Developing An Accurate Risk Management Plan For Engineering Environments

Importance of Risk Management in Business Environment

Discuss about the Project Risk Management for ERP Project Failure.

The uncertainty in economic times in the past decades is increasing eventually in different business organizations those are needed to be mitigated by developing proper risk mitigation planning. In order to evaluate any project in the engineering environment proper operational and functional activities are needed to be implemented by the project managers. For this particular project, the Nominated engineering environment is about the implementation of an Enterprise Resource planning (ERP), system in a Multinational Business organization. However, due to lack of proper risk management planning the ERPS system failed to give the project objectives to the consumers and the employee who are working for the company.

This paper is focused on the development of an accurate risk management plan for a situation which has interrupting the measurable success of a project in an engineering organization. In order to prepare the project risk management plan both the oral and written medium are selected. For this particular situation the risk management plan that has been developed is consists of risk identification, risk analysis, evaluation, treatment, communication and risk consultant. In addition to this, proper risk monitoring and risk review are the other important components considered for this project.      

This literature depicts the importance of developing accurate risk management plan for different engineering environment.  According to [17] for any business environment, the main reason of uncertainty is risk. Thus, most the companies are focusing on the identification of risks and management of risks even before it affect the business success negatively. There are many companies who used to operate their business much smoothly and also with the help of the business forecast and projection. Due to these reasons the companies have adopted renewed to manage the risks [30]. In order to make future decisions for the businesses much confidently risk management approaches help the companies a lot. Business organizations face both the internal and external factors that influence the uncertain weather of the business organization. Proper risk management plan will help the business organizations to reach its objectives within the estimated time period. The business environments will be impacted positively with an accurate risk management plan. [17] Stated that, risks may be generated from both internal and external sources. The external risks such as political risk, exchange risk, interest risk etc are those which cannot be directly controlled by the management team.  [24] argued that, based on the background of the projects, proper risk management plan should be developed by the project manager rater project executives. There are many business organizations that have incorporated risk management as a department in their business organization. Besides internal and external risks there are another risk named as critical risk which have adverse influence in the business in the business organization [10]. In the year of 2005, the international organization and standard had developed a working group and also implemented the first international risk management standard considering the AS/NZS  4360:2004 as the first draft that was advised to be followed by all the business organization of Australia and New Zealand.  The standard development process contains both the public consultation of Australia and New Zealand.  The public consultation results in the ISO 31000:2009 publication. The AS/NZS ISO 31000:2009 does not differ much from the AS/NZS ISO 31000:2004 [14]. Minor modifications are done on the standard of 2004 and the modified version was officially promoted and published in the year of 2009. This standard shows the relation among the risk management principles, framework and process individually. Most of finance departments of the large to medium organizations follow the standard to avoid economic complications. However, after the development of AS/NZS ISO 31000:2009, the risk management standard developed in AS/NZS ISO 31000:2004 was completely replaced [18]. During the development of the risk management program or framework for any business organization, the fund member agencies provide AS/NZS ISO: 3100 principles and guidelines.

Components of Risk Management Plan

In this current technology era, the organizations who are failing to adopt proper technical operations, will lag to meet their objectives easily and also will fail to give competition to other companies [29] It is the responsibility of the project managers and other managerial executives, to adopt the most suitable risk management plan to avoid all commercial, social, legal and environmental risks collectively.  Under the AS/NZS ISO 31000:2009 the definition of risk has been changed and became the “effect of uncertainty over the objectives” [12]. Thus, before developing any risk management plan the below mentioned steps are needed to be considered by the risk management plan developers:

• Clear understanding about the purpose or event which is facing major risk
• Identification of all presentable activities and attractions
• Creation of the environment to be presented in the nominated event
• Identification of the audience who are expected to be attracted just after the risk will be resolved

 In order to develop a risk management plan the developers maintain a consistent sequence rather systematic approach to analyze and realize the impact of the risks.  In general there are common phases those are considered for the development of the risks management plan including risk identification, risk analysis, prioritize and control. According to [6] in this risk management plan the input of any phase should have to be the output of the previous phase. Mis-link between any two phases will lead the risk management plan towards failure. Development of a risk management plan and its assessment prior to the identified risky event the potential risks can even be identified and prioritize accordingly in terms of likelihood, consequence etc [28]. In order to reduce and mitigate all potential risks, risk control and mitigation approaches are needed to be undertaken. The below are the content of the risk assessment process and plan to be delivered:

Identification of risk:  Risk is referred to as an event that prevents any project to meet its objectives as the progress was previously planned. [21] stated that, different resources are needed to complete any project and risks can occur from any of the resources. Some of the risks may be quite general and are identified prior to project kickoff.  Even the project developer fails to identify those risks at the initial phase then during the project lifecycle phase those can be easily identified [15].  Collectively it can be said that for successfully assist any project, risk management plan development is a very important part. Some of the risks can be inherent whereas some of the risks are occurred due to external influence [3].  Internal risks are still easy to control whereas the external risks control is difficult. Not only this external risk control but also external risk identification is also a difficult part of project development lifecycle. It is the responsibility of the project manager to control the project risks. According to [5] for reporting to the project manager in every project there are specific areas where the project team members are allotted. Throughout the project development lifecycle, the intent of the project manager is to develop a project team who will assign only for the risk awareness, identification, communication and documentation. Risk awareness is the practice that assures that all the project team members are aware of the risks it outcome and all other side-effects. On the other hand, risk identification identifies those risks for which the project outcome may be impacted negatively. Risk communication is all about serious discussion about the project risks. It means that through risks communication the risks those may affect the project success are come under the attention or focus of the project managers and other project heads.  In order to control the risks the project developers should develop a risk register eventually. The risk register must contain notification on the arrival of any new risk. According to [20], a section should be added to the risk register to describe the risk in details. Again [25] stated that, besides risk description there must be a part to identify the probability of the risks. Some of the risks occur frequently whereas; some of the risks are rare but have high negative impact in the projects outcomes. The other sections to be managed in the project risk identification phase include, impact of risk schedule, quality management, cost impact etc. It is the responsibility of the project manager to develop and share the risks among the members associated to the project [22]. The following is the mentioned table to be usually followed by the project managers to control all the identified risks:

Activity	Responsibility
Risk identification	Project stakeholders
Risk registry	Project manager and  other project executives
Risk assessment	All the stakeholders associated to the project
Risk response	Stakeholders
Approval to the responded risks	Project manager along with the executives
Contingency management	Project managers
Managing risk response	Project managers
Reporting of the risks	Project managers

AS/NZS ISO 31000:2009 as the Standard for Risk Management

Risk assessment: Risk assessment is referred to as an act that helps to determine the probability of risk, whose occurrence negatively impacts the project objectives [19].  Risk assessment can be also defined as a cause and effect analysis. Cause is the event that may occur during the project development phase and effect is the potential impact of the risk that may interrupt the success of any project. Risk assessment is divided into two different factors such as probability that measures the event and estimation on the impact of the risks [16]. Cost estimation, potential delay duration, scope and reduction changes are the qualities those are very important factors to be considered for assessing the risks. In order to avoid the risks there are certain project management tools to be considered including project plan, budget planning, work statement etc.   

Risks response or risk prioritization:  For each individual risk, the way of response should be different. In order to identify the risk response for each of the risk the project managers are responsible [14]. For selecting the correct response for each risk, the project team members should select the best possible risk assessment way. Based on the type and background of the risks the risks should be priorities or scored out of 10. In order to evaluate risk mitigation strategies for multiple risk proper cost is needed to be developed [10]. There are different risk response options available those are necessary to be developed by the project managers in terms of avoidance, transference, mitigation, and acceptance and deferred. Risk avoidance is referred to as the way in which projects should be changed in terms of change scope and objectives etc. Risk mitigation is the development of strategies for individual risks.  This step helps to reduce the identified and assessed risk from the projects [12]. Instead of eliminating risk, risks should be shifted to the third parties. Risk acceptance is the way to simply accept the risks and not to avoid it. If the risks are accepted then respective changes should be included in project schedule, scope, cost, quality etc.  

Risk control: The phase called risk mitigation or control are again divided into two different parts according to AS/NZS ISO 31000:2009 [20]. At the initial phase of risk mitigation, all the different activities rather steps should be identified. After identification of the risks a contingency plan has to be developed by the project managers to deal with the tasks. For each and individual phase accurate risk mitigation plan or control plan should be developed. With the help of risk assessment matrix, the priority and its ranking can be eventually identified.  Risk can be catastrophic, critical, moderate, minor and negligible and from the priority matrix implementation of risk mitigation plan will become much easier.

