International Journal of Construction Engineering and Management

p-ISSN: 2326-1080    e-ISSN: 2326-1102

2018;  7(4): 153-161



ERM in Construction Companies in the Mexican Southeast

Jose A. Gonzalez-Fajardo, Romel G. Solis-Carcaño, Juan A. Be-Garcia

College of Engineering, Universidad Autonoma de Yucatan, Merida, Mexico

Correspondence to: Jose A. Gonzalez-Fajardo, College of Engineering, Universidad Autonoma de Yucatan, Merida, Mexico.


Copyright © 2018 The Author(s). Published by Scientific & Academic Publishing.

This work is licensed under the Creative Commons Attribution International License (CC BY).


The construction industry is highly risk-prone due to the complex and dynamic environment in which the projects are developed, which generates situations of high uncertainty. Despite this, the application of risk management in this industry continues to be insufficient and/or informal. This study aimed to carry out a diagnosis regarding the degree of implementation of Enterprise Risk Management (ERM) in a sample of construction companies in the southeast of Mexico and to determine if the size of the company has any influence on this degree of implementation. In addition, the opinion of the business owners, concerning 27 typical risks in construction work, was collected, at both the company and project level. The methodology was based on the procurement of information utilizing an instrument applied to the executives of the sample companies; the construction of this instrument was based on the COSO cube structure framework. The degree of implementation of risk management in each company was obtained by various heuristic rules applied to the information gathered. The results showed significant variability in this degree, which was strongly related to the size of the company. Moreover, it was found that, for construction businesspeople, the most worrying risk is the lack of projects which can lead to a process of financial instability.

Keywords: Construction Industry, Company, Risks, Risk management, ERM

Cite this paper: Jose A. Gonzalez-Fajardo, Romel G. Solis-Carcaño, Juan A. Be-Garcia, ERM in Construction Companies in the Mexican Southeast, International Journal of Construction Engineering and Management , Vol. 7 No. 4, 2018, pp. 153-161. doi: 10.5923/j.ijcem.20180704.03.

