RISK MANAGEMENT FRAMEWORK FOR SELECTED SERVICE

ORGANISATIONS IN THE WESTERN CAPE

CHINA MASANDE GONIWE

199045771

MASTER OF ENGINEERING: QUALITY

In the

Faculty of Industrial and Systems Engineering

Principal Supervisor:
Prof. Stephen Bosman

Co Supervisor:
Bronwyn Claudia Swartz

Cape Town
17 June 2018
 DECLARATION

By

China Masande Goniwe

“I hereby declare that this research submitted for the degree (Master of Engineering: Quality) at
the Cape Peninsula University of Technology, is my own original unaided work and has not
previously been submitted for any other institution of higher education. I further declare that all
sources cited or quoted are indicated or acknowledged by means of a comprehensive list of
references”

Name: China Masande Goniwe

Signature:

Date:

Copyright© Cape Peninsula University of Technology

i|P age
 ABSTRACT

This qualitative research study examines the everyday operation of risk management within quality
management in selected service organisations in the Western Cape. The service organisations are
selected on the basis of their reputation in the providence of services. This qualitative research
study specifically focuses on the scope of risk management particularly within quality
management. The predominant objective of this research is to develop a framework that can be a
significant contributor to improvement in the Western Cape’s service organisations.

A finding of this research is that there are gaps that need to be closed in order to improve the risk
management system as well as the quality management. In addition this research confirms that a
risk management framework needs to be developed to provide a mechanism that can be employed
by service organisations in the Western Cape to ensure that risk is identified, assessed, monitored
and mitigated. Furthermore, the research then presented a risk management framework that will
provide a method that can be put into practice by service organisations in the Western Cape to
ensure that risk is managed effectively and efficiently.

This research demonstrates that in order to develop a risk management framework it is important
that a risk management system is understood thoroughly. Then once the risk management system
is understood required changes can be proposed and this is done for the purposes of improvement
in the Western Cape’s service organisations. The approach proposed by this research challenges
views that regard enhancing the service organisation's risk management within their quality
management system with the goal of satisfying their customers.

Keywords: Risk Management, Quality Management, Service Organisations, Western Cape,

Risk Management Framework, Risk Evaluation, Integration, Perception, Risk Factors,
Constraints

ii | P a g e
 ACKNOWLEDGEMENTS

I would like to thank the following persons for their respective roles in the completion of this
research study:

 I would like to thank God for shinning His light upon my studies and for every academic
blessing.
 The special participants in this study for their wisdom, courage and honesty.
 My mother, Yisa Goniwe, whose infinite faith in my abilities made this research study
possible.
 My supervisor, Professor Stephen Bosman, for his input and guidance.
 My co-supervisor, Bronwyn Swarts, whose patience, insight and guidance was always a
source of motivation and encouragement.
 My nephew, Amile Nyeka, for his love and support.
 My loving friends, colleagues, loved ones and family; for their interest, constant love and
encouragement.

iii | P a g e
 DEDICATION

This research study is dedicated to my mother, Yolisa “Yisa” Goniwe, whose unconditional love
has always been an inspiration.

iv | P a g e
 TABLE OF CONTENTS

DECLARATION i

ABSTRACT ii

ACKNOWLEDGEMENTS iii

DEDICATION iv

1.1 INTRODUCTION…………………………………………………………………..1

1.2 BACKGROUND……………………………………………………………………3

1.3 RESEARCH PROBLEM STATEMENT…………………………………………...5

1.4 PRIMARY RESEARCH QUESTION.......................................................................6

1.4.1 Investigative questions 6

1.5 RESEARCH OBJECTIVES………………………………………………………...6

1.6 THE RESEARCH PROCESS………………………………………………………7

1.7 RESEARCH DESIGN AND METHODOLOGY…………………………………..7

1.8 DATA COLLECTION DESIGN AND METHODOLOGY………………………..9

1.9 RESEARCH ASSUMPTIONS……………………………………………………...10

1.10 RESEARCH CONSTRAINTS……………………………………………………...10

1.11 CONCLUSION……………………………………………………………………...10

CHAPTER 2: HOLISTIC OVERVIEW OF THE RESEARCH ENVIRONMENT…11

2.1 INTRODUCTION…………………………………………………………………..12

2.2 SERVICE ORGANISATIONS……………………………………………………..12

2.3 SERVICE ORGANISATIONS IN THIS RESEARCH STUDY…………………...12

2.3.1 Power Group 12

v|P ag e
2.3.2 Department of Water and Sanitation in the Western Cape 13
2.3.3 The City of Cape Town’s Electricity Department 14

2.4 RISK MANAGEMENT WITHIN QUALITY MANAGEMENT SYSTEM………15

2.4.1 Quality management in service organisations 15

2.4.2 Risk management in service organisations 16
[Link] Risk management in quality management at Power Group 16
[Link] Risk management in quality management at DWS 18
[Link] Risk management in quality management at ESD 19

2.5 THE NEED FOR A RISK MANAGEMENT FRAMEWORK…………………….20

2.6 CONCLUSION……………………………………………………………………..22

CHAPTER 3: LITERATURE REVIEW………………………………………………..24

3.1 IMPORTANCE OF QUALITY MANAGEMENT SYSTEM……………………...24

3.2 THE RISK MANAGEMENT SYSTEM……………………………………………28

3.3 EVALUATION OF CURRENT RISK MANAGEMENT………………………… 30

3.3.1 Risk and uncertainty within quality management 32

3.3.2 Operational risk management in quality management 32
3.3.3 Project risk management within quality management 35
3.3.4 Enterprise risk management and compliance (ERM) 36
3.3.5 Governance, risk management and compliance (GRC) 38
3.3.6 Mitigate, avoid and transfer (MAT) 38
3.3.7 The importance of organizational culture during risk management 39

3.4 EMPLOYEE AND MANAGEMENT PERCEPTION ON RISK………………….41

3.5 FACTORS THAT MOST AFFECT RISK MANAGEMENT RESULTING

IN INADEQUACIES IN THE QUALITY MANAGEMENT SYSTEM………….42

3.6 EVALUATION OF INADEQUACIES IN A RISK MANAGEMENT SYSTEM...43

3.7 DEVELOPMENT OF AN IMPROVED PLAN FOR CHANGES TO CURRENT

RISK MANAGEMENT SYSTEM…………………………………………………46

vi | P a g e
3.8 CONCLUSION……………………………………………………………………..50

CHAPTER 4: RESEARCH DESIGN AND METHODOLOGY………………………51

4.1 RESEARCH DESIGN AND METHODOLOGY…………………………………..51

4.1.2 Research process 53

4.2 DATA COLLECTION DESIGN AND METHODOLOGY……………………….54

4.2.1 Sampling Technique 55

4.2.2 Interviews 56

4.3 DATA ANALYSIS…………………………………………………………………57

4.4 DATA VALIDITY AND RELIABILITY………………………………………….58

4.5 ETHICAL CONSIDERATIONS…………………………………………………...59

4.6 CONCLUSION……………………………………………………………………..60

CHAPTER 5: DATA ANALYSIS……………………………………………………….61

5.1 THE RESEARCHER’S APPROACH TO ANALYSIS……………………………61

5.2 THE NATURE OF PARTICIPANTS………………………………………………61

5.3 DATA ANALYSIS…………………………………………………………………62

5.3.1 Evaluation of current risk management system within quality management 63

5.3.2 The evaluation of risk management that is integrated into quality management
system 65
5.3.3 Executive employees and operational employee perception on risk management
within the quality management system in selected service organisations 67
5.3.4 Factors that affect the risk management system 70
5.3.5 Constraints to risk management within the quality management system 75
5.3.6 Other factors that influence risk management within quality management 77

vii | P a g e
5.4 SUMMARY OF FINDINGS………………………………………………………..80
5.5 CONCLUSION……………………………………………………………………...82

CHAPTER 6: CONCLUSION…………………………………………………………...81

6.1 INTRODUCTION…………………………………………………………………..83

6.2 THE RESEARCH OUTLINE………………………………………………………83

6.3 SUMMARY OF THE OVERALL FINDINGS…………………………………….84

6.4 RESEARCH QUESTION…………………………………………………………..86

6.5 RECOMMENDATIONS…………………………………………………………...86

6.5.1 Investigative question 1 86

6.5.2 Investigative question 2 87
6.5.3 Investigative question 3 87
6.5.4 Investigative question 4 87
6.5.5 Investigative question 5 88

6.6 RISK MANAGEMENT FRAMEWORK…………………………………………..88

6.7 CONCLUSION……………………………………………………………………...91

6.8 BIBLIOGRAPHY…………………………………………………………………...92

Acronyms and Abbreviations (list of abbreviations)

DWS Department of Water and Sanitation

CCT City of Cape Town

ESD Electricity Services Department

ERM Enterprise Risk Management

SHEQ-MS Safety, health, environment and quality management system

GRC Governance, risk management and compliance

SABS South African Bureau of Standards

viii | P a g e
OHAS Occupational Health and Safety

CEO Chief executive officer

ISO International Organisation for standardisation

MAT Mitigate, Avoid and Transfer

List of figures
Figure 1: Three fold diagram 4

Figure 2: Relationship of risk to possible losses and gains 5

Figure 3: An approach to evaluating risk management effectiveness 31

Figure 4: Operational risk management 34

Figure 5: Link between risk identification and risk evaluation 44

Figure 6: The framework for risk management 48

Figure 7: Research process 54

List of Tables
Table 1: Causes and effects 33

ix | P a g e
CHAPTER 1: INTRODUCTION AND MOTIVATION

1.1 INTRODUCTION

The degree of risk management present in quality management systems within selected service
organisations in the Western Cape is evaluated by this research. The aim of the study was to
identify gaps and recommend ways to close those gaps in order to improve the risk management
system as well as the quality management system.

The evaluation of how the departments within service organisations interact and support the
organisation and how the risk management system affects quality management system across
organisations is presented by this dissertation.

The research evaluates whether differences exist in the manner in which risk is managed in
different service organisations in the Western Cape. The focus of study is to adapt the good features
of the best demonstrated practices and a framework that supports quality management system is
developed to improve risk management.

Abuhav (2017: 8) points out that a quality management system is a management technique used
to communicate requirements to produce the desired quality of products and services to employees,
and to influence employee actions to complete tasks according to the quality specifications. When
‘quality’ is the key to an organisation’s success, quality management systems in the organisation
allow that organisation to keep abreast of current quality levels, meet the customer’s requirement
for quality, retain employees through competitive compensation programs, and to keep up to date
with the latest technology (Abuhav 2017: 8).

According to Drennan, McConnell and Stack (2014:20), quality management is a process of

designing and executing products and services effectively, efficiently and economically while risk
management is the process of identifying, addressing, prioritising and eliminating potential sources
of failure to achieve objectives.

1|P a ge
Aven and Renn (2010:3), argue that risk refers to uncertainty about an event or situation with
respect to something that human’s value.

When the focus of the quality management system is transformed to adopt to a risk based
perspective, the common definitions of quality become risk of defects, risk of customer
dissatisfaction, risk of uncontrolled process variance, risk of product unreliability, risk of security
breach, risk of lack of fitness (Drennan, McConnell & Stack 2014:20).

Applying risk management is being proactive, preventive and pre-emptive. It is believed that
quality management system can be used to manage risks and is essential in organisations (Drennan,
McConnell & Stack 2014:20). The authors further state, that the management of risk can be viewed
as an inherent part in the process of managing quality. They purport that unless threats to the
achievement of the delivery objectives are identified, evaluated and appropriate controls are put in
place, it is less likely that services will be delivered with the level of quality intended (Drennan,
McConnell & Stack 2014:20).

This research set out to assess three service organisations within the Western Cape with a focus
directed at their risk management system. The organisations are Power Group (Engineering and
Construction), the Department of Water Affairs (DWA) and the City of Cape Town (CCT).

Three organisations are selected in the Western Cape on the basis of their reputation in the
providence of services. The services that they provide to their customers include water, electricity
and roads. These three essential service organisations provide services to their customers
considering the customer’s expectations and perceptions. When an organisation understands the
customer’s expectations and customer’s perceptions, that organisation is enabled to assess the gap
in the area. The three organisations have a quality management system in place with a strong
emphasis on risk management systems with the idea to improve their services continuously
ensuring customer satisfaction.

This research explored and determined the level of risk management present in quality
management system in the above mentioned organisations.

2|P a ge
1.2 BACKGROUND

According to AL-Thani & Merna (2008:37), risk is unavoidable and over time procedures for
survival in a constantly changing environment have been developed. The author’s contention is
supported by Cretu, Stewart and Berends (2011:1) who affirms that although risk management has
been around since ancient history, one of the reasons for the development of risk management has
been the failure of projects to meet their budgets, completion dates, quality and performance or
generate sufficient revenues to service the principal and interest payments.

Risk management according to Gibson (2014:22) includes several techniques, namely:

 Avoidance,
 Transfer and
 Mitigation

The above mentioned techniques are used to manage risk by simply avoiding it, transferring risk
by shifting responsibility to another party and reducing vulnerabilities (Gibson 2014:23).

A common approach employed for risk management in organisations is that organisations have
risk committees which are chaired by a main board member or a risk facilitator which has overall
responsibility for risk management across the organisation (Cretu, Stewart & Berends 2011:1).

The authors argue that one of the most important concerns that organisations face today is the
management of risk. Thus, it is essential for organisations to have a comprehensive risk
management strategy for survival, allowance for informed business decision making and
continuous improvement (Cretu, Stewart & Berends 2011:4). Further to this, the authors state that
to have a process in place to identify major business risks as one of the key procedures of an
effective control system is of utmost importance.

The enterprise risk management (ERM), safety, health, environment and quality management
system (SHEQ-MS) and Governance, risk management and compliance (GRC) will be introduced
and reviewed.

3|P a ge
Cretu, Stewart and Berends (2011:5), offer principles for assessing effectiveness on the
identification and evaluation of risks and control objectives, namely:
 Identification of key business risks timeously,
 Consideration of the likelihood of risks crystallising,
 Establishment of priorities for the allocation of resources available for control and
 The setting and communicating of clear control objectives.

The types of risks that organisations face change constantly. The management of risk should be a
process of identification and mitigation that is reviewed regularly. In addition, the authors add that
all levels of an organisation must be included in the management of risk in order for it to be
effective. They maintain that the aim of risk management is threefold as seen in figure 1.

Undertake an
objective analysis
Identify risk of risks specific to
the organisation

Respond to the risks in an

appropriate and effective
manner

Figure 1: Threefold diagram (Source: Cretu, Stewart & Berends 2011:5)

The authors argue that these stages include being able to assess the prevailing environment (both
internal and external) and to assess how any changes to that prevailing environment would impact
on a project in hand or on a portfolio of projects (Cretu, Stewart & Berends 2011:5).

An opinion offered by Cretu, Stewart & Berends ([Link]), is that the word ‘risk’ is perceived in
a negative way, however, if managed in the correct way the prevailing risks can have a positive
impact such as making business better, saving money, fewer losses, greater efficiency, productivity

4|P a ge
and safety. The illustration as seen in Figure 2 is an example of a relationship of risk to possible
losses and gains.

Loss

Risk

Gain

Figure 2: Relationship of risk to possible losses and gains (Source: Cretu, Stewart & Berends 2011:6)

Cretu, Stewart & Berends (2011:6), state that risk management should not only consider threats
(possible losses) but also the opportunities (possible gains). They state that it is important to note
that losses or gains can be made at each level of an organisation.

There are many different types of risk as described by Hong Kong Institute of Bankers (2013:4),
such as the credit risk, market risk, liquidity risk, reputational risk, legal risk and strategic risk
however, this research focuses on operational risk management.

A definition offered by Lam (2014:44), is that operational risk is the risk of loss which results from
inadequate or failed internal processes, people and systems from external events.
Operational risk does not only cover operations in an organisation. Operational risk covers all
aspects of business risk which includes strategic and reputational risks (Blunden and Thirlwell,
2013:8). This study explores and unpacks all aspects of operational risk management.

1.3 RESEARCH PROBLEM STATEMENT

The absence of certain elements in an operational risk management framework has an adverse
effect on quality management systems in selected service organisations in the Western Cape.

5|P a ge
1.4 PRIMARY RESEARCH QUESTION

What are the most influential factors, pertaining to risk management, that have an adverse effect
on the quality management systems in selected service organisations in the Western Cape?

1.4.1 INVESTIGATIVE QUESTIONS

 What are the primary differences seen in risk management systems of selected service
organisations in the Western Cape?
 What are the primary areas of the quality management system that are adversely affected
by poor risk management?
 What is the result of inadequate risk management system that impacts on the quality
management system?
 What are the reasons for inadequate risk management system in the selected service
organisations in the Western Cape?
 How can excellence in risk management in a quality management system be achieved?

1.5 RESEARCH OBJECTIVES

 Evaluate current risk management systems within quality management systems of

selected service organisations in the Western Cape.
 Determine employee and management perception on risk management within the quality
management system in selected service organisations.
 Establish factors affecting the risk management system resulting in inadequacies.
 Evaluate the inadequacies in the risk management system in the selected service
organisations in the Western Cape.
 Develop an improved plan for changes to current risk management system.

6|P a ge
1.6 THE RESEARCH PROCESS

Oliver (2010:30), proposes that the following be used as a research process:

 Determine the ‘field of study’,
 Identify a specific problem within a researchable application area,
 Conduct an abbreviated literature review,
 Formulate the research problem,
 Formulate a research question and associated investigative questions,
 Select an appropriate research design and methodology,
 Determine key research objectives,
 Document the research process,
 Identify the limitations of the research,
 Formulate a formal research proposal,
 Established a structured working relationship with the supervisor,
 Conduct an in-depth literature review,
 Collect, analyse and interpret the research data,
 Write up the dissertation or thesis and
 Proofread the dissertation/thesis and submit for formal vetting.

1.7 RESEARCH DESIGN AND METHODOLOGY

Kumar (2008:5) and Mackey and Gass (2015:1), argue that research methodology is a manner in
which to systematically solve research problems. It may be understood as a science of ‘studying
how research is scientifically performed’ (Kumar, 2008:5, Mackey & Gass, 2015:1).

Methodology is understood as “how to proceed from the findings of empirical research to make
inferences about the truth – or at least the adequacy – of theories”. (Bellamy & 6, 2012:1). Kothari
(2004:32) and Roller and Lavrakas (2015:1), offer that research design is needed because it
facilitates the smooth operation of the various research functions, thereby making research as

7|P a ge
efficient as possible yielding maximal information with minimal expenditure of effort, time and
money.

Both Kothari (2004:33) and Roller and Lavrakas (2015:1), express the view that a research design
should be appropriate for the particular research problem that it was selected for, and usually
involves the consideration of the following factors:
 the means of obtaining information,
 the availability and skills of the researcher and his staff, if any,
 the objective of the problem to be studied, and
 availability of the time and money for the research work.

Both Kumar (2008:8) and Mackey and Gass (2015:1), share the opinion that quantitative research
is based on the measurement of quantity or amount. Quantitative research is therefore applicable
to phenomena that can be expressed in terms of numerical quantity. The author adds that the
qualitative research, on the other hand, is concerned with qualitative non-numerical phenomenon,
i.e., phenomena relating to or involving quality or kind (Kumar, 2008:8, Mackey & Gass, 2015:1).
In light of offerings of these authors, the research method that will be employed by this research
study is a qualitative research method. It is believed that a qualitative method will be best suited
for this research study as this study will focus on collecting data using the interview approach.