In the year of 2004, a multinational company announced about their failure in Enterprise Resource Planning (ERP) which affected their commercial failure. The net revenue of the company faced about more than 56% of failure in this ERP failure [21]. During the development of a centralize ERP system in their company, they failed to develop proper risk management plan and as a result they lost their revenue a lot that is more than 5 times of their quarterly profit. The complete financial impacts of the ERP failure include backlogs, revenue lost.  The products of the company are well known for their excellent products quality and reasonable price. There is a decentralized organizational structure and this is the responsibility of each of the business units to design market and manufacture their own software products. The engineering company faced high level risk due to the improper risk management planning [26]. From the resellers and direct consumers the multinational company witnessed excessive benefit from their quality product and services. Under the light of the increasing demand for different products the company had planned to reorganize their business process for managing the complex situations. It is expected that the newly arranged business process will help the company to operate its functionalities.  The aim of the company is to design a business plan to venture into a high volume of low priced electronic market. The company also planned to phase the legacy system as a standard ERP solution [23]. In order to implement a SAP R/3 ERP securely a risk management plan is needed to be developed by the project manager. Basically the major failure was faced by the company during the ERP migration. It is expected that, if proper risk management plan is developed for the company then all the issues will be resolved appropriately. The risk management plan developed for the company is mentioned below:

Steps Involved in Risk Management Plan

Like the other project, in case of ERP implementation also a risk management plan should be developed [32].  The risk management plan for the company should be consists of three phases in terms of planning, implementation and post implementation phases. During ERP planning risk analysis is a phase that is closely associated to the selection of ERP system. The risk management plan developed for the nominated environment is mentioned below:

Task Name	Duration	Start	Finish	Predecessors	Resource Names
Risk management planning	143 days	Mon 4/9/18	Wed 10/24/18
Risk identification	30 days	Mon 4/9/18	Fri 5/18/18
Understanding project scope	6 days	Mon 4/9/18	Mon 4/16/18		Project manager
Analyzing project activities	5 days	Tue 4/17/18	Mon 4/23/18	2	Project manager ,Project sponsor
Defining risks	8 days	Tue 4/24/18	Thu 5/3/18	3	Project sponsor
Considering possible risks associated to ERP	6 days	Fri 5/4/18	Fri 5/11/18	4	HR manager
Developing analytical process models	4 days	Fri 5/4/18	Wed 5/9/18	4	system analyst, system developer
Considering amount of risks	5 days	Mon 5/14/18	Fri 5/18/18	5	Project manager ,system developer
Developing business strategies	6 days	Thu 5/10/18	Thu 5/17/18	6	finance manager
Risk analysis	37 days	Mon 5/21/18	Tue 7/10/18
Risks of ERP are to be analyzed	4 days	Mon 5/21/18	Thu 5/24/18	7	system developer
Proper software configuration	8 days	Fri 5/25/18	Tue 6/5/18	8,10	Project sponsor, system developer
Contract and developing Service Level Agreement	5 days	Wed 6/6/18	Tue 6/12/18	11	Project sponsor
Considering Delphi technique	6 days	Wed 6/13/18	Wed 6/20/18	12	Project sponsor
Hierarchical process improvement	6 days	Thu 6/21/18	Thu 6/28/18	13	system analyst, system developer
Considering ISO 31000:2009 standards	5 days	Fri 6/29/18	Thu 7/5/18	14	Project manager
Risk communication	3 days	Fri 7/6/18	Tue 7/10/18	15	HR manager
Risk prioritize	44 days	Wed 7/11/18	Mon 9/10/18
Analyzing each of the risks individually	5 days	Wed 7/11/18	Tue 7/17/18	16	finance manager ,Project sponsor
Measuring the level of tolerance for each risk	4 days	Wed 7/18/18	Mon 7/23/18	18	system analyst
Risk ranking	6 days	Tue 7/24/18	Tue 7/31/18	19	finance manager
Contingency planning	2 days	Wed 8/1/18	Thu 8/2/18	20	Project manager ,Project sponsor
Setting risk priority	3 days	Fri 8/3/18	Tue 8/7/18	21	system analyst
Addition of notification for each new task	4 days	Wed 8/8/18	Mon 8/13/18	22	system developer
Description of risk factor	6 days	Tue 8/14/18	Tue 8/21/18	23	system analyst
Analyzing scope impact	5 days	Wed 8/22/18	Tue 8/28/18	23,24	system developer
Analyzing schedule impact	3 days	Wed 8/29/18	Fri 8/31/18	25	HR manager
Analyzing quantity impact	6 days	Mon 9/3/18	Mon 9/10/18	26	system analyst
Risk mitigation planning	23 days	Tue 9/11/18	Thu 10/11/18
Allotting responsible person for each risk	2 days	Tue 9/11/18	Wed 9/12/18	27	system analyst
Developing risk register	4 days	Thu 9/13/18	Tue 9/18/18	29	Project manager
Regulatory and compliance issue identification	3 days	Wed 9/19/18	Fri 9/21/18	30	system analyst
Feasibility study	6 days	Mon 9/24/18	Mon 10/1/18	31	finance manager
Resource planning	5 days	Tue 10/2/18	Mon 10/8/18	32	Project manager
Security breach mitigation	3 days	Tue 10/9/18	Thu 10/11/18	33	Project sponsor
Risk management plan closure	9 days	Fri 10/12/18	Wed 10/24/18
Final risk management plan	2 days	Fri 10/12/18	Mon 10/15/18	34	HR manager
Action planning	3 days	Tue 10/16/18	Thu 10/18/18	36	system analyst
Post ERP maintenance plan	4 days	Fri 10/19/18	Wed 10/24/18	37	system developer

