ArticlePDF Available

Risk management in SMEs: a systematic review of available evidence


Abstract and Figures

Purpose: The purpose of this paper is to provide a systematic literature review of available research evidence on risk management in SMEs. We aim to reveal ambiguities, gaps and contradictions in the literature, and to sketch avenues for further research. Design/methodology/approach: We follow the tenets of Tranfield et al. (2003) for conducting a systematic literature review. Following a keyword search and an assessment of fit for this review, 27 papers were analyzed with respect to bibliographical information, research design and findings. Design/methodology/approach: We follow the tenets of Tranfield et al. (2003) for conducting a systematic literature review. Following a keyword search and an assessment of fit for this review, 27 papers were analyzed with respect to bibliographical information, research design and findings. Findings: Our review identified various types of risks that may occur in SMEs. In addition, the publication analysis demonstrates the importance of a risk management process in SMEs and that the characteristics of SME owners have a significant impact on their business strategies. Research implications: Additional empirical research on risk identification, risk analysis, strategy implementation and control in the SME risk management process is needed. Originality/value: This paper is the first comprehensive review of literature on risk management in SMEs.
Content may be subject to copyright.
Forthcoming in The Journal of Risk Finance
Risk management in SMEs: a systematic review of available evidence
Eva Maria Falkner
Risk control department, Oberbank AG, Linz, Austria
Martin R.W. Hiebl
Institute of Management Control and Consulting, Johannes Kepler University Linz, Austria
Chair of Management Accounting and Control, University of Siegen, Germany
Structured Abstract
Purpose: The purpose of this paper is to provide a systematic literature review of available
research evidence on risk management in SMEs. We aim to reveal ambiguities, gaps and
contradictions in the literature, and to sketch avenues for further research.
Design/methodology/approach: We follow the tenets of Tranfield et al. (2003) for
conducting a systematic literature review. Following a keyword search and an assessment of
fit for this review, 27 papers were analyzed with respect to bibliographical information,
research design and findings.
Findings: Our review identified various types of risks that may occur in SMEs. In addition,
the publication analysis demonstrates the importance of a risk management process in SMEs
and that the characteristics of SME owners have a significant impact on their business
Research implications: Additional empirical research on risk identification, risk analysis,
strategy implementation and control in the SME risk management process is needed.
Originality/value: This paper is the first comprehensive review of literature on risk
management in SMEs.
Type: Literature Review
Keywords: Risk management, SME, small and medium-sized enterprises
1. Introduction
Small and medium-sized enterprises (SMEs) play an important role in most economies
worldwide (Ayyagari et al., 2007; Burgstaller and Wagner, 2015)[1]. For instance, in the
European Union, around 99% of the economic activities can be traced back to SMEs, which
account for two thirds of all jobs in the private sector (Gama and Geraldes, 2012). Compared
to larger firms, SMEs are usually seen as having simpler internal organization and thus as
being more flexible and faster at responding and adapting to change (Lavia Lopez and Hiebl,
At the same time, SMEs are frequently confronted with major challenges. Compared to larger
enterprises, SMEs profit less often from economies of scale and fewer have access to a wide
resource base (Burgstaller and Wagner, 2015; Lavia Lopez and Hiebl, 2014). Due to the
usually low equity ratio of SMEs, they are relatively vulnerable to external events compared
to larger enterprises (Altman et al., 2010). This illustrates that not only larger enterprises face
various risks, but also SMEs, whose survival is more easily threatened due to their smaller set
of – both financial and non-financial – resources.
Risk management may help SME managers to identify significant risks that could jeopardize
the success or existence of the company in time to efficiently cope with them (Miller, 1992;
Brustbauer, 2014). Misjudging or failing to recognize risks can in the worst case – have
disastrous consequences, ranging from customer loss to damaging liability, environmental
damage and possibly even bankruptcy (Hollman and Mohammad-Zadeh, 1984). However,
many SMEs do not or not adequately apply risk management practices, mostly because
they cannot afford to rededicate resources due to their constraints (Marcelino-Sádaba et al.,
Although the volume of literature on the specifics of risk management in SMEs has been
increasing in recent years, it is still fragmented, and no systematic review has yet been
conducted on the topic[2]. Such a review would be valuable because systematic reviews
integrate existing research from various fields (in our case: small business management and
finance/risk management) and present a synthesized knowledge base on which future research
can build (Tranfield et al., 2003). Thus, the non-existence of a systematic review of risk
management in SMEs may be regarded as a gap, which the present paper aims to close. We
therefore present an overview of the state of research on risk management in SMEs as well as
fruitful avenues for further research.
This paper proceeds as follows: Section 2 describes the methods for the literature review, the
results of which are presented in section 3. Section 4 presents conclusions and potential
avenues for further research, while section 5 acknowledges the limitations of this paper.
2. Methods
This paper adopts the basic guidelines set out by Tranfield et al. (2003) for conducting
systematic reviews of literature in the fields of business and management. A systematic
literature review is divided into three steps: (1) planning the review, (2) conducting the review
and (3) reporting and disseminating the review (Tranfield et al., 2003).
The first step planning the review – mainly sets out the motivation of the review, which is
presented in section 1 in the present literature review. The second step – conducting the
review – starts with identifying relevant research. In order to identify relevant journal articles
on risk management in SMEs, similar to Hiebl (2013), a broad keyword search of the
following seven databases was conducted: EBSCO Business Source Elite, Elsevier Science
Direct, Emerald, SpringerLink, Wiley Online Library, Scopus und ISI Web of Knowledge. For
preliminary inclusion in this review, the title, the keywords, or the abstract of an article had to
contain a combination (AND conjunction) of two groups of key words.
The first group of keywords addresses SMEs. Similarly to other review papers focusing on
SMEs (e.g., Lavia Lopez and Hiebl, 2014), this was operationalized using the following
phrase: ("small business*" OR "small firm*" OR "small enterprise*" OR "small compan*"
OR "medium-sized firm*" OR "medium-sized business*" OR "medium-sized enterprise*"
OR "medium-sized compan*" OR "small and medium-sized enterprise*" OR "SME*" OR
"small and medium-sized compan*" OR "small and medium-sized business*" OR "small and
medium-sized firm*").
The second group focuses on the actual management of risk. Hence, our keyword search
specified no types of risk[3] or risk-related issues such as information asymmetry, moral
hazard or adverse selection. Although they might affect risk management (Miller, 1992;
Marshall and Weetman, 2002), they are rather concerned with the sources of risk. Thus, the
second group of keywords includes a combination of “risk” and “management” and was
implemented with the following search phrase: ("risk management" OR "manage risk*"). The
use of asterisks allowed words with a range of different endings to be identified.
All articles that were identified as relevant to the present review and published or available
online before November 2014 were included if they fulfilled the following two inclusion
criteria. The first criterion was a journal quality threshold: articles were only included in the
review if they appeared in journals that had an impact factor in the 2013 journal citation
reports by Thomson Reuters or if they were included in the Association of Business Schools’
(ABS) 2010 Academic Journal Quality Guide. Inclusion in the Thomson Reuters citation
reports and/or in the ABS Guide is an established sign of journal quality and has been used as
a measure thereof in other systematic literature reviews (e.g., Ghadge et al., 2012).
Using these methods, the initial search resulted in 38 articles. As Tranfield et al. (2003)
suggested, articles were scanned for their fit with the specific topic of the literature review,
which thus formed the second inclusion criterion. Consequently, 11 articles were excluded
from further analysis, the main reasons being: (i) some articles turned out to be practitioner-
oriented and not relying on scientific research methods, and (ii) even though they included
some relevant keywords in the title, abstract and keywords, some articles were predominantly
concerned with risk management methods for large companies and made no reference to
SMEs. The remaining 27 articles were ultimately used to proceed with the second and third
steps of the systematic literature review suggested by Tranfield et al. (2003) and form the
basis for the results presented in the following sections.
3. Review findings
3.1 Characteristics of articles reviewed
Bibliographical information about the 27 articles included in this review can be obtained from
Table 1. The 27 articles were published in 25 different journals. Two publications each were
found in “International Small Business Journal” and “Managerial Finance”; each of the
remaining 23 was published in a different journal. From Table 1 it can be seen that all but two
articles were published in 2000 or later, which underpins the topicality of risk management in
=== Insert Table 1 about here ===
As can be seen in Table 2, the majority of studies examined SMEs in developed European
countries. We identified only two papers (Acar and Göc, 2011; Gao et al., 2013) which
empirically studied SMEs in countries that may be considered developing (Hoskissen et al.,
2000) – Turkey and China. This fact is somewhat regrettable because SMEs make up a large
share of firms in developing countries (Lavia Lopez and Hiebl, 2014), and risk management
may be a key factor in increasing their ability to survive, which in turn may also have an
important impact on the economies of developing countries. Thus, at this point we can already
identify a need for more research into risk management in SMEs in developing countries [4].
