<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article">
 <front>
  <journal-meta>
   <journal-id journal-id-type="publisher-id">
    jssm
   </journal-id>
   <journal-title-group>
    <journal-title>
     Journal of Service Science and Management
    </journal-title>
   </journal-title-group>
   <issn pub-type="epub">
    1940-9893
   </issn>
   <issn publication-format="print">
    1940-9907
   </issn>
   <publisher>
    <publisher-name>
     Scientific Research Publishing
    </publisher-name>
   </publisher>
  </journal-meta>
  <article-meta>
   <article-id pub-id-type="doi">
    10.4236/jssm.2025.186028
   </article-id>
   <article-id pub-id-type="publisher-id">
    jssm-147343
   </article-id>
   <article-categories>
    <subj-group subj-group-type="heading">
     <subject>
      Articles
     </subject>
    </subj-group>
    <subj-group subj-group-type="Discipline-v2">
     <subject>
      Business 
     </subject>
     <subject>
       Economics
     </subject>
    </subj-group>
   </article-categories>
   <title-group>
    Risks in Services and Their Management
   </title-group>
   <contrib-group>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Cengiz
      </surname>
      <given-names>
       Haksever
      </given-names>
     </name>
    </contrib>
   </contrib-group> 
   <aff id="affnull">
    <addr-line>
     aDepartment of Information Systems, Analytics, and Supply Chain Management, Norm Brodsky College of Business, Rider University, Lawrenceville, NJ, USA
    </addr-line> 
   </aff> 
   <pub-date pub-type="epub">
    <day>
     07
    </day> 
    <month>
     11
    </month>
    <year>
     2025
    </year>
   </pub-date> 
   <volume>
    18
   </volume> 
   <issue>
    06
   </issue>
   <fpage>
    432
   </fpage>
   <lpage>
    460
   </lpage>
   <history>
    <date date-type="received">
     <day>
      4,
     </day>
     <month>
      October
     </month>
     <year>
      2025
     </year>
    </date>
    <date date-type="published">
     <day>
      17,
     </day>
     <month>
      October
     </month>
     <year>
      2025
     </year> 
    </date> 
    <date date-type="accepted">
     <day>
      17,
     </day>
     <month>
      November
     </month>
     <year>
      2025
     </year> 
    </date>
   </history>
   <permissions>
    <copyright-statement>
     © Copyright 2014 by authors and Scientific Research Publishing Inc. 
    </copyright-statement>
    <copyright-year>
     2014
    </copyright-year>
    <license>
     <license-p>
      This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/
     </license-p>
    </license>
   </permissions>
   <abstract>
    Risks and risk exposures exist in all services with a wide range of consequences concerning human lives and property. Although there are risks common to most services, each service area has a set of unique risks that need different approaches for their management. This paper reviews risks in services in general and their management. Although ample research publications on risk management in various service industries like healthcare, airlines, airports, air traffic control, banking and finance, and hospitality exist, a literature survey revealed only one journal publication on service risks in general and their management in the literature. The purpose of this paper is to contribute to this neglected area of service management. It provides a brief background on risks for service managers and methods, concepts, and tools to defend their organizations against risks.
   </abstract>
   <kwd-group> 
    <kwd>
     Risks
    </kwd> 
    <kwd>
      Enterprise Risk Management
    </kwd> 
    <kwd>
      Vulnerability
    </kwd> 
    <kwd>
      Resilience
    </kwd> 
    <kwd>
      Robustness
    </kwd> 
    <kwd>
      Air Travel
    </kwd>
   </kwd-group>
  </article-meta>
 </front>
 <body>
  <sec id="s1">
   <title>1. Introduction</title>
   <p>All service, manufacturing, or extraction industries face a wide variety of risks. Some of these risks are minor, but some pose a significant threat to their survival. Identifying, analyzing, assessing, treating, and managing risks is part of the risk management duty of service managers. This paper focuses on the service sector of the economy, reviews risk concepts, approaches to risk management, and the tools and methods that service managers can use to protect their organizations. There is ample research on risks and their management in specific service industries, such as healthcare, air travel, hospitality, finance and banking, etc. However, the literature survey revealed only one journal publication that focused on services in general (<xref ref-type="bibr" rid="scirp.147343-61">
     Hollman and Forrest, 1991
    </xref>).</p>
   <p>
    <xref ref-type="bibr" rid="scirp.147343-61">
     Hollman and Forrest (1991)
    </xref> focused on the risk management concept and its application to service businesses. They characterized risk management as the application of general management concepts and proposed a five-step process to help managers cope with risks of pure loss exposures. In addition, the authors proposed a set of insurance, noninsurance, and financing techniques to treat risks of loss.</p>
   <p>The literature survey found two tangentially relevant publications, one by <xref ref-type="bibr" rid="scirp.147343-62">
     Hollman and Mohammad-Zadek (1984)
    </xref>, who described the risk management concept and the process that is used in applying it in small businesses, and a second by <xref ref-type="bibr" rid="scirp.147343-104">
     Nordin et al. (2011)
    </xref> focusing on services provided by manufacturing companies. The authors of the paper examined the risks for manufacturing companies in extending their goods offerings by the addition of different kinds of services. They also developed a conceptual framework that helps manufacturing managers assess the risks of infusing various services into their offerings of goods.</p>
   <p>The literature survey for this paper was conducted between 8/25/2025 and 10/14/2025 using the databases ABI/INFORM Complete, Academic Search Premier, Business Abstracts with Full Text, Business Source Premier, EBSCO Databases, JSTOR, and Health Source: Academic/Nursing Edition, using the keywords risks, enterprise risk management, healthcare, vulnerability, resilience, robustness, air travel, and hospitality industries.</p>
   <p>The rest of the paper is organized as follows. Section 2 reviews risks in general and various definitions of risk from the literature. Section 3 discusses risk management and enterprise risk management as two approaches to managing risks in any organization. Section 4 is a review of types of risks in general. Section 5 discusses vulnerability, resilience, and robustness as relevant concepts in risk management. Section 6 reviews methods and tools that can help service managers decrease vulnerability, and increase the resilience and robustness of their organizations. Section 7 presents risks in air travel and their management as an example of risks in an important service industry. Section 8 presents risks and their management in hotels and resorts as another example. Section 9 is where a summary of the paper and conclusions are presented.</p>
  </sec><sec id="s2">
   <title>2. Risk Definition</title>
   <p>This subtitle may give the impression that there is a single definition of risk. However, there is no universally accepted definition of risk among risk researchers or risk management practitioners. “The word ‘risk’ derives from the early Italian risicare, which means ‘to dare’” (<xref ref-type="bibr" rid="scirp.147343-152">
     Wolke, 2017
    </xref>). Risk and risk management scholars have proposed various definitions, some overlapping and others distinct. Before examining examples of risk definitions, it is important to distinguish between two types of risks.</p>
   <p>Pure risks are those risks that can only lead to loss or no loss; there is no possibility of a gain. Pure risks can be insured if insurers are able to predict the potential losses and agree to cover them. <xref ref-type="bibr" rid="scirp.147343-107">
     Olson &amp; Simkiss (1982)
    </xref> presented a review of fundamental concepts that must be recognized to adequately understand risk management: analyze the objectives of risk management, understand the basic nature of risk management, and identify and analyze appropriate alternatives. They also reviewed various financial insurance alternatives to protect the organization against pure risks. Speculative risks are those risks that may lead to loss or gain for the risk taker (<xref ref-type="bibr" rid="scirp.147343-150">
     Williams, 1966
    </xref>; <xref ref-type="bibr" rid="scirp.147343-69">
     Johnson &amp; Flanigan, 1977
    </xref>; <xref ref-type="bibr" rid="scirp.147343-62">
     Hollman and Mohammad-Zadek, 1984
    </xref>; <xref ref-type="bibr" rid="scirp.147343-61">
     Hollman and Forrest, 1991
    </xref>; <xref ref-type="bibr" rid="scirp.147343-152">
     Wolke, 2017
    </xref>). This distinction seems to be accepted by both risk researchers and practitioners. Pure risks will be the focus in this paper.</p>
   <p>The following is a sample of risk definitions from the literature:</p>
   <p>Risks created by “unknown unknowns” as described by former defense secretary Donald H. Rumsfeld (<xref ref-type="bibr" rid="scirp.147343-35">
     DoD News Briefing, 2002
    </xref>) should be added to these risk definitions (<xref ref-type="bibr" rid="scirp.147343-75">
     Kim, 2017
    </xref>). The probability and impact of these events are impossible to know. Some of the events that fit this description include Ebola virus disease (EVD), severe acute respiratory syndrome (SARS), COVID-19, mad cow disease, and the horse meat scandal. Another hard-to-predict, low-probability, high-impact extreme outlier category of events that are almost impossible to predict are known as “Black Swans” (<xref ref-type="bibr" rid="scirp.147343-138">
     Taleb et al., 2009
    </xref>). Some examples of black swan events are the “Black Monday” stock market crash of October 19, 1987, the “Dot Com” crash of 2002, and the September 11 terrorist attacks.</p>
   <p>For the purposes of this paper, the following definition of risk will be used:</p>
   <p>“Risk is the uncertainty about and severity of the consequences, effects, implications, of an activity, including natural phenomena, with respect to something that humans value.”</p>
   <p>This definition is consistent with <xref ref-type="bibr" rid="scirp.147343-119">
     Rosa (1998)
    </xref>, <xref ref-type="bibr" rid="scirp.147343-7">
     Aven and Renn (2009)
    </xref>, and (<xref ref-type="bibr" rid="scirp.147343-8">
     Aven et al., 2018
    </xref>, Society for Risk Analysis Glossary).</p>
   <p>It should be noted that researchers and practitioners in different sectors of the economy, such as manufacturing, agriculture, mining, finance and banking, air travel, healthcare, hospitality, etc., have developed risk definitions that are appropriate for their sectors. “… each disciplinary literature on risk can similarly be categorized to provide unique epistemological perspectives. As a result, all the disciplines have something valuable to add to our understanding of risk” (<xref ref-type="bibr" rid="scirp.147343-3">
     Althaus, 2005
    </xref>). Risk definitions for one segment of the service sector, air travel and airports, will be reviewed as an example later in the paper. It should also be noted that types of risks and their relative importance for an organization depend on the specific features of the organization, such as industry characteristics, and services and goods produced (<xref ref-type="bibr" rid="scirp.147343-152">
     Wolke, 2017
    </xref>).</p>
   <p>Regardless of how they may be defined, risks must be managed. There are two major approaches that are commonly used in manufacturing and service organizations: risk management (RM) and enterprise risk management (ERM). The next section will review these approaches.</p>
  </sec><sec id="s3">
   <title>3. RM and ERM</title>
   <p>An early definition of Risk Management (RM) states that it is “the process of planning, organizing, directing, and controlling the resources and activities of an organization so that the possibility of loss or injury is reduced to the lowest possible level at the lowest cost” (<xref ref-type="bibr" rid="scirp.147343-34">
     Dillon et al., 1984
    </xref>). RM is a process “that identifies loss exposure faced by an organization and selects the most appropriate techniques for treating the loss exposures” (<xref ref-type="bibr" rid="scirp.147343-117">
     Rejda et al., 2022
    </xref>); as such it focuses on the negative, threats, and failures (<xref ref-type="bibr" rid="scirp.147343-72">
     Kaplan and Mikes, 2012
    </xref>). The major criticism of RM is that risks are dealt with in “silos”, each function of an organization, such as operations, finance, marketing, etc., focusing on and dealing with its own risks (<xref ref-type="bibr" rid="scirp.147343-44">
     Fraser et al., 2021
    </xref>).</p>
   <p>Enterprise risk management (ERM) is advanced RM that deals with all major risks faced by an organization; pure risk, speculative risk, strategic risk, operational risk, and financial risk are the major risk categories (<xref ref-type="bibr" rid="scirp.147343-117">
     Rejda et al., 2022
    </xref>). Some authors consider more categories of risks managers must deal with, such as market, credit, legal, and reputation risks (<xref ref-type="bibr" rid="scirp.147343-31">
     Crouhy et al., 2023
    </xref>). ERM is also referred to as “holistic risk management” (<xref ref-type="bibr" rid="scirp.147343-122">
     Schneier and Miccolis, 1998
    </xref>). In other words, ERM must be aligned with the strategy and mission of an organization (<xref ref-type="bibr" rid="scirp.147343-57">
     Hardy, 2015
    </xref>). <xref ref-type="bibr" rid="scirp.147343-103">
     Nocco and Stulz (2022)
    </xref> reviewed the benefits of ERM as creating value for shareholders and examined the practical issues in the implementation of ERM. Like the lack of a universally accepted risk definition, many researchers and practitioners have offered different definitions of ERM (<xref ref-type="bibr" rid="scirp.147343-15">
     See Bromiley et al., 2015
    </xref>). The following is a small sample of ERM definitions from the risk literature:</p>
   <p>ERM is a structured and disciplined approach to help management understand and manage uncertainties and encompasses all business risks using an integrated and holistic approach (<xref ref-type="bibr" rid="scirp.147343-129">
     Sobel and Reding, 2004
    </xref>).</p>
   <p>Enterprise Risk Management (ERM) “is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.” <xref ref-type="bibr" rid="scirp.147343-118">
     RIMS (The Risk Management Society) (2025)
    </xref>.</p>
   <p>“Enterprise risk management (ERM) is a methodology that looks at risk management strategically from the perspective of the entire firm or organization. It is a top-down strategy that aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organization’s operations and objectives and/or lead to losses” (<xref ref-type="bibr" rid="scirp.147343-59">
     Hayes, 2025
    </xref>).</p>
   <p>“The culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value.” (<xref ref-type="bibr" rid="scirp.147343-30">
     COSO, 2020
    </xref>) (COSO is a private sector initiative sponsored by five accounting- and auditing-related associations).</p>
   <p>Various professional organizations and researchers have proposed frameworks and conceptual models for ERM. Three well-known frameworks by professional organizations are by <xref ref-type="bibr" rid="scirp.147343-29">
     COSO (2017)
    </xref>, International Organization for Standardization (<xref ref-type="bibr" rid="scirp.147343-67">
     ISO, 2018
    </xref>), and <xref ref-type="bibr" rid="scirp.147343-22">
     CAS (2003)
    </xref> (See Sidebar, ERM Frameworks by three professional Societies). These frameworks and models have been designed for business organizations in general; they are applicable to both service and manufacturing organizations. However, none of them is considered to be a “one size fits all” type of model; each organization is likely to make modifications, depending on the services or goods (See the Appendix Notes).</p>
   <p>ERM and its implementations have been criticized in the literature. <xref ref-type="bibr" rid="scirp.147343-15">
     Bromiley et al. (2015)
    </xref> identify limitations and gaps in ERM implementations that management scholars are best equipped to address. <xref ref-type="bibr" rid="scirp.147343-110">
     Paape and Speklé (2012)
    </xref> point out that their research found that the COSO ERM framework does not contribute to risk management effectiveness. Similarly, <xref ref-type="bibr" rid="scirp.147343-45">
     Fraser et al. (2024)
    </xref> provided a review of literature investigating “why many organizations fail or flounder in their attempts to implement ERM.” <xref ref-type="bibr" rid="scirp.147343-63">
     Horvey and Odei-Mensah (2023)
    </xref> present a comprehensive literature review on the measurements and performance of ERM and conclude that, despite mixed findings on ERM and firm performance in the literature, they have found enough evidence that ERM positively affects firms’ performance and shareholders’ value. See also a literature review by <xref ref-type="bibr" rid="scirp.147343-4">
     Anton and Nucu (2020)
    </xref> for ERM adoption, determinants of ERM implementation, and the effects of ERM adoption (See the Appendix Notes).</p>
  </sec><sec id="s4">
   <title>4. Risk Types</title>
   <p>All ERM frameworks and models in the literature require the identification and understanding of the risks an organization deals with. <xref ref-type="bibr" rid="scirp.147343-96">
     Mishra et al. (2019)
    </xref> identify four general categories of risks: strategic, operational, financial, and hazard. <xref ref-type="bibr" rid="scirp.147343-72">
     Kaplan and Mike (2012)
    </xref> identify three risk categories: preventable, strategy, and external. <xref ref-type="bibr" rid="scirp.147343-43">
     Francis (2019)
    </xref> provides a more comprehensive list of risks: market and financial risk, credit risk, physical assets risk, operational risk (including crime risk, technology risk, cyber risk, regulatory risk, people risk, legal risk, model risk, data risk, reputational risk, project risk, strategic risk, and supply chain risk). <xref ref-type="bibr" rid="scirp.147343-32">
     Damali et al. (2021)
    </xref> developed “a comprehensive model of the risks of customer participation in service delivery, integrating research from the marketing, operations and supply chain management, strategy, and information technology fields.” Specific risk types in airline operations, air traffic control, and airport management will be discussed later in the paper.</p>
  </sec><sec id="s5">
   <title>5. Relevant Concepts Related to Risk Management</title>
   <p>Any discussion of risks and their management inevitably includes three relevant concepts: vulnerability, resilience, and robustness because of their close relationships (<xref ref-type="bibr" rid="scirp.147343-123">
     Scholz et al., 2012
    </xref>; <xref ref-type="bibr" rid="scirp.147343-53">
     Haimes, 2009
    </xref>; <xref ref-type="bibr" rid="scirp.147343-6">
     Aven, 2011
    </xref>; <xref ref-type="bibr" rid="scirp.147343-154">
     Zheng et al., 2021
    </xref>; <xref ref-type="bibr" rid="scirp.147343-101">
     Neuvel et al., 2015
    </xref>; <xref ref-type="bibr" rid="scirp.147343-94">
     Mentges et al., 2023
    </xref>; <xref ref-type="bibr" rid="scirp.147343-14">
     Brand and Jax, 2007
    </xref>). <xref ref-type="bibr" rid="scirp.147343-123">
     Scholz et al. (2012)
    </xref> show how these terms can be consistently defined based on a decision-theoretic, verbal, and formal definition. Any organization using some kind of risk management framework must deal with these concepts and make use of them for risk management and protection of an organization against various risks. Although there are a few other concepts relevant to risk management, such as redundancy in systems (e.g., backup generators), flexibility, reliability, and adaptiveness, the following discussion will focus only on the three concepts listed. As in the definition of risk, various researchers offer a variety of different definitions and interpretations of the three concepts.</p>
   <sec id="s5_1">
    <title>5.1. Vulnerability</title>
    <p>Merriam-Webster (<xref ref-type="bibr" rid="scirp.147343-98">
      MW, 2025
     </xref>) defines “vulnerable” as “capable of being physically or emotionally wounded: open to attack or damage: assailable”. According to the Cambridge Dictionary (<xref ref-type="bibr" rid="scirp.147343-23">
      CD, 2025
     </xref>), vulnerability is “the quality of being vulnerable (=able to be easily hurt, influenced, or attacked), or something that is vulnerable.” Clearly, any vulnerable organization is at risk and susceptible to loss of lives and/or damage to property.</p>
    <p>Vulnerability, resilience, and robustness are frequently researched subjects in risk theory, many fields of natural science, risk management, and business management. <xref ref-type="bibr" rid="scirp.147343-46">
      Gallopín (2006)
     </xref> offers a perspective to identify and analyze relations among vulnerability, resilience, and adaptive capacity in socio-ecological systems and “specification of the terms to develop a shared conceptual framework for the natural and social dimensions of global change.” <xref ref-type="bibr" rid="scirp.147343-92">
      McEntire (2011)
     </xref> suggests that vulnerability is related to both liabilities and capabilities that influence the impact of a disaster and reviews four methods for addressing vulnerability. <xref ref-type="bibr" rid="scirp.147343-101">
      Neuvel et al. (2015)
     </xref> proposed vulnerability reduction strategies for land use planning projects in the Netherlands.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-2">
      Adger (2006)
     </xref> defines vulnerability as a state of “susceptibility to harm from exposure to stresses associated with environmental and social change and from the absence of capacity to adapt” and identifies challenges to vulnerability research as developing robust measures and incorporating diverse methods for including perceptions of risk and vulnerability. Based on reference frameworks in classical statistical physics, <xref ref-type="bibr" rid="scirp.147343-49">
      Gheorghe and Vamanu (2004)
     </xref> develop a method to diagnose the current vulnerability of a complex system, as well as to dynamically monitor the time-evolvement of the vulnerability.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-11">
      Berkes (2007)
     </xref> explored how resilience thinking helps deal with uncertainty and change and discusses how building resilience reduces vulnerability. <xref ref-type="bibr" rid="scirp.147343-6">
      Aven (2011)
     </xref> points out the inconsistencies in the definitions of risk, vulnerability, and resilience and proposes a framework in which all three concepts incorporate the uncertainty (probability) dimension. <xref ref-type="bibr" rid="scirp.147343-123">
      Scholz et al. (2012)
     </xref> identify two types of vulnerability: static and dynamic. When the vulnerability of a system is viewed at a certain point in time, it is static vulnerability, and it equals risk. Dynamic is when vulnerability is considered over a period.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-86">
      Leino et al. (2024)
     </xref> “examine multifactor vulnerability and balanced centricity (beyond customer-centricity) in value creation and value cocreation during disruptive shocks.” <xref ref-type="bibr" rid="scirp.147343-42">
      Fleming (1998)
     </xref> developed a model to offer a framework for managers to help them conduct an analysis of their organization’s vulnerability and to take appropriate countermeasures to contain the risks arising from terrorism. <xref ref-type="bibr" rid="scirp.147343-105">
      Nyanchama (2005)
     </xref> provides insight into defining and implementing effective vulnerability management programs as part of information security management.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-71">
      Kamalipoor et al. (2023)
     </xref> conducted a bibliometric analysis of vulnerability reduction in technology-based business research and considered four strategies for vulnerability reduction. <xref ref-type="bibr" rid="scirp.147343-82">
      Kubacki et al. (2020)
     </xref> proposed an integrative framework for vulnerability analysis in social marketing systems by identifying the relationships among power, power asymmetry, vulnerability, and resilience. <xref ref-type="bibr" rid="scirp.147343-13">
      Bongiovanni and Newton (2019)
     </xref> examined the ways modern international airports can create their own security problems by adopting practices, attitudes, and behaviors that could increase their overall level of vulnerability.</p>
   </sec>
   <sec id="s5_2">
    <title>5.2. Resilience</title>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-60">
      Hollings (1973)
     </xref> was the first to introduce the concept of resilience in ecological systems. This work has had significant impact in the fields of ecology, environmental management, ecological economics and the impact of global change on the lives of humans. He stated that “Resilience determines the persistence of relationships within a system and is a measure of the ability of these systems to absorb changes of state variables, driving variables, and parameters and still persist.” “Improving a system’s resilience offers significant advantages in managing risk; improving the resilience of a system constitutes an integral part of the risk management process” (<xref ref-type="bibr" rid="scirp.147343-53">
      Haimes, 2009
     </xref>).</p>
    <p>Today, the concept of resilience has been discussed in relation to and applied to many systems. Ecologists make a distinction between engineering and ecological resilience. <xref ref-type="bibr" rid="scirp.147343-87">
      Levin and Lubchenco (2008)
     </xref> define engineering resilience as “the rate at which a system returns to a single steady or cyclic state following a perturbation” and ecological resilience as “the amount of change or disruption that is required to transform a system from being maintained by one set of mutually reinforcing processes and structures to a different set of processes and structures.” Interestingly, these researchers do not make any distinction between resilience and robustness. The focus of this paper will be on engineering resilience relating to all service systems.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-81">
      Kruk et al. (2015)
     </xref> define healthcare resilience as “the capacity of health actors, institutions, and populations to prepare for and effectively respond to crises; maintain core functions when a crisis hits; and, informed by lessons learned during the crisis, reorganize if conditions require it.” <xref ref-type="bibr" rid="scirp.147343-54">
      Halekotte et al. (2025)
     </xref> identify three understandings of resilience in human-made and natural systems as a process, an outcome, and a capacity, and suggest that only resilience should be understood as a capacity. With reference to supply chains, <xref ref-type="bibr" rid="scirp.147343-28">
      Christopher and Peck (2004)
     </xref> and <xref ref-type="bibr" rid="scirp.147343-93">
      Melnyk et al. (2014)
     </xref> state that resilience must be designed into the system. Furthermore, <xref ref-type="bibr" rid="scirp.147343-93">
      Melnyk et al. (2014)
     </xref> identify two critical capacities of a resilient system: “the capacity for resistance and the capacity for recovery.” The first, resistance, defines a system’s ability to delay a disruption and reduce the impact once the disruption occurs. The second, recovery, defines the ability to recover from a disruption.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-139">
      Tasic et al. (2020)
     </xref> developed a multilevel approach to design a framework with which an organization can self-assess its crisis preparedness and response capacity and thus enhance resilience. <xref ref-type="bibr" rid="scirp.147343-140">
      Tortorella et al. (2023)
     </xref> investigated the relationship between soft lean practices implementation and organizational resilience development in the service sector. <xref ref-type="bibr" rid="scirp.147343-10">
      Barasa et al. (2018)
     </xref> conducted a review of empirical literature from both the health and other sectors on organizational resilience. They found that the resilience of organizations was influenced by a set of factors, including material resources, preparedness, information management, and redundancy. <xref ref-type="bibr" rid="scirp.147343-55">
      Hall et al. (2023)
     </xref> identify research approaches and issues in relation to three types of resilience: engineering, ecological, and socio-ecological resilience. The authors provide a synthesis of the core elements of each resilience approach and their implications for hospitality and tourism. <xref ref-type="bibr" rid="scirp.147343-106">
      O’Connor et al. (2025)
     </xref> performed a bibliometric analysis to examine existing literature on hospitality and tourism small and medium enterprises (SMEs) and their resilience.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-150">
      Vainieri et al. (2024)
     </xref> studied the definition and operationalization of resilience in health system performance assessments in European Union countries. They examined resilience and how it was defined and operationalized into key performance indicators in European Union countries. <xref ref-type="bibr" rid="scirp.147343-86">
      Leino et al. (2024)
     </xref> propose a framework of balanced centricity and service system resilience for service sustainability. <xref ref-type="bibr" rid="scirp.147343-154">
      Wandelt et al. (2025)
     </xref> developed a novel airport resilience measure, the Global Airport Resilience Index (GARI). Through interviews with international health systems experts, <xref ref-type="bibr" rid="scirp.147343-112">
      Paschoalotto et al. (2023)
     </xref> found that the COVID-19 pandemic did modify experts’ views on various aspects of health system resilience.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-153">
      Walker (2020)
     </xref> presented an interesting view of what resilience is and is not: “The simplest definition of resilience is the ability to cope with shocks and to keep functioning in much the same kind of way… Resilience is about learning how to change in order not to be changed.” <xref ref-type="bibr" rid="scirp.147343-153">
      Walker (2020)
     </xref> also states that “resilience is not always good and desirable. Evil dictatorships, salinized landscapes, and psychotic states in people can be very resilient. The problem in such cases is to know how to reduce their resilience.” <xref ref-type="bibr" rid="scirp.147343-46">
      Gallopín (2006)
     </xref> identifies and analyzes the conceptual relations among vulnerability, resilience, and adaptive capacity within socio-ecological systems.</p>
   </sec>
   <sec id="s5_3">
    <title>5.3. Robustness</title>
    <p>Like resilience, robustness is an important concept both in engineering and in some other sciences including medicine, ecology, biology, and hydrology. In engineering, robustness is applied to the design of goods and manufacturing processes. Japanese quality expert Professor Genichi Taguchi is credited with developing methods for both (<xref ref-type="bibr" rid="scirp.147343-135">
      Taguchi, 1986
     </xref>; <xref ref-type="bibr" rid="scirp.147343-136">
      Taguchi and Clausing, 1990
     </xref>; <xref ref-type="bibr" rid="scirp.147343-137">
      Taguchi et al., 2005
     </xref>). <xref ref-type="bibr" rid="scirp.147343-135">
      Taguchi (1986)
     </xref> defined robustness as “the state where the technology, product, or process performance is minimally sensitive to factors causing variability (either in the manufacturing or the user’s environment) and at the lowest unit manufacturing cost.” In other words, a robust product or process will not deviate from its target design performance specifications because of factors in the environment or in use that may cause variability.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-147">
      Weiss and Goldberg (2019)
     </xref> show how robust processes reduce variability in service systems and achieve customer satisfaction. <xref ref-type="bibr" rid="scirp.147343-123">
      Scholz et al. (2012)
     </xref> state that robustness can be seen as an antonym of vulnerability. <xref ref-type="bibr" rid="scirp.147343-131">
      Stewart (2003)
     </xref> introduced a framework based on the three T’s of task, treatment, and tangibles for designing a robust service encounter for improved quality.</p>
   </sec>
   <sec id="s5_4">
    <title>5.4. Bringing the Three Together</title>
    <p>It should be clear from the above discussion that vulnerability, resilience, and robustness are closely related and play critical roles in service risk management. Strategies and tools for reducing vulnerability, and increasing the resilience and robustness of service systems should be deployed for a successful defense of any service organization against risks. Identifying risks and reducing, avoiding, or transferring them whenever possible should be the first step in reducing vulnerability and increasing the resilience and robustness of service systems. Insurance against pure risks is one way to transfer some risks to other entities. Investing in redundant equipment such as emergency generators for hospitals, hospitality establishments, and airports helps increase the resilience of these organizations. Using multiple suppliers (for food, supplies, components, and parts) for airlines, hospitals, and hotels also decreases vulnerability and increases resilience. Investments in state-of-the-art information systems and software against cyber-attacks are crucial for risk management. Designing robust and flexible processes, and continuously monitoring economic, political, climatic events, threats, and emerging trends should be part of preparedness for risk events.</p>
   </sec>
  </sec><sec id="s6">
   <title>6. Tools and Methods</title>
   <sec id="s6_1">
    <title>6.1. Poka-Yoke (Error-Proofing)</title>
    <p>Tools and methods, mostly from manufacturing management, should be utilized for reducing vulnerability and increasing the resilience and robustness of service systems for effective and efficient risk management. One of the most useful and widely used tools in manufacturing is poka-yoke, also known as fail-safe, error proofing, or mistake proofing, a method that was developed by the Japanese quality expert <xref ref-type="bibr" rid="scirp.147343-126">
      Shigeo Shingo (1986)
     </xref>.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-126">
      Shingo (1986)
     </xref> developed this method for manufacturing. In manufacturing processes, it utilizes an automatic device or method which makes it impossible for an error to occur or alerts the operator and stops the process so that the error can be corrected. A simple example of error proofing in recycling waste is color-coding trash bins to make separating materials easier. In product design, parts or sub-assemblies are designed so that they can be assembled in only one, the correct way (<xref ref-type="bibr" rid="scirp.147343-37">
      Dvorak, 1998
     </xref>; <xref ref-type="bibr" rid="scirp.147343-51">
      Grout, 2006
     </xref>). Another example is SIM cards; they have been designed with a notch so that they can be inserted into a cell phone in only one way. <xref ref-type="bibr" rid="scirp.147343-133">
      Stewart and Melnyk (2000)
     </xref> introduce the method, implementation steps, and metrics of poka-yoke for manufacturing systems through four building blocks.</p>
    <p>Despite its manufacturing origin, poka-yoke has been recommended and applied in improving many services. <xref ref-type="bibr" rid="scirp.147343-25">
      Chase and Stewart (1994)
     </xref> focused on the application of poka-yoke in services. The same authors provided detailed coverage of the technique in their book for both manufacturing and services (<xref ref-type="bibr" rid="scirp.147343-24">
      Chase and Stewart, 1995
     </xref>). <xref ref-type="bibr" rid="scirp.147343-132">
      Stewart and Grout (2001)
     </xref> provided a scientific basis for poka-yoke (mistake-proofing) concerning human error by drawing upon research from psychology and cognitive science.</p>
    <p>Poka-yoke can be very useful in designing and improving service delivery processes when used together with service blueprinting. Originally developed by <xref ref-type="bibr" rid="scirp.147343-127">
      G. Lynn Shostack (1984, 1992)
     </xref>, service blueprinting is a visual representation of a service process as a flow chart (<xref ref-type="bibr" rid="scirp.147343-125">
      Seyring et al., 2009
     </xref>). It shows how the components of a service are connected and how they interact. Studying the blueprint can help identify where in the process failures may occur and change the design or develop countermeasures to prevent them. Obviously, service blueprinting can also be used for simply improving the service process and introducing innovations (<xref ref-type="bibr" rid="scirp.147343-76">
      Kingman-Brundage, 1989
     </xref>; <xref ref-type="bibr" rid="scirp.147343-48">
      George and Gibson, 1991
     </xref>; <xref ref-type="bibr" rid="scirp.147343-12">
      Bitner et al., 2008
     </xref>). Clearly, poka-yoke and blueprinting together will improve the resilience and robustness of services and reduce vulnerability to service failure risks.</p>
    <p>There are quite a few applications of poka-yoke in numerous services. <xref ref-type="bibr" rid="scirp.147343-84">
      Lee et al. (2019)
     </xref> provide a taxonomy of security management approaches from the organizational security management perspective for the application of mistake-proofing tools in security management. <xref ref-type="bibr" rid="scirp.147343-68">
      Jin et al. (2012)
     </xref> proposed a method for the analysis of medication incidents and the systematic planning of error-proofing (EP) countermeasures. Using a panel of healthcare professionals, <xref ref-type="bibr" rid="scirp.147343-80">
      Kovach et al. (2013)
     </xref> reviewed 150 error-proofing strategies for medical error prevention and ranked them based on effectiveness, cost, ease of implementation, and mitigation of errors. <xref ref-type="bibr" rid="scirp.147343-51">
      Grout (2006)
     </xref> discussed how healthcare processes should be designed to prevent medical mistakes and improve patient safety. The World Health Organization (<xref ref-type="bibr" rid="scirp.147343-149">
      WHO, 2016
     </xref>) has published a monograph to raise awareness among WHO member states to reduce medication errors in primary care. This publication covers causes of medication errors and potential solutions.</p>
   </sec>
   <sec id="s6_2">
    <title>6.2. Failure Mode and Effect Analysis (FMEA)</title>
    <p>Another tool from manufacturing engineering for risk management and risk reduction is FMEA. It was developed for the U.S. military in the 1940s. Its purpose is to identify potential failures or risks in a product or process design, so that they can be eliminated or countermeasures can be implemented. Failure mode means the specific way a product or process can fail. Effect analysis focuses on studying the consequences of those failures.</p>
    <p>Application of FMEA requires a multidisciplinary, cross-functional team from all fields of expertise related to the product or process (see <xref ref-type="bibr" rid="scirp.147343-https://asq.org/quality-resources/fmea">
      https://asq.org/quality-resources/fmea
     </xref> for a step-by-step implementation of FMEA). Most applications of FMEA use root-cause analysis (RCA) and the “5 Why’s” process. In a service setting, a successful application of FMEA would reduce the vulnerability of a service process and increase the resilience and robustness of the process.</p>
    <p>FMEA can also be used to study product or service failures after they occur, for improvements and developing countermeasures for their prevention. RCA can be used to discover the causes of failures rather than symptoms. RCA is a systematic investigative procedure for identifying the true sources that lead to failures in services and service processes (See <xref ref-type="bibr" rid="scirp.147343-100">
      NCPS, 2021
     </xref> for a detailed guideline for RCA). RCA is usually accompanied by the “5 Whys” process (<xref ref-type="bibr" rid="scirp.147343-124">
      Serrat, 2017
     </xref>; <xref ref-type="bibr" rid="scirp.147343-152">
      Vidyasagar, 2016
     </xref>). Three other tools from manufacturing, Pareto charts, service blueprinting (or flow charts), and Ishikawa (or Fishbone, or cause-and-effect) diagrams, can be used to aid the FMEA and RCA procedures. These simple, easy-to-use graphical tools are covered in most operations management textbooks.</p>
   </sec>
   <sec id="s6_3">
    <title>6.3. Root-Cause-Analysis (RCA)</title>
    <p>RCA has widespread applications in risk identification in healthcare. In their seminal report on medical errors, the Institute of Medicine’s Committee on Quality of Health Care in America (<xref ref-type="bibr" rid="scirp.147343-78">
      Kohn et al., 2000
     </xref>) states that RCA “requires that an organization experiencing a sentinel event conduct a root cause analysis, a process for identifying the basic or causal factors of the event.” <xref ref-type="bibr" rid="scirp.147343-5">
      Askari et al. (2017)
     </xref> used FMEA together with RCA to examine the hazards associated with the process of service delivery in the intensive care unit (ICU) of a tertiary hospital in Iran. <xref ref-type="bibr" rid="scirp.147343-26">
      Chia et al. (2024)
     </xref> studied the integration of Healthcare Failure Mode and Effect Analysis (HFMEA) with RCA and a service blueprint to mitigate medical risks and enhance mass casualty triage efficiency in emergency units. <xref ref-type="bibr" rid="scirp.147343-74">
      Khorsandi et al. (2012)
     </xref> reviewed the quality of the adverse incident reporting system and the RCA of serious adverse incidents at the Department of Surgery of Ninewells Hospital, in Dundee, United Kingdom. <xref ref-type="bibr" rid="scirp.147343-36">
      Doggett (2005)
     </xref> reviewed the cause-and-effect diagram, interrelationship diagram, and current reality tree as tools that can be used with RCA.</p>
   </sec>
   <sec id="s6_4">
    <title>6.4. Pareto Charts</title>
    <p>Named after the Italian economist Vilfredo Pareto, Pareto charts are used to identify the frequency or costs of types of failures in a failed service process so that corrective actions can be focused on the most frequently occurring or most expensive failures first. It is based on the 80/20 rule, which states that 80 percent of failures are caused by 20 percent of possible causes. The cause-and-effect diagram was created by the Japanese quality expert <xref ref-type="bibr" rid="scirp.147343-65">
      Kaoru Ishikawa (1985, 1991)
     </xref>. The diagram is used to identify causes or sources of errors such as equipment, people, materials, environment, and processes. Sub-causes emanating from these are also represented in the diagram.</p>
    <p>FMEA and the associated tools have been used in manufacturing and many services (<xref ref-type="bibr" rid="scirp.147343-116">
      Reid, 2005
     </xref>; <xref ref-type="bibr" rid="scirp.147343-91">
      McCain, 2006
     </xref>). A detailed coverage of the method can be found in <xref ref-type="bibr" rid="scirp.147343-130">
      Stamatis (2019)
     </xref>. <xref ref-type="bibr" rid="scirp.147343-90">
      Malekjahan et al. (2025)
     </xref> used FMEA to determine and score existing risks in aviation. <xref ref-type="bibr" rid="scirp.147343-114">
      Pourmadadkar et al. (2020)
     </xref> conducted a risk assessment study on the CABG (coronary artery bypass grafting) process.</p>
    <p>An integrated approach, based on FMEA, Quality Function Deployment (QFD), and MCDM (multiple-criteria decision-making) techniques, is proposed to identify and prioritize the disruptions in the process and present corrective activities to avoid them. <xref ref-type="bibr" rid="scirp.147343-153">
      Ye et al. (2024)
     </xref> studied steps from COVID-19 patients’ admission to intensive care unit to treatment to discharge and found that potential risks existed to cause nosocomial infection. They used a flow chart for process analysis and developed improvement suggestions based on the FMEA. <xref ref-type="bibr" rid="scirp.147343-134">
      Sun et al. (2025)
     </xref> investigated the effect of healthcare failure mode and effects analysis (HFMEA) in the management of patients with intrathecal morphine pump implantation.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-83">
      Kuwaiti (2016)
     </xref> conducted a study to analyze the effect of the Six Sigma methodology, together with FMEA, a Pareto chart, and poka-yoke, in reducing medication errors in the outpatient pharmacy in a Saudi Arabia hospital. <xref ref-type="bibr" rid="scirp.147343-56">
      Hambleton (2005)
     </xref> used FMEA and RCA in examining real or potential failures in a healthcare compliance program.</p>
   </sec>
  </sec><sec id="s7">
   <title>7. Risks in Air Travel and Their Management</title>
   <p>As an example, regarding risks and their management in services, this section will focus on risks in air travel. Air travel is one of the most important industries in the service sector. The following statistics give an idea about the magnitude of airline operations in the U.S.: based on 490 air carriers, a total of 95.3 million departures were performed from January 2014 to June 2024; in 2024 this number was 10,672,803 departures. Between 2002 and 2024, a total of 19,296,544,405 passengers were carried by all airlines; in 2024, the number of passengers of all airlines was 1,107,987,703 (<xref ref-type="bibr" rid="scirp.147343-18">
     BTS, 2025
    </xref>). <xref ref-type="bibr" rid="scirp.147343-64">
     IATA (2025)
    </xref> forecasts total passenger revenue for world airlines as $693 billion in 2025.</p>
   <p>“Air travel” is used as an umbrella term for its most important components: airlines/airplanes, air traffic control, and airports. Each one of these components has a long list of risks concerning human lives and property. It is not possible or necessary to give an exhaustive list of all these risks to understand the threats to which humans may be exposed; only the most important risks will be reviewed.</p>
   <p>The most important risks in airline operations are:</p>
   <p>1) Pilot fatigue/pilot health</p>
   <p>2) Terrorist attacks targeting airplanes</p>
   <p>3) Air traffic control errors</p>
   <p>4) Cyber-attacks on airports</p>
   <p>5) Runway incursions</p>
   <p>6) Runway excursions</p>
   <p>7) Unmanned aerial vehicles (UAVs)</p>
   <p>Physical and mental pilot fatigue, as well as pilot health, is one of the greatest concerns for airflight safety. Risk literature, as well as healthcare, transportation, and safety literatures, are replete with research and countermeasures on this topic. A Position Paper prepared by a special subcommittee of the Aerospace Human Factors Committee of the Aerospace Medical Association reviewed the relevant scientific literature, summarized applicable U.S. civilian and military flight regulations, evaluated various in-flight and pre-/postflight fatigue countermeasures, and described emerging technologies for detecting and countering fatigue (<xref ref-type="bibr" rid="scirp.147343-19">
     Caldwell et al., 2009
    </xref>). <xref ref-type="bibr" rid="scirp.147343-58">
     Hartzler (2014)
    </xref> provided a literature survey detailing both the health and safety concerns of fatigue among commercial pilots, as well as benefits and risks associated with strategic napping to alleviate this fatigue. <xref ref-type="bibr" rid="scirp.147343-151">
     van Drongelen et al. (2017)
    </xref> surveyed 504 airline pilots through an online questionnaire, including person, work, health, sleep, and lifestyle-related characteristics, to determine risk factors for fatigue among airline pilots.</p>
   <p>
    <xref ref-type="bibr" rid="scirp.147343-151">
     Wingelaar-Jagt et al. (2021)
    </xref> described the pathophysiology, epidemiology, and effects of fatigue and its impact on aviation, as well as several aspects of fatigue management and recommendations for future research in this field. <xref ref-type="bibr" rid="scirp.147343-95">
     Minoretti and Emanuele (2023)
    </xref> provided a comprehensive review of the most common health issues experienced by commercial airline pilots and concluded that taking care of pilots’ health and ensuring public safety will require a collaborative effort among airlines, governments, and regulators. <xref ref-type="bibr" rid="scirp.147343-155">
     Zhu and Chen (2023)
    </xref> studied the impact of fatigue on flight safety through a structural equation model and concluded that, compared to physical fatigue, mental fatigue is more likely to occur in pilots and present a more serious risk.</p>
   <p>
    <xref ref-type="bibr" rid="scirp.147343-102">
     Nicolas (2024)
    </xref> developed a chronological account of major aviation-related terrorist attacks, including the hijacking of aircraft and attacks, and emphasizes the need for advanced technologies and stringent national and international regulations to combat aviation terrorism. Airline hijackings and deaths resulting from them have significantly decreased since the peaks in the 1970s, mainly due to stricter controls and countermeasures taken by governments and airlines (<xref ref-type="bibr" rid="scirp.147343-79">
     Korecki and Hoika, 2022
    </xref>). Consequently, terrorist attacks on airplanes are still serious but low-probability risks.</p>
   <p>Air traffic control errors may originate from the fatigue of controllers or lack of appropriate training. <xref ref-type="bibr" rid="scirp.147343-120">
     Russeng et al. (2021)
    </xref> found no significant relationship between working period and work fatigue, while work shift and workload have a significant relationship with work fatigue in air traffic controllers. <xref ref-type="bibr" rid="scirp.147343-88">
     Li et al. (2021)
    </xref> investigated the relationship between traffic volume, air traffic management occurrences, and fatigue with the participation of 57 European Air Navigation Services air traffic controllers (ATCO). They concluded that ATCO fatigue levels are not the main contributory factor associated with air traffic management occurrences. They recommended sufficient rest breaks and roster schedule optimization, as well as task loads that may induce fatigue. <xref ref-type="bibr" rid="scirp.147343-27">
     Choi (2024)
    </xref> studied risks air traffic controllers may create that cause airline pilots to commit errors during descent and identified understanding controller accents, changes of runway, and difficult clearance of altitude change.</p>
   <p>Cyber-attacks are one of the most serious risks. Air traffic control operations, communications, and airport services (check-ins, baggage handling operations) can be disrupted, causing flight cancellations and many hours of flight delays. <xref ref-type="bibr" rid="scirp.147343-21">
     Cano et al. (2016)
    </xref> analyzed the impact of cyber-attacks whose main goal is to take hold of airport information technology and operations. <xref ref-type="bibr" rid="scirp.147343-50">
     Gopalakrishnan et al. (2013)
    </xref> recommended a defense-in-depth approach in securing airports from cyber vulnerabilities, where one does not rely on any one security mechanism to prevent all potential threats.</p>
   <p>Runway incursions are defined as “Any occurrence at an aerodrome involving the incorrect presence of an aircraft, vehicle, or person on the protected area of a surface designated for the landing and takeoff of aircraft.” (<xref ref-type="bibr" rid="scirp.147343-39">
     FAA, 2025a
    </xref>). <xref ref-type="bibr" rid="scirp.147343-108">
     Omosebi et al. (2023)
    </xref> investigated the relationship between airport geometry, mitigating technologies, and the number of runway incursions at 30 large hub airports in the United States using a random effects Poisson model for analyses of panel data. <xref ref-type="bibr" rid="scirp.147343-146">
     Wang et al. (2018)
    </xref> investigated the factors that contribute to runway incursions.</p>
   <p>Another runway risk is runway excursion (RE). “A runway excursion is a veer off or overrun from the runway surface. These surface events occur while an aircraft is taking off or landing and involve many factors ranging from unstable approaches to the condition of the runway” (<xref ref-type="bibr" rid="scirp.147343-40">
     FAA, 2025b
    </xref>). <xref ref-type="bibr" rid="scirp.147343-85">
     Lee (2023)
    </xref> investigated the most important causal factors of RE and proposed countermeasures to mitigate potential risks in Taiwan region.</p>
   <p>
    <xref ref-type="bibr" rid="scirp.147343-115">
     Pyrgies (2019)
    </xref> studied unmanned aerial vehicle (UAV) or drone incidents around airports worldwide and found that “those incidents are more numerous than anticipated and happen higher and further from the airports than expected.” <xref ref-type="bibr" rid="scirp.147343-77">
     Kobaszyńska-Twardowska et al. (2022)
    </xref> proposed a risk management model for dealing with threats to aviation by UAVs. <xref ref-type="bibr" rid="scirp.147343-89">
     Lykou et al. (2020)
    </xref> presented a survey of drone incidents near airports and a literature review of sensor technologies able to prevent, detect, identify, and mitigate rogue drones. <xref ref-type="bibr" rid="scirp.147343-52">
     Habler et al. (2023)
    </xref> provide a review of aircraft systems and their various networks, emphasizing the cyber threats to which they are exposed and the impact of a cyber-attack on them and their networks.</p>
   <p>Clearly, there are more risks that managers in three components of air travel must deal with, such as supply chain risks (e.g., parts, fuel, and food for airplanes), wildlife strikes, apron accidents, weather events (e.g., snow, hail, thunderstorms, lightning strikes, hurricanes, tornadoes, etc.), and disruptive passengers.</p>
  </sec><sec id="s8">
   <title>8. Risks in the Hotel and Resort Industry and Their Management</title>
   <p>Hotels and resorts constitute another major industry in the service sector. Globally, their market size was estimated to be $1.5 trillion in 2023 (<xref ref-type="bibr" rid="scirp.147343-9">
     Bachman, 2025
    </xref>). The industry consists of a wide variety of establishments—from small independent hotels to luxury hotels and resorts. Their main functions include the provision of lodging, food services, information, recreation, and entertainment.</p>
   <p>The most important risks in the hotel and resort industry are:</p>
   <p>1) Natural disaster risk</p>
   <p>2) Terrorist attacks</p>
   <p>3) Physical/security risk/Theft of valuables</p>
   <p>4) Operational risks</p>
   <sec id="s8_1">
    <title>8.1. Natural Disaster Risk</title>
    <p>Natural disasters like hurricanes, tornadoes, tsunamis, earthquakes put lives of customers and staff and property in risk especially at coastal areas. Managers of these establishments have the duty of reducing the vulnerabilities such as power systems, telecommunications, water, and food supplies. Managers must make sure their systems’ vulnerabilities have been reduced. This can be achieved by increasing resilience and robustness of their systems like stocking emergency supplies of food and beverages, constantly monitoring weather reports, having redundant power generation equipment, and maintaining healthcare support (e.g. doctors, nurses, medical emergency responders), arranging alternative lodging for guests and training staff for disaster response. Naturally, these will increase operating costs of a hospitality establishment, however staying vulnerable against natural disaster may have much higher costs in human lives and property damage.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-17">
      Brown et al. (2019)
     </xref> investigated the measure of disaster resilience within the hotel sector in an exploratory quantitative study. Data were collected from hotel general managers and staff in two New Zealand tourist destinations. They found that hotels in the sample have positive attributes of disaster resilience. They also recommended areas of future focus for resilience-building. <xref ref-type="bibr" rid="scirp.147343-16">
      Brown et al. (2021)
     </xref> explored hotel disaster resilience with a multiple methods approach, utilizing a capital-based framework. They recommended the need to develop an all-hazards approach to training and exercises and to integrate staff fully in the process. They also stated that the development of multiple resources prior to a disaster and continued investment afterward can enhance and build disaster resilience over time.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-70">
      Johnston et al. (2007)
     </xref> evaluated staff training for emergencies, emergency management exercises, and hazard signage within motels and hotels in Ocean Shores, Washington, USA. They also made suggestions on how to improve preparedness, including a natural hazard warning system, and training designed within the wider context of effective warning systems: early warning and notification, response planning, discussion and communication, and education. <xref ref-type="bibr" rid="scirp.147343-109">
      Orchiston (2013)
     </xref> examined tourism business disaster planning in areas at risk from low-frequency/high-consequence natural disasters. The author presented empirical findings from a tourism business survey in the Southern Alps of New Zealand, an area with high seismic risk that supports a tourism industry comprising many micro-sized, owner-operated businesses.</p>
   </sec>
   <sec id="s8_2">
    <title>8.2. Terrorist Attacks</title>
    <p>Terrorism has been a difficult word to define; there is no legal or scientific agreement on the definition of terrorism. Encyclopedia Britannica (<xref ref-type="bibr" rid="scirp.147343-38">
      EB, 2025
     </xref>) defines terrorism as the calculated use of violence to create a general climate of fear in a population and thereby to bring about a particular political objective. The <xref ref-type="bibr" rid="scirp.147343-41">
      FBI’s (2025)
     </xref> definition is “Violent, criminal acts committed by individuals and/or groups who are inspired by, or associated with, designated foreign terrorist organizations or nations.” According to a Heritage Foundation Report (<xref ref-type="bibr" rid="scirp.147343-97">
      Muhlhausen and McNeill, 2011
     </xref>), “Between 1969 and 2009, there were 38,345 terrorist incidents around the world. Of these attacks, 7.8 percent (2981) were directed against the United States.” <xref ref-type="bibr" rid="scirp.147343-148">
      Wernick and Von Glinow (2012)
     </xref> identify the reasons why terrorists target luxury hotels: 1) they are symbolic targets of Western affluence; 2) like restaurants and nightclubs, they are “soft targets”; 3) a successful attack on a five-star property can yield high rewards equivalent to an attack on an embassy; 4) changing organizational composition of the terrorist groups themselves.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.147343-111">
      Paraskevas (2013)
     </xref> proposed a six-step baseline strategy to address terrorist threats targeting hotels. Based on the generic crisis management literature, the study showed that there is a need to expand the understanding of the security function from its classic approach of “detect-deny-respond” to a model with six building blocks that can become the framework for the development of a strategy to protect hotels against terrorism.</p>
    <p>Department of Homeland Security (<xref ref-type="bibr" rid="scirp.147343-33">
      DHS, 2010
     </xref>) has prepared a guide to protect the US lodging industry against terrorist attacks and cyber-attacks. The guide outlines the key vulnerabilities of hotels. It discusses manmade hazards, accidents, and natural disasters, and proposes protective measures including planning and preparedness, incident response, monitoring, surveillance, inspection, and information security and cybersecurity to reduce vulnerabilities and increase resilience and robustness. Another useful source for terrorism preparedness and prevention is a handbook edited by <xref ref-type="bibr" rid="scirp.147343-121">
      Schmid (2021)
     </xref>, which contains papers on prevention of preparatory acts, prevention of, and preparedness for, terrorist attacks.</p>
   </sec>
   <sec id="s8_3">
    <title>8.3. Physical/Security Risk/Theft of Valuables</title>
    <p>Although rare, hotel and resort guests may be targets of physical attacks or their valuables may be stolen. Large hotels usually have security staff and closed-circuit television (CCTV) monitoring hallways of guest rooms and other critical parts of the hotel (e.g., garage, delivery areas), as well as well-designed lighting of hallways and corridors. Training for both the security and general staff and installing a state-of-the-art CCTV system would reduce the vulnerability of guests and their property.</p>
   </sec>
   <sec id="s8_4">
    <title>8.4. Operational Risks</title>
    <p>Hotels have many departments and systems to serve their guests. Some of these include front office, booking and reservation, restaurant(s), bar(s), kitchen, food and beverage, room service, housekeeping, laundry, heating and cooling, plumbing, electrical, telecommunications, maintenance, and event and conference management. Another particularly important operational risk is the supply risk. Hotels have a complex supply chain and a variety of suppliers like food, beverage, linen, toiletries, cleaning, and maintenance supplies. Establishing strong ties and partnerships with suppliers for timely delivery of supplies and maintaining optimal inventory levels goes a long way to reduce most of the operational risks. Smooth operation of these systems is essential for guest satisfaction and hotel profits. Like any system, failures may happen in one or more of them; consequently, constantly monitoring and updating these systems and staff training are critical duties of hotel management.</p>
   </sec>
  </sec><sec id="s9">
   <title>9. Summary and Conclusion</title>
   <p>This paper presented a review of risks in organizations and specific risks in services. Risk definitions from the risk research area, together with frameworks proposed by risk professional societies, specifically risk management (RM) and enterprise risk management (ERM), have been reviewed. In addition, concepts of vulnerability, resilience, and robustness, and the important roles they play in risk management, were discussed. Tools and methods, mostly from manufacturing management, were proposed as potential aids in reducing vulnerability and increasing resilience and robustness of organizations in their struggle with various risks. Finally, risks and their management in air travel (i.e., airlines, air traffic control, and airports) and hotel and resort industries were discussed as two examples.</p>
   <p>This paper is an attempt to contribute to the literature in a long-neglected area of services research, namely risks in services in general and their management. This paper also reviews and recommends the application of tools and methods to reduce the vulnerability of service organizations and improve their resilience and robustness in dealing with a variety of risks, thereby equipping service managers for the defense of their organizations.</p>
   <p>As mentioned above, the literature survey revealed only one journal publication on risks in services in general and their management. Being the second journal article on the subject, this paper may revive interest among service researchers to focus on this long-neglected area of service management. It is hoped that this paper will alert researchers to a wide-open area of services research and will encourage them to investigate various aspects of risks in services.</p>
   <p>Future research may focus on risks in other service industries, such as specific healthcare branches, in more detail. Also, some researchers may investigate the applications of management science/operations research techniques for optimizing the resilience and robustness of service systems.</p>
  </sec><sec id="s10">
   <title>Appendix Notes</title>
   <p>SIDEBAR: ERM Frameworks by three professional societies:</p>
   <p>
    <xref ref-type="bibr" rid="scirp.147343-29">
     COSO (2017)
    </xref></p>
   <p>1) Governance and Culture: Governance sets the organization’s tone, reinforcing the importance of, and establishing oversight responsibilities for, enterprise risk management. Culture pertains to ethical values, desired behaviors, and understanding of risk in the entity.</p>
   <p>2) Strategy and Objective-Setting: Enterprise risk management, strategy, and objective-setting work together in the strategic-planning process. A risk appetite is established and aligned with the strategy; business objectives put the strategy into practice while serving as a basis for identifying, assessing, and responding to risk.</p>
   <p>3) Performance: Risks that may impact the achievement of strategy and business objectives need to be identified and assessed. Risks are prioritized by severity in the context of risk appetite. The organization then selects risk responses and takes a portfolio view of the amount of risk it has assumed. The results of this process are reported to key risk stakeholders.</p>
   <p>4) Review and Revision: By reviewing entity performance, an organization can consider how well the enterprise risk management components are functioning over time and in light of substantial changes, and what revisions are needed.</p>
   <p>5) Information, Communication, and Reporting: Enterprise risk management requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organization.</p>
   <p>
    <xref ref-type="bibr" rid="scirp.147343-67">
     ISO (2018)
    </xref></p>
   <p>1) Communication and Consultation: Assist relevant stakeholders in understanding risk, the basis on which decisions are made, and the reasons why particular actions are required.</p>
   <p>2) Scope, Context, and Criteria: Customize the risk management process, enabling effective risk assessment and appropriate risk treatment.</p>
   <p>3) Risk Assessment (Risk Identification, Risk Analysis, Risk Evaluation): Conducted systematically, iteratively, and collaboratively, drawing on the knowledge and views of stakeholders.</p>
   <p>4) Risk Treatment: Select options for addressing risk. Specify how the chosen treatment options will be implemented.</p>
   <p>5) Monitoring and Review: Assure and improve the quality and effectiveness of process design, implementation, and outcomes.</p>
   <p>6) Recording and Reporting: The risk management process and its outcomes should be documented and reported through appropriate mechanisms.</p>
   <p>SIDEBAR: ERM Frameworks by three professional societies (continued):</p>
   <p>
    <xref ref-type="bibr" rid="scirp.147343-22">
     CAS (2003)
    </xref></p>
   <p>1) Establish Context: Define the relationship of the enterprise with its external and internal environments. Identify the risk categories relevant to the enterprise.</p>
   <p>2) Identify Risks: Document the conditions and events (including “extreme events”) that represent material threats to the enterprise’s achievement of its objectives or represent areas to exploit for competitive advantage.</p>
   <p>3) Analyze/Quantify Risks: Calibrate and, wherever possible, create probability distributions of outcomes for each material risk.</p>
   <p>4) Integrate Risks: aggregating all risk distributions, reflecting correlations and portfolio effects, and expressing the results in terms of the impact on the enterprise’s key performance indicators (i.e., the “aggregate risk profile”).</p>
   <p>5) Assess/Prioritize Risks: Determine the contribution of each risk to the aggregate risk profile, and prioritize accordingly, so that decisions can be made regarding the appropriate treatment.</p>
   <p>6) Treat/Exploit Risks: Develop strategies, including decisions to avoid, retain (and finance), reduce, transfer, or exploit risk.</p>
   <p>7) Monitor &amp; Review: Continually gauge the risk environment and the performance of the risk management strategies.</p>
  </sec>
 </body><back>
  <ref-list>
   <title>References</title>
   <ref id="scirp.147343-ref1">
    <label>1</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Adger, W. N. (2006). Vulnerability. Global Environmental Change, 16, 268-281. 
     <u>&gt;https://doi.org/10.1016/j.gloenvcha.2006.02.006</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref2">
    <label>2</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Althaus, C. E. (2005). A Disciplinary Perspective on the Epistemological Status of Risk. Risk Analysis, 25, 567-588. 
     <u>&gt;https://doi.org/10.1111/j.1539-6924.2005.00625.x</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref3">
    <label>3</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Anton, S. G.,&amp;Nucu, A. E. A. (2020). Enterprise Risk Management: A Literature Review and Agenda for Future Research. Journal of Risk and Financial Management, 13, Article 281. 
     <u>&gt;https://doi.org/10.3390/jrfm13110281</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref4">
    <label>4</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Askari, R., Shafii, M., Rafiei, S., Abolhassani, M. S.,&amp;Salarikhah, E. (2017). Failure Mode and Effect Analysis: Improving Intensive Care Unit Risk Management Processes. International Journal of Health Care Quality Assurance, 30, 208-215. 
     <u>&gt;https://doi.org/10.1108/ijhcqa-04-2016-0053</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref5">
    <label>5</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Aven, T. (2011). On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience. Risk Analysis, 31, 515-522. 
     <u>&gt;https://doi.org/10.1111/j.1539-6924.2010.01528.x</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref6">
    <label>6</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Aven, T.,&amp;Renn, O. (2009). On Risk Defined as an Event Where the Outcome Is Uncertain. Journal of Risk Research, 12, 1-11. 
     <u>&gt;https://doi.org/10.1080/13669870802488883</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref7">
    <label>7</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Aven, T., Ben-Haim, Y., Andersen, H. B., Cox, T., Droguett, E. L., Greenberg, M., Guikema, S., Kröger, W., Renn, O., Thompson, K. M.,&amp;Zio, E. (2018). Society for Risk Analysis Glossary. 
     <u>&gt;https://www.sra.org/risk-analysis-introduction/risk-analysis-glossary/</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref8">
    <label>8</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Bachman, W. (2025). How the Travel&amp;Hospitality Industry Works. Umbrex.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref9">
    <label>9</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Barasa, E., Mbau, R.,&amp;Gilson, L. (2018). What Is Resilience and How Can It Be Nurtured? A Systematic Review of Empirical Literature on Organizational Resilience. International Journal of Health Policy and Management, 7, 491-503. 
     <u>&gt;https://doi.org/10.15171/ijhpm.2018.06</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref10">
    <label>10</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Berkes, F. (2007). Understanding Uncertainty and Reducing Vulnerability: Lessons from Resilience Thinking. Natural Hazards, 41, 283-295. 
     <u>&gt;https://doi.org/10.1007/s11069-006-9036-7</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref11">
    <label>11</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Bitner, M. J., Ostrom, A. L.,&amp;Morgan, F. N. (2008). Service Blueprinting: A Practical Technique for Service Innovation. California Management Review, 50, 66-94. 
     <u>&gt;https://doi.org/10.2307/41166446</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref12">
    <label>12</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Bongiovanni, I.,&amp;Newton, C. (2019). Toward an Epidemiology of Safety and Security Risks: An Organizational Vulnerability Assessment in International Airports. Risk Analysis, 39, 1281-1297. 
     <u>&gt;https://doi.org/10.1111/risa.13238</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref13">
    <label>13</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Brand, F. S.,&amp;Jax, K. (2007). Focusing the Meaning(s) of Resilience: Resilience as a Descriptive Concept and a Boundary Object. Ecology and Society, 12, Article 23. 
     <u>&gt;https://doi.org/10.5751/es-02029-120123</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref14">
    <label>14</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Bromiley, P., McShane, M., Nair, A.,&amp;Rustambekov, E. (2015). Enterprise Risk Management: Review, Critique, and Research Directions. Long Range Planning, 48, 265-276. 
     <u>&gt;https://doi.org/10.1016/j.lrp.2014.07.005</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref15">
    <label>15</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Brown, N. A., Feldmann-Jensen, S., Rovins, J. E., Orchiston, C.,&amp;Johnston, D. (2021). Exploring Disaster Resilience within the Hotel Sector: A Case Study of Wellington and Hawke’s Bay New Zealand. International Journal of Disaster Risk Reduction, 55, Article ID: 102080. 
     <u>&gt;https://doi.org/10.1016/j.ijdrr.2021.102080</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref16">
    <label>16</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Brown, N. A., Rovins, J. E., Feldmann-Jensen, S., Orchiston, C.,&amp;Johnston, D. (2019). Measuring Disaster Resilience within the Hotel Sector: An Exploratory Survey of Wellington and Hawke’s Bay, New Zealand Hotel Staff and Managers. International Journal of Disaster Risk Reduction, 33, 108-121. 
     <u>&gt;https://doi.org/10.1016/j.ijdrr.2018.09.014</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref17">
    <label>17</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     BTS (2025). Bureau of Transportation Statistics, U.S. Department of Transportation. 
     <u>&gt;https://www.transtats.bts.gov/Data_Elements.aspx?Data=4</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref18">
    <label>18</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Caldwell, J. A., Mallis, M. M., Caldwell, J. L., Paul, M. A., Miller, J. C.,&amp;Neri, D. F. (2009). Fatigue Countermeasures in Aviation. Aviation, Space, and Environmental Medicine, 80, 29-59. 
     <u>&gt;https://doi.org/10.3357/asem.2435.2009</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref19">
    <label>19</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Campbell, S. (2005). Determining Overall Risk. Journal of Risk Research, 8, 569-581. 
     <u>&gt;https://doi.org/10.1080/13669870500118329</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref20">
    <label>20</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Cano, J., Pollini, A., Falciani, L.,&amp;Turhan, U. (2016). Modeling Current and Emerging Threats in the Airport Domain through Adversarial Risk Analysis. Journal of Risk Research, 19, 894-912. 
     <u>&gt;https://doi.org/10.1080/13669877.2015.1057201</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref21">
    <label>21</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     CAS (Casualty Actuarial Society) (2003). Overview of Enterprise Risk Management. 
     <u>&gt;https://www.casact.org/sites/default/files/database/forum_03sforum_03sf099.pdf</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref22">
    <label>22</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     CD (Cambridge Dictionary) (2025). Vulnerability. 
     <u>&gt;https://dictionary.cambridge.org/dictionary/english/vulnerability</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref23">
    <label>23</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Chase, R. B.,&amp;Stewart, D. M. (1995). Mistake-Proofing: Designing Errors Out. Productivity Press.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref24">
    <label>24</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Chase, R.,&amp;Stewart, D. (1994). Make Your Service Fail-Safe. Sloan Management Review, 35, 35-44.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref25">
    <label>25</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Chia, J., Chang, C., Lo, S., Yang, C.,&amp;Yang, H. (2024). Healthcare Failure Mode and Effect Analysis Combined Service Blueprint—Mitigating Mass Casualty Triage in Emergency Units: A Qualitative Study. International Emergency Nursing, 77, Article ID: 101508. 
     <u>&gt;https://doi.org/10.1016/j.ienj.2024.101508</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref26">
    <label>26</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Choi, J. (2024). Air Traffic Control Threats to Pilots through Line Operations Safety Audits. The Korean Journal of Aerospace and Environmental Medicine, 34, 19-22. 
     <u>&gt;https://doi.org/10.46246/kjasem.240005</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref27">
    <label>27</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Christopher, M.,&amp;Peck, H. (2004). Building the Resilient Supply Chain. The International Journal of Logistics Management, 15, 1-14. 
     <u>&gt;https://doi.org/10.1108/09574090410700275</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref28">
    <label>28</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     COSO (2017). Enterprise Risk Management: Integrating with Strategy and Performance, Executive Summary. 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref29">
    <label>29</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     COSO (Committee of Sponsoring Organizations of the Treadway Commission) (2020). Compliance Risk Management: Applying the COSO ERM Framework.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref30">
    <label>30</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Crouhy, M., Galai, D.,&amp;Mark, R. (2023). The Essentials of Risk Management (3rd ed.). McGraw-Hill.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref31">
    <label>31</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Damali, U., Secchi, E., Tax, S. S.,&amp;McCutcheon, D. (2021). Customer Participation Risk Management: Conceptual Model and Managerial Assessment Tool. Journal of Service Management, 32, 27-51. 
     <u>&gt;https://doi.org/10.1108/josm-05-2018-0147</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref32">
    <label>32</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     DHS (2010). Protective Measures Guide for the U.S. Lodging Industry. Department of Homeland Security.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref33">
    <label>33</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Dillon, R. D., Feldhaus, W. R.,&amp;Farrell, R. P. (1984). A Special Area of Service: Risk Management. Journal of Accountancy, 50-58.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref34">
    <label>34</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     DoD News Briefing (2002). Secretary Rumsfeld and Gen. Myers, Presenter: Secretary of Defense Donald H. Rumsfeld, February 12, 11:30 a.m. EDT. 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref35">
    <label>35</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Doggett, A. M. (2005). Root Cause Analysis: A Framework for Tool Selection. Quality Management Journal, 12, 34-45. 
     <u>&gt;https://doi.org/10.1080/10686967.2005.11919269</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref36">
    <label>36</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Dvorak, P. (1998). Poka-Yoke Designs Make Assemblies Mistake Proof. Machine Design, 70, 181-184.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref37">
    <label>37</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     EB (Encyclopedia Britannica) (2025). Terrorism. 
     <u>&gt;https://www.britannica.com/topic/terrorism</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref38">
    <label>38</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     FAA (Federal Aviation Administration) (2025a). Runway Incursions.
     <u>&gt;https://www.faa.gov/airports/runway_safety/resources/runway_incursions</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref39">
    <label>39</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     FAA (Federal Aviation Administration) (2025b). Runway Excursions.
     <u>&gt;https://www.faa.gov/airports/runway_safety/excursion</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref40">
    <label>40</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     FBI (Federal Bureau of Investigation) (2025). &gt;https://www.fbi.gov/investigate/terrorism 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref41">
    <label>41</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Fleming, R. S. (1998). Assessing Organizational Vulnerability to Acts of Terrorism. Advanced Management Journal, 63, 27-32.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref42">
    <label>42</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Francis, G. (2019). Enterprise Risk Management (ERM): Key Risks, Responses and Ap-plications. In Enterprise Risk Management Symposium (pp. 1-22). Canadian Institute of Actuaries, Casualty Actuarial Society, and Society of Actuaries.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref43">
    <label>43</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Fraser, J. R. S., Quail, R.,&amp;Simkins, B. J. (2021). Enterprise Risk Management (2nd ed.). Wiley.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref44">
    <label>44</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Fraser, J., Quail, R.,&amp;Simkins, B. (2024). What’s Wrong with Enterprise Risk Management? Journal of Risk and Financial Management, 17, Article 274. 
     <u>&gt;https://doi.org/10.3390/jrfm17070274</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref45">
    <label>45</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Gallopín, G. C. (2006). Linkages between Vulnerability, Resilience, and Adaptive Capacity. Global Environmental Change, 16, 293-303. 
     <u>&gt;https://doi.org/10.1016/j.gloenvcha.2006.02.004</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref46">
    <label>46</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Gardoni, P.,&amp;Murphy, C. (2014). A Scale of Risk. Risk Analysis, 34, 1208-1227. 
     <u>&gt;https://doi.org/10.1111/risa.12150</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref47">
    <label>47</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     George, W. R.,&amp;Gibson, B. E. (1991). Blueprinting: A Tool for Managing Quality in Service. In S. W. Brown, E. Gummesson, B. Edvardsson,&amp;B. O. Gustavsson (Eds.), Service Quality (pp. 73-91). Lexington Books.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref48">
    <label>48</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Gheorghe, A. V.,&amp;Vamanu, D. V. (2004). Towards QVA—Quantitative Vulnerability Assessment: A Generic Practical Model. Journal of Risk Research, 7, 613-628. 
     <u>&gt;https://doi.org/10.1080/1366987042000192219</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref49">
    <label>49</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Gopalakrishnan, K., Govindarasu, M., W. Jacobson, D.,&amp;M. Phares, B. (2013). Cyber Security for Airports. International Journal for Traffic and Transport Engineering, 3, 365-376. 
     <u>&gt;https://doi.org/10.7708/ijtte.2013.3(4).02</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref50">
    <label>50</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Grout, J. R. (2006). Mistake Proofing: Changing Designs to Reduce Error. Quality in Health Care, 15, i44-i49. 
     <u>&gt;https://doi.org/10.1136/qshc.2005.016030</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref51">
    <label>51</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Habler, E., Bitton, R.,&amp;Shabtai, A. (2023). Assessing Aircraft Security: A Comprehensive Survey and Methodology for Evaluation. ACM Computing Surveys, 56, 1-40. 
     <u>&gt;https://doi.org/10.1145/3610772</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref52">
    <label>52</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Haimes, Y. Y. (2009). On the Definition of Resilience in Systems. Risk Analysis, 29, 498-501. 
     <u>&gt;https://doi.org/10.1111/j.1539-6924.2009.01216.x</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref53">
    <label>53</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Halekotte, L., Mentges, A.,&amp;Lichte, D. (2025). Do We Practice What We Preach? The Dissonance between Resilience Understanding and Measurement. International Journal of Disaster Risk Reduction, 118, Article ID: 105265. 
     <u>&gt;https://doi.org/10.1016/j.ijdrr.2025.105265</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref54">
    <label>54</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hall, C. M., Safonov, A.,&amp;Naderi Koupaei, S. (2023). Resilience in Hospitality and Tourism: Issues, Synthesis and Agenda. International Journal of Contemporary Hospitality Management, 35, 347-368. 
     <u>&gt;https://doi.org/10.1108/ijchm-11-2021-1428</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref55">
    <label>55</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hambleton, M. (2005). Applying Root Cause Analysis and Failure Mode and Effect Analysis to Our Compliance Programs. Journal of Healthcare Compliance, 7, 5-12.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref56">
    <label>56</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hardy, K. (2015). Enterprise Risk Management: A Guide for Government Professionals. Jossey-Bass.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref57">
    <label>57</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hartzler, B. M. (2014). Fatigue on the Flight Deck: The Consequences of Sleep Loss and the Benefits of Napping. Accident Analysis&amp;Prevention, 62, 309-318. 
     <u>&gt;https://doi.org/10.1016/j.aap.2013.10.010</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref58">
    <label>58</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hayes, A. (2025). Enterprise Risk Management (ERM): What It Is and How It Works. 
     <u>&gt;https://www.investopedia.com/terms/e/enterprise-risk-management.asp</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref59">
    <label>59</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hollings, C. S. (1973). Resilience and Stability of Ecological Systems. Annual Review of Ecology and Systematics, 4, 1-23. 
     <u>&gt;https://doi.org/10.1146/annurev.es.04.110173.000245</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref60">
    <label>60</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hollman, K. W.,&amp;Forrest, J. E. (1991). Risk Management in a Service Business. International Journal of Service Industry Management, 2, 49-65. 
     <u>&gt;https://doi.org/10.1108/09564239110144993</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref61">
    <label>61</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hollman, K. W.,&amp;Mohammad-Zadek, S. (1984). Risk Management in Small Businesses. Journal of Small Business Management, 22, 47-55.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref62">
    <label>62</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Horvey, S. S.,&amp;Odei-Mensah, J. (2023). The Measurements and Performance of Enterprise Risk Management: A Comprehensive Literature Review. Journal of Risk Research, 26, 778-800. 
     <u>&gt;https://doi.org/10.1080/13669877.2023.2208138</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref63">
    <label>63</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     IATA (2025). Industry Statistics.
     <u>&gt;https://www.iata.org/en/iata-repository/pressroom/fact-sheets/industry-statistics/</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref64">
    <label>64</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ishikawa, K. (1985). What Is Total Quality Control? The Japanese Way. Prentice Hall Direct.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref65">
    <label>65</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ishikawa, K. (1991). Guide to Quality Control. Asian Productivity Organization.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref66">
    <label>66</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     ISO (2018). ISO 31000:2018(en) Risk management—Guidelines. 
     <u>&gt;https://www.iso.org/obp/ui/en/#iso:std:iso:31000:ed-2:v1:en</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref67">
    <label>67</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Jin, H., Munechika, M., Sano, M.,&amp;Kajihara, C. (2012). Four Steps to Reduce Medical Incidents. International Journal of Quality and Service Sciences, 4, 399-407. 
     <u>&gt;https://doi.org/10.1108/17566691211288377</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref68">
    <label>68</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Johnson, J. E.,&amp;Flanigan, G. B. (1977). Exceptions to Current Risk Dichotomies. The Journal of Risk and Insurance, 44, 329-334. 
     <u>&gt;https://doi.org/10.2307/252146</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref69">
    <label>69</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Johnston, D., Becker, J., Gregg, C., Houghton, B., Paton, D., Leonard, G. et al. (2007). Developing Warning and Disaster Response Capacity in the Tourism Sector in Coastal Washington, Usa. Disaster Prevention and Management: An International Journal, 16, 210-216. 
     <u>&gt;https://doi.org/10.1108/09653560710739531</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref70">
    <label>70</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kamalipoor, M., Akbari, M., Nazarian, A.,&amp;Hejazi, S. R. (2023). Vulnerability Reduction of Technology-Based Business Research in the Last Four Decades: A Bibliometric Analysis. Iranian Journal of Management Studies, 16, 97-123.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref71">
    <label>71</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kaplan, R. S.,&amp;Mikes, A. (2012). Managing Risks: A New Framework. Harvard Business Review, 90, 48-60.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref72">
    <label>72</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kaplan, S.,&amp;Garrick, B. J. (1981). On the Quantitative Definition of Risk. Risk Analysis, 1, 11-27. 
     <u>&gt;https://doi.org/10.1111/j.1539-6924.1981.tb01350.x</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref73">
    <label>73</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Khorsandi, M., Skouras, C., Beatson, K.,&amp;Alijani, A. (2012). Quality Review of an Adverse Incident Reporting System and Root Cause Analysis of Serious Adverse Surgical Incidents in a Teaching Hospital of Scotland. Patient Safety in Surgery, 6, Article No. 21. 
     <u>&gt;https://doi.org/10.1186/1754-9493-6-21</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref74">
    <label>74</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kim, S. D. (2017). Characterization of Unknown Unknowns Using Separation Principles in Case Study on Deepwater Horizon Oil Spill. Journal of Risk Research, 20, 151-168. 
     <u>&gt;https://doi.org/10.1080/13669877.2014.983949</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref75">
    <label>75</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kingman-Brundage, J. (1989). The ABCs of Service System Blueprinting: Designing a Winning Service Strategy. In M. Bitner,&amp;L. Crosby (Eds.), Designing a Winning Service Strategy (pp. 30-33). American Marketing Association.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref76">
    <label>76</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kobaszyńska-Twardowska, A., Łukasiewicz, J.,&amp;Sielicki, P. W. (2022). Risk Management Model for Unmanned Aerial Vehicles during Flight Operations. Materials, 15, Article 2448. 
     <u>&gt;https://doi.org/10.3390/ma15072448</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref77">
    <label>77</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kohn, L. T., Corrigan, J. M.,&amp;Donaldson, M. S. (2000). To Err Is Human: Building a Safer Health System. Committee on Quality of Health Care in America; Institute of Medicine, The National Academies Press. 
     <u>&gt;https://doi.org/10.17226/9728</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref78">
    <label>78</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Korecki, Z.,&amp;Hoika, T. (2022). Effectiveness of Preventive Security Measures and Criminal Acts against Civil Aviation. Transport Problems, 17, 107-114. 
     <u>&gt;https://doi.org/10.20858/tp.2022.17.2.09</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref79">
    <label>79</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kovach, J. V., Revere, L.,&amp;Black, K. (2013). Error Proofing Healthcare: An Analysis of Low Cost, Easy to Implement and Effective Solutions. Leadership in Health Services, 26, 107-117. 
     <u>&gt;https://doi.org/10.1108/17511871311319704</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref80">
    <label>80</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kruk, M. E., Myers, M., Varpilah, S. T.,&amp;Dahn, B. T. (2015). What Is a Resilient Health System? Lessons from Ebola. The Lancet, 385, 1910-1912. 
     <u>&gt;https://doi.org/10.1016/s0140-6736(15)60755-3</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref81">
    <label>81</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kubacki, K., Siemieniako, D.,&amp;Brennan, L. (2020). Building Positive Resilience through Vulnerability Analysis. Journal of Social Marketing, 10, 471-488. 
     <u>&gt;https://doi.org/10.1108/jsocm-09-2019-0142</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref82">
    <label>82</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kuwaiti, A. A. (2016). Application of Six Sigma Methodology to Reduce Medication Errors in the Outpatient Pharmacy Unit: A Case Study from King Fahd University Hospital, Saudi Arabia. International Journal for Quality Research, 10, 267-278.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref83">
    <label>83</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Lee, H., Han, C.,&amp;Yoo, T. (2019). The Application of Mistake-Proofing to Organisational Security Management. Total Quality Management&amp;Business Excellence, 30, 1151-1166. 
     <u>&gt;https://doi.org/10.1080/14783363.2017.1360133</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref84">
    <label>84</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Lee, Y. (2023). Causal Factors Analysis of Runway Excursion Occurrences through Fuzzy Logic Modeling Method. Transportation Engineering, 14, Article ID: 100204. 
     <u>&gt;https://doi.org/10.1016/j.treng.2023.100204</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref85">
    <label>85</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Leino, H. M., Davey, J.,&amp;Johns, R. (2024). Service System Resilience under Resource Scarcity: From Vulnerability to Balanced Centricity. Journal of Services Marketing, 38, 113-130. 
     <u>&gt;https://doi.org/10.1108/jsm-01-2023-0024</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref86">
    <label>86</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Levin, S. A.,&amp;Lubchenco, J. (2008). Resilience, Robustness, and Marine Ecosystem-Based Management. BioScience, 58, 27-32. 
     <u>&gt;https://doi.org/10.1641/b580107</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref87">
    <label>87</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Li, W., Kearney, P., Zhang, J., Hsu, Y.,&amp;Braithwaite, G. (2021). The Analysis of Occurrences Associated with Air Traffic Volume and Air Traffic Controllers’ Alertness for Fatigue Risk Management. Risk Analysis, 41, 1004-1018. 
     <u>&gt;https://doi.org/10.1111/risa.13594</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref88">
    <label>88</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Lykou, G., Moustakas, D.,&amp;Gritzalis, D. (2020). Defending Airports from UAS: A Survey on Cyber-Attacks and Counter-Drone Sensing Technologies. Sensors, 20, Article 3537. 
     <u>&gt;https://doi.org/10.3390/s20123537</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref89">
    <label>89</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Malekjahan, A. N., Husseinzadeh Kashan, A.,&amp;Sajadi, S. M. (2025). A Novel Sequential Risk Assessment Model for Analyzing Commercial Aviation Accidents: Soft Computing Perspective. Risk Analysis, 45, 128-153. 
     <u>&gt;https://doi.org/10.1111/risa.14486</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref90">
    <label>90</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     McCain, C. (2006). Using an FMEA in a Service Setting. Quality Progress, 39, 24-29.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref91">
    <label>91</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     McEntire, D. (2011). Understanding and Reducing Vulnerability: From the Approach of Liabilities and Capabilities. Disaster Prevention and Management: An International Journal, 20, 294-313. 
     <u>&gt;https://doi.org/10.1108/09653561111141736</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref92">
    <label>92</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Melnyk, S. A., Closs, D. J., Griffis, S. E., Zobel, C. W.,&amp;Macdonald, J. R. (2014). Understanding Supply Chain Resilience. Supply Chain Management Review, 18, 34-41.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref93">
    <label>93</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Mentges, A., Halekotte, L., Schneider, M., Demmer, T.,&amp;Lichte, D. (2023). A Resilience Glossary Shaped by Context: Reviewing Resilience-Related Terms for Critical Infrastructures. International Journal of Disaster Risk Reduction, 96, Article ID: 103893. 
     <u>&gt;https://doi.org/10.1016/j.ijdrr.2023.103893</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref94">
    <label>94</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Minoretti, P.,&amp;Emanuele, E. (2023). Health in the Skies: A Narrative Review of the Issues Faced by Commercial Airline Pilots. Cureus, 15, e38000. 
     <u>&gt;https://doi.org/10.7759/cureus.38000</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref95">
    <label>95</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Mishra, B. K., Rolland, E., Satpathy, A.,&amp;Moore, M. (2019). A Framework for Enterprise Risk Identification and Management: The Resource-Based View. Managerial Auditing Journal, 34, 162-188. 
     <u>&gt;https://doi.org/10.1108/maj-12-2017-1751</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref96">
    <label>96</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Muhlhausen, D. B.,&amp;McNeill, J. B. (2011). Terror Trends: 40 Years’ Data on International and Domestic Terrorism. The Heritage Foundation Report. &gt;https://www.heritage.org/terrorism/report/terror-trends-40-years-data-international-and-domestic-terrorism 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref97">
    <label>97</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     MW (Merriam-Webster) (2025). 
     <u>&gt;https://www.merriam-webster.com/dictionary/vulnerability?src=search-dict-box</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref98">
    <label>98</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Nason, R.,&amp;Livvarcin, O. (2020). Risk Management for Nonprofit Organizations. Business Expert Press.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref99">
    <label>99</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     NCPS (2021). Guide to Performing a Root Cause Analysis. VHA National Center for Patient Safety. 
     <u>&gt;https://www.patientsafety.va.gov/docs/RCA-Guidebook_02052021.pdf</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref100">
    <label>100</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Neuvel, J. M. M., de Boer, D. J.,&amp;Rodenhuis, W. K. F. (2015). Managing Vulnerability: The Implementation of Vulnerability Reduction Measures. Journal of Risk Research, 18, 182-198. 
     <u>&gt;https://doi.org/10.1080/13669877.2014.889193</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref101">
    <label>101</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Nicolas, R. (2024). Terrorism: The Challenge of Aviation Security. Agora International Journal of Juridical Sciences, 18, 225-230. 
     <u>&gt;https://doi.org/10.15837/aijjs.v18i1.6758</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref102">
    <label>102</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Nocco, B. W.,&amp;Stulz, R. M. (2022). Enterprise Risk Management: Theory and Practice. Journal of Applied Corporate Finance, 34, 81-94. 
     <u>&gt;https://doi.org/10.1111/jacf.12490</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref103">
    <label>103</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Nordin, F., Kindström, D., Kowalkowski, C.,&amp;Rehme, J. (2011). The Risks of Providing Services: Differential Risk Effects of the Service-Development Strategies of Customisation, Bundling, and Range. Journal of Service Management, 22, 390-408. 
     <u>&gt;https://doi.org/10.1108/09564231111136881</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref104">
    <label>104</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Nyanchama, M. (2005). Enterprise Vulnerability Management and Its Role in Information Security Management. Information Systems Security, 14, 29-56. 
     <u>&gt;https://doi.org/10.1201/1086.1065898x/45390.14.3.20050701/89149.6</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref105">
    <label>105</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     O’Connor, P., Esfandiar, K.,&amp;Hallak, R. (2025). Resilience for Hospitality and Tourism Enterprises: A Review and Directions for Future Research. Tourism Analysis, 30, 5-22. 
     <u>&gt;https://doi.org/10.3727/108354224x17209729214520</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref106">
    <label>106</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Olson, D. G.,&amp;Simkiss, J. A. (1982). An Overview of Risk Management. The Geneva Papers on Risk and Insurance—Issues and Practice, 7, 114-128. 
     <u>&gt;https://doi.org/10.1057/gpp.1982.7</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref107">
    <label>107</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Omosebi, O., Azimi, M., Olowokere, D., Wanyan, Y., Zhao, Q.,&amp;Qi, Y. (2023). Investigating Runway Incursion Incidents at United States Airports. Future Transportation, 3, 1209-1222. 
     <u>&gt;https://doi.org/10.3390/futuretransp3040066</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref108">
    <label>108</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Orchiston, C. (2013). Tourism Business Preparedness, Resilience and Disaster Planning in a Region of High Seismic Risk: The Case of the Southern Alps, New Zealand. Current Issues in Tourism, 16, 477-494. 
     <u>&gt;https://doi.org/10.1080/13683500.2012.741115</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref109">
    <label>109</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Paape, L.,&amp;Speklé, R. F. (2012). The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study. European Accounting Review, 21, 533-564. 
     <u>&gt;https://doi.org/10.1080/09638180.2012.661937</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref110">
    <label>110</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Paraskevas, A. (2013). Aligning Strategy to Threat: A Baseline Anti-Terrorism Strategy for Hotels. International Journal of Contemporary Hospitality Management, 25, 140-162. 
     <u>&gt;https://doi.org/10.1108/09596111311290264</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref111">
    <label>111</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Paschoalotto, M. A. C., Lazzari, E. A., Rocha, R., Massuda, A.,&amp;Castro, M. C. (2023). Health Systems Resilience: Is It Time to Revisit Resilience after Covid-19? Social Science&amp;Medicine, 320, Article ID: 115716. 
     <u>&gt;https://doi.org/10.1016/j.socscimed.2023.115716</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref112">
    <label>112</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Pinto, A. C.,&amp;Magpili, L. (2015). Operational Risk Management. Momentum Press.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref113">
    <label>113</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Pourmadadkar, M., Beheshtinia, M. A.,&amp;Ghods, K. (2020). An Integrated Approach for Healthcare Services Risk Assessment and Quality Enhancement. International Journal of Quality&amp;Reliability Management, 37, 1183-1208. 
     <u>&gt;https://doi.org/10.1108/ijqrm-11-2018-0314</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref114">
    <label>114</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Pyrgies, J. (2019). The Uavs Threat to Airport Security: Risk Analysis and Mitigation. Journal of Airline and Airport Management, 9, 63-96. 
     <u>&gt;https://doi.org/10.3926/jairm.127</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref115">
    <label>115</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Reid, R. D. (2005). FEMA-Something Old, Something New (pp. 90-93). Quality Progress.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref116">
    <label>116</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Rejda, G. E., McNamara, M. J.,&amp;Rabel, W. H. (2022). Principles of Risk Management and Insurance (14th ed.). Pearson Education Limited.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref117">
    <label>117</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     RIMS (The Risk Management Society) (2025). What Is Enterprise Risk Management? 
     <u>&gt;https://www.rims.org/resources/strategic-enterprise-risk-center/about-serm</u> 
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref118">
    <label>118</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Rosa, E. A. (1998). Metatheoretical Foundations for Post-Normal Risk. Journal of Risk Research, 1, 15-44. 
     <u>&gt;https://doi.org/10.1080/136698798377303</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref119">
    <label>119</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Russeng, S. S., Saleh, L. M., Mallongi, A.,&amp;Hoy, C. (2021). The Relationship among Working Period, Work Shift, and Workload to Work Fatigue in Air Traffic Controllers at Sultan Hasanuddin Airport. Gaceta Sanitaria, 35, S404-S407. 
     <u>&gt;https://doi.org/10.1016/j.gaceta.2021.10.062</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref120">
    <label>120</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Schmid, A. P. (2021). Handbook of Terrorism Prevention and Preparedness. International Center for Counter-Terrorism.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref121">
    <label>121</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Schneier, R.,&amp;Miccolis, J. (1998). RISK: Enterprise management. Strategy&amp;Leadership, 26, 10-16. 
     <u>&gt;https://doi.org/10.1108/eb054613</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref122">
    <label>122</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Scholz, R. W., Blumer, Y. B.,&amp;Brand, F. S. (2012). Risk, Vulnerability, Robustness, and Resilience from a Decision-Theoretic Perspective. Journal of Risk Research, 15, 313-330. 
     <u>&gt;https://doi.org/10.1080/13669877.2011.634522</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref123">
    <label>123</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Serrat, O. (2017). The Five Whys Technique. In O. Serrat (Ed.), Knowledge Solutions (pp. 307-310). Springer Singapore. 
     <u>&gt;https://doi.org/10.1007/978-981-10-0983-9_32</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref124">
    <label>124</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Seyring, M, Dornberger, U., Suvelza, A.,&amp;Byrnes, T. (2009). Service Blueprinting Handbook. Small Enterprise Promotion + Training, Universität Leipzig.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref125">
    <label>125</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Shingo, S. (1986). Zero Quality Control: Source Inspection and the Poka-Yoke System. Cambridge Productivity Press.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref126">
    <label>126</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Shostack, L. G. (1984). Designing Services That Deliver (pp. 133-139). Harvard Business Review.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref127">
    <label>127</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Shostack, L. G. (1992). Understanding Services Through Blueprinting. In T. A. Swartz, D. E. Bowen,&amp;S. W. Brown (Eds.), Advances in Services Marketing and Management: Research and Practice (pp. 75-90). JAI Press Inc.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref128">
    <label>128</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Sobel, P. J.,&amp;Reding, K. F. (2004). Aligning Corporate Governance with Enterprise Risk Management. Management Accounting Quarterly, 5, 29-37.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref129">
    <label>129</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Stamatis, D. H. (2019). Risk Management Using Failure Mode and Effect Analysis (FMEA). American Society for Quality, Quality Press.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref130">
    <label>130</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Stewart, D. M. (2003). Piecing Together Service Quality: A Framework for Robust Service. Production and Operations Management, 12, 246-265. 
     <u>&gt;https://doi.org/10.1111/j.1937-5956.2003.tb00503.x</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref131">
    <label>131</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Stewart, D. M.,&amp;Grout, J. R. (2001). The Human Side of Mistake-Proofing. Production and Operations Management, 10, 440-459. 
     <u>&gt;https://doi.org/10.1111/j.1937-5956.2001.tb00086.x</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref132">
    <label>132</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Stewart, D. M.,&amp;Melnyk, S. A. (2000). Effective Process Improvement: Developing Poka-Yoke Processes. Production and Inventory Management Journal, 41, 48-55.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref133">
    <label>133</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Sun, L., Fang, M., Xu, T., Liu, M., Fang, S.,&amp;Feng, W. (2025). Application of Healthcare Failure Mode and Effect Analysis in the Management of Patients with Intrathecal Morphine Pump Implantation. Pain Management Nursing, 26, e207-e214. 
     <u>&gt;https://doi.org/10.1016/j.pmn.2024.10.019</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref134">
    <label>134</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Taguchi, G. (1986). Introduction to Quality Engineering: Designing Quality into Products and Processes. Quality Resources.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref135">
    <label>135</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Taguchi, G.,&amp;Clausing, D. (1990). Robust Quality (pp. 62-75). Harvard Business Review.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref136">
    <label>136</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Taguchi, G., Chowdhury, S.,&amp;Wu, Y. (2005). Taguchi’s Quality Engineering Handbook. John Wiley and Sons.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref137">
    <label>137</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Taleb, N. N., Goldstein, D. G.,&amp;Spitznagel, M. W. (2009). The Six Mistakes Executives Make in Risk Management (pp. 78-81). Harvard Business Review.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref138">
    <label>138</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Tasic, J., Amir, S., Tan, J.,&amp;Khader, M. (2020). A Multilevel Framework to Enhance Organizational Resilience. Journal of Risk Research, 23, 713-738. 
     <u>&gt;https://doi.org/10.1080/13669877.2019.1617340</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref139">
    <label>139</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Tortorella, G., Prashar, A., Antony, J., Vassolo, R., Mac Cawley, A., Peimbert Garcia, R. et al. (2023). Soft Lean Practices and Organizational Resilience in the Service Sector. Management Decision, 62, 1424-1452. 
     <u>&gt;https://doi.org/10.1108/md-06-2023-1034</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref140">
    <label>140</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Vainieri, M., Caputo, A.,&amp;Vinci, A. (2024). Resilience Dimensions in Health System Performance Assessments, European Union. Bulletin of the World Health Organization, 102, 498-508. 
     <u>&gt;https://doi.org/10.2471/blt.23.291102</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref141">
    <label>141</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     van Drongelen, A., Boot, C. R. L., Hlobil, H., Smid, T.,&amp;van der Beek, A. J. (2017). Risk Factors for Fatigue among Airline Pilots. International Archives of Occupational and Environmental Health, 90, 39-47. 
     <u>&gt;https://doi.org/10.1007/s00420-016-1170-2</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref142">
    <label>142</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Vidyasagar, A. (2016). The Art of Root Cause Analysis. Quality Progress, 49, 48.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref143">
    <label>143</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Walker, B. H. (2020). Resilience: What It Is and Is Not. Ecology and Society, 25, Article 11. 
     <u>&gt;https://doi.org/10.5751/es-11647-250211</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref144">
    <label>144</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wandelt, S., Zhang, A.,&amp;Sun, X. (2025). Global Airport Resilience Index: Towards a Comprehensive Understanding of Air Transportation Resilience. Transportation Research Part D: Transport and Environment, 138, Article ID: 104522. 
     <u>&gt;https://doi.org/10.1016/j.trd.2024.104522</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref145">
    <label>145</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wang, C., Hubbard, S.,&amp;Zakharov, W. (2018). Utilizing the Systematic Literature Review in Aviation: A Case Study for Runway Incursions. Collegiate Aviation Review International, 36, 34-57. 
     <u>&gt;https://doi.org/10.22488/okstate.18.100489</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref146">
    <label>146</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Weiss, E. N.,&amp;Goldberg, R. (2019). Robust Services: People or Processes? Business Horizons, 62, 521-527. 
     <u>&gt;https://doi.org/10.1016/j.bushor.2019.03.006</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref147">
    <label>147</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wernick, D. A.,&amp;Von Glinow, M. A. (2012). Reflections on the Evolving Terrorist Threat to Luxury Hotels: A Case Study on Marriott International. Thunderbird International Business Review, 54, 729-746. 
     <u>&gt;https://doi.org/10.1002/tie.21496</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref148">
    <label>148</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     WHO (World Health Organization) (2016). Medication Errors: Technical Series on Safer Primary Care.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref149">
    <label>149</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Williams, C. A. (1966). Attitudes toward Speculative Risks as an Indicator of Attitudes toward Pure Risks. The Journal of Risk and Insurance, 33, 577-586. 
     <u>&gt;https://doi.org/10.2307/251231</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref150">
    <label>150</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wingelaar-Jagt, Y. Q., Wingelaar, T. T., Riedel, W. J.,&amp;Ramaekers, J. G. (2021). Fatigue in Aviation: Safety Risks, Preventive Strategies and Pharmacological Interventions. Frontiers in Physiology, 12, Article 712628. 
     <u>&gt;https://doi.org/10.3389/fphys.2021.712628</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref151">
    <label>151</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wolke, T. (2017). Risk Management. Walter de Gruyter GmbH.
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref152">
    <label>152</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ye, M., Tang, F., Chien, C., Chuang, Y., Liou, J. J. H.,&amp;Qu, X. (2024). Application of Failure Mode and Effect Analysis in ICU Admission of Potentially COVID-19 Infected Patients. American Journal of Infection Control, 52, 552-562. 
     <u>&gt;https://doi.org/10.1016/j.ajic.2023.12.012</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref153">
    <label>153</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Zheng, C., Li, Z.,&amp;(Snow) Wu, J. (2021). Tourism Firms’ Vulnerability to Risk: The Role of Organizational Slack in Performance and Failure. Journal of Travel Research, 61, 990-1005. 
     <u>&gt;https://doi.org/10.1177/00472875211014956</u>
    </mixed-citation>
   </ref>
   <ref id="scirp.147343-ref154">
    <label>154</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Zhu, S.,&amp;Chen, J. (2023). Influence of Fatigue on Flight Safety: A Structural Equation Modeling Analysis. Applied Mathematics and Nonlinear Sciences, 8, 3371-3382. 
     <u>&gt;https://doi.org/10.2478/amns.2023.2.01135</u>
    </mixed-citation>
   </ref>
  </ref-list>
 </back>
</article>