doi.org/10.52340/eab.2025.17.02.12

The concept of “compliance risk” was first introduced into the Georgian legislative framework for companies operating in the financial sector in 2008. Despite its significance, there remains a notable lack of scholarly research focused on the management, characteristics, assessment, mitigation, and control of compliance risks in Georgia. Building on this contextual gap, this study aims seeks to explore contemporary practices for managing and assessing compliance risks. To achieve this goal, the paper addresses the following research questions: How is compliance risk defined? Why is compliance risk management important? What is the significance of compliance within the framework of corporate governance? How do the concepts of compliance, compliance management, and compliance risk management differ? What is risk and its management, in general, and compliance risk management, in particular? Which methods are employed in the banking sector to evaluate compliance risk? This research adopts a systematic literature review approach, analyzing relevant scientific articles, international organizational regulations, standards, guidelines, and local legislative frameworks aligned with the study objectives.

Keywords: Compliance Risk, Compliance Risk Management, Compliance Management, Compliance Risk Assessment, Corporate Governance.

JEL Codes: G32, G34, K22, M14, M48, D81

Introduction

Risk is an inherent aspect of all activities, encompassing both business operations and individual choices. As the world evolves, new risks continually emerge. Practical experience demonstrates that companies succeed when they assume risks that are justified, manageable, and aligned with their financial capacity and risk tolerance (BCBS 2011). Assessing the reasonableness of risks requires evaluating both their current and potential impacts.
In recent years, alongside the prominence of financial risk management, there has been a growing focus on non-financial risks, including compliance risk. Importantly, compliance risk management has emerged as a distinct discipline, gaining recognition over the past several decades.
The concept “compliance risk” was first incorporated into the Georgian legislative framework for companies operating in the financial sector in 2008 (The Order of NBG N71, 2008). Despite its significance, there remains a notable dearth of scientific research on the management, characteristics, assessment, mitigation, and control of compliance risks in Georgia.
Addressing this gap, the present study aims to explore practices for managing and assessing compliance risks. A through literature review was undertaken with two main objectives: investigating existing approaches to compliance risk management and the evaluating methods for assessing compliance risks.
This research employed a systematic literature review methodology, drawing upon relevant scientific papers, international organizational guideline, standards, regulations, and local legislative acts aligned with the study’s research questions.

Literature Review
Methodology and Research Procedure
A comprehensive systematic literature review facilitates the identification of existing methods directly relevant to compliance risk management and the evaluation of compliance risks. The review aims to uncover pivotal insights, including dominant perspectives, emerging trends, and established best practices.
The research entails an extensive examination of literature across various time periods, ranging from foundational works to the latest publications. This comprehensive approach is critical to understanding the topic’s evolution and its underlying principles.
To grasp the essence of compliance risk management and fulfill the study’s objectives, a diverse range of sources were analyzed, including academic research papers, regulatory documents, manuals, international organizational guidelines, standards, and reports. The literature review began with searches in the scientific database ScienceDirect, followed by Google, Google Scholar, and resources such as www.iso.org, www.bis.org and www.matsne.gov.ge. The keywords utilized were: “Compliance Risk,” “Compliance Risk Management,” “Compliance Management,” “Compliance Risk Assessment,” and “Corporate Governance.” The search focused on incorporating the most recent studies available. Materials retrieved from these sources were carefully curated and analyzed in alignment with the following research questions (hereafter referred to as Q):
Objective 1 (O1). Compliance risk – What is known about it?
O1Q1. How is compliance risk defined?
O1Q2. Why is compliance risk management important?
O1Q3. What is the significance of compliance within the framework of corporate governance?
O1Q4. How do the concepts of compliance, compliance management, and compliance risk management differ?
O1Q5. What is risk and its management in general, and how does compliance risk management fit within this framework?
Objective 2 (O2)- Study of existing methods for assessing compliance risks.
O2Q1. Which methods are commonly used in the banking sector to evaluate compliance risks?

