Article Category: Research Article
Published Online: Mar 29, 2023
Page range: 1 - 16
DOI: https://doi.org/10.2478/ijcm-2022-0014
Keywords
© 2023 Sylwia Bąk, published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Risk management is a specific area of management. This specificity is due to the dual functions it performs within the company. First, risk management is a separate management domain fulfilling mainly a preventive role in protecting the organization against the effects of the materialization of key risk factors. Second, it is a component of an integrated corporate management system in which risk plays a key role, and effective risk management determines the effectiveness in many functional areas of the company.
Risk management often determines the ability of enterprises to survive and thrive in an unpredictable economic environment (Christopher et al., 2011; Elahi, 2013; Skrzypek, 2013; Bromiley et al., 2015). A systemic approach allows risk management to be regarded as a system that integrates management domains, hierarchical levels, and processes, as well as relationships and interactions. Consequently, systemic risk management allows enterprises to respond proactively to the complexity of the environment and, in the context of a process approach, represents a set of interrelated processes for identifying, assessing, analyzing, countering, and monitoring risks (Hilson, 2006; Fischer et al., 2010; Dionne, 2013).
One of the characteristics of risk management is that it is firmly embedded in many other management domains. Indeed, between the risk management system and the enterprise management system there should be a continuous exchange of information based on structural, process-related, and purposeful interactions (Kaczmarek, 2010). Furthermore, the structure of risk management should result from the enterprise strategy and take into account its external and internal conditions, as well as its objectives, procedures, standards, and organizational structure. A risk management system structured in this way should ensure that business continuity is maintained and that a competitive advantage is built or maintained, even in crisis (Jedynak and Bąk, 2021).
The positioning of risk in the enterprise management system is intrinsically linked to the core processes of risk management and manifests itself in the most common preventive measures taken against identified risks. The direct role that risk management plays in corporate management can be seen, among others, in the following management domains: strategic management, operational management, financial management, quality management, human resources management, project management, investment management, and innovation management.
The issue of risk in business activities is the core of analysis in strategic management conditioning the implementation of strategic goals. One of the goals of strategic management is to be able to understand the peculiarities of risk, which makes it possible to diagnose the type and scope of threats to the enterprise, assess their expected impact on the enterprise, and ensure business continuity (Urbanowska-Sojkin, 2012; Schroeder, 2014). The risks occurring in the environment of enterprises are also pivotal for the selection of a development concept, which is one of the leading phases of strategic management. In this case, an adequate assessment of risks and the development of ways to mitigate them determines the maintenance of the current competitive position or its strengthening, and thus also conditions the effectiveness of strategic management. A strategic approach to risk in enterprise should therefore be based on inferences drawn from the recognition of business practices in creating growth in the face of increasing threats, mainly economic and technological ones (Goodfellow and Raynor, 2004). These types of increased threats and the need to take them into account in strategic management processes have contributed to the development of new long-term management methods and tools based on risk. In recent decades, there has been intensive development of a strategic approach to risk management, both in the private sector and at the level of managing the development of society, economies, and countries (Claessens et al., 2002). This approach was, in a way, forced by the ubiquitous economic uncertainty, which should be managed in such a way as to become a measurable risk, the occurrence of which can be prepared and sometimes even prevented by implementing appropriate preventive actions against the identified risks. The next stage of the observed development of the strategic approach to risk was the development of a new conceptual trend. Given the interplay between risk management and strategic management, and in the wake of the global financial crisis, the concept of strategic risk management (SRM) has been developed. The new post-crisis approach to strategic management aims to improve the process of identifying, assessing, and managing risk factors that could cause huge losses or even lead to bankruptcy. However, the main objective of this concept is to perfect the ability to recognize the early signals of crises and to mitigate the scale of their negative effects. The achievement of the stated SRM goals should ultimately make it possible for enterprises to implement strategic security solutions, reduce susceptibility to crises, and prepare to change the business model in response to a potential crisis (Calandro, 2015).
Another consequence of the strategic approach to risk management, and thus a manifestation of the intensive development of this relatively new field of management, is the development and use of appropriate preventive or remedial tools, enabling long-term planning of dealing with key risk factors. However, these tools are sector-specific. Others will be appropriate, for example, for activities in the construction sector, others in the financial sector, and still others in the IT sector, etc. The next issues related to the role of risk management in strategic management are strategic risks, that is, those that a given entity (company or country) considers to be key from the point of view of the conducted activity. The main management efforts should therefore focus on strategic risks, both in normal operating conditions and in crisis situations. Strategic risks during the crisis are of particular importance because maintaining business continuity depends on the appropriate approach to managing them (Jedynak and Bąk, 2021).
