Microsoft Word - 07_Ferry Jie_Analysis of Advantages.doc Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 196 ANALYSIS OF ADVANTAGES AND DISADVANTAGES OF CURRENT OPERATIONAL RISK MANAGEMENT MODELS (AS/NZS 4360, AS/NZS ISO 9000, AS/NZS ISO 14000, AS/NZS 4801, AS/NZS 3806, AS/NZS 4444) Ferry Jie1; Hasan Akpolat2; Deepak Sharma3; James Irish4 ABSTRACT This paper will describe about the analysis of advantages and disadvantages of current operational risk management models (AS/NZS 4360: Risk Management, AS/NZS 4801: Occupational Health and Safety Management Systems, AS/NZS ISO 9001: Quality Management System, AS/NZS ISO 14001: Environment Management System, AS/NZS 3806: Compliance Management System, AS/NZS 4444: Information Security Management) based on expert experiences and extracting the literature review. The advantages of most current models are widely adopted by industries of various of sizes as the basis for their operational risk management. In addition, they may help the organizations to improve the operations and competitiveness. However, there are some disadvantages of most current models such as the models are very general (guidance only), not specific to cover particular risks of industries. And they don’t have the specific tools and processes. In addition, they may not be able to integrate all elements of the management systems such as safety, health, environment, quality, security, and compliance. Keywords: operational risk management, advantages, disadvantages ABSTRAK Artikel memaparkan analisis keuntungan dan kerugian model manajemen risiko operasional terbaru berdasarkan pengalaman para ahli dan menyimpulkan dari berbagai sumber teori. Keuntungan model terbaru tersebut digunakan secara luas oleh berbagai industri sebagai dasar manajemen risiko operasional. Manajemen tersebut membantu organisasi meningkatkan operasinya dan daya saing. Meskipun demikian, model tersebut memiliki kerugian, yaitu model tersebut terlalu umum, tidak spesifik untuk menutup risiko tertentu sebuah industri. Juga tidak memiliki alat yang spesifik dan prosesnya. Model tersebut juga tidak dapat mengintegrasikan seluruh elemen sistem manajemen seperti keselamatan, kesehatan, lingkungan, kualitas, dan keamanan. Kata kunci: manajemen risiko operasional, keuntungan, kerugian 1 PhD Student at Faculty of Engineering, University of Technology Sydney and Lecturer at Bina Nusantara University, Jakarta-Indonesia 2 Principal Supervisor, Senior Lecturer at Faculty of Engineering, University of Technology Sydney, Australia 3 Co-Supervisor, A/Professor at Faculty of Engineering, University of Technology Sydney 4 Co-Supervisor, Senior Lecturer at Faculty of Engineering, University of Technology Sydney Analysis of Advantages and Disadvantages… (Ferry Jie; et. al.) 197 INTRODUCTION In recent years, for running their business, many companies/industries find a number of operational risks which are likely to be made worse, for instance, Quality, Health and Safety, IT and also Environment factors. These operational risks will make the companies met tremendous inefficiency or ineffectiveness, unpredictable profit margins, uncertain/lost revenues/throughputs and also business value lost. Many companies may use the operational risk management models to manage or mitigate the risk, hazards, failure, and loss. This paper will discuss about the analysis of advantages and disadvantages of existing operational risk management models such as AS/NZS 4360: Risk Management, AS/NZS 4801: Occupational Health and Safety Management Systems, AS/NZS ISO 9001: Quality Management System, AS/NZS ISO 14001: Environment Management System, AS/NZS 3806: Compliance Management System, AS/NZS 4444: Information Security Management based on literature review and expert experiences. This paper will be divided into two sections, the first part is about the definition and overview of risk management, risk management methods/models/techniques, and operational risk management. And the second part is about the analysis of advantages and disadvantages of existing operational risk management. DISCUSSION Overview of risk, risk management, and operational risk management I. Definition of Risk and Risk Management According to Singleton and Hovden (1987), risk is the chance of a failure, a function, mostly the product of likelihood and size of loss or failure, and also the dimension of the probable loss or failure. In addition, risk is the variance of the probability distribution of all probable consequences of a risky course of action. Risk is the semi variance of the distribution of all consequences, taken