Table 2 also presents data on the research designs of the 27 articles reviewed. Ten studies
each were classified as qualitative and quantitative empirical studies. Four papers were purely
conceptual/theoretical publications. Three papers (Delerue and Perez, 2009; Delerue-Vidot,
2006; Sukumar et al., 2011) used multiple research methods. In all 10 quantitative empirical
papers included in this review, data were collected via surveys or archival databases. The 10
qualitative empirical papers relied on case study methods, qualitative interviewing, or both.
=== Insert Table 2 about here ===
3.2 Different types of risks in SMEs
Although our search strategy did not focus on risk types in SMEs (see section 2), the reviewed
articles placed significant emphasis on identifying and discussing a variety of typical risks in
SMEs, probably because risk identification is usually a necessary prerequisite for later risk
management. Therefore, we begin by presenting the most frequently mentioned types of risks
in SMEs in the literature to date.
3.2.1 Interest rate risk
SMEs are viewed by the current literature as being highly dependent on external finance, and
accordingly, a loan is usually the main source of financing available (Altman et al., 2010;
Mutezo, 2013; Gama and Geraldes, 2012). This, however, involves the risk that interest rates
on the loans may change (i.e., interest rate risk). Adopting the standpoint of banks, Mutezo
(2013) suggested that SMEs might be able to reduce banks’ fears concerning information
asymmetries and thus banks’ perception of SME risk, which might in turn also limit the
likelihood of SME interest rates changing. Adopting the SMEs’ view, the qualitative study by
Bruns and Fletcher (2008) showed that for SMEs whose financial position is weak but whose
owners’ risk appetite remains high, the probability of credit being offered decreases more than
for companies with a strong financial position. The two authors suggested that a strong
financial position can, at least partially, compensate for high risk tolerance. In addition, Bruns
and Fletcher (2008) found that SMEs with limited collateral are unlikely to be given a loan,
regardless of their willingness to take risks, while for companies with high collateral the
likelihood of being granted a loan is significantly higher when their willingness to take risk is
low. This finding by Bruns and Fletcher (2008) suggests that strong collateral cannot
compensate for the negative aspects of high risk-taking
The study by Vickery (2008), which is based on data from 3,248 US firms, found that SMEs
are about twice as likely to decide on a fixed-rate (rather than an adjustable-rate) loan as large
firms. Vickery (2008) showed that with increasing firm size or age, the probability of taking
on fixed-term debt decreases steadily. Further, fixed-term loans are particularly popular
among smaller, younger companies with low cash flow or high investment opportunities
(Vickery, 2008). Thus, Vickery (2008) suggested that, given their preference for fixed-rate
over adjustable-rate loans (where the latter include interest rate risk), SMEs are more averse
to interest rate risk than larger firms. A potential explanation for this finding was provided by
Moore et al. (2000): as SMEs may be less sophisticated in terms of risk management practices
than larger entities, it is particularly important for them to be aware of the fact that variable
interest rates come with a significant interest rate risk. This type of SME behavior may,
however, vary with SME owner education: based on their survey of more than 4,000
European SMEs, Kim and Vonortas (2014) pointed out that better educated SME owners are
more likely to take strategic action in order to mitigate financial risks, such as interest rate
3.2.2 Raw material prices risk
Moore et al. (2000) also described raw material risk in their conceptual paper. According to
them, due to the deregulation and abolition of subsidies in certain agricultural markets, an
increasing number of SMEs are looking for ways to manage the volatility of their raw
material costs. Moore et al. (2000) also presented evidence that in recent years the volatility
of raw material prices in agriculture and on energy markets has confronted SMEs with new
challenges. Due to an increasingly competitive market, rising commodity prices could no
longer be passed on routinely to customers. It cannot, however, be assumed that all companies
are exposed to the same problem. Moore et al. (2000) argued that many large companies have
invested in technologies, and so for them it is relatively easy to change to cheaper resources
when prices are rising. However, in their view, many SMEs cannot afford these investments
and are thus more exposed to raw material price risks. As these findings by Moore et al.
(2000) are conceptual in nature, they need corroboration by future empirical research.
3.2.3 E-business and technological risks
The study by Sukumar et al. (2011), which is based on 15 qualitative interviews and a
quantitative survey of 125 SMEs in the UK, identified online safety as the most dangerous
risk in e-business. According to them, SMEs are exposed to a variety of online threats, such as
identity theft, credit card fraud, e-mail abuse and cyber-attacks. Installing computer systems
may also involve a major risk for SMEs. As Poba-Nzaou et al. (2014) showcased,
implementing mission-critical software may pose a considerable risk to SMEs because
software implementations require higher relative levels of resource commitment in SMEs than
in large firms, making the potential impact of implementation failure relatively higher
especially if SMEs opt for open-source software vendors and not for large for-profit software
In terms of customer-related risks, the SME managers surveyed in the study by Sukumar et al.
(2011) pointed out that consumer confidence is one of the most important factors in online
business. However, Sukumar et al. (2011) argued that it is often difficult for SME managers
to build such confidence due to their limited company size and number of transactions. They
suggested that, ultimately, all gaps in online security have an impact on reputation and
customer trust. Therefore, it can be difficult for an SME to rebuild its online reputation after a
security-related incident because of its limited resources.
3.2.4 Supply chain risks
The quantitative study by Thun et al. (2011) of 67 German SMEs showed that SMEs must
offer an increasingly wide range of products to meet their customers' needs. However, this
creates higher dependence of the SMEs on their supply chains due to increased complexity. In
addition, Thun et al. (2011) pointed out that SMEs are often no longer able to concentrate
only on local markets, which again leads to increased complexity and higher levels of supply
chain risks. Such increased complexity in an SME’s supply chain may also result in higher
levels of trade debt, which in turn may pose considerable risks to SME survival: Both Altman
et al. (2010) and Wilson and Altanlar (2013) reported that young SMEs with unsecured debt
arrears (mostly trade debts) are significantly more likely to face insolvency than comparable
firms without such debts.
SMEs are also often limited to one supplier in the procurement of products. All eleven
managers surveyed in the qualitative field study by Ellegaard (2008) stated that they use
single sourcing as a procurement strategy. This finding is complemented by the results by
Thun et al. (2011), who suggest that, as the total purchase volume is not divided between
several suppliers, SMEs hope to gain a better bargaining position with their suppliers and thus
a price advantage. However, this strategy also entails a strong dependence on single suppliers.
Any difficulties with the supplier may lead to production interruptions, which presents
another significant supply chain risk for SMEs (Ellegaard, 2008). However, in contrast to
Ellegaard’s (2008) arguments, Thun et al. (2011) showed in their study that SMEs are no
more exposed to the consequences of such developments than large companies. Given these
differences between Ellegaard’s (2008) and Thun et al.’s (2011) findings, future research
could investigate whether SMEs are in fact more exposed to supply chain risks than larger
firms and how SMEs can deal with them efficiently.
3.2.5 Growth risks
In the 40 interviews with British SME managers conducted by Gilmore et al. (2004), only a
few business leaders expressed a desire for steady growth: The respondents indicated that
running a larger company may involve a higher risk of becoming unable to cover growing
costs. Whereas firm growth is often considered a strategic goal in many large companies, the
findings by Gilmore et al. (2004) suggest that some SME leaders think differently and view
growth as a risk rather than a strategic goal. Furthermore, Marcelino-Sádaba et al. (2014)
suggested that SME growth is mainly accomplished through projects, but that these pose
major risks because SMEs often do not have the know-how and techniques required to run
such growth projects effectively.
Gilmore et al. (2004) also reported that their respondents connected the development of a new
market with an enormous entrepreneurial risk. They pointed out that entering new markets
comes at the cost of considerable research effort for SMEs in order to assess whether the
company can be successful in the new market. Thus, in Gilmore et al.’s (2004) study,
international ventures are viewed as highly speculative and potentially very costly for SMEs.
In contrast, the quantitative study by Forlani et al. (2008) of 81 small firms in the USA
showed that managers of small firms see the least business risk in export. Further, based on a
survey of 311 Austrian SMEs, Brustbauer (2014) reported that those with a proactive (rather
than passive) approach to risk management show higher propensity to expand to new markets
and invest in new production and process technologies. This suggests that proactive risk
management may mitigate SME owners’ aversion to growth risks.