In their day-to-day operations, enterprises have to face primarily microscale risks and threats related to legal regulations, the specifics of their core business, the competences of employees, and the efficiency of control systems and mechanisms. Operational risk management (ORM) is a distinct management concept that integrates operational management with risk management. The concept is crucial in shaping corporate performance (Naude and Chiweshe, 2017). The main objective of a proactive approach to operational risk should be to improve the adequacy of business decisions, improve efficiency, ensure constant financial results, and maintain the established market position. Despite the availability of a wide range of insurance services, which constitute known operational risk protection tools (Manning and Gurney, 2005), these goals can only be achieved through the integration of enterprise strategy and operational processes. ORM should be a management imperative, first because of the impact of small operational problems on the expansion of risk into other business domains in the form of a chain reaction (Kleindorfer and Saad, 2005), and second because of the need to strengthen awareness of operational threats in order to shape resistance to these threats and balance the needs of stakeholders, for example, customers, suppliers, employees, shareholders, and regulators (Kumar et al., 2014).
In order to balance the needs of all stakeholders, a detailed and cyclical identification of risk factors is necessary. The key to effective operational management is the appropriate approach to the risks considered operational, that is, those related to the day-to-day operations of the company. An appropriate approach to operational risks is so important because neglecting protection against everyday threats to the company can sometimes turn into a serious long-term crisis or generate many problems in various functional areas of the company. The operational risk is the risk of loss resulting from incorrect internal processes, human or system errors, and external events. Depending on the sector in which the company operates, these may be, for example, breakdowns, frauds, billing errors, product defects, sales problems, etc. (Coleman, 2010).
Enterprises are required to conform to market requirements and the progressive volatility of the environment. To this end, they undertake complex, multi-faceted projects that require the use of specialized project management methods (Frame, 2001; Trocki, 2012). Risk identification, assessment, and analysis processes should occur at all stages of project management, mainly in areas such as quality management, time management, cost management, procurement management, communication management, and integrity management. The overriding goal of project risk management is to keep risks within acceptable limits within the context of the established limits of profitability, rationality, and costs (Cooper et al., 2005). Ward and Chapman (2003) further indicated that project risk management should focus on managing chances in proportion to the focus on the risk of project failures. This is because overestimating risks can result in a decrease in the effectiveness of project work, which can then negatively affect the end result. Furthermore, the approach to risk management should not be limited to the achievement of objectives of a single project, but it should holistically monitor the integration of particular projects’ risks with strategic objectives on an ongoing basis (Dai and Wells, 2004; Sanchez et al., 2009).
From the above, it follows that project management and risk management are related in several ways. Concretely, the relationship between these two functional areas can be understood in two ways: first, as dealing with many threats occurring in various phases of project management (where the responsibility for counteracting these threats is most often shared between many people involved in the implementation of the project), and second, as project failure, that is, the risk of inability to implement the intended project (where responsibility lies with the people managing/supervising the project). The risk associated with the success or failure of the entire project, and more specifically the management of this risk, should be strictly dependent on the situational context. This means that threats that will hinder the implementation of the project depend on the industry, the degree of preparation for its implementation, environmental conditions, etc. And these circumstances determine the actions that will be taken as part of project risk management.
Risk in corporate financial management can be considered a crucial aspect of developing and implementation financial plans that determines the ability to follow trends in global or national financial policy formation (Li, 2003). Besides being recognized as a leading risk area concerning the possibility of the occurrence of financial losses, financial risk is also regarded as a factor that, if properly managed, can reduce the overall level of risk and, through this, reduce the costs of incurring it, which can have the effect of increasing the value of the enterprise (Fairchild, 2002). For this reason, among others, risk is firmly embedded in financial management methodologies. However, risk assessment techniques and tools, for example, financial ratios (liquidity, debt, profitability ratios), only allow for identification of risk exposure at the time of measurement. Therefore, it is necessary to implement early warning methods for financial problems that go beyond the statistical or mathematical calibration of financial risk models. Furthermore, financial risk management should take into account both macroeconomic risk (globalization challenges, economic uncertainty, financial crises) (Hammoudeh and McAleer, 2015) and microeconomic risk (equity risk, interest rate risk, credit risk, liquidity risk, commodity price risk, market risk, counterparty risk, operational risk) (Garcia and Javier, 2017). Financial risk management processes should also allow defining their own transparency requirements for financial instruments, developing models for generating and processing information about threats to and opportunities for profitability, and taking into account the causes and consequences of systemic risk (Mertzanis, 2014).
