Managing Risks in SMEs: A Literature Review and Research Agenda


  • Chiara Verbano Department of Management and Engineering, University of Padova
  • Karen Venturini Department of Economy and Technology, San Marino State University



Risk management, Enterprise Risk Management, SMEs, Literature Review


In times of crisis, companies need to carefully monitor current expenses and forecast potential costs, which could be caused by risky actions. Risk is inherent in all business functions and in every kind of activity. Knowing how to identify risks, attribute a value and a priority scale, design actions and mechanisms to minimize risks, and continuously monitor them, are essential to guarantee companies’ survival and create sustainable value. This is especially true for small- and medium-sized businesses that are most exposed to the harmful effects of the risks, due to limited resources and structural features. The objective of this study is to analyze available literature on the subject of risk management for small- and medium-sized enterprises from 1999 to 2009. The analysis derives interesting characteristics from the scientific studies, highlighting gaps and guidelines for future research.


Download data is not yet available.

Author Biographies

Chiara Verbano, Department of Management and Engineering, University of Padova

Associate Professor

Karen Venturini, Department of Economy and Technology, San Marino State University

Assistant professor


ALQUIER, A.M.B., Tignol, M.H.L. (2006). Risk Management in Small and Medium-sized Enterprises. Production Planning & Control, 17(3), 273-282.

ALTMAN, E., Sabato, G. ( 2007). Modelling Credit Risk for Smes: Evidence from the US Market. Abacus. 43(3), 332-357.

ALTMAN, E., Sabato, G., Wilson, N. (2009). The Value of Qualitative Information in SME Risk Management. CMRC, Leeds University Business School, UK. [Last accessed June 18, 2013]

ARNOLD, M., Holmes, S. (1999). Relative Risk Measurement in Small and Medium Enterprises. Department of Accounting and Finance, University of Newcastle, Australia. [Last accessed June 18, 2013]

BEACHBOARD, J., Cole, A., Mellor, M., Hernandez, S., Aytes, K., Massad, N. (2008). Improving Information Security Risk Analysis Practices for Small and Medium-Sized Enterprises: A Research Agenda. Journal of Issues in Informing Science and Information Technology Education, 5, 73-85.

BERNOULLI, D. (1954). Exposition of a new theory on the measurement of risk. Econometrica, 22(1), 23-36.

BBA – British Bankers’ Association, International Swaps and Derivatives Association, PricewaterhouseCoopers LLP (1999). Operational risk: the next frontier, RMA, Philadelphia.

CASUALITY ACTUARIAL SOCIETY (2003). Overview of Enterprise Risk Management. The CAS Enterprise Risk Management Committee, Forum 2003, Summer, 99-164.

CHAPMAN, C.B., Cooper, D.F. (1983). Risk engineering: Basic controlled interval and memory models. Journal of the Operational Research Society, 34(1), 51-60.

CHANGHUI, Y. (2007). Risk Management of Small and Medium Enterprise Cooperative Innovation Based on Network Environment. WiCOM - 3rd International Conference on Wireless Communications, Networking, and Mobile Computing.

CHATTERJEE, S., Wiseman, R.M., Fiegenbaum, A., Devers, C.E. (2003). Integrating Behavioural and Economic Concepts of Risk into Strategic Management: The Twain Shall Meet. Long Range Planning, 36, 61-79.

CHENG, Q. (2009). Risk Analysis and Evaluation of the Destructive Innovation in Small and Medium-Sized Enterprises. International Conference on Management and Service Science, MASS IEEE Computer Society.

COSO (Committee of Sponsoring Organizations of the Treadway Commission), (2004). Enterprise Risk Management - Integrated Framework,Vol. 2. [Last accessed June 18, 2013]

CROCKFORD, N. (1986). An Introduction to Risk Management (2nd eds). Woodhead-Faulkner, Cambridge.

DAVIDSON, R., Lambert, S. (2004). Applying the Australian and New Zealand Risk Management Standards to Information Systems in SMEs. Australian Journal Information Systems, 12(1), 4-16.