over negative consequences only, and with respect to some adopted reference value (Singleton and Hovden, 1987). Chapman and Ward (1997) described the risk is “the implications of the existence of significant uncertainty about the level of project performance achievable”. Risk is a weighted linear combination of the variance of and the expected value of the distribution of all possible consequences. According to AS/NZS 4360 (1999), Risk management is “the systematic application of management policies, procedures and practices to the tasks of identifying, analyzing, evaluating, treating, and monitoring risk”. Risk management is “the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects”. Lam J. and Kawamoto (1997) described the definition of risk management is “a scientific method to the problem of dealing with the pure risks which are faced by individuals or businesses”. According to Wideman (1992), Project Risk Management is the art and science of identifying, assessing, and responding to project risk throughout the life of a project and in the best interests of its objectives”. Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 198 According to A Guide to the Project Management Body of Knowledge (2000), “Risk Management is the systematic process of identifying, analyzing and responding to potential project risk. It includes maximizing the probability and impact of positive events and minimizing the probability and consequences of events adverse to project objectives”. II. Operational Risk Operational risk is the risk related with business processes. Another definition is the risk that comes up during performance of work in industry (manufacturing or service). Operational risk can be divided into four areas as follows. 1. “Quality – the risk of supplying a nonconforming product or service, to a customer”. 2. “Safety – the risk of supplying an unsafe product or service to a customer, and/or injuring workers during production”. 3. “Environment – the risk of supplying an environmentally damaging product to a customer, or damaging the environment during production or provision of a service”. 4. “Security – the risk of being subjected to criminal activity during provision of a product or service”. The following Australian Standards which structure the foundation and guidance resource for an Integrated Risk Management System will give effective management of Operational Risk, in project-based organisations and those involved in continuous production. 1. AS/NZS 4360 : 1999 : Risk Management 2. AS/NZS 4801-Occupational Health and Safety Management System 3. AS/NZS ISO 14001: Effective Environmental Management System 4. AS/NZS ISO 9001: Quality Management System-Model for quality assurance in design/development, production, installation and servicing 5. AS/NZS 4581–Management System Integration 6. AS/NZS 3806: Compliance Management System 7. AS/NZS 4444: Information Security Management 8. AS/NZS 3931 Risk Analysis of Technological System-Application guide 9. AS 3907 Guidelines for Configuration Management 10. AS 4269 Complaints Handling 11. AS 2430.3 Classification of Hazardous Areas Analysis of Advantages and Disadvantages of AS/NZS 4360: Risk Management, AS/NZS ISO 9000, AS/NZS ISO 14000, AS/NZS 4801, AS/NZS 3806, AS/NZS 4444 I. Advantages Analysis 1. AN/NZS 4360: Risk Management AS/NZS 4360: Risk Management was introduced in 1995 and then finally revised in 1999 by Standards Australia and Standards New Zealand. This Joint Australian/New Zealand Standard was prepared by the Joint Technical Committee OB/7-Risk management. This was approved on Analysis of Advantages and Disadvantages… (Ferry Jie; et. al.) 199 behalf of the Council of Standards Australia on 2 April 1999 and on the behalf of the Council of Standards New Zealand on 22 March 1999. In addition, this was published on 12 April 1999. This standard is the world first and is designed to complement ISO 9000 activities. In addition, these standard summaries procedures which every organization can apply to facilitate establish context, identify, assess, analyse, treat, monitor and communicate with regard to risk. AS/NZS 4360: Risk Management model chart can be seen at Figure 1. It is a generic standard and only a guideline. It suggests a process rather than tools which are specific to particular industries. AS/NZS 4360 has been widely adopted by industries of various sizes as the basis for their operational risk management. A number of handbooks have been published to help the application of AS/NZS 4360 to specific industries or types of risk. Figure 1 Risk Management