISO 31000, some of the most important standards are ISO 9000 (for quality) and ISO 14000 (for environmental protection) (Corbett et al 2002).

The purpose of introducing the ERM becomes even more obvious in the context of the overall strategy of the organization: it is a process that provides greater certainty to top management that their long- and short-term plans will be met. The relationship between ERM and strategic planning is straightforward. Long-term planning results are inherently uncertain. These plans are often prone to changes that arise as a result of external factors (political, economic and social) in combination with the organization’s internal abilities to resist them successfully.

The structure of this paper is as follows. In Section 2, the importance of ERM and each group of sources of business risk are discussed. A theoretical model was constructed to examine the influence of various sources of business risk on operational business and the risk to Serbian companies of losing their market position. This is covered in Section 3. Seven hypotheses are posited according to the theoretical model. The results of exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) for the measurement model are presented in Section 4 and the model is verified. In Section 5, the main conclusions of our research are stated.

## 2 Literature review and research model

Despite there being numerous articles that deal with ERM, there is still a lack of scientific research on this topic. Moreover, these ERM studies have mainly been published in journals on accounting and finance and rarely appear in management journals. In addition to Miller (1993) and Miller and Waller (2003), a small number of management scientists have studied an integrated risk management approach. Colquitt et al (1999) were some of the first to examine “integrated risk management”, while studies in which ERM was mentioned for the first time appeared a few years later. The empirical research on ERM was, by necessity, protracted, so numerous practical concepts could not be investigated. The literature mostly includes the analysis of four risk types: financial risk, hazard risk, operational risk and strategy risk (D’Arcy and Brogan 2001; Cassidy 2005).

The study by Kleffner et al (2003) could be considered as pioneering in the field of ERM. This research was conducted in Canada in 2001, and included 336 respondents who worked as risk managers in public companies. Managers from 118 companies (35%) answered the survey, of which 31% (37 respondents) had already adopted ERM, 29% (34 respondents) were thinking about the possibility of ERM implementation and 40% (47 respondents) were not interested in the concept at all.

Some of the literature investigates the characteristics of risk management activities in a company. Liebenberg and Hoyt (2003) concluded that strong organizations had established a CRO position, which is an indicator of a company’s efforts to achieve effective risk management. They also aimed to identify the factors that encourage companies to implement ERM. They split these into two groups: internal factors (maximizing stockholders’ profit) and external factors (globalization, corporate management and technological progress). Their results highlighted the importance of CROs in the process of ERM implementation. Hoyt and Liebenberg continued to study ERM issues through the analysis of determinants and improvement of implementation models (see Hoyt and Liebenberg 2011).

Sprčić et al (2015) developed an ERM index for evaluating ERM processes’ quality level, which could serve as an indicator of the practice of ERM in Croatian companies. Their results indicated ERM processes in the companies analyzed are low quality and showed that managers focus on the identification and elimination of financial and operational risks, and pay little attention to strategic and other risks.

Quon et al (2012) studied the relationship between ERM and performance for 156 nonfinancial companies during 2007 and 2008. They chose this period because of the financial crisis that occurred in 2008 and the economic recession that followed. In this research, fourteen types of risk – subcategories of financial, business and operational risks – were analyzed. The study concluded that the estimated level of economic or market risk is not connected to organizational performance.

Previous studies did not focus sufficiently on the differences in ERM between companies. Mikes (2009) recognized the heterogeneity in understanding and implementation of the ERM concept, depending on whether an organization uses quantitative or qualitative measures in risk analysis.

Yusuwan et al (2008) studied risk management systems in companies in Malaysia. Their main conclusions were that risk management has a positive impact on productivity, performance, quality and budgeting of projects and is very useful in projects connected with new technologies as well as in companies operating under unstable political conditions.

### 2.1 Economic conditions

Economic conditions can affect organizations in different ways. Therefore, the main attention of businesses should be directed toward their economic policy. Economic progress, especially in developing countries, is conditioned by the survival of small and medium-sized enterprises (Mura and Ključnikov 2018). Changes on the international financial market require continuous risk assessment to enable organizations to operate effectively and remain competitive (Kot and Dragon 2015); this can be facilitated by ERM. However, the latest study conducted in Romania concluded that ERM does not have a significant effect on the market value of a company during economic and financial crises (Anton 2018). In order to take full advantage of the benefits of ERM, managers must be familiar with the risks, trends and conditions of the national economy, and identify threats and opportunities that arise from the national fiscal and monetary policies (Kehinde et al 2017). Financial and economic risks that prevail in the environment are: interest rate, inflation, loan availability, exchange rate, the state of the national and global economy, the state of the labor market, losses incurred as a result of natural disasters (including bad weather conditions) and other accidents (Saeidi et al 2015).

In order to evaluate business efficiency, the costs of raw materials and energy should be taken into account as well as real wages (Guselbaeva and Pachkova 2015). During a period of destabilization, most companies try to reduce their costs. According to the research conducted for McKinsey Quarterly, 79% of the corporations analyzed reduced costs as a reaction to the financial crisis, but only 53% of the managers from those companies considered this measure to be successful (Heywood et al 2009).

In practice, the amount of risk premium expected by investors is determined not only by the level of uncertainty associated with cashflow forecasts, but also by an investor’s risk appetite (Sierpińska and Jachna 2004). Stulz (2002) pointed out that a reduction of risk increases value for shareholders, no matter what contributes to the disruption of ideal market conditions. More specifically, a company’s value will increase if managers are able to reduce the company’s exposure to specific risks and to implement a risk management system in the business function. However, according to the research by Sprčić et al (2016), investors’ perception of a particular company mostly depends on whether the company has implemented an integrated risk management system, rather than how long it has been in place or how consistently it is followed up. According to Mazánková and Němec (2007), all risks connected with the market or credit activities (fraud, exceeding trading limits, legal shortcomings in the contractual guarantees of receivables, damage caused by inadequate preparation of new products, program shortcomings, valuation errors, etc) are subject to operational risk monitoring.

Based on the above facts, we can state the following hypothesis.