What Is Known about Compliance Risk?
Compliance risks are inherent to all business entities, irrespective of the industry in which they operate, as companies must comply with legal requirements, regulations, and standards across jurisdictions where they operate, conduct transactions, serve foreign residents, or distribute products.
In Georgia, the concept of “compliance risk” was first introduced in 2008 when the National Bank of Georgia (NBG) issued the Regulation on Risk Management in Commercial Banks. This regulation remained in force for a decade before being repealed. During this time, and in the subsequent years, the National Bank of Georgia did not provide additional guidance or regulations on the management, assessment, or reporting of compliance risks. Although a legislative definition for “compliance risk” is absent, the obligation for commercial banks to manage these risks, as outlined in the Order of NBG №215/04 (2018), persists. This requirement has gained future significance following Georgia’s signing of the Association Agreement within the European Union, the European Atomic Energy Community, and their Member States in 2014. Under the agreement, Georgia is obliged to align its national legislation with the broader European legal framework, including the Basel Committee Guidelines (AA/DCFTA, 2014). As a result, the topic remains critical and demands detailed examination.

Main Findings
O1A1. Definition of compliance risk. Understanding compliance risk management (CRM) begins with defining compliance risk (CR). Numerous widely accepted definitions of CR exist within both academic literature and regulatory frameworks. For this study, definitions from several authoritative sources have been selected: the Basel Committee on Banking Supervision’s paper Compliance and the Compliance Function in Banks (BCBS 2005), the Federal Reserve System’s (FRS) Clarification on the Responsibilities of Boards, published on October 16, 2008 (FRS 2008) and the European Banking Authority’s (EBA) Internal Governance Guide (EBA 2011). While these definitions differ in specificity, they share a central theme: CR refers to the possibility of legal or regulatory sanctions, financial loss, or reputational damage resulting from non-compliance with laws, regulations, rules, regulatory requirements, codes of conduct, or standards established by self-regulatory organizations.
O1A2. The Concept of Compliance Risk Management. As previously noted, CR has gained significant attention since the early 21st century, emerging as a distinct field within the broader discipline of risk management (RM). The research paper Managing for Organizational Integrity is considered one of the earliest works on compliance management. In this paper, Paine explores the relationship between transparency, business ethics, and compliance (Paine, 1994). Compliance management (CM), also known as compliance risk management, has recently been recognized as a crucial function within organizations (Bognár და Benedek 2021).
Implementing an effective CRM strategy complements a company’s goal of maintaining stability (Teichmann, Wittmann and Boticiu 2023). It serves as a decision-making framework for legal and regulatory compliance, thus supporting risk mitigation efforts (Hopkins 2011). However, the primary objective of CRM is not to minimize risks but to empower informed and strategic risk-taking.
O1A3. Significance of compliance in corporate governance. A compliance management system allows a company to showcase its commitment to applicable laws, regulatory requirements, industry codes, and internal standards (ISO 37301 2021). Compliance promotes adherence to legal frameworks, mitigates risks, fosters accountability and transparency, upholds ethical principles, and builds stakeholder confidence. It also strengthens governance practices (Paine L. , 1994) and enables organizations to navigate responsibly and sustainably within the complexities of today's business landscape (Brahimi, Dibra, & Prodani, 2013). Compliance is a cornerstone of effective corporate governance, ensuring the organizations operate within legal and ethical boundaries, fostering trust among stakeholders, and facilitates long-term success (Seifi & Crowther, 2011).
O1A4. Conceptual distinctions among compliance, compliance management, and compliance risk management. Compliance and compliance management are often used interchangeably, and they both refer to the overall processes and practices aimed at ensuring organizational adherence to laws, regulations, and internal policies (Gerard & Weber, 2015). However, compliance management represents a more comprehensive approach, encompassing the establishment and maintainance of compliance standards (Fotaki, Lioukas, & Voudouris, 2020).
In contrast, compliance risk management is a distinct facet within compliance management (Miller, 2014). CRM specifically focuses on identifying, assessing, and managing risks associated with non-compliance. It aims to proactively detect potential compliance risks and implement controls to mitigate them. Essentially, compliance risk management serves as a specialized tool or process within the broader framework of compliance management, addressing risks that could arise from non-compliance with laws and regulations. In this way, compliance risk management functions as a vital component to effectively manage compliance-related risks.
O1A5 Concepts of risk and its management, and compliance risk management. Risk, in general, refers to the potential for events or circumstances to adversely impact an organization's objectives (Moeller, 2011). It embodies the uncertainty and variability that organizations encounter in striving to achieve their goals (Yalcin, Kilic, & Delen, 2022). Risk management (RM) is a vital process, commonly utilized in strategic decision-making. Its integration at the operational level underscores its importance in facilitating effective business operations (Ciocoiu, Chitimiea, Vaduva, & Prioteasa, 2020). RM entails identifying risks, assessing their potential impact, developing strategies to address them, mitigating their negative consequences, and maximizing opportunities (Berg 2010), (Aven & Renn, 2010). It follows a systematic proses involving risks identification, analysis, and response (Prioteasa & Ciocoiu, 2017).
Compliance risk management, as a specific approach within risk management, focuses on the risks associated with non-compliance. Its objective is to identify, assess, and manage such risks to ensure conformity with legal and regulatory requirements, safeguarding the organization's integrity and reputation (BCBS 2005)

Methods of Assessing Compliance Risks
A comprehensive assessment of an organization's compliance risks involves linking each risk to a control activity and evaluating the effectiveness of these controls through monitoring and testing (Silverman 2008, 259-261), (Losiewicz-Dniestrzanska, 2015). This approach ensures that organizations can effectively manage compliance risks and achieve their compliance objectives.
The International Organization for Standardization (ISO) defines risk assessment as a process involving the identification, analysis, and evaluation of risks, taking into account the uncertainty of events or circumstances and their potential impact on targets (ISO31000 2018), (Lindauer, 2017).
By adopting a thorough risk assessment methodology, organizations gain a deeper understanding of their compliance risks and can develop strategies to mitigate them effectively. CRM is no longer optional but has become essential due to heightened regulatory scrutiny and the growing importance of adhering to legal and ethical standards (Lam and Hashmi, 2022).
Within the context of risk management, two distinct methods are employed to assess and evaluate risks: Qualitative Analysis and Quantitative Analysis.

Main Findings
A number of methodological approaches have been identified for assessing compliance risks across various business sectors. These include: Failure modes and effects analysis (FMEA) (Bognár, Ferenc; Benedek, Petra 2021), (Stamatis 2003), Risk matrix and partial risk map (PrisM) (Bognár and Benedek 2021), Pairwise Comparison (PCT) based PRisM method (Szentes, Benedek and Bognár 2023), Six Sigma (Tarantino 2008), (Zhang, et al. 2013), Business process modeling (BPM) and simulation (Tarantino 2008), Scenario analysis (Ramakrishna 2015), Fault Tree Analysis (FTA) (Pan, et al. 2022), Static Game Models (SGM) (Pang, et al. 2020). Given the broad array of assessment methods, this study adopts Failure Modes and Effects Analysis (FMEA) as the primary tool for evaluating CR in the banking sector.
O2Q1. Failure Modes and Effects Analysis (FMEA). FMEA is a systematic and proactive risk assessment technique designed to identify potential failure modes in a system, process, or product, and to analyze their potential effects (Popov, Hollcroft and Lyon 2016, 163-179). A proactive approach (London 2022), (Qureshi 2019) involves taking initiative by identifying and addressing potential issues or opportunities before they arise. In contrast, a reactive approach focuses on responding to adverse events after they occur. Proactive strategies prioritize anticipating challenges and implementing preemptive measures to mitigate them.
FMEA is widely used in industries such as manufacturing, engineering, healthcare, and aerospace to identify and address potential risks before they occur (Liu, Liu, and Liu, 2013). Notably, studies have demonstrated that this approach is also applicable for assessing compliance risks (Bognár, Ferenc; Benedek, Petra 2021). FMEA enables organizations to proactively identify and address potential failure modes, thereby reducing risks, enhancing the reliability of products or processes, improving safety, and minimizing negative impacts on customers, stakeholders, and the overall business. Moreover, it supports informed decision-making, effective resource allocation, and the continuous improvement of systems and processes.
FMEA uses the following steps in the risk management process:
Identification: This involves identifying all potential compliance risks within the system, process, or products under evaluation. Such analysis can be conducted during the implementation phase of systems, processes or products, as well as during periodic reviews of existing ones. It is particularly critical at certain intervals or when internal or external factors are changed.
Risk assessment: Risk assessment involves analyzing each identified compliance risk to determine its significance and potential impact on a company. This process evaluates the likelihood of occurrence, the severity of consequences, and the effectiveness of current control measures. By prioritizing risks based on severity and the company's risk appetite, organizations can focus on mitigating the most critical risks.
Severity Assessment: Each failure mode is evaluated for its potential severity or impact on the system, proses, or product. Severity ratings are assigned based on the consequences, such as safety risks, financial losses, customer dissatisfaction, or regulatory non-compliance.
Occurrence Assessment: The likelihood or probability of each failure mode occurring is analyzed (Popov, Hollcroft and Lyon 2016, 77-79). This involves includes examining historical data, expert opinions, and other relevant information to gauge the probability of the failure mode happening. Occurrence ratings are assigned accordingly.
Detection Assessment: The effectiveness of existing controls, detection methods, or safeguards in detecting or preventing the failure mode is assessed. Detection ratings reflect the likelihood of identifying the issue before it results in adverse consequences for the organization.
As outlined above, the Risk Priority Number (RPN) is calculated by multiplying the severity (outcome), occurrence, and detection ratings (Popov, Hollcroft and Lyon 2016, 75-76). The calculated PRN provides a numerical value that helps prioritize identified failure modes for further action.
Equation 1
RPN= Severity × Occurrence× Detection
For the equation to be effective, a rating must be assigned to each factor. The development and adaptation of rating scales depend on the characteristics of the products (Bognár, Ferenc; Benedek, Petra 2021) and processes. This requires careful consideration of the following: (1) the potential impacts, including financial and non-financial sanctions, as well as reputational damage that may result from the realization of a risk; (2) likelihood of risk materializing; and (3) the extent to which risk factors are recognized to enable timely detection.
Thus, the discussed method enhances existing compliance risk management frameworks by enabling organizations to proactive identify risks, strengthen regulatory compliance mechanisms, and mitigate the adverse consequences of non-compliance. FMEA employs analytical and strategic approaches to empower business to remain proactive and maintain control over emerging risks.

Conclusion
This study focused on examining compliance risk management methods and assessment approaches through a comprehensive literature review in the banking sector. To meet these objectives, research questions were formulated, and the following answers were identified.
01Q1. How is compliance risk defined? – CR refers to the possibility of legal or regulatory sanctions, financial loss, or reputational damage arising from non-compliance with laws, regulations, rules, regulatory requirements, codes of conduct, or standards established by self-regulatory organizations.
O1Q2. Why is compliance risk management important? – CRM acts as a decision-making tool for ensuring legal and regulatory compliance, facilitating risk mitigation. Beyond reducing risks, CRM enables informed and strategic risk-taking, aligning compliance efforts with organizational goals.
01Q3. What is the significance of compliance within the framework of corporate governance?
– Compliance management in corporate governance empowers companies to navigate the complexities of the modern business environment in a responsible and sustainable manner. It ensures that organizations operate within legal and ethical boundaries, fostering trust among stakeholders. Furthermore, it promotes accountability, transparency and compliance while mitigating risks.
01Q4. How do compliance, compliance management, and compliance risk management conceptually differ? – Compliance and compliance management are often used interchangeably, as both refer to the overall processes and practices designed to ensure adherence to laws, regulations, and internal policies within an organization. Compliance risk management, however, is a specific component or tool within compliance management. It focuses on identifying, assessing, and managing the risks associated with non-compliance. While compliance management encompasses the broader framework of adherence, CRM zeros in on mitigating specific risks to uphold compliance effectively.
O1Q5. What is risk and its management, in general, and compliance risk management, in particular? - Risk management (RM) is a vital process widely utilized in strategic decision-making. It involves a systematic approach to the identification, analysis and response to risks. CRM, as a specialized subset of risk management, focuses specifically on addressing risks related to non-compliance with legal and regulatory requirements.
O2Q1. Which methods are utilized in the banking sector to assess compliance risk? The study identified various methodological approaches employed to assess compliance risks across different business sectors. Among these, Failure Mode and Effects Analysis (FMEA) was selected as the primary method for evaluating compliance risk in the banking sector. FMEA enables organizations to proactively identify potential risks, strengthen regulatory compliance mechanisms, and mitigate the adverse consequences of non-compliance.
The literature review revealed the absence of studies by Georgian authors on compliance risk management and assessment. Not publicly available research in this field was identified during the study period. This study aims to help bridge this gap and contribute to advancing research in this area.
References:
AA/DCFTA, The Association Agreement (2014). Legislative Herald of Georgia. www.matsne.gov.ge . June 27. (Accessed December 2024).
Aven Terje and Renn Ortwin (2010). “Risk Management and Governance: Concepts, Guidelines and Applications”. Heidelberg: Springer.
BCBS (2005). "Compliance and the Compliance Function in Banks." The Bank for International Settlements (BIS). April 29. https://www.bis.org/publ/bcbs113.htm . (Accessed May 2024).
BCBS (2011). "Principles for the Sound Management of Operational Risk, Bank for International Settlements." The Bank for International Settlements (BIS). June. https://www.bis.org/publ/bcbs195.pdf . (Accessed March 2024).
Berg Heinz-Peter (2010). "Risk Management: Procedures, Methods and Experiences." Reliability: Theory & Applications 5 (N2 (17)): 79-95.
Bognár Ferenc and Benedek Petra (2021). "A Novel Risk Assessment Methodology – A Case Study of the PRIsM Methodology in a Compliance Management Sensitive Sector." Acta Polytechnica Hungarica, Vol. 18, No. 7 89-108.
Bognár Ferenc, Benedek Petra (2021). "Case Study on a Potential Application of Failure Mode and Effects Analysis in Assessing Compliance Risks." Risks 1-16. doi:https://doi.org/10.3390/risks9090164. (Accessed May 2024).
Brahimi Fran, Dibra Rezart and Prodani Geraldina (2013). "The Role of Corporate Governance in Transition Countries." European Journal of Business and Management (20): 166-176. https://iiste.org/Journals/index.php/EJBM/article/view/7311 . (Accessed May 2023).
Ciocoiu Carmen Nadia, Chitimiea Andreea, Vaduva Valentina Raluca and Prioteasa Adina-Liliana (2020). "Quantitative Approach to the Implementation of Risk Management in Operating Activities of Romanian SMEs." The Journal of Organizational Management Studies Vol. 2020.
EBA, European Banking Authority (2011). "EBA Guidelines on Internal Governance (GL 44)." www.eba.europa.eu. (Accessed March 2024).
Fotaki Maria, Lioukas Spyros and Voudouris Irini (2020). "Ethos is Destiny: Organizational Values and Compliance in Corporate Governance." Journal of Business Ethics 19-37. doi:https://doi.org/10.1007/s10551-019-04126-7. (Accessed May 2023).
The Federal Reserve System (2008). "SR 08-8 / CA 08-11 – Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles." www.federalreserve.gov . (Accessed March 2023).
Gerard Joseph A. and Weber Curt M. (2015). "Compliance and Corporate Governance: Theoretical Analysis of the Effectiveness of Compliance Based on Locus of Functional Responsibility." International Journal of Global Business 8 (1): 15-26.
Hopkins Andrew (2011). "Risk-management and Rule-compliance: Decision-making in Hazardous Industries." Safety science 49 (2): 110-120. doi:https://doi.org/10.1016/j.ssci.2010.07.014. (Accessed May 2023).
ISO37301 (2021). "Compliance Management Systems – Requirements with Guidance for Use." International Organization for Standardization. www.iso.org . (Accessed March 2023).
ISO31000 (2018). “Risk Management Guidelines.” International Organization for Standardization. https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en . (Accessed March 2023).
Lam Ho-Pun and Hashmi Mustafa (2022). "A Comparative Study of Compliance Management Frameworks: PENELOPE vs. PCL." Knowledge 2: 618-651. doi:https://doi.org/10.3390/knowledge2040036. (Accessed May 2023).
Lindauer Roman (2017). “Modern Risk Management Remarks.” Bookborn. http://103.62.146.201:8081/jspui/bitstream/1/6242/1/modern-risk-management-remarks.pdf . (Accessed May 2023).
Liu Hu-Chen, Liu Long and Liu Nan (2013). "Risk Evaluation Approaches in Failure Mode and Effects Analysis: A Literature Review." Expert Systems with Applications 828-838. doi:https://doi.org/10.1016/j.eswa.2012.08.010. (Accessed May 2023).
London Calvin (2022). "Two Sides of the Coin: Proactive versus Reactive Compliance Management." CEP Magazine 1-4. https://compliancecosmos.org/two-sides-coin-proactive-versus-reactive-compliance-management . (Accessed April 2024).
Losiewicz-Dniestrzanska Ewa (2015). "Monitoring of Compliance Risk in the Bank." Procedia Economics and Finance 26: 800-805. doi:https://doi.org/10.1016/S2212-5671(15)00846-1. (Accessed May 2023).
Miller Geoffrey P. (2014). "The Role of Risk Management and Compliance in Banking Integration." NYU Law and Economics Research Paper 14-34. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2527222 . (Accessed May 2023).
Moeller Robert R. (2011). “COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance Processes.” New Jersey: John Wiley & Sons.
The Order of NBG №215/04 (2018). "Corporate Governance Code for Commercial Banks." Legislative Herald of Georgia. https://matsne.gov.ge/ka . September 26. (Accessed December 2024).
Paine Lynn S. (1994). "Managing for Organizational Integrity." Harvard Business Review 72 (2): 106-117. https://hbr.org/1994/03/managing-for-organizational-integrity. (Accessed March 2023).
Pan Kai, Liu Hui, Gou Xiaoqing, Huang Rui, Ye Dong, Wang Haining, Glowacz Adam and Kong Jie (2022). "Towards a Systematic Description of Fault Tree Analysis Studies Using Informetric Mapping." Sustainability 14 (18): 1-28. doi:https://doi.org/10.3390/su141811430. (Accessed April 2023).
Pang Sulin, Yang Junkun, Li Rongzhou and Cao Jun (2020). "Static Game Models and Applications Based on Market Supervision and Compliance Management of P2P Platform." Mathematical Problems in Engineering 1-17. doi:https://doi.org/10.1155/2020/8869132. (Accessed May 2024).
Popov Georgi, Hollcroft Bruce and Lyon Bruce K. (2016) “Risk Assessment.” Hoboken, New Jersey: John Wiley & Sons, Inc.
Prioteasa Adina Liliana and Ciocoiu Carmen Nadia (2017). "Challenges in Implementing Risk Management: A Review of the Literature."In Proceedings of the International Management Conference. 972-980.
Qureshi Muhammad Waheed (2019). "Understanding Compliance Risk in Finance and Banking." ISACA JOURNAL 4: 1-7.
Ramakrishna Saloni (2015). “Enterprise Compliance Risk Management_ An Essential Toolkit for Banks and Financial Services.” Singapore: John Wiley & Sons Singapore Pte. Ltd.
Seifi Shahla and Crowther David (2011). “Corporate Governance and International Business”. BookBoon. https://bookboon.com/en/corporate-governance-and-international-business-ebook. (Accessed May 2023).
Silverman Michael G. (2008). “Compliance Management for Public, Private, and Nonprofit Organizations”. New York: The McGraw-Hill Companies, Inc.
Stamatis D. H. (2003). “Failure Mode and Effect Analysis: FMEA from Theory to Execution”. Milwaukee, Wisconsin: ASQ Quality Press.
Szentes Balázs, Benedek Petra and Bognár Ferenc (2023). "Compliance Risk Assessment in the Banking Sector: Application of a Novel Pairwise Comparison-Based PRISM Method." Complexity in Finance and Economics 1-13. doi:https://doi.org/10.1155/2023/9165815. (Accessed May 2024).
Tarantino Anthony (2008). “Governance, Risk and Compliance Handbook.” Hoboken, NJ: John Wiley & Sons, Inc.
Teichmann Fabian, Wittmann Chiara and Boticiu Sonia (2023). "Compliance as a Form of Defense Against Corporate Criminal Liability." Journal of Economic Criminology 1: 1-4. doi:https://doi.org/10.1016/j.jeconc.2023.100004. (Accessed May 2024).
The Order of NBG N71. 2008. "Regulation on Risk Management in Commercial Banks." Legislative Herald of Georgia. www.matsne.gov.ge . March 17. (Accessed September 2024).
Yalcin Ahmet Selcuk, Kilic Huseyin Selcu, and Delen Dursun (2022). "The Use of Multi-criteria Decision-making Methods in Business Analytics: A Comprehensive Literature Review." Technological Forecasting and Social Change 174: 1-35. (doi:https://doi.org/10.1016/j.techfore.2021.121193. (Accessed June 2024).
Zhang Qun, Irfan Muhammad, Zhu Xiaoning, Aamir Muhammad and Khattak Obaid (2013). "Six Sigma in Synergy with Risk Management." European Journal of Business and Management 5 (12): 184-188. https://iiste.org/Journals/index.php/EJBM/article/view/5829/5897. (Accessed May 2024).