In order to develop the risk management for ERP failure occurred in a Multinational company the stakeholders of the projects are also allotted [2]. In order to reduce the work pressure from the project team members, stakeholders are also allotted for each of the activity and for this particular risk management plan the associated stakeholders and their responsibilities are illustrated below:

Resource Name	Type	Material Label	Initials	Group	Max. Units	Std. Rate	Ovt. Rate	Cost/Use	Accrue At	Base Calendar
Project manager	Work		P		100%	$18.00/hr	$0.00/hr	$0.00	Prorated	Standard
finance manager	Work		f		100%	$14.00/hr	$0.00/hr	$0.00	Prorated	Standard
HR manager	Work		H		100%	$12.00/hr	$0.00/hr	$0.00	Prorated	Standard
system developer	Work		s		100%	$12.00/hr	$0.00/hr	$0.00	Prorated	Standard
system analyst	Work		s		100%	$12.00/hr	$0.00/hr	$0.00	Prorated	Standard
Project sponsor	Work		P		100%	$20.00/hr	$0.00/hr	$0.00	Prorated	Standard.

• Lack of license for the software needed to run the application
• Improper SLA
• Lack of training and development for the new technology application
• Improper budgeting and resource allocation

The project is based upon an ERP system implementation failure in a multinational company.

• Worker’s protection from accidents
• Maintenance of organizational reputation
• Protecting business against the unforeseeable
• Reduced rate of worker absence

Failure Mode Effects Analysis (FMEA) is referred to as a technique that is widely used by the business organizations for developing risk management plan. It is expected that wt the help of this risk management plan all the risks can be easily identified, analyzed and mitigated. In order to improve any current product, service, layout or even process the most widely used tool in FMEA. Regardless of the occupation and status that has to determine, FMEA tool can be used for measuring risks [8]. Besides this approach many other approaches are also available in terms of design review by failure mode, failure mode, effects and critical analysis. FMEA is a structured approach that helps to evaluate a process or product for identifying where and how the approach may fail to meet its objectives. FMEA approach should be applied by the project manager for developing the risk management plan. It also helps to identify the impact of the risks and based on that priority matrix is also developed by the project manager. The risk priority numbers are ranges from 1 to 1000 and the priority measure results are obtained by making multiplication along with severity, occurrence, detection etc. on the other hand the detection scale ranges from 1 to 10 [5]. Based on the priority the risks are ranked by the project managers. Besides the FMEA approach there are certain optional approaches available in the market those are widely used by the project managers for implementing a secure project risk management plan.  A typical FMEA technique has the ability to create linkage between Control plan, process map, C-E m=Matrix, SIPOC etc. The rating scale of a Typical FMEA approach is stated in the below table:

Probability of failure	Possible failure rates
Extremely high	>=1 and 2
Very high	1- 3
Repeated failures	1-8
High	1-20
Moderately high	1-80
Moderate	1-400
Quite low	1-2000
Low	1-15000
Remote	1-150000
Almost impossible	<=1-1,500,000