• (H1)

Stable economic conditions have a positive impact on the operational performance of a company.

### 2.2 Financial performance

Company performance is often thought of as financial performance, while other dimensions are neglected. However, modern approaches to risk management are multidimensional and imply all levels of impact on operational risks (eg, prevention of production losses, analysis of specific financial risks). The causes of operational risk are connected to the financial results of a company (Mazánková and Němec 2007), but it is still unclear whether such operational risks have a measurable influence on overall financial performance (Kopia et al 2017).

Korcsmáros (2018) and Mwaniki (2006) consider that small and medium-sized enterprises are exposed to risks due to: a lack of financial resources, poor accounting systems, obsolete technology, inexperience, political instability, insufficient capital, lack of managerial and entrepreneurial capacities and underuse of existing capacities. The quality of the integrative risk management is reflected in a company’s reputation, which is, according to numerous studies, connected to its financial success (Kot and Dragon 2015). Research by Florio and Leoni (2017) indicates that organizations with a high level of integrative risk management implementation are characterized by better financial performance and market value.

Based on the above facts, we can state the following hypothesis.

• (H2)

Good financial performance has a positive impact on the operational performance of a company.

### 2.3 Human resources

When it comes to risk management, the focus is mainly on financial and material risks. Human resources and their associated risks are often much neglected, with the exception of the health and safety of workers (Becker and Smidt 2016; Meszaros 2018). However, employees have a dual role in risk management: they can appear as a source of risk, but they are very important in solving risky situations and keeping risk factors under control.

Based on a literature review, it has been concluded that there are eight types of risk related to human resources: health and wellbeing of employees (Dewlaney and Hallowell 2012), productivity (Demerouti et al 2009), financial risks (Leaver and Reader 2016), employee turnover (Glambek et al 2014), reputation (Kayes et al 2007), legal problems, innovation (Ballinger et al 2011) and absenteeism (Battisti and Vallanti 2013). Dunjó et al (2010) considered possible dangerous situations caused by human error. These primarily refer to situations that can be viewed as an interaction between human activities (eg, accidents that can be prevented by better training or instruction, better working methods or better design). In addition, Baybutt (2002) points out that between 50% and 90% of operational risks are due to human error.

Both in the literature and in practice, the importance of human resources for company performance is finally being recognized (Karabašević et al 2018), and more attention is being paid to human resources when defining a risk management strategy. Therefore, when defining such a strategy, it is very important to involve employees as one of the basic factors that can cause operational losses. In order to fully understand the way in which human resources management and risk management are related, we must first understand what the human resource management function implies.

Based on the above facts, we can state the following hypothesis.

• (H3)

Human resources management practice has a positive impact on the operational performance of the company.

### 2.4 Data security and asset management

Organizations face a large number of different risks. However, one of the most difficult risks to mitigate is fraud; this can not only cause potential stagnation in production, due to the need to first solve legal issues related to its occurrence, but also completely jeopardize the financial situation of the company.

Organizations are open to several sources of fraud: consumers, employees and the internet (Hess and Cottrell 2016). Consumers can steal merchandise, pay with checks without funds, or – with false complaints – cause losses and reduce an organization’s performance. Employees, on the other hand, can be motivated to commit fraud by either greed or need, but they can rationalize their actions in such a way that they actually “earned it” through their work. Finally, criminals take advantage of organizations’ inadequate data protection measures to obtain consumer data from both small and large organizations. They do this most often through software attacks, but it is not unusual to use employees in the organization who provide them with the information they need.

Organizations are becoming more aware that data security is a very important aspect of their business strategy. Increased awareness regarding this issue has led many organizations to apply data security management to identify sources of risk and introduce measures for their control or elimination (Shamala et al 2017). Data and information security is generally under the control of the company, although this is not always the case. A study conducted by Ernst & Young (2011), which included 273 data security and IT managers in UK companies, showed that almost 70% of these companies had suffered major IT systems damage in the past year, and 30% of this damage occurred as a result of third-party actions, which shows that many companies do not pay attention to the risks that can come from their partners or customers. Therefore, we assume that if top management is able to decrease security risk, this would have a positive impact on the performance of an organization.

Based on the above facts, we can state the following hypothesis.

• (H4)

Data security and asset management have a positive impact on the operational performance of a company.

### 2.5 Legal issues

Exogenous factors, such as weather conditions, earthquakes, political, legal and market forces, are considered external risks (Handfield and McCormack 2007).

In many countries, state institutions (such as administrative, legislative and regulatory agencies) are very important factors for uncertainty in business operations. Regulatory, legal and bureaucratic risks are related to the implementation of procedures and policies in supply chains, and to the degree and frequency of changes in these policies. These include obtaining the necessary approvals for carrying out activities and operations in the supply chain (Wagner and Bode 2008). Administrative barriers (eg, customs, trade regulations) may limit operational performance in the supply chain. Policy changes are mostly unexpected and very difficult to accept. Nowadays, environmental legislation includes certain requirements that increase operating costs.

The security regulations of government agencies can impose more severe demands on companies and thus increase operating costs (Chopra and Sodhi 2004; Peck 2005). Even with the application of various strategies to reduce business costs, firms are forced to lobby with the government to mitigate such risk. Organizational policies and procedures can greatly reduce some risks, such as violations of rights, legal obligations and intellectual property issues (Finch 2004).

Due to its inability to meet high regulatory standards, a company may lose key suppliers, which could potentially affect the delivery of products or services to end-users. In addition, there are risks related to demand that can interrupt a company’s operational performance and reduce its ability to make products available to customers (Chopra and Sodhi 2004; Peck 2005).

Based on the above facts, we can state the following hypothesis.

• (H5)

Clear and consistent procedures and policies have a positive impact on the operational performance of a company.

The business performance of a company is influenced by how well its organizational resources fit into the business environment (Kim and Pae 2007). Technology is changing rapidly. Companies affected by changes must respond quickly. But, even so, in such an uncertain environment, a quick move in the wrong direction could be very expensive. Most companies do not have a consistent process to control the external environment they operate in, so they are unaware of all the risks they face.