Creswell (2014:4), emphasises that qualitative research is an approach for exploring and
understanding the meaning individuals or groups ascribed to a social or human problem. The
process of research involves emerging questions and procedures, data typically collected in the
participant’s setting and the researcher making interpretations of the meaning of the data. The final
written report has a flexible structure. Cresswell (2014:4) avers that those who engage in this form
of inquiry support a way of looking at research that honours an inductive style, a focus on
individual meaning, and the importance of rendering the complexity of a situation.

A cross-sectional study will be best for this study because “it is one which collects data about
various variables of the sample at one point of time in order to uncover relationships existing
among those variables” (Kumar 2008:10, Mackey & Gass, 2015:2).

8|P a ge
1.7 DATA COLLECTION DESIGN AND METHODOLOGY

According to Lapan, Quartaroli and Riemer (2012:8), the goal of most research is to find the
answer to some question or solution to some problem and translate that answer into findings that
may lead to practical decisions of one kind of another. Lapan, Quartaroli and Riemer (2012:8),
further state that, findings from these kinds of studies might be presented in the form of words,
numbers or both. Numbers, often generated as scores on tests or ratings on surveys, are usually
presented in tables and charts based on descriptive or inferential statistical procedures. Data is
collected from three selected services and risk management practice in relation to the quality
management system is evaluated.

Before data is collected it is important to consider how it will be analysed, reported and used
(Youngberg 1996:53) and (OECD, 2015:186) Theses authors explain that data collection methods
should suggest data sources and involve testing of the methods before implementation.

The unit of measure is thus three service organisations within the Western Cape from which data
will be collected, as this research study seeks to evaluate the risk management systems of the three
organisations.

Som (2012:1), states that sampling is the process by which inference is made of the whole by
examining only a part. The author further states that sampling is woven into the fabric of our
personal and public lives. The purpose of sampling is to provide various types of statistical
information of a qualitative or quantitative nature about the whole by examining a few selected
units. A sampling method is the scientific procedure of selecting those sampling units which would
provide the required estimates with associated margins of uncertainty, arising from examining only
a part and not the whole (Som, 2012:1). Purposive sampling is used for this research study.

According to Joint Commission Resources (2008:35) and Vallabhaneni (2015:490), sampling is a

basic statistical process that involves drawing a limited number of measurements from a larger
source (population) and then analysing those measurements to estimate characteristics of the entire
population. This author states that sampling a subset of an entire population helps one predict the

9|P a ge
results for that population while saving money and resources. Although sampling can be cost-
effective and save time, one must use a statistically valid methodology to ensure the credibility of
the data results (Joint Commission Resources, 2008:35) and (Vallabhaneni 2015:490). Research
data is collected through nine interviews which is conducted over a period of three months.

1.8 RESEARCH ASSUMPTIONS

The research is based on the assumptions that the employees and the managers interviewed provide
accurate and reliable information.

1.9 RESEARCH CONSTRAINTS

Results from this research are based on only three organisations in the Western Cape which might
not provide a holistic overview of the real problem. The research limitation within this study is the
availability of interviewees.

1.10 CONCLUSION

This chapter has sought to provide a brief introduction with key factors which recognise the
importance of an in-depth understanding of a risk management system and how it can be a
significant contributor to improvement in the Western Cape’s service organisations. The
development of a risk management framework by this research ultimately provides a mechanism
that can be employed by service organisations in the Western Cape to ensure that risk is identified,
assessed, monitored and mitigated. The next chapter provides a holistic overview of the research.

10 | P a g e
CHAPTER 2: HOLISTIC OVERVIEW OF THE RESEARCH
ENVIRONMENT

This chapter is a theoretical examination in the general area of the risk management practices
within quality management systems of service organisations, as well as the practices of three
selected service organisations. Thus, chapter two of this research study has a twofold purpose.
First, the chapter provides a holistic literature assessment of the research environment where this
study took place. The focus of the assessment is on risk management practices within the quality
management systems in each of the service organisations selected for this research. Thereafter
this chapter deliberates factors in the research environment that are believed to forecast the need
for a risk management framework in the research environment. As such, gaps in the current body
of knowledge on risk management in service industries are identified. This served as a guide that
ultimately directed the manner in which the research objectives of this study was met.

Accordingly the following relevant topics were reviewed as listed below:

 Introduction,
 Service organisations,
 Service organisations in this research study,
 Risk management within quality management,
 Quality management in service organisations,
 Risk management in service organisations,
 The need for a risk management framework and,
 Conclusion

2.1 INTRODUCTION

To make a significant quality improvement to the manner in which risk is managed in selected
service organisations in the Western Cape, a thorough theoretical evaluation of risk management
during the process of quality management in the research environment is necessary. Therefore,

11 | P a g e
the research lens of this literature review is directed at service organisations within the Western
Cape.

Three essential service organisations were selected on the basis of their reputation in the
providence of services. The services these organisations provide are construction, water and
electricity. All of the organisations share an association by the fact that they all have an operational
quality management system in place. The organisations are Power Group, the Department of
Water and Sanitation (DWS) and the City of Cape Town (CCT).

2.2 SERVICE ORGANISATIONS

Botten and McManus (1999:31) define a service organisation as an organisation that delivers a
service to user entities. They maintain the service is likely to be relevant to these user entities’.
The term ‘user entity’ is defined as a consumer organisation or ordinary consumer making use of
the service. Parker (2012: 12) offers that there are two types of services namely, a private service
and a public service. He proposes a public service can be described as a system that serves a public
need such as public transport, the construction of roads, communication services or utilities such
as electricity and water (Parker, 2012:11).

2.3 SERVICE ORGANISATIONS IN THIS RESEARCH STUDY

A brief background history is offered in the section that follows to provide insight into the three
service organisations that formed part of this research study.

2.3.1 Power Group

Power Group is one of South Africa’s largest privately-owned construction organisations. Power
Group is committed to contributing towards black economic empowerment and housing. The
organisation boasts Batho Pele principles and a “people first” culture they have adopted. They

12 | P a g e
claim the adoption of these principles promotes respect between employees and towards
customers. (Powergrp, 2015: online).

Since 1983, Powergrp (2015: online) assert they have built homes for people across South Africa.
The organisation has also built schools, emergency centres, shopping malls, office blocks and
warehouses to improve the lifestyle of the general public and to grow businesses. They have also
constructed roads and structures for municipalities, farmers, film studios and golf estates. The
taxiways and runways at OR Tambo, Cape Town International and East London airports were
constructed by Power Group.

Powergrp (2015: online), add they operate across Southern Africa from regional offices in Cape
Town, Port Elizabeth, Centurion and Swakopmund (Namibia). The organisation is a level two B-
BBEE contributor; ISO 9001 certified with a CIDB 9CE, GB and SB Grading. This grading is the
highest grading available in South Africa (Powergrp, 2015: online). A CIDB 9CE, GB and SB
grading is issued by South African Bureau of Standards (SABS). SABS is a national institution
for the promotion of quality and the maintenance of standardisation associated to rendering
services (SABS, 2017: online).

Powergrp (2015: online), maintains a commitment to strive to constantly improve everything they
do. They have key commitments to guide them to delivering more than what is expected to their
customers. The commitments include purpose, vision, caring for people, reliability, quality,
professionalism and ethics. To support this, Power Group has adopted a ISO 9001:2015 quality
management system that is risk based with the aim to improve its services continuously.

2.3.2 Department of Water and Sanitation in the Western Cape

The Department of Water and Sanitation (DWS) strives to ensure that all South Africans gain
access to clean water and safe sanitation. Consequently, the DWS promotes effective and efficient
water resources management to ensure sustainable economic and social development (DWS, 2015:
online).

13 | P a g e
The maintenance of quality water supply is a crucial element to sustainable socio-economic
development and the eradication of poverty. Therefore, it is regarded as a critical function in South
Africa. The importance of DWS’s function is South Africa is highlighted by the fact that
agriculture contributes 60% towards the South African economy and irrigation is essential for
agriculture (DWS, 2015: online).

The DWS’s legislative mandate is to ensure that the Western Cape’s water resources are protected,
managed, used, developed, conserved and controlled. They fulfill this via the effective delivery
of safe water supply and sanitation. In addition to function of supplying water and sanitation,
DWS (2015: online), states the DWS is primarily responsible for the formulation and
implementation of policy governing this sector. Risk management takes place within the quality
management system of the DWS to continuously improve the services they provide with the goal
of meeting the needs and satisfying their customers (DWS, 2015: online).

2.3.3 The City of Cape Town’s Electricity Department

The City of Cape Town’s Electricity Services Department (ESD) distributes electricity to
residential, commercial and industrial customers situated largely within the southern part of Cape
Town. In doing so, ESD provides the necessary link between the electricity supplier and the
consumers that buy and use electricity.

To transport electricity from the supplier to consumers, ESD needs to construct and maintain the
specialized equipment required for the transport of the electricity along the high voltage
transmission lines. The transmission lines carry electricity from the country’s power stations in
the Northern Province and Mpumalanga to Cape Town. This ensures customer’s requirements are
met; namely the supply of domestic electricity and public lighting; including street lighting.

The literature reviewed on the three service organisations demonstrates their focus on and
commitment to service improvement, quality and customer satisfaction.

14 | P a g e
2.4 RISK MANAGEMENT WITHIN QUALITY MANAGEMENT SYSTEM

In the results of an assessment Pertersen, Nussel and Hamer (2014:20) conducted on risk
management as a component of quality management, they state that risk assessments form part of
quality management system requirements. Similarly, Pellettieri (2015:33) is of the opinion that
“assessments” are a component of risk management. Moreover, he articulates it is advantageous
to include risk assessments as part of the quality management system to improve planning in
business. It is understood that the views of the above-mentioned authors are the same, namely risk
assessments is a component of risk management within quality management. Thus in this chapter
the three selected organisations were theoretically evaluated prior to the collection of data to
determine the extent of risk management they exercise within the quality management system.
The theoretical evaluation is presented for each separate organisation in section 2.4.2 below.

2.4.1 Quality management in service organisations

Natarajan (2017:3), offered a description that a quality management system is a collection of

business processes focused on meeting customer requirements reliably as well as enhancing their
satisfaction. Organisations can use a standard such as ISO 9001:2015 to manage quality. This
author further stated that a quality management system is aligned with an organisation’s purpose
and strategic direction. All of the three service organisations selected for this study have adopted
ISO 9001:2015 to manage quality in their organisations.

Al- Hakim (2006:16) and Ho (1999:131) express their opinions that the widespread interest in
using quality management to improve organisational performance first started in the
manufacturing sector. It was only later that it spread to service organisations. These authors agree
that many organisations use quality management not only to assure the quality of their product or
service, but also to to improve their organisation’s performance. Such organisations meet
customer needs while remaining economically competitive. They vie that automated processes
afford an advantage to an organisation, however state most services in particular are traditionally
still manual labour-intensive. As such quality management presents more challenges in service
organisations than in manufacturing organisations due to the human feature of services. The

15 | P a g e
authors concede though there can never be a substitute for high-quality personal interaction
between service employees and customers (Al- Hakim 2006:16 and Ho 1999:131). There are
however several factors and events that could have negative consequences for an organisation and
consequently prevent the organisation from achieving their quality objectives, therefore risk
management during quality management is needed.

2.4.2 Risk management in service organisations

Boyle (2015:228) asserts the effective management of risk is considered to be a critical element
of good governance in service organisations. He argues that the manner in which uncertanties are
handled in service organisations has implications on strategic and business planning objectives. In
addition, it can potentially also affect the relationship with stakeholders and have an impact on the
control of work programmes and activities. Aven and Renn (2010:3), are of the opinion that risk
refers to uncertainty about an event or situation with respect to something that human’s value.

Harris (2005:407), avers that in order for risk management in service organisations to be most
effective, the management of risk should be part of the organisation’s culture. Moreover, this
author is regarded to maintain the view that risk management should be integrated into the
organisation’s philosophy, practices and business plans rather than be viewed or practiced as a
separate program. The author contends that when an organisation succeeds in the above mentioned
then risk management becomes the business of everyone in the service organisation.

[Link] Risk Management in Quality management at Power Group

In a preliminary interview with Hirst (2016) of Power Group, the view was expressed that before
the formal implementation of ISO 9001:2015, Power Group had a risk committee that assess
business risk. This risk committee was chaired by the CEO. He reported the risk committee
enjoyed a prime focus for the organisation, since the management of the organisation realised that
unattended risk presented a significant threat to the quality of their service. Consequently, they
believed this had a positive impact on customer satisfaction. Hirst (2016) mentions that the
organisation subsequently adopted ISO 9001:2015. He highlights that ISO 9001:2015 is a risk

16 | P a g e
based approach to quality management, and therefore was consistent with the organisation’s
position on risk since compliance to ISO 9001:2015 facilitates risk management in the
organisation.

At present, Power Group has an ISO 9001:2015 certified quality management system. One of the
areas that involve risk management at Power Group according to Hirst (2016) include Health and
Safety (OHAS 18001). Preliminary examination revealed that the management of health and
safety in particular presents an area that exposes the Power Group to several potential significant
risks (Hirst, 2016).

Hughes and Ferrett (2015: 4) maintain an opinion that health and safety is well recognised as an
important component of the operations in many organisations. Adequate health and safety in an
organization is not only important for the protection of people from harm, but it also has a financial
impact since inadequate health and safety measures result in direct and indirect costs due to
accidents. These authors extrapolate by adding there has been a growing concern over a decade
because of the poor record of health and safety in the construction industry. They aver that a good
health and safety performance is normally only accomplished when health and safety is managed
effectively. If adequately managed significant risks are identified in the organisation and these
risks are reduced by adopting appropriate high quality control measures (Hughes & Ferret 2015,
4).

Power group is a construction organisation. Preliminary examination revealed that before the
organisation they employ workers that might not have done road works, concrete work or worked
in trenches before they make them aware of the risks and hazards most importantly the safe work
procedures (Hurst, 2016).

The implementation of safety, health, environment and quality management system is not only to
improve safety and health of workers but also to assist the organisations to improve quality of their
product and services as well as the environment conditions dominant in the workplace (Chaturvedi
2007:23). During the management of safety and health as mentioned above, risk must
simultaneously be managed to control possible future events. The development of the risk

17 | P a g e
management framework will ensure that current risk management within quality management is
evaluated at all levels.

[Link] Risk Management in Quality Management at DWS

In preliminary interviews conducted at DWS, Mxi (2016) confirmed that one of DWS’s most
important functions is to build dams. This function commences with planning and thereafter the
implementation of plans takes place. DWS focuses on what could prevent the organisation from
accomplishing their objective in a given financial year. Thus, there is a designated risk
management unit to monitor each new project to ensure high quality, timely and cost effective
completion.

Mxi (2016) affirmed that DWS has an ISO 9001:2015 certified quality management system. A
function of managing quality at the DWS entails the timely recognition of which projects are going
to be impossible to meet and thereby fall short of the customer’s expectation. DWS believes that
the implementation of integrated quality management system will from the onset ensure that risk
is managed and the quality of the output is enhanced. Mxi (2016), articulated the opinion that the
consequence of an integrated quality management system is the quality of the output is enhanced
through the management of risk.

The major factors that have influence on the risk management within the quality management
system, according to Mxi (2016) are lack of communication, limited project management skills
and capital resources. These risk areas are areas that can be managed through proper quality,
project and risk management in an organization.

Associated to the risk of “lack of communication”, Spencer (2013:13) defines communication as

the “exchange of information between a sender and a receiver, and the perception of meaning
between the individuals involved”. Effective communication is essential for any organisation to
be successful. Effective communication can provide both customers and employees with the
essential tools to succeed and find satisfaction (Spencer, 2013:13). Heldman, Baca, and Jansen
(2007:10), elaborates that one of the single most important characteristics of a first class project

18 | P a g e
manager is excellent communication skills. A risk management framework will assist during
project management to identify project risks. These authors expresses their opinion that effective
written and oral communications are the backbone of all successful projects. According to these
authors projects occur to bring about a unique product, service or result. Furthermore, projects are
temporary in nature and have a beginning and ending dates. Thus, project management is
considered to be a discipline that brings together a set of tools and techniques to describe, organise,
and monitor the work of project activities. Communication is the most important skill a project
manager will utilize in the course of a project (Heldman, Baca, and Jansen 2007:41

From the above-mentioned evaluation of DWS and related service organisations it is therefore
understood that a risk management framework would add value by ensuring that all significant
risks faced by this type of service organisation are identified and if addressed will improve the
service offered to customers.

[Link] Risk Management in Quality Management at ESD

In an interview conducted with Esterhuizen (2016) prior to the collection of data, it was revealed
that at the City of Cape Town’s ESD, all risk is aligned with quality management and that is ISO
9001, thus, there’s an integration of quality and risk management in the organization) From the
interview it was gleaned that although ISO 9001 is very important in this organisation, their
emphasis on OHAS 18001 (Occupational Health and Safety) and ISO 14001(Environmental
Management) takes greater priority. The occupational health and safety of their business
environment and employees together with management of their environmental footprint and
environmental risk impact is very critical because the safety of the the organisation’s employees
is first priority (Esterhuizen, 2016).

In essence, the preliminary examination of ESD highlighted that lack of communication was one
of the factors affecting risk management system resulting in adequacies (Esterhuizen 2016). This
chapter foregrounds a few of the factors that were uncovered during the examination of the
research environment, however the intent of this overall research study is to uncover all the factors

19 | P a g e
that affect the risk management system within the quality management system resulting in
inadequacies.

On the basis of the above-mentioned literature that was reviewed it is appears that all three selected
organisations are firmly committed to the continually evaluation of the risk management system
within the quality management system. The risk manager in each of the selected service
organisations ensures that risks are identified, analysed, evaluated and treated. Thereafter, the risk
manager advises the organization on all potential risks. After the risks have been identified and
threats have been assessed, plans are put in place for in case things go wrong and the risk manager
decides how to avoid, reduce or transfer the risks.

If the aforementioned risks are not addressed it is presumed the consequence would be regarded
as inadequacies. Inadequacies refer to lack of quality that is required. Lack of quality that is
required can also be seen as gaps in the risk management system. Overlooking risks facing the
organization can result in adequacies or gaps in the risk management system. Thereby it may be
surmised that organisations demonstrate their commitment to manage risk in order to improve their
services and satisfy their customers. Against this backdrop, it is considered, a risk management
framework would be of value to service organisations, as it would serve as an instrument to
improve their performance by enhancing their quality and risk management to avoid adverse
effects.

2.5 THE NEED FOR A RISK MANAGEMENT FRAMEWORK

Masters (2014:9) describes a framework as a structure that supports and provides functionalities
or solutions to a particular problem area. Consistent with Masters (2014:9)’s definition, a risk
management framework defined by Borodovsky and Lore (2000:587), as a combination of
strategy, process; infrastructure and environment. A framework helps organisations make
intelligent risk-taking decisions and thereafter helps them monitor the outcomes of those decisions.

Importantly Borodovsky and Lore (2000:587) point out that an integrated risk management
framework ensures the identification and a steadfast awareness of all significant risks faced by an

20 | P a g e
organisation. These authors add that a framework allows the development of consistent risk
measures and proper management controls. Furthermore, an integrated risk management
framework integrates leading industry practices and ensures best management throughout the
organisation. The author’s opinion is supported by Hopkin (2014:62), who asserts that the risk
management framework sets the background in which risks are managed in an organisation, in
terms of how they will be identified, analysed, controlled, monitored and reviewed. Drawing from
this, it is surmised that a risk management framework must be integrated into other management
processes, and must be done systematically across all levels of the organisation for it to be
successful.