With the help of the FMEA technique the ERP failure project based risk management plan can be developed and in the below section the plan has been shown:

Besides FMEA technique there are many other techniques that can be used by the project managers to detect, analyze and mitigate the identified risks. The techniques are as follows:

• What –if analysis
• Qualitative risk analysis
• Development of project checklist
• Hazard and operability study (HAZOP)
• Decision making tree

The risk tolerability criteria are similar as to the risk acceptance criteria and the risk acceptance criteria for this project are as follows:

• Profits can be obtained from the risks
• Degree of control for the risk
• Times until effects are experience
• Times in realization of the risks (occurrence of accidents)

Risk name	Responsible person	Frequency	Impact	Mitigation strategy
Incorrect resource allocation	Project manager	High	High	At the project initiation phase the project manager should identify the necessary resources and allot them in the necessary phases.
Lack of experts	HR  manager	High	Medium	Professional training and development program should be developed to make the employees aware of their responsibilities and job roles
Budget overload	Finance manager	Very High	High	Project budget should be prepared at the project initiation phase
Time overload	Sponsor and project manager	High	High	For each activity time should be estimated by the project manager

From the overall discussion it can be concluded that, the nominated ERP failure project can be mitigated if proper risk management plan is developed by the responsible project team members. Among different risk management techniques the most suitable technique for mitigating the ERP implementation project failure risk is FMEA technique, which is illustrated here. Moreover, it has been determined that in order to resolve any kind of business risks it is necessary for the executives to develop a risk management pan at the very project initiation phase. The common phases those are to be followed accordingly include risk identification, assessment, prioritize and mitigation or control. If all of these phases are followed properly then the chance of risks are expected to be minimized automatically. However the risk management plan should be developed based upon the IS0 31000:2009, which is the modified version of ISO:31000:2004.

References

McNeil, A.J., Frey, R. and Embrechts, P.,. Quantitative risk management: Concepts, techniques and tools. Princeton university press., 2015

Cagliano, A.C., Grimaldi, S. and Rafele, C.,. Choosing project risk management techniques. A theoretical framework. Journal of Risk Research, 18(2), pp.232-248., 2015

Neves, A.A.S., Pinardi, N., Martins, F., Janeiro, J., Samaras, A., Zodiatis, G. and De Dominicis, M.,. Towards a common oil spill risk assessment framework–adapting ISO 31000 and addressing uncertainties. Journal of environmental management, 159, pp.158-168., 2015

Marin, J.C., January. Risk Management for Road Safety Based on the ISO 31000. In ASSE Professional Development Conference and Exposition. American Society of Safety Engineers., 2017

Hoffer, E., Shaw, G.B., Senge, P.M. and Drucker, P.F.. Creating a new system model of managing change based on quality management principles and risk management principles 2. Journal of central banking theory and practice, 4(3), p.94. 2015.

Dias, A.A.D.S.P.. A more effective audit after COSO ERM 2017 or after ISO 31000: 2009?. Revista Perspectiva Empresarial ISSN: 2389-8194 (En línea), 4(2), pp.73-82., 2017

Mikes, A. and Kaplan, R.S.,. When one size doesn’t fit all: Evolving directions in the research and practice of enterprise risk management. Journal of Applied Corporate Finance, 27(1), pp.37-40., 2015

Horner, C.A. and Wilmshurst, T.D.,. STAKEHOLDER ENGAGEMENT AND THE GRI: IMPLICATIONS FOR EFFECTIVE RISK MANAGEMENT. CORPORATE OWNERSHIP & CONTROL, p.210. 2016

Gaudenzi, B., Confente, I. and Manuj, I., , September. HOW MANAGERS PERCEIVE AND ASSESS SUPPLY CHAIN RISKS? EMPIRICAL RESULTS FROM A SAMPLE OF EUROPEAN ORGANIZATIONS. In 8th Annual Conference of the EuroMed Academy of Business.,2015

Wessels, J.S. and Sadler, E.,. Risk management in higher education: An open distance learning perspective. Southern African Business Review, 19(2), pp.74-98., 2015

Shad, M.K. and Lai, F.W.,. A conceptual framework for enterprise risk management performance measure through economic value added. Global Business and Management Research, 7(2), p.1., 2015