In recent decades, almost all industries have faced globalization of the market and increased competition pressures in the business environment. These changes have forced firms to make their internal business processes and supply chains more efficient, eg, through outsourcing or offshoring many production and research and development activities, purchases in low-cost countries or stock reduction (Dul$\prime$ová Spišáková et al 2017).

Current trends in the evolution of trade, technology and the political system have the potential to greatly improve the welfare of the world. The globalization of trade in products, services and production factors has made it possible for the global community to exploit the benefits of global comparative advantages. Technology helps to accelerate innovations in eliminating major development constraints for many people. Political systems are increasingly open, creating the possibility of improving the governing authorities. In combination, these trends create a unique opportunity for social and economic development, poverty reduction and growth (Holzmann and Jørgensen 2001; Oláh et al 2018). In today’s business environment, there are many uncertainties in the operational performance of an organization. Many of these are unpredictable, happen suddenly and can have a significant impact on both the long- and short-term performance of a business organization (Tang 2006).

Based on the above facts, we can state the following hypothesis.

• (H6)

A stable business environment positively influences the operational performance of a company.

### 2.7 Operational performance

Turbulence in the markets mainly arises from heterogeneity and rapid changes in consumers’ characteristics and their priorities (Kandemir et al 2006). Consumers are constantly looking for new products, and new consumers generally have different product needs than those of existing customers. A company operating in a turbulent market has to change its products and access the market much more often (Kandemir et al 2006). Companies are looking for more efficient and effective ways to be competitive in emerging markets, where they face harsh competition. Networking has caused changes in the economic environment. Network structures need to be more flexible, as risks are shared between a group of companies (Veselovská et al 2018). Research in industrial networking highlights the importance of risk management in the effective management of supply risks (Harland et al 2003; Agrell et al 2004; Hallikas et al 2004). Supply risk management is still a relatively new field of research, and studies on this topic are scarce. Zsidisin (2003) defines supply risk as a multidimensional construction that depends on factors such as source, market characteristics and the inability to satisfy customer demand.

Disruptions affecting businesses anywhere in the supply chain can have a direct impact on the ability of a corporation to continue to operate, deliver finished products to the market or provide services to its customers (Jüttner 2005). Customers now have higher expectations in terms of delivery speed and quality of service, creating a challenge for a company to simultaneously maintain an efficient product flow and deliver on time (Lai and Lau 2012).

The risk of a loss of market position is the result of interruptions in “downstream” operations in the supply chain (Jüttner 2005). On the one hand, this implies disruptions in the physical distribution of products to the end-user, usually in transport (McKinnon 2006) and distribution networks. On the other hand, the risk of losing market position may arise from customer uncertainty and their unforeseen requests (Nagurney et al 2005). Companies are also exposed to a number of risks associated with “upstream” operations in the supply chain. These relate to purchases, suppliers, relationships with suppliers and supplier networks (Zsidisin et al 2000).

Based on the above facts, we can state the following hypothesis.

• (H7)

The operational performance of the company has a positive impact on the risk of losing market share.

By considering these hypotheses together, we created a theoretical model for examining the influence of various sources of business risk on operational performance and the risk of Serbian companies losing their market position (Figure 1).

As described in the previous section, significant efforts have been made to identify the main factors that influence the successful implementation of ERM in organizations, but most research relates mainly to developed countries, while there is very little data on ERM implementation in this part of Southeastern Europe. The motive for writing this paper was precisely the lack of ERM research in Serbia, as well as the insufficient representation and implementation of this concept in Serbian enterprises.

## 3 Methodology

In Serbia, unfortunately, the number of companies that has accepted risk management standards is very low. In this study, we identify a group of factors that have a positive impact on the operational performance of Serbian companies. Our main goal is to analyze the current situation in the area of risk management in small and medium-sized enterprises in Serbia, in order to emphasize the importance of risk management practice in a modern and turbulent environment. We discussed in Section 2 the most common risk factors as well as their impact on a company’s operational performance and the risk of Serbian companies losing their market position.

This paper is just one part of a huge quantitative research project being conducted in the V4 countries11 1 The Visegrád Four countries are the Czech Republic, Hungary, Poland and Slovakia. and Serbia. The survey, focusing on risk management in small and medium-sized enterprises, was completed in 2018. In Serbia, the survey covered a total of 332 business owners or individuals in charge of risk management in these companies. The entrepreneurs were selected using a random selection method (function “Randbetween”) from a specialized database of entrepreneurs from the Statistical Office of the Republic of Serbia (OP3C).

The data was collected through a standard two-part questionnaire, in the form of an online survey developed by the authors (see Appendix A online for an outline). The first part consisted of nine questions related to demographic data. The second part consisted of eight groups of questions related to the company’s risk management process and the process of identifying the most important business risks and their sources (causes). Respondents had to evaluate the impact each risk has on the operational performance of the company. To assess the answers, a five-point Likert scale was used, where $1$ means lowest impact, $3$ is neutral and $5$ means highest impact.

Based on the results obtained by descriptive statistics for questions in the first part of the survey, 55.3% of survey respondents were men. The majority of respondents were aged between 31 and 50 (59.9%), with a diploma of higher education (52.6%). Most companies in which the survey was conducted operate in Eastern Serbia (80.2%).

When it comes to the size of the companies, 52% were micro-enterprises, 27.4% were small enterprises and 20.1% were medium-sized enterprises. The majority of them operate in the field of trade (30.1%), while the rest are engaged in the provision of other services (19.5%), catering (16.1%) and industry (14.6%).

Regarding the age of the companies, as many as 47.4% had been operating for more than ten years, while only 2.4% of them had been in operation for less than a year. Based on the responses, it was found that 43 companies (13.1%) had been dealing with risk management for less than a year, 73 companies (22.2%) for between one and five years, and 36 companies (10.9%) for between five and ten years; 133 companies (40.4%) did not apply risk management at all.

To ensure the reliability and validity of the tested model, confirmatory factor analysis (CFA) was performed. Cronbach’s alpha test was used to check the internal consistency of data collection instruments (Cronbach 1951). The Kaiser–Meyer–Olkin (KMO) test was used in our measure of sampling adequacy (MSA) analysis.