Investing activities undertaken by companies and, above all, their success understood as profit generation are made possible by hedging against their negative consequences (Merková and Drábek, 2015). Investment decisions are inextricably linked to risks that cannot be eliminated. They include various investment risk factors (risk of turnover, risk of demand for shares and other securities, the macroeconomic situation in the country and around the world) and the risk of non-compliance with requirements of stock exchanges and guidelines of stock exchange supervisory authorities (Bąk, 2018). What has to be done is to accurately assess the risks and develop ways of dealing with the consequences of their materialization. Components of integrated risk management, such as early warning and rapid response systems, for example, prove helpful in this. Investment controlling is a supporting tool for enterprises in investment risk management. It makes it possible to coordinate all stages of the investment process, adjust the budget appropriately, control the execution of investment projects on an ongoing basis, measure efficiency, and monitor the achievement of investment objectives. Other ways of reducing investment risks are, for example, diversification of the investment portfolio (Jakšić and Leković, 2015), optimal allocation of investments in the capital management system (Li and Wu, 2009), and hedging, which allows protecting assets from losses due to unforeseen events and providing greater flexibility of investment activities (Czyżowska, 2016).
Risk management systems in enterprises should be coherent with their established quality goals. Following the ISO 9001 standard, companies must integrate quality management systems into their business processes, taking into account risk and uncertainty. A risk-based approach to management is therefore the primary intention of modern quality management. Quality management systems are ultimately intended to contribute to the prevention or reduction of undesirable events occurring in the production process. The main risk factors determining what measures enterprises apply in their quality management (Jedynak et al., 2001) are the following: the risk of using an inadequate quality control system, the risk of reducing product quality, the risk of reducing production volumes due to negative changes in the quality of the final product, the risk of disruptions in the production process, and the risk of generating additional quality costs. Effective risk analysis processes in a quality management system should constitute a source of information on actions necessary to develop the enterprise without undesirable disruptions, while maintaining production continuity, meeting customer requirements and improving competitiveness. Risk management is treated as a determinant of the quality of management of the entire enterprise, so in addition to the area of production operations, an analysis of risks in a quality management system should also refer to non-production undertakings, the implementation of administrative and personnel changes, and the improvement of the formation of relations with the environment (Lisiecka, 2012). A complex approach to risk is the basis for the improvement of the quality management system (Kozakiewicz and Sawicki, 2017) and facilitates a pro-quality approach to enterprise management (Williams et al., 2006), which is the core goal of the concept of total quality management.
Errors in the design of an enterprise’s HR policy, its implementation, or its application can cause a number of risk factors, often with irreversible or destructive consequences. For this reason, analyzing the significance of risk in human resource management has become an important research issue (Becker and Smidt, 2016). What can be observed in the literature on risk management is the appearance of a new trend in theoretical and business research, namely human resource risk management (cf. Oborilová et al., 2015; Huang et al., 2017; Mitrofanova et al., 2017). The causes for the appearance of risk in human resource management can be seen in, for example, insufficient qualifications of employees and management teams, inadequate decisions made during the recruitment process, a poorly functioning system of employee training and development, shortcomings of the remuneration and incentive system, non-compliance with ethical principles, and failure of employees to comply with legal regulations, as well as other rules and procedures functioning in the enterprise (Bochniarz and Gugała, 2005; Lipka, 2002).
Enterprises oriented toward innovation face the challenge of mitigating technological, economic, and market risks, especially due to the heterogeneous structure of national innovation systems, as well as economic and market instability. The risks to innovation activities of enterprises should be analyzed, taking into account the goals derived from the main strategy (da Silva Etges and Cortimiglia, 2019), and their evaluation should be a central point in decision-making processes in enterprises that undertake such innovative activities (Deptuła and Knosala, 2015). The rapid development of the innovation market resulting from technological advances creates increasing uncertainty about the internal and external drivers of the evolution of innovative business (Nagano et al., 2014). This uncertainty, therefore, justifies treating risk management as a key stage in innovation management (Hauser et al., 2006; Wong and Chin, 2007). The implementation of innovation in company should always be treated as a driver of growth, however, with a co-existing proactive approach to risks and threats (O’Connor et al., 2008). Using such a combination, it is possible to reconcile uncertainty and risk with a differential business environment, which, in turn, makes it possible to generate expected profits from innovation activities. In doing so, it is worth taking into account the key features of innovation risk, namely intangibility and globalization (Giugliani, 2012). In innovation risk management, more than in other areas of management, it is the time horizon of undertaken activities that is important, as the time between the initiation of an innovative venture and its actual implementation may pose the risk of depriving the activity of its innovative features. This fact should significantly determine the shape and dynamics of the risk monitoring and response process (da Silva Etges et al., 2017).
