**3. Certification bodies and risk factors**

### **3.1 Certification bodies authorized by the vocational qualifications authority**

Within the scope of our study, the risk factors of certification bodies authorized by the Vocational Qualifications Authority, a public institution in Turkey, are evaluated.

Vocational Qualifications Authority (VQA) is a public institution with a public legal personality, administrative and financial autonomy, established to establish and operate a national qualification system compatible with the European Union. The establishment purpose of the institution, as stated above, is to establish and operate a national qualification system compatible with the European Union [2].

In this context, VQA carries out work and procedures related to the preparation of national occupational standards, the development of national qualifications based on national or international occupational standards, the execution of activities for assessment and certification within the framework of national qualifications, and the regulation of the Turkish Qualifications Framework [2].

Within the scope of national occupational standards, the knowledge, skills, attitudes, and behaviors that must be possessed in order to perform a profession successfully, and the tasks, duties, and performance criteria that must be exhibited are defined. Within the scope of national qualifications prepared on the basis of national occupational standards, the procedures and principles for assessment and certification activities are determined [17].

Assessment and certification activities according to national qualifications are carried out by certification bodies authorized by VQA. The most basic condition of being a certification body authorized by VQA is to be accredited according to the international personnel certification standard called "TS EN ISO/IEC 17024:2012 Conformity Assessment - General Conditions for Personnel Certification Bodies". After accreditation, compliance with the conditions determined in VQA legislation and regulations is examined, audited, and evaluated. Institutions and organizations that meet the requirements are authorized by VQA and carry out assessment and certification activities in relevant national qualifications. These institutions and organizations are regularly audited through both programmed and unscheduled audits [18].

The criteria that authorized certification bodies must meet are defined in the scope of "Authorization Criteria and Implementation Guide for Certification Bodies". The criteria are grouped under 13 main headings. Each main criterion under these 13 main headings and sub-criteria related to this criterion define the conditions that must be met [3].

According to this guide, certification bodies must meet the conditions determined within the scope of legal status and organizational structure of organizations; human resources and management; physical, technical, and financial resources and management; examination materials, measurement, evaluation, and certification activities; internal and external verification; objections and complaints; information sharing;

*Development of a Risk Management Model by the Fuzzy DEMATEL Method in the Evaluation… DOI: http://dx.doi.org/10.5772/intechopen.110018*

communication and guidance; internal and external audit activities; management of objectivity; policy, and objectives; and management of documents and records [3].

Situations or events that may prevent the realization of these conditions appear as risks. In this respect, organizations are expected to evaluate all their procedures, including the steps to be followed in fulfilling these conditions, to identify and evaluate possible risks that may prevent the effective implementation of their procedures, and to implement the necessary preventive actions to prevent risks [3].

#### **3.2 Risks in assessment and certification activities of certification bodies**

Within the scope of the study, the risks used in the design of the model are considered as the risks arising from the assessment and certification activities of the organizations, the human resources, physical and technical resources used in these activities, internal verification activities, assessment materials, the impartiality and reliability of the assessment, and certification activities.

While determining the risks, they are defined as situations or events that may cause significant or major noncompliance if they occur within the organizations, and that may cause the suspension or cancelation of the authority of the institutions. The identified risks were also confirmed by an expert group consisting of lead auditors appointed by VQA to take part in the audits of the organizations. Risks have been determined under the main headings and the risks are listed in **Table 1** under the main headings.

The model designed in this study was used to evaluate the risks (**Table 1**) and it was proposed as a new risk assessment method.