## 4 Results and discussion

### 4.1 Descriptive statistics

In order to define the basic elements of the statistical set used for the research in this paper, standard statistical parameters (mean, standard deviation, frequency) for all eight question groups were calculated, as shown in Table 1.

### 4.2 Measurement of sample adequacy and structure validation

The value of the KMO indicator given by the MSA analysis for the sample considered was 0.904, and the minimum acceptable value of the KMO indicator is 0.60. Thus, we confirmed that the sample used in this paper is adequate and suitable for the application of factor analysis (Kaiser 1974; Cerny and Kaiser 1977).

In addition, Bartlett’s sphericity test showed that there were significant correlations between the question groups within the questionnaire (Hair et al 2006). The values obtained for this test were $\chi^{2}=151{.}601$, $\mathrm{df}=6$ and $p=0{.}000$, where “df” denotes the degrees of freedom.

### 4.3 Validation of the theoretical model

The validation of the theoretical model for examining the impact of various sources of business risk on operational performance and the risk of Serbian companies losing their market position (Figure 1) was carried out using the SPSS 25.0 and LISREL 8.8 software packages by applying statistical factor analysis. This analysis confirmed the one-dimensionality of all eight groups of latent variables in the observed model, based on principal component analysis (PCA (Kingir and Mesci 2010)). The results of the factor analysis are shown in Table 2, from which values for the percentage of variance can be seen; this is explained by the one-dimensional factor for each group of questions and the load factor values obtained. The minimum acceptable load factor is 0.3, and the load factor values obtained confirm that there is a high degree of internal consistency between the groups of questions in the defined model (Sheppard 1996; Velicer and Jackson 1990).

As mentioned above, CFA was performed in order to ensure the reliability and validity of the tested model, and the internal consistency of data collection instruments was checked using Cronbach’s alpha test. Cronbach’s alpha coefficients ($\alpha$) denote the average values of correlation between the items when they are graded on the basis of a given scale (in this case, the five-step Likert scale). If $\alpha>0{.}70$, there is a high degree of internal consistency between the questions, and there are good modeling options based on the data collected from the sample (Nunnally 1978), while values around 0.60 are considered acceptable (Boyer and Pagell 2000; Hair et al 1995). The $\alpha$ values are also shown in Table 2. Based on these values for our eight groups of questions, we conclude that the validity and reliability of the risk management questionnaire in small and medium-sized enterprises are proven, and that reliable modeling results can be expected based on the data collected.

The $t$ values, which are also shown in Table 2, are very high in almost all cases, with a significance level of $p<0{.}1$, which confirms the validity of the model. Therefore, all thirty-two variables (defined within eight latent groups of variables) can be used to define the theoretical model, which is shown in Figure 1.

Further testing of the validity of the theoretical model (Figure 1) was carried out using LISREL 8.8. In this way, a deeper statistical analysis was performed using the modeling of structural equations (Savić et al 2017). The values of the fitting indicators obtained are shown in Table 3 and show a satisfactory degree of fit in the tested model.

A relative chi-square ($\chi^{2}/\text{df}$) value of 2.24 can be considered significant, because the requirement for it to be less than $3$ is fulfilled (Molina et al 2007). In this way, the fitting indicators showed a significant level of fit in the tested model, which allows us to calculate the structural path coefficients for a defined theoretical model with a significant degree of reliability.

The coefficients of the structural path between the defined groups of variables in the tested model were calculated using LISREL 8.8. Coefficients of the path mean the same as the regression coefficients, because they indicate the strength of the relationship and the influence between independent and dependent variables. In addition, the determination coefficients ($R^{2}$) for dependent groups of variables, which show the percentage of variance in the dependent variable, are explained by the independent variable (Arsić et al 2011). The values of the path coefficient and determination coefficients obtained in the structural model are shown in Figure 2.

In order to make a final decision on the acceptance of the theoretical model, it was necessary to determine $t$-values for each of the seven proposed hypotheses. The $t$-values obtained are shown in parentheses in Figure 2. The $t$-values are greater than $2$ only for hypotheses (H2), (H3) and (H7), which confirms a stronger positive correlation between the independent variables “financial performance” and “human resources” and the dependent variable “operational performance”. In (H4), (H5) and (H6), the $t$-values are less than $1$, indicating that there is a very weak correlation between independent and dependent variables, while for (H1) the $t$-value is negative ($-1{.}41$) and indicates that there is a negative correlation between the independent variable “economic conditions” and the dependent variable “operational performance”. This is logical, given that the “economic conditions” group of questions implied growth of taxes and mandatory contributions, poor availability of financial resources (loans, subsidies), an increase in interest rates and a rise in the cost of all types of energy. This certainly has a negative impact on the operational performance of Serbian companies, given that in transition conditions it is difficult to predict the measures that will be adopted by the state, which, as a rule, makes business difficult.

From Figure 2, it can be seen that all the hypotheses in the model have positive values of the path coefficients, which confirms the positive influence of independent variables on the dependent variable, except for (H1) $(b=-0.11,p<0.1,t=-1.41)$, on the basis of which it can be concluded that economic conditions of business have a negative impact on operational performance. Hypothesis (H2) shows that financial performance has a positive impact on operational performance $(b=0.33,p<0.1,t=3.45)$. Hypotheses (H1), (H4), (H5) and (H6) are not statistically significant and show that human resources, data security and asset management, legal issues and business environment have a positive impact on operational performance ($b=0.38$ and $t=2.97$; $b=0.07$ and $t=0.51$; $b=0.05$ and $t=0.44$; $b=0.11$ and $t=0.82$, respectively). Finally, (H7) shows that operational performance positively affects the risk of losing market position $(b=0.49,p<0.1,t=5.01)$.

The values of the determination coefficients ($R^{2}$) obtained show that 56% of the variance in operational performance is explained by economic conditions, financial performance, human resources, data security, legislation and business environment, while 24% of the variance in the risk of losing market position is explained by operational performance.