1. Introduction

The survival of most companies largely depends on their vision regarding the challenges they must face in the competitive environment of their area. Risk management theory can be of aid in providing a solid base from which to identify the risks that companies will have to confront while competing. By managing their risks, companies can not only survive but also attain greater competitiveness and stability in the business.
The aim of Enterprise Risk Management (ERM) is to identify the risks, measure the probability and possible impact of events and to take actions to eliminate or reduce the effects of such risks with a minimal investment of resources. ERM could be used to accomplish companies’ objectives, as suggested by Daud et al. (2009) that ERM is a new holistic approach to managing corporate risks. ERM focuses on decreasing uncertainty in businesses (Folks 2001; Mohd Abdullah N.A. et al. 2012; Razali et al. 2011); this process encourages companies to formulate projections for the future to operate more efficiently. The concept of ERM goes beyond conventional risk management; according to several authors (i.e. Mohd Abdullah, N.A. et al 2012; Dafikpaku 2011; Razali et al. 2011; Hoyt et al. 2008), it has a more strategic objective, providing a precise focus for the management of any kind of uncertainty in an organization, including not only the areas of traditional and financial risks but also operational and strategic risks.
Risk Management, at the company level, is mainly based on the analysis of a business’s strengths and weaknesses in an environment of great uncertainty. According to Courson (2008), one of the most critical problems faced by many companies is not knowing what risks they are confronting, far less finding a solution. Verbano & Venturini (2013) mention that, in times of crisis, companies must control their expenses carefully and predict the potential costs which could arise from risky actions; these authors clarify that this is of particular importance for small and medium-sized business which are more exposed to the harmful effects of such risks due to their limited resources and structural characteristics.
The construction industry, in particular, is highly prone to risk and, on a global scale, it is considered one of the most dangerous (Oladipo 2014). The complex and dynamic setting of construction projects creates an environment of high uncertainty and risk; the industry is vulnerable to distinct types of risks: technical, sociopolitical and commercial (Ehsan et al. 2009). Given this high degree of danger, it is indispensable to identify the way in which risks can be reduced; however, Tang et al. (2007) observed that the application of ERM in the construction industry appears to be very informal. This practice could be due to: insufficient knowledge of ERM, inefficient risk control strategies and inappropriate distribution of risks (Mohd Abdullah N.A. et al. 2012).
Given the above, the need to give an impulse to the culture of ERM in the construction industry must be addressed; to achieve this, trained personnel are required to assess and manage the risks these companies must face. This industry must have guidelines which can help identify the risks, assess their magnitude and impact, and make decisions regarding their management. It can be said that an effective system of risk assessment and management for the construction industry remains a challenging task for the industry practitioners (Ehsan et al. 2009).
Moreover, in a study which describes the process for the development of an evaluation model and an instrument for risk management, Serpell et al. (2015) observed a lack of knowledge of ERM in the construction industry. They mentioned that, in developing countries, the construction organizations have addressed risk management using a series of practices which are usually insufficient, producing poor results on most occasions and limiting the success of project management.
Information on the application of ERM in Mexico is usually quite scarce, and more so in construction companies. According to the experience of the authors of this paper, building contractors have insufficient knowledge of this subject, in particular in the small and medium-sized businesses. Most of these businessmen are civil engineers and architects; in this regard, the authors revised study plans in Mexico for these two professions and found a scant curricular content or none at all for risk management.
In order to contribute in the search for a solution to the problem described above, models and cases were studied which can help determine how companies assess and manage their risks. One of the most complete models is described by means of the COSO conceptual framework represented on a cube (Moeller 2007). The Committee of Sponsoring Organizations (COSO) consists of five sponsoring organizations whose mission is to provide thought leadership through the development of comprehensive frameworks and guidance on ERM, internal control and fraud deterrence designed to improve organizational performance. Figure 1 shows the COSO ERM framework represented as a three-dimensional matrix in the form of a cube which reflects the relationships between objectives, business operating areas; and components (or levels) of the ERM.
Figure 1. Cube structure– Enterprise Risk Management – an integrated conceptual framework. Source: COSO & IIA
The following is a description of the components of the model (ERM-COSO 2004):
1. The internal environment encompasses the tone of an organization and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
2. Objective Setting. Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.
3. Internal and external events affecting the achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channelled back to management’s strategy or objective-setting processes.
4. Risk Assessment. Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.
5. Risk Response. Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.
6. Control Activities. Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
7. Information and Communication. Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
8. Monitoring. The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.
Enterprise risk management is not strictly a serial process, where one component affects only the next. It is a multidirectional, iterative process in which almost any component can and does influence another (ERM-COSO 2004).
The aims of this study were two-fold; to carry out a diagnosis on the degree of implementation of ERM, using a sample of construction companies involved in building projects in the southeast of Mexico and to collect the opinions of the businessmen regarding the most frequent risks and those with the greatest impact. The components of COSO cube structure framework were used to determine this degree of ERM implementation.

