A Study on ISO 31000: Managing Risk Management System Implementation to Improve the Organization Performance: The Case of Malaysian Airline System Berhad
Authors
Fakulti Pengurusan Teknologi dan Teknousahawanan, Universiti Teknikal Malaysia Melaka,Centre of Technopreneurship Development (CTeD), 75450 Ayer Keroh, Melaka (Malaysia)
Nur Syazwani Binti Mohd Hanapi
Fakulti Pengurusan Teknologi dan Teknousahawanan, Universiti Teknikal Malaysia Melaka,Centre of Technopreneurship Development (CTeD), 75450 Ayer Keroh, Melaka (Malaysia)
Fakulti Pengurusan Teknologi dan Teknousahawanan, Universiti Teknikal Malaysia Melaka,Centre of Technopreneurship Development (CTeD), 75450 Ayer Keroh, Melaka (Malaysia)
Fakulti Pengurusan Teknologi dan Teknousahawanan, Universiti Teknikal Malaysia Melaka,Centre of Technopreneurship Development (CTeD), 75450 Ayer Keroh, Melaka (Malaysia)
Article Information
DOI: 10.47772/IJRISS.2025.92800019
Subject Category: Business Management
Volume/Issue: 9/28 | Page No: 195-207
Publication Timeline
Submitted: 2025-11-10
Accepted: 2025-11-16
Published: 2025-12-18
Abstract
Risk management plays a vital role in safeguarding organizational operations against uncertainties that may threaten their performance, safety, and reputation. The Malaysian Airline System Berhad (MAS) provides a critical case study, as incidents such as the MH370 and MH17 highlight the consequences of inadequate risk preparedness. This study examines the application of ISO 31000:2009, alongside AS/NZS 4360:2004 and OHSAS 18000:2007, to evaluate how structured risk management systems can improve organizational performance in the airline industry. Employing a qualitative research approach, data were collected through 3 interview session with MAS management to assess the implementation of the risk management framework. The findings suggest that integrating international standards fosters systematic risk identification, assessment, treatment, and monitoring, thereby enhancing decision-making, safety, and resilience. The study concludes that adopting ISO 31000, in combination with other frameworks, can significantly strengthen organizational performance by embedding proactive and adaptive risk management practices in complex operational environments.
Keywords
ISO 31000; risk management system; organizational performance
Downloads
References
1. Ahmed, H., & Khan, T. (2007). Risk management in Islamic banking. In M. Kabir Hassan & M. K. Lewis (Eds.), Handbook of Islamic Banking (pp. 144–158). Edward Elgar. [Google Scholar] [Crossref]
2. Boehm, B. W. (1991). Software risk management: Principles and practices. IEEE Software, 8(1), 32–41. https://doi.org/10.1109/52.62930 [Google Scholar] [Crossref]
3. Borghesi, A., & Gaudenzi, B. (2013). Risk management: How to assess, transfer and communicate critical risks. Springer-Verlag Italia. [Google Scholar] [Crossref]
4. Certification Europe. (n.d.). OHSAS 18001 occupational health and safety management. Retrieved from https://www.certificationeurope.com [Google Scholar] [Crossref]
5. Chapman, C. (1997). Project risk analysis and management—PRAM the generic process. International Journal of Project Management, 15(5), 273–281. https://doi.org/10.1016/S0263-7863(96)00071-1 [Google Scholar] [Crossref]
6. Clutterbuck, D., & Hirst, S. (2002). Talking business: Making communication work. Butterworth-Heinemann. [Google Scholar] [Crossref]
7. DAS Certification USA. (n.d.). OHSAS 18001 occupational health and safety management systems. Retrieved from https://www.dascertificationusa.com [Google Scholar] [Crossref]
8. Elkington, P., Smallman, C., et al. (2002). Managing project risks: A case study. International Journal of Project Management, 20(1), 49–57. [Google Scholar] [Crossref]
9. Finniston, M. (1975). Information and communication in industry. [Google Scholar] [Crossref]
10. George, A. Z., & Ritchie, B. (2009). Supply chain risk: A handbook of assessment, management, and performance. Springer. [Google Scholar] [Crossref]
11. Grabowski, M., & Roberts, K. (1999). Risk mitigation in virtual organizations. Organization Science, 10(6), 704–721. [Google Scholar] [Crossref]
12. Halliday, S., Badenhorst, K., & Solms, R. von. (1996). A business approach to effective information technology risk analysis and management. Information Management & Computer Security, 4(1), 19–31. [Google Scholar] [Crossref]
13. Hasanali, F. (2002). Critical success factors of knowledge management. Retrieved from https://www.kmworld.com [Google Scholar] [Crossref]
14. Henriksen, P., & Uhlenfeldt, A. (2006). Contemporary risk management in project-based environments. Project Management Journal, 37(3), 36–46. [Google Scholar] [Crossref]