Next, we examine the degree of interconnection between the six independent groups of variables. The correlation coefficient values obtained are shown in the correlation matrix in Table 4.

From Table 4, it can be seen that the strongest correlations exist between the independent variables “business environment” and “legal issues” (0.84; $p<0{.}05$) and “data security and asset management” and “human resources” (0.77; $p<0{.}05$). This is logical if we take into account the variables contained within these groups of questions. The characteristics of the business environment (corruption, favorability based on political commitment, poor quality of public services, large number of administrative requirements) are strongly linked to the legislation in Serbia (weaker implementation of laws, frequent changes in legislation, insufficiently independent judiciary, slow resolution of litigation). As far as data security and asset management (environmental accidents and threats, floods, fires, misuse of information, inadequate health and safety protection of employees, property theft) are concerned in Serbian companies, these largely depend on the characteristics of the employees themselves (inadequate qualifications, frequent job changes, employee injuries due to their mistakes, morale and discipline).

## 5 Conclusion

Risk management is recognized as a very important part of any effective corporate governance system. The global financial crisis stressed the significance of timely identification, analysis and governance of key business risks. Inadequate risk assessment has been highlighted as the main cause of the failure or financial problems of organizations all around the world during that period. In this paper, the influence of six risk factors on operational business in Serbian companies, as well as their impact on losing current market position, was analyzed. The conceptual model was defined, and seven hypotheses were suggested. For the theoretical model, we selected as our risk factors those that were most prominent in previous studies.

Our results indicate that the variable “human resources” has the strongest positive impact on the operational business of the companies analyzed. Human error, changes in job position and insufficient qualifications influence the small and medium-sized enterprises in Serbia very strongly. The positive impact of the variable “finance performance” was confirmed as well. On the other hand, the variable “economic conditions” is the only factor with a negative impact on operational business. This result is supported by the fact that economic circumstances are created by the state, so these conditions can be very unpredictable, especially in transition countries such as Serbia. Belas et al (2015) confirmed the negative attitude of entrepreneurs toward the state. The impact of other variables was not confirmed. Dobeš et al (2017) demonstrate entrepreneurs’ very critical view of the state’s role in the Czech Republic. Their results confirmed research conducted by Ključnikov et al (2016) and Dvorský et al (2018), who state that the business environment is affected not only by economic conditions but also by the assessment of state financial support and accessibility of external funding sources.

The motive for writing this paper was precisely the lack of ERM research in Serbia, and insufficient representation and implementation of this concept in Serbian enterprises. The existing literature mostly relates to the evaluation of risk management in financial institutions (Kočović et al 2014; Jelenković and Barjaktarović 2016; Vukosavljević et al 2016); most of the companies operating in Serbia use traditional risk management, while ERM is present only in financial institutions. The main reason for the latter is the legal obligation for banks and insurance companies to deal with risk evaluation and management. Other companies usually do not even have an organizational structure that can support the implementation of ERM (Barjaktarović et al 2017).

This study makes a significant contribution to the literature related to the evaluation of risk management in Serbian nonfinancial companies. The results obtained will be useful for the professional public and for organizations that help small and medium-sized enterprises to overcome the obstacles in the business environment. Despite the importance of these results, our research has some limitations. The questionnaire was completed by business owners or individuals responsible for risk management; therefore, some individual misunderstandings cannot be eliminated. Further, this paper only gives results from Serbia, so the results cannot be generalized. For future research, the authors intend to include other risks that could have an influence on companies’ market position and business operations, and to increase the sample size.

## Declaration of interest

The authors report no conflicts of interest. The authors alone are responsible for the content and writing of the paper.

