The Influence of Integrating ISO and TQM on Project Risk Management

The business environment is constantly changing, and survival has become difficult for companies in the 21 st century. In this competitive and dynamic business environment, companies need to work intelligently and use best practices in terms of quality and risks. Therefore, the purpose of this study was to determine if integration of the International Organization for Standar-dization (ISO) and total quality management (TQM) improves the overall project risk management capacity. To conduct this research, a primary qualitative research was undertaken. Three interviews were conducted with the Dubai Electricity and Water Authority, Roads and Transport Authority, and Dubai Maritime City Authority because they have adopted the ISO 31000 framework. Content analysis was performed on the data collected. The results implied that all three companies were able to improve their operational and economic resilience due to TQM and ISO. Therefore, other companies should adopt TQM and ISO together so that their project risk management capacity improves.


Introduction
Companies around the world are seeking a proper management tool that assists them in managing their tasks, employees, profits, assets, and goals in general.There are currently different tools available that enable organizations to achieve their goals and improve their overall quality.Quality is the degree of excellence.Specifically, it is the degree to which a set of inherent characteristics fulfils the requirements of the project or product.It is an approach of doing business that attempts to maximize an organization's competitiveness through the continual improvement of the quality of its products, services, people, processes, and environments.To improve the quality of the company, the total quality management (TQM) framework is mostly adopted by companies.Total quality management is the application of quantitative methods to human resources to improve processes within the organization and exceed current customers' needs in the present and future.The purpose of TQM is to provide quality products to customers by lowering the cost and maximizing the productivity of the company.It allows the organization to achieve growth and profitability.The quality of the product refers to the quality of one product, whereas TQM is a broad approach.The primary purpose of TQM is to improve all processes so that the quality of the end product is improved by using resources optimally.Total quality management aims to focus on the culture of the company.
Total quality management is a description of the culture and attitude of a company that strives to provide customers with products and services that satisfy their needs.It has been defined as customer satisfaction, fitness of use, zero defects, and degree of excellence.The concept of quality has been evolutionarily developed starting from quality control, quality assurance, quality management, and TQM.In this context, many awards and international standards have been developed to support the concept of quality management such as the International Organization for Standardization (ISO).The International Organization for Standardization is a non-governmental independent body that develops quality standards for companies.These awards are given to companies based on their safety, quality, risk management and overall efficiency.The goal of ISO is to improve the overall consistency of organizations.
Apart from quality, another important factor that determines a company's excellence and efficiency is its handling of risk, called risk management, which is particularly useful in project management.Risk management is the science of identifying, analyzing, and responding to risk factors thorough the life of a project and in the best interest of the project's objectives.The purpose of project risk management is to identify possible risks and develop a plan to reduce and eliminate them.Further, it provides a basis for decision making for all risks.Project risk management controls future events in the project and reduces the magnitude of its impact.Risk management should quantify the risk and predict its impact on the project.
As with risk, quality is also important in project management.Project quality management includes the processes and activities essential to determining and achieving project quality.Project quality focuses on meeting or exceeding stakeholder's needs in both the short and long term.The project manager and project management team ensure that quality expectation of the customers is met by fulfilling the project requirements.Total quality management has a broad scope and is therefore also useful in controlling risk in the project while managing the quality.
Both TQM and ISO are quality tools that help companies to attain a competitive advantage.Some companies independently use TQM and some ISO to re-solve their quality issues.However, limited research has been conducted on the integration of ISO and TQM in companies.Therefore, the current research focuses on how the integration of TQM and ISO could help companies to improve their project risk management capacity.

Research Objectives
The objectives of the study are the following: 1) To study the concept of risk; 2) To study the concept of project risk management; 3) To study the relation between TQM and business excellence; 4) To study the literature about integrating TQM and ISO in project management and project risk management.

Research Problem
The research focuses on the need for integrating ISO and TQM in project risk management and how TQM and ISO can aid management in controlling the risks that occur during phases of the projects.This requires improving the common approach to risk and quality management.There should be a strategy for risk analysis in the field of quality and will be influenced by the quality characteristics of products and services provided by the organizations.Risk assessment will be at different stages of the project life cycle, and TQM and ISO will help to reduce and eliminate risks as much as possible.Before starting a project, risk assessment will be performed to identify risks.Insufficient knowledge of risk, incorrect assessment, and lack of adequate protection will directly affect the outcome of an activity.Risk management in the field of quality must be documented and implemented in all operations and activities in the projects.This research will explain how TQM aims to reduce failure, prevent defects, manage resources and risks, and control schedule and costs.This project focus on ISO, which is a quality management system that outlines the requirements the organization must maintain in their quality system.The standards of ISO are guidelines on how to document the processes in specific industries and define quality on the basis of customer requirements and procedures needed to achieve desired quality.Quality assurance aspects of ISO lead to better quality products, services, and higher customer satisfaction.The ISO quality standards achieve results through the implementation of internal controls that ensure that activities are managed and lead to the desired results.The control includes documentation of actions, verification that the work is performed according to the established procedures, and monitoring of opportunities for discrepancies.Their impact on the organization's projects is to increase efficiency and consistency throughout the organization.This research is based on how TQM and ISO 31000 can improve the project management of the companies in both short and long term.By integrating TQM and ISO 31000 in project management, the company can control risks in the project, reduce its negative impacts, and manage risk threats in projects.Integration of both methods could help in effectively attaining the objectives of project management.

Research Question
The research addresses the following research question How could TQM and ISO influence project risk management?

Research Limitation
This section presents the research limitation of the study.The main limitations of this current study are linked to the sample size, limited previous data on the research topic, usage of data collection tool, time and budget.
The first limitation of the study was sample size.The number of companies in UAE which have adopted ISO risk management are very limited which is why the study sample was too small.As a result, the research has limitation in terms of the sample size.
Having limited number of research articles on the topic of integrating TQM and ISO was another limitation.There is research available on risk management, tqm and project risk management but very limited research in terms of relation between iso, tqm and project risk management.
The study has methodological limitations too.The study used only one method of data collection.The study would have been more reliable if more than one tool was used.However, due to Covid and other social distancing issues, only interview method was used.As a result, the study had limitations in terms of methodology.
There were also budget constraints.The budget to conduct this research was limited.Due to limited budget, the participants of the study were not given any remuneration.They had no incentive to participate in the research.Due to limited budget, the author of the study was not able to access paid articles.The researches included in the literature review were only those which were available on google scholar.Also due to limited budget, only one representative from each company was selected and that too was selected after taking informed consent.
Time was another constraint of the study.The time to submit the final draft was very less and therefore, the data was collected from reliable resources so that only quality was considered instead of quantity.This time constraint may have hampered the depth of the research.

Literature Review
This section presents the previous literature on the concept of TQM, ISO, and project management.Studies conducted in this area of inquiry have been limited.The following is the literature in this aspect.

Risk
There are many definitions of this term in the previous literature.Williams et al. (2006) categorized risk into three types including predictable risk, known risk, and unknown risk.Predictable risk is a risk that the company knows they will face, and estimated risk is a risk that the company might face, based on the statistical approaches.The last group-unknown risks-includes those risks which are uncertain and not known.Unknown risks pose a significant threat to the company.Williams et al. (2006) added that known risk is simple and can be managed easily.Their causes are known and thus can be mitigated.The inherent risk-that is, estimated risk-could be managed through focusing on the internal and external environment.However, unknown risks are difficult to manage.They can only be resolved by using risk management models.Black (2008) added another type of risk: quality risk.Quality risks are internal to the organization, but their cause may not be known.

International Organization for Standardization (ISO) 31000
International Organization for Standardization 31000 is the international standard for risk management given by the ISO body.International Organization for Standardization (2020) added that a company's success depends on various aspects.It includes constantly upgrading their processes so that the company could provide value to the customers.However, in addition, the companies also need to manage the risk in the company.For this purpose, ISO 31000 was developed.This framework reassures companies regarding economic resilience, professional reputation, and environmental and safety outcomes.It helps companies to understand and manage risks in their day-to-day functions.

Project and Project Management
The term "project" refers to an endeavor that has predefined inputs and objectives.If the project attains its objectives as expected, then the project is considered successful.Every project has budgeted time, resources, and finances.If the project meets the budgeted resources, the project is considered successful.There are three building blocks of any project: time, cost, and quality.The time factor illustrates the scheduling of the project, the cost is used to discuss how the funds needed for the project, and quality refers to the strategy through which the project's fitness of purpose would be determined (Association for Project Management, 2020).
In this context, project management is using tools and techniques so that the project objectives are met within the prescribed time.The main constraints of project management include limited time and resources.Project management is a combination of several core components.These include but are not limited to the reason why the project is needed, specifying the project requirement, developing a feasibility plan, accessing funding, keeping the team motivated, identifying and managing the known and unknown risk in the project, making progress charts, keeping the budget optimal, taking feedback from the stakeholders, and closing the project in a timely manner (Association for Project Management, 2020).

Project Risk Management
Project risk management means identifying, responding, and analyzing any risk throughout the lifecycle of a project to remain on track and meet project goals.
To manage project risks, the project charter, vision, objectives, scope, and deliverables should be identified.Therefore, risks can be identified by the project team in each phase of the project.After that, each risk identified can be placed in a risk tracking template to prioritize the level of risk.Some risks can be positive as they are opportunities that benefit the project such as when a shipment delay gives more marketing opportunity to the project.
In organizational culture, building a project management protocol by creating standard tools and templates can help to manage risks effectively and efficiently.
Elements such as an organization's records and history are an archive of knowledge that can help employees to learn from that experience when approaching risk in a new project.Furthermore, by adapting the attitudes and values of an organization to become more aware of risk, the organization can develop a better sense of the nature of uncertainty as a core business issue.With improved governance comes better planning, strategy, policy, and decisions.Numerous benefits can be gained through adding risk management techniques to a daily routine in organizations as they help to manage risks in all projects run by the organization.One of the tools to help in mitigating the risk in the project is TQM.Total quality management can control risks in the project, reduce its negative impacts, and manage risk threats in projects.

Total Quality Management (TQM) and Business Excellence
In today's globally competitive market, quality is an important factor for achieving competitive advantage.The market offers different alternatives for quality management implementation such as ISO standards, the Malcolm Baldrige model, and the European Foundation for Quality Management.The quality movement focuses on building quality in every task performed by the organization.It ensures quality in implementing activities and meeting the expectations of internal and external customers.The starting point in achieving excellence is to improve quality.Excellence means being outstanding.In the field of business, excellence means to exceed the internal and external customer's expectation so that the company could increase customer loyalty.In addition, excellence is the ability of the firm to make profits while meeting customers' needs.
Excellence means success in the competition by obtaining high-quality products and services, in turn, offered to customers in the shortest time, in an efficient manner (Olaru, 1995).It also can be represented through three coordinates: business, engineering and technology, and organization.However, excellence can only be maintained if it is done sustainably.Sustainable excellence is used to designate "a firm that maintains itself in an exemplary situation-success, prof-it-for a long time and that adapts rightly and efficiently to the exigencies of socio-economic environment" (Popescu, 2005).

Relation between Quality and Risk Management
Different quality gurus have given different definitions of quality.Juran defined quality as fitness of use; that is, that a product is fit to use.In other words, quality means that the product or service is able to give value to the customers or users as promised.The product must function as per the demand.On the other hand, risk means an uncertain or undesired outcome.According to Black (2008), if both definitions are combined, any probable cause could lead to product quality failure.
PMBOK (Project Management Institute, 2008) added that all probable risks in the given product should be identified beforehand and then a strategy should be devised to avoid these risks.Furthermore, the product quality should incorporate all the risks and then the product should function as per the lifetime of the product.Every project should be tested extensively so that the risk could be managed and reduced.
European Medicines Agency (2020) reflected on the two main principles of quality risk management including but not limited to using scientific knowledge to reduce risk and identifying the level of risk in the project.Quality and risk management are linked and should be integrated so that the customer requirements are met.Customers want reliable and durable products, and this could be ensured by adopting a risk management framework, leading to a win-win situation.Williams et al. (2006) reflected that risk management practitioners should learn from quality management because it will help in differentiating risk that could be handled from that which cannot be handled.Secondly, it will help in focusing on key processes and implementing overall organizational changes to improve the final product quality.

Integrating TQM and ISO
Much research supports the idea that TQM and ISO should be integrated to im-  Abusa & Gibson (2013) conducted a study to determine how organizational performance could improve their future opportunities.The context of the study was Libya.Through this study, the authors assessed how TQM implementation improved the manufacturing company's performance in Libya.The performance was evaluated with and without ISO.The results reflected that the export growth was significant among the companies that implemented ISO and TQM together.However, no other significant difference was noted in terms of operational performance by integrating TQM and ISO.

Relationship between TQM, ISO and Project Management in General
Safder & Yousaf (2018) conducted research to determine if ISO affected the project management system.The study reflected that project management is important in the software industry.It was found that the companies that utilize project management tend to have a greater success rate.The impact of ISO 9001 was studied on project management in this study: the author compared a company's performance with or without ISO in the software houses.The study context was Pakistan, in which a questionnaire was used to collect the data.A sample of 192 was used for the data collection and a one-sample t-test was used to compare both types of software houses.It was found from the study that project management performance was better in companies with ISO certification compared to companies without ISO certification.Ingason (2015) conducted a study to determine if ISO and TQM improved project management success.The authors adopted a qualitative approach to data collection.The data were collected from 21 companies.It was found from the results that the companies that adopted TQM and ISO together had better chances of success in their project management.The study also highlighted that the companies' costs were also reduced if they had integrated ISO and TQM.Overall, ISO and TQM complement each other.

Relationship between TQM, ISO and Project Risk
Management in Specific Barafort et al. (2017) conducted a study to determine if ISO and TQM integration improved the risk management of a company.It was found from the study that particularly in the IT sector, the companies incur a large risk.However, when the companies integrate ISO and TQM, this reduces their overall risk.The ISO and TQM frameworks allow companies to improve their quality in terms of IT management, quality management, and risk management.The companies that integrated both frameworks tended to have better and sustainable risk management strategies.These companies are able to overcome risk-related challenges, which eventually improves their overall operational performance.Luburić (2012) conducted a study to see if TQM and risk management strategy improves a project's success in the banking sector.This research revealed that the primary purpose of TQM is to help the organization to survive competition.In contrast, risk management is used to identify the potential known and unknown risk that the company could be exposed to.Therefore, if the companies adopted TQM and ISO together, they will not only reduce the risk in their projects but also their cost, and they would be also able to gain a competitive advantage.The authors noted that the external environment is constantly changing and the companies are constantly exposed to different types of risks.Therefore, the companies should synergize and integrate different tools so that risks are identified and then mitigated.
According to Popescu & Dascalu (2011), the quality management of the firm and risk management are strongly related to each other and therefore cannot be treated exclusively.In fact, both these aspects of quality management and risk management tend to complement each other.If ISO, TQM, and project management are integrated, this will have a positive outcome for the company.The authors in the previous literature have mutually agreed that quality and risk management should be integrated because doing so will add value to the company.However, the "why" factor -that is, why the integration is useful -could be only be understood if the quality management and risk management limitations are discussed.In the context of quality management, most of the companies usually use the PDCA cycle.However, this plan does control and act cycle has been changed or modified several times in the past.Dervitsiotis (2004) added that PDCA is useful for stable environments but that if the system is unstable, a complex adaptive system cycle should be used, that is, unfreeze, explore, emerge, and guide.However, Free (2012) added that the AREIR cycle is more useful in turbulent conditions.Recently, Barouch & Kleindhans (2015) noted that a traditional quality system has no flexibility and thus may hamper the innovation capacity of the company.The authors added that modern businesses operate in a dynamic and complex system and thus traditional quality mechanisms are not suitable for project management.
In parallel, there are also certain limitations of the existing risk management methods in the project method.Risk is usually considered as a regulatory issue and fails to create value for the end user of the project (Abidi & Joshi, 2015).
Furthermore, the risks are identified based on historical data, which could be misleading at times because the current business scenario is so dynamic that historical data continuously lose their value.Therefore, traditional risk management approaches are not suitable for the current business scenario.
In this context, scholars like Popescu & Dascalu (2011) have added that risk management and quality management are important components of project management that should be integrated into project management to be successful.

Research Methodology
This section presents the research methodology.The research methodology is the approach through which the research objectives are met systematically.The current research is based on integrating ISO and TQM and their effects on project risk management.In this context, the author selected a primary qualitative research method.
Different tools could be used to collect the primary qualitative data.The main tools that could be used to collect primary qualitative data include observation, Delphi approach, interviews, and focus groups.Each of these methods has its own merits and demerits.The observation method is mainly used when the author intends to collect data by personal involvement.The Delphi approach is used when the view has to be taken from the industry experts.The focus group is used when the data is to be collected from a group of participants and different views are needed.The interview is conducted when the data is collected from one individual at a time.In this context, the author of the study used interviews to collect the data from the respondents.The interview method was adopted because interview method is very flexible.Secondly, this method has a better response rate as compared to other methods.The analysis of the interview is very simple too which makes it an ideal method of data collection.The purpose of the research is to ask the interviewees if their companies integrate ISO and TQM in their project management and what the outcome is.The interviewers participated in the research voluntarily and they were aware of their rights and obligations during this research.
As very few companies in the UAE have adopted TQM and risk management, the author only selected three companies for data collection.These companies include Dubai Electricity and Water Authority (DEWA), and Roads and Transport Authority (RTA), and Dubai Maritime City Authority (DMCA).The three organizations chosen for this research achieved the ISO 31000 certificate that ensures the quality of the services, procedures, and processes of the organizations.These companies were selected because they had attained ISO 31000 recently.All these three companies had a large number of employees employed.It was not possible to conduct data from each of the company.Therefore, the researcher had to select the number of respondents very carefully.The author of the study had also limitations in terms of time and budget.Therefore, the researcher only selected one employee per company.Hence, one employee was selected from each company i.e.DEWA, RTA, and DMCA.The interviewee was from risk management department at a managerial position.Each interview was conducted online due to Covid 19 and social distancing protocols.The interview duration was 1 hour each.The interviewees were conducted on zoom meetings and then interviews' answers were evaluated.The main interview questions asked from the respondents included the following: • Are TQM and ISO 31000 related in your organization?
• Give us examples of risks you faced in your organization projects.
• What is the risk plan you used in managing projects risks?
• What methods are you following in controlling your project's risks?
• How are your risks plans related to ISO 31000 and TQM?
• What are the effects of implementing TQM and ISO 31000 on your organization?The analysis method used in this study is content analysis based on the conducted interview.

Findings and Analysis
This section presents the findings and analysis of the study.The purpose of this research is to study how the integration of ISO and TQM improves project risk management.The following is the analysis of the interviews conducted from the three organizations.

Dubai Electricity and Water Authority Findings
The Dubai Electricity and Water Authority is one of the best examples of the companies that adopted TQM.In addition, they were the first governmental entity in the UAE and Middle East to adopted risk management ISO 31000 in 2009.The interview analysis reflected the fact that TQM and risk management are related in DEWA.The company believes that TQM and risk management complement each other.Various examples of risk were given by the company.
The interviewee said that one of the most challenging risks that DEWA has faced in the past and is still facing is cyber risk, which is a risk related to financial disruption because of failures in an IT system.Dubai Electricity and Water Authority deal with cyber risk by constant observance, accelerating their modification strategy through multidisciplinary teams.They are continually doing the three steps of risk assessments listed in the ISO 31000 standards, which are risk identification, risk analysis, and risk evaluation.The risk management team in DEWA considers the risk policies according to ISO 31000 requirements and implements them.Implementing TQM and ISO 31000 specifically increases DEWA performance (as the findings clearly showed from dealing with cyber risk as an example), and TQM and ISO 31000 results in enabling the company to maintain its globally innovative movement leading.The company has learnt that by integrating TQM and ISO, the company's operational performance has improved significantly.

Roads and Transport Authority Findings
The Roads and Transport Authority is one of the competitive governmental organizations in excellence awards, competing with DEWA in TQM and ISO 31000 implementations.The Roads and Transport Authority also implemented the ISO 31000 in 2009 and has received many rewards in risk assessment competition.The main type of risk faced by the company is system failure.The system failure is an IT risk which involves loss of the important data of the company due to any reason.IT risk is a very important kind of risk in the customer service industry.The customers rely on the company and any failure of the system may create problems for the company.All companies including RTA depend heavily on the IT and systems.Desktops, servers, software, applications, communication networks like Email, databases and many others are the backbone of the company.These systems support the company in the day to day operations.Different form of data is stored on these systems including but not limited to inventory, customer details, sales and other sorts of data.The different risk to the IT system includes virus attack in which the company firewall is not strong enough which eventually leads to system collapse.Secondly, due to power fluctuation, the system may collapse and all important data may be lost.Local area network of hardware failure could also lead to system failure.Poorly trained IT staff is another risk to the system which could lead to failure.Other risks include poor back up and poor IT management practices.Any breach in the system could lead to loss of important data which eventually leads to poor customer satisfaction.
Therefore, IT risk is always there in the context of RTA.The company said that before implementing ISO 31000, the company used to consider risk as operational level issues.They used historical data to anticipate the risk, which eventually hampered their performance in the short and long term.However, according to the Director of Safety, Risk, Regulation, and Planning, Amair Saleem, by implementing ISO 31000 the company was able to shift the thinking of risk from the purely operational environmental level toward the company's central engine, transforming risk management to act as a supportive management system for transportation.This means that the risk management system with the use of ISO 31000 is shifted toward the strategic and corporative levels, adding to the existing regular operational level.This innovative switch allows risk assessments to affect the TQM of transportation.The Roads and Transport Authority risk assessment strategy was related to TQM of the company, showing a strong vision from the organization leader.The company has used ISO to improve their operational performance overall.Their risk management strategy has been improved too.The interviewee noted that TQM and ISO together have helped the company to improve their operational resilience.
The Roads and Transport Authority, considering the risk standards according to ISO 31000 requirements and standards, also received the Global Risk Award in 2015 and the MEA Enterprise Risk Management Award in 2015.Such awards show the company's innovation and efforts in adopting the best practices while facing challenges.

Dubai Maritime City Authority Findings
The interviewee reflected that the TQM and ISO 31000 are linked in this organization.In this context, the DMCA is a governmental company that received the ISO 31000 certification in 2018.The company recently implemented the framework of risk management ISO 31000 and is aiming to have a TQM effect by taking this step.Their objectives in implementing the international standards are to have a sustainable and secure maritime sector that supports the organization in their uncertain environment.It was found from the interview that the company faces numerous risks that include but are not limited to data breach, IT risk, and safety risks.Other risks include safety of life at sea.The company constantly evaluates the risk involved at sea and devises strategies to mitigate that risk.The company was earlier using traditional risk management models to identify the risk and make strategies.However, recently, the company acquired ISO 31000.Since then, the company's risk management capacity has improved.The current risk management policy of the company uses a combination of TQM and ISO 31000 to win customer trust.The interview reflected that the combination of ISO and TQM has helped the company to be a going concern and they now follow a proactive approach in their risk management.Overall, a combination of TQM and ISO 31000 is highly beneficial as per the interview.

