Risk Management in Public Sector Organizations: A Case Study

Article (PDF Available) · January 2014with 7,711 Reads 
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
Cite this publication
Abstract
The evolution of the approach to public sector organizations, demonstrated, in the concepts of New Public Management and Lean Government, among others, assumes introduction into the public sector of market rules of operation and management methods that originated in business organizations. An important area for such changes is the development of measures and management control procedures, which is emphasized, among others, in the 3Ms concept and is manifested in the growing importance of risk management. The activities of public sector organizations are strongly tied to the presence of risks that need to be identified, analyzed, evaluated, monitored and controlled as a part of the risk management process. Given the above, the aim of the article is to discuss the unique characteristics and the basic tenets of risk management in public sector organizations and to present an example of practical implementation of this concept in a selected organization. This objective is achieved through a review of literature and a study conducted in the form of a case study at the Lodz University of Technology - a purposefully selected public university in central Poland. The empirical part of the article contains a presentation of the adopted organizational solutions pertaining to risk management and the role of risk in organizations, as well as a formulation of two research hypotheses that are to be verified in the course of further research conducted by the authors.
Advertisement
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
129
RISK MANAGEMENT IN PUBLIC SECTOR ORGANIZATIONS:
A CASE STUDY
Karolina Zofia Kapuscinska and Marek Matejun
Lodz University of Technology, Poland
[ For more publications visit www.matejun.com ]
The evolution of the approach to public sector organizations, demonstrated, in the
concepts of New Public Management and Lean Government, among others, assumes
introduction into the public sector of market rules of operation and management methods
that originated in business organizations. An important area for such changes is the
development of measures and management control procedures, which is emphasized,
among others, in the 3Ms concept and is manifested in the growing importance of risk
management. The activities of public sector organizations are strongly tied to the
presence of risks that need to be identified, analyzed, evaluated, monitored and
controlled as a part of the risk management process.
Given the above, the aim of the present article is to discuss the unique characteristics and
the basic tenets of risk management in public sector organizations and to present an
example of practical implementation of this concept in a selected organization. This
objective is achieved through a review of literature and a study conducted in the form of
a case study at the Lodz University of Technology - a purposefully selected public
university in central Poland. The empirical part of the article contains a presentation of
the adopted organizational solutions pertaining to risk management and the role of risk in
organizations, as well as a formulation of two research hypotheses that are to be verified
in the course of further research conducted by the authors.
Keywords: risk, risk management, public sector organizations, public organization
management
Introduction
The evolution of the approach to public sector organizations, demonstrated, among others, in the
concepts of New Public Management (Hood, 1991), Public Governance (Bovaird, 2005), and
Lean Government (Scorsone, 2008), assumes an introduction into the public sector of market
rules of operation and management methods that originated in business organizations. An
important area for such changes is the development of measures and management control
procedures, which is emphasized, in the 3Ms concept (Ferlie, 2010) among others, and is
manifested in the growing importance of risk management.
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
130
The activities of public sector organizations, which include health care services, education, and
environmental protection, are strongly tied to the presence of risks that need to be identified,
analyzed, evaluated, monitored and controlled (Drennan, McConnell, 2007) as a part of the risk
management process (Hopkin, 2012). What becomes important is the effectiveness of this process
(Dobson, Hietala, 2011), which largely depends on the organizational solutions adopted by the
particular organization.
Given the above, the aim of the present article is to discuss the unique characteristics and the
basic tenets of risk management in public sector organizations and to present an example of
practical implementation of this concept in a selected organization. This objective is achieved
through a review of literature and a study conducted in the form of a case study at the Lodz
University of Technology a purposefully selected public university in central Poland.
The study involved a questionnaire interview with the manager responsible for the
coordination of the risk management process at the university. The manager presented the
organizational solutions, as well as the role of the respondent and his actions in the risk
management area. Based on that information, two research hypotheses were formulated; these will
be verified in the course of future research by the authors. The conclusions from the studies may
be used as a benchmark for other public sector organizations in the area of implementation of risk
management solutions and open new fields in this area in management science.
Contemporary challenges in management of public sector organizations
Activities of contemporary public sector organizations are evolving toward implementation of
solutions that are characteristic of business activities. Thus, the literature recommends new
approaches to the management of such organizations that focus on improved effectiveness of their
functioning and on greater professionalism and higher quality of their services. Such approaches
constitute an attempt to maintain the mobility of public sector organizations, which include local
and regional government bodies, state administration bodies, health care institutions, security
institutions, and public universities (Teeuwen, 2011).
One of such approaches is the concept of New Public Management introduced in the 1980’s.
It assumes implementation in the public sector of professional management and market operating
methods focused on improvement of their cost effectiveness, efficiency, and performance. The
concept defines the standards, measures, and control of the results of operations, introduces
competition into the public sector, as well as discipline and thrift in the use of public resources. C.
Hood (1991) characterized this concept by defining its seven main principles:
professional management in the public sector and strengthening the power of management;
precise definition of standards and measures of effectiveness and creation of a framework of
clearly defined and measurable objectives;
monitoring of results and allocation of means and rewards that define the results achieved by
public sector organizations;
division of institutions, while maintaining their independence and financial autonomy, taking
into account discipline in public finances and changes in the relevant laws;
promotion of competitiveness, concluding fixed-term contracts, and use of public finance
discipline in tender procedures;
use of the management concepts and techniques from the private sector, to include, for
example, the flexible employment model or payroll principles; and
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
131
rationalization and reduction of expenditures while maintaining budget discipline.
Some authors (Ferlie, 2010) noted that critics of the New Public Management concept
emphasized its dysfunctional aspects, such as strong vertical reporting lines that may result in a
silo mentality and the presence of side effects in the form of work performed without due care.
Moreover, the authors of this concept are reproached for focusing on financial matters and
marginalizing efforts that ensure improved quality. It is also indicated that the New Public
Management concept results in a deficit of democracy and excesses of managers' erosion among
citizens. They want to have professional involvement in the actions taken in organization.
Therefore, in order to reduce the risk of possible problems associated with implementation of
this concept, a new solution, referred to as management through cooperation, was proposed. As
the principles of public order are also included in law making, it is necessary to guarantee
proportionality because of the need to achieve a balance with regards to cost effectiveness. These
principles are elements of the Governance concept, first recommended by H. Cleveland who, in
1972, demonstrated his intuition by quite precisely describing the changes in public management
that he thought would occur (Cleveland, 1972).
This concept covers various territorial levels and by opening up to the relations between the
public sector and the private sector, to negotiations and network and horizontal links. It enables
the effective activity of public organizations in the presence of increasing expectations and
complexity of social forces. This approach is supplemented by the desire to meet new challenges
faced by the top management of public sector organizations. This is why they often they decide to
implement the Lean Management concept as a part of their activities. This concept contributes
to cost reduction and improved effectiveness of public sector organizations. Nevertheless,
implementation of this solution requires much care in balancing administrative law, matching the
management method to the scope of improvement efforts, increasing work efficiency, and
reducing the costs (Scorsone, 2008).
In order to be effective, the Lean Government concept includes a collection of many diverse
smart methods and techniques that enable identification of critical points (elements) of an
organization that require specific reduction and remedial actions. The basic principles of this
concept include: putting the customer in the center of management, focusing on added value for
the customer, disclosing and eliminating waste, setting objectives for employees and making
employees responsible for processes, as well as efforts to develop and to achieve mastery by the
staff of the organization. This is why the use of this concept in the public sector should focus on
the achievement of these principles (Teeuwen, 2011).
Implementation of the Lean Government concept requires introduction of fundamental changes
in organizations. A good solution is to introduce project management rules (Wirick, 2009),
which enables the definition of a specific (separate) scope of works performed at a given time,
assigning a dedicated team to perform the scope, and promoting good practices in the
organizations and informing other teams about the tried and tested methods after completion of
the scope. If followed, such rules may become a catalyst in the functioning of organizations and a
benchmark for others. They enable improvement of management in organizations, reduce
resistance to changes among employees, and provide an excellent opportunity for them to observe
the results of their work and the benefits they reap (Parks, 2002).
To address the changes in contemporary public sector organizations, E. Ferlie (2010) proposed
the 3Ms concept, which combines management, measurement of efficiency, and introduction of a
market focus in their functioning. Development of those three areas facilitates implementation of
ideas from the business sector in public sector organizations. The supreme aim of such changes is
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
132
to improve efficiency and to determine the need for appropriate monitoring and assessment of
actions taken based on specific indicators. An important aspect of the changes made as a part of
this concept is paying attention to the impact of human resources and human capital (Pynes, 2013)
on the correct implementation of improvements. There are three key factors the monitoring of
which may influence the way that organizations are managed. These include merits, mobility, and
motivation of employees to work. This approach may lead to the formation of a new management
paradigm that is appropriate for the constantly changing socioeconomic reality in which public
administration functions.
An important aspect of the current changes that constitutes part of the market-oriented
approach to management in the public sector is the introduction of risk management into this
category of organizations. This is because risk is an integral component of any organized human
activity and, in time and with the development of management science, the attitudes toward risk
and its management in organizations have changed (Sadgrove, 2005).
Risk covers all situations that may take place in organizations with a specific probability (Asel,
2009), as well as situations or events which are estimated to involve a threat or the result of whose
occurrence is uncertain (Rosa, 1998). Some authors define risk as the probability of an adverse
event (Lowrance, 1976; Campbell, 2005), an adverse result (Graham, Weiner, 1995), or an
uncertain consequence of an event or an activity to a specific area of an organization (Renn,
2005).
Consequently, risk consists of two fundamental elements that determine its unique
characteristics: the probability of its occurrence and the gravity of its consequences. These two
components can be calculated using different formulas, for example the probability model or the
economic model (Solojentsev, 2008). Risk studies have involved numerous analyses of perception
and communication of risk, taking into account the psychological (Pidgeon, 1992) and the
sociological (Turner, 1992) approach.
This method of describing risk points to its complex nature. This is because risk is always two-
dimensional: on the one hand it stands for the threat and the danger associated with possible future
loss (Carter, Demczur, 2008) caused by certain actions (Drucker, 1974) and, on the other hand, it
may create new opportunities and areas for actions that have not been known previously (Arnoldi,
2009).
To address the unique characteristics of public sector organizations, one must look for patterns
of behavior and good practices that demonstrate the best methods of risk management, which
covers identification, measurement, determination of the scale of risk acceptance, and use of
instruments that reduce risk. Public sector organizations may base their actions in this area on
examples of commercial entities and modify them, as appropriate, to match their unique
circumstances and the scope of their operations. There are examples in many countries that
demonstrate that some public sector organizations are ready to take action in this regard (Martin,
Wanna, 1996). Currently, the key challenge in this area is to implement management control and,
within its framework, risk management in the management practices in such organizations.
Basic rules of risk management in public sector organizations
In public sector organizations, managers should not focus only on ensuring a proper place for
management mechanisms (Martin, Wanna, 1996), but should also perform a review of the entire
organization and, through their actions, influence the strategic, tactical, and operational levels of
its function. These requirements also apply to risk management the aim of which (generally
speaking) is, on the one hand, to counteract potential threats and, on the other hand, to avoid
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
133
losses, accidents, and disasters (Aven, Vinnem, 2007). By performing this process, organizations
attempt to limit the consequences of risk (Adler, Leonard, Nordgren, 1999); however, this
requires time, appropriate funds, and knowledge. These effects are facilitated by proper
performance of individual stages of the risk management process which include (Hopkin,
2012):
understanding of the organization’s objectives;
identification of threats associated with achievement of objectives combined with evaluation
of the probability and the strength of the potential impact of individual types of risks on the
objectives of the organization;
development of programs aimed at eliminating threats that have been identified; and
monitoring and evaluation of risks with the aim of finding their solutions.
The starting point is to build a bundle of objectives that arise, most of all, from the mission,
the vision, and the strategy of the particular organization. It is also necessary, as a part of this
effort, to identify the objectives of risk management, to adopt a specific definition of risk
management to serve as a basis for further deliberations, to set the activity into a legal framework
and to act in accordance with centrally defined guidelines.
Another stage after the definition of risk has been adapted to the characteristics of a public
sector organization is identification of risk. Various methods and techniques (such as
brainstorming) are used to identify the most complete set of potential threats. Each of them
undergoes a detailed analysis, with regard to both its probability and the gravity of its
consequences. Given the above, identification, analysis, and control of risk should be performed
with due care and should constitute information on management performed in individual units of
the organization.
As a result of these actions, a database of risk factors present in individual areas of the
organization is elaborated. The managers must perform an assessment of the level of acceptability
of each element of the database. However, the perception (and acceptability) of risk depends on
many, often subjective, factors. Further characteristics of threats include their qualitative
properties, the types of exposure to the threats, and the nature of their potential consequences and
the associated benefits (Reid, 1992). Thus, it is important to determine the level of acceptability
adopted in the organization for each of the identified risks, regardless of the area of activity that
they pertain to. Such acceptability is quite diverse and depends on the activities and the unique
characteristics of each public sector organization (Reid, 1999).
The analyses that involve identification of threats and opportunities lead to a formulation of a
detailed description of each risk. The results of these efforts are then evaluated by the managers of
the organization and/or internal and external experts. All the analyses may be arranged in
descriptive form, for example as risk registers (Terje, 2009). Another way to present risks is to
determine their hierarchy by source and to arrange them in descending order, according to their
anticipated consequences (Williams, 1996). This way, the process can be performed in a
transparent manner and the documentation that is a product of observance of the standards and
guidelines defined by the advisory bodies (Khatta, 2008) that is prepared as a result, constitutes
the basis for further analyses and reports for the top managers.
It must be emphasized that risk may affect many areas of activity of public sector
organizations, such as strategy, finance, staff management, technology, and environment. Thus,
before the risk identification stage starts, it is recommended that a template be prepared of the
document that, once completed with the identified data, will constitute a risk report. In the
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
134
document, the organization can be divided into characteristic areas, since specific risks may
include loss of key employees, significantly reduced financial and other resources, serious
disturbances in information flow and communication, fires and other disasters leading to
disturbances in the activities of the organization. Thus, risk management is necessary to reduce
the probability that the objectives of the organization will be threatened by unexpected events.
The top managers must define the type and scope of the threats that are acceptable and must make
an effort to maintain risk at a specific level (Khatta, 2008).
Thus, the foundation of risk management is decisions regarding which risks are critical to the
success of an organization and what measures must be implemented to reduce the probability of
their occurrence and their impact on the organization (Dobson, Hietala, 2011). This can be
achieved by continuous risk monitoring and by periodic assessment of various areas of activity.