In view of the identified research gap regarding the lack of a synthetic presentation of knowledge on the degree to which risk management is embedded in enterprise management systems, the main research objective was formulated as the identification of risk prevention activities taken within different management domains, as exemplified by enterprises listed on the Warsaw Stock Exchange and representing the sectors of financial services, construction, and IT. In conjunction with the research objective, the following research questions were posed:
In which management domains are the measures taken against the risk factors identified in the analyzed enterprises located?
Which risk management measures are taken by the analyzed enterprises within the respective management domains?
In which management domains are measures against risks taken most often by the analyzed enterprises?
In order to achieve the research objectives and answer the research questions, a triangulation of research methods was used (Flick, 2018). Qualitative research methods played a dominant role in the research. First, the method of content analysis of the source documents (Bowen, 2009) generated by the analyzed enterprises was used to identify their declared activities taken visà-vis identified risk factors. Next, the one-step logical classification method (Bailey, 1994; Saran, 2014) was used to arrange the research material collected during the content analysis of the documentation. The rigour of this method was adhered to by fulfilling the criteria of exhaustiveness and separability when assigning the risk-related activities identified in the analyzed enterprises to particular management domains. Another method used in the research process was exemplification (Kaźmierska, 2018). It was used to illustrate, with specific examples, the degree to which risk management is embedded in the management systems of the analyzed enterprises. The research process also used the comparative analysis method (Esser and Vliegenthart, 2017) to compare the enterprises intra-sectorally and cross-sectorally in terms of the selected management aspects.
The enterprises participating in the research were selected by way of purposive sampling. They were Polish enterprises listed on the main (primary and parallel) markets of the Warsaw Stock Exchange on both June 25, 2019 and September 10, 2021 and representing on the respective dates the most numerous sectors of financial services, construction, and IT. A total of 107 enterprises meeting the above criteria were identified. Their division into sectors and subsectors is presented in Table 1.
The enterprises selected for the research
| Sector | Sub-sector | Designations of enterprises | Number of enterprises in the sub-sector | Number of enterprises in the sector |
|---|---|---|---|---|
| Construction (CON) | Construction | CON 1-CON 38 | 38 | 38 |
| Financial Services (FS) | Banks | FS 1-FS 12 | 12 | 28 |
| Leasing and factoring | FS 13 | 1 | ||
| Financial intermediation | FS 14-FS 15 | 2 | ||
| Capital market | FS 16-FS 21 | 6 | ||
| Insurance | FS 22-FS 24 | 3 | ||
| Debt collection | FS 25-FS 28 | 4 | ||
| IT (IT) | Information technology | IT 1-IT 24 | 24 | 41 |
| Media | IT 25-IT 38 | 14 | ||
| Telecommunication | IT 39-IT 41 | 3 | ||
| - | - |
Source: GPW spółki,
In the presentation of the research results, anonymised names of the analyzed enterprises were used and presented according to an established key: a sector name abbreviation and an ordinal number: Financial Services (FS1 – FS28), Construction (CON1 – CON38), and IT (IT1 – IT41).
The documents of the analyzed enterprises that were used as sources of empirical data in the research process included the following:
annual reports (financial statements and management reports),
reports on capital adequacy as well as other information and disclosures subject to obligatory publication by entities listed on the WSE,
non-financial information statements,
corporate governance statements,
integrated reports and sustainability reports.
The measures taken by enterprises in relation to risk can be divided based on the criterion of a management domain in which a given measure is applied. These domains are the following (Tables 2, 3, 4):
strategic management,
operational management,
financial management,
quality management,
human resource management,
project management,
investment management,
innovation management.