The literature reviewed in this chapter led this research to believe that a development of a risk
management framework is essential to provide guidance on of the risk management process. A
risk management framework assist with the assessment of, monitoring of and response to risk
identified to ensure that service organisations maintain effective, efficient and transparent systems
or risk management.

From the literature reviewed it is believed the framework should incorporate the requirements of
the Batho-Pele principles. Batho-Pele principles are principles that are aligned to the constitution
which require the public servants to be polite, open, transparent and to deliver good service to the
public (Richter and Burke 2007:175). In addition to this ISO 9001 and ISO 31000 considerations
should also be included as they concern risk management. The main objective of the risk
management framework is to support service organisations when improving their organisational
performance through the management of risk. Thereby it is believed they will enhance the quality
of the service they provide, while simultaneously managing risk and in doing so avoid adverse
effects to the quality of the service they provide their customers.

An effective risk management framework balances the infrastructural aspects of risk management
such as roles, responsibilities, accountabilities, policies, methodologies, controls and information
tools (gleaned from literature review) with the more qualitative aspects of risk management such
as culture, training, awareness and appropriate behavioural reinforcement (gleaned from data
analysis) (Borodovsky & Lore 2000:587). Therefore the framework proposed by this research

21 | P a g e
study aimed to incorporate all of the critical success factors, both infrastructural and qualitative as
identified in the selected service organisations reviewed (Hopkin 2014:62).

2.6 CONCLUSION

It would not be possible to make significant quality improvement in the field of risk management
and quality management without a thorough evaluation and understanding of the current quality
management and risk management in the selected service organisations in the Western Cape. It
was therefore very important to conduct an extensive and thorough analysis of the research
environment in order to outline the direction the research should take. This analysis of the research
environment highlighted the necessity for the development of a risk management framework that
will provide a mechanism that can be employed by service organisations in the Western Cape in
order to make significant quality improvements.

Literature reviewed on the three service organisations clearly demonstrated that their focus is on
service improvement, quality and customer satisfaction, however they are experiencing challenges.
Consequently, the development of an improved plan to change the current risk management system
within the quality management system, from the preliminary review of selected service
organisations, was deemed necessary. The preliminary review led the research to conclude there
is a need for the development a risk management framework that will ensure that all significant
risks faced by an organisation are identified and adequately addressed. It is believed that the
application of such a risk management framework will also assist service organisations in the
Western Cape.

It is presumed that an adequate risk management framework will advise in all components of risk
management such as process assessments, monitoring and the response required to ensure that
service organisations maintain effective, efficient and transparent risk management system.
Through the development of such a framework, the main objective of this research study is met.
Therefore the risk management framework developed by this study is to support service
organisations with the improvement of their performance, by enhancing their risk management
within quality management system and ultimately satisfy their customers.

22 | P a g e
This topic of quality management has been explored in-depth in the next chapter. A detailed
assessment of the process of risk management within the quality management context is provided
in the next chapter under quality related topics. This is done to integrate current theoretical
knowledge with the methodological assessment of the risk management within the quality
management context in the selected service organisations in the Western Cape presented in chapter
two. On the basis of these detailed assessments of the process of risk management within the
quality management will be presented, a research design was constructed and framework
developed to support service organisations with the improvement of their performance.

23 | P a g e
CHAPTER 3: LITERATURE REVIEW

The previous chapter directed the research lens at the context in which this study took place. The
purpose of the literature assessment in this chapter is to provide a detailed overview of risk
management within the quality management context, with the ultimate undertaking to develop a
risk management framework. Relevant available literature was therefore reviewed under
following associated topics:

 Importance of quality management system,

 The risk management system,
 Evaluation of current risk management,
 Employee and management perception of risk management,
 Factors that most affect risk management resulting in inadequacies,
 Evaluation of inadequacies in a risk management system and,
 Development of an improved plan to current risk management system.

3.1 IMPORTANCE OF QUALITY MANAGEMENT SYSTEM

Rocha-Lona, Garza-Reyes and Kumar (2013:2), portray a quality management system as an
integrated business approach. They refer to it as an “approach” since functions of the management
of quality include the planning and arrangement of quality management models and methods
across an organisation, ensuring that the quality management system aligns itself to the business
strategy of the organisation.

In addition, these authors express the opinion that it is of major importance that organisations
consider their customer needs as well as their own resources when they strategically plan, develop,
deploy and evaluate their quality management system in order to identify the factors that affect
their quality management system. The aforementioned factors referred to by authors are those that
result in inadequacies in the system and therefore represent barriers to the development of an
improved plan of changes to their current quality management system.

24 | P a g e
Derived from the above-mentioned, the purpose and the goal of the quality management system is
to ensure that ‘the desired’ and ‘the specified’ quality of products and services is achieved. The
quality of a product or service is the desirable combination of all features and attributes that satisfy
the needs and expectations of the customer (Willborn, 1989:3, Nanda 2016:73). These authors
point out that the customer’s confidence in the delivery of this quality rests on the reputation and
quality image of the supplier, therefore customer satisfaction plays a significant and influential
role within an organisation.

Rocha-Lona, Garza-Reyes and Kumar (2013:128), argue that a quality management system is the
most important system that an organisation requires because the quality management system
assists the organisation in the review of their operations, products and services. Thus, one
objective of the quality management system is regarded to be the identification of areas that may
require quality improvement. The authors state that organisations cannot afford to ignore quality-
related issues. To this end, it is understood that an organisation’s quality management system
should ideally be aligned with that organisation’s purpose and strategic direction.

The implementation phase of a quality management system is argued by Willborn (1989:123) and
Nanda (2016:74) to be a crucial phase in any organisation because they vie “it is an art to manage
people and a science to have a process approach to quality” Therefore the implementation of
quality management system needs to be planned and controlled properly. These authors report
that there are three guidelines that when followed, are able to assist in preparation for the
implementation of a quality management system.

The first guideline Willborn (1989:123) and Nanda (2016:74) offer is an implementation plan is
required to launch the quality management system. The second guideline is a quality manual must
be developed, that provides the most important information and documentation about the system.
Finally, the last guideline is the workshops be conducted that introduce the quality management
system to the staff.

25 | P a g e
Moreover, Willborn (1989:123) and Nanda (2016:74) argue that it is important to note that the
implementation of the quality management system is not a once off event but a continuous degree
of implementation, which occurs customarily with every major change in the system.

With reference to Willborn (1989:123) and Nanda (2016:74)’s purported first guideline mentioned
above, namely the implementation plan, the purpose of an implementation plan is to assist in the
effective introduction of a new or revised quality management system. This ensures that the
organisation has an effective quality management system. One of the internal benefits of an
effective quality management system is an understanding that quality is everyone’s responsibility
not just the responsibility of the quality department. (Willborn, 1989:124, Nanda, 2016:76).

Rocha-Lona, Garza-Reyes and Kumar (2013:128), maintain a view that during implementation,
organisations require decisive leadership who can make effective decisions. Failure to provide
such leadership can threaten quality management system implementation. In addition to this,
empowering employees, improving processes, instituting a quality oriented culture and promoting
teamwork ethics are also very important factors that Rocha-Lona, Garza-Reyes and Kumar
(2013:128) believe need to be understood and be in place when implementing a quality
management system. Since the implementation of a new quality management system can make
the employees uncomfortable, management must maintain an awareness of this. The
implementation procedure can take employees out of their comfort zone and away from
institutionalised processes. Support from operational and executive management from the outset
is thus critical to the implementation of a quality management system. It is important to ensure
that the implementation of a quality management system in an organisation is carried out in an
effective and efficient manner with the goal to reduce risks.

With reference to the second guideline, namely the development of a quality manual, as put
forward by Willborn (1989:123) and Nanda (2016:74), it is simultaneously important to note that
the quality manual should be updated every time that significant changes are made to the system.
Both Willborn (1989:128) and Nanda (2016:77), elaborate on this with the explanation that the
quality manual’s purpose is to document the quality management system and its individual
procedures, to inform all the organisation’s employees about quality management system

26 | P a g e
implementation, to facilitate training and auditing and to serve as a reference document for the
entire organisation to use.

Elucidation on the third guideline advocated by Willborn (1989:123) and Nanda (2016:74), is that
workshops provide the necessary updating and training to sustain a quality management system.
The workshops are designed with the purpose of ensuring proper planning, execution and follow-
up of workshops takes place. The integration of these workshops with other educational and
training programs facilitates the operation of the quality management system. Topics of other
workshops may include the simplification of the task coordinator, auditor and instructor training
and workshops on the facilitation and effective implementation of new or revised system and
procedures (Willborn, 1989:133, Nanda, 2016:77).

The three guidelines provide organisations with assistance in preparation for, and the
implementation of a comprehensive and effective quality management system with a purpose to
ensure customer satisfaction. The importance of customer satisfaction is emphasized by Peterson,
Nussel and Hammer (2014:20) who vie that the quality management system aims to satisfy zero
defects and the customer. These authors claim that the control of process variance, reliability,
security and fit for purpose are also objectives a quality management system is aimed at satisfying.

A critical assertion made by these authors is, to ensure the quality management system is able to
control process variation and thereby secure ‘zero defects’ a degree of risk management is
required. Peterson, Nussel and Hammer (2014:20), argue that when adopting to a risk perspective,
it becomes evident that quality management is naturally strongly connected to risk management
because the definitions of ‘quality’ become risk of defects, risk of customer dissatisfaction, risk of
uncontrolled process variance, risk of product reliability, risk of security breach, risk of lack of
fitness or failure to achieve objectives. In the risk domain, the focus is on the risk to achieving the
objectives. This is simpatico with the focus of quality. The authors add that risk management is
applied to control the risks and enhance the likelihood of achieving the objectives. The focus of
this study is now directed toward the link between quality and risk as well as the basic elements
of risk management and has established that ISO 9001:2015 evolved to incorporate risk
management.

27 | P a g e
ISO 9001:2015 is the fifth iteration of the ISO 9001 standard. A brief history of ISO 9001 revisions
which transpired of the three decades follows:

 ISO 9001:1987 is the first publication of ISO 9001,

 ISO 9001:1994 is a minor revision to the standard,
 ISO 9001:2000 is a significant revision of the standard with a focus on continual
improvement, customer satisfaction, leadership, and process management,
 ISO 9001:2008 is a very minor revision with only slight changes in wording and,
 ISO 9001:2015 is a significant revision to the standard and another step away from its
manufacturing origins. This revision is much more of a model for managing and improving
an organization, with risk lying at the heart of the standard. It renders an excellent
framework for long-term success and customer satisfaction (Cochran 2015: 4).

The new ISO 9001 is risk based and that is indicative that there is a relationship between quality
management and risk management (Cochran 2015:5). Furthermore, the author states that the risks
and the opportunities that an organization identifies are drawn from each organisation’s unique
circumstances.

3.2 THE RISK MANAGEMENT SYSTEM

Stoll (2016:2), defines “risk” as the possibility that something bad or unpleasant will happen. In
ISO 31000:2009 risk management – principles and guidelines on implementation, risk is defined
as the “effect of uncertainty on objectives” and risk management as something that “aids decision
making by taking account of uncertainty and its effect on achieving objectives and assessing the
need for any action.”

Myburgh (2010:31), explains that ISO 31000 is a family of standards relating to risk management.
This author found that the purpose of ISO 31000:2009 is to provide principles and generic
guidelines on risk management. In addition, Myburgh (2010:31) points out that using ISO
31000:2009 can help organisations increase the likelihood of achieving objectives, improve the

28 | P a g e
identification of opportunities and threats and effectively allocate and use resources for risk
treatment. This author however state that ISO 31000 cannot be used for certification purposes but
can be used by any organisation to provide guidance for internal and external audit programmes.
Risk based internal and external auditing programmes are concerned with providing assurance that
management has actions and controls in place to meet organisational objectives, while addressing
uncertainty (Myburgh, 2010:31). According to the Myburgh (2010:31) the standard is for
comparison purposes with the goal of providing guidance. By comparison purposes it is meant
that service organisations using the standard can compare their risk management practices with an
internationally recognised benchmark, providing principles that are sound for effective
management (Myburgh, 2010:31).

Hopkin (2012:2), claims that organisations face all kinds of risks which can have an impact on the
outcome of their operations. He explains that these risks may potentially inhibit the aim the
organisation has set out to achieve, enhance that aim or create an uncertainty about the outcomes.

Hopkin (2012:15), classifies risks into three categories namely:

 Hazard (or pure) risks,
 Control (or uncertainty) risks and,
 Opportunity (or speculative) risks.

Hopkin (2012:15), asserts that during risk management organisations will endeavor to mitigate
risks, manage control risks and embrace opportunity risks.

Malleret and Cleary (2006:76), contends that well-structured risk management as opposed to risk
avoidance, is central to successful corporate leadership. These authors further contend that risk
management is considered today as a means to avoid or reduce risk than as a key element of
strategic decision making.

It is important to accept risk instead of avoiding it as the act of acceptance allows organisations to
manage the risk (Malleret & Cleary 2006: 76). This is supported by Helman (2005: 5), who claims

29 | P a g e
that the best response during a risk assessment is to accept the risk then continually monitor the
risk because this type of risk management is an important component of quality management.

The process of risk management involves the identification of potential risks, analysis of them to
determine those that have the greatest probability of occurrence. Thereafter the identification the
risks that have the greatest impact on the project takes place and then plans are formulated and
refined to help mitigate the risk’s impact or avoid the risks while making the most of opportunity
(Heldman, 2005:6).

Valsamakis, Vivian and Toit (2010:7) offers reasons for managing risks as being linked to the
corporate objectives of survival. In addition, these authors offer the reason that corporate policy
and good citizenship are factors that influence decisions. Thus, adopting a risk management
system that reduces risk is of itself consistent with the general reasons for the existence of an
organisation (Valsamakis, Vivian and Toit 2010:7).

Literature reviewed in this area demonstrates that risk management is very important in an
organisation because by reducing risk, quality of products and services is increased. From this
section of literature assessed it is understood that when risks are identified and addressed, the
quality of products is positively affected resulting in improved customer satisfaction.

3.3 EVALUATION OF CURRENT RISK MANAGEMENT

The findings of research conducted by Covello, Menkes and Mumpower (2012:360), yielded a
systematic way of determining how effective an organisation’s current approach to managing risk
is. The systematic approach that they promote considers the objectives of the organisation as well
as how these objectives are expressed and communicated throughout the organisation. The overall
objectives and directions of an organisation with regard to quality management are expressed in a
document known as quality policy which is usually developed by management and quality experts
in the organisation. These authors report that this approach leads to a realistic programme
improvement for the organisation’s framework for managing risk.

30 | P a g e
Perez (2012:18) claims that based on ISO 31000:2009, risk is defined as the ‘effect of uncertainty
on objectives. This author explains that risk is not exactly the same as uncertainty. He clarifies
that risk is the potential of loss while uncertainty implies the absence of certainty of the outcome
in a particular situation. Thus, the effective management of risk is of primary importance if
organisations want to achieve their objectives and in so doing, satisfy the needs of their customers.

Therefore, it is of utmost importance to involve management in all stages because the role
manager’s play with effective management in the organisation ensures success. (Covello, Menkes
and Mumpower 2012:360). The systematic approach of evaluating risk management effectiveness
which was advanced by these authors is shown in Figure 3:

1. Prepare

2. Elicit and
verify

3. Analyse
gaps and
evaluate

4. Gain
ownership
and plan

5. Report to
oversight
committe

Figure 3: An approach to evaluating risk management effectiveness (Source: Covello, Menkes & Mumpower
2012:360)

The key focus of this research study is operational risk management within quality management
system, however risk and uncertainty, project risk, enterprise risk management (ERM), risk
management and compliance (GRC), are also introduced and reviewed in the sections that follow:

31 | P a g e
3.3.1 Risk and uncertainty within quality management

Risk is a consequence of action taken in spite of uncertainty. Uncertainty is a potential,

unpredictable outcome that is not controllable (Heldman, 2005:150). Uncertainty exists in
decision situations where the decision maker lacks complete knowledge, information or
understanding about the decision and its possible consequences. The perceived level of
uncertainty depends on information that an individual can use to evaluate the likelihood of
outcomes and the individual’s ability to evaluate this information (Valsamakis, Vivian and Toit
2010:33). Thus, uncertainty embodies two elements, namely, firstly whether an event will occur
and secondly, if the event does occur, what the outcome of the event will be.

A component of reducing uncertainty in an organisation according to Hopkin (2012:220), is the

management and reduction of inconsistency in the way that risks are managed in that organisation.
In addition, he expresses an opinion that reducing uncertainty is at the heart of risk management.

Valsamakis, Vivian and Toit (2010:33), opine that risk and uncertainty are related to one another.
However, these authors concede that although risk and uncertainty are related it is important to
note the difference between them. Risk is when the outcome is unknown but the event that results
in the outcome is known and uncertainty is when the outcome is unknown and the event is also
unknown. These authors agree that the perception is that uncertainty gives rise to risk. Where the
outcomes of events are surrounded by uncertainty, risk will be present (Valsamkis, Vivian & Toit
2010:34). Thus, where the outcome of the quality of services and products in an organisation is
uncertain, then risk will be present.

Enterprise risk is seen as a manager of uncertainties in an organisation (Olson & Desheng

2010:23).

3.3.2 Operational risk management in quality management

Operational risk is the risk of ‘loss’. The ‘loss’ results from failed internal processes, people and
systems or from external events (Reuvid 2005:130). Young (2014:6), argues that it is necessary

32 | P a g e
to look at the sources of risk and the subsequent effects of operational risk as illustrated in the
Table 1:

Table 1: Causes and effects (Source: Young, 2014:6)

Risk factor/cause Effect

People Loss of revenue due to a shortage of experienced staff to do the work

Loss of key staff

Process Loss due to a shortcoming in the process used to validate data

Incorrect data input

Systems Loss of business due to the fact that new deals could not be captured and processed in
System downtime time

External factors Loss of buildings due to floodwater

Floods

Reuvid (2005:130) and Berrogi and Wallace (2012:6), share the opinion that the management and
mitigation of the operational risk of an organisation is a significant challenge for senior managers
because they are the decision makers. These authors add that operational risk should be an
organisation’s priority concern when addressing risk.

According to Young (2014:33), a typical operational risk management process includes the
elements illustrated in the Figure 4:

33 | P a g e
 Risk
Identification

Risk Opetational risk Risk

Financing management Evaluation

Risk Control

Figure 4: Operational risk management process (Source: Young (2014:33)

Effective operational risk management enables transparency about the degree of operational risk
exposure which allows senior management to make strategic business decisions that are fully
informed of the operational risk implications (Girling, 2013:10). According to Hoffman
(2002:113), effective operational risk management is an extention of quality products and services,
thus quality management. This author claims that quality concerns are critical to many services
and products but especially in service organisations where operations are diversified and
sophisticated and thus making their risk profiles more complex.

Evaluation of Reuvid (2005:130) and Hopkin (2012:311)’s research found both authors emphasise
that well-run organisations have management processes for mitigating all operational risks. This
contention is supported by Beroggi and Wallace (2012:6) who state that operational risk
management framework includes steps for identification, measurement and monitoring, reporting,
control and mitigation frameworks for operational risk.

The major objective of this research study is to develop a framework. A framework provides a
structure for implementing operational risk management (Blunden & Thirlwell 2013:47). These
authors add that a framework for operational risk assists service organisations with the

34 | P a g e
identification, assessment, measurement, monitoring and management of their exposure to
operational risks. The framework will guide service organisations to improve their risk
management techniques which in turn reduce their operational risk exposure and mitigate losses
resulting from operational failures. Ultimately, this will improve the quality of the services
rendered by an organisation.

Operational risk management within quality management in service organisations play a critical
role because a quality management system provides the necessary framework for continuous
improvement of product and service quality and increases customer satisfaction (Blunden &
Thirlwell 2013:48).

3.3.3 Project risk management within quality management

Heldman (2005:3) offers that all projects begin with goals. The purpose of a ‘project’ is to meet
and satisfy the goals the customers agreed upon when the project was undertaken. A risk is
anything that prevents one from achieving goals.

Kendrick (2015:25), claims that by dealing with uncertain project events in a proactive manner,
the impact of project threats will be minimised and simultaneous opportunities can present
themselves. From this it is understood that the benefits of risk management in projects is vast.
Dealing with uncertain project events can lead to the project being delivered on time, on budget
and with the quality results that the customer expects. Thus risk management and quality
management can be applied successfully in a project to prevent failures (Kendrick, 2015:25).

Fulton, Lyon and Goudreau (2014:292) offer advice in the form of ten sequential steps on how to
successfully apply risk management in a project namely:

 Step 1: Make risk management part of the project,

 Step 2: Identify risks early in the project,
 Step 3: Communicate about risks,
 Step 4: Consider both threats and opportunities,

35 | P a g e
  Step 5: Clarify ownership issues,
 Step 6: Prioritise risks,
 Step 7: Analyse risks,
 Step 8: Plan and implement risk responses,
 Step 9: Register project risks and,
 Step 10: Track risks and associated tasks.

In order to ensure that risk management in a project within quality management is successfully
applied, Douglas (2010:27) recommends continuous improvement be standard practice during
project risk management in organisations. Therefore, it is important to note that upon successfully
implementing risk management in a project, risk management can always be improved by
measuring the effects of risk management purposes and continuously implement improvements.

Associated to continuous improvement during quality management, Fulton, Lyon and Goudreau
(2014:292) are of the opinion that a quality plan may be used to examine various quality
improvements and control items within a project to ensure successful project risk management.
Quality and risk management in projects is thus important in an organisation for the management
of quality improvements in projects by minimising risk and uncertainty.

3.3.4 Enterprise risk management (ERM)

Hampton (2009:18) defines enterprise risk management as the “process of identifying major risks
that threaten an organisation, predicting the importance of those risks in business processes,
addressing the risks systematically, addressing the risks in a coordinated plan, implementing the
plan and holding key individuals responsible for managing critical risks within the scope of their
responsibilities”.

Lam (2014:11) and Moeller (2011:48), share the opinion that in general, organisations strive to
create value for their customers. They believe that enterprise risk management is implemented in
organisations with the goal of creating value for customers in mind. These authors hold the view
that enterprise risk management is a structured and disciplined approach that aligns strategy,

36 | P a g e
processes, technology and knowledge with the purpose of evaluating and managing the
uncertainties the enterprise faces, as it creates value. Thus, the goal of enterprise risk management
is to create, protect, and enhance customer value by managing the uncertainties that could either
negatively or positively influence achievement of the organisation’s objectives (Lam, 2014:11&
Moeller 2011:48).

Hampton (2009: 5), avers that all different risks at the same organisation are related to each other.
One risk affects others. This author believes that risk is ever-present in all areas of life and that
risk management is something that we must all do. This author adds that risks cross the artificial
walls of day-to-day operations, that people can be too close to risk or just too busy to recognise
impending critical problems.

Hampton (2009:5), argues that there is a critical need for enterprise risk management due to the
fact that it supports the survival of organisations. The author claims that this is done as firstly,
enterprise risk management provides better chance to identify, mitigate, avoid and treat risks that
could close organisations down. Secondly, it provides stability in creating, distributing, financing
and selling products and services. Thirdly, it adds to confidence that the board and CEO are
meeting community, social and ethical responsibilities. Finally, enterprise risk management helps
build good relationships with managers.

Enterprise risk management is a holistic integrated, forward-looking, and process-oriented

approach to managing all key business risk and opportunities with the goal of increasing customer
value (Segal, 2011:27). When enterprise risk management is regarded as sound business
management in an organisation, it becomes a very important part of the organisation’s operations.
There are some opportunities associated with integrating enterprise risk management in ongoing
management activities and these opportunities include strategic planning, total quality
management and six sigma, business continuity, corporate governance and risk disclosures (Olson
& Desheng 2010:23).

3.3.5 Governance, risk management and compliance (GRC)

37 | P a g e
According to Steinberg (2011:1), governance is the process by which organisations manage and
mitigate risks. This author adds that risk management enables organisations to evaluate all relevant
business risks and controls and monitor mitigation actions in a structured manner. Furthermore,
the author concedes that compliance ensures that organisations has the processes and internal
controls to meet the requirements imposed by governance.

A summary of Khan and King (2012:56)’s views gives rise to the following list that that ties
enterprise risk management and governance, risk management and compliance together, namely:

 Improves information flows between the company and board regarding risks,
 Enhances discussions of strategy and the related risks between executives and the
board,
 Monitors key risks by accountants and management with reports to the board,
 Identifies acceptable levels of risks to be taken and assumed,
 Focuses management on the risks identified,
 Improves disclosures to customers about risks taken and risks yet to be managed,
 Reassures the board that management no longer manages risk individually and,
 Knows which of the organisation’s objectives is at greatest risk.

The flow of risk information to the board is critical in improving governance, risk management
and compliance with the goal of increasing quality of services and products (Khan and King
2012:55).

3.3.6 Mitigate, avoid and transfer (MAT)

Improving governance, risk management and compliance can increase the quality of services and
products in service organisations by mitigating, avoiding and transferring the risk.

Literature reviewed by Passenheim (2010:30), defines three alternatives in risk response as

follows:

38 | P a g e
  Mitigate,
 Avoid and,
 Transfer.

The above mentioned are three optional techniques used by organisations to manage risk by either
simply avoiding it, transferring risk by shifting responsibility to another party and reducing
vulnerabilities (Gibson 2014:23).

According to Passenheim (2010:30), mitigating risk is the reduction of the impact and probability
of occurrence. This author states that upon detecting the risk, the probability of the occurrence of
the risk could be reduced or the impact of the risk that has occurred could be minimised. A risk
practitioner would firstly undertake to reduce the probability of the risk and when that fails the risk
practitioner would undertake to reduce the impact of the occurence. Reducing the impact is more
expensive (Passenheim 2010:30).

Passenheim (2010:30), avers that another approach is avoiding risk, which is a drastic approach
due to the fact that the whole business plan would have to be changed, is to avoid a particular risk.
Transferring risk means moving it but not eliminating or dampening it (Passenheim 2010:30).

The three strategies of mitigating, avoiding and transferring risk are basic approaches towards
dealing with risk that can help in setting up a basic framework for risk management.

3.3.7 The importance of organisational culture during risk management

Steinberg (2011:05), believes that a key component to any risk management project is to identify,
define and assess organisational culture. This author further highlights his belief that it is important
to do so because for adequate risk management a sound understanding of the underlying
motivations and assumptions that drive the organisation one is working with is required.
Understanding culture is a component of this. The motivations and assumptions that this section
is referring to are connected to quality and risk management.

39 | P a g e
Culture is understood as the professional atmosphere of a company put together with its values,
customs and traditions (Steinberg 2011:05). Furthermore the author adds that ethical behavior and
management integrity are consequences of the corporate culture and incorporates ethical and
behavioral standards and how these are communicated and strengthened.

Maintaining a culture for managing operational risk is of utmost importance. Young (2014:41),
states that entrenching the latest approaches to managing operational risk means getting people to
change the way in which they work. The importance of this is underpinned by his belief that the
manner in which an organisation approaches this is dependent on the organisation’s culture. As
such Young (2014:41) argues that sound risk management requires an appropriate and strong
culture.

On the basis of the above-mentioned a risk management culture needs to be established throughout
the organisation to ensure that all employees are actively involved. This author adds that consistent
application of the principles of managing operational risk are required to foster a risk management
culture. To identify the value which the management of operational risk can add to the
organisation the below mentioned principles can be applied

 Involve senior management in the operational risk management process by creating

an operational risk governance model which includes an independent operational
risk management function,
 Develop a comprehensive definition for operational risk aligned with the business
of the organisation,
 Ensure that shareholders benefit from the risk management function,
 Ensure that business units own the risk and are responsible for the outcome of the
risk management process,
 Ensure that the operational risk management process is practical and easy to
understand,
 Emphasise training and awareness as means of driving behavioural change
throughout the organisation and strengthening the risk management culture,
 Incorporate the operational risk process in other day-to-day processes and,

40 | P a g e
  Establish top-down and bottom-up communication for operational risk (Young,
2014:41).

Steinberg (2011:6), contends that top management plays a very important influential role in the
corporate culture of an organisation. Furthermore the development of performance targets that
clearly considers the quality of the output and information that flow to other business areas
produces a culture of personal responsibility and involvement in managing operational risk (Young
2014:42).

Therefore establishing an appropriate culture to manage operational risk within an organisation is

not an easy task but a necessary one. Moreover, the determination of employee and management
perception on risk is consequently also of utmost importance if an organisation wants to evaluate
the current risk management system of an organisation (Young 2014:42).

3.4 EMPLOYEE AND MANAGEMENT PERCEPTION ON RISK

Risk perception according to National Safety Council (2014: Online), refers to an individual being
able to discern a certain amount of risk. Rohrmann (2008: Online), offers that risk perception
refers to people’s judgements and evaluations of hazards they are or might be exposed to. In
addition Rohrmann (2008: Online), explains that such perceptions steer decisions about the
acceptability of risks and thus have a core influence on behaviors before, during and after a
disaster.

Research conducted in 2014 by the National Safety Council (Online) on the topic of employee
and management perception of risk suggests that to discourage risk-taking behaviors, public
campaigns and workplace programmes must target the perception of risk in organisations. The
National Safety Council (2014: Online), categorised factors that affect risk perception into three
levels namely:

41 | P a g e
  Macro level: defined as levels referring to risk factors that are structural or institutional
in nature.
 Meso level: defined as levels at a peer-to-peer or community level.
 Micro level: defined as levels at an individual psychological level.

This importance of the above-mentioned is that it demonstrates that employee and management
perception on risk is measurable

3.5 FACTORS THAT MOST AFFECT RISK MANAGEMENT

RESULTING IN INADEQUACIES IN THE QUALITY
MANAGEMENT SYSTEM

McLinden et. al. (2010:101), assert that the management of risk is recognised as a very important
part of effective overall management practice. Furthermore these authors assert that the
management of risk involves a repetitious process that consists of six steps that when undertaken
in sequence provides a very effective decision-making framework.

Inadequacy is described by Ricci (2014:97) as the quality of being unequal or insufficient for a
purpose. Gaps and inadequacies in risk management could the inadequacy of a risk manager to
produce and deliver services on time.

McLinden et. al. (2010:101) argue that when risk management is regarded as something that is
done in isolation from an organisation’s management framework, it has a potential of affecting the
outcome of risk management. This can result in inadequacies in a risk management adversely
affecting quality management. The authors claim that many organisations make the mistake of
treating risk management as a separate activity that is carried out in ignorance of other functions.
Management and employees of the organization often view risk management as a necessary but
mechanical task that consumes both time and resources ([Link].2010:101)

42 | P a g e
Moreover, McLinden et. al. (2010:101), expresses the view that the ideal way to avoid the mindset
of treating risk as a separate activity is to integrate the management of risk into an organisation’s
everyday management practices with the intention of making risk management second nature.
They highlight that a significant component of any management framework is the planning process
and that this is the ideal place for the formal and systematic management of risk to begin
(McLinden et. al. 2010:101).

Literature reviewed on this topic indicates that treating risk as something that is done in isolation
in an organisation can be a major factor which can result in inadequacies in a risk management
adversely affecting quality management. When the risk factor is identified, then evaluating those
inadequacies easily leads to the development of a plan for changes to improve services
continuously ensuring customer satisfaction. Thus it is considered to be a component of quality
management.

3.6 EVALUATION OF INADEQUACIES IN A RISK MANAGEMENT

SYSTEM

Risk evaluation is when one assesses and measures risk exposures that have been identified.
Young (2014:61) pronounces it entails managing and controlling risks that could influence the
business strategy and the achievement of objectives in a negative way.

Young (2014:60), is of the opinion that risk identification and risk evaluation are closely linked.
The result of the risk identification process is analysed to serve as input for the risk management
evaluation process. Furthermore, Young (2014:60) articulates risk evaluation aims to determine
the potential impact of a loss event and the probability of a risk event occurrence. The author
maintains that evaluating risks provides management with guidelines on what control measures
are required to prevent the event from occurring.

(Young, 2014:60) points out that the link between risk identification and risk evaluation is
integrated as illustrated in Figure 5.

43 | P a g e
 Risk identification Guidelines: risk identification Risk evaluation

➢ Identify business
area
➢ Identify participants
➢ Develop guidelines
3. Procedure for
identifying risk and ➢ Facilitate process 4. Detail rating of
inherent risk and controls
control measures ➢ Identify inherent
risk and control
2. Choose the method for Guidelines: risk evaluation 5. Determine residual
risk identification risk
➢ Determine rating 6. Formulate mitigating
3. Identify objectives of scale for inherent measures and action plans and
risk identification risk action plans
➢ Determine rating
scale for controls
➢ Choose method for
risk evaluation most
suitable for
management
Risk analysis

Figure 5: Link between risk identification and risk evaluation (Source: Young 2014:61)

It is noteworthy that identifying risk is a continuous process as it must be monitored regularly and
new risks are continuously highlighted (Hull, 2014:139). Furthermore, a system approach is
required in order to make sure that all risk types are identified and that critical, potential risks are
included for further analysis (Covello, Menkes & Mumpower, 2012:246). There are methods as,
listed by Young (2014:55), which exist, related to the identification of risks, namely:

 Workshops and interviews,

 Brainstorming sessions,
 Questionnaires,
 Risk process flow analysis, which involves mapping the process of the business
and determining the risk exposures that exist in these processes,
 Comparisons with other organisations,
 Discussions with peers,
 Checklists and,
44 | P a g e
  Losses of history.

A further point of view expressed by McLinden et. al. (2010:102), is that, risk identification is a
matter of asking and answering two questions, namely:

 What can happen that will have an impact on the organisation’s objectives?
 How and why could it happen?

This exercise assists in evaluating inadequacies in the risk management system. McLinden et. al.
(2010:102) in addition avers that, more questions assist in the evaluation of inadequacies in the
risk management system, namely:

 What can happen?

 What are the key drivers?
 What are the existing controls or treatments?
 What is the likely impact?
 What are the operational influences?
 What might be the causal factors such as inadequacy in existing controls?
 Who is involved?
 Who is affected?
 How does the risk occur? Is it as a result of system failures or poor planning?
 It is likely that the risk will occur immediately, in the short term or longer term?

The evaluation of inadequacies in risk management system then leads to the need of the
development of an improved plan to current risk management system with the goal of improving
the quality management system.

45 | P a g e
3.7 DEVELOPMENT OF AN IMPROVED PLAN FOR CHANGES TO
CURRENT RISK MANAGEMENT SYSTEM

Philpott and Gentz (2012:74), recognise that good governance and effective management are best
achieved through the development and deployment of a comprehensible and consistent framework
for management of risk within an organisation. The framework intends to ensure the following:

 There is a consistent and defensible basis for decision making at all levels,
 The organization can pre-empt and capitalize on external changes such as those involving
demographics, customer’s needs and government policy,
 All employees are encouraged to focus on and give priority to actions that aid and
enhance the execution of strategic and project plans as well as organisation’s objectives,
 The organisation is prepared for and protected from major incidents and losses,
 Tactical moves, to identify and seize opportunities are stimulated and enhanced and,
 Accountability for risks, controls, monitoring and assurance of controls is clear and not
doubtful.

McLinden et. al. (2010:101) , found that central element of any risk management framework
should be clear statements of the organisation’s objectives, together with an identification of risks
to be managed. If the risks are not managed the result could be poor work quality. These authors
suggest that design of the particular framework be based on proper consideration of the variables
that can affect its ongoing implementation. Furthermore McLinden et. al. (2010:101), highlights
that a major aspect of any risk management framework is the need to document the process.

Because new types of risks are encountered on a daily bases, an integrated framework for a holistic
approach to risk management which is part of a quality management system is required (Young,
2014:25). This author avers that the aims of an operational risk management framework are to
identify and establish a structured approach to the management of operational risk. He offers the
following to serve as a guideline checklist for the organisation to use to ensure that an operational
risk management framework achieves its intended goals:
 The establishment of an integrated operational risk management environment,

46 | P a g e
  The development of a cultural awareness of operational risk management,
 The development of roles and responsibilities linked to risks and controls and,
 The provision of a common understanding of operational risk.

Kemp, Schotter and Witzel (2012:111), advise that a risk management framework should not
replace the natural capability of people to manage risk. These authors express their opinion that a
risk management framework should rather enhance good practices to ensure that the process is
reliable, comprehensive and consistent. For the required objectives to be achieved an organisation
will require the following:

 A set of suitable tools,

 A coherent approach to training and communicating to people so that they can use those
tools in a competent and consistent manner and,
 An approach that signals and reinforces the correct behaviour and way of thinking.

Furthermore, Kemp, Schotter and Witzel (2012:112), offer typical elements of a framework.
Figure 6 is an illustration of how the framework supports the integration of the risk management
process.

47 | P a g e
 Intent Strategic Capability

➢ Policy statement ➢ Training strategy

➢ Standards Tactical ➢ Stakeholder engagement

➢ Guidelines strategy

➢ Risk management plans ➢ Information system

➢ Assurance plans ➢

Communicate & consult Establish the context

Identify the risks

Monitor & Review

Strategic

Strategic
Tactical Analyse the risks Tactical

Evaluate the risks

Treat the risks

Accountability
Continual Improvement
➢ Governance committee
➢ Performance measures Tactical
➢ Maturity evaluation ➢ Executive level steering group

➢ Assurance processes ➢ Manager, Risk management

➢ Formal review
➢
➢ Revision Strategic
Figure 6: The framework for risk management (Source: Kemp, Schotter and Witzel 2012:112)

It is believed that success for enhancement of frameworks for risk management in organisations is
dependent on the manner in which changes to the framework are developed and implemented
(Kemp, Schotter and Witzel 2012:118). These authors further express their belief that success
depends on the involvement of customers and the engagement to evaluate the existing approach in
order to plan how, where and when enhancements will be made.

Kemp, Schotter and Witzel (2012:119), found that the most efficient approach to ensure success
in risk management frameworks is to involve representatives of senior management in all the steps.
The approach is described below as follows:

48 | P a g e
 Preparation
This approach includes the schedule of activities and delivery dates. The documents to
review are reviewed and the interview candidates are agreed upon.

 Elicitation and verification

During this phase the manner in which risk management takes place in practice is observed
and reviewed. Management’s perceptions of the current approach to risk management is
observed to test if it is currently viewed as effective and whether it is likely to satisfy the
future needs. This observation is undertaken through a series of interviews with senior
managers and employees and conclusions are drawn.

 Gap analysis and evaluation

When conducting gap analysis and evaluation, information that has been gathered is used
to conduct a detailed gap analysis. An evaluation of effectiveness using the guidelines and
principles in ISO 31000 is conducted as a basis for comparison. The gap analysis examines
how the organisation expresses its intentions for managing risk. This involves examining
all the elements of the risk management framework.

 Gaining ownership and detailed planning

This planning component firstly, presents fundamentals of risk and best practice risk
management. Secondly, presents overall findings and assessment of the benchmark
review. Thirdly, suggests improvements and enhancement strategies and lastly, presents
draft enhancement plan.

 Report to the oversight committee

During this phase the oversight committee is provided with progress reports and this
provides them with confidence that the evaluation was indeed conducted in an independent
manner. This also enables the members to challenge and question the outcomes.

49 | P a g e
The framework is expected to be supportive of the business operations. The framework is also
going to be able to identify the risk-mitigating tools that are available to eliminate the effects of
operational risk exposures.

3.8 CONCLUSION

In this chapter a holistic literature review into the current state of risk management within the
quality management context was conducted. Critical features relating to the research topic and the
consideration of the objectives led to the identification of the areas for literature review.

This research’s literature review’s purpose is to help the reader understand different aspects posed
by the research on risk management framework for selected service organisations in the Western
Cape. It is clear from the research reviewed that a need for the development of an operational risk
management framework exists.

The next chapter will outline the research paradigm, research methodologies and design used in
this study. The next chapter will also provide an explanation of the procedures, participants, data
collection tools and data collection and analysis me

50 | P a g e
CHAPTER 4: RESEARCH DESIGN AND METHODOLOGY

An in-depth study on literature pertaining to the current state of risk management within the quality
management context was conducted in the previous chapter. This chapter proceeds with a
discussion on the methodological approach adopted by this research to meet the overall objectives
of this research. The objectives are to evaluate the current risk management within service
organisations, to determine employee and management perception on risk management, to
establish the factors that affect the risk management, evaluate the shortfalls of current risk
management and to develop an improved plan for changes to current risk management. Thus, this
chapter presents the research design that was used in order to achieve or accomplish this aim. The
selected methodology is described detailing the broad methodological framework, data collection
design, data analysis, data validity and reliability as well as ethical considerations.

4.1 RESEARCH DESIGN AND METHODOLOGY

Founded on the view of Sumser (2001:6), this study may be regarded as empirical research.
Empirical research is defined as a planned process of collecting and analysing data in a systematic,
purposeful and accountable manner. The term ‘empirical’, refers to knowledge that is obtained by
the process of practical experience, experiments and enquiries (Sumser 2001:6).

Lambert and Moser-Mercer (1994:25), offer a definition for empirical research as knowledge that
is gained through direct and indirect observation. The authors claim that the empirical approach
explores the “why”, “whom”, “how” and “when” of a research problem. Thus, the purpose of this
empirical research was to obtain valid and reliable data on why, whom and how through direct
observation and enquiry, in a manner that supports solving the research problem and
simultaneously meeting the research objectives.

Research design is portrayed by Gerard (2013:6) as the overall plan for conducting the research.
The author posits that a research design focuses on the final result and includes all the steps in the
process to achieve that particular outcome. Therefore, the research design is understood to provide
the researcher with a clear framework within which research is conducted. Gerard (2013:6),
51 | P a g e
emphasizes his belief that research design phase of a study is critical for the success of a study,
therefore suitably appropriate research methods must be selected for the design that is used to
ensure that the objectives, such as those set out in the first chapter of this study, are obtained.
Bhattacharyya (2006:52), shares the same view as Gerard (2013:6) and adds his opinion that
research methodology is influenced by the researcher’s own perception and general approach when
trying to solve a research problem.

Creswell (2014:5), identified three research general approaches, namely the first being a
qualitative research approach, the second approach being a quantitative research approach and the
third approach being a mixed methods approach. Cresswell (2014:5) explains the qualitative
research approach entails the analysis of textual, audio or pictorial data instead of numerical data.
This type of research is contextual and case specific.

With reference to the second approach, Kumar (2014:8) and Mackey and Gass (2015:1), argue that
the quantitative research is based on the measurement of quantity or “amount”. Quantitative
research is therefore applicable to phenomena that can be expressed in terms of numerical quantity.
Quantitative research is described as generalisable and transferable.

Clarification on the third approach discussed by Creswell (2014:5), as mixed methods is a kind of
research where the researcher combines qualitative and quantitative data in a single research study.
The author claims that this form of enquiry provides a more complete understanding of a research
problem than either approach alone.

A qualitative research approach was adopted by this study since this study is deemed to be
principally empirical in nature. It is believed that information rich textual data empirically obtained
in interviews serves both as evidence corroborating the problem statement and as useful
information to address the research questions. The research problem stated that the absence of
certain elements in an operational risk management framework has an adverse effect on quality
management systems in selected service organisations in the Western Cape, while the primary
research question included enquiries about the most influential factors pertaining to risk
management that have an adverse effect on the quality management systems. In consideration of

52 | P a g e
the specific problem mentioned above, the advice of Creswell (2014:5) directed the selection of a
qualitative approach as he advanced that researchers capture conversations, experiences,
perspectives and participants’ voices in qualitative research which makes this type of research rich
with holistic understandings on the basis of contextual and detailed data.

The specific intention of this qualitative study is fivefold. First, research sought to empirically
understand what the primary differences risk management systems in service organisation in the
Western Cape are. Thereafter, empirically assess the primary areas of the quality management
systems that are adversely affected by poor risk management. Third, determine what the
consequences of inadequate risk management system are, with particular focus on the quality
management system. Fourth, determine what the reasons for inadequate risk management are and
finally, empirically investigate how excellence in risk management in a quality management
system can be achieved. All these evaluations were conducted by means of observation, induction
and evaluation.

This study is deemed to be unique since the examination of literature indicates that an empirical
undertaking to determine the association between risk management and quality management in
service organisations and also to determine whether or not there is a need for the development of
a risk management framework has never been previously undertaken in the Western Cape.

4.1.2 Research Process

A process based on a proposal of Baggs and Clubine (1996: 29), which can be seen in Figure 7
describes the research process that is followed by this study, in an eight step model.

53 | P a g e
 Define
research
problem

Review of
lierature

Formulate
hypotheses

Preparing
the research
design

Data
collection

Data
analysis

Interpretation and
report writing

Figure 7: Reseach process (Source: Baggs & Clubine, 1996: 29)

4.2 DATA COLLECTION DESIGN AND METHODOLOGY

Lapan, Quartaroli and Riemer (2012:8), assert that rigorous data collection is a crucial component
in the production of useful findings from data analysis. Youngberg (1998:53) and OECD
(2015:186) caution that before data is collected it is important to consider how it will be analysed,
reported and used. These authors explain that data collection methods should be selected with
consideration of the validity and appropriateness of data sources. Furthermore, pilot testing is
recommended before implementation to test the feasibility of the research design and increase the
reliability and validity of research findings (Lapan, Quartaroli and Riemer 2012:8; Youngberg
1998:53 & OECD, 2015:186). Thus, this study included a pilot study prior to the main study. The
participants in the pilot study were not the same as in the main study. The pilot study consisted of
three service organisations.

54 | P a g e
According to Biehl (2016:213), a unit of measure is also called International system of units and
is used as a standard for measurement of the same kind of quantity. The unit of measure for this
study is service organisations from which qualitative data in the form of interviews was collected.

Moreover, data collection during this study is regarded as cross-sectional. A cross-sectional study
is one which “collects data about various variables of the sample at one point of time in order to
uncover relationships existing among those variables” (Kumar 2014:10, Mackey & Gass, 2015:2).
Since data collection and analysis only took place once during the month of October 2016 in three
service organisations in the Western Cape this study is therefore regarded as a cross-sectional
study.

4.2.1 Sampling Technique

Target population is the total group of individuals from which the sample might be drawn (Daniel
2011:10). Daniel (2011:9), expresses an opinion that the description of the target population
should specify the nature of the elements, sampling units containing the elements to be selected,
geographic location of the elements and the time period under consideration. The population for
this study comprised all service organisations in the Western Cape. The pilot study participants
were not the same as the main study participants.

Daniel (2011:1) defines a sample as any group of people willing to take part in an investigation.
This author adds that sampling is a process of selecting suitable participants from a population for
a study. According to Joint Commission Resources (2008:35) and Vallabhaneni (2015:490),
sampling is a basic statistical process that involves drawing a limited number of measurements
from a larger source (population) and then analysing those measurements to estimate
characteristics of the entire population. These authors state that sampling a subset of an entire
population helps one predict the results for that population while saving money and resources.
Although sampling can be cost-effective and save time, a researcher must use a statistically valid
methodology to ensure the credibility of the data results (Joint Commission Resources, 2008:35;
Vallabhaneni 2015:490). Three service organisations in the Western Cape were selected to be the
sample.

55 | P a g e
Aligned with the views of Vallabhaneni (2015:490) and Daniel (2011:93), purposive sampling was
used for this research study. They assert purposive sampling is used when a researcher wants to
access a very particular subset of people. Daniel (2011:93) adds that this means that when taking
a sample, people who do not fit a particular profile are rejected. Purposive sample starts with the
purpose in mind. The participants in this research study were purposefully selected by virtue of
their level of expertise in Risk Management and Quality Management. Since the Department of
Water and Sanitation, City of Cape Town and Power Group in the Western Cape were identified
through literature review as organisations that vigorously apply risk management during quality
management, these organisations were selected.

4.2.2 Interviews

Friesen (2010:36), asserts interviews are an excellent learning tool whereby data collection through
conversation is facilitated, with one person acting as an interviewer and the other as an interviewee.
Furthermore, interviewers are able to clarify questions to the interviewees who appear to not
understand certain questions. Another advantage of the interview format is that it allows the
researcher to read and interpret the nonverbal communication of interviewees, enabling the
interviewer to attempt to make sense of responses to questions interviewees struggle with or pause
for a long time before answering (Friesen 2010:36).

This author lists the following types of interviews, namely:

 Structured,
 Unstructured and,
 Semi-structured.

In structured interviews the interviewer simply asks the written questions and records the reply.
The purpose of this is to ensure all interviewees receive the same questions in the exact same order
(Friesen 2010:36). In contrast with this, according to Huss (2009:28), unstructured interviews are
better at gathering more in-depth information since this type of interview allows the interviewer
to go back to interviewee on any response and ask as many additional questions as the interviewer
sees as appropriate. However, the interviewer won’t ask exactly the same question every time a

56 | P a g e
different participant is interviewed, so it could be said that this method is less reliable. Huss
(2009:29) and Friesen (2010:36), explain the format of semi-structured interviews consists of a set
of predetermined questions that the interviewer follows, however this format is flexible in that the
interviewer is permitted to ask further questions and clarify matters.

A semi-structured interview was considered best for this study because this research study is an
enquiry that combined a predetermined set of open questions but also allowed the interviewer to
explore particular responses further (Friesen 2010:36). The data collection instrument of this
study, namely semi-structured interview questions were prepared ahead of time because the study
required specific information on a set of themes. Therefore the researcher prepared questions
ahead of time that would provide data on those themes. This set, consisting of six themes which
are discussed in greater detail in chapter five, emerged as relevant to this study from a study of
literature.

4.3 DATA ANALYSIS

The process of data analysis begins when the researcher categorises and organises data, searching
for patterns, trends and critical themes in the data (Flick, 2015:147). Data analysis in this study
took place through the process known as ‘coding’. The coding process entails the identification
of preliminary conceptual categories (referred to as codes) from the evaluation of research data
(Flick, 2015:147). A code in qualitative inquiry is most often a word or a short phrase that
symbolically assigns a summative, salient and essence-capturing attribute for a portion of
language-based data. The form of coding which this study employed was thematic analysis, since
after the process of coding, the codes were then grouped into themes. An in-depth discussion of
these themes is presented in the next chapter.

It is accepted that qualitative data can consist of interview transcripts, participant observation field
notes, journals, documents, open-ended survey responses, drawings, artefacts, photographs, video,
internet sites, e-mail correspondence, academic and fictional literature (Saldana, 2015:16),
however this study only used interview transcripts as data.

57 | P a g e
The researcher made use of qualitative research software called Atlas TI. After data collection
and transcription all interview transcripts were evaluated in the Atlas TI software programme.
During the analysis of the transcripts (data) all the information in the data that was regarded as
important for this study was marked by first identifying the relevant theme, naming the code and
then sorting them into different code families. The code families were the variables in this study,
namely risk management and quality management systems. This form of coding, namely thematic
analysis in Atlas TI adds value to the research process as it generates a final report that is logical,
non-repetitive and concise.

4.4 DATA VALIDITY AND RELIABILITY

Jupp and Sapsford (2006:86) and Vallabhaneni (2015:197), refer to validity as the extent to which
observations accurately record the behaviour in which the researcher is interested in. They claim
a pilot study, a thorough literature review, peer review or statistical validation are some of the
methods that can assure validity. In this research, the researcher made use of the pilot study to
ensure that this work was valid. The pilot study was conducted on six employees and managers
of the three service organisations in the Western Cape. The pilot study participants were not the
same as the main study participants. A pilot study is a research study conducted before the main
study (Jupp & Sapsford 2006:85). The researcher conducted a pilot study during the months of
June and July 2016. Following the completion of the pilot study both the process that was followed
and the results of the pilot were examined to determine if the research design was suitable to meet
objectives of this study. The results of the pilot study proved that the research design was suitable
to meet the objectives of this study.

Jupp and Sapsford (2006:86), states that reliability refers to the consistency of observations,
usually whether two (or more) observers or the same observer come to the same conclusion on
separate occasions while studying the behaviour that comes away with the same data. These
authors claim that observational methods have the advantage of evaluating the participant’s
involvement and engagement during the interview process. The researcher as the participant
observer carried out observational methods of data collection by observing how the participants
were engaging during interview processes. The researcher explored how participants answered

58 | P a g e
the questions and what they did when they did not understand the question. The disadvantage of
this method is that participants may change their behaviour when they know that they are being
observed (Walton, 2010:213). However, it was noted that the participants felt at ease with the
researcher. This method proved to be a method of ensuring data integrity in this research study.
Joint Commission Resources (2008:35) and Vallabaneni (2015:197) assert that data integrity
ensures that no critical data are missing and that the data abstracted are reliable and valid. Thus,
the researcher conducted this research in a manner that would allow the conclusions drawn from
research to be considered valid.

4.5 ETHICAL CONSIDERATIONS

Oliver (2010:9) asserts ethics is concerned with moral perception of what is regarded as what is
‘good’ and what is ‘bad’ for individuals and society. This author advises that it is important to
observe ethical considerations from early stages of a research project. All researchers, regardless
of research designs, methods, sampling and techniques are subject to ethical considerations
(Oliver, 2010:9).

The following ethical considerations were adhered to in this research study, namely:

 A detailed application was submitted to the Research Ethics Committee of the Cape
Peninsula University of Technology for approval to conduct the research,
 Consent, permission and approval for the research in selected service organisations in the
Western Cape were granted,
 Informed consent was obtained from the participants,
 Participants were not subjected to any risk of unusual stress or embarrassment,
 The researcher ensured that participants remained anonymous,
 The research was conducted in accordance with the ethical requirements to report the
findings in an honest manner.

59 | P a g e
4.6 CONCLUSION

This chapter presented the research plan and methodology that focused at resolving the research
objectives of this study. An empirical qualitative research approach was identified as the research
method to meet the requirements of the research. The identification of a suitable research method
led the researcher to follow step by step procedures for sampling and the collection of research
data.

Data collection design and methods developed for this research study outlined important aspects
such as the unit of measure and sampling techniques providing a structure for the analysis of data
and interpretation in the next chapter. Validity and reliability of data as well as ethical
considerations were identified as critical components of good research.

The next chapter will then extrapolate on the manner in which the data was analysed and findings
obtained from research data are presented.

60 | P a g e
CHAPTER 5: DATA ANALYSIS

The previous chapter discussed the research methodology, presenting the methodological
approach, data collection design, data analysis, data validity and reliability and ethical
considerations. This chapter covers the presentation of the results of the data analysis.

5.1 THE RESEARCHER’S APPROACH TO DATA ANALYSIS

“The three P’s – Person, Processes and Presentation are key issues in data analysis”. (Grbich,
2012: 1). These three elements are important to any undertaking of qualitative data analysis.

Grbich (2012:3), asserts that the researcher collects data from the real world, from situations and
people involved in what the research problem is. Then the researcher performs the process, which
is the second concept Grbich (2012:3) refers to. This process involves the transcription and
analysis of the data. Transcription entails capturing the dialogue or narrative from the devices on
which it was recorded into a document format so there is a clear researcher-defined column of
notes. Preliminary data analysis followed the transcription stage. The third concept that this author
refers to is when the findings are displayed and theoretical interpretation of the analysed data is
presented for the reader to assess. The researcher followed these processes in this research study.

5.2 THE NATURE OF PARTICIPANTS

All of the participants interviewed in this study were experts in Risk Management and Quality
Management based on their experience and their work involved an aspect of risk management and
quality management. The participants resonated with the need for a risk management framework
in service organisations in the Western Cape and provided rich insight into the matters that are
associated with risk and quality management. Nine people who are involved in risk management
and quality management in their organisations were interviewed. All participants were based in
the Western Cape. The participant complement consisted of three executive employees who
manage risk and quality in large service organisations and six members who serve as operational

61 | P a g e
employees in these large service organisations. All of the participants were deeply involved in risk
and quality management and held very strong views on the topic.

5.3 DATA ANALYSIS

There were six major themes that emerged from literature in chapter three that was reviewed,
namely:

Risk Evaluation.

During the risk evaluation process it is believed that the identification of gaps in the risk
management system will lead to an improved programme for the organisation’s framework for
managing risk (Covello, Menkes and Mumpower 2012:360).

Integration.

The findings of research conducted by Kemp, Schotter and Witzel (2012:118), found that upon
evaluating the degree of risk management that is integrated into quality management the primary
areas of the quality management system that are negatively affected by poor risk management are
identified.

Perception.

According to National Safety Council (2014: Online), the determination of executive employee
and operational employee perception on risk management within the quality management
demonstrates that the perception can be measured.

Risk Factors.

The consequence of inadequate quality management system are identified when identifying the
factors affecting the risk management system. Identification of risk factors leads to the
development of a plan for changes to improve services on a continuous basis (McLinden. [Link].
2010:101).

Constraints.

During the assessment and measurement of risk exposures referred to in the previous step,
constraints are identified. These constraints are regarded as barriers in the way of meeting
objectives (McLinden. [Link]. 2010:12).

62 | P a g e
 Other Factors.

New types of risks are encountered on a daily bases, therefore other factors that influence risk
management within quality management are identified during the risk evaluation process leading
to an integrated framework for a holistic approach for managing risk (Young 2014:25).

5.3.1 Evaluation of current risk management system within quality management

Theme 1: Risk Evaluation

Literature reviewed in chapter three on risk evaluation revealed that the functions performed by
the role which managers play in service organisations ensure success. For this reason, it is very
important to involve management in all stages of risk evaluation (Covello, Menkes and Mumpower
2012:360). These authors advocate a systematic way to determine the effectiveness of an
organisation’s current approach to risk management. This approach considers the objectives of the
organisation as well as how these objectives are expressed and communicated throughout the
organisation.

A finding during data analysis in this study was that the importance of risk evaluation at all levels
in the organisation is one that emerged readily during the majority of the interviews with the
participants. The participants were very passionate about this subject and were very zealous to
dwell on the subject as they felt that it is a very important issue in any service organisation. One
important issue that emerged surrounding risk evaluation was plan, do, check and act.

Some participants agreed that service organisations need to plan, do, check and then act in order
to ensure success in their service organisations, which is consistent with the views of Covello,
Menkes and Mumpower (2012:360) on a systematic approach. These participants said:

“The plan, do, check and act, is still the main ideology of the quality management system”.
PARTICIPANT A

“You still need to plan, do, act and check if something is wrong”. PARTICIPANT I

Another participant expressed their view that the whole idea was to evaluate risk management
within quality management at all levels. The participant said:

63 | P a g e
“The whole idea now is to assess risk at all levels in the organisation”. PARTICIPANT G

These participants believed that risk management and quality management should be integrated to
ensure success in service organisations. They highlighted that the changes between the ISO
9001:2008 and ISO 9001:2015 specifically with regards to risk management were significant.
When asked about their knowledge of the changes between the ISO 9001:2008 and ISO 9001:2015
specifically with regards to risk management, participants had this to say:

“When it comes to risk management in 9001:2008 it is implied but not defined meaning
that what they have done, they have brought in and shortened it to basically ten questions
and it also aligned ISO 9000 and 14000”. PARTICIPANT H

The same participant went on to add:

“They are all asking the same questions but in different subjects”. PARTICIPANT H

Participant E added that:

“They have aligned the three standards (ISO 9000, 14000 and 31000) much closer together
so that they can talk to one another and the big element that must be addressed in all three
of them is risk management”. PARTICIPANT E

Participant D was very passionate and knowledgeable about ISO 9001:2008 and ISO 9001:2015
and expressed their knowledge as follows:

“It is like corporate governance; I believe some elements were added. In terms of ISO
9001:2015 you have about ten elements that you look at now. Some were never there in
the old one. Your support, operation and performance evaluation and improvement, those
are the elements that are now in the new standard”. PARTICIPANT D

Corporate governance is a set of systems, processes and principles which is about promoting
fairness, transparency and accountability (Monks and Minow 2011:429).

Participant G had the following to say:

“ISO 9001:2015 standards inform business to identify and address risks affecting their
service compliance resulting in improved customer satisfaction. Besides identifying the
risks, the new ISO standard addresses opportunities for improvement based on the risk
analysis”. PARTICIPANT G

Participant C expressed their view as follows:

64 | P a g e
 “My understanding is that it is about governance and the control environment for an
example about providing leadership and measuring the whole organisation and the
objectives of the organisation, to ensure that at the end of the day your expectations are
met”. PARTICIPANT C

The same participant went on to add:

“My understanding is that the intensive application of the ISO 9001:2015 is now on the
technical side of the risk management”. PARTICIPANT C

Participant F said:

“My knowledge is limited because I have not read the new standard but I have an idea that
it is risk based. “When I attended an ISO 9001:2008 the person who took us through the
course, said the changes are very few; there is not much of change”. PARTICIPANT F

Participant B pointed out that the new ISO 9001 is ensuring that risk is part of the quality
management process.

“ISO 9001 has always focused on mitigating and avoiding risk; the new ISO is ensuring
that risk is part of the quality management process. It also focuses on preventing and
correcting unwanted actions and outcomes but it has been limited to specific elements”.
PARTICIPANT B

It is clear from the above responses that the participants understand their high leadership roles with
regards to quality management and risk management and that they are committed to risk evaluation
for the purposes of improving their current system. These responses correlate with Covello,
Menkes and Mumpower (2012:360)’s view that evaluation of current risk management leads to a
clear-sighted programme improvement for the organisation’s framework for managing risk.

5.3.2 The degree of risk management that is integrated into quality management system

Theme 2: Integration

Literature reviewed in chapter three on this topic indicated that risk management is inseparable
from quality management ([Link].2010:101). These authors emphasized their belief that
risk management should not be regarded as something that is done in isolation from an
organisation’s management framework because it can affect the outcome of risk management.

65 | P a g e
Furthermore, the authors argue that when risk management is treated as a separate activity it can
result in inadequacies in a risk management and affect the quality management negatively.

When asked about how risk management is integrated into their quality management system, the
researcher observed the confidence with which the participants spoke about this issue. One
important issue surrounding integration was aligning risk management to quality management in
everything that is done.

One participant had the following to say regarding the integration of risk management into the
quality management system:

“Risk management is integrated in everything we do”. PARTICIPANT A

Another participant spoke about how everything they do needs to be aligned and tied to risk
management and quality management:

“We always have to check that everything we do ties risk management to quality
management”. PARTICIPANT F

One participant pointed out that the new ISO 9001:2015 is ensuring that risk is part of the quality
management process. One participant expressed their opinion that there should be integration
between quality management and risk management but pointed out that unfortunately it is non-
existent in their department with a perception that there is a gap that needs to be closed currently:

“Risk management is separated from quality management. It is as if it is a separate

document from what we are doing on a day to day basis. Currently there is no integration
in our department. There is a 2020 vision document being prepared, so I am hoping that
by 2020 every person in the organisation will understand that risk management should not
be separated from quality management”. PARTICIPANT E

The amount of risk management integrated into the quality management system was summarised
and defined by the next responded who said:

“If I may define the difference between the two, a ‘risk is what can stand between you and
the achievement of your goal or your ultimate goal or all your objectives, now you are
trying to identify what will hinder you or what may affect you in achieving your objective’
and when you go to quality management you are talking about meeting and exceeding the

66 | P a g e
 needs of a customer. This definition on its own makes us as an organisation integrate risk
management with quality management”. PARTICIPANT D

Furthermore, the participant added that:

“If you are not managing risk well you are likely not going to meet the expectation of the
customer. We ensure that risk management is integrated with quality management”.
PARTICIPANT D

The same participant went on to add:

“In that approach, if you are now talking about your ISO 9001, we are dealing with the
engagement of the customer, the stakeholder engagement intensively. The aspect is to
identify whether you will meet the needs of the customer or of the client. So the relationship
between the two is if you are not managing well the one, then the other one is going to be
affected. That is why, we talk about integrated quality management system, meaning from
the onset, while you are managing risk, and on the other hand you are enhancing the
quality of the output. PARTICIPANT D

The same participant concluded and said:

“In overall, whether consciously or unconsciously there is an integration of risk

management and quality management system”. PARTICIPANT D

The participants were asked to indicate how much risk management was integrated into their
quality management system. Almost all participants indicated that risk management is integrated
in everything they do. However, one participant indicated that risk management was separated
from quality management in their department. This participant highlighted that there was a
perception that there was room for improvement.

From the above discussion it is clear that some of the participants understand that risk management
should not be regarded as something that is done in isolation from an organisation’s management
framework. These findings correspond with the view of McLinden et. al. (2010:101) that when
risk management is regarded as something that is done in isolation from an organisation’s
management framework, it has a potential of affecting the outcome of risk management, resulting
in inadequacies in a risk management adversely affecting quality management.

5.3.3 Executive employee and operational employee perception on risk management within
the quality management system in selected service organisations

67 | P a g e
Theme 3: Perception

According to literature reviewed in chapter three a perception exists that risk management is
inherent in the daily tasks of a successful quality management (National Safety Council (2014:
Online). Another perception advanced by this author is that risk management in the field of quality
must be documented and implemented in an integrated way in all operations, processes and
existing activities. This author concludes that the perception of executive employees and
operational employees on risk management within quality management is that risk management
must be part of the organisation’s strategy in quality management. Lack of consultation, lack of
communication, lack of performance management were some of the important issues surrounding
perception.

One participant summed it all up as follows:

“The only aspect now that is killing is maximum consultation, now if you don’t consult so
well then you are not going to understand exactly what the needs of the customer or your
clients are”. PARTICIPANT D

From this it is understood that this participant recommends that there be increased consultation
with customers or clients. Participant D is of the view that when consultation is minimal there is
a risk that the needs of the customer of client will not be met.

Participant D added:

“If you don’t consult so well, then you are likely to produce something that is below what
is expected by your customers”. PARTICIPANT D

Additionally the same participant had this to say:

“The issue of communication is very important as well as the engagement and the
evaluation”. PARTICIPANT D

Another said:

68 | P a g e
 “In our approach, we talk of performance management, measure yourself so that you don’t
at the end identify you have irreparable damages, only then you identify that you have a
problem”. PARTICIPANT H

Participant C agreed with Participant H’s opinion and highlighted the importance of risk in an
organisation and the importance of the design stage. He said:

“Risk is important and it starts at the design stage because whoever designs or
manufactures a product should actually provide those kinds of steps, they should provide
the kind of information that stipulates what risks are within. The design stage needs to
provide all the information needed with regards to the risk and the quality thereof”.
PARTICIPANT C

Participant D linked the lack of integration of risk management and quality management to lack
of ownership.

”Quality management is about the organisation, all the things that are there within the
organisation, what it is that needs to be done and how it needs to be done”. PARTICIPANT
D

One participant had the following to say regarding managing risk:

“We are never going to be perfect. Risk management is an ongoing focus area but risk
management in my organisation is (because of the nature of our business) moving all the
time. Things don’t stay the same that means that one has to assess risk on many levels and
it is a focus area of ours and we do get it wrong but we have a post-mortem process where
we look at it and ask ourselves, what did we see in the beginning? Were those views right?
Were those views wrong? Upon finding answers, the information is taken back to the
procurement department to make sure that they are aware of the mistakes or any views
that they took”. PARTICIPANT A

Participant A agreed with Participant I and said:

“If something goes wrong it can have implications, risk implications. The quality of your
work is how accurate it is and it ties in with managing risk”. PARTICIPANT I

69 | P a g e
Participant G expressed his views relative to executive employee and operational employee
perception on risk management:

“You need to consider risks and opportunities as elements of the core planning processes
and leaders within the business must go beyond just supporting risk-based approaches and
become strong advocates of the practice”.

The same participant added:

“Risks and opportunities must become the core of serving the business or organisation’s
customer base, including not only maintaining quality, but to improve customer
perceptions as well”.

Another pointed out that there are different perceptions.

“From management’s side, you have got all the policies that guide you on how to do things
but the interpretation thereof escalating down might be different because some employees
when you tell them they cannot do a certain thing they find it as gate keeping. There are
different perceptions. From management’s point of view, we fully understand where this
attitude comes from and now the level of understanding of each employee in terms of their
levels is not seeing it from the point of view of a manager. Employees don’t really realise
that there needs to be some systems in place by government to make sure that monies are
spent wisely and efficiently. So from the employees point of view whatever risks
management plans are put in place or your mitigation plans they might not receive them
well, most of the time they don’t receive them well. And in terms of operations, employees
understand their content of work but in terms of understanding broadly why they are doing
what they are doing a certain way, they don’t really understand”. PARTICIPANT F

In assessing the perception on risk management within the quality management system in the
selected service organisations, it was found that the majority of the participant’s understanding of
perception in a service organisation was that the establishment of executive employees and
operational employee’s perception on risk was of utmost importance if an organisation wanted to
evaluate the current risk management system of an organisation. These findings corresponds with

70 | P a g e
Young (2014:42)’s view that such perceptions steer decisions about the acceptability or risks and
have a core influence on behaviours before, during and after disaster.

5.3.4 Factors that affect the risk management system

Theme 4: Risk Factors

Literature reviewed on factors that affect risk management in chapter three indicated that a major
factor which can result in inadequacies in risk management affecting the quality management
negatively is treating risk as something that is done in isolation in an organisation (McLinden et.
al. 2010:101). These authors stated that when the risk factor is identified, then evaluating those
inadequacies easily leads to the development of a plan for changes to improve services
continuously ensuring customer satisfaction. Leaders not setting good example, cash flow, and
mismatch of skills were all important issues surrounding factors that affect the risk management
system.

One participant had this to say regarding the factors that affect risk management resulting in
adequacies:

“Lead by example and walk the talk, from the shop floor to the top floor”. PARTICIPANT
G

From this it is understood that it is very crucial for leaders to set a good example and ensure that
they themselves do what they tell their employees to do. When top management is not leading by
example it can affect the risk management adversely.

In support of participant G, participant A explained what they do in their organisation:

“Managing risk, there are twenty high level risks that we are managing well, things like
cash flow, certain clients that we work with, limits of the authority is one of the issues, it
has to be looked at because as the business gets bigger we spend more money, so the risks
are increasing at all times so at a high level, company level, there is a good risk focus”.
PARTICIPANT A

Another participant confidently declared that the identification of their risks is perfect but
mismatch of skills is one of the factors that affect the risk management system.

71 | P a g e
 “Firstly, we know what risks we have, the identification of risks is perfect. That in itself
we do thoroughly. And then in terms of policies in place; to mitigate those risks that might
be involved we do it hundred percent but in many cases there is mismatch of skills within
the whole water sector or government”. PARTICIPANT F

The same participant further stated that:

“There is a whole lot of mismatched skills and you find that it results in people doing things
in an incorrect way. There’s skills gap. There is a capacity issue in terms of our support
structures and our supply chain. There are a whole lot of gaps in terms of adequate skills,
adequate in terms of knowledge and adequacy in terms of numbers. We do not have enough
people”. PARTICIPANT F

Another said:

“Risk within quality – it is very intertwined because the identification or classification

thereof will be how best you would implement or make that material or item work once you
know what the risk factors are. Your planning of activity would be of great importance of
how your products conform to the standards or the product is nonconforming to the
standards so once you know what the risk factors are you’ll be able to identify with the
quality thereof, you’ll be able to understand the quality and how the quality thereof works”.
PARTICIPANT C

One participant had this to say about the factors that affect the risk management resulting in
inadequacies:

“Even the identification of risks we are not doing well because it is hard for the employees
in the organisation to understand risks and challenges. The first thing is to identify. We
cannot even separate risk from the challenge”. PARTICIPANT E

Following the participants listing of the risk factors, the participants were asked to indicate areas
in which they think they are doing well in terms of risk management in their quality management
system in order to deal with the risk factors. They listed various areas which will now be discussed.

72 | P a g e
 “There is a lot of things that can go wrong, meaning if it starts incorrectly with the filing
system, there can be implications and can affect a few things so planning and organising
needs to be in place to make sure that the flow is right from the other person to the next
person”. PARTICIPANT B

One participant summarised the situation as follows:

“If one has to marry the two, we have already developed a culture of integrating a risk
management in all our business, meaning at least every functional unit is now able to
identify its own risks. By doing so, if you are minimising or mitigating the risk, surely you
are improving quality on the other hand because what is produced at the end will be what
was expected in a given financial year, if that is the case, one can be able to communicate
in advance to say managing that particular project is beyond one’s control. So
communication should be the integral part of it. If managing a risk of not achieving what
you aspire to achieve rather communicate”. PARTICIPANT D

The same participant said that they think the following can be done in order to more effectively
deal with factors that affect the risk management system that result in inadequacies:

“But what I think we can do better is right from the beginning, marry the two which is a
plan and a risk, the two must run together. Marry a plan and a risk. By doing so, you also
apply what is called monitoring and evaluation. Monitoring and evaluation also assists
you to identify risks, the new risks. If you go to monitoring and evaluation you will be
doing it in five phases, namely, conceptual, formative, summative, output and then impact
evaluation. PARTICIPANT D

A participant pointed out that:

“When we are planning things on the job, we could do risk assessment. Once you’ve got
the job and you’ve got the plans and the specifications as well as the construction material
now you need to do a re-assessment because what you have done at the time of tender
might not be relevant anymore. Some of it can be relevant but there might be new risks
that are emerging. So once you start the plan, the PDCA cycle, I’m not saying that we are
not doing it, I’m saying that there is room for improvement that the start of the job needs
to improve. PARTICIPANT A

Participant A added that:

73 | P a g e
 This is what is going to come with ISO 9001:2015, I am thinking of innovative ways of
making sure that we are effective in terms of our risk assessment, you know further down
into the business at all levels. When I say all levels, I am talking about operation levels,
out in the field. Look at what can go wrong, what is the likelihood of it going wrong and
how we are going to prevent it or how we are going to mitigate it at least, you might not
prevent it but what are you going to do to make sure that the least amount of impacts is
coming”. PARTICIPANT A

Another participant said:

“Continuously communicate and have workshops to keep staff updated”. PARTICIPANT

G

Another participant pointed out that one can do better by being proactive in what they do. This
participant further pointed out that one needs to do one bit more than what they are doing because
it is all about acquiring knowledge and adding value in the organisation.

“I think better planning, communication and making sure that information or the work that
you are doing is first time right. Time management is also critical so that you don’t have
to come back and spend another day where you could have done or focused on something
else”. PARTICIPANT I

On the topic of people’s attitudes and control of the environment Participant E said:

“Once you change your attitude about something at least you can be able to know where
you are going. And then the control environment should come from the top because I know
from top management meetings when they have performance meetings, they should be risk
based. If they don’t achieve an objective, there are risk factors there but risk management
is not a language that is even strong from top management hence I am saying the tone
should come from the top”. PARTICIPANT E

One participant summarised the things that can be done better in their organisation as follows:

“I think what can be done better is corrective measurements, reporting, monitoring and
training”. PARTICIPANT C

74 | P a g e
One particular participant was very concerned about budgeting allocation and expressed this as
follows:

“Allocation of enough budget and skills attached to each risk identified would lead to
proper mitigation of those risks”. PARTICIPANT F

Mismanagement of cash flow and a mismatch of skills are some of the factors that were highlighted
by the participants. There were participants that mentioned lack of communication, lack of
planning and employees in the organisation not understanding risks as some of the factors that
affect risk management within their quality management resulting in constraints to risk
management within the quality management system. Some of the responses correlate highly with
McLinden et. al. (2010:101)’s statement that a significant component of any management
framework is the planning process and that this is the ideal place for the formal and systematic
management of risk within quality management to begin. Monitoring and evaluation together with
risk assessment were mentioned as one of the control measures that could assist in dealing with
these constraints.

5.3.5 Constraints to risk management within the quality management system

Theme 5: Constraints

According to the literature reviewed in chapter three, dealing with constraints can lead to a service
or a product delivery on time, on budget and with the quality results that the customer expects
(Kendrick 2015:25). Insufficient time, lack of communication, improper planning; inadequate
skills and capacity, non-existent project management approach, non-existent consequence
management, people and money were all important issues surrounding constraints.

One participant highlighted that planning was a major constraint due to the fact that in various
cases timing was so limited:

“There is not enough time to spend on the planning process so the identification of various
processes become irrelevant so you would forget about this, leave this out and eventually,
you find that say for instance, you placed an order and it does not get communicated to the
parties who are receiving the order, so this would be what it is that you need to look out
for, that it fits on the left and not on the right when it comes”. PARTICIPANT C

75 | P a g e
Another participant pointed out that information and people can be major constraints to risk
management:

“If a person doesn’t do proper planning and the information comes through to us for
instance for ordering big materials where incorrect orders can go through and obviously
with that there’s cost involved, money is involved”. PARTICIPANT B

Participant A theorised that sometimes constraints to risk management are money and resources:

“One of the key things with any SHEQ system (safety, health, environment and quality) is
when events are happening. When there are no events happening, when there are no bad
stories, people start to ask why we even have this SHEQ. Not realising that because you
have it, that is the reason why you don’t have things going wrong. The minute things are
going right, people start to say; can we not share the safety person or can we not share the
quality person, so pressure starts to come when there are no bad stories. The people start
to want to take these resources away”. PARTICIPANT A

In assessing constraints to risk management within quality management participant F said:

“People, inadequate skills and capacity both in terms of knowledge and numbers are a
constraint. You do find a lot of people doing a lot of things at once; they are expected to
do a lot of things at once. And a person can only do so much”. PARTICIPANT F

Participant D summarised his observation about the constraints that he has on risk management
saying that there was never a project management approach. He firmly believes that project
management encompass risk management.

“You have risk management champions; employees don’t know that to mitigate a risk you
are entirely and solely responsible to mitigate that risk. As a manager, I can assist you to
strategise and show you how to mitigate that risk but the only person that can mitigate that
risk is the project manager but currently, especially on the administrative part of it, like I
say it was traditionally not the field that was the project management approach, especially
in government but now we are at a stage where employees need to know that they are
entirely responsible to manage risk in their respective line functions. That is what needs
to be improved”. PARTICIPANT D

76 | P a g e
Another said this about constraints to risk management:

“It’s even difficult to hold meetings. It is like employees don’t even care to attend meetings,
they just attend for the sake of it because they don’t feel it is part of their responsibilities.
And it is something that is lacking from their performance agreements. I feel risk
management should form part of every employee’s performance agreement. Employees
are reluctant to comply because they know risk management does not form part of their
agreements. It is adhoc tasks to them. Even though they know it is not really an adhoc
function, because they should know that whatever they do they need to manage the risk”.
PARTICIPANT E

Participant E went further to say:

“I feel that even job descriptions need to be risk based so that when an employee is assessed
and their performance is not talking to the risks in the organisation, they get a zero for
their performance and if they have underachieved they face the consequences. The other
thing that is lacking and is a huge constraint is consequence management because
employees know that whether they perform well or they don’t nothing is going to happen
to them”. PARTICIPANT E

Participant G added that:

“One of the constraints to risk management is the inability to get employees to live the
system on a daily basis through change management”. PARTICIPANT G

From the above findings it can be concluded that all participants understand the constraints that
exist in their organisations. These findings revealed a belief that project management encompass
risk management and that the absence of a project management approach is one other factor that
influence risk management within quality management. These findings corresponds with
Kendrick (2015:25)’s claim that risk management and quality management can be applied
successfully in a project to prevent failures.

5.3.6 Other factors that influence risk management within quality management

Theme 6: Other factors

77 | P a g e
Rocha-Lona, Garza-Reyes and Kumar (2013:128), believe that other factors such as empowering
employees, improving processes, instituting a quality oriented culture and promoting teamwork
ethics are very important factors that need to be understood and be in place in an organisation.
Attitude of people, culture, financial risk, inadequate knowledge management, lack of ownership
and external factors were important issues surrounding other factors that influence risk
management within quality management.

“People, attitudes, culture and attitude of people are major factors that influence the risk
management within the quality management system”. PARTICIPANT A

Participant A elaborated on that:

“At the planning stage, you have to spend a lot of time there, the more you plan, the most
successful you are going to be, obviously the checking is important but your plan you have
to think carefully about it”. PARTICIPANT A

Another participant added that information, either product information or knowledge are the other
factors that influence the risk management in their quality management system.

“Knowledge of implementation, people don’t communicate with one another with regards
to how certain activities in the quality management system need to work or how certain
risk management and quality management processes need to take place”. PARTICIPANT
H

The same participant expressed their view that financial risk was another factor that influenced
risk management within quality management:

“You get financial risk; I think our knowledge is limited when it comes to the various types
of qualitative risk, the quality when it comes to administrative risk, there is a risk attached
to that as well”. PARTICIPANT H

Participant G said:

“Risk must become a focal point in defining actions and also how to use risk to the
organisation’s advantage in terms of risk mitigation, risk-taking, sharing risk and include
it into ongoing daily activities”. PARTICIPANT G

Another participant expressed their opinion that inadequate knowledge management is another
factor that influences risk management:

78 | P a g e
 “Knowledge management is one of the factors that influence risk management, you have
got a lot of employees that are moving around and that knowledge is not captured. You
have got employees redesigning the cycle. Knowledge is not stored, you have got
employees leaving and you have got employees coming in and they start the cycle, which
in itself is a risk for our organisation. We do not have a proper knowledge management
system in place, even though we are trying now. Our department has just recently
established the knowledge management unit at Head Office but it is moving very slowly. I
think if everybody knew the organisation so well, I am talking about human resources,
support units, knowing what the other is doing, I think we would be all kind of experts in
what we do. People know what they are doing in their space but have no idea how it fits
into the bigger picture”. PARTICIPANT F

Participant F added that:

“The other risk that we have I think is old infrastructure and that whole inadequacy in
planning back then where not all people were planned for to receive services now we are
catching up. Now when we are catching up, the other systems that we have there in terms
of your infrastructure are old and now your budgeting is working double. We are in a
predicament where we don’t know whether to revamp the whole system and at what cost
or do you fix but while fixing at some stage you need to replace”. PARTICIPANT F

One employee cited the other factors while demonstrating her passion for quality and risk
management as follows:

“If risk management was in every employee’s profile we would not be experiencing any
problems. It should be everybody’s responsibility because you would not have to remind
a person to report. If I had the power to make changes in the department I would definitely
influence everyone to think quality management and risk management. I would put it to
the managers that if they are going to be reporting, they need to understand quality
management. Even though there is no ownership, for our own development and knowledge
we need to go this management route”. PARTICIPANT I

In assessing other factors that influence the risk management within the quality management
system one of the participants indicated that some of the risks are external:

“You are dealing with opportunities and threats. Some factors are very much more
external because there are issues you don’t necessary have control over. You aspire to
manage or mitigate a particular risk with your quality management system and you are
doing all what is in your power to mitigate that particular risk, however, you are

79 | P a g e
 confronting what is beyond your control. Drought for an example, is an external factor
that may constrain you in achieving what you aspire to achieve”. PARTICIPANT D

Participant G agreed with participant D:

“Sometimes we cannot mitigate certain risks. For an example, you might go into an area
with a lot of supply, and there might be risk at gunpoint or violence popping or have our
equipment being burned, those are the risks we don’t have control over. Operational risks
as we know them within the business we can manage them. Internal environment is fine
however external environment changes on a daily basis. Might be better or worse and that
in itself is a risk”. PARTICIPANT G

From the above discussion it is clear that all participants understand that culture, attitude of people
and planning are major factors that affect the risk management within the quality management
system. These findings corresponds with the statement by Rocha-Lona, Garza-Reyes and Kumar
(2013:128), that improving processes, empowering employees, instituting a quality oriented
culture and promoting teamwork ethics are very important factors that need to be in place in service
organisations.

5.4 SUMMARY OF FINDINGS

In evaluating current risk management within quality management system of selected service
organisations in the Western Cape the participants were asked firstly about their knowledge of the
changes between the ISO 9001:2008 and ISO 9001:2015 specifically with regards to risk
management. Secondly, the participants were asked about the degree of risk management that is
integrated into their quality management system. The themes that were identified from the above
participant’s responses were risk evaluation and integration. The important finding surrounding
the risk evaluation theme was plan, do, check and then act. With regards to the changes between
the ISO 9001:2008 and ISO 9001:2015, the participants highlighted that the changes were notable.
These participants firmly believed that in order to ensure success in service organisations risk
management and quality management needed to be integrated.

80 | P a g e
To determine the executive employee and operational employee perception on risk management
within the quality management system in selected service organisations the participants were asked
what their perception was on risk management within their quality management. The theme that
was identified from their responses was perception. There were different perceptions, however,
participants were in agreement that lack of maximum consultation, lack of communication, and
lack of performance management were some of the important issues that surrounded this theme.

During the establishment of the factors that affect the risk management system resulting in
inadequacies, three themes were identified, namely: risk factors, constraints and other factors.
Cash flow, mismatch of skills and leaders not setting a good example were all important issues
surrounding risk factors that affect the risk management system. Insufficient time, lack of
communication, improper planning; inadequate skills and capacity, non-existent project
management approach, non-existent consequence management, people and money were all
important issues surrounding constraints. Other factors that influence risk management within
quality management included attitude of people, culture, financial risk, inadequate knowledge
management, lack of ownership and external factors.

Two participants’ best summed it up, agreeing and demonstrating that there is a need for a risk
management framework for the improvement of services and closing gaps that are currently
evident in risk management which affect the quality management negatively:

“The culture, especially on the administration in identifying that or knowing that I am

entirely responsible to manage risk, is not yet there. We are not there yet. That is what
needs to be improved upon; it constrains you in identifying and consolidating a risk
register in a particular organisation”. PARTICIPANT H

“Currently there is no integration in our department. Risk management is separated with

quality management. There should be an integration but unfortunately there is a gap
currently”. PARTICIPANT E

81 | P a g e
5.5 CONCLUSION

The findings of data analysis above cover the key themes that developed from the literature
reviewed in chapter three. All the participants were in agreement with the valuation that the lack
of certain elements in the risk management framework had a negative impact on quality
management resulting in inadequacies and that there is a need to explore the reasons for the less
than desired progress. The views of the participants were different, however they agreed that there
were gaps and that acknowledging room for improvement in the management of risk was essential.
The findings correlate with Philpott and Gentz (2012:74) who recognised that effective
management is best achieved through the development of a comprehensive framework for
management of risk within an organisation.

The above reflects the view of Young (2014:25) who emphasise that an integrated framework for
an overall approach to risk management which is part of a quality management system is required
because new types of risks are encountered every day. The goal of the framework is to manage
the risks. This is supported by McLinden et. al. (2010:101), who found that central element of
any risk management framework should be clear statements of the organisation’s objectives,
together with an identification of risks to be managed.

The following and final chapter of the research study will present the risk management framework
developed from this analysis.

82 | P a g e
CHAPTER 6: CONCLUSION

6.1 INTRODUCTION
The purpose of this research was to explore the most influential factors, pertaining to risk
management, that have a negative effect on the quality management system in selected service
organisations in the Western Cape with the objective of developing an improved plan for changes
to current risk management system. The research also aimed at evaluating current risk
management within quality management system; determine the operational employee and
executive employee perception on risk management and evaluating inadequacies in the risk
management system in the selected service organisations in the Western Cape. This chapter
presents a framework based on the research conducted on risk management and quality
management in three service organisations in the Western Cape. The framework is based on the
comprehensive literature review and the findings of data analysis conducted from interviews.

6.2 THE RESEARCH OUTLINE

The outline of the development of the research process is provided in relation to the overall
research conducted and presented in earlier chapters which were:

 Chapter 1: This chapter outlined the research questions, background of the research
environment, investigative questions, research objectives, research process, research
design and methodology, data collection design, research assumptions and constraints.
 Chapter 2: This chapter provided a holistic overview of the research environment,
including a thorough evaluation and understanding into the current quality management
and risk management in the selected service organisations in the Western Cape.
Furthermore, the chapter discussed and highlighted the need for the development of a risk
management framework for the purposes of providing a tool that can be employed by
service organisations in the Western Cape in order to make momentous quality
improvements.
 Chapter 3: In this chapter, a holistic literature review in the areas pertaining to quality
management, risk management and service organisations was conducted with the

83 | P a g e
 understanding and knowledge to be able to build a suitable research design that will achieve
the research objectives.
 Chapter 4: A detailed discussion of the research design and methodology used to conduct
research was outlined in this chapter with an explanation of the procedures, participants,
data collection tools and analysis methods.
 Chapter 5: This chapter covered the presentation of the results of the data analysis.
 Chapter 6: This chapter presented a framework that was based on the comprehensive
literature review and findings of data analysis conducted from interviews.

6.3 SUMMARY OF THE OVERALL FINDINGS

The overall finding of this research is that there are gaps that need to be closed pertaining to quality
and risk management. Based on the findings of data analysis it emerged that only top management
are very knowledgeable about the changes between the ISO 9001:2008 and ISO 9001:2015 with
regards to risk management. However, they were not comfortable and confident that they were
where they needed to be in terms of being knowledgeable to the extent that they express themselves
openly about the topic. Some felt that their knowledge was limited due to not being sent on an
ISO 9001:2015 course to gain proper knowledge about quality and risk management. Some of the
operational employees stated that even though they perform their duties according to the ISO
standards, they were not aware that they are doing quality management. One of the executive
employees mentioned that when they go on site to do an audit, they don’t mention to the employees
that they are doing a quality check but rather just visit employees to evaluate their performance
because they feel that they do not want to overwhelm their operational employees and bore them
with detailed standards telling them how to do their work. This finding is supported by the
literature reviewed in chapter 3.

Additionally, because risk management is an ongoing focus area in the sense that current situations
pertaining to quality management is not constant, risk increases at all times and this research
revealed that there will always be room for improvement and gaps to be closed.

Another finding from literature reviewed is that communication, engagement and evaluation are
very important, especially for the purposes of avoiding irreparable damages and failure to deliver

84 | P a g e
products or services timeously and with the expectation of the customer. Communication should
form a fundamental part of executive employee and operational employee relationship. This is not
the case in service organisations based on the results of the data gathered. The gap in terms of
knowledge and understanding of processes in relation to quality and risk management between
executive employee and operational employee is evidenced by the results of the data gathered in
light of clause 5.2 of ISO 31000:2009 standard which stipulates that external and internal
communication and consultation that is straightforward should be in place in order to ensure that
operational employees and executive employees responsible for implementing the risk
management process understand the basis on which decisions are made as well as the explanations
of particular actions that are required.

The results of data analysis and literature conducted revealed that executive employees in all three
service organisations have sound knowledge and skills in quality and risk management. This was
further supported by their understanding and application of new developments like ISO 9001:2015.
In these service organisations however, junior employees and operational employees displayed
limited knowledge of quality and risk management although some of them have skills in
implementing the systems that are used to manage quality in their respective areas. Their inability
to link the two subjects implied lack of academic background, training and development in the
fields.

In addition, the data analysis and literature reviewed demonstrated that in some of the organisations
the lack of an integrated quality management with risk management has an adverse consequence
that result in inadequacies. Furthermore, data analysis and literature reviewed revealed that a skills
gap exists. This particular finding is supported by a participant who identified that there are a lot
of gaps in terms of adequate skills in relation to knowledge.

The identification of risks that is not done well is highlighted as another finding in this research.
The results of the data analysis also revealed that there are various constraints to risk management,
namely:

 Limited planning,
 Information,
 People,

85 | P a g e
  Money,
 Resources,
 Inadequate skills and capacity,
 Knowledge management,
 People’s attitudes, and
 Old infrastructure.

6.4 RESEARCH QUESTION

Research question is indicated as follows:

What are the most influential factors, pertaining to risk management, that have an adverse effect
on the quality management system in selected service organisations in the Western Cape?

Based on the conclusions obtained from the key research findings of the research conducted it was
found that the absence of certain elements in an operational risk management framework has an
adverse effect on quality management system in selected service organisations in the Western
Cape.

6.5 RECOMMENDATIONS

The following recommendations are made as a result of the research conducted according to the
investigative questions:

6.5.1 Investigative question 1

What are the primary differences seen in risk management systems of selected service
organisations in the Western Cape?
 People,
 Skills,

86 | P a g e
  Experience and,
 Competence.

6.5.2 Investigative question 2

What are the primary areas of the quality management system that are adversely affected by poor
risk management?
 Executive employees,
 Operational employees and,
 Risk owners.

6.5.3 Investigative question 3

What is the result of inadequate risk management system that impacts on the quality
management system?
 Documentation of all processes and procedures will not be in place.
 Appropriate resources for knowledge management systems and information will not be
allocated.
 Organisations will miss the opportunity to afford all people at all levels opportunities to
training programmes.
 Relevant information will not be communicated appropriately and will not be available at
appropriate levels and times.

6.5.4 Investigative question 4

What are the reasons for inadequate risk management system in the selected service
organisations in the Western Cape?
 Non commitment by management to communicate the benefits of risk management to all
stakeholders.
 Lack of integration of risk management into all of the organisation’s processes in a way
that all people at all levels can identify and understand its relevance, effectiveness and
efficiency.

87 | P a g e
6.5.5 Investigative question 5
How can excellence in risk management in a quality management system be achieved?
 Framework for managing risk must be developed to improve services ensuring that
decision making, including the development and setting of objectives is aligned with the
outcomes of risk management processes.
 The risk management framework must be monitored and reviewed to ensure that it is
effective.
 The risk management framework must be improved continually in order to improve the
risk management of the organisation and its risk management culture.

6.6 RISK MANAGEMENT FRAMEWORK

Risk management framework for service organisations in the Western Cape

Risk Evaluation

Integration
Policies and objectives

Continuously improve
Monitor and evaluate

Perception

Risk Factors

Constraints

Other Factors

88 | P a g e
The organisation’s objectives were the most important factors of the design of the above risk
management framework. This statement corresponds with McLinden et. al. (2010:101)’s finding
that central element of any risk management framework should be clear statements of the
organisation’s objectives, together with an identification of risks to be managed. Furthermore, the
design of this framework was based on the themes that emerged from the interviews that were
conducted. The themes were carefully considered because they are believed to be very important
as they can affect the ongoing implementation of the framework.

The implementation process of the framework has to be documented. This claim reflects the view
of McLinden et. al. (2010:101) who highlights that a major aspect of any risk management
framework is the need to document the process.

Customers and represantatives of senior management are expected to be involved in all stages of
the process and engage for evaluation purposes because the success of the risk management
framework is dependant on their involvement. This view is supported by Kemp, Schotter and
Witzel (2012:118), who expressed their belief that success depends on the involvement of
customers and the engagement to evaluate the existing approach in order to plan how, where and
when enhancements will be made.

The objectives of this research were to firstly, evaluate the current risk management practices.
Secondly, to determine executive employee and operational employee perception on risk
management within the quality management. Thirdly, to identify factors affecting current system
resulting in inadequacies. Fourthly, to evaluate the inadequacies in the risk management system
within the quality management system. Lastly, to develop an improved plan to direct the necessary
changes to current risk management system.

The first objective was met by asking the participants about their knowledge of the changes
between the ISO 9001:2008 and ISO 9001:2015. Also participants were asked how much risk
management was integrated into the quality management system in their organisations. These two
questions led to the evaluation of current risk practices within quality management system of
selected service organisations in the Western Cape.

89 | P a g e
The second objective was met by asking the participants what their perception was of risk
management within their quality management.

The third objective was met by establishing the factors that affect the risk management system
resulting in adequacies. Participants were asked firstly, what it is that they are doing well in terms
of risk management in their quality management. Secondly, they were asked what they thought
could be done better in terms of risk management in their quality management. Thirdly, they were
asked about the constraints that they had to risk management within their quality management.
Fourthly, the participants were asked about other factors that influence the risk management in
their quality management system.

Meeting these three objectives paved a way to meeting objectives four and five which were to
evaluate the inadequacies in the risk management system in the selected service organisations in
the Western Cape and developing an improved plan for changes to current risk management
system respectively.

6.7 CONCLUSION

The purpose of service organisations is to provide services or products to their customers. The
type of services and products that the service organisation must provide should be of high quality
standard for the purposes of ensuring that the customers are satisfied at all levels. In order for the
service organisation to deliver services or products of good quality, it is of utmost importance that
they comply with the quality and risk management standards.

In this research study three organisations were selected within the Western Cape with a focus
directed at their risk management system. These service organisations were selected on the basis
of their reputation in the providence of services. The organisations are Power Group (Engineering
and Construction), the Department of Water Affairs (DWA) and the City of Cape Town (CCT).
The three organisations have a quality management system in place with a strong emphasis on risk
management system with the intention to improve their services continuously ensuring customer
satisfaction.

90 | P a g e
The services that the three selected service organisations provide to their customers include water,
sanitation, electricity and roads and they provide services to their customers considering
customer’s expectations and perceptions.

The combination of literature and results of the research allowed the researcher to believe that
there are three elements that cannot be separated if service organisations wanted to see changes or
improvements in their quality and risk management system. The three elements are time, cost and
quality. It is impossible to produce a very good quality product if risk is not managed accurately.

The researcher is of the opinion that if the three elements; time, cost and quality are not managed
well; it will be impossible to deliver a product at a particular time with expected results.

91 | P a g e
6.8 BIBLIOGRAPHY
Abuhav, I. 2017. ISO [Link] A complete guide to Quality Management Systems. New York:
CRC Press

Al- Hakim, L. 2006. Changes of managing information quality in service organisations. London:
Idea group publishing

Al-Thani, F.F. & Merna, T. 2008. Corporate risk management. England: John Wiley & Sons, Ltd

Aven, T. & Renn, O. 2010. Risk Management and Governance: Concepts, Guidelines and
Applications. London: Springer

Babbie, E. 2013. The practice of Social Research. United States: Cengage Learning

Baggs, M. & Clubine S. 1996. Steps in the research process. Canada: S&S learning materials
limited

Bellamy, C. & Perry 6. 2012. Principles of Methodology: Research design in social science.
London: Sage Publications Ltd

Beroggi, G & Wallace. W. A. 2012. Operational risk management: The integration of decision,
communication and multimedia technologies. New York: Springer Science & Business Media

Bhattacharyya, D. K. 2006. Research Methodology. New Delhi. Excel Books

Biehl, R. E. 2016. Data Warehousing for biomedical informatics. New York: CRC Press

Blokdijk, G. 2015. Quality Management System: Simple steps to win, insights and opportunities
for maxing out success. United States: Emereo Publishing

Blunden, T & Thirlwell, J. 2013. Mastering operational risk: A practical guide to understanding
operational risk and how to manage it. United States: Pearson

Borodovsky, L & Lore, M. 2000. Professional’s Handbook of Financial Risk Management.

Woburn: Reed educational and professional publishing Ltd 2000

Botten, N. & McManus J. 1999. Competitive strategies for service organisations. Indiana:
Purdue University Press

Boyle, T. 2015. Health and Safety: Risk Management. New York: Routledge

Broad, J. 2013. Risk Management Framework: A lab-based approach to securing Information

Systems. United States: Syngress

CCPS. 2016. Guidelines for integrating management systems and metrics to improve process
safety performance. United States: Wiley Publishers
92 | P a g e
Chaturvedi, P. 2007. Occupational satety, Health & Environment and Sustainable Economic
Development. New Delhi: Concept publishing company

City of Cape Town. 2015. City of Cape Town [Online] Available from:
[Link]
[Link] [Accessed 20 March 2015]

Cianfrani, C. A., Tsiakals, J. J., & West, J. E. 2009. ISO 9001:2008 Explained. United States:
ASQ Quality Press

Cleary, S. & Malleret, T. 2006. Resilience to Risk: Business success in turbulent times. South
Africa: Human & Rousseau

Coady, J. (2010). Continuous improvement in the English classroom. United States of America.
American Society for Quality

Cochran, C. 2015. ISO 9001:2015 in plain english. United States: Paton

Committee for Oversight and Assessment of U.S. Department of Energy Project Management.
(2005). The owner’s role in Project Risk Management: National Research Council. Washington,
DC: The National Academies Press

Cooper, C.L & Bowles, D. 2009. Employee Morale: Driving Performance in Challenging Times.
United States: Palgrave Macmillan

Covello, V.T., Menkes, J. & Mumpower, J. 2012. Risk Evaluation and Management. New York:
Springer Science & Business Media

Cowell, F & Levins M. 2015. Crisis Wasted Leading Risk Managers on Risk Culture. United
States: Wiley Publishers

Creswell, J. W. 2013. Research Design: Qualitative, quantitative, and mixed methods

approaches. Washington DC: Sage

Creswell, J.W. 2014. Research Design: Qualitative, quantitative, and mixed methods approaches.
Washington DC: Sage

Cretu, O., Stewart, R.B. & Berends T. 2011. Risk Management for Design and Construction.
United States: Wiley Publishers

Daniel, J. 2011. Sampling Essentials: Practical guidelines for making sampling choices.
Washington DC: Sage

Dcsi. 2015. Risk management framework. [Link] data/assets/pdf

file/0008/9782/[Link] [Accessed 30 December 2015]

93 | P a g e
Department of Water Affairs. 2015. Department of Water Affairs [Online] Available from:
[Link] [Accessed 24 December 2015]

Douglas, V. 2010. Operational behaviours and continuous improvement in national

communications systems. United States: Create Space Independent Publishing Platform

Drennan, L., McConnell, A. & Stark, A. 2014. Risk and crisis management in the public sector.
Australia: Taylor & Francis

Edwards, L. (1995). Practical risk management in the construction industry. London: Thomas
Telford Publications

Edwards, P. & Bowen, P. 2013. Risk management in project organisations. New York:
Routledge

Flick, U. 2013. The Sage Handbook of Qualitative Data Analysis. London: Sage Publications Ltd

Flick, U. 2015. Introducing researching methodology: A beginner’s guide to doing a research

project. Washington DC: Sage

Friberg, R. 2015. Managing Risk and Uncertainty: A Strategic Approach. United States: MIT
Press

Friesen, B.K. 2010. Designing and conducting your first interview project. United States: Wiley
Publishers

Fulton, J.S., Lyon, B.L. & Goudreau, K. A. 2014. Foundations of clinical nurse specialist
practice. New York: Springer Publishing Company

Gerard, S. 2013. Research Design: Creating robust approaches for the social sciences.
Washington DC: Sage

Gibson, D. 2014. Managing Risk in information systems. Burlington: Jones & Bartlett

Gift, R.G. & Mosel, D. 1994. Benchmarking in Health Care: A collaborative approach. AHA

Gillett, J., Simpson, P., & Clarke, S. 2015. Implementing ISO [Link] Thrill your customers
and transform your cost base with the new gold standard for business management. United States:
Infinite Ideas Limited

Girling, P.X. 2013. Operational Risk Management: A complete guide to a successful operational
risk framework. United States: Wiley Publishers

Gitlow, H.S. 2001. Quality Management Systems: A practical guide. United States: CRC Press

94 | P a g e
Glendon, I & Clarke S. 2015. Human Safety and Risk Management: A psychological perspective.
United States: CRC Press

Graham, J. & Kaye, D. 2015. A risk management approach to business continuity: Aligning
business continuity with corporate governance. United States: Rothstein Publishing

Grbich, C. 2012. Qualitative data analysis: An introduction. Washington DC: Sage

Green,Jr. J.P. 2006. Determining the reliability and validity of Service Quality scores in a public
library context: A confirmatory approach. United States: Capella University

Grigorousdis, E. & Siskos Y. 2014. Customer satisfaction evaluation: Methods for measuring and
implementing service quality. New York: Springer Science & Business Media

Hampton, J. J. 2009. Fundamentals of enterprise risk management: How top companies assess
risk. Manage exposure, and seize opportunity. United States: Amacom

Hardy, K. 2015. Enterprise risk management: A guide for government professionals. San
Francisco: Jossey-Bass

Hardy, K. 2014. Enterprise risk management: a guide for government professionals. United
States: Wiley Publishers

Harris, M.G. 2005. Managing health services: Concepts and practice. Australia: Elsevier

Heldman, K., Baca, C. M., & Jansen, P.M. 2007. PMP project management professional exam
study guide. United States: Wiley Publishers

Heldman, K. 2005. Project manager’s spotlight on risk management. London: Harbor light
press

Hernon, P. & Whitman, J. R. 2001. Delivering satisfaction and service quality: A customer-
based approach for libraries. London: American Library Association

Hill, M, G. 2009. Methodology and Toolkit. The complete project management methodology and
toolkit. New York: CRC Press

Hillson, D. 2016. The risk management handbook. United States: Kogan Page Publishers

Hillson, D. 2012. Managing risk in projects. United States: Gower Publishing Limited

Ho, S. K. M. 1999. Operations and Quality Management. United States: An international

Thomson publishing company.

Hoffman, D.G. 2002. Managing operational risk: 20 firmwide best practice strategies. United
States: Wiley Publishers
95 | P a g e
Holbeche, L. 2006. Understanding Change: Theory, Implementation and Success. United States:
Elsevier Ltd

Hong Kong Institute of Bankers. 2013. Operational risk management. United States: Wiley
Publishers

Hopkin, P. 2012. Fundamentals of Risk Management: Understanding, evaluating and

implementing. United State: Kogan Page Publishers

Houser, W.F. & Poirier, C.C. 1993. Business partnering for continuous improvement: How to
forge enduring alliances among employees, suppliers & customers. San Francisco: Berrett-
Koehler Publishers

Hoyle, D. 2009. ISO 9000 Quality Systems Handbook: Using the Standards as a Framework for
business improvement. United States: Elsevier Ltd

Hoyle, D. 2009. ISO 9000 Quality Systems Handbook: Using the Standards as a Framework for
business improvement. United States: Elsevier Ltd

Hughes, M. & Wearing, M. 2007. Organisations and Management in Social Work. London:
Sage Publications Ltd

Hughes, P. & Ferret, E. 2015. Introduction to health and safety in construction: For the NEBOSH
National Certificate in Construction Health and Safety. New York: Routledge

Hull. 2015. Risk Management and Financial Institutions. United States: Wiley Publishers

Hull, J.C. 2014. The evaluation of risk in business investment. United States: Pergamon Press

Huss, M.T. 2009. Forensic Pyschology: Research, clinical practice and applications. United
States: Wiley Publishers

IMA. 2015. Wiley CMAexcel: Learning system exam review. United States: Wiley Publishers

Imler,K. 2006. Get It Right: A guide to strategic quality. Wisconsin: American Society for
Quality Press

John, S. 2006. Interviewing and Representation in Qualitative Research. United States: Open
University Press

Joint Commission Resources. 2008. Tools for performance measurement in Health Care: A
quick reference guide. United States: Joint Commission Resources

Jupp, V & Sapsford, R. 2006. Data Collection and Analysis. New Delhi: Sage Publication

96 | P a g e
Kano, N. & Lillrank, P.M. 1989. Continuous Improvement: Quality control circles in Japanese
Industry. University of Michigan: University of Michigan Press

Kehoe, R. & Jarvis, A. 2012. ISO 9000-3: A tool for software product and process improvement.
New York: Springer Science & Business Media

Kemp, J., Schotter, A. & Witzel, M. 2012. Management frameworks: Aligning strategic thinking
and execution. New York: Routledge

Kendrick, T. 2012. Results without authority: Controlling a project when the team doesn’t report
to you. United States: Amacom

Kendrick, T. 2015. Identifying and managing project risk: Essential tools for failure-proofing
your project. United States: Amacom
King, N & Khan, R. A. 2012. Governance, risk, and compliance: Handbook for oracle
applications. United States: Packt Publishing
Knight, F.H. 2002. Risk, uncertainty and profit. Washington DC: Beardbooks

Kondalkar, V.G. 2009. Organisation Development. India: New Age International

Kothari, C.R. 2004. Research Methodology: Methods and Techniques. India: New Age
International

Kumar, R.C. 2008. Research Methodology. New Delhi: APH Publishing Corporation

Kumar, R. 2014. Research Methodology: A step-by-step guide for beginners. Washington DC:
Sage

Kvale, S. 2008. Doing Interviews. Singapore: Sage Publications

Kvale, S. 2007. Doing Interviews. United States: Sage Publishers

Lam, J. 2014. Operational Risk Management: From Incentives to Controls. United States: Wiley
Publishers

Lam, J. 2014. Enterprise risk management. United States: Wiley Publishers

Lambert, S. & Moser-Mercer, B. 1994. Bridging the Gap: Empirical Research in Simultaneous
Interpretation. United States: John Benjamins publishing company

Lapan, S.D., Quartaroli, M.T. & Riemer, F.J. 2012. Qualitative Research: An introduction to
methods and designs. San Francisco: Jossey-Bass

Linneman, R.E & Stanton, J.L. 1995. Marketing planning in a total quality environment. United
States: The Haworth Press

97 | P a g e
Lusthaus, C., Adrien, M., Anderson, G., Carden, F. & Montalvan, G.P. 2002. Organisational
Assessment: A framework for improving performance. Canada: International Development
Research Centre

Mackey, A & Gass, S.M. 2015. Second Language Research: Methodology and Design. New
York: Routledge

Masters, K. 2014. Nursing theories. A framework for professional practice. Mississippi: Jones
& Bartless Publishers

McLinden, G., Fanta, E., Widdowson D. & Doyle, T. 2010. Border management
modernisation. United States: The World Bank

Mears,P. & Voehl.F. 1995. The executive guide to implementing Quality Systems. United States:
St Lucie Press

Moeller, R.R. 2011. Enterprise risk management. Establishing effective governance, risk, and
compliance processes. United States: Wiley Publishers

Monks, R.A.G., Minow, N. 2011. Corporate Governance. United States: Wiley Publishers

Moorthy, V. 1987. CMMI implementation guide: A practitioner’s perspective. India:

Createspace Independent Publisher

Moss, D.A. 2004. When all else fails: Government as the ultimate risk manager. United States:
Havard University Press

Mulligan, M.V. 2010. Becoming the best in our field: Team unit leader’s plan. New York:
iUniverse

Myburgh, D.J. 2010. ISO 31000Rx: The risk management index: A guide to benchmarking risk
management practices in organisations using an organisation development approach. United
States: Lulu Publishers

Nanda, V. 2016. Quality management system handbook for product development companies.
United State: CRC Press

Nankervis, A. 2005. Managing Services. New York: Cambridge University Press

Natarajan, D. 2017. ISO 9001 Quality Management Systems. Management and Industrial
Engineering. Switzerland: Springer

National Treasury. 2016. Department of National Treasury. [Online]. Available from:

[Link] [Accessed 30 March 2016]

98 | P a g e
National Safety Council. 2014. Risk perception: Theories, strategies, and next steps. [Online]
Available from: [Link] [Accessed 15 June 2016].

OECD. 2015. Frascati Manual 2015: Guidelines for collecting and reporting data on research
and experimental development. Paris: OECD Publishing

OECD. 2015. The measurement of scientific, technological and innovation activities:

Guidelines for collecting and reporting data on research and experimental development. Paris:
OECD Publishing

Oliver, P. 2010. The Student’s guide to research ethics. United States: Open University Press

Olson, D.L., & Wu, D. 2010. Enterprise risk management models. New York: Springer
Publishing Company

O’ Toole, M. 2001. The relationship between employees’ perceptions of safety and organisational
culture. 33 (2002): 231-243, November 2001

Patton, M.Q. 2014. Qualitative research & evaluation methods: Integrating theory and practice.
Washington DC: Sage

Parker D. & Handmer J. 2013. Hazard Management and Emergency Planning: Perspectives in
Britain. New York: Routledge

Parker, C. 2012. Where I am led: A service exploration workbook. Hubbardston: Alfred Press

Passenheim, O. 2010. Enterprise risk management. United States: Ventus Publishing

Patel, S. 2015. The Global Quality Management System: Improvement through systems thinking.
United States: CRC Press

Pellettieri, M. 2015. Quality Management: Essential planning for Breweries. United States:
Brewers Publications

Perez, R. J. 2012. Quality risk management in the FDA-Regulated Industry. United States: ASQ
Quality Press

Peterson, B., Nussel, M. & Hamer, M. 2014. Quality and Risk Management in Agri-Food
Chains. Netherlands: Wageningen Academic Publishers

Philpott, D. R. & Gantz, S. D. 2012. FISMA and the Risk Management framework. United States:
Syngress

Power Group. 2015. Power Group. [Online]. Available from: Http://[Link]/about-

us/ [Accessed 24 December 2015]

99 | P a g e
Purushothama, B. 2014. Implementing ISO 9001:2015. India: Woodhead Publishing

Qi Ershi., Shen J., & Dou R. 2015. Proceedings of the 22nd International Conference on
Industrial Engineering and Engineering Management 2015: Core Theory and Applications of
Industrial Engineering (Volume 1). China: Atlantis Press

Reuvid, J. 2005. Managing business risk: A practical guide to protecting your business. United
States: Kogan page limited

ReVelle, J.B. 2002. Manufacturing Handbook of Best Practices: An innovation, productivity,

and Quality Focus. United States: CRC Press

Ricci, O. 2014. Corporate governance in the European insurance industry. New York: Springer
Science & Business Media

Richter, W. L. & Burke, F. 2007. Combating corruption, encouraging ethics: A practical

guide to management ethics. United States: Rowman & Littlefield Publishers. INC

Rocha-Lona, L., Garza-Reyes., J. A., & Kumar, V. 2013. Building quality management
systems: Selecting the right methods and tools. United States: CRC Press

Rohrmann, B. 2008. Risk perception, risk attitude, risk communication, risk management: a
conceptual appraisal. [Online] Available from: [Link] [Accessed
15 June 2016].

Roll, E. 2013. An early experiment in industrial organization. United States: Frank Cass &
Company Limited

Roller, R. M & Lavrakas, P.J. 2015. Applied qualitative research design. A total quality
framework approach. New York: The Guilford press

Rossie, C. 2014. Fundamentals of risk management. United States: Wiley Publishers

Rumane, A. R. 2016. Quality management in construction projects. United States: CRC Press

SABS. 2017. SABS. [Online]. Available from: [Link] [Accessed 01 February

2017]

Sadgrove, K. 2015. The complete guide to business risk management. New York: Routledge

Saldana, J. 2015. The coding manual for qualitative researchers. United States: Sage
Publishers

Schlickman, J. J. 2003. ISO 9001:2000 Quality management systems design. London: Artech
House

100 | P a g e
Segal, S. 2011. Corporate value of enterprise risk management. The next step in business
management. United States: Wiley Publishers

Singhal, D & Singhal, K.R. 2012. Implement ISO9001:2008 Quality Management System: A
reference guide. New Delhi: PHI Learning Pvt. Ltd

Som, K.R. 1996. Practical Sampling Techniques. New York: CRC Press

Som, O. 2012. Innovation without R&D: Heterogeneous innovation patterns of non- R&D-
Performing firms in the german manufacturing industry. United States: Springer Publishing
Company

Spencer, P.J. 2013. Effective Communication. United States: Lulu Publishers

Steinberg, R. M. 2011. Governance, risk management, and compliance: It can’t happen to us –

avoiding corporate disaster while driving success. United States: Wiley Publishers

Steve, M. 2013. Public service improvement: policies, progress and prospects. New York:
Rutledge

Stevens, J., Jeynes, V., Cotena, E. 2006. Managing risk: The HR Contribution. United States:
LexisNexis

Stoll, M. 2016. Risk management and management control systems: Similarities and
differences. Hamburg: Anchor Academic Publishing

Sumser, J. 2001. A guide to empirical research in communication. Rules for looking.

Washington DC: Sage

Talbot, C. 2010. Theories of performance: Organisational and service improvement in the

public domain. United States: Oxford University Press

Thomas, M. 2013. Effects of poor communication in an organization: Case of Kenya Seed

Company. Germany: Grin

Tricker, R. 2016. ISO 9001:2015 in brief. New York: Routledge

Vallabhaneni, R. S. 2015. Wiley CIAecxcel exam review 2015, part 2: internal audit practice.
United States: Wiley Publishers

Valsamkis, A. C., Vivian, R. W., & Du Toit, G. S. 2010. Risk Management: Strategy, theory
and practice. United States: RIRG

Walton, D. 2010. Appeal to expert opinion: Arguments from authority. United States: Penn
state press

101 | P a g e
Whitehead, G. 2013. Organisation and administration for business. New York: Routledge

Willborn, W. 1989. Quality management system: A planning and auditing guide. New York:
Industrial press inc

Young, J. 2014. Operational risk management: The practical application of a qualitative

approach. Pretoria: Van Schaik Publishers

Youngberg, B. J. 1996. The risk manager’s desk reference. United States: Aspen Publishers

Zeithaml, V.A. 2010. Delivering Quality Service. New York: The free Press

102 | P a g e