In order to ensure proper implementation of the risk management process, managers of public
sector organizations can use the support of internal auditors (Martin, Wanna, 1996). Thanks to
their skills and knowledge, organizations can properly implement both preventive measures and
measures that minimize risk (Sawyer, Dittenhofer, Scheiner, 2005). Another aid that can be used
is reports from internal audits. This is because, as D.S. Gherai and D.E. Balaciu (2013) indicate,
such reports contain information regarding good practices pertaining to the processes performed
in public sector organizations, to include risk management processes. In some organizations, risk
is perceived only as a negative phenomenon, even though it is considered to be important.
Consequently, managers of such organizations work on ensuring that risk management is a
creative process that increases the value of the organization and improves the awareness of the
presence of opportunities and threats that influence the activities of the organization (Chapman,
2011).
In public sector organization management practice, one can observe a growing development of
risk management concepts, methods, and tools. This is demonstrated by adoption of the AS/NZS
4360 standard, which describes introduction of the risk management process in both public sector
organizations and private sector organizations. The AIRMIC, ALARM, and FERMA standards
that were established later provided a definition of risk and its management, as well as guidelines
for implementation of the risk management process in organizations (Drennan, McConnell, 2007).
These standards are an additional source of information about risk and may support top managers
in their work on developing risk management processes that match the unique characteristics of
their organizations. The process of evolution of risk management theory demonstrates the
presence of a number of obstacles, in particular those pertaining to various sources of
identification of potential threats (Smith, Fischbacher, 2009).
Besides knowing the aforementioned fundamental principles of implementation of risk
management in public sector organizations, the managers of such organizations must also make
sure that the actions undertaken as a part of this process are performed in an effective, efficient,
timely, and cost-effective manner. I. Dobson and J. Hietala (2011) point to six basic prerequisites
for risk management to be considered effective. These are:
ensuring that the procedures of and benefits from risk management are communicated to the
entire staff of an organization;
the actions of the top managers must focus on supporting and promoting the risk management
process;
creation of an organizational culture that is conducive to development of an innovative
approach to taking risks;
integration of risk management into the overall management process in an organization;
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
135
direct links between risk management and achievement of objectives by the organization;
evaluation and management of risk associated with contact with external parties.
By following the above guidelines, the top managers of an organization not only enhance the
awareness of the presence of risk management among the entire staff of the organization, but also
point to ways to handle the threats that do appear. It is also very helpful to prepare proper
documentation that includes descriptions of identification, analysis, monitoring, and assessment of
risk in specific organizations.
Research method and characteristics of studied entities
The aim of the article was achieved by way of a case study performed in a purposefully
selected public sector organization. The case study method was used in order to develop
hypotheses (Yin, 2003) and to identify proposals (areas) for further research work (Stake, 2005).
The specific research method was the interview method. The research technique was a
questionnaire interview and the research tool was an interview questionnaire. The respondent was
an employee in charge of risk management coordination.
The organization to be studied was purposefully selected to be the Lodz University of
Technology a public university in central Poland. The university was established in 1945 in
Lodz, where the office of its rector and all departments of the university, divided among two
campuses, are located.
The Lodz University of Technology (http://www.p.lodz.pl/en/index.htm) is the only technical
university in the Łódź region. It occupies the 4th position in a list of 23 universities according to
leading rankings conducted in 2013. A report of the Ministry of Science and Higher Education
indicates that it is the 4th most popular university among candidate students. In a contest organized
by the Academic Information Center, the Lodz University of Technology was found to be the
most creative and innovative university in Poland with regard to creation of future professional
prospects. It is the first university in Poland that received the European Commission’s “ECTS
Label,” a prestigious certificate confirming the quality of education. It is the winner of the
“Forbes Diamonds 2013” award granted to companies and institutions of the largest yearly growth
of equity. The university is a signatory of the Magna Charta Universitatum that focuses on the
most fundamental values of the academic tradition and on strengthening the ties between
European universities. It is the only Polish member of the European Consortium of Innovative
Universities (ECIU).
The university cooperates with over 450 centers in 40 countries on research programs
performed, for example, as a part of the Framework Programmes of the European Community.
The priority research areas of the university are new technologies for sustainable development,
advanced materials technologies, energy, environment and infrastructure, information technology,
production, staff, and financial management systems, industrial biotechnology, and biomedical
engineering. The Lodz University of Technology represents Poland in the Cluster of Industrial
Biotechnology, an organization of large industrial companies and research institutions that have a
great impact on the development of the global bioeconomy. Together with other Polish
universities and research institutions, it is a founding member of the Polish Institute of
Technology.
The university is a business partner to numerous companies in the Łódź region and other
regions of Poland, including Philips, Fujitsu, Dell Polska, Ericpol Telecom, and Gillette. It
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
136
conducts a number of research programs and projects that result in patents for invented and
developed solutions. As the first Polish university, in 2009, the Lodz University of Technology
established a unit responsible for commercialization of the results of research, for transfer and
implementation of new technologies and solutions for industry, namely the Technology Transfer
Center, a limited liability company owned entirely by TUL. Also, the Lodz University of
Technology established the Interdisciplinary School of Innovation, which is a program aimed at
stimulating, supporting, and developing academic entrepreneurship and creating new innovative
solutions that are ready to be implemented in the market. The School's activities are to result in
creation of new spin-off companies and to enable preincubation of projects with significant
market potential.
