NOVEL RISK MANAGEMENT INTEGRATED MODEL IMPLEMENTATION: COMPARISON BETWEEN MANUFACTURING AND SERVICE COMPANIES

Till now a framework to define a common and unified standard model for integrated risk management systems, which is suitable to be used in all contingency factors settings, has not been found. For this reason, as the main objective of applying the standards of management systems in the organizations is to determine the risk that affects the ability of the organization to achieve its goals and desired results in addition to organizing and coordinating all operations and the optimal use of resources, the purpose is to develop an integrated risk management model for standardized management systems with growing trends such as ISO 9001:2015, ISO 14001:2015, ISO/IEC 27001:2013, ISO 45001:2018 and ISO 22000:2018 with the aim to allow organizations to manage their operations and risks appearing in a manner that reduces the use of available resources and improves the overall performance. Novel risk management integrated model in standardized management systems has three levels – correspondence, coordination and integration and putting in place a clear and structured approach to control of organizational risk. Proposed model has been checked empirically to survey contextual independence of proposed model using Mann-Whitney U*test and it has been proved that the model is context free and applicable to companies from different sectors – both in production and service companies.


INTRODUCTION
Nowadays organizations work in risky, very unstable environments and accordingly they seek to use various management system standards in order to organize their management systems and improve the performance of their operations in the desired way giving appropriate answer to disturbances that appear in internal and external environments (Tomić & Spasojević-Brkić, 2011). Quality management standards are usually seen as the main driving force to reach competitiveness in global landscape (Tomić et al., 2012) and nowadays even those standards contain risk management as a very important part (Chiarini, 2017;Rybski et al., 2017). Accordingly, risk analysis could be seen as an adequate base for a complex management system capable of reaching desired aims and results. Today, there is a need to provide necessary support to manage and address the risk subjected in processes of providing products and services to clients while providing confidence, safety and security to all stakeholders (Jorgensen et al., 2006;Domingues et al., 2015;Algheriani 2017;Berger & Gleissner, 2018).
The value and importance of risk management has increased significantly today. One of the most reliable ways to manage organizational risks is to specifically check all processes and ensure that they continue to provide outputs that result in highquality products and services by implementing various standards of management systems (MS) and then integrate them in a manner to reduce cost and time resources simultaneously. From this standpoint, it is aimed to develop a model for managing risk in multiple MS standards (Yilmaz & Floris, 2010). Additionally, one of the most important clauses in the risk management standard urges organizations to include risk management in all applications and processes and to be an integral part not distinct from other organizational processes, and thus risk management must be integrated into the organization as an important component in policy definition, strategic planning, and influence and consequently change management processes through analyzing the risks, discovering solutions to them, and seize the opportunities in developing every process in the organization (Berger & Gleissner, 2018).
However, till now a framework has not been found to define a common and unified standard model for integrated management systems that can be used in all contingency factors settings (Savino & Batbaatar, 2015;Souza & Alves, 2018). For this reason, as the main objective of applying the standards of management systems in the organizations is to determine the risk that affects the ability of the organization to achieve its goals and desired results in addition to organizing and coordinating all operations and the optimal use of resources, the purpose of this paper was to develop an integrated risk management model for standardized management systems with predicted growing trends: ISO 9001:2015, ISO 14001:2015, ISO/IEC 27001:2013, ISO 45001:2018and ISO 22000:2018 to allow organizations to manage their operations and risks and to check its contextual dependence in the sense of sector distribution.