Given these somewhat contradictory results, there is a need for future research based on larger
sample sizes and probably on quantitative methodologies in order to test whether the finding
that the majority of SME owners views growth rather as a risk than an opportunity can be
generalized to larger populations and whether for such larger populations, the mitigating role
of proactive risk management holds, as proposed by Brustbauer (2014). Such research could
build on the results by Forlani et al. (2008) and Brustbauer (2014) by including various
growth strategies to determine whether SME owners’ perceptions of the risks associated with
these strategies differ. Moreover, it would also be relevant to our knowledge of risk
management in SMEs whether and how SMEs cope efficiently with different types of growth
risks in different ways (i.e., adopting different risk management techniques for various growth
3.2.6 Management and employees
Knowledge management may also constitute a challenge for SMEs. Accordingly, the 40
British managers interviewed by Gilmore et al. (2004) believed that almost every business is
exposed to loss of knowledge when experienced employees with valuable information and
knowledge and/or contacts leave the organization. Thus, Gilmore et al. (2004) concluded that
the loss of long-term employees and managers may be especially risky for SMEs because
often no other employees or managers in the firm possess similar knowledge. In line with this
notion, case study findings by Gao et al. (2013) show that knowledge about risk management
may be mostly informal in SMEs, which complicates effective building of risk management
capacity among SME employees.
Despite these findings, Sukumar et al. (2011) showed in their paper that SMEs rarely offer
employee development programs and continuing education. Sukumar et al. (2011) also
showed that accidental damage or non-compliance with instructions can have a considerable
impact on the company and may thus involve a significant risk for SMEs. Furthermore, the
SME managers surveyed indicated an awareness of the threat of intellectual property rights
infringement (copyright, trademark, linking, etc.), but according to Sukumar et al. (2011),
their lack of knowledge prevents them from properly protecting their intellectual property.
In summary, the findings on management and employee risks suggest that SME owners are
well aware of the importance of employees’ (tacit) knowledge and the risk associated with
losing such knowledge. However, at the same time, SME owners seem to be somewhat
reluctant to invest in knowledge-building activities which might help to mitigate such
knowledge risks. Thus, we identify a need for future research into how SMEs might
successfully manage the risk of knowledge loss (e.g., on risk management) due to leaving or
disgruntled management personnel or employees.
3.3 Risk management process in SMEs
A stringent risk management process may enable SMEs to cope with the risks presented in the
previous section (Hollman and Mohammad-Zadeh, 1984). Once risks have been identified, a
number of techniques and actions can be selected to address them. According to the
conceptual paper by Hollman and Mohammad-Zadeh (1984), the risk management process
comprises five major steps (identify risks, analyze risks, select techniques, implement
strategy, control). On the basis of the SME-specific findings from the articles reviewed for
this paper, these five steps are now described in more detail in the following sub-sections.
Especially case-study-based research (Gao et al., 2013; Poba-Nzaou et al., 2014) suggests that
risk management practices in SMEs may be very informal, which in turn inhibits their being
shared and thus also building risk management capacity in SMEs. However, Brustbauer
(2014) found numerous examples of SMEs that take a very proactive approach to risk
management. Thus, in the published literature there are incidences both of rather informal risk
management and of more formalized and proactive approaches in SMEs.
3.3.1 Risk identification
According to Hollman and Mohammad-Zadeh (1984), the first step in the risk management
process – which should be carried out continuously and systematically – is identifying
possible sources of loss and thus risks. They list three different methods SME managers can
use to identify risks of loss: (i) systematic reviews of all data on business assets, activities and
staff, (2) using financial statements to identify the sources of potential financial losses and (3)
using flow charts to analyze all operations or activities of the enterprise.
Marcelino-Sádaba et al. (2014) showed that risk identification may also be decisive in SME
project management. Based on a multiple case study of 72 Spanish SMEs, they proposed that
strategic project risks that may jeopardize the entire project or the survival of the SME should
be removed completely, and that more operational risks should be carefully identified and
analyzed. However, as the case study by Gao et al. (2013) highlights, efficient risk
identification in SMEs may be hindered by SME employees’ limited knowledge of risk
management. Thus, a precondition of effective and comprehensive risk identification in SMEs
may be building risk management capacity in their employees. In line with this notion, several
of the papers reviewed (Moore et al., 2000; Ellegaard, 2008; Bruns and Fletcher, 2008;
Sukumar et al., 2011) pinpointed the usually limited financial and human resources in SMEs
and their partial inability to effectively manage all risks at the same time. It might therefore be
advisable for SMEs to identify all potential risks, but then – after risk analysis (see below) –
focus only on the most important risks and train their employees to manage these risks
effectively. Nonetheless, given the lack of detail in empirical studies of the actual process of
how SMEs identify risks, research is needed to shed more light on this issue.
3.3.2 Risk analysis
The second step in the risk management process as suggested by Hollman and Mohammad-
Zadeh (1984) is risk analysis, which involves measuring or estimating the potential frequency
of losses and the potential impact of a risk on the company's operation. Subsequently, the
risks can be ranked according to importance for the company. Hollman and Mohammad-
Zadeh (1984) argued that this helps to establish risk management priorities and provides a
starting point for selecting appropriate risk management techniques for each risk. However,
while proper risk analysis may also be highly important in SME project management
(Marcelino-Sádaba et al., 2014), poor employee education may – like poor risk identification
– hinder proper risk analysis in SMEs (Gao et al., 2013). To cope with this limitation,
Marcelino-Sádaba et al. (2014) suggest a simplified process to analyze risks in SMEs which
consists of two variables only (probability measured as “highly unlikely”, “unlikely”, “likely”
or “highly likely”; gravity measured as “negligible”, “significant”, “major” or “catastrophic”).
3.3.3 Selection of techniques
Hollman and Mohammad-Zadeh (1984) suggested that once the risks have been identified and
analyzed, they may be handled differently. Our review reveals that several tools and methods
are available for risk handling in SMEs, which are explained in more detail in the following
Insurance. Three publications deal with insurance in the risk management process in SMEs.
The qualitative study by Cioccio and Michael (2007) of eleven small businesses in Australia
showed that for most of the respondents insurance is the primary tool for risk management.
However, Cioccio and Michael (2007) described the SMEs in their study as being aware that
insurance is sometimes associated with considerable cost and that insurance basically covers
unexpected events. Delivering more details on events covered by insurance in SMEs, Sparrow
(1999) showed on the basis of 24 qualitative interviews in the UK that SMEs usually obtain
insurance against fire, flooding, property damage and personal injury. Hollman and
Mohammad-Zadeh (1984) added that, aside from providing protection against financial losses
from such events, insurance may also cover other services for SMEs, even if the insured SME
does not suffer any loss. Examples they mentioned are downside risk analysis, compliance
assistance with statutory requirements and management services. These services are
especially important for SME owners because they are usually not experts in these areas
(Hollman and Mohammad-Zadeh, 1984). Thus, even if the event against which SMEs have
insured does not materialize, arranging insurance may be advantageous because they are
forced to systemically examine their risks.
Weather derivatives. As Leggio (2007) pointed out in her study of two small US firms,
extreme weather conditions have prompted many SMEs to hedge their exposures to
catastrophes such as floods, tornados and droughts with the help of weather derivatives. These
financial instruments enable SMEs to transfer the weather risk to a third party. She also
showed that, as with insurance, the company owner enters into a contract with the contractor
and may exercise the option later if weather conditions are unfavorable. Thus, Leggio (2007)
reasoned that by using weather derivatives, the financial pressure on the SME owner and the
variability of sales in SMEs can often be reduced by more than 80%.
Selection of suppliers. The study by Ellegaard (2008) showed that SMEs can enter into
contracts with individual suppliers to influence supplier behavior, which in turn can mitigate
risks. These contracts can be some kind of performance guarantee that requires constant
quality of the products supplied to an SME and may incorporate penalties. Moreover, ten out
of eleven managers interviewed by Ellegaard (2008) reported that they focus on procuring
products in local markets because this is especially advantageous for Western industrial
companies, since a number of risks such as political unrest, customer and currency problems,
and risks associated with cultural differences can be avoided. An SME manager from the
qualitative study by Poba-Nzaou and Raymond (2011) of four SMEs in France and Canada
also confirmed Ellegaard’s (2008) results by reporting that his company was working only
with suppliers they already knew and who had a similar mentality. As a result, risks
associated with new suppliers were avoided.
In addition to the risks already mentioned, another risk with foreign suppliers may be
knowledge loss: All SME managers in the study by Ellegaard (2008) declared that they were
reluctant to pass on product information to suppliers, which reduces the risk of knowledge
loss to external parties. However, both Ellegaard (2008) and Poba-Nzaou and Raymond
(2011) relied on relatively small sample sizes, and thus their finding that SMEs prefer using
local suppliers as a risk handling technique must be treated with caution. We therefore need
corroboration of their results to determine whether SME managers from other regions and
different contexts also consider this method viable despite the price advantages provided, for
instance, by emerging market suppliers and global sourcing.
