Risk Management System at an Engineering Enterprise in Conditions of Ensuring Security

Risk Management System at an Engineering Enterprise in Conditions of Ensuring Security

Nataliia PetryshynOleh Mykytyn Olga Malinovska Olena Khalina Olha Kirichenko 

Department of Foreign Trade and Customs, Lviv Polytechnic National University, Lviv 79000, Ukraine

Department of Public Administration and Business Management, Ivan Franko National University of Lviv, Lviv 79059, Ukraine

Department of Financial and Economic Security, Accounting and Taxation, Ukrainian Academy of Printing, Lviv 79039, Ukraine

Department of Economy, Management and Commercial Activity, Central Ukrainian National Technical University, Kropyvnytskyi 25000, Ukraine

Corresponding Author Email: 
petryshyn.nataliia.edu@gmail.com
Page: 
525-531
|
DOI: 
https://doi.org/10.18280/ijsse.120414
Received: 
1 July 2022
|
Revised: 
15 August 2022
|
Accepted: 
20 August 2022
|
Available online: 
31 August 2022
| Citation

© 2022 IIETA. This article is published by IIETA and is licensed under the CC BY 4.0 license (http://creativecommons.org/licenses/by/4.0/).

OPEN ACCESS

Abstract: 

In modern conditions, the problem of the survival of companies, and the preservation and provision of their further development has become particularly relevant. The crisis has engulfed not only individual enterprises but entire industries. The most affected, in particular, is the engineering industry. The main purpose of the study is the formation of a risk management system at an engineering enterprise in terms of ensuring its security. To do this, we applied the IDEF0 modelling methodology with its main elements. The dynamism of the economic environment and the complexity of the links between its elements necessitate the adoption of informed management decisions in the face of risk and uncertainty of future results. Risk management is becoming an obligatory activity for engineering enterprises, implementation of projects, and operations. Based on the results of the study, a basic IDEF0 model of the risk management system at an engineering enterprise in terms of ensuring its security was formed. The study has limitations and, first of all, they relate to the specifics of the activity of engineering enterprises, other areas of activity are not taken into account. Further research requires expanding the model and taking into account not only risks but also threats and direct dangers.

Keywords: 

security, engineering enterprise, risk management, model, system

1. Introduction

Today, most enterprises are faced with the problem of the critical impact of entrepreneurial risks on the efficiency of doing business, the possibility of modernization, and expansion of activities. As practice shows, there is a reasonable reason for the emergence of risks in entrepreneurial activity due to the impossibility of calculating the result and taking into account the influence of various factors on it. In order to reduce the impact of risks, identify possible consequences for the enterprise in a risky situation, to neutralize the negative results of such an impact on the activities of the enterprise, it is necessary to constantly update the arsenal of methods, models, approaches to risk management in the enterprise. Therefore, this problem is relevant today.

Modern tasks of risk management at engineering enterprises are associated with the problem of dynamic changes in the internal and external environment. Changes in our lives are unpredictable. Everywhere, including in business, uncertainty is growing. This situation contributes to a significant impact of risks and the emergence of new species. Enterprises pay for underestimating risks with financial losses, a decrease in the value of shares and capital, a damaged reputation, the transfer of valuable employees to other companies, the dismissal of top managers, and even bankruptcy. Basically, risks arise as a result of unsuccessful internal management, unexpected decisions, and actions of the company's counterparties in the external environment. Risk management tools and systems are not well developed yet. In engineering companies, each risk is generally considered separately. In contrast to this approach, risk management in modern theory and practice is considered an integrated management system in the enterprise management system.

The issue of risk management ceases to be considered at the level of a narrow-profile area of professional activity of a manager and becomes the object of direct attention of the subjects of managerial activity, regardless of the level of their organizational hierarchy [1]. The risk management process is constantly becoming more complex and acquiring the features of an integral element of the enterprise management system. If the risk is inevitable, then the problem of its assessment, analysis, and management is of particular relevance. In the course of the analysis, the picture of possible risk events, the likelihood of their occurrence, and the consequences become obvious. After comparing the obtained risk values with the maximum permissible ones, a risk management strategy is developed, and on this basis, ways to prevent and reduce risk. The issues of risk management, taking into account the complexity and multi-vector manifestation of their content, can be considered both at the level of the structural part of any of the educational disciplines of the managerial persuasion (personnel management, management, and administration, the basics of modern project and innovation management) and the level of the levels of independent educational disciplines. The level and scope of studying the problems of risk management depend on the direction of professional activity, in which the acquired knowledge and skills will be used.

Risk management in modern conditions requires the use of special knowledge and skills in the formation of complex management systems. To survive in a competitive market environment, an enterprise needs to make sound risky decisions aimed at creating competitive advantages in combination with effective management. To overcome the crisis, risk management should be applied in advance, namely: avoiding unreasonable risks, taking only acceptable risks, influencing possible risks promptly in order to minimize them, and diversifying risks. Enterprises need to organize and develop effective risk management systems.

Risk management in the modern world is considered the science of the activity of economic systems to identify possible threats in the near or distant future. Reducing the negative consequences of the uncertainty of expectations is the essence of such systemic risk management as risk management. The risk management system as an integral part of the management of an engineering enterprise is related to making optimal decisions and implementing measures aimed at ensuring the lowest possible risk. The inevitability of risk in the pursuit of ultra-high income is taken into account when planning, creating conditions for the formation and development of an enterprise in business plans. That is why the relevance of this issue is so important today.

The main purpose of the study is the formation of a risk management system at an engineering enterprise in terms of ensuring its security. To do this, we applied the IDEF0 modelling methodology with its main elements. The reason for choosing this topic for research the authors is that today the engineering industry is undergoing rapid development and is facing a large number of risks, which determines the relevance and demand for research in this area.

The whole structure of the study includes analysis of scientific research on the issues of our study; description of the methods used in the study and the aggregate forming the research methodology; the main results of the study; discussion of the results of the study and its comparison with similar ones; a summary of the findings of the study.

As a result of the study, a basic IDEF0 model of a risk management system at a machine-building enterprise to ensure its safety was formed. This model makes it possible to form the primary basis for creating an individual risk management system for each engineering enterprise.

2. Literature Review

Examining the literature of leading scientists [1-3], we found that most of them support the view that risk management is a specific, solitary management process that plays an auxiliary role in the management system of an engineering enterprise. It becomes especially important in an unstable economy, so ignoring or non-systematic implementation of risk management functions harms the performance of the entire enterprise. We agree with this statement, since any management system is a process, especially when it comes to risks in an enterprise.

Many authors [4-6] also focus on the features of the risk management mechanism. The risk management mechanism is the interaction of many components of the risk management system. Its core is actually a risk management subsystem included in the enterprise management structure. Its formation is the main but not sufficient condition for the effective implementation of the principles and objectives of risk management. The functioning of this subsystem should be supplemented by auxiliary elements that are inherent in all management processes taking place at the enterprise. Additional elements include, for example, the organization and priorities of the management of the enterprise, the thinking style of decision-makers, and the system of responsibility. In addition, the determining role belongs to the supersystem, that is, the macroeconomic system to which the enterprise belongs. Our study will be devoted to the implementation model of this type of control.

The scientific literature is not deprived of the problems of ensuring the security of engineering enterprises. Some scientists [7, 8] argue that efforts should be devoted to ensuring economic security both at the level of the enterprise and at the level of the state and research institutes. At the level of top management of enterprises, urgent decisive action is needed to determine ways to overcome economic problems in order to effectively ensure economic security. Timely identification and adequate response to risks and threats are part of an integrated, comprehensive system of economic security of the enterprise, aimed at development and growth, turning risks into opportunities, the seamless introduction of innovations, improving internal procedures, reducing costs, and achieving competitiveness.

For example, Karaim [9] considered it possible to provide a high level of security for an engineering enterprise as an anti-crisis management system.

At the same time, Knedlik and von Schweinitz [10] considered the issues of security and risk management at the macro level.

Taking into account the scientific results of many authors in considering this problem, today not only relevant risk management problems for engineering companies that are confused to enter their activities in the conditions of military actions on the territory of Ukraine and are looking for ways to ensure their security.

3. Methodology

The methodology consists of different methods, which together are aimed at fulfilling the stated objectives of the study. First of all, these are theoretical methods of analysis and systematization of scientific and practical information on the risk management system at engineering enterprises. We also applied an analytical method for studying the main performance indicators of engineering enterprises in Ukraine.

Secondly, this is the “Decision tree” method, which allows you to form the main subgoals that should be achieved for the main one. Everything is very simple here. We have a key method of functional and graphical modelling IDEF0, which provides for the formation of a certain set of subgoals, aimed at achieving the main A0. In our case, A0 will effectively manage risk in an engineering enterprise. To do this, according to the modelling methodology, we must describe in detail a number of sub-goals - A1-A5. Their detailed analysis will be presented later in the article.

Separately, you should highlight your own experience. Our group of authors is not only scientists from a higher educational institution, but also practical specialists at engineering enterprises in Ukraine. This allows us to talk about the involvement of an expert method through the use of their own experience in this type of enterprise.

Therefore, we must also present the basic elements of the modelling methodology through IDEF0 (Table 1).

Table 1. The basic elements of the modelling methodology through IDEF0

Element

Essence of elements

The main purpose of modelling

Effective risk management in an engineering enterprise

Model Audience

Top management and enterprise security service

Software

The application program for constructing vector diagrams

It should be emphasized that the primary purpose of the IDEF0 methodology concerns management systems and serves as an information basis for making certain decisions. We believe that the formation of such a model further in the text will serve as an important first theoretical step in the further development of the problem of the effectiveness of the risk management system at engineering enterprises in Ukraine.

4. Research Results

A year ago, the activity of engineering enterprises in Ukraine depended significantly on many factors, including export-import operations. The field of activity of engineering enterprises in Ukraine was not better, but their number grew from year to year, indicating a functioning environment favorable for sustainable development (Figure 1).

Today, Ukraine lives in conditions of war with the Russian Federation, and therefore, there is no need to talk about any favorable environment and conditions for a high level of security. Therefore, there is an urgent need for effective risk management. Using the IDEF0 modelling technique, we will form our vision of the main network of subgoals to achieve A0 - Effective risk management in an engineering enterprise (Figure 2). Their detailed explanation will be further in the text.

We must clearly state what the management of the engineering enterprise can give to help achieve the main goal of A0. It is also necessary to determine what it will ultimately give us. To do this, we will carry our target set for modelling through the “Black Box” system (Figure 3).

Each input element has its characteristics and functions that are aimed at achieving the main goal of A0 - Effective risk management in an engineering enterprise.

C1 and C2 are designed to form the so-called control system for the adopted and implemented risk management decisions at engineering enterprises. As our practice of activity at such enterprises in Ukraine shows, such a control system is turned into internal regulatory legal acts, thanks to which the person making management decisions and the person implementing them cannot go beyond the current legislation. Also, this can include the relevant external regulatory authorities, trying to establish the limits of what is permissible so as not to harm the environment for the functioning of this engineering enterprise.

M1 and M2 are mechanisms that contribute to the achievement of the goal set formation and our model. Here we can also talk about organizational tools, technical equipment, and internal decision-making mechanisms (for example, if the hierarchy of the management structure is horizontal, then decisions are made together).

The main IDEF0 model for the formation of an effective risk management system for an engineering enterprise in a difficult time for Ukraine is shown in Figure 4.

Figure 1. Dynamics of the number of active engineering enterprises in Ukraine (number of units)

Figure 2. Network of A0 achievement subgoals to build the main model

Figure 3. Basic input elements and the desired result of the modelling

Figure 4. The main model for the formation of an effective risk management system for an engineering enterprise in a difficult time for Ukraine

Thus, let's take a closer look at each of our proposed goals for achieving A0:

A1 - Statement of tasks of the risk management system and their implementation. Risk management must begin with preliminary procedures aimed at obtaining a comprehensive understanding of the risk situation. This situation will depend on the specifics of the enterprise, therefore, during the previous stage, it is necessary to summarize the risks specific to enterprises in this industry, study their nature, and collect as much information as possible about the business structure, strategy, market operations and competitive positions of the enterprise. In addition, at this stage, it is necessary to clarify the goals, and directions of risk management and determine the scope of the actions taken. According to scientists, the goal of an enterprise may be to manage the risks of a particular project (for example, the implementation of an information system), to operate with individuals, the most significant risks (for example, liquidity risk), or to build an integrated risk management system. At the same time, in each specific case, it is necessary to determine the timing of management, as well as compare the effect obtained with the costs incurred.

A2 - Identification of major risks. The purpose of the risk identification stage is to identify and evaluate all possible threats that an engineering company faces at a certain stage or during the entire process of operation. Taking the goal of the enterprise to build a comprehensive risk management system, it is necessary to pay attention to the comprehensive nature of such detection. The main purpose of compiling such a document is to document all risk groups that are possible in the activities of the enterprise but do not reflect the main parameters of each of them. Therefore, an additional procedure that must be carried out in the process of documenting risks is the compilation of risk cards. Each card indicates the nature, causes, and sources of risk, as well as a place for entering the results of their qualitative and quantitative assessment. In leading foreign and domestic corporations, there is a practice of compiling maps. For example, we offer RMC-cards (risk management cards) for Ukrainian engineering enterprises, which can be maintained in electronic form and thus make it possible to sort selected risks, as well as simply make changes to information about them. At the risk identification stage, specific procedures can be used to identify situations and events that may cause negative consequences for the enterprise. As a rule, responsible persons and participants identify risks based on their own acquired experience or by logical considerations. Therefore, among the general methods for identifying risks, one can single out historical analysis, as well as expert assessments. At the same time, a small percentage of managers can use complex probability analysis and analytical methods.

A3 - Assessment of certain risks and their impact on engineering activities. At the end of the procedures under consideration, you can proceed to the risk assessment stage necessary to determine the degree of their potential impact on the functioning of the enterprise. Therefore, during the implementation process, it is necessary to select risk indicators and develop a procedure for their identification based on qualitative and quantitative parameters. At the stage of risk assessment, the degree of their potential impact on the functioning of the enterprise is determined using methods of qualitative and quantitative assessment. The main difference between these methods is that the assessment of potential losses using a qualitative approach is based on the study of general scenarios for the development of a risk situation, while quantitative methods involve the calculation of specific numerical indicators (the probability of adverse events and the total amount of losses). Therefore, the qualitative approach is most often used at the initial stage and involves considering several options for the development of events. And then a quantitative assessment is made, including a measurement of the probability of an adverse event for each studied option. According to this, qualitative risk assessment methods are based on the use of logical procedures, the most common of which are simulation modelling, sensitivity analysis, scenario analysis, and stress testing. Documentation of minor risks for engineering companies is necessary for a comprehensive vision of the risk situation, which may change in the course of the further management process and cause a change in risk priorities. This can be done by supplementing risk maps with information obtained during the risk assessment or by compiling a separate list of minor risks, indicating their likelihood, level of impact, the magnitude of consequences, and priority.

A4 - Formation of safe functioning in the conditions of military actions in the regions of Ukraine. Today, in conditions when Ukraine is defending its own territories and democracy, it is difficult to introduce the business and talk about the constant development of engineering enterprises. Therefore, having assessed all the risks, the management of the enterprise must realize the need or lack of it in moving the business to safer regions. A high level of security for an engineering enterprise in Ukraine is possible only if all regions of the country are protected.

A5 - Neutralizing risks and monitoring the situation at the enterprise. At this stage, it is necessary to develop effective approaches aimed at counteracting the emergence of risks and reducing their magnitude. Therefore, the necessary procedure for this stage should be the generalization of existing methods for neutralizing each of the identified significant risks. In general, this process involves comparing the effectiveness of four groups of methods: risk avoidance, risk reduction, risk-taking, and the transfer of part or all of the risk to third parties, after which it is necessary to make a decision on the choice of certain measures or their optimal combination. It should be noted that at this stage it is advisable to form a contingency plan in case of manifestation of risks that cannot be neutralized, as well as create additional reserves of time and funds in case of unforeseen consequences. The existing strategy for countering risks should also be documented and communicated to all responsible persons. However, the risk management process should not be limited to the procedures under consideration, since in practice the likelihood, consequences, and prioritization of previously identified risks may change, as well as new threats and dangers may appear. Therefore, the risk management process should include one more stage, combining risk control and monitoring procedures. At the same time, in the course of risk control, it is necessary to analyze the effectiveness of the decisions made and develop recommendations for reviewing and optimizing risk management at the next stages. Risk monitoring should include the periodic implementation of a risk counteraction plan in accordance with the current state of affairs of the enterprise. And since this may require updating information about the risks being realized at a certain point, conducting their re-qualitative and quantitative analysis, and, if necessary, making new decisions on risk management, the monitoring process, in fact, is a systematic repetition of the already carried out stages of identification, risk assessment, and neutralization.

Summing up the results of the study, we would like to emphasize that now risks arise in almost all areas of enterprises and affect the interests of different departments, which require a comprehensive and coordinated influence on them through military actions on the territory of Ukraine. In order to optimize the functioning of individual enterprises, such influence is usually carried out continuously and combines a number of processes for identifying, assessing, minimizing, and controlling risks. Therefore, at the level of individual business entities, this process turns into a risk management system, a characteristic feature of which is a comprehensive nature and focuses on achieving specific results. It is advisable to solve the tasks of risk management and ensure the economic sustainability of dairy processing enterprises in the areas of risk manifestation: production, marketing, financial, and investment.

So, taking into account the already existing achievement of scientists in this area, we have formed a qualitatively new IDEF0 model of the risk management system at an engineering enterprise in terms of ensuring its security [9, 10].

The practical application of the model that we have developed can be that this model can be actively used by modern engineering enterprises that have a modern and dynamic risk management system, and which express a desire to introduce innovative technologies and techniques to improve their own security system. An important advantage for practical application is the fact that this model is plastic and can be partially modified in accordance with the realities of an individual enterprise, while its basic structure will remain unchanged.

5. Discussions

Discussing the results of the study, it should be noted that today, in the context of the war on the territory of Ukraine in the heart of Europe, most enterprises are faced with the problem of the critical impact of entrepreneurial risks on the efficiency of doing business, the possibility of modernization and expansion of activities. As practice shows, there is a reasonable reason for the emergence of risks in entrepreneurial activity due to the impossibility of calculating the result and taking into account the influence of various factors on it. But even before that, there were a number of problems with risk management in the enterprise security system.

Most scientists [11-13] devoted their research to the general problems of the risk management system at engineering enterprises. They came to the conclusion that the main direction of improving the enterprise management system is the development and implementation of active management based on systemic and situational approaches. The conceptual basis of active management is the idea of making decisions based on predicting the future and preventing potential negative consequences. The purpose of active management is to develop solutions that provide the highest production efficiency, and the main task of such management is to achieve sustainable operation and purposeful development of the enterprise through the optimal allocation of resources and the use of its production potential.

Another group of scientists [14-16] focuses their research on the financial and economic elements of security and the effective application of risk management through them. For example, Shtangret et al. [15] was an interesting model of antisepative management, which was designed to closely monitor all the risks in the engineering enterprise.

But our study has a number of differences, and it consists in narrowing the scope of the study. We do not seek to cover all types of enterprises and do not want to investigate the activities of engineering enterprises in those regions in which we do not live and do not have experience. Therefore, we form our model solely on the basis of our own experience, the results of the analysis, and the specifics of the chosen industry.

6. Conclusions

Summing up, it should be noted that practice shows that the activity of engineering enterprises is characterized by the adoption of managerial decisions, which are somewhat risky to a certain extent. The risk in the context of the activities of enterprises can have an impact on the achievement of both positive and negative results from the activities of enterprises. If we talk about the positive side of the risk, it is advisable to note that an engineering enterprise can receive both profit and another favorable consequence of the risk impact. We believe that the risk management process should be continuous and structured and aimed at identifying, analyzing, assessing, and preventing the occurrence of risks and various risk-related threats.

In our opinion, risks act as a vector of the consequences of managerial decisions taken by a business entity in the context of its activities to profit from such activities. In turn, the process of managing risks requires the enterprise to make a management decision, which will be based on the results of activities and the possibilities of functioning of this entity.

Based on the results of the study, a basic IDEF0 model of the risk management system at an engineering enterprise in terms of ensuring its security was formed. The study has limitations and, first of all, they relate to the specifics of the activity of engineering enterprises, other areas of activity are not taken into account. Further research requires expanding the model and taking into account not only risks but also threats and direct dangers.

  References

[1] Jiang, D.F., Liu, C.H. (2019). Modelling of supply chain risk contagion based on system dynamics. Journal Européen des Systèmes Automatisés, 52(2): 157-162. https://doi.org/10.18280/jesa.520207 

[2] Mouras, F., Badri, A. (2020). Survey of the risk management methods, techniques and software used most frequently in occupational health and safety. International Journal of Safety and Security Engineering, 10(2): 149-160. https://doi.org/10.18280/ijsse.100201

[3] Tamošiūnienė, R., Savčuk, O. (2007). Risk management in Lithuanian organizations - relation with internal audit and financial statements quality. Business: Theory and Practice, 8(4): 204-213. https://doi.org/10.3846/btp.2007.29 

[4] Strelnik, M. (2016). Corporate restructuring as a risk treatment method. Business: Theory and Practice, 17(3): 225-233. https://doi.org/10.3846/btp.2016.658 

[5] Stasytyte, V., Aleksienė, L. (2015). Operational risk assessment and management in small and medium-sized enterprises. Business: Theory and Practice, 16(2): 140-148. https://doi.org/10.3846/btp.2015.568 

[6] Khalina, O., Bazyliuk, V., Chornenka, O., Krasilych, I., Korzh, M. (2019). Formation of organizational support for the management of the economic security of engineering enterprises: methodical and practical aspects. Business: Theory and Practice, 20: 317-328. https://doi.org/10.3846/btp.2019.30 

[7] Avanesova, N., Chuprin, Y. (2017). Enterprise economic security: essential characteristics of the concept. Innovative Technologies and Scientific Solutions for Industries, 1(1): 98-102. https://doi.org/10.30837/2522-9818.2017.1.098 

[8] Bublyk, M., Koval, V., Redkva, O. (2017) Analysis impact of the structural competition preconditions for ensuring economic security of the machine building complex. Marketing and Innovation Management. https://doi.org/10.2139/ssrn.3184338 

[9] Karaim, M. (2014). Selection of the optimal variant of a anti-crisis management solution in the process of ensuring the economic security of a engineering enterprise. Economics and Management of Enterprises of Engineering Industry: Problems of Theory and Practice, 4(28): 123-134.

[10] Knedlik, T., von Schweinitz, G. (2011). Macroeconomic imbalances as indicators for debt crises in Europe. JCMS: Journal of Common Market Studies, 50(5): 726-745. https://doi.org/10.1111/j.1468-5965.2012.02264.x

[11] Shynkar, S., Gontar, Z., Dubyna, M., Nasypaiko, D., Fleychuk, M. (2020). Assessment of economic security of enterprises: theoretical and methodological aspects. Business: Theory and Practice, 21(1): 261-271. https://doi.org/10.3846/btp.2020.11573

[12] Chatterjee, S., Wiseman, R.M., Fiegenbaum, A., Devers, C.E. (2003). Integrating behavioural and economic concepts of risk into strategic management: The Twain shall meet. Long Range Planning, 36: 61-79. https://doi.org/10.1016/S0024-6301(02)00201-7 

[13] Drobyazko, S., Barwinska-Malajowicz, A., Slusarczyk, B., Chubukova, O., Bielialov, T. (2020). Risk management in the system of financial stability of the service enterprise. Journal of Risk and Financial Management, 13(12): 1-15. https://doi.org/10.1002/ijfe.2471

[14] Kim, H. (2020). Risk management and optimal capital structure under ambiguity. Finance Research Letters, 40: 101752. https://doi.org/10.1016/j.frl.2020.101752 

[15] Shtangret, A., Topalova, E., Polovcev, O., Chornenka, O., Musiyovskyi, A. (2021). Practical aspects of the use of antisipative management in the process of ensuring the economic security of an enterprise. Business: Theory and Practice, 22(1): 202-210. https://doi.org/10.3846/btp.2021.13556

[16] Kmec, P. (2011). Temporal hierarchy in enterprise risk identification. Management Decision, 49(9): 1489-1509. https://doi.org/10.1108/00251741111173952