Conclusion
This research was conducted to determine how integrating ISO and TQM could benefit the companies.The integrated frameworks of ISO 31000 and TQM shows that it improves the overall project success and provides quality to customers.Three companies-DEWA, RTA, and DMCA-were selected as the sample for this research.The purpose was to see how the companies made use of TQM and ISO 31000 together to improve their overall project risk management.
It was found that project risk management could be improved by integrating TQM and risk management.Total quality management standards affect project risks through reduction of threats and weaknesses at the same time.Total quality management aims to reduce failure, prevent defects, and manage resources and risks, and control schedules and costs, whereas the implementation of ISO quality assurance standards results in an improvement of organization projects through an impact on project processes.Achieving ISO certification has a positive impact on customer satisfaction and workforce empowerment.Monitoring project performance through TQM can benefit its implementation and increase organizational excellence.
The ISO 31000 standards can help to manage risks in organizations.The standards involve continuous improvement in risk management processes, and this helps to improve organizations' effectiveness.Applying ISO 31000 will help in improving the quality of services provided to the customers rather than merely focusing on compliance with the standards and documentation.Doing so will improve quality in processes and procedures used to manage project deliverables.Integrating both ISO and quality management framework will improve the overall satisfaction of the company, reduce the project cost, and improve the overall quality of the product or project.

Contribution of the Research
This research has several contributions to the literature and also has practical implication.The research was conducted on a relatively new topic and hence the research added value to the past literature.There were limited researches conducted on the integration of ISO and TQM in UAE context.Therefore, this research added new dimensions to the existing research.Secondly, this research helped in filling the gap in the literature.Through this research, the future researchers could conduct further research on this topic on a bigger sample.This research helped in understanding how the integration of ISO and TQM could improve the project success and reduce its risk.Risks are inevitable but they could be mitigated and resolved before they leave a negative impact on the overall project.Therefore, integration of ISO and TQM in the project management and project risk management will have huge scope.The project risk management will improve and the customer satisfaction will increase.
Apart from the theoretical contribution, this research implies that the companies must adopt ISO and TQM together so that they could attain competitive advantage.The external environment is very dynamic and thus, by adopting TQM and ISO together, the companies will be able to become successful and their resources will be utilized efficiently too.

Recommendations
This section presents the recommendation for the organization to improve their quality practices by integrating TQM and ISO 31000.2) Organizations in UAE should involve their staff in risk management and plan to encourage their participation and suggestion.Staff should obtain incentives for good suggestions.This way, the employees' acceptance of quality and risk management will increase.The employee's resistance to adopting change will reduce significantly.This will help in better integration of the two philosophies.
3) A well-planned risk management and quality document should be produced.The key performance indicators should be identified so that the company is able to match their present performance with expected performance.This way the company would be able to attain a competitive edge over competitors.The document will also help the company to see how they can integrate ISO and TQM for improved project risk management.4) Every project should be tested for different expected and unexpected risks.This will help to improve organizational performance and support innovation and excellence.Risk management processes help team members to spot concerns earlier and assign the right people to manage risks before they become too severe.this could be done using a combination of TQM and ISO 31000.
5) Overall, it is recommended that ISO and TQM should be integrated into the companies so that the project risk management capacity of the company could be improved.

Future Research
Further research is recommended to study the negative side effects that may result from the TQM and ISO 31000 on the project's risk management and the project itself.This field of study is opening a new path of risk studies and we would like to encourage researchers to perform further research on this topic.
prove organizational performance.According toYoussef & Youssef (2018), TQM and ISO are a unique combination that could add value to a company.The study was conducted on manufacturing organizations and how they could improve their world-class manufacturing status.The total sample size of the study was 2961, which included developing and developed economies.International Organization for Standardization 9000 and TQM were integrated to obtain the result.The result reflected that ISO and TQM complement each other.Companies integrating TQM and ISO leads to improved quality, inventory, operational management, time-based performance, and competitiveness.The data analysis was performed using univariate and multivariate analysis.It was concluded that ISO and TQM could add value to company performance in both the short and long term.

1)
Organizations in UAE should add training courses in risk management to increase risk awareness and improve employees' skills to control risks.Regular formal and informal training should be conducted by the organization to raise awareness about the importance of risk management.This will help employees to understand how to integrate both ISO and TQM in an effective manner.