2. Research Method

The unit of analysis was the construction company whose area of operation is the state of Yucatan, situated in the southeast of Mexico. The sample consisted of eight companies, with two companies distributed in each of the following sub-groups: giant, large, medium-sized and small.
The criteria used to classify the companies, considering their size, were those established by the Mexican Chamber of Construction (CMIC 2012 – for its acronym in Spanish), which are based on the total volume of annual sales. The participating businesses were selected randomly from a list of CMIC members in the study area; once selected, they were given an explanation of the extent of the study and were invited to participate. Those who did not accept were replaced using the same random procedure.
The measurement instrument consisted of a questionnaire applied by means of a structured interview divided into two parts: the first was to measure the degree of implementation of ERM in the companies and the second was to obtain the perception of the participants regarding the impact and the probability of occurrence of a list of typical risks in the construction industry, which were selected by means of a bibliographical revision.
The degree of risk management in the companies was measured based on the model of the cube structure (Moeller, 2007), which is explained in the introduction of this paper (Figure 1). This structure presents eight components of risk management, of which six were taken into consideration in this study, eliminating the last two components (Information and Communication, and Monitoring) because these are only found in businesses with a high degree of maturity in ERM, which, in the experience of the authors, is not the case in the companies under study. These components are used to refine and improve the previously mentioned components once ERM has had a period of time to consolidate in the company. The six components used are presented in the list below and were classified according to their correspondence to the stages of planning or control:
Ÿ Planning stage
ο C1: Internal Environment
ο C2: Objective Setting
ο C3: Event Identification
Ÿ Assessment stage
ο C4: Risk Assessment
ο C5: Risk Response
ο C6: Monitoring
The subjects participating in this study were high-level executives in the companies; the only condition being that they had to have knowledge or experience relating to the topic under study. From their responses, it was possible to measure the level of compliance with the components of the model, based on their personal perceptions.
The first part of the instrument was comprised of 22 questions and, within its design, the central idea for the creation of risk culture, proposed by Martinez (2009) in his Integral Risk Management System (SGIR - for its acronym in Spanish), was included. In accordance with this idea, three sections were included in this part of the instrument; the first allowed us to collect the data which identify the companies (type, activity, size, number of employees, etc.); the second provided data relating to the structure of the company, its internal and external relationships and risk management; and with the third it was possible to obtain the perception of the companies regarding risk management culture and their strategies when faced with adverse circumstances. The instrument was applied after carrying out pilot tests and the necessary adjustments.
The structure of correspondence between the six components of the model used and the three sections of the first part of the questionnaire was as follows: questions 1 - 4 corresponded to component 1 (C1), questions 5 - 7 to C2, questions 8 - 11 to C3, questions 12 - 13 to C4, questions 14 - 15 to C5 and questions 16 - 22 to C6.
The scale used to evaluate each answer given by the interviewees, with respect to compliance with the components of the model, is presented in Table 1.
Table 1. Scale Used to Evaluate the Level of Compliance with the Components
For each company, the scores of the questions corresponding to each component of the model were averaged out. Subsequently, these scores were transformed by weighting, in order to convert the measuring scale of compliance to values between 0 and 100%. The relative weights assigned to each component are presented in Table 2 and were defined by the authors, based on their experience, and in accordance with the importance or contribution of the component for risk management; as can be seen, the two components considered as having greater weight were event identification and risk assessment.
Table 2. Weighting of Risk Management Components
The degree of risk management of each company –measured in percentage- was obtained by adding up the weighted scores of the six components. In order to achieve a better interpretation of these percentages, a qualitative scale was defined, based on the levels of maturity proposed by Serpell et al. (2014), as follows:
Ÿ Very low: The organization is not aware of the need for risk management and lacks a structured focus to respond to the uncertainty.
Ÿ Low: The organization is aware of the potential benefits of RM, to a certain degree, but has not yet implemented it effectively.
Ÿ Medium: The organization has developed and implemented a formal RM system.
Ÿ High: The benefits of RM are understood at each level of the organization.
Ÿ Very high: ERM is completely understood and implemented, and can be found in a process of continuous improvement.
Table 3 shows the equivalences used between the quantitative degree of risk management and the qualitative scale proposed above. To define this scale, the model representing the continuous improvement of the organization was considered to be an exponential behaviour, given that the first degrees are easier to achieve as they have to do with good management practices, while the actions required to obtain higher degrees involve the execution of specific actions to manage risks in a conscientious manner. The average values considered in the model were: 15, 43, 63, 78 and 93%, for the degrees of very low, low, medium, high and very high, respectively.
Table 3. Criteria for the Qualitative Classification of Degree of Risk Management
Similarly, the average level of compliance with each component was calculated, using the weighted scores of the eight companies. From this information, it was possible to observe the areas requiring further actions which could allow the advance of ERM. The degrees of compliance with the components of planning and assessment for each company were also calculated.
Based on a review of the literature on the most important risk factors that have been identified in studies from different countries, 27 categories of risk were chosen, which according to the experience of the authors are significant in the context of the region of the present study (Tang, W. et al., 2007A; Chapman 2001B; Baccarini & Archer 2001C; Blázquez-Santana et al. 2006D; Nasir et al. 2003E; Fang et al. 2004F; Lusthaus et al. 2002G; Ordóñez 2005H). The second part of the instrument included this list to collect the opinion of businesspeople on the frequency and impact of such risks on their projects; Table 8 shows the 27 risks chosen, as well as their sources.
Most of the risk factors chosen appear in more than one literature document, although they are not described in each paper in the same way. In any case, the terminology was unified and adapted to the context to make sense to the interviewees. For each risk presented, the interviewees were asked to assign a score regarding the impact or capacity to affect the company or project, using a scale with three values (minor, moderate and significant); and another regarding the probability of occurrence of the risk, also using a scale of three values (low, medium, high).

3. Results

Tables 4 and 5 present the measured, weighted percentages for the degree of compliance with the six components taken into consideration in order to measure risk management, in accordance with the model used. It is important to note that companies 1 and 2 were classified as giants, 3 and 4 as large, 5 and 6 as medium-sized and 7 and 8 as small; each group is highlighted in a different shade.
Table 4. Percentages Measured for the Degree of Compliance with the Components of the Model for Risk Management for each Company
Table 5. Weighted Percentages for the Degree of Compliance with the Components of the Model
In accordance with the above, the degree of risk management was calculated for each company, as the sum of the weighted values of the six components; these percentages are presented in Table 6 together with the qualitative score associated with the values.
Table 6. The degree of Risk Management of the Companies Studied
Figure 2 presents a graphic representation of a comparison of the percentages for the degree of compliance obtained by each company for the components of planning and risk assessment. It is important to note that the maximum percentage possible for both groups of components was 50%.
Figure 2. The degree of compliance with planning and risk assessment components for each company
Taking into consideration the eight companies as a whole, Table 7 presents the average percentages of the degree of compliance with each component, which is compared with the maximum values possible according to the established weighting.
Table 7. Average Percentages and Maximum Values of Risk Management Components
The responses of the eight companies regarding impact and probability of occurrence of each main risk considered, at the company level and project level, are presented in Table 8. The numbers in each cell represent the number of companies whose perception coincided with each level of impact and probability.
Table 8. Perception of the Companies with Respect to Impact and Probability of Occurrence of the Main Risk Factors considered in this Study

4. Discussion

In Tables 4 and 5, it is possible to observe that the companies, in general, showed high degrees of compliance with C1 and C2 (internal environment and objective setting), the small companies being the exception; this is to be expected, given that these components include the policies and strategies required for the development of a company in the long term. According to González et al. (2010), based on a study carried out in the same region, small construction companies invest little effort in planning, which could explain the exception mentioned.
From the analysis of Tables 4 and 5, it can also be observed that, apart from the giant companies, the others do not carry out the risk assessment (C4); however, an acceptable level in event identification (C3) was found for the large companies. Furthermore, we can also appreciate that all the companies presented greater percentages of compliance with C5 and C6 (risk response and monitoring) in comparison with C4 (risk assessment). According to the underlying theory in the cube structure model, one would not expect the previous condition to arise, given that the development of ERM must be carried out sequentially. This result may seem unexpected; however, it could also be interpreted as an indication that the companies are not acting in a systematic manner and are merely giving intuitive responses to some risks. Ehsan et al. (2009), in a study carried out in Pakistan, concluded that the perception of risk experienced by contractors and consultants in the construction industry is mainly based on their intuition and experience; they also affirm that the risk response measures most employed are risk elimination and transfer, but without the application of risk analysis or formal management techniques.
The results for the degree of risk management per company showed a strong association between this degree and company size (Table 6). In accordance with this, one of the giant companies presented a high degree; the other giant and one of the large companies qualified with a medium degree while the other large company, together with the medium-sized and small companies, presented a low degree. From this we can assume that in the case of these companies, generally immersed in an evolutive process, the larger they are, the more time they have had to introduce ERM frameworks since their experiences have taught them that the consequences of their failures can be catastrophic. About this, Kale & Arditi (1998) argue that the size of an organization and not only its maturity influence on its probabilities of survival. The results are also consistent with those by Lienbenberg and Hoyt (2008) who found that company size was related to the decision to implement ERM. However, it contradicts the findings of a study in Malaysia, where Rezali et al. (2011) suggest that size does not matter in choosing to adopt ERM practices; they say that this is because Malaysian companies are still not aware of the importance of ERM though these companies are facing risks.
According to the analysis of the components (Table 7), the companies studied could show their evolutionary process which has allowed them to attain a reasonable degree of advancement in the stage denominated risk management planning in this study, while in the other three components, denominated assessment, the advance is not consistent. Figure 2 shows these tendencies clearly since all the companies presented higher degrees in planning in comparison with assessment. This concurs with a study by Mohd Abdullah et al. (2012), who, after carrying out an extensive, revision of the implementation of ERM in organizations, came to the conclusion that, in general, this is achieved in a gradual manner, with several forces giving an impulse to the adoption of ERM.
With respect to the perception of the companies regarding the impact of the principal risks typically found in the construction industry (Table 8), the following were consistently indicated as significant: scarcity of contracts, loss of capital, and cost overruns; the three most significant risks in the perception of high executives are associated with the financial stability of the company.
In relation to the above, the risks indicated as having more probability of occurrence were as follows: change of political party in the government, scarcity of contracts, conflictive client, client insolvency, deficient information systems in the company, failures in time control during execution of projects. The first four can be associated with changes in the external environment, which usually present a cyclical behaviour, and the last two are in relation to the internal failures of the organization.
With the information presented in Table 8, it is possible to construct a double entry table, in which the scores for impact and probability of occurrence of the 27 risks considered are combined; this is shown in Table 9, which reflects the perception of the interviewees regarding the phenomenon studied.
Table 9. Classification of Risks According to Impact and Probability of Occurrence
From this classification it is possible to generate a map of risks, which would facilitate decision-making in the companies regarding the risk response strategies to be established, such as: accept, when impact and probability of occurrence are low; control, when the impact is low but there is a high probability; transfer or share, when the impact is high but there is a low probability, (for example, hiring insurance or outsourcing practice); mitigate and control, when both the impact and the probability of occurrence are high (Mattie, 2007).