METHODOLOGY
Effective and efficient integration of management systems is extremely important (Zeng et al., 2007). Algheriani, Majstorovic, Kirin and Spasojevic Brkic (2019) Three degrees of integration are depicted, as follows: 1.Correspondence alluding to build the similarity between the principles so as to take care of issues of organization, duplication of work assignments, and disarray between various norms, 2. Coordination depending on a typical comprehension of conventional procedure and undertaking the executives cycles (Plan-Do-Check-Act) to guarantee the cooperative energies and tradeoffs between the guidelines, and 3. Integration prompting the connection with partners, persistent improvement of the exhibition, superior comprehension of inward and outer difficulties and furthermore a duty culture. The adequacy of each management framework is estimated by the degree of accomplishment of objectives and the reason for everyone in this model is to characterize the board procedure of strategies and explicit framework objectives, risks that influence the accomplishment of objectives and the proper assets and procedures that are expected to satisfy the partners' necessities, needs, and desires. Consequently, setting up the individual management frameworks as indicated by fitting guidelines that are shown in Figure 1 is characterized as follows: ISO 9001:2015 quality MS is used to decide on the essential procedure for transformation of input with product value added, and for treatment of risk nonconformance, as well as identification and realization of quality objectives. Environmental MS is aimed at environmental risk treatment and environmental goals and programs determination and realization according to ISO 14001:2015 standard (Fonseca & Domingues, 2018). ISO 45001:2018 OH&S is done for word related wellbeing and security danger anticipation (treatment) just as word related wellbeing and wellbeing objectives and program assurance and acknowledgment (Morgado et al., 2019). ISO/IEC 27001:2018 information security MS is used to treat data security chances, and to decide on their targets and projects. ISO 22000:2018 food safety MS is intended to decide on sanitation dangers treatment just as their targets and HACCP plan (Chen et al., 2018). Companies must spread and build up a strong risk management culture from start to finish in the organizational structure, over all levels of higher representatives and workers, to guarantee management in a vigorous and exhaustive manner over the organization. Notwithstanding consideration of the necessities and desires for all partners, which have identified risks, we likewise consider the commitment and solid initiative of top management and administration to apply the risk-oriented culture.
The PDCA ("plan-do-check-act") cycle is a tool that can be utilized to oversee procedures and frameworks (Labodova, 2004;Rebelo et al., 2016). The procedure approach is another instrument used to deal with a gathering of procedures all together, where the interrelations between them are recognized, and the yields of a past procedure are treated as contributions of the accompanying one so as to guarantee the post-effects of every individual procedure in way to include extra business esteem and to add to accomplishing the last wanted outcomes. These two instruments with chance-based reasoning methodology and hazard the executives are significant components used to fulfil proposed model. Clearly, the executed administration principles in this examination have numerous similarities, as follows: I) in their authoritative structure and procedures through the employments of terms goals, reviews, techniques, records, and so on ii) in their usage paying little heed to type, size or creation, and degree. iii) to standard language utilized and PDCA approach of constant improvement. This comparability in structure, execution, and language utilized with following the PDCA cycle steps can encourage the mix procedure through building up a powerful coordination methodology, as in Algheriani et al.
(2019). The top management plays out an audit and assessment of the coordinated management framework so as to guarantee its ceaseless wellness and productivity in fulfilling the necessities all things considered.
As it is evident, in scientific audience there are no numerous studies connected to integration based on risk principles, with even smaller number of studies on auditing, and since most of the studies are theoretical by substance, it can be concluded that there is a lack of empirical studies. Aimed at this, field study survey has been conducted surveying Serbian companies in order to analyze the integration of risk management practice in the The main objectives of empirical study done are to analyze how organizations in Serbia integrated their MSs and their audits, as well as how they feel and act on risk management issues, all together with difficulties and time needed to integrate MSs, extent of integration of MSs in organizations overall, extent of integrated MS processes, resources and goals, extent of integration of the elements of audit systems and benefits of having integrated audits in organizations together with novel risk model check in practice. The survey contained a cover letter and a questionnaire. The survey used questions with the Likert scale with five levels (scale from 1 to 5), since it is seen as the most commonly used psychometric instrument (Allen & Seaman, 2007;Maurer & Pierce, 1998). The survey was posted on Google Docs and its link was sent via email to 200 Serbian companies registered simultaneously in the various management standards. Anyhow, to upgrade the quality of obtained answers, the survey was sent to responsible mangers for managing the standards (their email addresses were used). The survey has covered a number of topics such as important changes in the organization regarding the risk principles, risk mitigation etc.

RESULTS
At the beginning of 2020, a survey has been launched, containing only descriptive data and the questions given in Table 1. After 3 months, and two reminders, 30 companies answered. The companies from transitional economies, and Serbia among them, have numerous problems with quality of their business and productivity (Bakator et al., 2019) and they are not usually willing to answer questionnaires in high percents (Karapetrovic & Spasojevic-Brkić, 2014), so the obtained response rate is not surprising. An average value of number of employees in participating companies amounts 276. Companies belong to ten sectors, as given in Figure 2. The largest part of them is in manufacturing sector with 20%, followed by energy and construction sectors with 17%. Table 1 shows the manner in which the Mann-Whitney U-test has been used to compare differences between two independent groups, since the dependent variable is either ordinal or continuous, but not normally distributed and results will show if there are significant differences.
The results of survey, which were obtained on a sample in size of 30 Serbian companies, as in Table 1., show that proposed model is not dependent on context regarding industry type, since there were no evidenced significant differences in given answers, which means that the proposed model application independently of contingent factors could be recommended.

CONCLUSION AND IMPLICATIONS
The school of contingent management as the basic premise has the fact that there is no universal, generally accepted organizational theory, but when designing an organization it is necessary to take into account external and internal factors that affect parts of the organization or the organization as a whole, as later on emphasized in standards (Brkić et al., 2009;Spasojevic Brkic et al., 2013). Namely, the context represents by both internal and external factors could have an impact on the attainment of the goals of the organization, whose tracking enables to identify, evaluate, and manage risk-related to stakeholders and their changing needs and expectations.
According to experimental verification and theoretical enrichment of contextual theory for decades, with the increasing tendency to determine the influence of contingent factors and increasing the complexity of the research with the same objective, the Mann-Whitney U test was used in this survey to compare the differences between manufacturing and service companies in implementing the proposed risk management integrated model and it has been proven that the proposed model is not dependent on context in relation to size and type of industry, which means that it is recommended to apply it independently of contingent/contextual factors.
Recommendation for future research in this area is a more detailed analysis of collected data using more sophisticated statistical analysis tools, such as regression analysis, structural equations modelling and similar to see interrelations between variables in the proposed model and performance indicators. Also, an influence of demographic factors such as companies' size could be checked using the same methodology and Mann-Whitney U* test.

ACKNOWLEDGEMENT
The paper is supported by grants from the Ministry of Education, Science and Technological Development, grants from project E!13300 and contract 451-03-68/2020-14/200105 (subproject TR 35017). The authors also thank the respondents who filled out the questionnaires for their kind cooperation.