DI SERIO, L.C., de Oliveira, L.H., Siegert Schuch, L.M., (2011). Organizational Risk Management: A Study Case in Companies that Have Won the Brazilian Quatity Award Prize. Journal of Technology Management & Innovation, 6(2), 230-243.

ECORYS, (2012). EU SMEs in 2012: at the crossroads: Annual report on small and medium-sized enterprises in the EU 2011/12, European Commission, Rotterdam. [Last accessed June 18, 2013]

ELLEGAARD, C. (2008). Supply Risk Management in a Small Company Perspective. Supply Chain Management: An International Journal, 13(6), 425-434.

FAISAL, M.N., Banwet, D.K., Shankar, R. (2006). An Analysis of the Dynamics of Information Risk in Supply Chains of Select Sme Clusters. The Journal of Business Perspective, 10(4), 49-61.

GUOYU, H., Qinfen, W., Zhingjian, L., Juling, D., Ruihua, C. (2008). A New Quantitative Analysis Method for Financial Risk Early Warning of Unlisted Small and Medium Enterprise. International Conference on Management of e-Commerce and e-Government, IEEE Computer Society.

GAHIN, F.S. (1967). A theory of Pure Risk Management in the Business Firm. The Journal of Risk and Insurance, 34(1), 121-129.

GARATWA, W., Bollin, C. (2002). Disaster Risk Management: Working Concept. Deutsche Gesellschaft für Technische Zusammenarbeit (GTZ), Eschborn. [Last accessed June 18, 2013]

GURAU, C., Ranchhod, A. (2007). Flexible Risk Management in New Product Development: The Case of Small- and Medium-Sized Biopharmaceutical Enterprises. International Journal of Risk Assessment and Management, 7(4), 474-490.

HEAD, L.G. (2009). Risk Management – Why and How. International Risk Management Institute, Dallas, Texas.

HENSCHEL, T. (2009). Implementing a Holistic Risk Management in Small and Medium Sized Enterprises (SMEs). Edinburgh Napier University School of Accounting, Economics & Statistics, UK.

ISO - International Organisation of Standardisation (2009). ISO 31000, Principles and generic guidelines on risk management. [Last accessed June 18, 2013]

ISKANIUS, P. (2009). Risk Management in ERP Project in the Context of SMEs. Engineering Letters, 17(4).

ISLAM, M.A., Tedford, J.D., Haemmerle, E. (2006). Strategic Risk Management Approach for Small and Medium-Sized Manufacturing Enterprises (SMEs): A Theoretical Framework. ICMIT2006 International Conference on Management of Innovation and Technology.

JIBIN, M., Cheng, Y. (2008). Study on the Risk of Small and Medium-Sized Enterprises Securitization Based on Unascertained Measure Model. ISBIM 2008 International Seminar on Business and Information Management, IEEE Computer Society.

JOBST, A. (2004). Asset Securitisation as a Risk management and Funding Tool: What Does It Hold in Store for SMEs. Goethe-Universität Frankfurt am Main, Germany. [Last accessed June 18, 2013]

KARDUCK, A.P., Sienou, A., Lamine, E., Pingaud, H. (2007). Collaborative Process Driven Risk Management for Enterprise Agility. DEST2007: International Conference on Digital Ecosystems and Technologies.

KEFAN, X. , Liu, J., Peng, H., Chen, G., Chen, Y. (2009). Early-warning Management of Inner Logistics Risk in SMEs Based on Label-card System. Production Planning & Control, 20(4), 306-319.

KEIZER, J., Halman, J.I.M., Song, X. (2002). From Experience: Applying the Risk Diagnosing Methodology. Journal Product Innovation Management, 19(3), 213–232.

KIRYTOPOULOS, K., Leopoulos, V., Malandrakis, C. (2006). Risk Management: A Powerful Tool for Improving Efficiency of Project Oriented SMEs, Manufacturing Information Systems. Proceedings of The Fourth SMESME International Conference.

KLEMEN, M., Biffl, S. (2002). Economic Aspects and Needs in IT-Security Risk Management for SMEs. Institute of Software Technology and Interactive Systems, Vienna University of Technology, Austria, [Last accessed June 18, 2013]

LANE, C., Quack, S. (1999). The social dimension of risk: bank financing of SMEs in Britain and Germany. Organisation Studies, 20(6), 987-1010.

LEOPOULOS, V.N., Kirytopoulos, K.A., Malandrakis, C. (2006). RM for SMEs: Tools to Use and How. Production Planning & Control, 17(3), 322-332.

LOVE, P.E.D., Irani, Z., Standing, C., Lin, C., Burna, J.M. (2005). The Enigma of Evaluation: Benefits, Costs and Risks of IT in Australian Small–Medium-Sized Enterprises. Information & Management, 42(7), 947-964.

MENARDI, G. (2009). Some Issues Emerging in Evaluating the Risk of Default for SMEs. Department of Economic and Statistic Science, Trieste University, Italy. [Last accessed June 18, 2013]

MOWBRAY, A.M., Blanchard, R.H. , Williams, C.A. (1979). Insurance, Krieger publishing Co., Huntington.

NORMAN, A., Lindroth, R. (2002). Supply Chain Risk Management: Purchasers' vs planners' Views on Sharing Capacity Investment Risks in the Telecom Industry. 11th International Annual IPSERA Conference, Twente University, March 25-27, The Netherlands.

POBA-NZAOU, P., Raymond, L., Fabi, B. (2008). Adoption and Risk of ERP Systems in manufacturing SMEs: A Positivist Case Study. Business Process Management Journal, 14(4), 530-550.

REGAN, P.J., Patè-Cornell, M.E. (1997). Normative engineering risk management systems. Reliability Engineering and System Safety, 57(2), 159-169.

RIGAU, E. (2003). Définition et Opérationalisation d'une Organisation Virtuelle à Base d'Agents Pour Contribuer à de Meilleures Pratiques de Gestion des Risques dans les PME-PMI. PHD Thesis.

RITCHIE, B., Brindley, C. (2000). Disintermediation, Disintegration and Risk in the SME Global Supply Chain. Management Decision, 38(8), 575-583.

THEVENDRAN, V., Mawlesley, M.J. (2004). Perception of human risk factors in construction projects : an exploratory analysis. International Journal of Project Management, 22, 131-137.

URCIUOLI, V., Crenca, G., 1989. Risk Management: strategie e processi decisionali nella gestione dei rischi puri d’impresa. Rovereto, ISBA.

VARGAS-HERNÁNDEZ, J.G. (2011). Modeling Risk and Innovation Management. Advances in Competitiveness Research, 19 (3-4), 45-57.

VERBANO, C., Turra, F. (2010). A human factors and reliability approach to clinical risk management: Evidences from Italian cases. Safety Science, 48(59, 625–39.

VERBANO, C., Venturini, K. (2011). Development Paths Of Risk Management: Approaches, Methods And Fields Of Application. Journal of Risk Research, 14(5-6), 519 – 550.

WALSHE, K., Dineen, M. (1998). Clinical Risk Management. Making a difference?, The NHS Confederation, University of Birmingham, Birmingham.

WILLIAMS, A., Oumlil, B. (1987). A classification and analysis of JPMM articles. Journal of Purchasing and Materials Management, 23(3), 24–28.

WU, D.D., Olson, D. (2009). Enterprise Risk Management: Small Business Scorecard Analysis. Production Planning & Control, 20(4), 362-369.

XIAOHONG, C., Ying, Z., Jian, S. (2007). A study of SMEs Growth Evaluation Considering Value at Risk - Empirical Research of Listed SMEs. International Conference on Service Systems and Service Management.

YEO, K.T., Lai, W.C. (2004). Risk Management Strategies for SME Investing in China: a Singaporean Perspective. IEMC2004, International Engineering Management Conference.

ZHI-QIANG, M., Tao, H. (2008). Risk Evaluation on Technological Innovation of Chinese SMEs Based on Fuzzy Neural Network. 4th International Conference on Wireless Communication, Networking and Mobile Computing.




How to Cite

Verbano, C., & Venturini, K. (2013). Managing Risks in SMEs: A Literature Review and Research Agenda. Journal of Technology Management & Innovation, 8(3), 186–197.




Similar Articles

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 > >> 

You may also start an advanced similarity search for this article.