CHAPTER 1: INTRODUCTION AND PROBLEM STATEMENT

1.1

Background of the study

This chapter explains the pre study subject of the project including problem statement,
research objective, research questions, significance of research and scope of research. The
research was conducted at AMR Environmental Sdn Bhd as the case study. AMR
Environmental Sdn. Bhd. has been serving clients for almost 15 years since its establishment
in 04th September 2001. AMR Environmental Sdn. Bhd. as the Environmental, Industrial
Hygiene, Remediation, Engineering and Laboratory service providing company dealing with
various problems pertaining to general and workplace environment, complying with the
Department of Environment (DOE) and the Department of Occupational Safety and Health
(DOSH) work standards.

AMR Environmental Sdn. Bhd performed a number of environmental consultancy services

pertaining to air emission testing, chemical exposure monitoring, and industrial wastewater
sampling from various stationary sources, sanitary landfill and leachate studies including
sewerage maintenance work. AMR involves in the business of consulting, management and
engineering services pertaining to environmental disciplines.

AMR is committed to defining our position in the marketplace and understanding how
relevant factors arising from legal, political, economic, social and technological issues
influence the strategic direction and organizational context.

1.2

Problem Statement

The release of new version of ISO 9001: 2015 Quality Management System - requirements
has incorporated a new concept of risk based thinking. In the earlier version of ISO, the risk
based thinking was implicitly addressed. This new version addresses explicitly the risk
management throughout the management system. In this new release, risk based thinking will

help organization to increase the effectiveness of implementation of quality management

system in order to achieve the quality objectives by producing consistent products and
services, and increase customer satisfaction. According to clause 4 in ISO 9001:2015 QMS, it
requires organization to identify their internal and external factors that could affect the ability
of organization to achieve their quality objective. By identifying these factors, organization
could determine their risk and opportunities as mentions in the Clause 6.1.1 in ISO 9001:
2015. The organization should evaluate the risk and opportunities as stated in Clause 6.1.2.

The term risk management seems to be new management approach in industry sector,
however this approach is already in place since years ago but the existing risk management
for example Failure Mode Effect Analysis (FMEA), Aspects & Impacts, Hazard
Identification Risk Assessment Determine Control (HIRADC), Monte-Carlo Analysis, RootCause Analysis, Baysien Analysis and Cause and Effect Analysis focus on the operational
factors or specific factors only. The new version of ISO 9001:2015 QMS requires
organization to implement risk management throughout organization including external and
internal issues. Thus, this study is needed to develop the implementation of risk management
according to requirement of ISO 9001:2015 QMS in services sector.

1.3

Research Objectives

The objectives of this research project are as mentioned below:

1.4

i.

To determine the external and internal factors that could affect the organization to

ii.
iii.
iv.

achieve their quality objectives.

To identify and evaluate the risks and opportunities in organization.
To develop the risk likelihood and consequences table.
To develop the risk profile of organization as guidance for organization to
implement risk management effectively.
Research Question

The research question are the set of question that the author effort to answer in order to
achieve the research objectives. Table 1.1 below shows the related questions to be answers
according to research objective

Table 1.1: Set of Research Question related to Research Objectives

1.5

Significance of Research

The significance of this study is to guide the industry in order to implement the risk
management according to the requirement ISO 9001:2015 QMS throughout the organization.
In this era, businesses must compete, innovate, enter new competitive global market and
launch new products on order to sustain in the business world. By doing so, organization
must take more risks. Those organization who succeed in this challenging world seem to have
a better risk management capabilities. Ultimately, this research provides organization a
guideline to implement the risk management in proper way as well as assisting organization
to fulfil the requirement of ISO 9001:2015. Moreover, with the implementation of risk
management, organization in services sector in Malaysia, especially AMR Environmental
Sdn Bhd are able to compete and sustain in this competitive market.

1.6

Scope of Research

The scope of this research is limited to services sector, specifically for AMR Sdn Bhd. This
study investigate the actual implementation of risk management in this organization as
compared to the requirement stated in ISO 9001:2015. This study will come out with the risk
profile which can assist organization to implement the risk management. This proposed
approach will be constructed according to ISO 31000:2009 Risk Management - Principles
and Guidelines.

CHAPTER 2: LITERATURE REVIEW

2.1

Theoretical Framework of Risk Management

The term risk has several definition. According to ISO 31000, risk is effect of uncertainty on
objectives [1]. The effect is a deviation from the expected, positive or/and negative.
Objectives of organization can have different aspects such as financial, health and safety, and
environment goals. The objectives can be applied at different levels such as strategic,
organization-wide, project, products and process. Another definition said that, risk refer to
any sort of unpredictability associated with the outcome of an organization [2]. Risk also can
be defined as the management of risk as a systematic approach to the identification,
assessment, evaluation and ranking of associated risks followed by the allocation of the
necessary resources to monitor, control and minimize any adverse impacts of undesirable
events [3]

Nowadays, risk management issues grow in importance within both profit and non-profit
organization globally. This issue can be related to the introduction of the new version of
ISO9001:2015 Quality Management System which emphasizes and promote the new

approach, risk based thinking. Undoubtedly, this approach aligns with the rapid dynamics and
constant hardening of the business environment. A proper designed and successful
implemented of risk management program in organization will help the organization to
overcome the obstacles or uncertainty to achieve the objectives of organization. Risk
management process also provide organization with a comparative advantage over those that
do not manage risk in their organization in order to sustain and excel in this challenging era.

Over the past decades, the approaches to risk management benefit all sector of business to
meet the growing requirement of use and effectiveness. Many evidence has demonstrated that
by proper designed and successful implemented of risk management process in organization,
they realize the benefits that risk management has offer to improve their performance [4].
However, the discussion of risk management in a corporate finance context is still considered
odd by some companies. Until late 90s, many of companies still demonstrated visible lack of
understanding of risk management by distinguishing capital market vs insurance perspective
of risk management [5].

In this new globalization era, all organization from all type of sector should implement risk
management system because they face internal and external factors and influences that make
their organization uncertain whether and when they will achieve their objectives [6]. All the
processes and activities performed by organization involve risk. Therefore, they should
manage the risk by identifying, analyze and evaluate it and plan for mitigate or treat those
risks involved. This risk management should be applied to the entire of the organization
regardless the levels, areas, time, functions, projects and activities. A team should be created
to manage and coordinate the implementation of this approach which constituted by the
employees with experience on the organization, knowledge on risk management and skill to
manage the risk. This team will develop, implement, coordinate, and manage the risk into
organization overall governance, strategy and planning, management, reporting processes,
policies, values and culture.

In the hospital or clinic practices, risk management is one of the tool of decision making
whereby management can decide either to proceed, to hold or to stop the project or programs
or activities. The doctors, surgeons, internists, pediatricians, anesthesiologists, pharmacies,
staff nurses and management are the risk taker in a hospital or clinic. Thus, the tendency to
risk is a factor affecting clinical decision [7]. By having the risk management in clinical or
hospital, the risk taker will decide to treat the patience or not after analyzing and evaluating
the cases according to therapeutic threshold that has been developed. The level of risk taking
by different person or group of people to make decision with interest of gaining maximum
benefit from situation is different, for example surgeons and anesthesiologists tend to take
more risk in their decision, while senior doctors tend to take less [8].

2.2

Principles and Guidelines of Risk Management

ISO 31000: 2009 Risk Management - Principles and Guidelines is the main standard which
can be referred in order to establish and implement risk management in any organization. By
implementing and maintaining risk management according to this standard, organization will
able to achieve the quality objective of organization.

In a competitive industry, all organisations must continuously find ways to retain current
clients while honing an edge that makes them appealing to new customers. To be sustained in
the market, organization should establish and implement risk management approach. This
approach is a process, effected by an entitys board of directors, management and other
personnel, applied in a strategy setting and across the enterprise, designed to identify
potential events that may affect the entity, and manage risk to be within its risk appetite and
to provide reasonable assurance regarding the achievement of entity objectives [6].

In order to design and develop risk management model in an organization, the first stage to
do is by establishing the context of the risk management process. This stage will provide the
general understanding of all the factors those contribute to the business. The organization

should identify and define the internal and external parameters to be taken into account when
managing risk and setting the scope and risk criteria for the risk management policy [9]. The
external factors of organisation is the external environment in which the organisation seeks to
achieve its policy. The external context of can be classified into 6 major aspects as shown in
Table 1.2 PESTLE classification system. PESTLE is an acronym that stands for politics,
economic, sociological, technological, legal and environmental risks [10].

Table 1.2: PESTLE Classification System

*Resources: Paul Hopkin, Fundamental of Risk Management

These major external context act as the keys drivers and trends having impact on the
objectives of the organization. Although organization control the external contexts, but they
need to manage them to their advantage. Internal factors also need to be identified by
organization. Risk committee structure should be in place so the roles and responsibilities of
key personnel are understood within organization. The risk assessment methodology and its
related procedures should be established to identify, analyse and evaluate risks covering all
aspects of the organization.