Taking risks into account in the particular management domains of the financial services sector enterprises participating in the research – main activities
| Domain/FS | Strategic management | Operational management | Financial management | Quality management | Human resource management | Investment management | Innovation management | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 1 | 2 | 3 | 4 | 5 | 6 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 1 | 1 | 2 | 3 | 1 | 2 | 1 | |
| FS 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| FS 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| FS 3 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
| FS 4 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
| FS 5 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| FS 6 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| FS 7 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||
| FS 8 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| FS 9 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
| FS 10 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| FS 11 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
| FS 12 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| FS 13 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||
| FS 14 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||||
| FS 15 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||
| FS 16 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||
| FS 17 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| FS 18 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||
| FS 19 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||||
| FS 20 | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||||||
| FS 21 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||
| FS 22 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||
| FS 23 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| FS 24 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||
| FS 25 | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||||||
| FS 26 | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||||||
| FS 27 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||
| FS 28 | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||||||
Source: the author’s own work.
Explanation (to Table 2):
1 – integration of risk management processes with business decision-making processes (i.e., taking risk into account in a business strategy and strategic objectives)
2 – continuous monitoring of the market and competitors’ behavior
1 – collection of data on events, losses, and abuses supported by an IT system and scenario analyses, attestations, review and audit reports, managerial reporting
2 – continuous measurement, assessment and monitoring of operational risks using quantitative and qualitative metrics
3 – functioning of the internal control system
4 – a policy of low tolerance for operational losses, including the setting of limits for risk appetite, tolerance, and exposure
5 – keeping abreast of changes in current legislation, as well as recommendations and guidelines from national and European Union supervisory institutions
6 – developing, implementing, and maintaining policies and procedures for operational risk management activities
1 – application of risk valuation (rating, scoring) models adapted to the customer segment, type of product and transaction, rules for establishing and monitoring legal collaterals for credits
2 – continuous process of receivables monitoring and collection
3 – continuous assessment of counterparty credibility and customer creditworthiness, taking into account, among other things, a detailed analysis of the exposure repayment source
4 – establishment of a policy for the use of hedging instruments and ongoing assessment of their reliability (including the use of hedging accounting)
5 – establishment and monitoring of risk concentration limits and risk diversification
6 – monitoring of early warning signs, stress testing, historical analysis, validation testing, and sensitivity analysis
7 – regular monitoring of the credit portfolio (control of all important credit risk parameters)
8 – creation of write-downs (protection against impairment), as well as limits, provisions and capital buffers
9 – limiting exposure to the market risk (including the use of the parametric VaR model) and liquidity risk through a system of limits, liquidity buffers, and contingency funding plans
10 – limiting potential losses from changes in market interest rates and currency exchange rates through appropriate structuring of balance sheet and off-balance sheet items
11 – restrictive procedures for products/services provided on preferential terms, including “forbearance” practices
12 – use of insurance cover
1 – monitoring the quality and compliance of offered products and services (including the ongoing handling of customer complaints and claims and the development of an external communication strategy to continuously monitor customers’ needs and expectations regarding the quality and parameters of products and services)
1 – existence of separate units/job positions in the organizational structure responsible for managing specific risks and preventing abuses
2 – continuous monitoring of employees’ compliance with ethical principles and a culture of commitment
3 – an advanced human resource policy (concerning recruitment, appraisal, development, remuneration, and retention of staff) limiting the risk of incompetence and errors
1 – hedging of capital market transactions (including overall exposure limits)
2 – a dividend policy implemented in line with the prudent management principle and regulatory requirements
1 – continuous improvement of IT tools and technological solutions to ensure the security of enterprise information on itself, its customers, and business partners, as well as the security of its transactions
Taking risks into account in the particular management domains of the construction sector enterprises participating in the research – main activities
| Domain/CON | Strategic management | Operational management | Financial management | Quality management | Human resource management | Investment management | Innovation management | Project management | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 1 | 2 | 3 | 4 | 5 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 1 | 2 | 1 | 1 | 1 | 1 | 2 | |
| CON 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| CON 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| CON 3 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
| CON 4 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||
| CON 5 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
| CON 6 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
| CON 7 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||
| CON 8 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||
| CON 9 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
| CON 10 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| CON 11 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||
| CON 12 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| CON 13 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||
| CON 14 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||
| CON 15 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||
| CON 16 | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||
| CON 17 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| CON 18 | ✓ | ✓ | ✓ | |||||||||||||||||||||
| CON 19 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||
| CON 20 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| CON 21 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
| CON 22 | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||
| CON 23 | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||
| CON 24 | ✓ | ✓ | ✓ | |||||||||||||||||||||
| CON 25 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
| CON 26 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||
| CON 27 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| CON 28 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||
| CON 29 | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||||||||
| CON 30 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| CON 31 | ✓ | ✓ | ✓ | ✓ | ||||||||||||||||||||
| CON 32 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| CON 33 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
| CON 34 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||
| CON 35 | ✓ | ✓ | ✓ | |||||||||||||||||||||
| CON 36 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
| CON 37 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||||
| CON 38 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
Source: the author’s own work.