Model According to public comments that AS/NZS 4360 is a consistent approach to risk management and its terminology. Furthermore, this standard is easy to read format using language everyone can relate to and also can be adopted at every stage in the activity, function, project which generated by public, private or community/enterprise organization. According to Bullish Technologies (2002), AS/NZS 4360: Risk Management propitiates facing the numerous risk with the advent of a "Knowledge Based Global E-economy". Based on Strategy Unit Report in the United Kingdom (2002), “The most established, AS/NZS 4360, has been very well received internationally, widely influential, and adopted by, for example, the majority of government organisations in Australia and the National Health Service and Office of National Statistics in the UK. The Department of Health also proposes to adopt the standard”. Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 200 2. AS/NZS 4801: Occupational Health and Safety Management Systems AS/NZS 4801: Occupational Health and Safety Management System-General Guidelines on principles, systems and supporting techniques was also published by Standards Australia and Standards New Zealand, in 2001. This standard is working in concurrence with AS/NZS 4804. Infact, AS/NZS 4804 is a guideline to support for implementing and improving the Occupational Health and Safety Management System. This standard is “the part of the overall management system which includes organisational structure, planning activities, responsibilities, practices, procedures and resources for developing, implementing, achieving, reviewing and maintaining the OHS policy and so managing the risks associated with the business of the organisation”. The aim of this standard is to aid in the implementation, development, and improvement of occupational health and safety management systems. AS/NZS 4801:2001 can be seen at Figure 2. This standard provides auditable criteria for an occupational health and safety management system. Moreover, this standard covers all the best elements of such systems (including guidance on how the criteria may be accomplished) already widely used in Australia and New Zealand organizations. AS/NZS 4801 is intended to be used for certification and also for continuous improvement. AS/NZS 4801 covers the comprehensive range of the requirements for effective occupational health and safety practice such as setting the policy, planning (identification of hazards, assessment and control the operational risks), setting training and competence, monitoring, measuring and recording management, auditing procedures and requirements, and reviewing management. Figure 2 AS/NZS 4801:2001, OHS Management System Model Analysis of Advantages and Disadvantages… (Ferry Jie; et. al.) 201 3. AS/NZS ISO 9000: Quality Management System (Version 2000 and Version 1994) AS/NZS ISO 9001: Quality Management Systems-Requirements was published by Standards Australia and Standards New Zealand, in 2000. The aim of this standard is the effectiveness of the quality management system in meeting customer requirements. In addition, ISO 9000:2000 can help the organizations to improve the operations and competitiveness. AS/NZS ISO 9001:2000, Quality Management System model chart can be seen at Figure 3. Figure 3 AS/NZS ISO 9001: Quality Management System Model According to ISO Survey of ISO 9000: Quality Management Systems in 1999, Australia has had the highest growth of ISO 9000 certifications with 8,883 new certificates released. The language of this standard is easier to understand and also to apply to all industries. And another positive of this standard is the ability to make compatible with ISO 14001. Other strengths of the ISO 9000 approach are this model is prescriptive and therefore the way forward is clear and unambiguous and the end point (achieving certified status) is well defined and externally validated (Najmi and Kehoe, 2000). Kehoe (1996) explained that ISO 9000:1994 (version) provides a number of qualitative advantages. In addition, British Standard Institution estimated that most companies can reduce the operating costs by 10 % on average with using ISO 9000:1987 (version) (Marquardt, 1992). Based Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 202 on the survey which has conducted by Lloyd’s Register Quality Assurance Ltd (LRQA) (1991), around 400 quality managers and senior managers defined that the advantages of ISO 9000 can be accomplished in a variety of categories. Furthermore, Dale and Oakland explained that there is an extensive list of qualitative and quantitative advantages of ISO 9000 certification (1991). Other survey about how implementation of ISO 9000 has already been beneficial to industry. According to Kanji that ISO 9000:1994 (version) provides a reliable set of procedures and requirements that can be generally practical. He stated that when the organization has the quality system, the organization may have the capability to provide quality goods and services to their customers. Curry and Monaghan (1994) added the explanation that there are some advantages to be had for some local authority services in applying a QMS model (ISO 9000:1994 version). Rayner and Porter (1991), defined that there are some reasons to implement the ISO 9000 are such as the market consideration, actual customer pressure, anticipated customer pressure, gain market advantage, access new markets, improve quality, and avoid multi assessment. According to the survey conducted by Brown and Van der Wiele in 1995, the similar reasons for applying the ISO 9000 are such as the customer requirements, to improve customer service, marketing, internal efficiency, and as a basis for a quality push. Beattle and Sohal (1999) explained that implementing ISO 9000 in Australian Organizations can gives some benefits in strategic business (market share including the ability to tender on government work) and operational business (customer service). Mc Teer and Dale stated that there are some benefits of ISO 9000:1994 (version) system certification and registration process such as world wide recognition, make use of of certifying firm’s logo in sales literature and advertising, less but more focused audits by suppliers, faster, easier, and more comprehensive employee training, increased productivity, and lower production costs. 4. AS/NZS ISO 14000: Environment Management System AS/NZS ISO 14001: Environmental Management Systems-Specification with guidance for use was prepared by the Standards Australia and Standards New Zealand QR/11 in 1996 It is the same as the International Standard ISO 14001: Environmental Management Systems- Specification with guidance for use. The key elements of an AS/NZS ISO 14001 are environmental policy, planning, implementation and operation, checking and corrective action, management review and continual improvement. AS/NZS ISO 14001, Environmental Management Systems Model chart can be seen at Figure 4. According to ISO Survey of ISO 14000: Environmental Management Systems Certificates in 1996, Australia registered 356 new certificates under this standard. This standard is one part of management tools to enable an organization of any size or type which want to improve and control the impact of its activities, products or services on the environment. In addition, this standard can be used to assure itself of conformance with its stated environmental policy. According to Rondinelli et al (2000) that ISO 14001 has some strengths as follows. 1. Gives the “framework for continuous improvement of environmental performance”. 2. ISO 14001 is a complementary mechanism that is flexible and adaptive, and enhances the overall implementation regulatory framework. 3. Minimises the environmental incidents and liability. Analysis of Advantages and Disadvantages… (Ferry Jie; et. al.) 203 4. Improves the organization images among regulators, community and consumers or other parties. 5. It is strong credibility to trade/exporters. 6. This is a communication tool and partnership tool for conveying the verifiable message and also getting a common ground. 7. Stakeholder can participate involved in the Environmental Management System design. Figure 4 AS/NZS ISO 14001: Environmental Management System Model 5. AS/NZS 3806: Compliance Management Systems This standard gives the principles or essential elements for the development, implementation, maintenance, and management of effective compliance programs within both public and private organizations. This standard gives the structure for an effective compliance program to prevent, identify and respond to, breaches of laws, regulations, codes or organizational standards occurring in the organisation. In addition, this standard promotes a culture of compliance within the organization and assists the organization in remaining or becoming a good corporate citizen. This standard has three core elements as follows. a. Structural Elements (commitment, compliance policy, management responsibility, resources, continuous improvement). b. Operational Elements (identification of compliance issues, operating procedures for compliance, implementation, complaints handling system, record keeping, identification and rectification, systemic and recurring problems, reporting, management supervision). c. Maintenance Elements (education and training, visibility and communication, monitoring and assessment, review, liaison, and accountability). Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 204 6. AS/NZS 4444 Information Security Management AS/NZS 4444 (1999) Information Security Management gives a lot of description about the security mechanism and framework, protecting the confidentiality, integrity, and availability of information. In addition, this standard covers all dimensions of information security management such as security policy, security organization, asset classification and control, personnel security, physical and environmental security, communications and operational management, access control, system development and maintenance, business continuity management, and compliance. Basically, when AS/NZS 4360 combines with AS/NZS 4444, they will give the good performance framework for building effective security. This standard is divided into two sections, the first section is about a code of practice for information security management and the second section is about the specification a risk management based information security management system. Disadvantages Analysis 1. AS/NZS 4360: Risk Management The main of disadvantage of this standard is that the process of AS/NZS 4360:Risk Management System is very general, not specific/not adequate to cover particular risks of industries and does not have the specific tools and processes (Grey, 2001), even though this model is considered to be an excellent basic framework and has widely applicability. And this standard does not go far enough for public sectors. In addition, this system does not have the integration between qualitative and quantitative tools and also integration between individual and overall risks. According to ERMA New Zealand that “by nature AS/NZS 4360 does not address the detail of the specific issues that risk managers working in specialist areas face in using the standard”. Based on the analysis of the researcher about this standard, there are some other disadvantages of AS/NZS 4360 are as follows. a. There is no risk identification process in detail (in risk management process). b. And there is just a little bit risk identification tools (not providing the particulars tools). c. There is no computerization tool of qualitative, semi quantitative and quantitative analysis in risk analysis step. d. There is not many risk analysis tools. e. There is no risk monitoring and review process and also risk communication and consultation process. f. There is no mention about the risk monitoring and review tools and risk communication and consultation tools. g. There is only a little bit identifying options for risk treatments (only reduce / control likelihood and reduce / control consequences). What about other risk treatments or risk strategies, such as mitigation, retain, transferring options, etc). h. No explanation in detail all identifying options for risk treatments. i. There is no sample or example risk identification, risk analysis/evaluation tools. Analysis of Advantages and Disadvantages… (Ferry Jie; et. al.) 205 2. AS/NZS 4801: Occupational Health and Safety Management Systems One of disadvantage of this model is a general model (not a specification model), even though it aims to cover the best elements of such systems which are already widely used in Australia and New Zealand. In addition, it does not indicate specific Occupational Health and Safety performance results. One weakness of this standard is that it does not deal with health surveillance. According to SAI Global Assurance Services that AS/NZS 4801 provides general guidelines on the systems, principles, and supporting techniques. 3. AS/NZS ISO 9000: Quality Management System All requirements of ISO 9001 are generic (not specific) even though this standard is widely applicable to all organizations regardless of type, size, and product provided. This standard is independent of any specific industry and it have to be interpreted by the user in order to put it into practice. In addition, ISO 9000 is not in itself sufficient to ensure that a high and continually improving level of quality is attained. There are the following of the year 2000 problem of ISO 9000: The standards should have increased compatibility with the ISO 14000 and should have an ordinary structure based on a process system. ISO 9001 requirements should include display of