15. Herbert, R., & Irene, W. (1995). Qualitative interviewing in education research. [Google Scholar] [Crossref]
16. Hofstede, G. (2001). Culture's consequences: Comparing values, behaviors, institutions, and organizations across nations (2nd ed.). Sage. [Google Scholar] [Crossref]
17. Hughey, A. W., & Mussnug, K. J. (1997). Designing effective employee training programmes. Training for Quality, 5(2), 52–57. [Google Scholar] [Crossref]
18. Hunter, J. (2002). Improving organizational structure and workflow. [Google Scholar] [Crossref]
19. Ifinedo, P. (2008). Impacts of business vision, top management support, and external expertise on ERP success. Business Process Management Journal, 14(4), 551–568. [Google Scholar] [Crossref]
20. International Organization for Standardization (ISO). (2009). ISO 31000: Risk management — Principles and guidelines. ISO. [Google Scholar] [Crossref]
21. International Organization for Standardization (ISO). (n.d.). ISO 31000: Risk management. Retrieved from https://www.iso.org [Google Scholar] [Crossref]
22. Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integrative model of organizational trust. Academy of Management Review, 20(3), 709–734. [Google Scholar] [Crossref]
23. National Institute of Standards and Technology (NIST). (2010). Guide for applying the Risk Management Framework to federal information systems: A security life cycle approach (NIST SP 800-37, Rev. 1). U.S. Department of Commerce. [Google Scholar] [Crossref]
24. OHSAS 18001 Health & Safety Standard. (n.d.). Retrieved from https://www.ohsas-18001-occupational-health-and-safety.com [Google Scholar] [Crossref]
25. Quirke, B. (1996). Communicating corporate change: A practical guide to communication and corporate strategy. McGraw-Hill. [Google Scholar] [Crossref]
26. Ranong, P. N., & Phuenngam, W. (2009). Critical success factors for effective risk management. Proceedings of the International Conference on Applied Business Research. [Google Scholar] [Crossref]
27. Ryan, B., Scapens, R. W., & Theobald, M. (2005). Research method and methodology in finance and accounting. Cengage Learning. [Google Scholar] [Crossref]
28. Saleem, M., & Abideen, Z. U. (n.d.). Risk management practices in organizations. [Google Scholar] [Crossref]
29. Smith, P. G., & Merritt, G. M. (2002). Proactive risk management: Controlling uncertainty in product development. Productivity Press. [Google Scholar] [Crossref]
30. Stank, T. P., Daugherty, P. J., & Gustin, C. M. (1994). Organizational structure and logistics service strategy. International Journal of Logistics Management, 5(2), 41–54. [Google Scholar] [Crossref]
31. Standards Australia. (1999). AS/NZS 4360:1999 Risk management. Standards Australia/Standards New Zealand. [Google Scholar] [Crossref]
32. Standards Australia. (2004). AS/NZS 4360:2004 Risk management. Standards Australia/Standards New Zealand. [Google Scholar] [Crossref]
33. Tchankova, L. (2002). Risk identification—Basic stage in risk management. Environmental Management and Health, 13(3), 290–297. [Google Scholar] [Crossref]
34. Treven, S. (2003). International training: The training of managers for assignment abroad. Journal of Business Economics and Management, 4(1), 101–110. [Google Scholar] [Crossref]
35. Vandijck, I. (2014). Risk management according to ISO 31000:2009. Journal of Emergency Management, 12(6), 435–444. [Google Scholar] [Crossref]
36. Win Management Services. (n.d.). OHSAS 18000 consultancy process. Retrieved from http://www.winms.com [Google Scholar] [Crossref]
37. Wong, A. (2005). The impact of information technology on supply chain capabilities and firm performance. International Journal of Production Economics, 95(3), 273–289. [Google Scholar] [Crossref]
38. Yin, R. K. (2009). Case study research: Design and methods (4th ed.). Sage. [Google Scholar] [Crossref]
39. Young, R., & Jordan, E. (2008). Top management support: Mantra or necessity? International Journal of Project Management, 26(7), 713–725. [Google Scholar] [Crossref]
40. Zwikael, O. (2008). Top management involvement in project management: Exclusive support practices for different project scenarios. International Journal of Managing Projects in Business, 1(3), 387–403. [Google Scholar] [Crossref]
Metrics
Views & Downloads
Similar Articles
- Empowering SME Performance Through Social Media: The Mediating Role of Entrepreneurial Orientation in Malaysian Manufacturing SMEs
- Effective School Bullying Prevention Strategies: A Thematic Review
- Impact of Workplace Conflict on the Operational Performance of Deposit Money Banks in Enugu State.
- Towards Digital Financial Solutions: A Conceptual Model of SME Strategies and Strategic Development
- Effect of Work-Life Balance and Affective Commitment on Employee Performance in the Hotel Industry in Plateau State