## References

• Agrell, P. J., Lindroth, R., and Norrman, A. (2004). Risk, information and incentives in telecom supply chains. International Journal of Production Economics 90(1), 1–16 (https://doi.org/10.1016/S0925-5273(02)00471-1).
• Anton, S. G. (2018). The impact of enterprise risk management on firm value: empirical evidence from Romanian nonfinancial firms. Inžinerinė Ekonomika – Engineering Economics 29(2), 151–157 (https://doi.org/10.5755/j01.ee.29.2.16426).
• Arsić, M., Nikolic, Dj., and Zivković, Z. (2011). TQM practice in service oriented organization: antecedents of employee satisfaction and loyalty. In 6th International Working Conference “Total Quality Management: Advanced and Intelligent Approaches”, pp. 326–340. Faculty of Mechanical Engineering, University of Belgrade.
• Ballinger, G., Craig, E., Cross, R., and Gray, P. (2011). A stitch in time saves nine: leveraging networks to reduce the costs of turnover. California Management Review 53(4), 111–133 (https://doi.org/10.1525/cmr.2011.53.4.111).
• Barjaktarović, L., Pindžo, R., Djulić, K., and Vjetrov, A. (2017). Implementation of the ERM concept in Serbia: comparative analysis – real sector and financial sector. Bankarstvo 46(2), 50–67 (https://doi.org/10.5937/bankarstvo1702050B).
• Bartram, S. M. (2000). Corporate risk management as a lever for shareholder value creation. Financial Markets, Institutions and Instruments 9(5), 279–324 (https://doi.org/10.2139/ssrn.279507).
• Battisti, M., and Vallanti, G. (2013). Flexible wage contracts, temporary jobs, and firm performance: evidence from Italian firms. Industrial Relations: A Journal of Economy and Society 52(3), 737–764 (https://doi.org/10.1111/irel.12031).
• Baybutt, P. (2002). Layers of protection analysis for human factors (LOPA-HF). Process Safety Progress 21(2), 119–129 (https://doi.org/10.1002/prs.680210208).
• Becker, K., and Smidt, M. (2016). A risk perspective on human resource management: a review and directions for future research. Human Resource Management Review 26(1), 149–165 (https://doi.org/10.1016/j.hrmr.2015.12.001).
• Belas, J., Demjan, V., Habanik, J., Hudakova, M., and Sipko, J. (2015). The business environment of small and medium-sized enterprises in selected regions of the Czech Republic and Slovakia. E+M Ekonomie a Management 18(1), 95–110 (https://doi.org/10.15240/tul/001/2015-1-008).
• Boyer, K. K., and Pagell, M. (2000). Measurement issues in empirical research: improving measures of operations strategy and advanced manufacturing technology. Journal of Operations Management 18(3), 361–374 (https://doi.org/10.1016/S0166-3615(03)00029-0).
• Cassidy, D. (2005). Enterprise risk management (ERM): a new reality for businesses. Employee Benefit Plan Review 59(11), 29–31.
• Casualty Actuarial Society (2003). Overview of enterprise risk management. Report, CAS Enterprise Risk Management Committee.
• Cerny, B. A., and Kaiser, H. F. (1977). A study of a measure of sampling adequacy for factor-analytic correlation matrices. Multivariate Behavioral Research 12(1), 43–47 (https://doi.org/10.1207/s15327906mbr1201_3).
• Chopra, S., and Sodhi, M. S. (2004). Managing risk to avoid supply chain breakdown. MIT Sloan Management Review 46(1), 53–62.
• Colquitt, L. L., Hoyt, R. E., and Lee, R. B. (1999). Integrated risk management and the role of the risk manager. Risk Management and Insurance Review 2(3), 43–61 (https://doi.org/10.1111/j.1540-6296.1999.tb00003.x).
• Committee of Sponsoring Organizations of the Treadway Commission (2004). Enterprise risk management: integrated framework. Report. URL: http://www.coso.org/Pages/erm-integratedframework.aspx.
• Corbett, C. J., Montes, M. J., Kirsch, D. A., and Alvarez-Gil, M. J. (2002). Does ISO 9000 certification pay? ISO Management Systems, July/August, 31–40.
• Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrica 16, 297–334 (https://doi.org/10.1007/BF02310555).
• D’Arcy, S. P., and Brogan, J. C. (2001). Enterprise risk management. Journal of Risk Management of Korea 12(1), 207–228.
• Daud, S., Abidin, N., Sapuan, N. M., and Rajadurai, J. (2012). Efficient human resource deployment technique in higher education: a standpoint from Malaysia. African Journal of Business Management 6(25), 7533–7547 (https://doi.org/10.5897/AJBM11.558).
• Demerouti, E., Le Blanc, P. M., Bakker, A. B., Schaufeli, W. B., and Hox, J. (2009). Present but sick: a three-wave study on job demands, presenteeism and burnout. Career Development International 14(1), 50–68 (https://doi.org/10.1108/13620430910933574).
• Dewlaney, K. S., and Hallowell, M. (2012). Prevention through design and construction safety management strategies for high performance sustainable building construction. Construction Management and Economics 30(2), 165–177 (https://doi.org/10.1080/01446193.2011.654232).
• Dobeš, K., Kot, S., Kramoliš, J., and Sopková, G. (2017). The perception of governmental support in the context of competitiveness of SMEs in the Czech Republic. Journal of Competitiveness 9(3), 34–50 (https://doi.org/10.7441/joc.2017.03.03).
• Dul$\prime$ová Spišáková, E., Mura, L., Gontkovičová, B., and Hajduová Z. (2017). R&D in the context of Europe 2020 in selected countries. Economic Computation and Economic Cybernetics Studies and Research 51(4), 243–261.
• Dunjó, J., Fthenakis, V., Vílchez, J. A., and Arnaldos, J. (2010). Hazard and operability (HAZOP) analysis: a literature review. Journal of Hazardous Materials 173(1), 19–32 (https://doi.org/10.1016/j.jhazmat.2009.08.076).
• Dvorský, J., Schönfeld, J., Kotásková, A., and Petráková, Z. (2018). Evaluation of important credit risk factors in the SME segment. Journal of International Studies 11(3), 204–216 (https://doi.org/10.14254/2071-8330.2018/11-3/17).
• Ernst & Young (2011). Information security survey. Report, Ernst & Young, London.
• Finch, P. (2004). Supply chain risk management. Supply Chain Management: An International Journal 9(2), 183–196 (https://doi.org/10.1108/13598540410527079).
• Florio, C., and Leoni, G. (2017). Enterprise risk management and firm performance: the Italian case. British Accounting Review 49(1), 56–74 (https://doi.org/10.1016/j.bar.2016.08.003).
• Glambek, M., Matthiesen, S. B., Hetland, J., and Einarsen, S. (2014). Workplace bullying as an antecedent to job insecurity and intention to leave: a 6-month prospective study. Human Resource Management Journal 24(3), 255–268 (https://doi.org/10.1111/1748-8583.12035).
• Guselbaeva, G., and Pachkova, O. (2015). The estimation of property and business in the anti-crisis measures. Procedia Economics and Finance 27, 501–506 (https://doi.org/10.1016/S2212-5671(15)01027-8).
• Hair, J. F., Anderson, R. E., Tatham, R. L., and Black, W. C. (1995). Multivariate Data Analysis with Readings, 4th edn. Prentice Hall, Englewood Cliffs, NJ.
• Hair, J. F., Black, W. C., Anderson, R. E., and Tatham, R. L. (2006). Multivariate Data Analysis, 6th edn. Prentice Hall, Upper Saddle River, NJ.
• Hallikas, J., Karvonen, I., Pulkkinen, U., Virolainen, V. M., and Tuominen, M. (2004). Risk management processes in supplier networks. International Journal of Production Economics 90(1), 47–58 (https://doi.org/10.1016/j.ijpe.2004.02.007).
• Handfield, R., and McCormack, K. (2007). Supply Chain Risk Management: Minimizing Disruptions in Global Sourcing. Auberbach Publications, Boca Raton, FL (https://doi.org/10.1201/9781420013306).
• Harland, C., Brencheley, H., and Walker, H. (2003). Risk in supply networks. Journal of Purchasing and Supply Management 9(2), 51–62 (https://doi.org/10.1016/S1478-4092(03)00004-9).
• Hess, M., and Cottrell, J. H., Jr. (2016). Fraud risk management: a small business perspective. Business Horizons 59(1), 13–18 (http://doi.org/dcg8).
• Heywood, S., Layton, D., and Pentinen, R. (2009). A better way to cut costs. McKinsey Quarterly, October, McKinsey & Company. URL: http://www.mckinsey.com/business-functions/organization/our-insights/a-better-way-to-cut-costs.
• Holzmann, R., and Jørgensen, S. (2001). Social risk management: a new conceptual framework for social protection and beyond. International Tax and Public Finance 8, 529–556 (https://doi.org/10.1023/A:1011247814590).
• Hoyt, R. E., and Liebenberg, A. P. (2011). The value of enterprise risk management. Journal of Risk and Insurance 78(4), 795–822 (https://doi.org/10.1111/j.1539-6975.2011.01413.x).
• International Standards Organization (2009a). ISO 31000:2009, Risk Management: Principles and Guidelines. International Standards Organization, Geneva.
• International Standards Organization (2009b). ISO Guide 73:2009, Risk Management: Vocabulary. International Standards Organization, Geneva.
• Jelenković, Z., and Barjaktarović, L. (2016). The risk management functions in the conditions of globalization: case study of the Republic of Serbia. Management 79, 37–45 (https://doi.org/10.7595/management.fon.2016.0010).
• Jüttner, U. (2005). Supply chain risk management: understanding the business requirements from a practitioner perspective. International Journal of Logistics Management 16(1), 120–141 (https://doi.org/10.1108/09574090510617385).
• Kaiser, H. F. (1974). An index of factorial simplicity. Psychometrika 39, 31–36 (https://doi.org/10.1007/BF02291575).
• Kandemir, D., Yaprak, A., and Cavusgil, S. T. (2006). Alliance orientation: conceptualization, measurement, and impact on market performance. Academy of Marketing Science Journal 34(3), 324–340 (https://doi.org/10.1177/0092070305285953).
• Karabašević, D., Stanujkić, D., Djordjević, B., and Stanujkić, A. (2018). The weighted sum preferred levels of performances approach to solving problems in human resources management. Serbian Journal of Management 13(1), 145–156 (https://doi.org/10.5937/sjm13-12589).
• Kayes, D. C., Stirling, D., and Nielsen, T. M. (2007). Building organizational integrity. Business Horizons 50(1), 61–70 (https://doi.org/10.1016/j.bushor.2006.06.001).
• Kehinde, A., Opeyemi, A., Benjamin, A., Adedayo, O., and Abel, O. A. (2017). Enterprise risk management and the survival of small scale businesses in Nigeria. International Journal of Accounting Research 5(2), 1000165 (https://doi.org/10.4172/2472-114X.1000165).
• Kim, N., and Pae, J. (2007). Utilization of new technologies: organizational adaptation to business environments. Journal of the Academy of Marketing Science 35(2), 259–269 (https://doi.org/10.1007/s11747-007-0032-6).
• Kingir, S., and Mesci, M. (2010). Factors that affect hotel employees’ motivation: the case of Bodrum. Serbian Journal of Management 5(1), 59–76.
• Kleffner, A. E., Lee, R. B., and McGannon, B. (2003). The effect of corporate governance on the use of enterprise risk management: evidence from Canada. Risk Management and Insurance Review 6(1), 53–73 (https://doi.org/10.1111/1098-1616.00020).
• Ključnikov, A., Belás, J., Kozubíková, L., and Paseková, P. (2016). The entreprenurial perception of SME business environment quality in the Czech Republic. Journal of Competitiveness 8(1), 66–78 (https://doi.org/10.7441/joc.2016.01.05).
• Kočović, J., Paunović, B., and Jovović, B. (2014). Determinants of business performance of nonlife insurance companies in Serbia. Ekonomika Preduzeća 62(7–8), 367–381 (https://doi.org/10.5937/ekopre1408367K).
• Kopia, J., Just, V., Geldmacher, W., and Bußian, A. (2017). Organization performance and enterprise risk management. Ecoforum 6(1). URL: http://ecoforumjournal.ro/index.php/eco/article/view/573.
• Korcsmáros, E. (2018). Factors affecting the development of SMEs (example from Slovakia based on primary research in Nitra region). Acta Oeconomica Universitatis Selye 7(1), 70–78.
• Kot, S., and Dragon, P. (2015). Business risk management in international corporations. Procedia Economics and Finance 27(1), 102–108 (https://doi.org/10.1016/S2212-5671(15)00978-8).
• Lai, I. K. W., and Lau, H. C. W. (2012). A hybrid risk management model: a case study of the textile industry. Journal of Manufacturing Technology Management 23(5), 665–680 (https://doi.org/10.1108/17410381211234453).
• Lam, J. (2000). Enterprise-wide risk management and the role of the chief risk officer. Ivey Business Quarterly 3, 10–18.
• Leaver, M., and Reader, T. W. (2016). Non-technical skills for managing risk and performance in financial trading. Journal of Risk Research 19(6), 687–721 (https://doi.org/10.1080/13669877.2014.1003319).
• Liebenberg, A. P., and Hoyt, R. E. (2003). The determinants of enterprise risk management: evidence from the appointment of chief risk officers. Risk Management and Insurance Review 6(1), 37–52 (https://doi.org/10.1111/1098-1616.00019).
• Mazánková, V., and Němec, M. (2007). Financial stability report: operational risk and its impacts on financial stability. Report, Czech National Bank, Prague.
• McKinnon, A. (2006). Life without trucks: the impact of a temporary disruption of road freight transport on a national economy. Journal of Business Logistics 27(2), 227–250 (https://doi.org/10.1002/j.2158-1592.2006.tb00224.x).
• Meszaros, M. (2018). “Employing” of self-employed persons. Central European Journal of Labour Law and Personnel Management 1(1), 31–50.
• Meulbroek, L. (2005). A senior manager’s guide to integrated risk management. Journal of Applied Corporate Finance 14(4), 56–70 (http://doi.org/b7zpkw).
• Mikes, A. (2009). Risk management and calculative cultures. Management Accounting Research 20(1), 18–40 (https://doi.org/10.1016/j.mar.2008.10.005).
• Miller, K. D. (1993). Industry and country effects on manager perceptions of environmental uncertanities. Journal of International Business Studies 24, 693–714 (https://doi.org/10.1057/palgrave.jibs.8490251).
• Miller, K. D., and Waller, H. G. (2003). Scenarios, real options and integrated risk management. Long Range Planning 36(1), 93–107 (https://doi.org/10.1016/S0024-6301(02)00205-4).
• Molina, L. M., Lloréns-Montes, J., and Ruiz-Moreno, A. (2007). Relationship between quality management practices and knowledge transfer. Journal of Operations Management 25(1), 682–701 (https://doi.org/10.1016/j.jom.2006.04.007).
• Mura, L., and Ključnikov, A. (2018). Small businesses in rural tourism and agrotourism: study from Slovakia. Economics and Sociology 11(3), 286–300 (https://doi.org/10.14254/2071-789X.2018/11-3/17).
• Mwaniki, R. (2006). Supporting SMEs Development and the Role of Microfinance in Africa. INAFI Africa Trust, Nairobi.
• Nagurney, A., Cruz, J., Dong, J., and Zhang, D. (2005). Supply chain networks, electronic commerce and supply side and demand side risk. European Journal of Operational Research 164(1), 120–142 (https://doi.org/10.1016/j.ejor.2003.11.007).
• Nunnally, J. C. (1978). Psychometric Theory, 2nd edn. McGraw-Hill, New York.
• OECD (2009). Corporate governance and financial crisis: key findings and main messages. Report, June, Organisation for Economic Co-operation and Development, Paris.
• Oláh, J., Zéman, Z., Balogh, I., and Popp, J. (2018). Future challenges and areas of development for supply chain management. LogForum 14(1), 127–138 (https://doi.org/10.17270/J.LOG.2018.238).
• Pagach, D., and Warr, R. (2011). The characteristics of firms that hire chief risk officers. Journal of Risk and Insurance 78(1), 185–211 (https://doi.org/10.1111/j.1539-6975.2010.01378.x).
• Peck, H. (2005). Drivers of supply chain vulnerability: an integrated framework. International Journal of Physical Distribution and Logistics Management 35(4), 210–232 (https://doi.org/10.1108/09600030510599904).
• Quon, T. K., Zeghal, D., and Maingot, M. (2012). Enterprise risk management and firm performance. Procedia: Social and Behavioral Sciences 62(1), 263–267 (https://doi.org/10.1016/j.sbspro.2012.09.042).
• Saeidi, S. P., Sauda, S., Parvaneh, S., Sayyedeh, P. S., and Seyyed, A. S. (2015). How does corporate social responsibility contribute to firm financial performance? The mediating role of competitive advantage, reputation and customer satisfaction. Journal of Business Research 68(2), 341–350 (https://doi.org/10.1016/j.jbusres.2014.06.024).
• Savić, M., Djordjević, P., Milosevic, I., Mihajlovic, I., and Zivković, Z. (2017). Assessment of the ISO 9001 functioning on an example of relations with suppliers development: empirical study for transitional economy conditions. Total Quality Management and Business Excellence 28(11–12), 1285–1306 (https://doi.org/10.1080/14783363.2015.1135727).
• Shamala, P., Ahmad, R., Zolait, A., and Sedek, M. (2017). Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications 36(1), 1–10 (https://doi.org/10.1016/j.jisa.2017.07.004).
• Sheppard, B. (1996). Exploring the transformational nature of instructional leadership. Alberta Journal of Educational Research 52(4), 325–344.
• Sierpińska, M., and Jachna, T. (2004). Ocena przedsiebiorstwa według standardów światowych [Company Assessment According to Global Standards]. PWN Scientific, Warsaw (in Polish).
• Sprčić, D. M., Kožul, A., and Pecina, E. (2015). State and perspectives of enterprise risk management system development: the case of Croatian companies. Procedia Economics and Finance 30(1), 768–779 (https://doi.org/10.1016/S2212-5671(15)01326-X).
• Sprčić, D. M., Žagar, M. M., Šević, Z., and Marc, M. (2016). Does enterprise risk management influence market value: a long term perspective. Risk Management 18(2–3), 18–65 (https://doi.org/10.1057/rm.2016.3).
• Stulz, R. (2002). Risk Management and Derivates. Cengage Learning, Boston, MA.
• Tang, C. S. (2006). Perspectives in supply chain risk management. International Journal of Production Economics 103(2), 451–488 (https://doi.org/10.1016/j.ijpe.2005.12.006).
• Velicer, W. F., and Jackson, D. N. (1990). Component analysis versus common factor analysis: some further observations. Multivariate Behavioral Research 25, 97–114 (https://doi.org/10.1207/s15327906mbr2501_12).
• Veselovská, L., Kožárová, M., and Závadský, J. (2018). Relationship between information sharing and flexibility in management of enterprises in automotive industry: an empirical study. Serbian Journal of Management 13(2), 381–393 (https://doi.org/10.5937/sjm13-17474).
• Vukosavljević, D., Vukosavljević, D., and Jelić, G. (2016). The increasing importance of effective risk management in banking: findings from Serbia. International Review 1, 101–108 (https://doi.org/10.5937/intrev1602101V).
• Wagner, S. M., and Bode, C. (2008). An empirical examination of supply chain performance along several dimensions of risk. Journal of Business Logistics 29(1), 307–325 (https://doi.org/10.1002/j.2158-1592.2008.tb00081.x).
• Yusuwan, N., Adnan, H., and Omar, A. (2008). Client’s perspective of risk management practice in Malaysian construction industry. Journal of Politics and Law 1(3), 121–130 (https://doi.org/10.5539/jpl.v1n3p121).
• Zsidisin, G. A. (2003). Managerial perceptions of supply risk. Journal of Supply Chain Management 39(1), 14–25 (https://doi.org/10.1111/j.1745-493X.2003.tb00146.x).
• Zsidisin, G. A., Panelli, A., and Upton, R. (2000). Purchasing organization involvement in risk assessments, contingency plans, and risk management: an exploratory study. Supply Chain Management: An International Journal 5(4), 187–197 (https://doi.org/10.1108/13598540010347307).

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe