Next Article in Journal
A Hybrid Fault Tree–Fuzzy Logic Model for Risk Analysis in Multimodal Freight Transport
Previous Article in Journal
Assessing Digital Performance of Public Services in the EU: E-Governance and Technology Integration
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Systems
Volume 13
Issue 6
10.3390/systems13060427
systems-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

The Degree of Risk Management Implementation in Enterprises in the Slovak Republic

by
Alexander Kelíšek
*,
Jana Studená
,
Katarína Buganová
and
Mária Hudáková
Faculty of Security Engineering, University of Žilina, Univerzitná 8215/1, 010 26 Žilina, Slovakia
*
Author to whom correspondence should be addressed.
Systems 2025, 13(6), 427; https://doi.org/10.3390/systems13060427
Submission received: 17 April 2025 / Revised: 28 May 2025 / Accepted: 30 May 2025 / Published: 2 June 2025
(This article belongs to the Section Systems Theory and Methodology)
Versions Notes

Abstract

Categorization of enterprises by size provides a fundamental understanding of the composition of the business environment. Small, medium-sized, and large enterprises play a significant role in the national economy through the execution of specific business activities. In their pursuit of enhancing the efficiency of individual business processes and mitigating the risks associated with these activities, enterprises may implement various ISO standards, including quality management, environmental management, occupational health and safety (OSH), or corporate social responsibility (CSR) systems. The sources published to date do not clearly explain the mutual relationship that arises when implementing multiple ISO standards that prioritize different activities within a single enterprise. This gap is particularly evident in the context of small enterprises, which often do not have the obligation or capacity to implement ISO standards. This study addresses this research gap by identifying the relationship between implemented ISO standards, priority activities in the risk management process, and the person responsible for these activities. The objective of this article is to examine the relationship of dependency between specific ISO standards and the priority activity in risk management. Furthermore, the study seeks to determine whether the degree of implementation of ISO standards influences the selection of the person responsible for risk management. Additionally, it examines whether dependence exists between the priority activity in risk management and the specific person responsible for risk management. The authors provide statistical hypothesis testing based on data from a nationwide survey conducted across all enterprise size categories. The results obtained from this study confirm the presence of a dependency between the degree of ISO standards implementation and the priority activity in risk management across all enterprise size categories. However, a statistically significant dependency between the degree of implementation of ISO standards and the person responsible for risk management was not confirmed in large companies. The dependency between the selection of the person responsible for risk management and the priority activity in risk management was confirmed only in small enterprises.

1. Introduction

The global business environment is currently affected by various economic threats and risks that can lead to economic downturns, supply chain disruptions, cyber-attacks, operational interruptions, etc. In response to the turbulent changes in the business environment, it is important for organizations to ensure the sustainability of their activities and increase the resilience of their systems [1]. In order to improve their safety culture, organizations should consider what they can do in terms of prevention to reduce the negative impact of these risks by improving their management systems. Implemented ISO standards also play an important role in effective quality, environmental, occupational health and safety, and social responsibility systems. We place great emphasis on the use of ISO 31000:2018 [2] and the implementation of a risk management process with regard to risk prevention.
Private, public, and non-profit organizations differ in the objectives they pursue in their operations, but the activities of each involve undertaking and mitigating risks. Risk can pose a threat to the achievement of goals; therefore, managing an organization means managing risk in a way that maximizes the likelihood of achieving objectives. Organizations thus build a risk management culture and, within it, develop a system where the risk management process is effective in maximizing goals. Risk management is a major challenge for leaders and a key component of strategic management [3,4,5,6,7,8,9,10,11]. The authors of this paper have previously addressed the issue of SMEs in the Slovak business environment. Based on surveys conducted, they identified the most significant risks negatively affecting the business environment of SMEs [12]. In several published outputs, they concluded that there are differences between SMEs in risk management, which are caused by the type of management, as well as the age and size of SMEs [13]. These differences can be significantly influenced by implementing risk management in accordance with international standards and other management systems [14]. The results of their empirical research emphasize the need to focus on assessing key risks and their sources in SMEs in Slovakia [15].

2. Analysis of Theoretical Background

Several authors emphasize the importance of effective risk management in organizations in order to support decision-making aimed at gaining competitive advantage. Achieving this advantage depends on the organization’s ability to face and adapt to a complex environment. Enterprises face risks with direct and indirect impacts from the environment [1]. Consequently, many experts adopt risk management under the shared belief that it contributes value to their organizations [16,17,18].
In addition to the decision-making process aimed at minimizing the occurrence and/or consequences of uncertain negative future events, risk management can be understood as a proactive process. This involves identifying, analysing, and evaluating potential risks, and planning the necessary responses to monitor and manage them [19].
Regarding the risk management process based on ISO 31000:2018 [2], it follows a logic similar to the COSO Enterprise Risk Management Framework. This method, known as enterprise risk management, provides a robust, data-driven, and economic view of risks and ensures that their impact is communicated at all levels of the organization [20]. However, holistic management of various risks requires a well-managed system [21]. Those who use the risk management model based on ISO 31000:2018 subsequently find it easier to integrate the risk management process within organizations if they have already implemented other ISO management systems (quality, environment, energy, anti-bribery) [22].
The risk management process based on ISO 31000:2018 is considered an iterative process that includes the following steps: (1) defining the scope, context, and criteria, (2) risk assessment (including risk identification, risk analysis, and risk evaluation), (3) risk treatment, (4) recording and reporting, (5) monitoring and review, and (6) communication and consultation [2]. The standard defines risk management as “coordinated activities to direct and control an organization with regard to risk,” with risk defined as “the effect of uncertainty on objectives”. The objective of the risk management process is to systematically and effectively integrate risk-related tasks into the overall activities of the organization. When properly designed and implemented, a risk management framework ensures that this process is embedded in all activities of the organization, including decision-making [2,23,24].
Creating context establishes key risk management parameters and defines the scope and criteria that govern the entire process, including decision-making. Risk identification involves determining the sources of risk by recognizing and describing hazards, threats, potential failures, and undesirable events associated with a system or activity [2]. Risk assessment aims to provide information to support risk management and related decision-making processes [25]. Risk analysis and risk assessment are among the most challenging aspects for many organizations, as they require an assessment of the ability to identify risks, often within complex systems. Risk criteria must be consistent with the overall risk management framework and tailored to the specific purpose and scope. These criteria should reflect the organization’s values, objectives, and available resources, and should be consistent with its risk management policies and statements [24]. Within the accepted international risk assessment framework [2], there are two components of risk: likelihood (probability of occurrence) and consequence (severity if the impact occurs). On the other hand, risk assessment is focused on providing information for risk treatment and the associated decision-making [23]. In the following paragraphs, we describe the individual ISO management systems, focusing specifically on ISO 9001:2015—Quality Management Systems [26]; ISO 45001:2018—Occupational Health and Safety Management Systems [27]; ISO 14001:2015—Environmental Management Systems [28]; and ISO 26000:2010—Social Responsibility [29].
ISO 9001:2015—Quality Management Systems (QMS) is a complex process that involves continuous adaptation and improvement [30]. In accordance with existing research [31,32,33], the need for a continuous search for innovative approaches to improve QMS is obvious. Several authors [34,35,36,37] emphasize that the key to effective QMS is proactive risk-based thinking. The implementation of risk management has a direct impact on the effectiveness of QMS [38]. Thereby, organizations ensure continuous improvement of their systems and minimize the negative impacts of potential risks on the quality of products and services.
Through risk assessment, potential process failures can be proactively identified and thus quality deficiencies can be prevented [39]. It points to the direct link between risk assessment and increased operational efficiency [40], ensuring customer satisfaction and compliance with international quality standards.
In the field of OSH, enterprises must meet the legal requirements as a matter of priority, but at the same time they implement management systems for more effective compliance with all safety rules and the achievement of the enterprises’ objectives. The OSH management system is an integral part of the overall management of the enterprise, involving the development of a strategic OSH concept, risk management in accordance with international standards and management practices [41]. One of the options for managing risks in the area of occupational health and safety management system is the approach outlined in ISO 45001:2018—Occupational Health and Safety Management Systems: Requirements with guidance for use [42]. The systematic identification of hazards and effective risk management are essential elements in ensuring OSH in workplaces [43,44]. Regular internal and external audits play an important role in this process, enabling the identification of deficiencies in the OSH system and contributing to the timely elimination of potential risks [45]. Several authors [46,47,48,49] point out the criteria that are important in assessing the consequences of risks in OSH management in an enterprise, e.g., human health, psychosocial aspects, ergonomics, estimation of adverse health risks that are displayed through financial expenditures, etc. The process of risk reduction should include systematic measures, starting from the elimination of hazards, to their replacement by less risky processes, materials or equipment [42]. The results of these studies indicate that it is essential for small, medium-sized, and large enterprises to adopt a proactive approach to risk management and to continuously improve the level of safety in the working environment through preventive measures and the systematic use of modern risk management tools.
An environmental management system represents a planned and coordinated set of management activities, processes, and documentation aimed at environmental protection [50]. This system is an integral part of the overall management of an organization and requires the progressive elimination of activities and products with adverse impacts on ecosystems [51]. Scientific research in the field of environmental management points to the growing need for effective environmental risk management, especially in industrial enterprises. Effective environmental risk management is crucial to ensure a company’s compliance with environmental legislative and regulatory requirements [52,53]. Environmental risk management is a prerequisite for sustainable business development and long-term environmental protection [54,55]. It is important to develop a systematic approach to assessing environmental threats in order to take effective remedial action to mitigate these risks. This is facilitated by ISO 14001:2015 Environmental Management Systems: Requirements with guidance for use [28], the concept of which is based on the principle of risk-based thinking, which enables organizations to systematically identify, analyse, assess, and mitigate environmental risks [56]. The results of these studies point to the necessity of implementing a comprehensive environmental risk management system to effectively mitigate environmental damage while eliminating the economic losses associated with environmental incidents in enterprises.
In today’s business environment, organizations are increasingly expected to operate in a socially responsible manner [57]. Integrating risk management into socially responsible business practices is essential for organizations trying to navigate the complexities of today’s business environment [58,59]. The ISO 26000 standard provides a comprehensive framework for social responsibility and guides organizations in addressing their impacts on society and the environment. Managing corporate social responsibility (CSR) risks according to ISO 26000 is a key to ensuring the long-term sustainability and credibility of an organization. The standard includes principles to help organizations identify, assess, and manage risks related to the social, environmental, and economic aspects of their operations. ISO 26000 recommends a continuous improvement approach, where organizations regularly review and update their risk management practices in response to changing social and environmental conditions [60].
The above-mentioned ISO standards were included in the questionnaire survey due to their practical use in covering a wide range of business risks. Their implementation can have a significant positive impact on business entities. In future follow-up research, the four standards we have selected could be supplemented, for example, by ISO 27001:2022 Information Security Management [61], or ISO 37001:2025 Anti-bribery Management Systems [62], which would create a broader context for examining this issue.
From the above, it is clear that each ISO standard prioritizes different activities in the risk management process [63]. The ISO 31000:2018 standard specifies that the risk assessment process consists of risk identification, analysis, and evaluation. Subsequently, measures are taken to reduce risks and monitor them [2]. Also, for each management system it is advisable to choose its own approach in terms of selecting the responsible person.
Based on the sources studied and the surveys conducted, the authors identified a research gap particularly evident in the context of small enterprises, which often do not have the obligation or capacity to implement ISO standards. Previous findings do not clearly explain the relationship that arises when implementing multiple ISO standards that prioritize different activities within a single enterprise. This study therefore addresses this research gap by examining the relationship between implemented ISO standards, priority activities in the risk management process, and the person responsible for these activities. Based on this problem, which stems from the identified research gap, we formulated the following research question:
RQ: What is the relationship between the implemented ISO standards, priority activities in the risk management process, and the person responsible for these activities?
From this research question, we derived research hypotheses, which we tested using contingency. Data for testing the hypotheses were obtained through questionnaire inquiry. We then proceeded to investigate the degree of dependence between the implementation of ISO standards, the priority activity in the risk management process, and the person responsible for risk management. In the Results section we summarize the results of the statistical investigation, and we implement these in the Discussion section into recommendations for practice and draw general conclusions.