continuous improvement and avoidance of non conformity. ISO 9001 should deal with effectiveness while ISO 9004 should address both efficiency and effectiveness. ISO 9004 should help achieve benefits for all interested parties, for instance, customers, owners, employees, suppliers and society. The revised standards should be simple to use, easy to understand, and use clear language and terminology. The standards should facilitate self evaluation. The standards should be suitable for all sizes of organizations, operation in any economic or industrial sector, and the manufacturing orientation of the current standards should be removed. According to Jurgen Dorn and Riccardo Peratello, ISO 9000 is often unwanted internally because this standard is bureaucratic overhead (in particularly for maintenance), this standard missed the acceptance of process orientation and totality, and also this standard is inability to model processes (due to soft preferences). Another disadvantage of ISO 9000 is this standard does not deliver the ongoing quality improvement or long term competitive advantage associated with TQM. Therefore, the relationship between ISO 9000 and TQM is often poorly understood and for many companies the transition from being an ISO 9000 certified company to becoming a total quality is uncertain. Another drawback of this standard is to meet the standard’s requirements, the organization needs to invest additional time, and resources. There are some criticisms and disadvantages of ISO 9000 (old version) as follows. a. The cost is high. b. This is commonly erroneous as a guarantee for quality. c. Infact the certification process makes too much paperwork. d. There is unwarranted pressure on suppliers to get the certification. e. The system of accreditation is poor. f. ISO 9000 series are general and represent minimum requirements for an effective quality system. g. ISO 9000 series does not provide the continuous improvement. h. This standard does not focus strongly on customer satisfaction. Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 206 4. AS/NZS ISO 14001: Environment Management System AS/NZS ISO 14001:1996 is quite simple and does not create complete requirements for environmental performance further than commitment, in the policy, to compliance with applicable legislation and regulations and to continual improvement. Also, it is not intended to address and does not include requirements for aspects of occupational health and safety management. It encourages integration of such management system elements but does not offer advice on how to do so. In addition, this standard provides little attention to sustainability (the full-size picture of environmental, social performance and economic) and corporate social responsibility. Another major disadvantage of ISO 14000 is its lack of public awareness and thereby lack of mass support. This standard does not go far enough for reducing organizations environmental impacts. According to Bullish Technologies, AS/NZS ISO 14000 does not identify specifically any requirements for particular products or processes. Moreover, AS/NZS ISO 14001 does not put any criteria for environmental performance and also does not modify any regulatory compliance and legal requests. In addition, WWF stated that AS/NZS ISO 14000 does not have absolute performance level for organizations so the organizations with poor performance level can be able to get the certification and environmental documentation. This standard does not identify specifically the levels of performance that let a wide variety of organizations to put into practice them, whatever their current level of environment maturity is. According to Rondinelli et al that ISO 14001 has some disadvantages as follows. a. It lacks the necessities for public access to regulatory compliance, information, and liability/accountability. b. It is not suitable for education institutions such as universities, schools, because the cost of this might be expensive. c. This can not differentiate between pollution prevention and pollution control d. Attention to detail of an Environmental Management System is sometimes missing from maturity of the organization. e. Lack of supplier condition has limited its effectiveness. f. Some organizations adopt ISO 14001 only to get their public image (not achieving the overall goal of sustainable development). 