5. Conclusions

In general, the results gathered from the eight construction companies showed a low degree of risk management; with only one company observed as having understood the benefits of ERM at all levels of the organization.
The companies obtained good scores only in the components of the internal environment and objective setting, corresponding to the initial levels of ERM; while in the essential components of ERM, risk assessment, and risk response, they presented the lowest scores. Consistent with this data, the companies showed better results in the components of the planning phase, in comparison with those of assessment.
According to opinions expressed by construction businessmen, the most worrying risks are those relating to lack of projects and, as a consequence of this, the possibility of falling into a process of financial instability; another of their worries involves the risks associated with inefficiency in their organizations. None of these kinds of risks are directly related to random events that can occur during the execution of the projects.
It can be concluded therefore that, based on the information gathered, the construction companies in the context of this study have access to many opportunities for risk management improvement, in which it will be necessary for them to develop and implement formal systems of risk management.
The main limitation of this study were that the data was collected in only one region of the country, thus the next step would be to replicate it all over the country, with a more extensive sampling.
This study focused primarily on company-level risks in the region of study, but project-level risks should also be studied in future research, as they are of vital importance to construction companies. The study can also be continued analysing the risks for the different areas of the construction firms, i.e., in which business areas there may be higher risks, what these would be and what the measures would be to reduce or control them.
Considering that the businesspeople gave their opinion about the most frequent risks and their impact based on significant risks found in an international literature review, it would be advisable to continue this study exploring what other risks they have faced at the regional level.


[1]  Baccarini, D. and Archer, R. (2001). The risk ranking of projects: a methodology. International Journal of Project Management, 19 (2001), pp. 139-145.
[2]  Bing, L. & Tiong, R.L.K., (1999). Risk Management Model for International Construction Joint Ventures. Journal of Construction Engineering and Management, 125(5), pp.377–384.
[3]  Blázquez F., Dorta J.A., Verona, M.C. (2006). Factores del crecimiento empresarial. Especial referencia a las pequeñas y medianas empresas. Journal Innovar, Universidad Nacional de Colombia, año 16, vol. 28, pp. 43-56.
[4]  Cervantes, A. (2006). Factores de riesgo para las micro y pequeñas empresas constructoras. Imprevistos en la construcción o falta de previsión. Administración para el Diseño, Anuario 2006. UAM Azcapotzalco. Available at:
[5]  CMIC (2012). Padrón de socios de la Cámara Mexicana de la Industria de la Construcción, Delegación Yucatán (confidencial).
[6]  Chapman, R. J., (2001). The controlling influences on effective risk identification and assessment for construction design management. International Journal of Project Management, 19 (2001), pp. 147-160.
[7]  COSO (2004). Committee of Sponsoring Organizations of the Tradeway Commission. Enterprise Risk Management - Integrated Framework, New York.
[8]  Courson, W.M., (2008). Liability-driven investing: an enterprise risk management strategy. Healthcare financial management: Journal of the Healthcare Financial Management Association, 62(8), pp.58–62.
[9]  Dafikpaku, E. (2011). The Strategic Implications of Enterprise Risk Management: A Framework‖. Paper presented at 2011 ERM Symposium held on 14 March – 16 March 2011 at Swissotel Chicago, Chicago IL.
[10]  Daud, W. N. W. & Yazid, A. S. (2009). ― A Conceptual Framework For The Adoption of Enterprise Risk Management in Government-Linked Companies”. International Review of Business Research Papers, 5(5), pp. 229-238.
[11]  Ehsan, N. et al., (2009). Risk Management in construction industry. International Journal for Risk Assesment, 2(4), pp.16–20.
[12]  El-Sayegh, S.M. (2008). Risk assessment and allocation in the UAE construction industry. International Journal of Project Management, 26(4), pp. 431-438.
[13]  Fang, D., Sik-wah P., & Li, M. (2004). Risk Assesment Model of Tendering for Chinese Building Projects. Journal of Construction Engineering and Management, 130 (6), pp. 862–868.
[14]  Flouris, T. & Yilmaz. K. A., (2010). The Risk Management Framework to Strategic Human Resource Management‖. International Research Journal of Finance and Economics. ISSN 1450-2887 Issue 36.
[15]  Folks, J. (2001). Enterprise Risk Management‖. Creighton University Working Paper.
[16]  González, J.A., Solís, R. & Alcudia, C., (2010). Diagnóstico sobre la planeación y control de proyectos en las PYMES de construcción. Revista de la Construccion, 9(1), pp.17–25.
[17]  Hoyt, R. E. & Lienberg, A. P. (2008). ―The Value of Enterprise Risk Management: Evidence from the U.S. Insurance Industry‖. Online monograph published by the Society of Actuaries.
[18]  Kale, S. & Arditi, D., (1998). Business Failures: Liabilities of Newness, Adolescence, and Smallness. Journal of Construction Engineering & Management, 124 (6), pp.458–464.
[19]  Liebenberg, A. P., & Hoyt, R. E. (2003). The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers. Risk Management and Insurance Review, 6 (1), 37-52.
[20]  Lusthaus, C., Adrien M.H., Anderson, G., Carden, F., Montalván, G.P. (2002). Evaluación Organizacional, Marco para mejorar el desempeño. BID y CIID.
[21]  Mattie, J. & National Association of College and University, B.O., (2007). Meeting the Challenges of Enterprise Risk Management in Higher Education.
[22]  Moeller, R.R., (2007). COSO enterprise risk management: understanding the new integrated ERM framework, Hoboken, New Jersey: John Wiley & Sons, Inc.
[23]  Mohd Abdullah, N.A. et al., (2012). Adoption of Enterprise Risk Management Practices in Organization: A Review. international Journal Business & Information Technology, 2(1), pp.1–9.
[24]  Nasir, D. et al. (2003). Evaluating Risk in Construction–Schedule Model (ERIC–S): Construction Schedule Risk Model. Journal of Construction Engineering and Management, 129 (5), pp. 518-527.
[25]  Oladipo O., S., (2014). A study of Safety Management in Nigeria - Oladipo.pdf. IOSR Journal of Business and Management (IOSR-JBM), 16(3), pp.01–10.
[26]  Ordóñez G, J.M., (2005). Administración integral de riesgos de los negocios en Puebla. Available at:
[27]  Razali, R. A., Yazid. S. A., & Tahir, M. I. (2011). ―The Determinants of Enterprise Risk Management (ERM) Practices in Malaysian Public Listed Companies‖. Journal of Social and Development Sciences, 1(5): 202-207.
[28]  Serpell, A. et al., (2015). Evaluating Risk Management Practices in Construction Organizations. Procedia - Social and Behavioral Sciences, 194(October 2014), pp.201–210.
[29]  Serpell, A.F. et al., (2014). Risk Management in Construction Projects: A Knowledge-based Approach. Procedia - Social and Behavioral Sciences, 119, pp.653–662.
[30]  Tang, W. et al., (2007). Risk Management in the Chinese Construction Industry. Journal of Construction Engineering and Management, 133(12), pp.944–956.
[31]  Verbano, C. & Venturini, K., (2013). Managing Risks in SMEs: A Literature Review and Research Agenda. Journal of Technology Management & Innovation, 8(3), pp.186–197.