Explanation (to Table 3):
1 – ongoing monitoring of the market, the economic situation in the country, the behaviors of competitors, as well as announcements of public and non-public procurement procedures
2 – building lasting relations with customers based on partnership and taking care of the quality of provided services
3 – cooperation with well-established contractors and suppliers with proven creditworthiness
4 – continuous efforts to attract new customers/win contracts, including monitoring customers’ needs and expectations and expanding business into foreign markets
1 – continuous analysis, review, and improvement of risk identification mechanisms and monitoring of risk exposure
2 – definition of a maximum acceptable risk limit and its ongoing control
3 – keeping abreast of changes in current legislation and the requirements of supervisory institutions
4 – observing restrictive conditions of cooperation with suppliers, subcontractors, and other entities of the supply chain in order to spread the risk of transactions in a way that maximizes the company’s security, for example, through insurance and bank guarantees, cash deposits, etc.
5 – cyclical training in occupational health and safety, fire safety, and environmental protection to maximize the reduction of the possibility of accidents at work, technical infrastructure failures, and environmental damage
1 – acceptance of orders ensuring a positive margin (refraining from participation in procurement procedures in which entities offering services below the cost of providing them are selected)
2 – performance of long-term, fixed-price, high-unit-value contracts as well as operational agreements to reduce the seasonality of revenues
3 – monitoring cash flows from each contract and matching inflows and outflows over time (individual cost valuation, analytical account, and budget for each contract)
4 – entering into contracts with subcontractors and suppliers expressed in the contract currency (natural hedging)
5 – application of insurance cover and “force majeure” clauses and other safeguards in contracts in order to limit financial losses resulting from contractual penalties and damages for non-performance or improper performance of a contract
6 – diversification of revenue sources (contractors and suppliers of materials and equipment)
7 – debt collection measures aimed at insolvent customers and contractors
8 – monitoring the risk of lack of funds by means of a periodic liquidity planning tool (taking into account the timeliness and amounts of receivables collection) and securing liquidity by maintaining access to a credit line and guarantee limits
1 – a policy of continuous improvement of the quality of provided services and products
2 – strict compliance with technical procedures related to the quality of contract performance and compliance with procedures contained in internal or external norms and standards, including ISO standards
1 – an advanced human resource policy (concerning recruitment, appraisal, development, remuneration, and retention of staff) limiting the risk of incompetence, errors, and loss of key employees
1 – use of financial instruments, particularly by entering into forward hedging transactions, currency options, and fixed interest rate derivatives (IRS, CIRS)
1 – continuous improvement of IT tools and technological solutions to ensure the security of enterprise information on itself, its customers and business partners, as well as the improvement of offered products and services
1 – offering comprehensive solutions to reduce the risk of lack of integrity and synchronization in the management of construction projects, including continuous monitoring of the quality and progress of project work
2 – individual project management procedures for each contract
Taking risks into account in the particular management domains of the IT sector enterprises participating in the research – main activities
| Domain/IT | Strategic management | Operational management | Financial management | Quality management | Human resource management | Project management | Investment management | Innovation management | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 1 | 2 | 3 | 1 | 2 | 3 | 1 | 1 | 1 | 1 | 1 | 2 | |
| IT 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
| IT 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| IT 3 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
| IT 4 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| IT 5 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| IT 6 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||
| IT 7 | ✓ | ✓ | ✓ | ||||||||||||||
| IT 8 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| IT 9 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| IT 10 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
| IT 11 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| IT 12 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
| IT 13 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| IT 14 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| IT 15 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| IT 16 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| IT 17 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| IT 18 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| IT 19 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
| IT 20 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||
| IT 21 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| IT 22 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| IT 23 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||
| IT 24 | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||||
| IT 25 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||
| IT 26 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| IT 27 | ✓ | ✓ | ✓ | ✓ | |||||||||||||
| IT 28 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| IT 29 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| IT 30 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
| IT 31 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||||
| IT 32 | ✓ | ✓ | ✓ | ✓ | |||||||||||||
| IT 33 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||||
| IT 34 | ✓ | ✓ | |||||||||||||||
| IT 35 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
| IT 36 | ✓ | ✓ | ✓ | ||||||||||||||
| IT 37 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||||||
| IT 38 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
| IT 39 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
| IT 40 | ✓ | ✓ | ✓ | ✓ | |||||||||||||
| IT 41 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
| TOTAL | |||||||||||||||||
Source: the author’s own work.