5. AS/NZS 3806: Compliance Management Systems The disadvantages of this standard are as follows. a. This standard is only a guidance only and very general. b. This standard only provides the guidance for small business only in Appendix A. 6. AS/NZS 4444: Information Security Management The disadvantages of this standard are as follows. a. This standard does not provide the guidance for any kind of size of organizations, for instance lack examples and implementation suggestions. b. This standard is very general. c. This lacks the examples and the implementation / actions suggestion. Analysis of Advantages and Disadvantages… (Ferry Jie; et. al.) 207 SUMMARY In conclusion, this paper will give a good contribution for overview of the existing operational risk management models such as (AS/NZS 4360: Risk Management, AS/NZS 4801: Occupational Health and Safety Management Systems, AS/NZS ISO 9001: Quality Management System, AS/NZS ISO 14001: Environment Management System, AS/NZS 3806: Compliance Management System, AS/NZS 4444: Information Security Management) in particularly in the analysis of advantages and disadvantages based on the literature review and expert experience. For instance, the advantages of most current models are widely adopted by industries of various of sizes as the basis for their operational risk management. In addition, they may help the organizations to improve the operations and competitiveness. However there are some disadvantages of most current models such as the models are very general (guidance only), not specific to cover particular risks of industries. And they don’t have the specific tools and processes. In addition, they may not be able to integrate all elements of the management systems such as safety, health, environment, quality, security and compliance. For instance, many organizations used the various standards separately and also independently of existing business management system. Hopefully, the organizations can choose which one of the current models is suitable or the best for managing the risks or hazards. Another benefit is for academic perspective, the researchers can analyse about the measurement of the performance of the current operational risk management models and then they can propose a new model decision making in operational risk management based on qualitative or quantitative model to mitigate the risks or hazards. REFFERENCES Acotrel Risk Management Pty Ltd. Management System. 2000. Anonymous. A Guide to the Project Management Body of Knowledge. Project Management Institute. ed. P. Chapter 11. 2000. USA: Standards Committee. Bachelor, C. 1993. A Victim of Its Own Success. Financial Times. p. 13. Beattle, K.R. and A.S. Sohal. 1999. “Implementing ISO 9000: A Study of Its Benefits Among Australian Organizations.” Total Quality Management. 10(1): p. 12. Bodinson, G.W. 1991. Warning: Ignoring ISO Standards May be Harmful to Your Company's Fitire". Industrial Management. 33 (2): p. 1. Brown, A. and A. Van Der Wiele. 1995. “Industry Experience with ISO 9000.” Asia Pacific Journal of Quality Management. 4: p. 9. Brown, A., T. Wiel, and K. Loughton. 1998. Smaller Enterprises' Experiences with ISO 9000. International Journal of Quality and Reliability Management. 15 (3). Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 208 Broadleaf Capital International Pty Ltd. 2001. “Risk Management Beyond 2001.” NAVSAFE 01, Managing Safety and Risk into the Future. Sydney: Broadleaf Capital International PTY LTD. Bullish Technologies. 2002. Information on AS/NZS 4360. 2002: p. 6 October. Bullish Technologies. 2003. Environment Management. Burr, J.T. “The Future Necessity.” 1990. Quality Progress. p. 4. Chapman, C.B. and S. Ward. Project Risk Management: Processes, Techniques, and Insights. 1997. Chichester, New York: Wiley. Curry, A. and C. Monaghan, Service Quality in Local Authorities: BS 5750/ISO 9000: Friend or Foe. Local Government Policy Making, 1994. 21: p. 7 Dale, B.G. and J.S. Oakland. Quality Improvement Through Standards. 1991. Cheltenham: Stanley Thornes. Dorn, J. and R. Peratello. “Model Based Quality Management.” Database and Artificial Inteligent Group. Institute for Information System. Technical University Vienna. Erel, E. and J.B. Ghosh. ISO 9000 Implementation in Turkish Industry. International Journal Operations and Production Management, 1997. 17(2): p. 13. ERMA New Zealand. 