3. Materials and Methods

The main objective of the research is to examine a relationship between the implemented ISO systems and the size of the enterprise, between the staff responsible for risk management and the priority activity in risk management, and also between the implemented ISO systems and the priority activity in risk management.

3.1. Research Hypotheses

For the purpose of our investigation, we formulated the following hypotheses, which we subsequently tested:
H0 (1).
There is no statistically significant dependence between the degree of implementation of ISO standards and the priority activity in risk management.
H1 (1).
There is a statistically significant dependence between the degree of implementation of ISO standards and the priority activity in risk management.
H0 (2).
There is no statistically significant dependence between the degree of implementation of ISO standards and the person responsible for risk management.
H1 (2).
There is a statistically significant dependence between the degree of implementation of ISO standards and the person responsible for risk management.
H0 (3).
There is no statistically significant dependence between the selection of the person responsible for risk management and the priority activity in risk management.
H1 (3).
There is a statistically significant dependence between the selection of the person responsible for risk management and the priority activity in risk management.

3.2. Questionnaire Inquiry

Quantitative data were obtained through the questionnaire “Integrated Risk Management”, which was conducted by the MEDIAN Agency in the period 2/2022 to 2/2023. The target sample consisted of small, medium-sized, and large enterprises with 10 or more employees on the territory of the Slovak Republic. The questionnaire consisted of a set of 15 questions.
For the purpose of our article, we chose the basic question No.1 Your enterprise is classified by the number of employees among (a) small enterprises (10 to 49 employees); (b) medium-sized enterprises (50 to 249 employees); (c) large enterprises (more than 250 employees). Then we used question No.4 Which of the above management systems do you have in place in your enterprise? Respondents could choose from the following answers: (a) Quality Management System according to ISO 9001:2015; (b) Environmental Management System according to ISO 14001:2015; (c) Occupational Health and Safety (OSH) Management System according to ISO 45001:2018; (d) International Standard ISO 26000 Social Responsibility; (e) We have all three integrated management systems ISO 9001, ISO 14001, ISO 45001; (f) We have not implemented any of the above-mentioned systems. Question No.6 Who is responsible for risk management in your company? The answers were formulated as follows: (a) the owner of the enterprise; (b) a designated manager from the top management; (c) the owners of the main processes in the enterprise (quality manager, HSE); (d) a specialist in the position of risk manager (e.g., risk analyst); (e) an external organization (OSH, HSE); (f) we do not have a designated person for risk management. The last question we reflected on was question No.8 Which of the main risk management activities do you pay most attention to in your enterprise? Respondents had the possibility to choose from the following answers: (a) risk identification (determining the sources and causes of risks); (b) risk analysis (determining the probability of occurrence and the severity of consequences); (c) risk evaluation (prioritizing and determining the level of acceptability of risks); (d) preparation of measures (to reduce risks or to prevent undesired events); (e) monitoring and reviewing risks; (f) we pay equal attention to all activities.
Question 1 was used to categorise enterprises by size, as we wanted to investigate differences in the various sizes of enterprises. Questions 4, 6, and 8 were subjected to a statistical examination of interdependence through the use of contingency. Given the nature of the data (nominal variables), the following methods were used to evaluate the dependencies between the variables: contingency table, chi-square test of independence, and contingency coefficient (Cramer’s V test).

3.3. Research Characteristics

The strength of the research stems from its innovative approach to examining priority activities resulting from the implementation of ISO standards in companies. Based on the authors’ findings to date and an analysis of the published literature, we identified a research gap, which led us to formulate a research question. We consider the answer to the research question and the verification of hypotheses to be the greatest contribution of this study.
The survey was conducted in the specific environment of the Slovak national economy; therefore, its reinterpretation in international conditions may be limited. The implementation of integrated risk management has been present in the economic environment for a long time, so our research may not be fully up to date at present, and we are also aware of the need to supplement the information in the future to capture changes in the implementation of risk management processes.
Respondents answered the questions presented in relation to their job roles and job responsibilities; therefore, their responses are representative of the process of implementing risk management in a particular enterprise. The greatest limitation of the research is the restrictive generalization of the findings beyond the specific environment of the Slovak economy.
The research was conducted in accordance with ethical principles. Data collection was anonymous and with the informed consent of the respondents. The data were used only for the purpose of this research and were not shared with third parties. Section 4 will discuss the evaluation of the results of the statistical investigation.

4. Results

Business entities in Slovakia are distributed across all sectors, dominated by sectors such as trade, construction, and services. Regionally, the highest concentration of businesses is in economically stronger areas such as the Bratislava region, which is due to better infrastructure and access to markets in these regions. As in other countries, businesses in Slovakia have to cope with the changes brought by technological progress in different areas of society. In addition to the automation of production processes, this includes digitalization in various areas of business and the general need for innovation. An integral part of innovation processes is the implementation of international ISO standards into the decision-making processes of enterprises.
The basis for the statistical investigation is the data obtained from the questionnaire “Integrated Risk Management”, conducted by the MEDIAN Agency in the period 2/2022–2/2023. The statistical survey was carried out among enterprises with 10 or more employees. According to the European Commission Recommendation 2003/361/EC on the categorization of enterprises by size, these are small, medium-sized, and large enterprises. According to the Slovak Business Agency, the following numbers of relevant enterprises were present in the period under review.
Based on the data from the Slovak Business Agency, presented in Table 1, we calculated the necessary statistical sample size of 376 enterprises at the significance level of 0.05.

4.1. Descriptive Statistics

In the initial statistical investigation, we examined the extent to which each size category of enterprise implements the international ISO standards. In Table 2, we used the relative frequencies of responses to questions No.1 and No.4 in the questionnaire.
Small enterprises most often have no ISO standard implemented (0.189). If a small enterprise has decided to implement ISO standards, the most common is ISO 9001:2015 (0.096) followed by combination of ISO 9001:2015, ISO 14001:2019, and ISO 45001:2018 (0.088), or ISO 45001:2018 applied separately (0.082).
The proportion of medium-sized enterprises with no implemented ISO standards is lower (0.061), indicating a higher level of certification compared to small enterprises. The most common is combination of standards ISO 9001:2015, ISO 14001:2019, and ISO 45001:2018 (0.061). Frequently implemented standards are ISO 45001:2018 (0.059) and ISO 9001:2015 (0.056).
Although large enterprises are the smallest in absolute numbers, they have the lowest proportion of non-certified enterprises within their category (0.019). They are most likely to implement a combination of ISO 9001:2015, ISO 14001:2019, and ISO 45001:2018 (0.045), with ISO 14001:2019 and ISO 45001:2018 having similar proportions (0.021 and 0.019, respectively).
Overall, the probability of implementing ISO standards increases as the size of the enterprise increases and the proportion of enterprises without certification decreases. The largest number of enterprises (0.194) have implemented a combination of the three ISO standards, while ISO 45001:2018 alone is the most prevalent (0.160).
In Table 3, we then examined who is responsible for risk management in enterprises by size category, using the relative frequencies of responses to questions No.1 and No.6 in the questionnaire.
In small enterprises, risk management is most often provided by the owner of the enterprise (0.141), by a designated senior manager (0.122), or by the owners of the main processes (0.114). External organizations are used quite often in small enterprises (0.122). Risk management specialists are represented marginally (0.027).
Risk management specialists (0.048) and owners of core processes (0.104) are more involved in medium-sized enterprises compared to small enterprises. The business owner is minimally involved in risk management (0.013). There is a fairly even representation of the senior manager in charge (0.122), similar to small businesses. External organizations are used less (0.037).
In large enterprises, the owners of the main processes are most often responsible for risk management (0.069), followed by the designated top manager (0.019). Risk management specialists have a higher representation (0.021), but significantly lower compared to medium-sized enterprises.
Overall, direct risk management by owners dominates in small enterprises, specialists are more involved in medium-sized enterprises, and in large enterprises it is mainly the owners of the main processes and the designated managers who take responsibility. External organizations are mainly used in small enterprises, with a minimal share in medium-sized and large enterprises.

4.2. Examining the Dependencies Between Implemented Management Systems and Priority Risk Management Activities Using Contingency (Questions No.4 and No.8)

In the following subsection, we examine whether the implementation of a particular ISO standard in business processes has an impact on the selection of priority activities in the enterprise risk management process. To investigate the dependence, we use the contingency method.
Contingency Table 4 shows the dependence between the implemented ISO systems and the priority activity in the risk management process in small enterprises.
From Table 4, it can be observed that ISO 45001 has the strongest impact on risk identification, confirming its focus on occupational health and safety. ISO 9001 proved to be crucial for risk analysis, while ISO 14001 has the greatest impact on risk monitoring. Interestingly, ISO 26000 has the most significant impact on the preparation of measures, indicating that this standard is important for small enterprises to implement specific solutions to reduce risks. The combination of ISO 9001, ISO 14001, and ISO 45001 has a strong synergistic effect, especially in the area of risk analysis. On the other hand, enterprises without an implemented ISO system show the highest values in risk identification, which may indicate that these enterprises rely on informal risk management methods. Table 5 shows the dependency parameters.
The chi-square value of 43.066 is higher than the critical value of 37.652 for a significance level of 0.05. This means that there is a statistically significant association between the implemented ISO systems and the priority activity in the risk management process. Based on these data, we can confidently state that there is a significant relation between the variables. The low p-value (0.013) confirms that there is a statistically significant association between the implemented management systems and the priority activity in the risk management process. The Cramer’s V test value of 0.203 indicates a rather weaker association between the variables.
Contingency Table 6 shows the relation between implemented ISO systems and priority activity in the risk management process in medium-sized enterprises.
From Table 6, it can be observed that ISO 14001 has a dominant influence on risk evaluation, highlighting its focus on environmental aspects and identification of potential environmental risks. ISO 9001 has emerged as key for risk analysis, confirming its focus on processes and quality. ISO 45001 has the most significant impact on risk identification, which is consistent with its focus on occupational health and safety. Interestingly, ISO 26000 has a strong influence on risk monitoring, suggesting that this standard is important for medium-sized enterprises to monitor and evaluate the effectiveness of risk reduction measures. The combination of ISO 9001, ISO 14001, and ISO 45001 has a strong synergistic effect, especially in the area of risk analysis. Table 7 shows the dependency parameters.
The chi-square value of 39.552 is higher than the critical value of 37.652 for a significance level of 0.05. This means that there is a statistically significant association between the implemented ISO systems and the priority activity in the risk management process. Based on these data, we can confidently state that there is a significant relation between the variables. A p-value (0.032) below the significance level also confirms that the relationship between implemented management systems and priority activity in the risk management process is not random. The Cramer’s V test value of 0.255 indicates a rather weaker association between the variables.
Contingency Table 8 shows the relation between implemented ISO systems and priority activity in the risk management process in large enterprises.
Table 8 shows that ISO 14001 is important for risk identification, which highlights the importance of environmental management in these organizations. ISO 9001 dominates the risk analysis, which is consistent with its focus on process efficiency and quality. ISO 45001 maintains a strong position in risk identification, confirming the importance of occupational health and safety in large organizations. The combination of ISO 9001, ISO 14001, and ISO 45001 strengthens risk analysis, which shows the synergistic benefits of an integrated management system. Table 9 shows the dependency parameters.
The chi-square value of 39.905 is higher than the critical value of 31.410 for a significance level of 0.05. This means that there is a statistically significant relation between the implemented ISO systems and the priority activity in the risk management process. Based on these data, we can confidently state that there is a significant relation between the variables. A p-value (0.005) less than the significance level confirms that the relationship between implemented management systems and priority activity in the risk management process is not random. The Cramer’s V test value of 0.421 indicates a moderately strong association between the variables.

4.3. Examining the Dependencies Between the Implemented Management Systems and the Person Responsible for Risk Management Using Contingency (Questions No.4 and No.6)

In the following section, we examine whether the implementation of a particular ISO standard in business processes has an impact on the selection of the person responsible for risk management in an enterprise. We use the contingency method to investigate the dependence.
Contingency Table 10 analyses the relationship between implemented ISO systems and the person responsible for risk management in small enterprises.
Most small enterprises that do not have any ISO system implemented do not even have a designated person responsible for risk management. On the contrary, in enterprises with multiple ISO standards (ISO 9001, ISO 14001, ISO 45001), the most common responsible person is the owner of the main processes, such as the quality, environmental, or occupational health and safety manager. Table 11 shows the dependency parameters.
The chi-square test results show a significant relation between the variables (100.602), as this value significantly exceeds the critical chi-square value (37.652). The low p-value, i.e., the probability distribution value of the responses (4.96969 × 10−11), confirms that the relationship between the implementation of ISO systems and the person responsible for risk management is not random. The degree of association using Cramer’s V test (0.310) indicates a moderately strong association between the variables. This means that the implementation of ISO standards in small enterprises depends on who is responsible for risk management.
Contingency Table 12 shows the relationship between implemented ISO standards and the person responsible for risk management in medium enterprises.
The largest share of medium-sized enterprises without an established management system does not have designated person responsible for risk management. In enterprises with multiple ISO standards (ISO 9001, ISO 14001, ISO 45001), the most common responsible person is the owner of the main processes, such as the quality, environmental, or occupational health and safety manager. Table 13 shows the dependency parameters.
The chi-square test value (49.370) exceeds the critical chi-square value (31.410), indicating that there is a statistically significant relation between the variables. The p-value (2.72403 × 10−04) is well below the significance level of 0.05, which confirms that the relation is not random. Cramer’s V test (0.284) indicates a moderately strong association between the variables. This implies that the introduction of ISO standards in medium-sized enterprises influences the selection of the person responsible for risk management, although this influence is not extremely strong.
Contingency Table 14 shows the relationship between the implemented ISO systems and the person responsible for risk management in large enterprises.
It can be observed from Table 14 that the most common person responsible for risk management in large enterprises is a designated manager from top management, and this is the case for all types of ISO standards. In the case of ISO 45001:2018, this category is even significantly dominant. On the other hand, it is least common for risk management to fall under the business owner. It is also interesting to observe that an external organization (HSE) is most often responsible for implementation of ISO 26000, suggesting that this is an area in which enterprises often use outsourcing. Table 15 shows the dependency parameters.
The chi-square value (23.340) is lower than the critical value of 31.410 for a significance level of 0.05. The p-value of 0.272 is higher than 0.05. This means that there is a statistically insignificant association between the implemented ISO systems and the person responsible for risk management. Based on these data, we cannot say with certainty that there is a significant relation between the variables. The Cramer’s V test value of 0.322 rather indicates a weaker association between the variables.

4.4. Examining the Dependencies Between the Responsible Officer and the Priority Risk Management Activity Using Contingency (Questions 6 and 8)

In the following section, we examine whether the selection of the person responsible for enterprise risk management has an impact on the prioritization of activities in the enterprise risk management process. We use the contingency method to investigate the dependence.
Contingency Table 16 shows the relationship between person the responsible for risk management and the prioritization of activities in the risk management process in small enterprises.
Table 16 shows that the business owner plays a key role in risk monitoring and risk identification, reflecting his direct involvement and insight into the operation of the business. The specialist is the most involved in risk monitoring, indicating that in small enterprises, expertise is mainly used at this stage of risk management. Interestingly, the external organization is most involved in risk identification, which may indicate that small enterprises use external resources for objective risk evaluation. The delegated manager is most involved in risk evaluation, suggesting that in small enterprises this task is delegated to managers. Overall, the results confirm that in small enterprises, risk management is often directly linked to the owner or delegated to managers, with the expertise of specialists and external organizations being used mainly in specific phases of risk management. Table 17 shows the dependency parameters.
The chi-square value of 63.516 is higher than the critical value of 37.652 for a significance level of 0.05. This means that there is a statistically significant association between risk management personnel and priority activity in the risk management process. Based on these data, we can confidently state that there is a significant relation between the variables. The low value of the probability distribution of the responses (3.3684 × 10−05) confirms that the relation between the person responsible for risk management and the priority activity in the risk management process is not random. The Cramer’s V test value of 0.247 indicates a rather weaker association between the variables under study.
Contingency Table 18 shows the relation between the person responsible for risk management and the priority activity in the risk management process in medium-sized enterprises.
Table 18 shows that the designated manager plays a key role in risk evaluation, reflecting his responsibility for strategic decisions and risk evaluation. Process owners are the most involved in risk analysis, indicating that in medium-sized enterprises the emphasis is on expertise and direct involvement in risk analysis. Interestingly, the specialist is most involved in risk evaluation, which may indicate that medium-sized enterprises use the expertise of specialists in the final stage of risk assessment. On the other hand, the preparation of measures is most closely associated with the owner of the business, which may indicate that in medium-sized enterprises this phase of risk management is often associated with the owner’s decisions. The external organization is most involved in risk monitoring, suggesting that medium-sized enterprises use external resources for objective risk monitoring. Overall, the results confirm that in medium-sized enterprises, risk management is distributed among different responsible persons depending on the specific phase of risk management, using both internal and external resources. Table 19 shows the dependency parameters.
The chi-square value of 25.236 is lower than the critical value of 31.410 for a significance level of 0.05. This implies that there is no statistically significant association between the person responsible for risk management and the priority activity in the risk management process. Based on these data, we cannot say with confidence that there is a significant relation between the variables. This is confirmed by the higher value of the probability distribution of the responses (0.193), which means that there is a statistically insignificant association between the person responsible for risk management and the priority activity in the risk management process in medium-sized enterprises. The Cramer’s V test value of 0.203 indicates a rather weaker association between the variables.
Contingency Table 20 shows the relation between risk management responsible person and priority activity in the risk management process in large enterprises.
Table 20 shows that the designated manager plays a key role in risk identification and overall risk management, reflecting his responsibility for the implementation and oversight of risk processes. Process owners and specialists are the most involved in risk evaluation, indicating that the emphasis is on expertise and direct involvement in risk evaluation. On the other hand, the preparation of measures is most associated with the business owner. This may indicate that in large enterprises, this phase of risk management is often linked to the owner’s decisions. The external organization is most involved in risk monitoring, suggesting that large enterprises use external resources for objective risk monitoring and evaluation. Table 21 shows the dependency parameters.
The chi-square value of 12.280 is lower than the critical value of 31.410 for a significance level of 0.05. This means that there is a statistically insignificant association between the person responsible for risk management and priority activity in the risk management process. In other words, based on these data, we cannot say with confidence that there is a significant relation between the variables. The Cramer’s V test value of 0.234 indicates a rather weaker association between the variables.

5. Discussion

Based on descriptive statistics using the relative frequencies of questionnaire responses, we found that the proportion of enterprises without an ISO standard in place decreases as the size of the enterprise increases. This means that the tendency to implement risk management systems rises with increasing enterprise size. Most enterprises have a combination of three ISO standards in place (ISO 9001, ISO 14001, and ISO 45001). The most widely used single standard is ISO 45001:2018. In small enterprises, risk management is most often handled by the business owner; in medium-sized enterprises, specialists are more involved; and in large enterprises, responsibility is primarily taken over by owners of the main processes and designated managers. External organizations are mainly used in small enterprises.
The responses showed that the most common priority activities in the risk management process vary depending on the size of the enterprise. In small enterprises it is risk identification, in medium enterprises they prefer risk evaluation, and in large enterprises they prefer preparation of measures. This may be due to the fact that small enterprises have limited resources and therefore focus on core activities such as risk identification. Medium-sized enterprises already have more resources and can therefore focus on more complex activities such as risk evaluation. Large enterprises can therefore focus on preparing the most resource-intensive measures.
It is also interesting to note that the least frequent priority activity in the risk management process is risk monitoring. This may be due to the fact that risk monitoring is time consuming and requires constant attention. It is also possible that enterprises believe that once they have identified and evaluated risks, they do not need to monitor them.
Last but not least, it has been shown that the most common persons responsible for risk management vary depending on the size of the enterprise. In small enterprises it is the owner of the enterprise, in medium-sized enterprises it is the specialist, and in large enterprises it is the designated manager. This may be due to the fact that in small enterprises the business owner is often the only one with sufficient knowledge and experience to manage risk. In medium-sized enterprises, there are already specialists who can deal with risk management. In large enterprises, risk management is so complex that it requires a designated manager.
In the previous section, we examined the following dependencies through contingency:
  • Dependence between the degree of ISO standards implementation and the priority activity in risk management (Questions No.4 and No.8).
  • Dependence between the degree of ISO standards implementation and the responsible person for risk management (Questions No.4 and No.6).
  • Dependence between the selection of the person responsible for risk management and the priority activity in risk management (Questions No.6 and No.8).
Based on the results of the chi-square test and Cramer’s V test, we found that in large enterprises, the dependence between implemented ISO systems and the responsible employee for risk management was not confirmed. There is a statistically significant dependence between the variables examined in the other cases. Further, the dependency between the responsible person and the priority risk management activity in medium-sized and large enterprises was not confirmed. In Table 22 can be seen whether the hypotheses were accepted or rejected.
Based on the results of the chi-square test and Cramer’s V test, we can say that there is dependence between the variables. We were able to confirm hypothesis H1 (1) for all size categories of enterprises. We confirmed hypothesis H1 (2) for small and medium-sized enterprises, while we rejected it for large enterprises. We were able to confirm hypothesis H1 (3) only for small enterprises, while we accepted the null hypothesis for medium-sized and large enterprises.
For hypothesis H1 (1), we found that the most common priority activity in the risk management process in small enterprises is risk identification, and this is the case for all types of ISO standards. In the case of ISO 45001:2018, this category is even significantly dominant. This is because effective implementation of risk management in OSH contributes not only to the reduction of occupational injuries and illnesses, but also to the optimization of business processes and the increase of overall productivity [66]. It is recommended to apply a checklist to identify hazards, which allows a more comprehensive assessment of the work environment and to direct the risk evaluation also to less serious risks [67]. The integration of modern technologies such as the Fine and Kinney method [68] contributes to the improvement of hazard identification. Emphasis is given to the development of unified risk register and clearly defined occupational risk criteria [69].
It is also interesting to observe that preparation of measures is the most frequent priority activity for ISO 26000, suggesting that small enterprises place more emphasis on prevention and risk minimization in this area. In medium-sized enterprises for ISO 45001:2018, risk identification is the most frequent priority activity. For other types of ISO standards, the most common priority activity in the risk management process is risk evaluation. On the other hand, it is least common for medium-sized enterprises to focus on risk monitoring. It is also interesting to observe that risk analysis is the most frequent priority activity for ISO 9001:2015 and ISO 14001:2019, suggesting that in these areas, medium-sized enterprises place more emphasis on detailed risk evaluation. Continuous monitoring and risk evaluation is a prerequisite for maintaining high quality standards [38]. A thorough analysis of processes and the utilization of appropriate risk management tools play a crucial role, as they enable us to minimize potential threats and enhance process efficiency [40].
In large enterprises, the preparation of measures is the most frequent priority activity in the case of ISO 45001:2018. For other monitored ISO standards, risk identification is the most common priority activity in the risk management process. On the other hand, large enterprises least often focus on risk monitoring. It is also interesting that risk analysis is the most frequent priority activity for ISO 9001:2015 and ISO 14001:2019, suggesting that in these areas, large enterprises place greater emphasis on detailed risk evaluation. Specifically, regarding the need to implement an environmental management strategy, several authors propose a new classification of environmental risk factors, emphasizing their impact on the enterprise, probability of occurrence, and management options [70]. When identifying environmental risks, they recommend to correctly identify key factors, proposing a two-tier risk management model to ensure complete risks control and monitoring [71]. Alternatively, they propose a risk management approach that is based on an information system for the corporate management of compliance with environmental regulations [72].
For hypothesis H1 (2), we found that most small businesses that have no ISO system implemented do not even have a designated person responsible for risk management. We recommend that enterprises considering the implementation of ISO systems should pay sufficient attention to the risk management process. The implementation of ISO systems can help enterprises to improve their risk management process and minimize potential risks. On the contrary, in enterprises with multiple ISO standards (ISO 9001, ISO 14001, ISO 45001), the person most often responsible is the owner of the main processes, such as the quality, environmental, or occupational health and safety manager. The largest share of medium-sized enterprises without an implemented management system does not have a specific person responsible for risk management. In enterprises with multiple ISO standards (ISO 9001, ISO 14001, ISO 45001), the most frequent responsible person is the owner of the main processes, such as the quality, environmental, or OSH manager. In large enterprises, the person responsible for risk management is most often a manager from top management, for all types of ISO standards. In the case of ISO 45001:2018, this category is even significantly dominant. On the other hand, it is least common for risk management to be the responsibility of the business owner.
It is also interesting to observe that an external organization (OSH, HSE) is most often in charge of risk management for ISO 26000, indicating that companies often use external services in this area. ISO 26000 promotes the integration of social responsibility into existing management systems, allowing for a holistic approach to risk management that includes ethical considerations alongside traditional business risks [73]. This importance is echoed by a number of authors who argue that it is important to ensure the integration of social responsibility into core management processes, thereby enabling organizations to mitigate the risks associated with their operations and stakeholder interactions [74,75]. It is important that organizations correctly identify potential risks related to social responsibility, including environmental degradation and social inequalities, which may affect their reputation and operational viability [76]. It is the need to involve stakeholders in the risk management process, ensuring that their concerns and expectations are taken into account, that can lead to more effective risk mitigation strategies [77]. Addressing CSR risks is not just about preventing negative outcomes, but enterprises can improve their reputation, ensure compliance, improve financial performance and competitiveness, and contribute to sustainable development [78,79]. The results from these studies point to a proactive approach to risk management in CSR that can significantly reduce the likelihood of reputational damage and financial losses to corporations, leading to more resilient and successful businesses. We recommend that businesses pay sufficient attention to the selection of the responsible person for risk management. The responsible person should have sufficient knowledge and experience in risk management and should be able to communicate effectively with other employees. In this case, one of the recommendations is to create a committed team to develop appropriate guidelines to enable successful risk management [80]. Therefore, it is recommended to identify the context of the organization to understand the operating area in which risk management will be applied, taking into account its stakeholders, resources and organizational culture. Only this way can risk management be developed to respond adequately to specific challenges. Enterprises that have already implemented ISO systems are recommended to regularly review their risk management process and identify areas for improvement. It is important for enterprises to be proactive in risk management and continuously work to improve their processes.
For hypothesis H1 (3), we found that the most common priority activity for process owners in small businesses is risk monitoring. For other types of process managers in small businesses, the most common priority activity in the risk management process is risk identification. On the other hand, it is least common for small businesses to focus on preparing actions. Small businesses are therefore recommended to pay more attention to the preparation of measures to minimize risks. The results of the study showed that small enterprises focus most on identifying risks but less on preparing measures. It is also interesting to observe that business owners focus most on identifying and monitoring risks, suggesting that these are the areas where small businesses place the most emphasis on risk prevention and minimization. In medium-sized enterprises, risk identification is the most frequent priority activity for owners of main processes. For other types of responsible persons, risk evaluation is the most frequent priority activity in the risk management process. It is also interesting to observe that the designated manager focuses most on risk evaluation, suggesting that this is the area where medium-sized enterprises focus most on risk assessment. In large enterprises, for process owners, the most frequent priority activity is the preparation of measures. Other types of responsible persons have risk identification as the most frequent priority activity in the risk management process. On the other hand, large enterprises are least likely to focus on risk monitoring. It is also interesting to observe that the designated manager focuses most on risk identification, suggesting that this is the area where large enterprises focus most on risk prevention and minimization. Large enterprises are advised to pay more attention to risk monitoring. The results of the study showed that large enterprises are the least focused on risk monitoring.
The results of this study have several important implications for practice which arise from the answer to the research question. First of all, they confirm that the implementation of ISO systems has a positive impact on the risk management process in enterprises. Enterprises with implemented ISO systems tend to pay more attention to risk identification, analysis, and evaluation. Furthermore, the results show that the selection of the responsible person for risk management is an important factor for successful risk management. In their research, the authors of [19] confirm that ISO standards can be applied in risk management systems in many ways, depending on the nature of the operation and business needs. Their results confirm that risk management is becoming increasingly important to businesses and is becoming an integrated part of management systems. The results of their study show that it can be difficult to assess the effectiveness of risk management, even when the risk management system is ISO certified. Certification is no guarantee of the ability to identify and assess all relevant risks in business operations.
Continuous monitoring and risk assessment is a prerequisite for maintaining high quality standards [38]. Other authors come to a similar conclusion, pointing to the key role of detailed process analysis and the use of appropriate risk management tools in minimizing potential threats and increasing process efficiency [40]. It is therefore essential not only to implement risk reduction measures, but also to regularly evaluate their effectiveness [81,82]. The results of these studies show that it is necessary to ensure early identification of potential risks, take proactive measures, and thus contribute to increasing customer satisfaction and ensuring the long-term competitiveness and success of the enterprise.

6. Conclusions

Risk management is crucial for all size categories of enterprises because every organization, regardless of its size, faces a variety of internal and external risks that can threaten its objectives and existence. Small businesses often have limited resources. Therefore, effective risk management can mean the difference between survival and extinction for them. Medium-sized enterprises that are in a growth phase need to manage the risks associated with expansion and innovation to ensure sustainable growth. Large enterprises operating in a complex and global environment face extensive risks such as financial risks, operational risks, supply chain risks, and reputational risks that require sophisticated risk management systems. Regardless of size, effective risk management enables enterprises to identify potential threats, assess their impact, and take action to minimize them, thereby increasing their resilience and ability to achieve their strategic objectives.
This study has answered the research question about the relationship between implemented ISO standards, priority activities in the risk management process, and the person responsible for these activities, and confirms the existence of a statistically significant dependence in the examined issue. The answer to the research question must be formulated in relation to the established hypotheses, taking into account the classification of enterprises into small, medium-sized, and large. The relationship between the implemented ISO standards, the person responsible for risk management, and the priority activities in the risk management process was fully confirmed only in small enterprises. In medium-sized enterprises, no relationship was confirmed between the selection of the person responsible for risk management and the priority risk management activity. In large enterprises, only the relationship between the implementation of ISO standards and the priority risk management activity was confirmed. The results of the study have several important implications for practice and can help companies to improve their risk management process. Key areas of risk management research include risk assessment methods [83], enterprise risk management (ERM), and systems integration, considering ISO 31000:2018 as a valuable tool. Future research should prioritize long-term studies to track the impact of ISO 31000:2018, study effective risk communication strategies, investigate industry-specific risk management practices, and assess the application of ISO 31000:2018 in emerging technologies [84].
The integration of ISO standards enables organizations to effectively manage risks in different areas. This leads to improved decision-making and in turn has an impact on the overall resilience of the organization. Implementing a combination of multiple ISO standards reduces redundancy in some processes and documentation, which in turn leads to operational efficiencies and cost savings. Individual standards set best practices that enhance the quality of products and services. We see the integration of ISO standards as an opportunity for organizations to manage risk through a holistic approach by identifying a diverse set of potential risks.

Author Contributions

Conceptualization, A.K., J.S., K.B. and M.H.; methodology, A.K. and J.S.; software, A.K.; validation, A.K. and J.S.; formal analysis, K.B. and M.H.; investigation, K.B. and M.H.; data curation, M.H., K.B., A.K. and J.S.; writing—original draft preparation, A.K., J.S., K.B. and M.H.; writing—review and editing, A.K. and J.S.; visualization, A.K. and J.S.; supervision, K.B. and M.H.; project administration, K.B. and M.H.; funding acquisition, K.B. and M.H. All authors have read and agreed to the published version of the manuscript.

Funding

Publication of this paper was supported by The Grant System of the University of Žilina: O-21-109/0013-03 “Integrated risk management as an effective tool for increasing safety”, by The Grant Agency of the Ministry of Education, Research, Development and Youth of the Slovak Republic—KEGA K034ŽU-4/2023: “Implementation of the results of scientific research into the teaching process and the creation of new study materials in II. degree in the Crisis Management study program”, and by The Grant Agency of the Ministry of Education, Research, Development and Youth of the Slovak Republic—VEGA 1/0743/25: “Increasing sustainability and value of companies through process risk management”, by The Grant Agency of the Ministry of Education, Research, Development and Youth of the Slovak Republic.

Data Availability Statement

All data are presented in the study.

Conflicts of Interest

The authors declare no conflicts of interest. The views expressed, however, are solely those of the authors and not necessarily those of the institutions with which they are affiliated or of their funding sources. The authors are solely responsible for any errors or omissions.

Abbreviations

The following abbreviations are used in this manuscript:
ISOInternational Organization for Standardization
OSHOccupational Health and Safety
CSRCorporate Social Responsibility
COSOCommittee of Sponsoring Organizations of the Treadway Commission
ISO 31000:2018Risk Management
ISO 9001:2015Quality Management Systems
ISO 45001:2018Occupational Health and Safety Management Systems
ISO 14001:2015Environmental Management Systems
ISO 26000Social Responsibility
QMSQuality Management Systems
HSEHealth, Safety, and Environment
ERMEnterprise Risk Management

References

  1. Sidorova, E.; Kostyukhin, Y.; Korshunova, L.; Ulyanova, S.; Shinkevich, A.; Ershova, I.; Dyrdonova, A. Forming a Risk Management System Based on the Process Approach in the Conditions of Economic Transformation. Risks 2022, 10, 95. [Google Scholar] [CrossRef]
  2. ISO 31000:2018; Risk Management—Guidelines. International Organization for Standardization: Geneva, Switzerland, 2018.
  3. Lalonde, C.; Boiral, O. Managing Risks through ISO 31000: A Critical Analysis. Risk Manag. 2012, 14, 272–300. [Google Scholar] [CrossRef]
  4. Baird, I.S.; Thomas, H. Toward a Contingency Model of Strategic Risk Taking. Acad. Manag. Rev. 1985, 10, 230–243. [Google Scholar] [CrossRef]
  5. Lerbinger, O. The Crisis Manager: Facing Risk and Responsibility: Lerbinger, Otto: Free Download, Borrow, and Streaming. Available online: https://archive.org/details/crisismanagerfac0000lerb (accessed on 14 March 2025).
  6. Pearson, C.M.; Clair, J.A. Reframing Crisis Management. Acad. Manag. Rev. 1998, 23, 59–76. [Google Scholar] [CrossRef]
  7. Power, M. (PDF) The Risk Management of Everything. J. Risk Financ. 2004, 5, 58–65. [Google Scholar] [CrossRef]
  8. Fischbacher-Smith, D.; Fischbacher-Smith, M. (PDF) The Changing Nature of Risk and Risk Management: The Challenge of Borders, Uncertainty and Resilience. Risk Manag. 2009, 11, 1–12. [Google Scholar] [CrossRef]
  9. Boholm, Å. On the Organizational Practice of Expert-Based Risk Management: A Case of Railway Planning|Request PDF. Risk Manag. 2010, 12, 235–255. [Google Scholar] [CrossRef]
  10. Boholm, Å.; Corvellec, H.; Karlsson, M. The Practice of Risk Governance: Lessons from the Field. J. Risk Res. 2012, 15, 1–20. [Google Scholar] [CrossRef]
  11. Domańska-Szaruga, B. Maturity of Risk Management Culture. Entrep. Sustain. Issues 2020, 7, 2060–2078. [Google Scholar] [CrossRef]
  12. Hudakova, M.; Masar, M.; Luskova, M.; Patak, M.R. The Dependence of Perceived Business Risks on the Size of Smes. J. Compet. 2018, 10, 54–69. [Google Scholar] [CrossRef]
  13. Buganová, K.; Hudáková, M.; Šimíčková, J.; Mošková, E. Disparities in the Implementation of Risk Management in the SMEs. Systems 2023, 11, 71. [Google Scholar] [CrossRef]
  14. Buganova, K.; Simickova, J. Increasing the Competitiveness of Enterprises Through the Implementation of Risk Management in the Context of the Industry 4.0 Concept. In Proceedings of the Vplyv Industry 4.0 na Tvorbu Pracovnych Miest, Trencin, Slovakia, 21 November 2019; Kordos, M., Ed.; Alexander Dubcek University: Trencin, Slovakia, 2020; pp. 79–86. [Google Scholar]
  15. Hudakova, M.; Dvorsky, J. Assessing the Risks and Their Sources in Dependence on the Rate of Implementing the Risk Management Process in the SMEs. Equilibrium 2018, 13, 543–567. [Google Scholar] [CrossRef]
  16. Willumsen, P.; Oehmen, J.; Stingl, V.; Geraldi, J. Value Creation through Project Risk Management—CBS Research Portal. Available online: https://research.cbs.dk/en/publications/value-creation-through-project-risk-management (accessed on 14 March 2025).
  17. Dias, G.C.; Leal Junior, I.C.; Oliveira, U.R. Supply Chain Risk Management at Seaport Container Terminals. Gest. Prod. 2019, 26, e4900. [Google Scholar] [CrossRef]
  18. Dias, G.C.; Hernandez, C.T.; de Oliveira, U.R. Supply Chain Risk Management and Risk Ranking in the Automotive Industry. Gest. Prod. 2020, 27, e3800. [Google Scholar] [CrossRef]
  19. Mabrouki, C.; Bentaleb, F.; Mousrij, A. A Decision Support Methodology for Risk Management within a Port Terminal. Saf. Sci. 2014, 63, 124–132. [Google Scholar] [CrossRef]
  20. da Silva Etges, A.P.B.; Grenon, V.; de Souza, J.S.; Neto, F.J.K.; Felix, E.A. ERM for Health Care Organizations: An Economic Enterprise Risk Management Innovation Program (E2RMhealth Care). Value Health Reg. Issues 2018, 17, 102–108. [Google Scholar] [CrossRef]
  21. Malik, M.F.; Zaman, M.; Buckby, S. Enterprise Risk Management and Firm Performance: Role of the Risk Committee. J. Contemp. Account. Econ. 2020, 16, 100178. [Google Scholar] [CrossRef]
  22. Bercovici, A.; Bercovici, E.G.; Maftei, M. Applying a risk management model in intellectual property management. Calitatea 2019, 20, 56–60. [Google Scholar]
  23. Aven, T.; Krohn, B.S. A New Perspective on How to Understand, Assess and Manage Risk and the Unforeseen. Reliab. Eng. Syst. Saf. 2014, 121, 1–10. [Google Scholar] [CrossRef]
  24. Björnsdottir, S.H.; Jensson, P.; Thorsteinsson, S.E.; Dokas, I.M.; de Boer, R.J. Benchmarking ISO Risk Management Systems to Assess Efficacy and Help Identify Hidden Organizational Risk. Sustainability 2022, 14, 4937. [Google Scholar] [CrossRef]
  25. Santos, R.; Oliveira, U. Analysis of Occupational Risk Management Tools for the Film and Television Industry. Int. J. Ind. Ergon. 2019, 72, 199–211. [Google Scholar] [CrossRef]
  26. ISO 9001:2015 (en); Quality Management Systems—Requirements. International Organization for Standardization: Geneva, Switzerland, 2015. Available online: https://www.iso.org/obp/ui/#iso:std:iso:9001:ed-5:v1:en (accessed on 14 March 2025).
  27. ISO 45001:2018. Available online: https://www.iso.org/standard/63787.html (accessed on 14 March 2025).
  28. ISO 14001:2015(En); Environmental Management Systems—Requirements with Guidance for Use. International Organization for Standardization: Geneva, Switzerland, 2015. Available online: https://www.iso.org/obp/ui/#iso:std:iso:14001:ed-3:v1:en (accessed on 14 March 2025).
  29. ISO 26000:2010. Available online: https://www.iso.org/standard/42546.html (accessed on 14 March 2025).
  30. Gremyr, I.; Lenning, J.; Elg, M.; Martin, J. Increasing the Value of Quality Management Systems. IJQSS 2021, 13, 381–394. [Google Scholar] [CrossRef]
  31. Simchenko, N. Quality management system fundamentals at enterprises. Actual Probl. Econ. 2012, 171–175. [Google Scholar]
  32. Putyatina, L.M.; Tikhonov, G.V.; Lavrova, L.A.; Arsenyeva, N.V. Questions for Improving the Quality of Machine - Building Enterprises Workforce Management in Post - Crisis Conditions. TEM J. 2020, 1543–1549. [Google Scholar] [CrossRef]
  33. Guirette-Barbosa, O.A.; Castañeda-Burciaga, S.; Ramírez-Salazar, M.A.; Cruz-Domínguez, O.; Carrera-Escobedo, J.L.; Velázquez-Macías, J.d.J.; Lara-Torres, C.G.; Celaya-Padilla, J.M.; Durán-Muñoz, H.A. Transforming Quality into Results: A Multivariate Analysis with Hotelling’s T2 on the Impact of ISO 9001. Systems 2025, 13, 226. [Google Scholar] [CrossRef]
  34. Katanaeva, M.A.; Grozovsky, G.I.; Lartseva, T.A.; Vyacheslavova, O.F.; EvgenievnaParfenyeva, I. Risk-oriented thinking in the quality management system of an organization. Rev. Inclusiones 2020, 310–317. [Google Scholar]
  35. Grimashevich, O.; Ivashina, M.; Natsypaeva, E.; Andreeva, T.; Kolesnikova, D.; Kontorovich, E. Improvement of Industrial Enterprise Quality Management System Based on Risk-Oriented Approach Implementation. Calitatea Acces La Success 2019, 20, 42–46. [Google Scholar]
  36. Samani, M.A.; Ismail, N.; Leman, Z.; Zulkifli, N. Development of a Conceptual Model for Risk-Based Quality Management System. Total Qual. Manag. Bus. Excell. 2019, 30, 483–498. [Google Scholar] [CrossRef]
  37. Akwei, C.; Zhang, L. Integrating Risk and Performance Management in Quality Management Systems for the Development of Complex Bespoke Systems (CBSs). Prod. Plan. Control 2018, 29, 1275–1289. [Google Scholar] [CrossRef]
  38. Huang, J.; Bian, Y. Effectiveness Research of Quality Management System on Verification Risk. In Proceedings of the 2011 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering, Xi′an, China, 17–19 June 2011; pp. 571–575. [Google Scholar]
  39. Shopova, P.; Todorova, M. Risk Identification and Assessment to Enhance Quality Management. Sci. Eng. Educ. 2024, 9, 105–108. [Google Scholar] [CrossRef]
  40. Polláková, N.; Plura, J. Identification of Potential Risks in Product Quality Planning. In Proceedings of the 25th Anniversary International Conference on Metallurgy and Materials METAL, Brno, Czech Republic, 25–27 May 2016. [Google Scholar]
  41. Rudakov, M.; Gridina, E.; Kretschmann, J. Risk-Based Thinking as a Basis for Efficient Occupational Safety Management in the Mining Industry. Sustainability 2021, 13, 470. [Google Scholar] [CrossRef]
  42. Karanikas, N.; Weber, D.; Bruschi, K.; Brown, S. Identification of Systems Thinking Aspects in ISO 45001:2018 on Occupational Health & Safety Management. Saf. Sci. 2022, 148, 105671. [Google Scholar] [CrossRef]
  43. Nenonen, N.; Tappura, S.; Rantala, M.; Lindholm, M. Workplace Hazards Difficult to Identify and Manage. In Proceedings of the Advances in Safety Management and Human Performance, Cham, Switzerland, 25–29 July 2021; Arezes, P.M., Boring, R.L., Eds.; Springer International Publishing: Cham, Switzerland, 2021; pp. 178–183. [Google Scholar]
  44. Ramos, D.; Afonso, P.; Costa, A. Integration of ISO 31000 into the Organization’s Health and Safety Management Processes. In Proceedings of the SHO 2015—International Symposium on Occupational Safety and Hygiene, Guimarães, Portugal, 12–13 February 2015. [Google Scholar]
  45. Petchenko, I.V. Evaluation of the occupational safety management system: Occupational safety audit as a key tool to enhance safety in the enterprise. Labour Prot. Probl. Ukr. 2023, 39, 59–63. [Google Scholar] [CrossRef]
  46. Spickett, J.; Katscherian, D.; Goh, Y.M. A New Approach to Criteria for Health Risk Assessment. Environ. Impact Assess. Rev. 2012, 32, 118–122. [Google Scholar] [CrossRef]
  47. Rantala, M.; Lindholm, M.; Tappura, S.; Rahnasto, J.K. Criteria for Successful Occupational Health and Safety Risk Assessment: A Systematic Review. In Proceedings of the Safety Management and Human Factors, New York, NY, USA, 24–28 July 2022; AHFE Open Acces: New York, NY, USA, 2022; Volume 64. [Google Scholar]
  48. Kimmel, G.; Vu, V. Framework for Human Health Risk Assessment. Hum. Ecol. Risk Assess. Int. J. 2001, 7, 153–156. [Google Scholar] [CrossRef]
  49. Pinto, A.; Ribeiro, R.A.; Nunes, I.L. Ensuring the Quality of Occupational Safety Risk Assessment. Risk Anal. 2013, 33, 409–419. [Google Scholar] [CrossRef] [PubMed]
  50. Bissacot, T.C.C.; Oliveira, S.M.A.C. (PDF) Instrumento Para o Gerenciamento de Riscos Ambientais. Eng. Sanit. E Ambient. 2016, 21, 227–232. [Google Scholar] [CrossRef]
  51. Breitenstein, M.; Nguyen, D.K.; Walther, T. Environmental Hazards and Risk Management in the Financial Sector: A Systematic Literature Review. J. Econ. Surv. 2021, 35, 512–538. [Google Scholar] [CrossRef]
  52. de Oliveira, F.N.; Leiras, A.; Ceryno, P. Environmental Risk Management in Supply Chains: A Taxonomy, a Framework and Future Research Avenues. J. Clean. Prod. 2019, 232, 1257–1271. [Google Scholar] [CrossRef]
  53. Thimm, H. A Continuous Risk Estimation Approach for Corporate Environmental Compliance Management. In Proceedings of the 2015 IEEE 15th International Conference on Environment and Electrical Engineering (EEEIC), Rome, Italy, 10–13 June 2015; pp. 83–88. [Google Scholar]
  54. Latorre Aizaga, F.L.; Latorre Aizaga, H.J.; Perez Sisa, F.G. Environmental Management Audit. Rev. Publicando 2016, 3, 676–687. [Google Scholar]
  55. Kas’yanov, V.; Danilchenko, V.; Amelin, V.; Tolmacheva, V. Environmental Risk Management. Forecasting and Modeling of Emergency Risk Management Situations. MATEC Web Conf. 2018, 251, 06030. [Google Scholar] [CrossRef]
  56. Verenikina, A.Y.; Finley, J.T. Managing Environmental Risks by ISO-14001 Implementation: A Case of Russian UC RUSAL. In Proceedings of the 2018 7th International Conference on Industrial Technology and Management (ICITM), Oxford, UK, 7–9 March 2018; pp. 167–173. [Google Scholar]
  57. Belas, J.; Dvorsky, J.; Hlawiczka, R.; Smrcka, L.; Khan, K.A. SMEs Sustainability: The Role of Human Resource Management, Corporate Social Responsibility and Financial Management. Oeconomia Copernic. 2024, 15, 307–342. [Google Scholar] [CrossRef]
  58. Zieba, M.; Durst, S.; Hinteregger, C. The Impact of Knowledge Risk Management on Sustainability. J. Knowl. Manag. 2022, 26, 234–258. [Google Scholar] [CrossRef]
  59. Logan, T.M.; Aven, T.; Guikema, S.; Flage, R. The Role of Time in Risk and Risk Analysis: Implications for Resilience, Sustainability, and Management. Risk Anal. 2021, 41, 1959–1970. [Google Scholar] [CrossRef] [PubMed]
  60. Pulido, M.P. Chapter 5—ISO 26000:2010 Guidance on Social Responsibility: Concept and Practical Application. In Ethics Management in Libraries and Other Information Services; Pulido, M.P., Ed.; Chandos Publishing: Witney, UK, 2018; pp. 127–168. ISBN 978-0-08-101894-1. [Google Scholar]
  61. ISO/IEC 27001:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. International Organization for Standardization: Geneva, Switzerland, 2022. Available online: https://www.iso.org/standard/27001 (accessed on 16 May 2025).
  62. ISO 37001:2025; Anti-Bribery Management Systems—Requirements with Guidance for Use. International Organization for Standardization: Geneva, Switzerland, 2025. Available online: https://www.iso.org/standard/37001 (accessed on 16 May 2025).
  63. Gerek, Y.; Aydin, M.N. Management Frameworks and Management System Standards in the Context of Integration and Unification: A Review and Classification of Core Building Blocks for Consilience. Systems 2025, 13, 234. [Google Scholar] [CrossRef]
  64. Lukáč, J. Vznik a Zánik Malých a Stredných Podnikov na Slovensku v Roku 2022; Slovak Business Agency: Bratislava, Slovakia, 2023; Available online: https://monitoringmsp.sk/wp-content/uploads/2023/10/Vznik-a-zanik-malych-a-strednych-podnikov-na-Slovensku-v-roku-2022.pdf (accessed on 16 May 2025).
  65. Malé a Stredné Podnikanie v Číslach v Roku 2023; Slovak Business Agency: Bratislava, Slovakia, 2024; Available online: https://monitoringmsp.sk/wp-content/uploads/2024/05/MSP_v_cislach_2023.pdf (accessed on 16 May 2025).
  66. Boyd, L.; Mills, L.; Jacintho, A.; Martinez, G. Risk Assessments to Improve Workplace Compliance and Safety. In Proceedings of the International Petroleum Technology Conference, Dhahran, Saudi Arabia, 21–23 February 2022. [Google Scholar]
  67. Cabeças, J.M.M. Taxonomy to Characterize Occupational Hazards (Risk Factors) at the Workplace Level. Work 2015, 51, 703–713. [Google Scholar] [CrossRef]
  68. Chencheva, O.; Sukach, S.; Rieznik, D.; Petrenko, I.; Lashko, Y.; Hladiuk, O. Сучасна кoнцепція управління безпекoю та гігієнoю праці на oснoві ризикooрієнтoванoгo підхoду. Munic. Econ. Cities 2024, 4, 221–227. [Google Scholar] [CrossRef]
  69. Kuzheleva, M.; Pushenko, S.; Staseva, E. Methodology for Improving the Efficiency of Occupational Safety Management of an Enterprise Based on the Theory of Risk Management. BIO Web Conf. 2024, 113. [Google Scholar] [CrossRef]
  70. Kosyakova, I.V.; Sviridenko, D.A.; Zhilyunov, N.Y.; Astashev, Y.V. The Impact of Environmental Risks on the Management of Industrial Enterprises. Eur. Proc. Soc. Behav. Sci. 2019. Global Challenges and Prospects of the Modern Economic Development. [Google Scholar] [CrossRef]
  71. Krokhina, J.A.; Vinogradova, T.; Grishnova, E.Y.; Zhdanov, S.P.; Borisova, O.V.; Ostanin, L.M.; Popova, O.V.; Kutlin, N.G. Environmental Risk Management System Projecting of Industrial Enterprises. EBSCOhost. Available online: https://openurl.ebsco.com/contentitem/gcd:134107248?sid=ebsco:plink:crawler&id=ebsco:gcd:134107248 (accessed on 14 March 2025).
  72. Kniaz, S.; Brych, V.; Marhasova, V.; Tyrkalo, Y.; Skrynkovskyy, R.; Sumets, A. Modeling of the Information System of Environmental Risk Management of an Enterprise. In Proceedings of the 2022 12th International Conference on Advanced Computer Information Technologies (ACIT), Ruzomberok, Slovakia, 26–28 September 2022; pp. 215–218. [Google Scholar]
  73. Valencia, W.A. La responsabilidad social: Análisis del enfoque de ISO 26000. Ind. Data 2015, 18, 55–60. [Google Scholar] [CrossRef]
  74. Bratianu, C.; Nestian, A.; Tita, S.M.; Vodã, A.I.; Guta, A.L. The Impact of Knowledge Risk on Sustainability of Firms. Amfiteatru Econ. J. 2020, 22, 639. [Google Scholar]
  75. Wong, D.T.W.; Ngai, E.W.T. Economic, Organizational, and Environmental Capabilities for Business Sustainability Competence: Findings from Case Studies in the Fashion Business. J. Bus. Res. 2021, 126, 440–471. [Google Scholar] [CrossRef]
  76. Balzarova, M.; Castka, P. Social Responsibility: Experts’ Viewpoints on Adoption of the ISO 26000 Standard. Corp. Soc. Responsib. Environ. Manag. 2018, 25, 819–824. [Google Scholar] [CrossRef]
  77. Moratis, L.; Cochius, T. ISO 26000: The Business Guide to the New Standard on Social Responsibility; Routledge: London, UK, 2017; ISBN 978-1-351-27884-3. [Google Scholar]
  78. Dvorsky, J.; Kubalek, J.; Barinova, D. Selected factors influencing the social and environmental aspects of sustainability of SMEs. Transform. Bus. Econ. 2024, 23, 200. [Google Scholar]
  79. Saunila, M.; Ukko, J.; Kinnunen, J. Sustainability Partnership as a Moderator in the Relationship between Business Sustainability and Firm Competitiveness. Bus. Strategy Environ. 2024, 33, 123–133. [Google Scholar] [CrossRef]
  80. Lizarzaburu Bolaños, E.R.; Barriga, G.; Noriega, E. Gestión Integral de Riesgos y Antisoborno: Un Enfoque Operacional Desde La Perspectiva Iso 31000 e Iso 37001Risk Management and Anti-Bribery: An Operational Approach from the Perspective of Iso 31000 and Iso 37001. Univ. Empresa 2019, 21, 79–118. [Google Scholar] [CrossRef]
  81. Nováková, R.; Pauliková, A.; Čekanová, K.; Nováková, R.; Pauliková, A.; Čekanová, K. Risk Management as a Part of a Quality Management System in Woodworking Companies. In Proceedings of the 10th International Scientific Conference WoodEMA, More Wood, Better Management, Increasing Effectiveness: Starting Points and Perspective, Prague, Czech Republic, 24–26 May 2017; pp. 170–178. [Google Scholar]
  82. Andreeva, T.; Popova, L.; Yashina, M.; Babynina, L.; Yaksanova, N.; Natsypaeva, E. Integration of the Quality Management and Strategic Management Systems into Unified Management System of Enterprises. Calitatea Acces La Success 2019, 20, 3–8. [Google Scholar]
  83. Chovanec, D.; Kollár, B.; Halúsková, B.; Kubás, J.; Pawęska, M.; Ristvej, J. A Component-Based Approach to Early Warning Systems: A Theoretical Model. Appl. Sci. 2025, 15, 3218. [Google Scholar] [CrossRef]
  84. Widianti, T.; Firdaus, H.; Rakhmawati, T. Mapping the Landscape: A Bibliometric Analysis of ISO 31000. Int. J. Qual. Reliab. Manag. 2024, 41, 1783–1810. [Google Scholar] [CrossRef]
Table 1. Absolute frequencies of enterprises by size categories in Slovakia in the years 2022–2023. Source: Register of Organizations of the Statistical Office of the Slovak Republic, processed by Slovak Business Agency [64,65].
Table 1. Absolute frequencies of enterprises by size categories in Slovakia in the years 2022–2023. Source: Register of Organizations of the Statistical Office of the Slovak Republic, processed by Slovak Business Agency [64,65].
Size Categories20222023
Small enterprises (10–49)12,66512,795
Medium-sized enterprises (50–249)27192705
Large enterprises (250 and more)654666
16,03816,166
Table 2. Relative frequencies of ISO standards implementation by enterprise size categories.
Table 2. Relative frequencies of ISO standards implementation by enterprise size categories.
Question
No.1 & No.4		ISO 9001:2015ISO 14001:2019ISO 45001:2018ISO
26000		ISO 9001:2015; ISO 14001:2019; ISO 45001:2018N/A *
Small enterprises0.0960.0660.0820.0350.0880.1890.556
Medium-sized enterprises0.0560.0480.0590.0400.0610.0610.324
Large enterprises0.0110.0210.0190.0050.0450.0190.120
0.1620.1360.1600.0800.1940.2691.000
* N/A means “no ISO standard implemented”.
Table 3. Relative frequencies of the person responsible for risk management by enterprise size categories.
Table 3. Relative frequencies of the person responsible for risk management by enterprise size categories.
Question
No.1 & No.6		Business
Owner		Authorized
Top Manager		Process
Owners		Risk Management
Specialist		External
Organization		No Responsible
Person
Small enterprises0.1410.1220.1140.0270.1220.0290.556
Medium-sized enterprises0.0130.1220.1040.0480.0370.0000.324
Large enterprises0.0050.0190.0690.0210.0050.0000.120
0.1600.2630.2870.0960.1650.0291.000
Table 4. Dependence between implemented management systems and priority activity in the risk management process in small enterprises.
Table 4. Dependence between implemented management systems and priority activity in the risk management process in small enterprises.
Small EnterprisesManagement Systems
Priority ActivityISO 9001:2015ISO 14001:2019ISO 45001:2018ISO 26000ISO 9001; ISO14001; ISO45001N/A *
Identification1.1770.1993.9060.4331.0795.01911.812
Analysis1.5500.7920.3310.3464.6803.05710.758
Evaluation0.4230.0760.2440.6840.9190.4272.773
Preparation of measures0.0040.4440.0541.4932.0530.9945.043
Monitoring0.9091.6210.4720.6890.3370.1394.167
All the same priority0.1620.9251.5960.6032.0893.1398.513
4.2254.0566.6044.24911.15712.77643.066
* N/A means “no ISO standard implemented”.
Table 5. Parameters of dependency related to Table 4.
Table 5. Parameters of dependency related to Table 4.
df (degrees of freedom)25
p-value0.013
α (significance level)0.05
Critical chi-square37.652
Cramer’s V test0.203
Table 6. Dependence between implemented management systems and priority activity in the risk management process in medium-sized enterprises.
Table 6. Dependence between implemented management systems and priority activity in the risk management process in medium-sized enterprises.
Medium-Sized EnterprisesManagement Systems
Priority ActivityISO 9001:2015ISO 14001:2019ISO 45001:2018ISO 26000ISO 9001; ISO14001; ISO45001N/A *
Identification0.2741.6883.5780.0100.0261.2596.835
Analysis2.2382.2600.0510.1010.9790.8596.487
Evaluation1.3776.7360.1361.0501.5080.17110.978
Preparation of measures0.6690.1290.0570.2790.0170.6231.774
Monitoring1.8930.2390.0000.3101.7890.0034.235
All the same priority1.0620.2310.8751.9390.4654.6729.242
7.51311.2834.6973.6894.7857.58639.552
* N/A means “no ISO standard implemented”.
Table 7. Parameters of dependency related to Table 6.
Table 7. Parameters of dependency related to Table 6.
df (degrees of freedom)25
p-value0.032
α (significance level)0.05
Critical chi-square37.652
Cramer’s V test0.255
Table 8. Dependence between implemented management systems and priority activity in the risk management process in large enterprises.
Table 8. Dependence between implemented management systems and priority activity in the risk management process in large enterprises.
Large EnterprisesManagement Systems
Priority ActivityISO 9001:2015ISO 14001:2019ISO 45001:2018ISO 26000ISO 9001; ISO14001; ISO45001N/A *
Identification1.0670.6022.4380.5331.3421.8677.849
Analysis1.1680.1170.6220.1781.5113.0516.647
Evaluation0.1780.3560.3110.0892.0500.3113.294
Preparation of measures1.0673.8520.6884.0331.4161.86712.923
Monitoring0.0000.0000.0000.0000.0000.0000.000
All the same priority2.0831.0422.3330.6670.0203.0489.192
5.5635.9696.3935.5006.33810.14339.905
* N/A means “no ISO standard implemented”.
Table 9. Parameters of dependency related to Table 8.
Table 9. Parameters of dependency related to Table 8.
df (degrees of freedom)20
p-value0.005
α (significance level)005
Critical chi-square31.410
Cramer’s V test0421
Table 10. Dependence between implemented management systems and the responsible person for risk management in small enterprises.
Table 10. Dependence between implemented management systems and the responsible person for risk management in small enterprises.
Small EnterprisesManagement Systems
Responsible PersonISO 9001:2015ISO 14001:2019ISO 45001:2018ISO 26000ISO 9001; ISO14001; ISO45001N/A *
Business owner0.1406.3401.8971.6004.84622.20637.028
Authorized top manager4.6602.2230.0990.4530.0105.93113.376
Process owners0.9080.2540.4120.6575.6817.70315.615
Risk management specialist1.7226.5720.1570.2301.2791.69111.652
External organization1.9431.1342.5570.0070.0750.8426.557
No responsible person1.8951.3160.2440.6841.73710.49716.373
11.26817.8395.3673.63113.62748.870100.602
* N/A means “no ISO standard implemented”.
Table 11. Parameters of dependency related to Table 10.
Table 11. Parameters of dependency related to Table 10.
df (degrees of freedom)25
p-value4.96699 × 10−11
α (significance level)0.05
Critical chi-square37.652
Cramer’s V test0.310
Table 12. Dependence between implemented management systems and the responsible person for risk management in medium-sized enterprises.
Table 12. Dependence between implemented management systems and the responsible person for risk management in medium-sized enterprises.
Medium-Sized EnterprisesManagement Systems
Responsible PersonISO 9001:2015ISO 14001:2019ISO 45001:2018ISO 26000ISO 9001; ISO14001; ISO45001N/A *
Business owner0.8610.0931.3383.1210.9430.9437.299
Authorized top manager0.5470.0910.2020.4855.1337.99714.456
Process owners0.4370.5350.0000.30312.6597.35221.286
Risk management specialist0.0032.0690.0190.2800.5720.5723.515
External organization0.1450.0020.0901.7210.1550.7012.814
No responsible person0.0000.0000.0000.0000.0000.0000.000
1.9932.7911.6495.91019.46217.56649.370
* N/A means “no ISO standard implemented”.
Table 13. Parameters of dependency related to Table 12.
Table 13. Parameters of dependency related to Table 12.
df (degrees of freedom)20
p-value2.72403 × 10−04
α (significance level)0.05
Critical chi-square31.410
Cramer’s V test0.284
Table 14. Dependence between implemented management systems and the responsible person for risk management in large enterprises.
Table 14. Dependence between implemented management systems and the responsible person for risk management in large enterprises.
Large EnterprisesManagement Systems
Responsible PersonISO 9001:2015ISO 14001:2019ISO 45001:2018ISO 26000ISO 9001; ISO14001; ISO45001N/A *
Business owner0.1780.3561.5250.0890.0790.3112.538
Authorized top manager0.2290.4591.0891.5251.0230.7625.087
Process owners0.0420.5690.2261.1560.4830.0002.476
Risk management specialist0.1171.7500.0480.3560.3460.0482.665
External organization0.1780.3560.3119.3390.0790.31110.574
No responsible person0.0000.0000.0000.0000.0000.0000.000
0.7443.4903.19912.4642.0091.43323.340
* N/A means “no ISO standard implemented”.
Table 15. Parameters of dependency related to Table 14.
Table 15. Parameters of dependency related to Table 14.
df (degrees of freedom)20
p-value0.272
α (significance level)0.05
Critical chi-square31.410
Cramer’s V test0.322
Table 16. Dependence between the responsible person for risk management and the priority activity in the risk management process in small enterprises.
Table 16. Dependence between the responsible person for risk management and the priority activity in the risk management process in small enterprises.
Small EnterprisesResponsible Person
Priority ActivityBusiness OwnerAuthorized Top ManagerProcess OwnersRisk Management SpecialistExternal
Organization		No Responsible Person
Identification2.7220.0051.9360.8501.2700.1746.956
Analysis0.7200.5240.0120.4310.5240.4742.685
Evaluation0.2230.8340.0310.4260.83420.21522.564
Preparation of measures0.1370.0980.1780.0190.3110.4301.173
Monitoring5.7390.0550.5418.8520.8700.21216.270
All the same priority8.8090.0141.6151.0141.0891.32613.868
18.3511.5304.31211.5934.89922.83163.516
Table 17. Parameters of dependency related to Table 16.
Table 17. Parameters of dependency related to Table 16.
df (degrees of freedom)25
p-value3.3684 × 10−05
α (significance level)0.05
Critical chi-square37.652
Cramer’s V test0.247
Table 18. Dependence between the responsible person for risk management and the priority activity in the risk management process in medium-sized enterprises.
Table 18. Dependence between the responsible person for risk management and the priority activity in the risk management process in medium-sized enterprises.
Medium-Sized EnterprisesResponsible Person
Priority ActivityBusiness OwnerAuthorized Top ManagerProcess OwnersRisk Management SpecialistExternal OrganizationNo Responsible Person
Identification0.0030.3220.9531.6880.7010.0003.669
Analysis0.4100.1661.9470.4391.4920.0004.453
Evaluation0.3283.0160.8142.8050.0070.0006.971
Preparation of measures1.0250.0350.0000.4660.2630.0001.789
Monitoring0.4510.8270.0760.0881.2620.0002.704
All the same priority0.9500.6323.0760.0060.9860.0005.650
3.1664.9996.8655.4934.7120.00025.236
Table 19. Parameters of dependency related to Table 18.
Table 19. Parameters of dependency related to Table 18.
df (degrees of freedom)20
p-value0.193
α (significance level)0.5
Critical chi-square31.410
Cramer’s V test0.203
Table 20. Dependence between the responsible person for risk management and the priority activity in the risk management process in large enterprises.
Table 20. Dependence between the responsible person for risk management and the priority activity in the risk management process in large enterprises.
Large EnterprisesResponsible Person
Priority ActivityBusiness OwnerAuthorized Top ManagerProcess OwnersRisk Management SpecialistExternal OrganizationNo Responsible Person
Identification0.5331.8670.6160.0080.4080.0003.433
Analysis0.1780.6220.2050.1170.1780.0001.300
Evaluation0.0890.3110.6170.3560.0890.0001.462
Preparation of measures0.4080.0100.5390.3520.4080.0001.717
Monitoring0.0000.0000.0000.0000.0000.0000.000
All the same priority0.1673.0480.3210.1670.6670.0004.368
1.3755.8572.2981.0001.7500.00012.280
Table 21. Parameters of dependency related to Table 20.
Table 21. Parameters of dependency related to Table 20.
df (degrees of freedom)20
p-value0.724
α (significance level)0.05
Critical chi-square31.410
Cramer’s V test0.234
Table 22. Results of hypothesis testing.
Table 22. Results of hypothesis testing.
HypothesisFormulationTest Outcome
H1 (1)There is a statistically significant dependence between the degree of ISO standards implementation and the priority activity in risk management.Small enterprises H1 (1)
Medium-sized enterprises H1 (1)
Large enterprises H1 (1)
H1 (2)There is a statistically significant dependence between the degree of ISO standards implementation and the responsible person for risk management.Small enterprises H1 (2)
Medium-sized enterprises H1 (2)
Large enterprises H0 (2)
H1 (3)There is a statistically significant dependence between the selection of the person responsible for risk management and the priority activity in risk management.Small enterprises H1 (3)
Medium-sized enterprises H0 (3)
Large enterprises H0 (3)
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kelíšek, A.; Studená, J.; Buganová, K.; Hudáková, M. The Degree of Risk Management Implementation in Enterprises in the Slovak Republic. Systems 2025, 13, 427. https://doi.org/10.3390/systems13060427

AMA Style

Kelíšek A, Studená J, Buganová K, Hudáková M. The Degree of Risk Management Implementation in Enterprises in the Slovak Republic. Systems. 2025; 13(6):427. https://doi.org/10.3390/systems13060427

Chicago/Turabian Style

Kelíšek, Alexander, Jana Studená, Katarína Buganová, and Mária Hudáková. 2025. "The Degree of Risk Management Implementation in Enterprises in the Slovak Republic" Systems 13, no. 6: 427. https://doi.org/10.3390/systems13060427

APA Style

Kelíšek, A., Studená, J., Buganová, K., & Hudáková, M. (2025). The Degree of Risk Management Implementation in Enterprises in the Slovak Republic. Systems, 13(6), 427. https://doi.org/10.3390/systems13060427

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop