Strategic Goals in the Field of Safety and Security, Characteristics of a Business Model

Source, Citation:

Kolyada A. A., Buzunov R. A.

Strategic Goals in the Field of Safety and Security, Characteristics of a Business Model // International

Scientific Journal. 2025. № 3 (103). рр. 91–115. EDN: BDANIR.

Andrey Alexandrovich Kolyada, DBA, Rector and Scientific adviser, ORCID ID: https://orcid.org/0009-0005-9725-9370, SPIN-код: 1932-8478, AuthorID: 805184, kolyada@emasrussia.ru

Eurasian Management and Administration School (EMAS Business School), Russia

Roman Alexandrovich Buzunov, EMBA, Teacher-researcher1, Assistant General Manager (R&D)2, ORCID ID: https://orcid.org/0009-0003-5155-8004, buzunovr@mail.ru

Eurasian Management and Administration School (EMAS Business School), Russia; Noblelift Intelligent Equipment Co. Ltd, China2

Strategic Goals in the Field of Safety and Security, Characteristics of a Business Model

Abstract

Based on the Theory of the multi-level nature (multi-levelness) of business model, the authors continue to develop the universal multi-industry Methodology of business modeling, strategic planning, and strategic management by expanding its mechanism for strategic goal setting. It is proposed to add a strategic projection dedicated to goals in the field of Safety and Security to the system of strategic goals. A procedure for setting strategic goals in this projection has been developed, with the method for selecting related goals based on generally accepted regulatory requirements for risk assessment. Guidance and recommendations on practical implementations in companies are provided, default benchmarking for weighted decision making and references in different business scopes are given, including various examples. The importance of innovations is emphasized for endowing a company’s business model with characteristics of Compressibility/Regenerativity, Flexibility, Elasticity, and Endurance, ensuring its survival and resilience under catastrophic risks: epidemics, sanctions, armed conflicts, and other extremely negative geopolitical and geo-economic events.

Keywords: strategic objectives, strategic goals, safety goals, business modeling, risk-oriented mechanism of goal setting, strategic planning, strategic management, quantitative risk assessment, characteristics of a business model

Андрей Александрович Коляда, доктор делового администрирования (DBA, Швейцария), ректор и научный руководитель, ORCID ID: https://orcid.org/0009-0005-9725-9370, SPIN-код: 1932-8478, AuthorID: 805184, kolyada@emasrussia.ru

Евразийская Школа Менеджмента и Администрирования (Бизнес-школа EMAS), Россия

Роман Александрович Бузунов, мастер делового администрирования (EMBA), преподаватель-научный сотрудник1, ассистирующий генеральный директор (исследования и разработки)2, ORCID ID: https://orcid.org/0009-0003-5155-8004, buzunovr@mail.ru

Евразийская Школа Менеджмента и Администрирования (Бизнес-школа EMAS), Россия1; Noblelift Intelligent Equipment Co. Ltd, Китай2

Стратегические цели в области безопасности, характеристики бизнес-модели

АННОТАЦИЯ

На основе теории мультиуровневой природы (мультиуровневости) бизнес-модели авторы продолжают развивать универсальную межотраслевую методику бизнес-моделирования, стратегического планирования и стратегического менеджмента путём расширения её механизма стратегического целеполагания. В систему стратегических целей предлагается добавить стратегическую проекцию, посвящённую целям в области защиты и безопасности. Разработана процедура постановки стратегических целей в указанной проекции, метод выбора соответствующих целей основан на общепринятых нормативных требованиях по оценке рисков. Предложены инструкции и рекомендации по практическому внедрению в компаниях, даны начальные ориентиры для принятия взвешенных решений в организациях различных профилей, приведены примеры. Подчёркивается важность инноваций для наделения бизнес-модели компании характеристиками гибкости, эластичности и выносливости, обеспечивающими её выживание и стойкость при катастрофических рисках: эпидемиях, санкциях, вооружённых конфликтах и других крайне негативных геополитических и геоэкономических событиях.

Ключевые слова: стратегические цели, цели в области защиты и безопасности, бизнес-моделирование, риск-ориентированный механизм целеполагания, стратегическое планирование, стратегический менеджмент, количественная оценка рисков, характеристики бизнес-модели

Introduction

The current research takes the Theory of the multi-level nature (multi-levelness) of business model [1] and universal multi-industry Methodology of business modeling, strategic planning and strategic management that follows from it [2, 3] developed by Andrey A. Kolyada, EMAS Business School as a base and offers further development of the Methodology through introduction of Safety and Security mechanism into the system of Strategic goal settings for the company.

The Theory of the multi-level nature (multi-levelness) of business model was selected as a base foundation of the current Research because it demonstrates the new concepts and practices with presence of traceable and practical evidence of their resultativeness in the field of business modeling, strategic planning and strategic management.

The original Methodology offers the universal system of strategic goal settings, which can be used by any company regardless of its business scope and scale. The practical advantage of this Methodology supports its foundation serving role for the offered change, especially in connection with the fact that feasibility of this Methodology has been verified by many companies globally as part of various consulting and training projects on business modeling that were carried out during 2010-2024 years.

The Theory of the multi-level nature (multi-levelness) of business model [1] asserts the primacy of the business model over strategy and considers the business model as the foundation of strategic planning and strategic management.

The Methodology offers a set of methods and tools for business modeling, strategic planning and strategic management that solves strategic tasks of modeling and forecasting the target market, finding market niches, quantitative analysis and forecasting (not to be confused with qualitative, i.e. evaluation as "better/worse") of the effectiveness of the business model and the company's strategy in comparison with competitors to find a superior (most effective and productive) business model, strategic goal setting and creation of a management by objectives system, assessment and adjustment of corporate culture, development of strategic actions, etc. based on the selected business model.

The Goal of the research is focused on modification to the original system of strategic goal setting, utilizing specific strategic projections (Finance, Business Model, Quality, Speed, Profitability, New Products/New Markets, Current Products/Current Markets), which are defining certain directions for strategic goal setting with the new projection of Safety and Security. 

The task of the research is to offer the modification that can be considered as an extension of the existing Methodology, being not in contradiction to any of the present items of the Methodology, and is laying on introduction of the additional (8th) strategic projection – “Safety and Security”. Which would set the specific mechanism of precise goal setting and management of related processes for companies. Even though the role of this newly offered projection is more critical to medium and large-scale companies, it is still not contradicting with universal nature of the original Methodology and can be applied to any company being in line with the core practice-proved Methodology.

The role of Safety and Security for any company is critical. It doesn’t matter which specific point is considered: saving a business in the event of a mass epidemics, sanctions, armed conflicts and other extremely negative geopolitical and geoeconomics events, safety of personnel during manufacturing processes, safety of storage or transportation of goods, environmental safety or Security of intellectual assets.  The impact of any Safety accident or Security event, no matter it is a geopolitical or geoeconomics catastrophe that results in the inability to carry out operational activities, a personnel injury, environmental impact, leakage of know-how technology or any other can create unacceptable level of consequences to any company, making its survival and further work questionable. Due to this reason, the development of this projection and extension of the existing Methodology by means of it is valuable point for further Methodology development.

Precise strategic risk-oriented goal setting of the Safety and Security projection is possible through the identification and evaluation of Risks based on guidance of international standards in the field of Risk assessment with the purpose to have an analytical quantitative approach applied. Furthermore, the article highlights the importance of business model innovation to endow a company's business model with characteristics such as Compressibility/Regenerativity, Flexibility, Elasticity and Endurance to ensure its survival and sustainability in the event of catastrophic risks such as mass epidemics, sanctions, armed conflicts and other extremely negative geopolitical and geo-economic events.

In the scope of this research under Safety and Security concerns (Risks) authors assuming result of any possible event which may put in danger employees of the company and other people, create damage of a different nature to company’s assets, cause environmental impacts, generate legal concerns as well as any other results caused by risk activation, which may put in danger the existence of company, its business, switch activation of liability mechanisms or affect company’s related affiliates. From this perspective there is no difference in a specific nature of the impact, whether it causes, for example, an asset loss or damage to intellectual property. The Security related topics are essential part of Risk management of any company [4, 5]. At the same time, the way how a company manages the existing risks strongly affects its success and performance, offering the opportunities in competitive environment [6, 7].

Various researches highlighting that clear communication of company goals helps to contribute to achievement of those goals [8, 9, 10], consequently, the achievement of higher safety levels would be secured in case of introduction of the goals to the corresponding goal setting program. Therefore, with consideration of importance of the general Safety and Security goals, the introduction of the Safety and Security projection will help to deliver clarity of these concerns to the personnel of a company and establish practically working mechanism targeted on risk-oriented goals.

Safety and security risk identification may not be simple and requires time to have the system thoroughly developed, which would cover the majority of foreseeable risks [11]. Only those risks that were identified can be managed [12] and recognition of a risk is the first step in the establishment of risk management system [13]. For this purpose, the various techniques, existing in different practical fields can be used in combination with each other, covering the possible grey areas and gaps of individual approaches, generally benefiting to the quality increase of risk investigation [14].

At the same time, it is difficult to establish sufficient Safety mechanisms only through following the regulation; the feedback from employees on different level is required too: being on a front end, they clearly understand and identify the risk points, which are remaining beyond the scope of different regulations. Those employees are able clearly identify and report the weaknesses to be corrected as they are facing these concerns regularly [15, 16].  

The reasons of occurred safety and security accidents often can be connected not only to the blind areas and shortcomings during risk identification, but also to drawbacks in safety management practices, ineffective communication and low training quality of employees to follow regulations, standard operation procedures and practices as well as caused by different nature of human errors etc. [17, 18].

There are obvious difficulties in adaptation of standardized approach to a business scope of a certain company; however, there are researches which offering the related technologies to align the metrics with companies’ business goals, for example, [19].

Eventually, either through use of specific approaches or expert evaluation, the pool of Safety and Security concerns, which would be individual for different companies depending on their business scope, can be collected. However, in order to address them, need to establish the mechanism of quantitative risk assessment for safety concerns. For this purpose, different risks metrics can be used and variety of principles are existing and introduced in various international standards and methodologies [20, 21, 22] in relation to Safety and Security of different nature (industrial, informational, environmental etc.). Quantitative assessment of the identified risks allows to take weighed decisions while addressing those risks with consideration of possible side effects [23, 24, 25].

It is also critically important to have the correct consideration of risks in relation to company’s objectives, creation of needed regulations which are matching with company’s strategy, so to be a part of it [26, 27].

After the risks are identified and evaluated, the work directed to their mitigation or reduction can be activated, the researches show that more effective approaches are of interventional nature (engineering solutions, limitation of access etc.), rather than behavioral approaches (trainings etc.), therefore, the effectively developed action plan also should be based on combination of different approaches and selection of most suitable ones depending on the risk nature [28].

At the same time, the collaborative efforts on ways to address the identified risk may be suggested with the aim to generate more effective and deeply considered result than one individual can create [29, 30] with consideration of various possible side effects, which could be obvious for some specialists of working group and absolutely unknown to others due to different specialization, experience level, general knowledge etc.

Unfortunately, some researchers found that in many cases those people, which are benefiting most from the implemented changes in the area of safety, are actually creating the great opposition to the changes [31], which partly can be explained by irrational behaving of human being, their fear of new approaches and resistance to change the familiar practices [32]. Therefore, follow-ups on solutions and taken decisions, related to implementation of risk management practices in the format of review and control for the implementation would be required [33].

Researches and practical implementors in the field of Occupational Safety are somehow in agreement that there is a gap between identification of the risks and practical implementation of related actions for its reduction [34]. Therefore, it is critical to introduce the action plan to traceable system of strategic goal settings, via observation of which, the progress can be monitored.

The way how the Strategic targets can be set might be different. In the research [35] it is stated that majority of Occupational Safety and Health professionals likely would create goals in the format “reducing the OSHA recordable rate 5% by the end of the calendar year”, which in that research is considered as not effective way that being able to create side effects on the path of organization for creation of healthy and safe work environment, an alternative approach is offered to motivate professionals to set the goals, which would prioritize integration of required practices over achievement of numbers.

Proactive approaches, assessing employees’ awareness about safety related topics and its positive influence on safety climate should be promoted [36], influence of communication strategy, its frequency and even style are important matters in creation of safe environment [37].

While the outcome-based approach is considered as typical practice of Occupational Safety professionals and such figures as, for example, rates of accidence or frequency of injuries are belonging to typical safety metrics [38], some alternative concepts with wider viewpoint are being offered: In the research [39] the Occupational Safety and Health is considered as system with one of the significant outcomes; however, this system, coexisting with other systems and may be influenced by various decisions and there must be some guides developed to avoid sacrificing of Safety in favor of other decisions – the research offers to have a view from big picture perspective.

In other words, different researches are coming to the conclusion that the goals related to Safety cannot be isolated from other processes and decisions taken in a company. Therefore, the introduction of Safety addressing tool into the mechanism of Strategic goal setting of the company is essential. This also supports the approach that the work of risk evaluation and its mitigation should be made on a systematical basis and be a part of regular organization activity regardless of its business scope [40, 41]. At the same time, even if a specific risk was properly identified and addressed, there is still non-zero probability of its occurrence, therefore, the related activities directed on raising of proper Safety culture and/or response strategies on Security concern targeted on prevention of Safety and Security accidents are important [42, 43].

METHOD

The results presented in this article are based on the Theory of the multi-level nature (multi-levelness) of business model [1], the Methodology of business modeling, strategic planning and strategic management [2, 3], and generally accepted approaches to quantitative risk assessment in the field of Safety and Security, as outlined in the ISO regulations [29, 48, 49]. The article's results represent the integration of these approaches into the Methodology.

The Theory of the multi-level nature (multi-levelness) of business model [1] defines the business model as the foundation of strategic planning and strategic management, sets the priority of the business model over the strategy, the strategy of the organization follows from the business model, the same business model may have different strategies. The business model is considered as a multi-level phenomenon, at least 3 levels are distinguished: product-market, corporate and holding. Each level requires separate management and its own strategic decisions. Competition between players in the market occurs at all levels of the business model that the relevant company has.

The Theory is supported by the universal multi-industry Methodology of business modeling, strategic planning and strategic management [2, 3]. Based on the Methodology, various versions of a company’s business model and strategy are developed. Comparative with competitors, quantitative analysis and forecasting of the effectiveness of the versions of the company's business model and strategy is performed using such generally accepted economic indicators as revenue, sales volume in physical terms, gross and net profit, market shares, shares in the target cluster and segment, company profitability, return on sales, etc. Based on these indicators, a decision is made on the effectiveness of business model and strategy variants (both existing and possible future ones) during the planning horizon. The ability to quantitatively forecast the effectiveness of a business model and strategy, including any possible options for changing them in the future, distinguishes this Methodology from methodologies that provide exclusively qualitative assessment based on the "better/worse" principle, for example, [44, 45, 46].

Based on the chosen superior business model, accordingly, the Methodology suggests performing strategic goal setting in the logic of strategic projections. The main goal of the company (Vision) is cascaded into lower-level goals (Breakthrough goals, Current goals, Content and Process KPIs) across seven strategic projections. The strategic projections are: Finance, Business Model, Quality, Speed, Profitability, New Products/New Markets, Current Products/Current Markets. All of the specified projections are mandatory (goals must be formulated in each one) with the exception of the last one: the Current Products/Current Markets projection may not exist if, in the planning horizon, the company's business model changes in such a way that it abandons all the products and markets that it had in the base period. Of course, this is an extremely rare case.

The planning horizon according to the Methodology is 3 years or more. Goals of different types have fixed terms (the period for which they are set): Vision – 1 year, Breakthrough goals – 1 year, Current goals – quarter (3 months), Content KPI – 1 month, Process KPI – any term. Each year in the planning horizon must contain a full set of described goals. Accordingly, strategic planning is performed year by year. Business modeling and strategic planning are performed scenario-wise. The Methodology requires forecasting and strategic planning, including business modeling and goal setting, according to at least four scenarios: realistic (main), optimistic, pessimistic, catastrophic.

The logic of the strategic projections originally proposed in the Methodology is as follows:

• Projection “Finance”. Set the target for company’s Revenue Gross and Net Profit figures.

• Projection “Business model”. Contains the set of targets on five key components describing the target Business model of each company [2, 47].

• Projection “Quality”. Sets the targets for company’s Quality indicators in general and CSI (Customer Satisfaction Index) in particular.

• Projection “Profitability”. Contains goals in the area of ​​profitability and cost control.

• Projection “Speed”. Sets the goals for increase of speed for business processes and optimization of work flows.

• Projection “New products/New markets”. Sets the goals (revenue, market share, cluster share, etc.) in release of new products and/or development of new markets for sustainable development of a company.

• Projection “Current products/Current markets”. Sets the goals (revenue, market share, cluster share, etc.) for performance on existing products on existing markets where a company is working in the base period and continues to operate during the planning horizon.

Each strategic projection must contain a full set of goals (Breakthrough goals, Current goals, Content and Process KPIs). Goal setting is performed in the logic according to which the achievement of low-level goals automatically leads to the achievement of the corresponding goal of a higher level. Achieving the entire set of goals (Breakthrough goals, Current goals, Content and Process KPIs) in all projections ensures the automatic achievement of the Main goal (Vision) in a given year. Accordingly, the achievement of all Visions in the years included in the planning horizon leads to the achievement of the final Vision.

The important point of the existing Methodology relates to clear goal setting based on economic forecasts of the effectiveness of the selected business model with its quantitative measurements – a clear way to justify achievability of goals and validate the plan. The quantitative indicator(s) should be formulated on the level of Breakthrough annual goals and through quarter Current goals finally be decomposed to the level of monthly Content KPIs. Therefore, it is essential to extend the existing system with similar approach in mind – use of quantitative indicators for goal settings.

The addition of new strategic projection of “Safety and Security” would require the quantitative evaluation and formulation of goals similar to the already known projections. As those goals are based on reduction or mitigation of existing and foreseeable risks it is proposed to use the mechanism of Risk Assessment for quantitative evaluation.

For the purpose of formalization of the risk assessment procedure, the references to ISO 12100:2010, ISO14121-1:2007 and ISO/TR 14121-2:2012 are made. According to General terms of Risk elements the “Risk related to the considered hazard is a function of Severity of harm that can result from the considered hazard and Probability of occurrence of that harm” [48], while the Probability of occurrence on its own is the function of three variables, which are assessing Frequency and duration of the exposure to hazard (further below the term Frequency is used), Probability of occurrence of a hazard event (further below the term Probability is used) and Probability of avoiding or limiting harm (further below the term Avoidance is used) (Figure 1).

The ISO 12100:2010 Standard “Safety of machinery – General principles of design – Risk assessment and risk reduction”, ISO 14121-1:2007 standard “Safety of machinery – Risk assessment – Part 1: Principles, ISO/TR 14121-2 Technical report “Safety of machinery. – Risk assessment – Part 2: Practical guidance and examples of methods” although mainly dedicated for addressing of topics related to machineries, the principles used for Risk assessment are standardized and universal, exactly those principles described in these regulations are subject of interest, those principles can be adopted for use in any business direction for the purpose of the tasks reflected in the current Research.

According to Introduction section of the Technical Report [29] “The purpose of risk assessment is to identify hazards, and to estimate and evaluate risks so that they can be reduced. There are many methods and tools available for this purpose and several are described in this document. The method or tool chosen willargely be a matter of industry, company or personal preference. The choice of a specific method or tool is less important than the process itself. The benefits of risk assessment come from the discipline of the process rather than the precision of the results: as long as a systematic approach is taken to get from hazard identification to risk reduction and all the elements of risk are considered.”

The tools of Risk assessment include various approaches: risk matrix, risk graph, numerical scoring and hybrid tools using combination of those approaches [49]. There are different procedures and evaluation scales used for calculation of Risk figures. In hybrid methods the combination of quantitative risk calculations with various risk matrices can be used [29]. Hybrid methods are operating the following Risk elements: Severity (how strong the impact is), Frequency (how often the exposure to risk happens), Probability (how likely the risk can happen) and Avoidance (how possible is to avoid the consequences), where the sum of Frequency, Probability and Avoidance is considered under Risk Class (Cl) and decision is taken based on dual-dimension matrix using Severity and Risk Class.

The standards are giving general guidance; however, allow the deviation and flexibilities for better adaptation to industry and practices used in a company [29].

The research was carried out as part of the work on the development of the Russian scientific school of business modeling, strategic planning and strategic management, which is being conducted at the Eurasian Management and Administration School (EMAS Business School). EMAS Business School is focused on scientific and research work in the various fields of strategic management, attracting its MBA, Executive MBA and DBA students, graduates and teachers to participate in scientific work within EMAS Business School, the fact that the participants have their interests spread among dozens of different industries and countries allows to develop the Theory and Methodology of business modeling, strategic planning and strategic management on universal based approach ensuring their application to any company.

RESULTS

The 8th Projection of Strategic goal setting “Safety and Security” supplementing the original Methodology and in full compliance with its original logic and methods has been introduced.

As in the case of already known projections, introduction of 8th strategic projection “Safety and Security” requires the mandatory setting of Breakthrough goals (annual targets) with their mandatory decomposition to the level of Current targets (Quarter targets) and consequently of Current targets to the level of Content KPIs (monthly targets), together with this the achievement of Content KPIs can be supported by recurring indicators of auxiliary processes, defined as Process KPIs.

The goals under Safety and Security strategic projection, being considered as a part of separated system (projection), can also be affected by decisions (goals) taken in other projections, for example, Profitability or Speed, therefore, it will be beneficial for any organization to have a projection of Safety and Security be presented on the same level as other projections, in order to clearly justify whether the goals of other projections put under danger the goals of Safety and Security projection.

The mechanism of strategic goal settings under this projection requires following the Algorithms for Risk assessment and Strategic goal setting stated below. The guidance for practical implementation of both Algorithms is offered.

The Algorithm of Risk Assessment

In this Research the Risk assessment is performed using the Hybrid Method, where the value of identified Risk is calculated through and presented under Risk Index figure, Risk Index as a term refers to quantitative value of a Risk being assessed. Consequently, the Risk Index is compared with Risk matrix and default criteria for further decision making regarding its addressing.

The calculation to be made according to the following formula:

As it can be seen, the calculation formula contains four major variables, each of the risk can be described using these criteria with consecutive calculation of the Risk Index. The evaluation of the risks is made by a group of engaged professionals in the direction of described risk. Each of the compositions according to proposed methodology should be evaluated from one to 10, where one is referring to the most beneficial (safe) condition, while 10 presents the highest value of the Risk element, the use of zero is not allowed for any of the elements (Table 1). The use of average value for the combination of Probability, Frequency and Avoidance elements, being considered as contribution to general Probability of Occurrence (see Figure 1) of the Risk, allow to make norming of Probability of Occurrence and stay in the scale of one to 10 for its result, while still taking into account its compositions separately. This approach will help to simplify the Risk Matrix creation used on the next step.

The summary table allows to make ranking of investigated risks based on the value of Risk Index. The calculated result should be evaluated through visualization using the Risk matrix (Table 2) – multidimensional table presenting the combination of Severity and Probability of Occurrence as well as guiding decision making. The Technical report [29] states that the number of cells in the matrices can vary in wide range. For the purpose of this Research, following the approach of 10-point scale marking, the 10 by 10 Matrix is offered to be used:

Note: colors of the matrix cells highlight the categories of calculated Risk indexes.

The boarders of Risk indexes, which are placing a certain risk under one of the categories as well as the number of these categories should be defined based on resources, which a company is able to dedicate to risk reduction activities and related to it managerial decisions.

The default criteria are proposed as follows; however, before the application of these default criteria to real practice, the validation by a company’s management should be performed:

• Risk index below 14 – tolerable risks, generally no actions required as further reduction of risk may not be economically rational; moreover, the resources available suggested to be dedicated to more critical directions.

• Risk index equal or above 14, but below 27 – acceptable risk, especially if cost of risk reduction is higher than actual risk consequences. Monitoring is required.

• Risk index is equal or above 27, but below 42 – risks require attention and actions directed to its reduction, cost of reduction can be high, however, the consequences of risks are sufficient, therefore, can’t be ignored. Business model innovation (BMI) may be recommended to mitigate these risks.

• Risks equal or above 42 – are considered as not acceptable and require reduction measures regardless of their costs. Business model innovation (BMI) is required to mitigate these risks.

Consequently, having the quantitative result of risk evaluation, based on Risk matrix it is getting possible to set the Breakthrough targets, Current targets, Content and Process KPIs following the general principles of the original Methodology being placed into the new 8th strategic projection of Safety and Security.

Addressing of risks in the Strategic goal settings process

The risks, which were identified by the group of engaged professionals, after their evaluation can be distributed in one out of four groups based on calculated value of Risk index. Those risks, which during their quantitative assessment following the Risk evaluation procedure, were assessed with Risk Index equal or above 14 have to be taken under attention of management team of the organization for the purpose of development of specific risk-oriented Breakthrough goals within the scope of newly introduced “Safety and Security” projection and following the standard procedures of original Methodology of business modeling, strategic planning and strategic management [2, 3]. Respectively, the Breakthrough goals should be decomposed to the level of Current goals and Content KPIs, being supported by Process KPIs where applicable, with consecutive development on strategic actions to be executed and monitored within the planning horizon. The outcomes of goals on each level should be specifically targeted to substantial reduction of Risk index figures for each of Risks under attention (with initial Risk Index above 14) within the planning horizon. The approach of quantitative evaluation allows to set specific targeted values for Risk Indexes to be achieved based on weighted decision of an organization’s management team.

Guidance for Risk evaluation procedure

Description of the risk

Identified risk should be clearly described avoiding biased formulation. Main target – provide brief explanation of risk, which can be justified by any reading person on the level sufficient for understanding of risk’s nature and possible consequences.

Severity of the risk

Severity, as evaluation mark, is a subject of extremely rare change in time, obviously, when a risk has been evaluated in terms of its severity, the resulted figure remains unchanged within substantially long time, unless significant changes has been implemented, for example, the significant change of company’s business model. This fact allows to ensure that work on risk mitigation can be made on systematical basis.

Severity, depending on the business scope of the company, can reflect different nature of criteria for its evaluation linked to investigated risk type (Table 3). Undoubtedly, the risks of manufacturing companies, engineering companies, chemical laboratories, law firms, delivery services etc. are all different in terms of their nature; however, the general approach remains the same – the certain ranges of risk activations allow to make the judgement on its severity mark using approved references.

Note: Example of evaluation criteria for different industries is given in table 3; however, can be further specified and tailored towards the needs of a company.

In any case, the mark of Severity is extremely important as its non-objective evaluation can cause lack of attention to the specific risk, especially when the number of investigated risks is high. Therefore, the Severity mark during the evaluation step is suggested to be reviewed by related manager, depending on scale of investigation, up to the top management position.

Frequency, probability and avoidance evaluations (Table 4)

Frequency of risk activation shows how often during the working process the situation, when the described risk can expose may happen.

Probability of risk activation shows which portion of events, which actually happen can potentially cause the activation of risk itself.

Avoidance of risk shows whether there are any possible actions possible to reduce or avoid the consequences, when risk has been already activated

The calculation formula for Risk Index is assuming average value out of these three factors, due to this, the influence of possible evaluation mistake in either of the mark is less important, than severity and the marking can be controlled and managed by related working group of professionals, investigating the risks.

Examples of risk evaluation procedure

Example 1. A chain of cafes specializing in indoor service.

Risk description: Risk of a mass epidemic as a result of which the authorities prohibit the operation of cafes (visiting cafes by customers).

• Severity: 10, catastrophic damage, completely blocking indoor service.

• Frequency: 1, seldom.

• Probability: 7, likely to happen.

• Avoidance: 10, impossible, since the company is obliged to comply with the orders of the authorities.

• Risk index: 10 x (1 + 7 + 10) / 3 = 60.

Conclusion: Reduction actions are required, refer to algorithm below. Risk considered as not acceptable. Business model innovation (BMI) is required to mitigate the risk.

Example 2. Manufacturing plant, welding workshop, specific welding cell.

Risk description: Risk of overheating (heat stroke) caused to a welder due to working in environmental temperature above 30°C (86F) longer than 2 hours being equipped with standard Personal Protection Equipment (PPE).

• Severity: 2, minor impact not requiring first aid or medical attention.

• Frequency: 9, permanent, caused by specific working environment.

• Probability: 8, likely to happen.

• Avoidance: 2, very high due to use of individual cooling system integrated into PPE.

• Risk index: 2 x (9 + 8 + 2) / 3 = 12.7

Conclusion: Reduction actions will not be taken. Risk considered as tolerable.

Example 3. Engineering company.

Risk description: leakage of critical information related to key process technology of temperature compensation module for major product of the company (Precision optics scanner) to one of the major competitors.

• Severity: 8, major – significant impact on company’s business.

• Frequency: 2, seldom – access to key technology is limited.

• Probability: 3, hardly possible – disclosure of technology is protected by NDA.

• Avoidance: 5, moderate – due to irrational mind of human being.

• Risk index: 8 x (2 + 3 + 5) / 3 = 26.7

Conclusion: Risk considered as acceptable. Actions for fixation of Risk index figure should be planned. Refer to algorithm below.

Example 4. Chemical plant.

Risk description: leakage of certain chemicals, contaminations of environment. The tanks where chemicals are contained can be damaged during handling operations by forklifts.

• Severity: 6, moderate – contaminations are reversable, but cleaning is costly.

• Frequency: 7, frequently. Tanks are moved daily.

• Probability: 6, possible

• Avoidance: 5, moderate

• Risk index: 6 x (7 + 6 + 5) / 3 = 36

Conclusion: Actions will be taken. Risk considered as the one required attention. Business model innovation (BMI) may be recommended to mitigate the risk.

The algorithm of goal Setting in the strategic projection “Safety and Security”

Precise goal setting addressing the root cause of an issue should prevail on recommended actions directed on reduction of an impact from this issue. Any clearly identified and formulated risk can be evaluated based on receiving of resulted Risk Index figure, that can be used for further settings of strategic goals in the related strategic projection of Safety and Security with the aim to reduce the Risk Index figure to acceptable level, while being clear at the same time that complete exclusion of the risk is not possible, unless the business model of the company is changed. The targeted Risk Index value should be defined based on managerial decision of company’s management with consideration of available resources.

All Risks, based on Risk index review criteria, can be allocated to one of the four default groups: (a) Tolerable risks, (b) Acceptable risks, (c) Risks requiring careful monitoring and reduction actions, (d) Not acceptable risks. Refer to default criteria above.

          However, only three of the four groups of risks are included to the System of strategic goal setting: those risks which are considered as tolerable are excluded from the System of strategic goal setting, the focus of attention should be dedicated to Risks allocated to rest three categories with prioritizing the work towards Risks having the highest Risk indexes.

The strategic goals (chains of strategic goals “Breakthrough goals - Current goals - Content and Process KPIs”) towards the Risks under attention should be formulated in three possible options for each of the risks individually:

Option 1: reduction of the Risk index value to a certain level, which is lower than the original value, but still above the level of tolerable Risk Index values. Those Risks will be remaining under attention of the System of strategic goal setting and the targeted value of Risk index after its achievement according to original Methodology can be fixed with help of Process KPI.

Option 2: reduction of the Risk index to the level below tolerable threshold, which after achievement of successful results for strategic actions would allow to remove the foreseeable Risks from the system of Strategic goal setting; however, will keep them in the list of identified risks and in case the situation changes those risks automatically will be returned to the system of Strategic goal settings.

Option 3: Fixation of the Risk index on the current level (no reduction) with help of direct setting of Process KPI, the actions, directed to fulfilment of Process KPI required to be developed. The Risk remains in the system of Strategic goal setting. Can be applied only to Risks under acceptable category (default criteria: Risk Index equal or above 14, but below 27).

Chains of strategic goals "Breakthrough goals - Current goals - Content and Process KPIs": Breakthrough goal according to original Methodology should be decomposed through the Current goals (Quarterly goals) to the level of Content KPI (monthly goals) and Process KPI (when they are necessary).

The list of strategic actions should be developed to support the achievement of Content KPIs and Process KPIs. Each of the actions should have the description of expected results, starting and finishing time, responsible person and budget. It is recommended to visualize the list of strategic actions through use of Gantt diagram.

Monthly monitoring of Content and Process KPI should be conducted for the purpose of tracing the achievement of goals (correction measures should be taken when needed) in correlation with possibly changed internal and external situation.

In case the resulted value of Risk index is higher than the level of tolerable risks and when the further reduction considered to be not necessary, the achieved result can be fixed in the form of Process KPI, which will help to control that the Risk index stays on achieved level.

In case the resulted value of Risk index is falling under the tolerable risk category, the Risk is removed from the system of Strategic goal setting, but remains in Risk assessment process among other identified Risks.

Repeated risk assessment for all identified risks recommended to be conducted either annually or specifically in case of significant changes of current situation, which were not predicted under foreseeable scenario.

Guidance on strategic goal setting. Implementation Example

The data shows the result of described change implementation for one of the manufacturing companies in China for the year of 2024, the information of the company is not provided in order to secure its commercial interest. The business scope of the company is related to development and manufacturing of hydraulic pump units used on industrial load handling equipment. Although the list of breakthrough goals includes several, only one branch of goals is shown (Table 5).

Note: Demonstration of initial Risk assessment of identified Safety and Security risk.

The related Risk falls into category of not acceptable and requires actions for its reduction.

Strategic goal formulation (Breakthrough goal): Not later than 30th of December 2024 the Risk Index for the Risk of leakage of confidential data is not higher than 26 (Table 6).

Extraction from the List of strategic actions (Table 7):

Tracing of achieved results, example (based on 30th of June 2024) (Table 8):

Tracing the fulfillment of Content KPIs during year allows to see the status of risk reduction work with monthly update and apply correction measures when needed (Figure 2):

Risk assessment by end of 2024 (Table 9):

As a result, the Risk Index has been limited to the desired and acceptable level; the Safety and Security breakthrough goal has been achieved. The achieved result is fixed with help of Process KPI and remains under the scope of attention of the system of Strategic goal settings: either with the set target value of Risk index until the end of Planning horizon or until the annual review process of strategic goals would define the new goal for that risk.

discussion

Since the Theory of the multi-level nature (multi-levelness) of business model and the universal multi-industry Methodology of business modeling, strategic planning and strategic management are flexible adaptive management constructs, it is advisable to continue further studying the need to introduce additional strategic projections into the goal-setting system.

It should be noted that some risks, especially catastrophic risks resulting from extremely negative geopolitical or geoeconomics events (mass epidemics, armed conflicts, sanctions, etc.) require a response that goes beyond the usual risk management activities. Such risks require long-term preparatory work in the field of business modeling, namely business model innovation (BMI) so that the company's business model acquires the characteristics of Compressibility/Regenerativity, Flexibility, Elasticity and Endurance. Flexibility, Elasticity and Endurance mean that in the event of a catastrophic risk that completely or significantly blocks the normal operating activities of the company, its business model must ensure, firstly, the ability to quickly reduce fixed and variable costs without losing key assets and competencies of the company, secondly, the ability to preserve the blocked parts of the business without losing them, thirdly, the ability to survive for a sufficiently long time to wait for the restoration of a normal situation on the market, and fourthly, the ability to quickly restore operation activities to previous volumes without excessive costs after the disappearance of the risk factor. In practice, such actions in the field of business modeling most often mean the creation of a significant financial safety reserve (cash and a set of non-core highly liquid assets that can be quickly converted into cash if necessary), maximum automation of all operations that are possible (to reduce the number of personnel), differentiation of business by different industries and countries, etc. Most researchers dealing with the BMI miss the need for BMI to ensure the survival and stability of the company in the event of catastrophic risks, concentrating on the importance of BMI in the field of increasing the competitiveness of business. However, the anti-risk value of BMI is so significant that it cannot be neglected, this issue deserves further study.

Conclusions

The article introduces the additional strategic projection of Safety and Security into the universal multi-industry Methodology of business modeling, strategic planning and strategic management, explains the necessity of this changes and highlights that the newly added projection is in line with the Theory of the multi-level nature (multi-levelness) of business model and the general concept of existing Methodology, keeps the approach universal and suitable for practical implementation by any company.

The Safety and Security risks associated with related set of strategic company goals can be effectively reduced to the desired level via the proposed mechanism of their analytical quantitative evaluation based on Risk Index with its corresponding tracing in time and changes, affected by strategic actions on a planning horizon.

Moreover, the introduction of a new strategic projection of the same importance as other key direction of strategic company focuses (projections) allows to exclude the negative influence of decisions taken in other strategic projections on Safety and Security related items.

The practical implementation of proposed changes is demonstrated and is in line with the core original Methodology; therefore, the introduction of offered projection of “Safety and Security” extends the original Methodology following its general rules and addressing the new direction helping to ensure more broad coverage of Strategic system of goal settings for any organization, eventually developing the characteristics of Compressibility/Regenerativity, Flexibility, Elasticity and Endurance of its Business model.

References

1. Kolyada, A. A. (2024). Theory of the multi-level nature (multi-levelness) of a business model, business modeling and business model innovation in strategic management. The Eurasian Scientific Journal,16(4), 1-18

https://doi.org/10.15862/60ECVN424

2. Kolyada A. A. (2014). Effektivnye instrumenty strategicheskogo analiza. Kak prinyat' vernoe reshenie o strategii razvitiya predpriyatiya [Effective tools for strategic analysis. How to make the right decision on an enterprise development strategy]. N.Novgorod: Izdatel'stvo Biznes-Shkoly EMAS Publ., 2014. 174 p. – ISBN 978-5-600-00382-8. (In Russian).
3. Kolyada A. A. (2023) Sleduyushchii uroven': Strategicheskii menedzhment novoi epokhi. Kak postroit` e`ffektivnuyu biznes-model` i razrabotat` e`ffektivnuyu strategiyu dlya rosta vashej kompanii [Next level: strategic management of a New Era. How to build an effective business model and develop an effective strategy for your company's growth]. Moscow: Al'pina PRO Publ. & Eurasian Management And Administration School, 616 p. – ISBN 978-5-206-00086-3. – EDN FUTPBY. (In Russian).
4. Marquez-Tejon, J., Jimenez-Partearroyo, M. & Benito-Osorio, D. (2022). Security as a key contributor to organisational resilience: a bibliometric analysis of enterprise security risk management. Secur J, 35, 600–627

https://doi.org/10.1057/s41284-021-00292-4

5. Smith, C., & Brooks, D. (2013). Security Risk Management. Butterworth-Heinemann
6. Eastburn, R.W., & Sharland, A. (2017). Risk management and managerial mindset. Journal of Risk Finance, 18(1), 21–47.

https://doi.org/10.1108/JRF-09-2016-0114

7. Elahi, E. (2013). Risk management: the next source of competitive advantage. Foresight, 15(2), 117–131.

https://doi.org/10.1108/14636681311321121

8. Boyce, T. E., & Geller, E. S. (2001). Applied behavior analysis and occupational safety: The challenge of response maintenance. Journal of Organizational Behavior Management, 21(1), 31–56
9. Goldreich, O., & Brendan, J. (2009). A Theory of Goal-Oriented Communication. Journal of the ACM (JACM), 59(2), 1–65

https://doi.org/10.1145/2160158.2160161

10. Nasir, A. H., Hanifullah, B., & Hikmatullah H. (2024) Effective Communication as a Tool for Achieving Organizational Goal and Objective. Journal for Research in Applied Sciences and Biotechnology, 3(3), 242–248

http://dx.doi.org/10.55544/jrasb.3.3.37

11. Quinn, S., Ivy, N., Barrett, M., Feldman, L., Witte, G., & Gardner, R. K. (2021). Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management. National Institute of Standards and Technology Interagency or Internal Report 8286A
12. Blistanova, M., Tirpáková, M., & Galanda, J. (2022). Proposal of Risk Identification Methodology Using the Prompt List on the Example of an Air Carrier. Sustainability, 14(15), 9225

https://doi.org/10.3390/su14159225

13. Tchankova, L. (2002). Risk identification – basic stage in risk management. Environmental Management and Health, 13, 290–297.

https://doi.org/10.1108/09566160210431088

14. Raspotnig, C., & Opdahl, A. (2013). Comparing risk identification techniques for safety and security requirements. Journal of Systems and Software, 86, 1124–1151.

https://doi.org/10.1016/j.jss.2012.12.002

15. Auh, S., Menguc, B., Imer, H.,& Uslu, A. (2018). Frontline Employee Feedback-Seeking Behavior: How Is It Formed and When Does It Matter? Journal of Service Research, 22(2).
16. Curcuruto, M., Strauss K., Axtell C., & Griffin M. A. (2020). Voicing for safety in the workplace: A proactive goal-regulation perspective. Safety Science, 131, 104902.

https://doi.org/10.1016/j.ssci.2020.104902

17. Selvik, J. T., & Bellamy, L. J. (2020). Addressing human error when collecting failure cause information in the oil and gas industry: A review of ISO 14224:2016, Reliability Engineering and System Safety, 194, 106418

https://doi.org/10.1016/j.ress.2019.03.025

18. Zara, J., Nordin, S. M., & Isha, A. S. N. (2023). Influence of communication determinants on safety commitment in a high-risk workplace: a systematic literature review of four communication dimensions. Frontiers in public health, 11, 1-24

https://doi.org/10.3389/fpubh.2023.1225995

19. Philippou, E., Frey, S., & Rashid, A. (2020) Contextualising and aligning security metrics and business objectives: A GQM-based methodology, Computers and Security, 88, 101634.

https://doi.org/10.1016/j.cose.2019.101634

20. Aven Terje. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research 253, 1–13
21. ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
22. ISO 31000:2018 Risk management — Guidelines
23. Apostolakis, G.. (2004). How Useful Is Quantitative Risk Assessment? Risk analysis: an official publication of the Society for Risk Analysis, 24(3), 515–520.
24. Ismail, M. N., Kallow, S. M., Gati, K. H., Al-Bayati, H. N. A, & Butsenko, Y. (2024). Quantitative Approaches in Decision Theory for Enhancing Risk Assessment Strategies. Journal of Ecohumanism, 3(5), 308–321.
25. Suddle, S. (2009). The Introduction of the Weighted Risk Analysis. Safety Science, 47. 668–679.

https://doi.org/10.1016/j.ssci.2008.09.005

26. AlGhamdi, S., Than, W. K., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review, Computers and Security, 99(4), 102030
27. Peljhan, D., & Marc, M. (2021). Risk management and strategy alignment: influence on new product development performance. Technology Analysis and Strategic Management, 35(12), 1547–1559.

http://dx.doi.org/10.1080/09537325.2021.2011192

28. Dyreborg, J., Lipscomb, H. J., Nielsen, K., Törner, M., Rasmussen, K., Frydendall, K. B., Bay, H., Gensby, U., Bengtsen, E., Guldenmund, F., & Kines, P. (2022). Safety interventions for the prevention of accidents at work: A systematic review. Campbell Systematic Reviews, 18(2), 1-187.

https://doi.org/10.1002/cl2.1234

29. ISO/TR 14121-2:2012 Safety of machinery. – Risk assessment – Part 2: Practical guidance and examples of methods
30. Xu, E., Wang, W., & Wang, Q. (2023). The effectiveness of collaborative problem solving in promoting students’ critical thinking: A meta-analysis based on empirical literature. Humanities and Social Sciences Communications, 10, 1–11.

https://doi.org/10.1057/s41599-023-01508-1

31. Wilson, J. M., & Koehn, E. (2000). Safety Management: Problems Encountered and Recommended Solutions. Journal of Construction Engineering and Management-asce, 126, 77–79.

https://doi.org/10.1061/%28ASCE%290733-9364%282000%29126%3A1%2877%29

32. Rehman, N., Mahmood, A., Ibtasam, M., Murtaza, S.A., Iqbal, N., & Molnár, E. (2021). The Psychology of Resistance to Change: The Antidotal Effect of Organizational Justice, Support and Leader-Member Exchange. Frontiers in Psychology journal, 12, 678952.

https://doi.org/10.3389/fpsyg.2021.678952

33. Glette-Iversen, I., Flage, R., & Aven, T. (2023). Extending and improving current frameworks for risk management and decision-making: A new approach for incorporating dynamic aspects of risk and uncertainty. Safety Science, 168, 106317

https://doi.org/10.1016/j.ssci.2023.106317

34. Jääskeläinen, A., Tappura, S., & Pirhonen, J. (2022). The path toward successful safety performance measurement. Journal of Safety Research, 83, 181–194. https://doi.org/10.1016/j.jsr.2022.08.014
35. Ndana, Jean. (2021). Strategic Safety Goals: Creating Proactive Objectives Based on Leading Indicators. Prof. Safety, 66, 26–30.
36. Ghosh, S., Nourihamedani, M., Reyes, M., & Snyder, L. (2023). Association Between Leading Indicators of Safety Performance in Construction Projects. International Journal of Construction Education and Research, 20(2), 121–135. https://doi.org/10.1080/15578771.2023.2195209
37. Liao, P. C., Jiang, L. X., Liu, B. S., Chen, C. T., Fang, D. P., Rao, P. L., & Zhang, M. C. (2014). A Cognitive Perspective on the Safety Communication Factors That Affect Worker Behavior. Journal of Building Construction and Planning Research, 2(3), 183–197

http://dx.doi.org/10.4236/jbcpr.2014.23017

38. Karanikas, N. (2016). Critical review of safety performance metrics. International Journal of Business Performance Management, 17, 266–285.

https://doi.org/10.1504/IJBPM.2016.077244

39. Pandey, B. R. (2024). Rethinking occupational health and safety principles—a systems perspective. Journal of the Royal Society of New Zealand, 1–22. https://doi.org/10.1080/03036758.2024.2333555
40. Sujan, M., Spurgeon, P., Inada-Kim, M., Rudd, M., Fitton, L., Horniblow, S., Cross, S., Chessum, P., & W Cooke, M. (2014). Clinical handover within the emergency care pathway and the potential risks of clinical handover failure (ECHO): primary research. NIHR Journals Library, 2014 Mar, 1-170

https://doi.org/10.3310/hsdr02050

41. Twigg, J. (2204). Good Practice Review, Disaster risk reduction: Mitigation and preparedness in development and emergency programming, Humanitarian Practice Network (HPN)
42. Jorgensen, K. (2016). Prevention of “simple accidents at work” with major consequences. Safety Science, 81, 46–58

https://doi.org/10.1016/j.ssci.2015.01.017

43. Ou, C. X., Zhang,  X. W., Angelopoulos, S., Davison, R. M., & Janse, N. (2022). Security breaches and organization response strategy: Exploring consumers’ threat and coping appraisals, International Journal of Information Management, 65, 102498

https://doi.org/10.1016/j.ijinfomgt.2022.102498

44. Kim, W. C., & Mauborgne, R. (2005). Blue Ocean Strategy: How to Create Uncontested Market Space and Make the Competition Irrelevant. Harvard Business School Press
45. Osterwalder, A., & Pigneur, Y. (2010). Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers. John Wiley and Sons, Inc.
46. Gassmann, O., Frankenberger, K., & Csik, M. (2014). The business model navigator. 55 models that will revolutionise your business. Pearson Education Limited
47. Kolyada A. A., Plekhova J. O. (2024). Opredelenie ponyatiya biznes-modeli i trebovanij k nemu v celyax strategicheskogo menedzhmenta organizacii [Definition of the concept of a business model and requirements for it for the purposes of strategic management of an organization]. Vestnik Nizhegorodskogo universiteta im. N.I. Lobachevskogo. Seriya: Social`ny`e nauki = Vestnik of Lobachevsky State University of Nizhny Novgorod. Social Sciences, No. 1 (73), pp. 7–16. (In Russian, abstract in Eng.). DOI: https://doi.org/10.52452/18115942_2024_1_7. – EDN SHKXJB.
48. ISO 12100:2010 Safety of machinery – General principles of design – Risk assessment and risk reduction
49. ISO 14121-1:2007 Safety of machinery – Risk assessment – Part 1: Principles

СПИСОК ИСТОЧНИКОВ

1. Коляда, А. А. (2024). Теория мультиуровневой природы (мультиуровневости) бизнес-модели, бизнес-моделирование и инновация бизнес-модели в стратегическом менеджменте // Вестник евразийской науки. – Т. 16. – № 4. URL: https://esj.today/PDF/60ECVN424.pdf. DOI: https://doi.org/10.15862/60ECVN424.
2. Коляда, А. А. (2014). Эффективные инструменты стратегического анализа. Как принять верное решение о стратегии развития предприятия. – Н. Новгород: Издательство Бизнес-Школы EMAS, 174 с. – ISBN 978-5-600-00382-8.
3. Коляда, А. А. (2023). Следующий уровень: стратегический менеджмент новой эпохи. Как построить эффективную бизнес-модель и разработать эффективную стратегию для роста вашей компании. – М.: ООО "Альпина ПРО", ООО "Евразийская школа менеджмента и администрирования", 616 с. – ISBN 978-5-206-00086-3. – EDN FUTPBY.
4. Marquez-Tejon, J., Jimenez-Partearroyo, M. & Benito-Osorio, D. (2022). Security as a key contributor to organisational resilience: a bibliometric analysis of enterprise security risk management. Secur J, 35, 600–627

https://doi.org/10.1057/s41284-021-00292-4

5. Smith, C., & Brooks, D. (2013). Security Risk Management. Butterworth-Heinemann
6. Eastburn, R. W., & Sharland, A. (2017). Risk management and managerial mindset. Journal of Risk Finance, 18(1), 21–47.

https://doi.org/10.1108/JRF-09-2016-0114

7. Elahi, E. (2013). Risk management: the next source of competitive advantage. Foresight, 15(2), 117–131.

https://doi.org/10.1108/14636681311321121

8. Boyce, T. E., & Geller, E. S. (2001). Applied behavior analysis and occupational safety: The challenge of response maintenance. Journal of Organizational Behavior Management, 21(1), 31–56
9. Goldreich, O., & Brendan, J. (2009). A Theory of Goal-Oriented Communication. Journal of the ACM (JACM), 59(2), 1–65

https://doi.org/10.1145/2160158.2160161

10. Nasir, A. H., Hanifullah, B., & Hikmatullah H. (2024) Effective Communication as a Tool for Achieving Organizational Goal and Objective. Journal for Research in Applied Sciences and Biotechnology, 3(3), 242–248

http://dx.doi.org/10.55544/jrasb.3.3.37

11. Quinn, S., Ivy, N., Barrett, M., Feldman, L., Witte, G., & Gardner, R. K. (2021). Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management. National Institute of Standards and Technology Interagency or Internal Report 8286A
12. Blistanova, M., Tirpáková, M., & Galanda, J. (2022). Proposal of Risk Identification Methodology Using the Prompt List on the Example of an Air Carrier. Sustainability, 14(15), 9225

https://doi.org/10.3390/su14159225

13. Tchankova, L. (2002). Risk identification – basic stage in risk management. Environmental Management and Health, 13, 290–297.

https://doi.org/10.1108/09566160210431088

14. Raspotnig, C., & Opdahl, A. (2013). Comparing risk identification techniques for safety and security requirements. Journal of Systems and Software, 86, 1124–1151.

https://doi.org/10.1016/j.jss.2012.12.002

15. Auh, S., Menguc, B., Imer, H., & Uslu, A. (2018). Frontline Employee Feedback-Seeking Behavior: How Is It Formed and When Does It Matter? Journal of Service Research, 22(2).
16. Curcuruto, M., Strauss K., Axtell C., & Griffin M. A. (2020). Voicing for safety in the workplace: A proactive goal-regulation perspective. Safety Science, 131, 104902.

https://doi.org/10.1016/j.ssci.2020.104902

17. Selvik, J. T., & Bellamy, L. J. (2020). Addressing human error when collecting failure cause information in the oil and gas industry: A review of ISO 14224:2016, Reliability Engineering and System Safety, 194, 106418

https://doi.org/10.1016/j.ress.2019.03.025

18. Zara, J., Nordin, S. M., & Isha, A. S. N. (2023). Influence of communication determinants on safety commitment in a high-risk workplace: a systematic literature review of four communication dimensions. Frontiers in public health, 11, 1-24

https://doi.org/10.3389/fpubh.2023.1225995

19. Philippou, E., Frey, S., & Rashid, A. (2020) Contextualising and aligning security metrics and business objectives: A GQM-based methodology, Computers and Security, 88, 101634.

https://doi.org/10.1016/j.cose.2019.101634

20. Aven Terje. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research 253, 1–13
21. ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
22. ISO 31000:2018 Risk management — Guidelines
23. Apostolakis, G.. (2004). How Useful Is Quantitative Risk Assessment? Risk analysis: an official publication of the Society for Risk Analysis, 24(3), 515–520.
24. Ismail, M. N., Kallow, S. M., Gati, K. H., Al-Bayati, H. N. A, & Butsenko, Y. (2024). Quantitative Approaches in Decision Theory for Enhancing Risk Assessment Strategies. Journal of Ecohumanism, 3(5), 308–321.
25. Suddle, S. (2009). The Introduction of the Weighted Risk Analysis. Safety Science, 47. 668–679.

https://doi.org/10.1016/j.ssci.2008.09.005

26. AlGhamdi, S., Than, W. K., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review, Computers and Security, 99(4), 102030
27. Peljhan, D., & Marc, M. (2021). Risk management and strategy alignment: influence on new product development performance. Technology Analysis and Strategic Management, 35(12), 1547–1559.

http://dx.doi.org/10.1080/09537325.2021.2011192

28. Dyreborg, J., Lipscomb, H. J., Nielsen, K., Törner, M., Rasmussen, K., Frydendall, K. B., Bay, H., Gensby, U., Bengtsen, E., Guldenmund, F., & Kines, P. (2022). Safety interventions for the prevention of accidents at work: A systematic review. Campbell Systematic Reviews, 18(2), 1-187.

https://doi.org/10.1002/cl2.1234

29. ISO/TR 14121-2:2012 Safety of machinery. – Risk assessment – Part 2: Practical guidance and examples of methods
30. Xu, E., Wang, W., & Wang, Q. (2023). The effectiveness of collaborative problem solving in promoting students’ critical thinking: A meta-analysis based on empirical literature. Humanities and Social Sciences Communications, 10, 1–11.

https://doi.org/10.1057/s41599-023-01508-1

31. Wilson, J.M., & Koehn, E. (2000). Safety Management: Problems Encountered and Recommended Solutions. Journal of Construction Engineering and Management-asce, 126, 77–79.

https://doi.org/10.1061/%28ASCE%290733-9364%282000%29126%3A1%2877%29

32. Rehman, N., Mahmood, A., Ibtasam, M., Murtaza, S.A., Iqbal, N., & Molnár, E. (2021). The Psychology of Resistance to Change: The Antidotal Effect of Organizational Justice, Support and Leader-Member Exchange. Frontiers in Psychology journal, 12, 678952.

https://doi.org/10.3389/fpsyg.2021.678952

33. Glette-Iversen, I., Flage, R., & Aven, T. (2023). Extending and improving current frameworks for risk management and decision-making: A new approach for incorporating dynamic aspects of risk and uncertainty. Safety Science, 168, 106317

https://doi.org/10.1016/j.ssci.2023.106317

34. Jääskeläinen, A., Tappura, S., & Pirhonen, J. (2022). The path toward successful safety performance measurement. Journal of Safety Research, 83, 181–194. https://doi.org/10.1016/j.jsr.2022.08.014
35. Ndana, Jean. (2021). Strategic Safety Goals: Creating Proactive Objectives Based on Leading Indicators. Prof. Safety, 66, 26–30.
36. Ghosh, S., Nourihamedani, M., Reyes, M., & Snyder, L. (2023). Association Between Leading Indicators of Safety Performance in Construction Projects. International Journal of Construction Education and Research, 20(2), 121–135. https://doi.org/10.1080/15578771.2023.2195209
37. Liao, P. C., Jiang, L. X., Liu, B. S., Chen, C. T., Fang, D. P., Rao, P. L., & Zhang, M. C. (2014). A Cognitive Perspective on the Safety Communication Factors That Affect Worker Behavior. Journal of Building Construction and Planning Research, 2(3), 183–197

http://dx.doi.org/10.4236/jbcpr.2014.23017

38. Karanikas, N. (2016). Critical review of safety performance metrics. International Journal of Business Performance Management, 17, 266–285.

https://doi.org/10.1504/IJBPM.2016.077244

39. Pandey, B. R. (2024). Rethinking occupational health and safety principles—a systems perspective. Journal of the Royal Society of New Zealand, 1–22. https://doi.org/10.1080/03036758.2024.2333555
40. Sujan, M., Spurgeon, P., Inada-Kim, M., Rudd, M., Fitton, L., Horniblow, S., Cross, S., Chessum, P., & W Cooke, M. (2014). Clinical handover within the emergency care pathway and the potential risks of clinical handover failure (ECHO): primary research. NIHR Journals Library, 2014 Mar, 1-170

https://doi.org/10.3310/hsdr02050

41. Twigg, J. (2204). Good Practice Review, Disaster risk reduction: Mitigation and preparedness in development and emergency programming, Humanitarian Practice Network (HPN)
42. Jorgensen, K. (2016). Prevention of “simple accidents at work” with major consequences. Safety Science, 81, 46–58

https://doi.org/10.1016/j.ssci.2015.01.017

43. Ou, C. X., Zhang,  X. W., Angelopoulos, S., Davison, R. M., & Janse, N. (2022). Security breaches and organization response strategy: Exploring consumers’ threat and coping appraisals, International Journal of Information Management, 65, 102498

https://doi.org/10.1016/j.ijinfomgt.2022.102498

44. Kim, W. C., & Mauborgne, R. (2005). Blue Ocean Strategy: How to Create Uncontested Market Space and Make the Competition Irrelevant. Harvard Business School Press
45. Osterwalder, A., & Pigneur, Y. (2010) Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers. John Wiley and Sons, Inc.
46. Gassmann, O., Frankenberger, K., & Csik, M. (2014). The business model navigator. 55 models that will revolutionise your business. Pearson Education Limited
47. Коляда А. А., Плехова Ю. О. (2024). Определение понятия бизнес-модели и требований к нему в целях стратегического менеджмента организации // Вестник Нижегородского университета им. Н.И. Лобачевского. Серия: Социальные науки. – № 1 (73). – С. 7–16. DOI: https://doi.org/10.52452/18115942_2024_1_7. – EDN SHKXJB.
48. ISO 12100:2010 Safety of machinery – General principles of design – Risk assessment and risk reduction
49. ISO 14121-1:2007 Safety of machinery – Risk assessment – Part 1: Principles

Заявленный вклад авторов: все авторы сделали эквивалентный вклад в подготовку публикации. Авторы заявляют об отсутствии конфликта интересов.

Contribution of the authors: the authors contributed equally to this article. The authors declare no conflicts of interests.