Explanation (to Table 4):
1 – continuous monitoring of the IT and telecommunications market, the economic situation in the country, and the behavior of competitors
2 – continuous efforts to strengthen the company’s position in the domestic market by winning new contracts and expanding into global markets
3 – implementation of procedures related to tenders for providing infrastructure and IT solutions for the public sector
4 – cooperation with partners with an established position on the market and proven creditworthiness
5 – tracking demand for IT products and services in order to respond flexibly to changing trends
1 – keeping abreast of changes in current legislation
2 – diversification of suppliers of specialized IT hardware, software, and solutions, as well as efforts to diversify customer/recipient groups
3 – procedures in place to deal with failures of hardware, software, IT systems, etc. to prevent downtime and failure to fulfil accepted orders
1 – ongoing monitoring of the degree of indebtedness and ability to fulfil obligations and negotiation of interest rates with lending banks
2 – application of insurance cover, as well as relevant clauses and other safeguards in contracts (including licences and concessions) in order to limit financial losses due to contractual penalties or termination of software use license agreements
3 – monitoring the timeliness of transfers made by customers and, if necessary, taking debt collection measures
1 – continuous improvement of the quality of offered products and services through, among other things, ongoing capital expenditure and development work
1 – an advanced human resource policy (concerning recruitment, appraisal, development, remuneration, and retention of staff) limiting the risk of incompetence, errors, and loss of key employees
1 – application of world-standard methods for estimating costs of projects, establishing deadlines, and estimating risks that may jeopardize the timely, substantive, or financial completion of project tasks
1 – use of financial instruments (e.g., futures contracts) to hedge against adverse movements in interest rates and currency exchange rates
1 – continuous improvement of IT tools to ensure security of confidential information and prevent infringement of third parties’ intellectual property rights
2 – a policy of continuous development of implemented IT innovations, solutions, equipment, and technologies
As can be seen from the analysis of whether enterprises in the financial services sector take risks into account in their management domains (Table 2), the analyzed enterprises most often take measures against risks in the domains of financial management and operational management. In the domain of operational management, a formal internal control system is a measure that all analyzed enterprises implement (28/28). The second most-popular measure (in terms of the frequency of implementation in the analyzed group) within the domain of operational management is the ongoing monitoring of changes occurring in current legislation, as well as the recommendations and guidelines of national supervisory institutions and the European Union (22/28), in order to continuously adapt operational tasks to external formal and legal requirements. On the other hand, in the case of measures employed in the area of financial management, the analyzed enterprises representing the FS sector most often minimise possible losses due to changes in market interest rates and currency exchange rates by appropriately shaping the structure of balance sheet and off-balance sheet items (24/28) and reduce their exposure to the market risk (among other things, by using the parametric VaR model) and liquidity risk (through a system of limits, liquidity buffers, and contingency funding plans) (20/28).
In the case of the enterprises representing the CON sector, risk is most often addressed in strategic and operational management (Table 3), although its significance can also be observed in financial management. In the domain of strategic management, the analyzed enterprises from this sector constantly monitor the market, the economic situation in the country, the behavior of competitors and announcements of public and non-public procurement procedures (36/38) in order to reduce the risks arising from failure to adapt to the observed changes and the need to constantly seek new customers and win contracts to ensure continuity of operations. They also very often limit their cooperation to only well-established contractors and suppliers with proven creditworthiness (26/38). In the case of operational management, the analyzed CON enterprises attach particular importance to adhering to strict terms and conditions of cooperation with material suppliers and subcontractors, as well as with other actors in the supply chain, in order to spread the transaction risk in a way that maximises the company’s security, including through insurance, bank guarantees, cash deposits, etc. (30/38). They also keep abreast of changes in current legislation and the requirements of supervisory institutions (24/38) in order to avoid complications related to failure to adapt contract performance to legal considerations.
In the IT sector, measures in the face of identified risks are most often applied in the domains of strategic and operational management (Table 4), but the importance of taking risks into account in human resource management is also evident. When it comes to strategic management in the IT sector, the analyzed enterprises most often monitor, on an ongoing basis, the IT and telecommunications market, the economic situation in the country, and the behavior of competitors (37/41). They also very often track the demand for IT products and services in order to react flexibly to changing trends (30/41). In the domain of operational management, on the other hand, the largest percentage of the analyzed enterprises keep up to date with changes in current legislation (33/41), which determines the possibility of continuing operations, and such changes force them to adapt, often involving additional financial expenditure or changes of an organizational nature. In operational management, the analyzed enterprises often diversify suppliers of specialized hardware, software, and IT solutions and seek to diversify customer/recipient groups (22/41) to avoid problems of overconcentration.
The results of the research that was carried out clearly confirm that risk determines the functioning of enterprise management systems and is evident in the activities undertaken by the analyzed enterprises in all management domains. This confirms that risk management should not function as a separate system independent of other dimensions of an enterprise’s activities but as an integrator of all these dimensions. This conclusion is largely consistent with the findings reported by other authors, for example, Schiller and Prpich (2012), who consider risk management as a key management domain that aims to integrate an enterprise’s approach to risk with its leading objectives derived from its strategy. In addition, the degree of maturity of the functioning risk management system is of great importance. The higher level of risk management maturity indicates a stronger integration of the risk approach with other functional areas of the enterprise (Bąk and Jedynak, 2023).
The research results show that the analyzed enterprises implement measures targeted at risks in the domains of strategic management and operational management. This conclusion is also supported by other studies. Indeed, Suchith Reddy (2015) emphasises the huge role of risk management in both the strategic and operational dimensions, confirming that identified risks should, on the one hand, condition the setting of long-term objectives and plans of an enterprise and, on the other hand, be taken into account in all ongoing, short-term activities, at every hierarchical level and in all areas of management. Bromiley et al. (2016) also indicate that it is necessary to constantly implement strategic actions aimed at mitigating the negative effects of all risks to which the enterprise is exposed. In turn, the results of the Singh and Hong (2020) study show that the effectiveness of risk management in both strategic and operational aspects has a real impact on the results and position of the enterprise.
Undoubtedly, crisis situations highlight the key role of risk in all business processes. The main reason for this is the crisis that causes a number of implications for enterprise management, including organizational, personal, financial, technological, procedural, logistic, and image implications. Moments such as the global financial crisis or the global COVID-19 pandemic have exposed many shortcomings in enterprises’ management systems, resulting in a lack of adequate preparation for crisis-like changes. From the experiences of enterprises acquired during these crises, it can be concluded that only by looking at management in all functional business areas through a prism of the risks occurring in such areas (even under normal, non-crisis conditions) does an enterprise have a chance of developing resilience to crises and developing anti-crisis measures in the event of their materialization (Jedynak and Bąk, 2021). This conclusion is fully consistent with the research findings presented in this text. Strategies, ongoing activities, finances, quality, human resources, projects, investments, and innovations should therefore be planned, implemented, and monitored from the point of view of the risk factors to which they are linked. Moreover, due to the fact that the idea of crisis management is the integration of prevention and counteraction (Glaesser, 2006), the special role of risk management in dealing with various types of crisis in the enterprise is evidently clear.
This text attempts to determine to what extent risk management is embedded in enterprise management systems. As the results of the conducted research show, risk management is present in all management domains identified in the analyzed enterprises. The most common approach to risk within particular management domains is evident in the preventive measures taken by the organizations under analysis. The research also confirms that measures targeted at risk are taken by the examined enterprises in most of the management domains (in all analyzed sectors), and most intensively in strategic management, operational management, and financial management.
The detailed research results presented in this text have several management implications for enterprises, both those that have been examined and other representatives of the analyzed sectors. These implications include: facilitated prioritization of risk factors, diagnosis of the degree of advancement of preventive actions taken against risk in various functional areas in competitive enterprises in a given sector, facilitating the planning processes of corrective and preventive actions against identified risks, and stimulating the creation of resilience mechanisms both in strategic and operational dimensions.
The fact that the research focused on just three business sectors may be seen as its limitation. However, numerous research samples and the fact that the selected sectors of financial services, construction, and IT are so distant from each other in terms of specifics and operating conditions allows assuming with a high degree of probability that similar results would also be seen in the case of enterprises representing other sectors of the economy. However, this hypothesis would need to be verified. Therefore, for future research in this area, it is recommended to expand a sample of enterprises to include representatives from other sectors. Furthermore, future research should have a broader scope. In addition to identifying measures taken against risks in different management domains, it would also be necessary to check (1) whether such measures produce tangible results in the form of enterprises’ strengthened resilience to disturbances and crises or (2) what the share of business stakeholders (both internal and external) in the implementation of risk prevention activities in various management domains is.