Overcapacity in production. The results by Thun et al. (2011) showed that safety stocks,
excess capacity in production and excess capacity in the warehouse, which can prevent
interruptions in production or delivery problems, are more often present in SMEs than in large
companies. In contrast, in the study by Ellegaard (2008), only three of the eleven small
businesses surveyed were found to have considerable reserves, which consisted mainly of
limited private financial resources and a small stock. However, as a limitation it must be noted
that the study of Thun et al. (2011) analyzed only manufacturing companies that operated
within the German automotive industry. Hence, their results may be specific to this particular
industry or to the country investigated. Therefore, additional international research and data
from other industries could provide further insights into the extent to which safety stocks
would be an effective risk handling technique for SMEs.
Emergency plan. Cioccio and Michael (2007) argued that in cases of natural disasters or
terrorist attacks, it may be important for companies to have established a continuity plan or
contingency plan. Such plans include, for example, whether and how the staff must evacuate
the building and/or whether and how temporary relocation of the company is to be arranged.
The study by Cioccio and Michael (2007), however, found that SMEs are more likely to lack
such a plan than larger firms.
Networking/cooperative relations. The results of the study by Gilmore et al. (2004) showed
that SME managers frequently use their personal networks to manage risky situations.
Therefore, close relationships with key suppliers may be regarded as another technique to
manage risks successfully. Gilmore et al. (2004) showed that, in addition to personal
networks, SMEs often maintain similarly close relationships with existing clients in the hope
of gaining more repeat business. Furthermore, their study found that SME networks were used
to attract new customers. Likewise, networking with competitors was found to help prevent
risky transactions because sharing information with competitors results in more information
about the creditworthiness of prospective customers (Gilmore et al., 2004). Similarly, the
studies by Delerue and Perez (2009) and by Delerue-Vidot (2006), which are both based on
20 qualitative interviews and 344 survey responses, also showed that SME managers tend to
enter into a cooperative relationship when they perceive a high level of relational risk or when
they hope to gain a future competitive advantage over the competitor. In line with the studies
above, the large-scale study by Kim and Vonortas (2014) also found that networking is a
frequently used risk-mitigation strategy in SMEs – according to their results, mostly for
coping with technology, financial and market risks.
Despite the above-discussed risks of knowledge losses, all 40 SME managers surveyed in the
study by Gilmore et al. (2004) recognized the need to entrust senior staff with responsibility.
They were aware that employees leaving the company involves risk, but that a company
cannot fully realize its potential without delegating responsibility. According to the SME
managers interviewed by Gilmore et al. (2004), the risk arises with the selection and
management of employees to whom responsibility is transferred. The SME managers in this
study indicated that they therefore tried to learn about the personal qualities, skills and
ambitions of employees by internal networking, which helped them to select suitable
candidates who are unlikely to leave the company, and thus to avoid negative consequences
(Gilmore et al., 2004).
Asset securitization. In his conceptual paper, Jobst (2006) showed that securitization is a
means of risk management sometimes applied in SMEs. He argued that it allows the issuer to
transfer different types of risk (credit, interest rate, and liquidity risk) to investors in the
capital market at a fair market price. Moreover, since it is usually difficult for SMEs to gain
access to capital due to their small size, Jobst (2006) suggested that asset securitization may
be an interesting alternative to the traditional channels of external financing. Furthermore, he
argued that especially for SMEs it may help efficient securitization markets to limit
differences in the availability and cost of credit in the primary credit markets. However, as
these arguments are based only on conceptual considerations, analyzing and testing their
applicability to business practice is left to future research.
3.3.4 Strategy implementation
After the risks have been identified and analyzed and a decision made as to which method is
to be used to avoid or deal with the risks, the fourth step in the risk management process
according to Hollman and Mohammad-Zadeh (1984) consists of implementing the chosen
methods. In addition, they suggested that all affected employees are to be informed of the risk
management objectives of the company. However, no empirical findings concerning the
implementation of risk management strategies were identified in the reviewed papers, which
may therefore be regarded as a fruitful field for future research.
3.3.5 Control
The final step in the risk management process according to Hollman and Mohammad-Zadeh
(1984) is to regularly review the introduced techniques and measures to ensure that they meet
the current requirements. Hollman and Mohammad-Zadeh (1984) advised that SME define
performance standards or criteria to monitor the risk management process effectively and
continuously. Again, aside from the conceptual recommendations by Hollman and
Mohammad-Zadeh (1984), no empirical evidence on the control of risk management
processes in SMEs could be identified in the reviewed papers and needs further research in
the future.
3.4 Risk behavior of SME owners
In the papers reviewed, there is multiple evidence that the individual characteristics of SME
owners and SME ownership structure have a significant impact on the business direction of an
organization and also on risk management practices (Newby, 2005; Acar and Göc, 2011;
Brustbauer, 2014; Gao et al., 2013; Georgousopoulou et al., 2014; Kim and Vonortas, 2014).
For instance, the quantitative study by Acar and Göc (2011) based on 32 survey responses
from Turkey showed that the perception of risk is associated negatively with the risk appetite
in health and finance, while the risk is positively linked with organizational size. Owners of
SMEs emerge from this study as tending to have a higher perception of risks (Acar and Göc,
Furthermore, the study by Acar and Göç (2011) showed that an enterprise’s budget for risk
management increases with size and that the decision-makers in smaller companies have a
lower risk tolerance. In accordance with the findings by Gilmore et al. (2004), they showed
that due to their financial constraints SMEs focus on business strategies that have lower
risks rather than on growth-oriented business strategies. However, Acar and Göc (2011) also
showed that the characteristics of the industry are very important because unstable demand or
rapid technological change can influence the individual risk perception. Another key point in
their study is that, compared to managers from developing countries, Western managers take
more risks. Thus, risk appetite seems to vary with individual culture (Acar and Göc, 2011).
Furthermore, the study by Watson and Newby (2005) of 673 SMEs in West Australia reported
that male SME owners appear to show a greater risk appetite than female SME owners. In
addition to gender, age also seems to affect the risk-taking behavior of SME owners: Acar and
Göc (2011) presented evidence that younger SME managers have higher risk appetites than
older ones. A possible explanation for the relationship between age and risk appetite was
given by Gilmore et al. (2004). In their study, SME managers with deeper knowledge (which
may be related to their greater age) perceived risky situations more critically, took more
informed decisions, and could be regarded overall as more risk-averse. In addition to age and
gender, owner education also seems to play a role in SME risk management. As Kim and
Vonortas (2014) showed, higher SME owner education is positively related to adopting risk
mitigation strategies, such as networking, and strategic actions to mitigate technological
financial and operational risks.
4. Conclusions and further research avenues
This paper aimed to provide a systematic review of the existing literature on risk management
in SMEs. From this analysis of the literature, three clusters of research emerged. These three
clusters along with the main results in the current literature can be found in Table 3, which
summarizes this review’s main findings.
=== Insert Table 3 about here ===
Aside from the future research needs already identified in the previous sections, Table 4
presents a summary of additional research avenues which emerge from our analysis of the
published literature on risk management in SMEs. As shown above (section 3.3 and Table 3),
for some steps of the risk management process only conceptual research is available.
Additional empirical research particularly on the implementation and control of risk
management processes in SMEs is therefore needed in order to shed more light on the
difficulties SME experience in this context and to identify useful practical strategies for these
However, also the steps of risk identification and risk analysis in SMEs offer ample
opportunity for further research, which is not only useful for academia but also for SME
practice. For instance, from the extant literature it is not known at what time interval
(frequency) risk identification is carried out or how exactly risk analysis is performed
effectively in SMEs. Furthermore, it is not yet clear who contributes to risk identification and
analysis in SMEs; is it only the SME owners/managers, or do they also seek outside advice
and if so, what is the impact of external advice on the risk management practices in SMEs?
=== Insert Table 4 about here ===
Another research direction addresses the characteristics of SME owners/managers. As
mentioned in the previous chapter, the characteristics of owners play a significant role in SME
risk management. For instance, it is not yet clear from the literature how the career path of an
SME owner affects risk management practices. Further research could therefore investigate
whether SME owners already held a leadership position in another company before founding
their own and how this affects their behavior with respect to risk management. Another
research avenue could examine SME owners’ risk perceptions in different industries, as the
study by Acar and Göc (2011) identified a connection, but no explicit mention was made of
which sectors exhibit higher or lower risk perception.
From a more holistic standpoint, this review has revealed some evidence (Vickery, 2008;
Acar and Göç, 2011) which suggests that the sophistication of risk management may increase
and/or the risk-taking attitude of SME owners may change with growing firm size. This may
indicate that risk management systems in SMEs are not stable over time, but contingent to
certain developments. Thus, another fruitful avenue for future research could be to relate the
risk management practices of SMEs to their life-cycle stage or to major events in an SME’s
life cycle (e.g., generational succession in family SMEs or buyout to non-family owners).
We hope that our review and suggestions for further research will stimulate more research on
the important topic of risk management in SMEs. Only then will academia be able to give
more precise advice to SME business practice, which might increase the chances of SME
survival and consequently have a positive effect on many economies worldwide.
5. Limitations
Like any piece of research, this review paper has limitations, which are to be acknowledged.
First, the findings of any systematic literature review are contingent to the selection and
inclusion criteria set out. We deliberately focused our keyword search on the actual
management of risk and on a small set of related keywords. In our keyword search, we thus
excluded types of risks and risk-related issues such as moral hazard, information asymmetry
or adverse selection. This comes with the limitation that including keywords on these issues
might have resulted in a broader set of literature on risks in SMEs, but probably at the price
that many articles found would not deal with the actual management thereof. Other or
additional keywords might have led to different review results. The same applies to defining a
quality threshold for papers to be included in our review (see section 2). Obviously, without
such a threshold, a larger number of papers would have been included in this review, but with
the potential downside that the results reported in these papers might not have undergone
similarly strict quality controls and might therefore be less reliable than those in the papers we
analyzed. In addition, our article selection process also focused exclusively on journal articles
and thus excluded other types of literature such as books, book chapters and grey literature.
While these other literature types may also contain interesting findings, we confined our
review to journal articles because these are the usual means of communicating novel scientific
findings and are more easily accessible in keyword-based database searches.
[1] SMEs are usually defined as companies that do not exceed threshold values for the
number of employees, annual sales turnover or total assets. For instance, according to the
definition of the European Commission (2003), SMEs are firms which employ fewer than 250
employees and have an annual turnover of less than 50 million Euros and/or total assets of
less than 43 million Euros.
[2] Further, the papers identified as relevant for this review paper did not contain a
comprehensive overview of risk management in SMEs in their literature review sections.
[3] Although risk types were not included in our keyword search for the above-stated reasons,
a considerable proportion of the reviewed papers’ findings on risk management also
concerned common risk types in SMEs, and so we devoted one sub-section of the review
findings to risk types (section 3.2).
[4] However, there may be research available on risk management in SMEs in emerging
countries which has not been published in English, but in the official languages of the
respective emerging countries. Although such research may contain interesting findings on
risk management in SMEs, most researchers and SME owners/managers from other parts of
the world can assess and use research findings only if they are published in English.
Association of Business Schools (2010),Academic Journal Quality Guide: Version 4”,
available at:
20Guide.pdf (accessed May 2014).
Acar, E. and Göc, Y. (2011), “Prediction of risk perception by owners’ psychological traits in
small building contractors”, Construction Management and Economics, Vol. 29 No. 8,
pp. 841-852.
Altman, E.I., Sabato, G. and Wilson, N. (2010), “The value of non-financial information in
small and medium-sized enterprise risk management”, Journal of Credit Risk, Vol. 6 No.
2, pp. 95-127.
Ayyagari, M., Beck, T., and Demirguc-Kunt, A. (2007), “Small and medium enterprises
across the globe”, Small Business Economics, Vol. 29 No. 4, pp. 415-434.
Bruns, V. and Fletcher M. (2008), “Banks’ risk assessment of Swedish SMEs”, Venture
Capital, Vol. 10 No. 2, pp. 171-194.
Brustbauer, J. (2014), “Enterprise risk management in SMEs: Towards a structural model”,
International Small Business Journal, in press, doi: 10.1177/0266242614542853.
Burgstaller, J. and Wagner, E. (2015), “How do family ownership and founder management
affect capital structure decisions and adjustment of SMEs? Evidence from a bank-based
economy”, The Journal of Risk Finance, Vol. 16 No. 1, doi: 10.1108/JRF-06-2014-0091.
Cioccio, L. and Michael, E.J. (2007), “Hazard or disaster: Tourism management for the
inevitable in Northeast Victoria”, Tourism Management, Vol. 28. No. 1, pp. 1-11.
Delerue-Vidot, H. (2006), “Opportunism and unilateral commitment: the moderating effect of
relational capital”, Management Decision, Vol. 44 No. 6, pp. 37-751.
Delerue, H. and Perez, M. (2009), Unilateral commitment in alliances: an optional
behaviour”, Journal of Management Development, Vol. 28 No. 2, pp. 134-149.
Ellegaard, C. (2008), “Supply risk management in a small company perspective”, Supply
Chain Management: An International Journal, Vol. 13 No. 6, pp. 25-434.
European Commission (2003), “Commission Recommendation of 6 May 2003 concerning the
definition of micro, small and medium-sized enterprises”, Official Journal of the
European Union, Vol. 46, May 20, 2003, pp. 36–41.
Forlani, D., Parthasarathy, M. and Keaveney, S.M. (2008), “Managerial risk perceptions of
international entry-mode strategies: The interaction effect of control and capability,
International Marketing Review, Vol. 25 No. 3, pp. 292-311.
Gama, A.P.M. and Geraldes, H.S.A. (2012), “Credit risk assessment and the impact of the
New Basel Capital Accord on small and medium-sized enterprises: An empirical
analysis”, Management Research Review, Vol. 35 No. 8, pp. 727-749.
Gao, S.S., Sung, M.C. and Zhang, J. (2013), “Risk management capability building in SMEs:
A social capital perspective”, International Small Business Journal, Vol. 31 No. 6, pp.
Georgousopoulou, M., Chipulu, M., Ojiako, U. and Johnson, J. (2014), “Investment risk
preference among Greek SME proprietors: A Pilot Study”, Journal of Small Business and
Enterprise Development, Vol. 21 No. 1, pp. 177-193.
Ghadge, A., Dani, S. and Kalawsky, R. (2012), “Supply chain risk management: present and
future scope”, The International Journal of Logistics Management, Vol. 23 No. 3, pp.
Gilmore, A., Carson, D. and O`Donnell, A. (2004), “Small business owner-managers and
their attitude to risk”, Marketing Intelligence & Planning, Vol. 22 No. 3, pp. 349-360.
Hiebl, M.R.W. (2013), “Risk aversion in family firms: what do we really know?”, The
Journal of Risk Finance, Vol. 14 No. 1, pp. 49-70.
Hollman, K. W. and Mohammad-Zadeh, S. (1984), “Risk Management in Small Business”,
Journal of Small Business Management, Vol. 22 No. 1, pp. 7-55.
Hoskisson, R.E., Eden, L., Lau, C.M. and Wright, M. (2000), “Strategy in emerging
economies”, Academy of Management Journal, Vol. 43 No. 3, pp. 249-267.
Jobst, A.A. (2006), “Asset securitisation as a risk management and funding tool: What small
firms need to know”, Managerial Finance, Vol. 32 No. 9, pp. 31-760.
Kim, Y. and Vonortas, N.S. (2014), “Managing risk in the formative years: Evidence from
young enterprises in Europe”, Technovation, Vol. 34 No. 8, pp. 454-465.
Lavia Lopez, O. and Hiebl, M.R.W. (2014), “Management Accounting in Small and Medium-
sized Enterprises: Current Knowledge and Avenues for Further Research”, Journal of
Management Accounting Research, in press, doi: 10.2308/jmar-50915.
Leggio, K.B. (2007), “Using weather derivatives to hedge precipitation exposure”,
Managerial Finance, Vol. 33 No. 4, pp. 246-252.
Marcelino-Sádaba, S., Pérez-Ezcurdia, A., Echeverría Lazcano, A.M. and Villanueva, P.
(2014), “Project risk management methodology for small firms”, International Journal of
Project Management, Vol. 32 No. 2, pp. 327-340.
Marshall, A.P. and Weetman, P. (2002), “Information asymmetry in disclosure of foreign
exchange risk management: can regulation be effective?”, Journal of Economics and
Business, Vol. 54 No. 1, pp. 31-53.
Miller, K.D. (1992), “A framework for integrated risk management in international business”,
Journal of International Business Studies, Vol. 23 No. 2, pp. 311-331.
Moore, J., Culver, J. and Masterman, B. (2000), “Risk Management for Middle Market
Companies”, Journal of Applied Corporate Finance, Vol. 12 No. 4,
pp. 112-119.
Mutezo, A. (2013), “Credit rationing and risk management for SMEs: the way forward for
South Africa”, Corporate Ownership & Control, Vol. 10 No. 2, pp. 153-163.
Poba-Nzaou, P. and Raymond, L. (2011), “Managing ERP system risk in SMEs: A multiple
case study”, Journal of Information Technology, Vol. 26 No. 3, pp. 170-192.
Poba-Nzaou, P., Raymond, L. and Fabi, B. (2014), “Risk of adopting mission-critical OSS
applications: An interpretive case study”, International Journal of Operations &
Production Management, Vol. 34 No. 4, pp. 477-512.
Sparrow, J. (1999), “Using qualitative research to establish SME support needs”, Qualitative
Market Research: An International Journal, Vol. 2. No. 2, pp. 21-134.
Sukumar, A., Edgar, D. and Grant, K. (2011), An investigation of e-business risks in UK
SMEs”, World Review of Entrepreneurship, Management and Sustainable Development,
Vol. 7 No. 4, pp. 380-401.
Thun, J.H., Drüke, M. and Hoenig, D. (2011), Managing uncertainty – an empirical analysis
of supply chain risk management in small and medium-sized enterprises”, International
Journal of Production Research, Vol. 49. No. 18, pp. 5511-5525.
Tranfield, D., Denyer, D. and Smart, P. (2003), "Towards a Methodology for Developing
Evidence-Informed Management Knowledge by Means of Systematic Review", British
Journal of Management, Vol. 14 No. 3, pp. 20sxbn 7–222.
Vickery, J. (2008), “How and why do small firms manage interest rate risk?”, Journal of
Financial Economics, Vol. 87 No. 2, pp. 446-470.
Watson, J. and Newby, R. (2005), Biological sex, stereotypical sex-roles, and SME owner
characteristics”, International Journal of Entrepreneurial Behaviour and Research, Vol.
11 No. 2, pp. 129-143.
Wilson, N. and Altanlar, A. (2013), “Company failure prediction with limited information:
newly incorporated companies”, Journal of the Operational Research Society, Vol. 65
No. 2, pp. 252-264.
Table 1 - Bibliographical sources of the articles included in the literature review
Year of publication
Primary Field of Journal, Journal Title 1984 1999 2000 2004 2005 2006 2007 2008 2009 2010 2011 2013 2014 Total
Two-year impact
factor 2013
Business Ethics and Governance
Corporate Ownership and Control
Entrepreneurship and Small Business Management
International Journal of Entrepreneurial Behaviour and Research
International Small Business Journal
Journal of Small Business Management
Journal of Small Business and Enterprise Development
Venture Capital
Word Review of Entrepreneurship, Management and Sustainable Development
Journal of Applied Corporate Finance
Journal of Financial Economics
Grade 4
Journal of Credit Risk
Managerial Finance
General Management
Management Decision
Information Management
Journal of Information Technology
Grade 3
Management Development
Journal of Management Development
International Marketing Review
Marketing Intelligence & Planning
Qualitative Market Research: An International Journal
Operations, Technology and Management
International Journal of Operations & Production Management
International Journal of Production Research
International Journal of Project Management
Grade 2
Journal of the Operational Research Society
Supply Chain Management: An International Journal
Sector Studies
Construction Management and Economics
Grade 2
Tourism and Hospitality Management
Tourism Management
Table 2 - Research designs of the articles included in the literature review
Author(s) (year) Empirical
quantitative Empirical
qualitative Conceptual/
theoretical Survey Database Interviews Case study
methods Sample size
(number of firms) Size of
sample firms* Country of
Acar and Göc (2011) x x 32
8 M
14 S
10 MS
et al.
Bruns and Fletcher (2008)
3-100 employees
Brustbauer (2014)
Cioccio and Michael (2007)
Delerue-Vidot (2006) x x x x x
20 interviews
344 survey responses
SME Europe
Delerue and Perez (2009) x x x x
20 interviews
344 survey responses
SME Multiple**
Ellegaard (2008)
1-12 employees
et al.
et al.
et al.
et al.
11-250 employees
Hollman and Mohammad-Zadeh (1984)
Jobst (2006)
Kim and Vonortas (2014)
Leggio (2007)
et al.
et al.
Mutezo (2013)
Poba-Nzaou and Raymond (2011) x x 4 SME
3 in France
1 in Canada
et al.
Sparrow (1999)
<200 employees
Sukumar et al. (2011) x x x x x
15 interviews
125 survey responses
et al.
Vickery (2008)
<500 employees
Watson and Newby (2005)
West Australia
Wilson and Altanlar (2014)
* MS = medium-sized; S = small; M = micro
** France, UK, Austria, Germany, Belgium, Switzerland, Spain, Italy, Denmark, Hungary, Finland, Netherlands, Sweden
*** Croatia, Czech Republic, Denmark, France, Germany, Greece, Italy, Portugal, Sweden, UK
Data collection
Article type
Table 3 - Main findings of the papers reviewed
Clusters of findings
Main findings
Different types of risks in SMEs Interest rate r isk
- Reducing information asymmetries with banks may lower interest rate risks for SMEs (Mutezo, 2013)
- A strong financial position compensates for high risk tolerance in SMEs (Bruns and Fletcher, 2008)
- SMEs are about twice as likely to decide on a fixed-rate loan as large firms (Vickery, 2008)
- SMEs cannot benefit from fixed-rate loans in the forms of lower financing costs when interest rates
fall, which leads to a reduction in profits (Moore et al. , 2000)
Raw material prices risk
- No empirical findings available
- Rising commodity prices can no longer be passed on routinely to customers (Moore et al., 2000)
- An increase in price can lead to a significant decline in demand (Moore et al., 2000)
E-Business and technological risks
- SMEs are exposed to a variety of online threats (identity theft, credit card fraud, email abuse,
attacks by viruses, etc.) (Sukumar et al., 2011)
- Rapid technological changes and implementation of mission-critical software pose significant risks to
SMEs that can undermine the success of their businesses (Sukumar et al. , 2011; Poba-Nzaou et al. , 2014)
- It is difficult for an SME to rebuild its online reputation after a security-related incident because of
its limited resources (Sukumar et al. , 2011)
Supply chain risks
- Many SMEs are no longer able to concentrate only on local markets, which leads to increased
complexity and higher levels of supply chain risks (Thun et al., 2011)
- SMEs with considerable trade debts are more likely to face insolvency (Altman et al. , 2010; Wilson and
Altanlar, 2013)
- SMEs are often limited to one supplier in the procurement of products, and any difficulties with the
supplier can lead to production interruptions (Ellegaard, 2008 )
Growth risks
- Among internationalization strategies, SME managers see the least business risk in export (Forlani
et al.
- SME managers often connect the development of a new market and associated projects with an enormous
entrepreneurial risk (Gilmore et al. , 2004; Marcelino-Sádaba et al. , 2014)
- In general, business growth can be regarded as a risk relevant to SMEs (Gilmore et al. , 2004)
- SMEs with a proactive risk management approach show higher propensity to expand to new markets and
invest in new technologies (Brustbauer, 2014)
Management and employees
- Losing long-term employees and managers is especially risky to SMEs due to knowledge loss
(Gilmore et al. , 2004)
- Informal knowledge on risk management hinders risk management capability building in SMEs
(Gao et al. , 2013)
- It is necessary for SMEs to protect knowledge by all means (Gilmore et al. , 2004)
- SMEs rarely offer employee development programs (Sukumar et al. , 2011)
Risk management process Risk identification
- The identification of possible risks should be carried out continuously and systematically
(Hollman and Mohammad-Zadeh, 1984)
- The management can use different methods or tools to facilitate the identification of risks of loss
(checklists, financial statements, ...) (Hollman and Mohammad-Zadeh, 1984)
- Strategic project risks in SMEs should be avoided, while operational projec t risks should be identified
and managed (Marcelino-Sádaba et al. , 2014)
- Risk identification in SMEs may be hindered by employees' limited risk management knowledge
(Gao et al. , 2013)
Risk analysis
- The risk analysis step in SMEs may result in a comprehensive list of risks, of which - due to limited
resources - only those with the highest likelihood and/or the highest potential impact are handled in
the risk management process (Hollman and Mohammad-Zadeh, 1984)
- Poor employee education may hinder proper risk analysis in SMEs (Gao et al. , 2013)
- Simplified process to analyze risk in SMEs may be useful (Marcelino-Sádaba et al. , 2014)
Selection of techniques
- Several tools and methods for handling risks (insurance, weather derivatives,
selection of supplier, overcapacity in production, emergency plan, networking/cooperative relations,
asset securitization) are described in the literature
Strategy implementation
- No empirical findings available
- All affected employees are to be informed of the risk management objectives of the company
(Hollman and Mohammad-Zadeh, 1984)
- No empirical findings available
- SMEs should define performance standards or criteria to monitor the risk management process
(Hollman and Mohammad-Zadeh, 1984)
Risk behavior of SME owners
- Decision-makers in smaller companies have a lower risk tolerance (Gilmore
et al.
, 2004;
Acar and Göc, 2011)
- Male SME owners show a greater risk appetite than female SME owners (Watson and Newby,
- Younger SME managers have higher risk appetites than older ones (Gilmore et al. , 2004)
- Better educated SME owners show higher adoption of risk mitigation strategies
(Kim and Vonortas, 2014)
Table 4 - Further research avenues
Cluster Further Research Potential research questions
Risk identification - At what time interval and how is risk identification carried out in SMEs?
- What are risk identification strategies which do not overstrain SMEs' limited resources?
Risk analysis
- How may risk analysis be performed effectively in SMEs?
- What are risk analysis strategies which do not overstrain SMEs' limited resources?
Strategy implementation - How is risk management strategy implemented effectively in SMEs?
Control - At what time intervals are risk controls operated in SMEs?
- How may SME owners and managers overcome problems of self-control in risk management?
Career of the company owner
- How does the behavior of SME managers affect risk management when they have
held a leadership position in another company before founding their own?
- How can effective risk management techniques mitigate effectively overly high
risk aversion of SME owners?
Industrial sector - In which industries has the management of SMEs a higher/lower risk perception?
- In which industries do SMEs already have a well-developed risk management?
systems over
SME life cycle
- How does an SME's risk management system change over time?
- How does an SME owner's attitude towards risk change over time?
of SME
... Probability-based data and historical data to support the above approaches are difficult to obtain in SME contexts. Small and microbusinesses are usually owner-led and the informal operating environment may not truly capture intentions, judgments, and decision making and their impact on risk assessment (Falkner & Hiebl, 2015). To overcome this difficulty and to develop a holistic picture of the cyber risks of e-tailing SMEs, we examined the literature for cyber risk classification in general and more specifically of SMEs. ...
Full-text available
The role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium-sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e-tailing SMEs). Therefore, this article employs a sample of 124 small e-tailers in the United Kingdom and takes advantage of a multi-criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber-oriented risks in five exhaustive themes of "security," "dependency," "employee," "strategic," and "legal" risks. Subsequently, an integrated approach using step-wise weight assessment ratio analysis (SWARA) and best-worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e-tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature.
... This research showed how they are different from larger SMEs, and the major factors preventing these companies to grow and become larger firms. Other reviews analysed small firms' pathway to internationalization (Dabic et al., 2020), risk management (Falkner & Hiebl, 2015), and their innovation capabilities (Saunila, 2020) -different fundamentals to growth. However, a clear understanding of SME growth specifically is still missing as a holistic synthesis. ...
Full-text available
The importance of small and medium-sized enterprises (SMEs) increased in the recent years, particularly since 2007, with the intention to promote growth. This study aims to analyse the relationship between growth and SMEs and the different elements influencing this linkage. For this purpose, a systematic literature review was implemented. The analysis identifies seven factors affecting SMEs’ financial performance: size, age, internationalization, network, innovation, public institutions, and capital structure. These elements are significantly related with smaller firms and growth, influencing firms’ aptitudes towards performance. In addition, there seven factors could influence each other increasing the possibilities to grow. Further research investigating this literature gap is recommended.
... Most of the studies related to medium-scale enterprises are fragmented in terms of risk management and the development of new products. Research in risk management in medium-scale companies mostly explores the action strategies carried out but not the impact of the implementation of risk management in the development of business performance, especially financial performance [39], [29], [5]. Therefore, subsequent studies or research on risk management should be directed to confirm that the implementation or application of risk management does have an impact on the company's performance. ...
Enterprise Risk Management (ERM) has the benefit of enhancing organizational effectiveness, risk reporting, and improving business performance. The maturity measurement of ERM implementation is crucial in deducing risk management conditions and disparities within the company as means to achieve a more targeted ERM pursuance, one which is beneficial in assessing the company's condition. This study used sixteen criteria of ERM Maturity Models, to measure the maturity level of ERM implementation carried out by medium-sized industrial companies in priority sectors in East Java. Data were obtained from 137 company directors or managers of Medium Industry companies dispersed across 38 districts/cities in East Java among 6 priority sectors. Results showed that 43.5% and 46.6% of companies that experienced sales growth and an increase in net profit, respectively, are companies with optimal implementation of ERM. Meanwhile, 67% of companies that underwent a decline in sales performance and net profit turned out to be companies with weaker ERM implementation levels.
Full-text available
Changing customer demand, globalization, pandemics, and the ongoing Russia-Ukraine war have introduced a lot of complexities, uncertainties, risks, and challenges in various global businesses, especially in the small and medium enterprises (SMEs) of emerging markets. This sector plays a significant role in fostering economic growth, generating employment, and reducing poverty. In such a situation, proper identification of supply chain risk (SCR) factors is pivotal for this sector to achieve a resilient and sustainable SC, specifically since a sustainable and resilient supply chain can withstand the impacts of various uncertain situations. However, no studies have yet explored these risk factors from an emerging economy perspective. This study fills this research gap by identifying the SCR factors and analyzing their interactions using an integrated approach, including Pareto analysis, fuzzy theory, total interpretive structural modeling (TISM), and a Matriced' Impacts Cruoses Multiplication Applique a un Classement (MICMAC) analysis. The findings from the fuzzy TISM imply that the "lack of enthusiasm in top management regarding sustainable practices" is the most significant factor. Besides that, lack of skilled and educated workers, lack of knowledge about modern technologies, labor strikes, and political instabilities are also some crucial risks that may hinder the sustainable development and smooth operation of SMEs. Fuzzy MICMAC analysis confirms that all identified risk factors are interrelated. The study insights can guide managers to successfully identify the risk factors for achieving long-term sustainability and operational resilience and can enhance policymakers’ ability to formulate proactive and efficient mitigation strategies.
Full-text available
This is the final report of our interdisciplinary junior research group KontiKat (2017-2021). It contains 1) a brief description of the KontiKat project (terms of reference, preliminary work, planning and process with an overview of all group members and the work packages, the scientific and technical status to which the project was linked as well as the cooperation) and 2) a detailed description of all research and development work as well as public relations activities: empirical studies conducted (several quantitative, representative surveys and qualitative studies), our practice-based and user-centred four technical IT developments, and information on achievements of the group members' education and training concept as a qualification in the field of civil security research. We conclude with explanations of the necessity and appropriateness of the work, an exploitation plan, references to other works, and a list of all our 130 publications. The report summarizes the extensive work of the Kontikat group on the analysis of societal and business vulnerability and the measures, studies and IT solutions developed to promote civic and business continuity with the help of cooperative technologies in crisis or disaster situations. Our work contributes to strengthening resilience and prevention as emergency preparedness of the population and small and medium-sized enterprises (SMEs) in Germany.
Full-text available
Aquaculture is considered a high-risk industry in which the heterogeneity of the productions hinders the development and application of risk management. However, risk sources have still received little attention in aquaculture research. The present study aims to provide a framework of the main risk sources perceived by aquaculture producers. Firstly, we conceptualize the different dimensions and typologies of risks. Then, we integrate the main risk sources into a comprehensive framework based on a review of the literature providing empirical evidence on aquaculture producers’ risk perceptions in different countries and aquaculture productions. Finally, the opinion of a panel of independent experts provides the vision of other relevant stakeholders in the value chain. This process allowed us to present a picture of risks in the aquaculture industry, consisting of eight risk categories, 19 risk types and 40 risk sources. The most relevant sources of risks for producers in the internal dimension are those related to operations (fingerlings, feeding, seeding and harvesting). In the external dimension, market risks (price variability, inputs price, and changes in demand) and production risks (climatic shocks and diseases) stand out. The perceptions of the stakeholders consulted highlight that producers tend to underestimate important risks, such as regulatory or financial ones. This picture provides a useful risk framework for policy makers, producers, scientists and other stakeholders to address such an essential first step in risk management and governance, the identification of risk sources.
To succeed, a firm essentially needs to take the right amount of risk. Thus, the great significance of risk management has attracted many researchers to focus on how to implement enterprise risk management (ERM) systems most effectively. Generally, smaller entrepreneurial firms have to cope with this challenge more informally. Most manufacturing small and medium-sized enterprises (SMEs) are family companies; as a result, family dynamics greatly impact how such companies do business. The q-rung orthopair fuzzy set (q-ROFS) provides a wide window for the preference elicitation of decision-makers (DMs). Inspired by the advantages of the q-ROFS, in the current paper, a novel decision framework, the q-ROF-entropy-rank sum (RS)-additive ratio assessment (ARAS), called the “q-ROF-entropy-RS-ARAS” approach, is developed. The q-ROF-entropy-RS approach is applied to compute the weights of critical success factors (CSFs) for dynamic ERM in SMEs, and the q-ROF-ARAS model is used to assess enterprise preferences. An empirical case study is conducted to evaluate the CSFs for dynamic enterprise risk management in SMEs. Additionally, the comparison and sensitivity investigation are carried out to show the superiority of the developed framework.
Full-text available
The Thirteenth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2022), held on April 24 - 28, 2022, continued a series of events targeted to prospect the applications supported by the new paradigm and validate the techniques and the mechanisms. A complementary target was to identify the open issues and the challenges to fix them, especially on security, privacy, and inter- and intra-clouds protocols. Cloud computing is a normal evolution of distributed computing combined with Service-oriented architecture, leveraging most of the GRID features and Virtualization merits. The technology foundations for cloud computing led to a new approach of reusing what was achieved in GRID computing with support from virtualization.
Foreign exchange risk management is well researched in the context of multinational enterprises, but how small and medium sized exporting firms manage their forex risk is still largely unexplored, especially through an international business lens. This study investigates how New Zealand and Australian exporting small and medium-sized enterprises (SMEs) manage foreign exchange (forex) risk, and the impact of increasing internationalisation on this. The study draws on two theoretical perspectives to assist the investigation: the resource-based view and internationalisation theory. The surveys were distributed to New Zealand and Australian exporting firms across a full range of industry sectors represented in the business database provided by Kompass. Statistical analyses, including exploratory factor analysis, and confirmatory factor analysis were conducted to test the measurement model, structural model and research hypotheses. The study identifies four determinants of forex risk strategy of exporting SMEs: degree of internationalisation, forex exposure, perceived forex risk and resources. Organisational and human resources are shown to have a key mediation role in the model. The study provides insights into key determinants of forex risk management and their interrelationships in the little examined context of exporting SMEs.
Full-text available
Small and medium enterprises are increasingly seen as playing an important role in the economies of many countries. Studies identify adequate and accessible financing as a critical component of SME development. Many SMES are unable to access loans from the commercial banks due to lack of financial knowledge, collateral and credit history. The drive to minimise risks informs the decision of banks to minimise loan approval for SMEs. The question that now arises is how to strike a balance between financial intermediation towards achieving economic development, while reducing operational and credit risks that confront financial intermediation at large, especially banks. The aim of this paper is to investigate the factors affecting the SME lending-decision process of commercial banks and uncover the possible way forward for South Africa.
Full-text available
Purpose – Current research in the area of risk management within small and medium-sized enterprises (SMEs) appears predisposed towards risk, predominantly dealing with the willingness of SMEs to take on losses. However, in this pilot study, the authors aim to focus on a different aspect of risk management in SMEs, namely the risk preferences. Risk preferences in this case are regarded as the willingness of SME proprietors to take on risks that are likely to lead to investment gains. Design/methodology/approach – Data is gathered via a combination of a survey questionnaire and a probability scenario toolset. The authors sampled a total of 150 SME proprietors operating in Greece. The data was analysed using a combination of regression models and binomial tests. Findings – The results suggest that we cannot, as previous literature suggests, conclude that SME proprietors generally exhibit a negative risk preference. Originality/value – In light of Greece's recent economic difficulty, and in acknowledgement of the critical role played by SMEs in the Greek economy, this study addresses a topical subject in entrepreneurship research: what are the factors determining investment risk preferences?
Few studies that have focused on developing credit risk models specifically for small and medium-sized enterprises (SMEs) have included non-financial information as a predictor of company creditworthiness. In this study we have available non-financial, regulatory compliance and “event” data to supplement the limited accounting data that is often available for non-listed firms. We employ a sample consisting of over 5.8 million sets of accounts of unlisted firms, of which over 66,000 failed during the period 2000–2007. We find that data relating to legal action by creditors to recover unpaid debts, company filing histories, comprehen-sive audit report/opinion data and firm-specific characteristics make a significant contribution to increasing the default prediction power of risk models built specif-ically for SMEs.
Purpose – The purpose of this paper s to study the financing behavior of family firms (FF), as these differ from their small- and medium-sized enterprise (SME) counterparts in their capital structure decision, mainly due to an increased risk aversion and the desire to maintain control over the firm. Design/methodology/approach – A sample of 470 SMEs from a bank-based environment is examined for the period of 2005-2010. A dynamic panel data model is utilized to assess both the role of several capital structure determinants and the target-adjusting behavior for different subsamples of firms. Findings – The results show that FF, whether controlled by founders or not, are relatively more leveraged. The aim to maintain long-term control and limited financing options and other factors seem crucial to the observed differences in leverage and dominate risk considerations associated with higher debt. Presumed differences in agency costs across generations do not drive capital structure decisions, as overall leverage does not differ between founder- and descendant-controlled family firms (FCFF and DCFF, respectively). Firms with a founder-chief executive officer (CEO), however, adjust faster to deviations from a target debt ratio. The effects of many proposed capital structure determinants differ across firm types, but are highly consistent with predictions from the pecking order theory. Practical implications – Based on the results of this study, we suggest policy-makers in bank-based economies like Austria to strongly focus on mechanisms that facilitate the access to bank debt to ensure adequate allocation of finances to SMEs. This is especially important to stimulate growth and further innovation for the dominant group of FF, as they rely on debt the most to maintain family control. Originality/value – This paper makes a novel contribution to the literature, as it combines an analysis of the capital structure of non-listed family firms (NFF) in a bank-based economy, the respective role of founder management, the dynamic adjustment to a presumed debt target and joint tests of capital structure theories.
This article analyses enterprise risk management (ERM) in small and medium-sized enterprises (SMEs) by developing a structural model based on a survey questionnaire. Preconditions for ERM implementation, applied ERM approaches and their effects on strategic orientation are derived. The results suggest that SMEs follow either an active or a passive ERM approach, which affects their strategic orientation; a passive approach results in a defensive strategy and an active approach, an offensive strategy. Firm size, sector affiliation and ownership structure influence the implementation of ERM. The applied conceptualization of ERM may help SMEs adjust to a changing environment to gain strategic advantage thus, increasing competitiveness and business success.
Emerging economies are low-income, rapid-growth countries using economic liberalization as their primary engine of growth. They fall into two groups: developing countries in Asia, Latin America, Africa, and the Middle East and transition economies in the former Soviet Union and China. Private and public enterprises have had to develop unique strategies to cope with the broad scope and rapidity of economic and political change in emerging economies, This Special Research Forum on Emerging Economies examines strategy formulation and implementation by private and public enterprises in several different regional settings and from three primary theoretical. perspectives: institutional theory, transaction cost economics, and the resource-based view of the firm. In this introduction, we show how different theoretical perspectives can provide useful insights into enterprise strategies in emerging economies. We discuss the special methodological as well as empirical challenges associated with doing research in emerging economies. Finally, we briefly summarize the individual contributions of the works included in our special research forum.
Few studies that have focused on developing credit risk models specifically for small and medium-sized enterprises (SMEs) have included non-financial informa-tion as a predictor of company creditworthiness. In this study we have available non-financial, regulatory compliance and "event" data to supplement the limited accounting data that is often available for non-listed firms. We employ a sample consisting of over 5.8 million sets of accounts of unlisted firms, of which over 66,000 failed during the period 2000–2007. We find that data relating to legal action by creditors to recover unpaid debts, company filing histories, comprehen-sive audit report/opinion data and firm-specific characteristics make a significant contribution to increasing the default prediction power of risk models built specif-ically for SMEs.
See Management accounting in small and medium-sized enterprises (SMEs) has been an issue of growing interest in the management accounting literature in recent years. However, published research is fragmented, spanning various fields such as accounting, small business and entrepreneurship, general management and production and operations management. This paper aims to synthesize extant knowledge on management accounting in SMEs and provide concrete suggestions on how to proceed. We performed a systematic literature review, synthesized the results, and identified research gaps. Our findings show that usage of management accounting is not only lower but also different in SMEs compared to larger entities. Based on a comparison of SMEs, the review explains how environmental, staff, and organizational factors significantly influence the organization of management accounting in SMEs and that SME performance in general benefits from proper management accounting. We conclude with several concrete research questions and opportunities.
Developing ‘Internal Rating Systems’ (IRB) for corporate risk management requires building risk (PD) models geared to the specific characteristics of corporate sub-populations (eg small and medium-sized enterprises (SMEs), private companies, listed companies, sector specific models), tuned to changes in the macro environment, and, of course, tailored to the available data. Tracking the risk of ‘newly incorporated companies’ provides a particular challenge since there is very limited publically available data in the time period from incorporation date until the submission of the first accounts. Yet a large number of these companies fail (via bankruptcy). We employ a substantial database to estimate discrete time hazard models (DHM) over the period 2000–2008 (4 427 896 firm-year observations and 34 903 incidences of insolvency), inclusive of macro and regional economic conditions, that capture early indicators of financial stress and measure aspects of the characteristics of board of directors in order to assess the utility of this type of non-financial information in failure prediction models.