2002. Risk Management Standard and Handbooks. “http://www.ermanz.govt.nz/RiskManagement/standard-handbooks.htm” Grey, D.S. 2001. “Comparison of Three Approaches to Project Risk Management.” Risk Management Process. Broadleaf Capital International Pty Ltd: Melbourne. Harrison, J. Is ISO 9000 the Road to Quality? Hillary, R. 2001. “ISO 14001 Case Studies: Beyond Rhetoric to Reality.” ISO Management System. International Journal of Corporate Sustainability: Golborne-London. George, S. ISO 14000: Solution to International Environmental Crisis or Corporate Window Dressing? an Analysis of ISO 14000 and its Impact on Business and the Environment. Homan, H. Environmental Management System (EMS) - a Solution of Control Pollution. Bureau Veritas Brunei. International Organization for Standarization. ISO Survey of ISO 9000 and ISO 14000 Certificates. 1999. ISO. Kanji, G.K. An Innovative Approach to Make ISO 9000 Standards More Effective. Total Quality Management, 1998. 9: p. 11. Kehoe, D.F. The Fundamentals of Quality Management. 1996. London: Chapman and Hall. Analysis of Advantages and Disadvantages… (Ferry Jie; et. al.) 209 Lam J. and B. Kawamoto. 1997. Emergence of The Chief Risk Officer. Risk Management. Larsen, B. and T. Haversjo. 2000. “The year 2000 problem of ISO 9000: Will the Quality Standards Survive the Proposed Year 2000 Revision.” TQM Magazine. 12(4): p. 226- 237. Lee, T.Y., The Development of ISO 9000 Certification and the Future of Quality Management: A Survey of certified firms in Hong Kong. International Journal of Quality and Reliability Management, 1998. 15(2): p. 55. Lloyd's Register Quality Assurance Ltd (LRQA), ISO 9000 - Setting Standards for Better Business. LRQA. 1991. Colchester: Lloyds of London Press. Marquardt, D.W., ISO 9000: A Universal Standard of Quality. Management Review. 1992. 81(1): p. 2. McNamee, D. Risk Management Today and Tomorrow. Mc2 Management Consulting. McTeer, M.M. and B.G. Dale. 1996. “The Attitudes of Small Companies to the ISO 9000 Series.” Journal of Engineering Manufacture. 210(B5): p. 6. Najmi, M. and D. F. Kehoe. An Integrated Framework for Post ISO 9000 Quality Development. International Journal of Quality and Reliability Management, 2000. 17(3): p. 32. Pearch, et al. 2000. ISO 9000:2000 The New International Standard for Quality. Power Engineering, 104(8). Quazi, H.A. and S.R. Padibjo, A Journey Towards TQM Through ISO 9000 Certification- A study on Small and Medium Ssized Enterprises in Singapore. International Journal of Quality and Reliability Management, 1998. 15(5): p. 18. Rayner, P. and L.J. Porter. BS 5759/ISO 9000 The Experience of small and medium sized firms. International Journal of Quality and Reliability Management, 1991. 8(6): p. 12. Risk Management, A.S.A.P. “Risk Management Standard, What Sort of Information is in This Standard?”2000.“http://www.riskmanagement.com.au/RISKMAN/INFO/RMSTANDAR D/RMSTANDARD.” HTM Rondinelli, D.a.G.V. 2000. “Panacea, Common Sense of Just a Label? The Value of ISO 14001 Environmental Management System.” European Management Journal. 18(5): p. 499-510. Singleton, W.T. and J. Hovden. 1987. Risk and Decisions. Great Britain: John Wiley and Sons. Standards Australia International and Standards New Zealand. Risk Management. AS/NZS 4360:1999 Journal The WINNERS, Vol. 3 No. 2, September 2002: 196-210 210 .Strategy Unit, U. 2002. Risk: Improving Government’s Capability to Handle Risk and Uncertainty. Cabinet Office. S.A. International and Standards New Zealand. Environmental Management Systems-Specification with guidance for use. AS/NZS ISO 14001:1996. SAI Global Assurance Services. 2001. Manage Your Risks, Assets and Reputation-Occupational Health and Safety Management. Standards Australia International and Standards New Zealand. Occupational Health and Safety Management Ssystems-Specification with Guidance for Use. AS/NZS 4801:2001. Standards Australia International. and Standards New Zealand. Quality Management Systems- Requirements. AS/NZS ISO 9001:2000. Standards Australia International. and Standards New Zealand. 1998. Compliance Programs. AS/NZS 3806. Standards Australia International. and Standards New Zealand. Information Security Management. AS/NZS 4444:1999. Struebing, L. “9000 Standards.” 1996. Quality Progress. 29: p. 15. The International Occupational Hygiene Association. 1998. Review and Analysis of International, National, and Regional Systems and Proposals for a New International Document- Occupational Health and Safety Management Systems. Vega Consulting GmbH. 2002. Business Excellence in the Airline Industry. Wheeler, S. 2000. Does ISO 14001 Provide an Effective EMS that Reduces an Organization's Environmental Impacts? A Critical Investigation Incorporating an Intial Environmental Review and Proposed Revisions for the ISO 14001 Sstandard. WWF. 1995. Forests for Life. WWF's 1995 Seminar Proceedings. Wideman, R.M. 1992. Project and Program Risk Management: A Guide to Managing Project Risk and Opportunities. USA: Project Management Institute PMI.