The Lodz University of Technology offers 36 majors, with numerous specialties geared to
match demand in the labor market and the most recent achievements in a given field of education.
Currently, the university's nine departments and several inter-departmental units educate over
20,000 students on all levels: the undergraduate level (bachelor of science/arts), the graduate level
(master of science/arts), and the postgraduate level (PhD). The university employs over 2,500
employees, both in research and teaching.
The strategy of the university, adopted by its Senate, defines its priority areas of activity. One
of them is to make the management process more efficient. A good example of a step towards
achievement of this goal is to implement management control and the risk management process as
part of it. In order to present the constraints of the implementation of this process in the practical
functioning of the organization, in January 2014 a questionnaire interview was conducted with the
employee in charge of coordination of the risk management process. Her current position is that of
independent specialist in the central administration of the university. The person is a woman
between 26-36 years. She has been working in this position for nearly four years. In the
organizational hierarchy, she reports directly to the Director and indirectly to the university’s
rector.
Implementation of risk management in the studied organization
The matters discussed with the respondent during the interview were divided into two parts.
The first part pertained to the organizational solutions adopted at the university in the area of risk
management and the second part to the role of the respondent and the actions taken by her in the
framework of those solutions.
The respondent indicated that all activities are taken at the university taking into account the
internal and external laws and regulations, something which also applies to the implementation of
the risk management process. An important role in this area is played by the regulations that
require management control in public sector organizations so as to ensure achievement of
objectives and performance of their tasks in a manner that is legal, effective, efficient, cost-
effective, and timely. Management control covers a number of activities that modify the internal
environment of the organization, the rules for providing information and the rules of
communication, and the control mechanism. Their objective is to ensure adequate, effective, and
efficient functioning of the university, to include assurance of the compliance of its activities with
laws and internal procedures, the credibility of its reports, protection of its resources, observance
and promotion of principles of ethical behavior, as well as effectiveness and efficiency of
information flow. An important area of activity is also the implementation of risk management
that ensures full achievement of the objectives and public tasks of the university.
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
137
The implementation of this requirement started with a review of the university and preparation
of a position for a person whose main task was to coordinate the implementation of risk
management in the entire university. In 2010, a recruitment campaign for this job was conducted,
which concluded with the employment of the respondent. Her induction consisted in participation
in specialized training in the area of management control and risk management in public finance
sector entities.
The respondent stated that the university implements the risk management process by
involving employees on all levels of the organization. In order to achieve efficient organization,
top management established a team that supports the work of the respondent and the university’s
authorities.
The respondent claims that she initiated a number of actions aimed at the implementation of
a uniform system for documentation of risk management at the university. For this purpose, she
elaborated and presented to the management drafts of appropriate reports and registers. She also
conducted a pilot study in selected units of the university so as to modify the proposed documents
to have them not only to comply with the legal requirements but also to match the unique
characteristics of the Lodz University of Technology. As a part of the pilot study, she also
conducted a number of interviews and consultations with external and internal auditing bodies.
The respondent is not only involved in the risk management process on the level of her job, but
also supports the management in the process of risk estimation on various projects. Moreover,
she ensures continuous information of direct superiors about current and planned legal changes
pertaining to the management control process, with particular focus on risk management.
In connection with the aforementioned directions of development of the risk management
process, the roles and functions of the respondent continue to evolve. She described her role in
this process most of all as the verifier and initiator of changes who is open to new solutions in
the area of risk management and supports their implementation on all management levels. These
tasks involve the possibility to continuously improve skills and to submit new solutions to
superiors. In the risk management process, the respondent is also the functional advisor who
assists employees and superiors in implementation of solutions pertaining to this process and in
assessment of the degree of its completion.
As a result, the respondent described her role at the university as a risk manager who analyzes
the current threats and recommends measures to make risk management more efficient. As a part
of her duties, she prepares and continuously corrects a catalog of risk factors that helps lower
management to develop uniform risk documentation methods in the areas of activity assigned by
the university's top management. For this purpose, she has prepared a risk register which has
been used to conduct a pilot risk assessment for selected projects performed at the university.
Table 1 shows the sheet that the respondent prepares, with a summary of the knowledge of the
risk present on a project.
Table 1. Project risk register
Project title
Is the project performed by a consortium?
yes/no
What is the nature of the participation of the TUL in the project?
leader/member
What is the nature of the project?
research/construction/field of study
Total cost of project implementation
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
138
Total risk for the project
Task name
Risk factor
in the task
Scale of probability of
occurrence of negative
consequences (on a
scale of 1 to 5)
Scale of impact
(1 to 5)
Result: probability x
consequence
Acceptable
risk (yes/no)
Source: prepared by the authors based on the results of the study.
An electronic version of the register is a great support for the top management of the studied
organization. The key items in the register form are the name of the project and the total cost of its
implementation. Due to the diverse nature of projects, the respondent recommended that the
person filling out the form select one of three options and define the nature of participation of the
university organizational unit in the project. Other elements of the form are the tasks assigned in
the project and, with reference to the risk management process described earlier in the article,
identification of the risks associated with each task.
After consulting with management, the person filling out the form defines the level of
significance of each of the risks, whereby significance is defined as the impact of the risk on all
activities of the organization. The respondent recommended using a scale of 1 to five to define
the probability of risk events and the same scale to define the impact of those events. The product
of those two components, referred to as risk, indicates the level of each specific risk.
The last element of the table is the acceptability of each event. The lack of acceptance of a risk
means that it is necessary to perform more in-depth analyses of the project. It is also important to
inform the top management of the organization of this fact. One of the possible consequences is
recommendation of preventive measures or description of a specific response to a given risk. The
register prepared by the respondent may help evaluate the risk management process. The layout of
the register shown above was designed in consultation with internal auditors who conducted
training in the area of management control and risk management. The register is also to be used as
a support in visualization of the identified risks. In the respondent’s opinion, this will not only
render possible the introduction of this document into universal use, but will also help gather
comments and recommendations regarding modifications to it, so that its contents and form match
the unique characteristics of management of the university.
In the respondent’s view, another success in the process of implementation of risk management
in the studied university was the creation of a cascade system for the collection of partial
declarations of the status of management control and risk management from lower level
managers. One of the respondent’s duties after such declarations have been collected is to prepare
a summary report that describes the level of control, to compare it to the current activities of the
university, to present it to the top management, and, once the top management’s approval has
been obtained, to send it as the comprehensive management control report to the appropriate
minister who supervises the specific organization. Moreover, the respondent prepares a catalog of
recommended remedial measures that, after acceptance by management, may result in improved
quality of risk management at the university. The reports and conclusions from the respondent’s
work presented each time provide the university authorities with knowledge about her activities
and serve as a starting point for further improvement in the area of risk management.
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
139
At the last stage of the interview, the respondent was asked to assess the current level of
effectiveness of risk management at the Lodz University of Technology. Her task was to delineate
a hierarchy of requirements that must be met in order for the risk management process to be
effective. Her responses are shown in Table 2. The table also contains information on instances in
which individual requirements that exist at the university were fulfilled according to the
respondent.
Table 2. Hierarchy of requirements for effective risk management in the studied organization
Name of requirement
Order
1 - least important
6 most important
Examples of fulfillment of the
requirement in the studied of
organization
The culture within the organization
should be conducive to
development of innovative actions
associated with risk taking
6
Use of good academic practices, in
particular in the area of promotion of
innovation, to include in describing
risk in projects
Higher level managers should
support and promote the risk
management process
5
A description of risk management in
the form of an official document,
training on its use
Risk management should be
integrated in the management
process
4
Identification of the areas of
university management and placing
risk management in its framework
Risk management should be tightly
linked to achievement of aims
3
Elaboration of the university’s
mission, vision, and strategy, and a
catalogue of associated risks
The risk management procedures
and the benefits from effective risk
management should be
communicated to the
organization’s staff
2
Training on good practices in risk
management, observing public
finance discipline
The risk associated with contacts
with external parties should be
evaluated and managed
1
Introduction of a register of projects
at the university performed using
external funds, a system of contracts
with companies
Source: prepared by the authors based on the results of the study.
In the opinion of the respondent, the fundamental factor of effective risk management in the
studied organization is proper organizational culture characterized by a focus on employee
activity and submission by employees of recommendations concerning actions aimed at
improving operational management. Of key importance is also the fullest possible knowledge of
the organization, its environment, and its management methods that is gained by managers thanks
to the respondent's work related to the improvement of the risk management system. In the
respondent’s opinion, this approach could be the foundation of a risk management system at the
Lodz University of Technology. Shaping the organizational culture is not an easy task and, on the
one hand, requires a comprehensive look at the organization and, on the other hand, is manifested
in operational measures. Given the role of risk management in this area, H1 hypothesis was
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
140
formulated: Through risk management, the top management performs a review of the
organization and the impact of this process can be seen in the daily activities of the organization.
The top management should encourage a sense of responsibility among the employees for their
activity as well as the timeliness and quality of the performance of their duties. In the
respondent’s opinion, this attitude enables employees to identify with their organization and
reduces the risk of harmful behavior. Another step is to raise awareness that every task employees
perform involves certain risks in the area of finances, property, staff, and, for example,
information technology resources. This builds the awareness of the presence of risks among
employees. This has lead to the formulation of H2 hypothesis: risk management awareness is
built on all levels of management of the organization and employees take an active part of its
development. This hypothesis is confirmed by the respondent’s statement that “development of a
habit in employees to indicate potential threats for continued effective, efficient, and timely
functioning of the university is the supreme objective.”
The respondent emphasized that the risk management system should be based on the initiatives
and needs reported on the middle level of the organization. This is where the network of
objectives and methods for their achievement must be articulated, the mission, vision, and
strategy must be formulated, and the tasks must be assigned to all parts of the organization. The
developed approach must be formalized by inclusion in official statements and documents. As the
respondent emphasized, it is very important that all employees be informed of the implemented
solutions, to include implementation of risk management. Also, the top management must know
that the benefits of effective risk management may be delayed and should be communicated to the
staff of the organization as they occur.
In the respondent’s opinion, the risk associated with contacts with third-party entities, both
close to the university and distant from it, should be subject to extensive risk management. The
extent of the impact of such entities will largely depend on the management’s attitude toward risk
and the level of its acceptance. The respondent emphasized the impact of risk management on all
the university’s activities. She is also aware of her role in this process that consists in building its
foundations and creating a uniform method of risk estimation and analysis. The adopted system
can be used as a benchmark for other public sector organizations. The activity of the risk manager
at the Lodz University of Technology is also manifested in the preparation of periodic activity
reports and declarations of the status of management control.
The respondent expects that her role in the risk management process at the studied
organization will remain at a stable level. Her key task in the nearest future is to promote risk
awareness among employees of the university and to advise the managers of individual
organizational units on methods and places where control mechanisms and preventive measures
aimed to minimize potential risks should be implemented.
Conclusion
The literature on risk management emphasizes the dual nature of this term. Risk can be
considered as an opportunity when it has a positive impact on the functioning of the public
finance sector or as a threat if its impact is negative. In order to estimate the value, type, and
impact of risk, one must first review the interior of an organization and its management processes,
as well as its environment. Such a review makes it possible to indicate new areas of activities and
to identify potential sources of risks. Its purpose is to elaborate a uniform, formal document taking
the form of a risk register that describes all the risks present in an organization.
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
141
This process involves decisions concerning acceptance of risks and delineation of a hierarchy
of risks according to their impact. It also enables creation of a visual risk map for the
organization (Dobson, Hietala, 2011), which is particularly important in the event of increased
dependence of the quality of risk management on the quality and style of management adopted in
the organization (Davies, 1997). The aforementioned review must be supplemented with the
raising of awareness of risks on each management level and in the daily activities of all employees
of the organization.
As the research conducted has demonstrated, there is a high awareness of the need to monitor
all kinds of risks at the Lodz University of Technology. In order to make this process more
effective, the position of risk management coordinator was established and the respondent was
hired to supervise this area of activities. At the same time, the scope of her duties was expanded to
include constant communication with the top management of the university. As the results of this
study have demonstrated, the respondent continuously responds to changes in the external
environment, to include the legal environment, and takes care of improvement and integration of
the risk management system. She also initiates numerous measures aimed to fully implement this
process, prepares reports and compilations for the university’s authorities, and assists all
employees, to include those on the lowest level in the organization's hierarchy.
Based on the monographic studies that were conducted, two research hypotheses were
formulated concerning the tasks of the top management and the impact of risk management on the
functioning of the organization and the need to build awareness of the importance of this process
on each level of the organization. Due to the high interest in this matter, these issues will be the
subject of further research conducted by the authors. The plan is to first conduct an expert study
that will lead to formulation of specific theoretical foundations. Then quantitative survey studies
will be conducted at universities in central Poland. It is expected that the research hypotheses will
be confirmed, which will enable formulation of a number of cognitive and application conclusions
and will enable development of new knowledge in management science.
Acknowledgements
The project was financed with funds from the Polish National Science Centre granted
pursuant to decision no. DEC-2012/07/N/HS4/00274
References
1. Adler, T. R., Leonard, J. G., Nordgren, R. K. (1999). Improving Risk Management: Moving from
Risk Elimination to Risk Avoidance, Information and Software Technology, 41(1).
2. Arnoldi, J. (2009). Risk, Cambridge: Polity Press.
3. Asel, J. A. (2009). Risk Management and Management Control - The impact of the financial crisis
on the use of Management Control Systems, Vienna: EDAMBA Summer Academy, WU Vienna
1.
4. Aven, T., Vinnem, J.E. (2007). Risk Management, with Applications from the Offshore Oil and
Gas Industry. N.Y.: Springer Verlag.
5. Bovaird, T. (2005). Public Governance: Balancing Stakeholder Power in a Network Society.
International Review of Administrative Sciences, 71(2).
6. Campbell, S. (2005). Determining Overall Risk. Journal of Risk Research, 8 ( 7-8).
7. Carter, T. S., Demczur, J. M. (2008). Legal Risk Management Checklist for Not-for-Profit
Organizations, Legal Risk Management Checklist.
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
142
8. Chapman, R. J. (2011). Simple Tools and Techniques for Enterprise Risk Management, John
Wiley & Sons, Ltd.
9. Cleveland H., The Future Executive: A Guide for Tomorrow’s Managers, Harper & Row, New
York 1972.
10. Davies, D. (1997). Holistic Risk Management, Computer Law& Security Report 13(5).
11. Dobson, I., Hietala, J. (2011). Risk Management- The Open Group Guide, Van Haren Publishing.
12. Drennan, L. T., McConnell, A.(2007). Risk and Crisis Management in the Public Sector, New
York: Routlenge.
13. Drucker, P. (1974). Management: Tasks, Responsibilities and Practices, London: Heinemann.
14. Ferlie, E. (2010). Public Management 'Reform' Narratives and the Changing Organisation of
Primary Care, London Journal of Primary Care, 3(2).
15. Gherai, D. S., Balaciu, D. E. (2013).Role of Internal Auditing in Risk Management in the Public
Sector and Local Entities - Case Study Bihor Country, The Journal of the Faculty of Economics -
Economic, 1(1).
16. Graham, J.D. ,Weiner, J.B. (Eds.) (1995). Risk Versus Risk: Tradeoffs. Protecting Health and the
Environment, Cambridge: Harvard University Press.
17. Hood, C. (1991). A Public Management for All Seasons. Public Administration, 69(1).
18. Hopkin, P. (2012). Fundamentals of Risk Management 2nd edition, Understanding, evaluating and
implementing effective risk management, The Institute of Risk Management.
19. Khatta, R. S. (2008). Risk Management, New Delhi: Global India Publications Pvt. Ltd.
20. Lowrance, W. 1976. Of Acceptable Risk Science and the Determination of Safety. Los Altos:
William Kaufmann Inc.
21. Martin, J., Wanna, J. (1996). Financial Risk in the Public Sector: The Accountability Dilemmas of
Entrepreneurialism, [in:] Wanna, J., Forster, J., Graham, P. (Eds.). (1996). Entrepreneurial
Management in the Public Sector, South Melbourne: MacMillan Education Australia PTY LTD.
22. Parks, C. M. (2002). Instil Lean Thinking, Industrial Management, September/October.
23. Pidgeon, N. F. (1992). The Psychology of Risk, [in:] Blockley, D. I. (Ed.). Engineering safety.
London: McGraw- Hill.
24. Pynes, J.E. (2013). Human Resources Management for Public and Nonprofit Organizations: A
Strategic Approach, 4th Edition, San Francisco, CA: Jossey-Bass.
25. Reid, S. G. (1992). Acceptable Risk, Engineering Safety, [in:] Blockley D.I. (Ed.). Engineering
Safety. London: McGraw- Hill.
26. Reid, S. G. (1999). Perception and Communication of Risk, and the Importance of Dependability,
Structural Safety 21(4).
27. Renn, O. (2005). Risk Governance: Towards an Integrative Approach. White Paper No. 1,
Geneva: International Risk Governance Council.
28. Rosa, E.A. (1998). Metatheoretical Foundations for Post-Normal Risk, Journal of Risk Research,
1(1).
29. Sadgrove, K. (2005). The Complete Guide To Business Risk Management, Aldershot: Gower
Publishing, Ltd.
30. Sawyer, L.B., Dittenhofer, M.A., Scheiner, J.H. (2005). Sawyer’s Internal Auditing, 5th Edition,
The Institute of Internal Auditors, Altamonte.
31. Scorsone, E.A. (2008). New Development: What are the Challenges in Transferring Lean
Thinking to Government? Public Money & Management, 28(1).
32. Smith, D., Fischbacher, M. (2009). The Changing Nature of Risk and Risk Management: The
Challenge of Borders, Uncertainty and Resilience, Risk Management 11(1).
33. Solojentsev, E.D. (2008). Scenario Management of risk of accidents and catastrophies in business
and engineering. Reliability& Risk Analysis: Theory& Applications, 1(4).
Source: Kapuscinska, K., Matejun, M. (2014). Risk Management in Public Sector Organizations: A Case Study.
International Journal of Business and Management Studies, 3(3), 129-143.
143
34. Stake, R.E. (2005). Qualitative Case Studies, [in:] Denzin, N.K., Lincoln, Y.S. (Eds.), The Sage
Handbook of Qualitative Research, Thousand Oaks: Sage Publications.
35. Teeuwen, B. (2011), Lean for the Public Sector: The Pursuit of Perfection in Government
Services, CRC Press, Taylor& Francis Group, New York.
36. Terje, A. (2009). Risk Analysis and Management Basic Concepts and Principles. Reliability& Risk
Analysis: Theory& Applications, 2(1).
37. Turner, B. A. (1992). The Sociology of Safety, [in:] Blockley, D. I. (Ed.). Engineering safety.
London: McGraw- Hill.
38. Williams, T. (1996). The Two-Dimensionality of Project Risk. International Journal of Project
Management, 14(3).
39. Wirick, D.W. (2009). Public-Sector Project Management. Meeting the Challenges and Achieving
Results, Hoboken, NJ: John Wiley & Sons.
40. www.p.lodz.pl/en/index.htm.
41. Yin R.K. (2003). Case Study Research: Design and Methods, Thousand Oaks: Sage Publications.
  • Article
    Over the past years, risk management has been embedded in all public administration and scholars have asserted the need to improve the research about it. This paper aims to understand if an insurance broker has a role in the public administration risk management system, analysing the relationship between the operational risk management activities and control systems in the public administration and the evolution of the insurance broker as a risk consultant. Finally, through a content analysis, this study presents an observation about 331 municipalities from the Emilia-Romagna to understand how many municipalities can have an insurance broker as a partner.