Griraa, J., Bedard, Y., Roche, S. and Devillersb, R.,. Towards a Collaborative Knowledge Discovery System for Enriching Semantic Information about Risks of Geospatial Data misuse. Uncertainty Modelling and Quality Control for Spatial Data, p.233., 2015

Mayer, N. and De Smet, D.,. Systematic Literature Review and ISO Standards analysis to Integrate IT Governance and Security Risk Management. International Journal for Infonomics (IJI), 10(1), pp.1255-1263.,2017

Bromiley, P., McShane, M., Nair, A. and Rustambekov, E. Enterprise risk management: Review, critique, and research directions. Long range planning, 48(4), pp.265-276., 2015

Ho, W., Zheng, T., Yildiz, H. and Talluri, S. Supply chain risk management: a literature review. International Journal of Production Research, 53(16), pp.5031-5069.,2015

Pritchard, C.L. and PMP, P.R.,. Risk management: concepts and guidance. CRC Press. 2014

Hopkinson, M.,. The project risk maturity model: Measuring and improving risk management capability. Routledge. 2017

Glendon, A.I., Clarke, S. and McKenna, E. Human safety and risk management. Crc Press. 2016

Lam, J. Enterprise risk management: from incentives to controls. John Wiley & Sons., 2014

Burtonshaw-Gunn, S.A. Risk and financial management in construction. Routledge., 2017

Falkner, E.M. and Hiebl, M.R. Risk management in SMEs: a systematic review of available evidence. The Journal of Risk Finance, 16(2), pp.122-144. 2015

Marcelino-Sádaba, S., Pérez-Ezcurdia, A., Lazcano, A.M.E. and Villanueva, P.,. Project risk management methodology for small firms. International journal of project management, 32(2), pp.327-340., 2014

Hoffmann, R., Kiedrowicz, M. and Stanik, J. Risk management system as the basic paradigm of the information security management system in an organization. In MATEC Web of Conferences(Vol. 76, p. 04010). EDP Sciences., 2016

Ibáñez, A.J.P., Bernal, J.M.M., de Diego, M.J.C. and Sánchez, F.J.A. Expert system for predicting buildings service life under ISO 31000 standard. Application in architectural heritage. Journal of Cultural Heritage, 18, pp.209-218., 2016

Dias, A.A.D.S.P. A more effective audit after COSO ERM 2017 or after ISO 31000: 2009?. Revista Perspectiva Empresarial ISSN: 2389-8194 (En línea), 4(2), pp.73-82.,2017

de Oliveira, U.R., Marins, F.A.S., Rocha, H.M. and Salomon, V.A.P. The ISO 31000 standard in supply chain risk management. Journal of Cleaner Production, 151, pp.616-633.,2017

Chemweno, P., Pintelon, L., Van Horenbeek, A. and Muchiri, P. Development of a risk assessment selection methodology for asset maintenance Griraa, J., Bedard, Y., Roche, S. and Devillersb, R., 2015. Towards a Collaborative Knowledge Discovery System for Enriching Semantic Information about Risks of Geospatial Data misuse. Uncertainty Modelling and Quality Control for Spatial Data, p.233. Journal of Production Economics, 170, pp.663-676. 2015.

Griraa, J., Bedard, Y., Roche, S. and Devillersb, R. Towards a Collaborative Knowledge Discovery System for Enriching Semantic Information about Risks of Geospatial Data misuse. Uncertainty Modelling and Quality Control for Spatial Data, p.233., 2015

Horner, C.A. and Wilmshurst, T.D. STAKEHOLDER ENGAGEMENT AND THE GRI: IMPLICATIONS FOR EFFECTIVE RISK MANAGEMENT. CORPORATE OWNERSHIP & CONTROL, p.210, 2016.

Shad, M.K. and Lai, F.W. A conceptual framework for enterprise risk management performance measure through economic value added. Global Business and Management Research, 7(2), p.1., 2015

Gaudenzi, B., Confente, I. and Manuj, I., , September. HOW MANAGERS PERCEIVE AND ASSESS SUPPLY CHAIN RISKS? EMPIRICAL RESULTS FROM A SAMPLE OF EUROPEAN ORGANIZATIONS. In 8th Annual Conference of the EuroMed Academy of Business., 2015.

Mayer, N. and De Smet, D. Systematic Literature Review and ISO Standards analysis to Integrate IT Governance and Security Risk Management. International Journal for Infonomics (IJI), 10(1), pp.1255-1263., 2017