**4. Risk management in the public sector**

Risk management is an implemented system of procedures and rules, which is used to identify, analyse, assess and monitor risk. It allows not only to reduce risk but also to take advantages of any opportunities that may appear [19]. A correct system is supposed to improve results in the future and support decision-making on an ongoing basis. Therefore, it should comprise a planned, logical, comprehensive and documented strategy [20]. Such strategy includes instructions, plans and procedures which will function in everyday work of a particular office or its organizational units in order to manage risk. In local government units, risk can be considered in the following areas: finance (e.g. income from tax on real estate is lower than expected), human resources (e.g. mistakes made by employees when making various decisions), IT (e.g. faulty software) and other areas which influence the risk of failure to achieve established objectives and results. Therefore, risk management in local government units should be subject to a strictly defined process which comprises the following elements:


*Risk Management and Assessment*

• Effectiveness and efficiency of action

• Reliability of reports and protection of resources

• Effective and efficient flow of information

• Informed risk management

which includes five areas:

• Complying with and promoting rules of ethical conduct

sponsibility in particular organizational departments.

analysing risk and taking preventive measures.

assessment and internal audit.

in order to guarantee achievement of objectives and completion of tasks in a legal, effective, economical and timely manner. The aim of such control is to ensure:

Standards of internal control drawn up by the Minister of Finance and currently subject to consultation constitute an attempt to arrange this type of control. It has been primarily emphasized that it is necessary to organize such control at two levels [17]. The basic level of internal control is a unit from the public finance sector (first level of internal control). It is the head of the unit who is responsible for the functioning of internal control. There should be internal control in government and self-government administration at the level of a government administration department as a whole (second level of internal control). Mayors of villages, towns and cities, province governors or marshals are responsible for the functioning of internal control at this level [18]. There is a project on standards of internal control

1.Internal environment which constitutes the basis for the remaining elements of control because it concerns the management system of a unit and includes professional competences (level of expertise, skills and experience) of the management and employees and their scope of duties, authorization and re-

2.Risk management whose aim is to increase the probability of achieving goals by defining objectives and monitoring completion of tasks, identifying and

3.Control mechanisms which constitute the answer to a particular risk. The unit wants to reduce by documentation, registration and confirmation (authorization) of commercial operations, division of key responsibilities, verification, supervision under company hierarchy, registration of deviations from procedures, maintenance of operational continuity, controlled access to financial, material and information resources (protection of resources) and IT system control mechanisms. Example includes control of access to IT resources and system software.

4.Information and communication standards provide employees with access to information which is necessary for the performance of their duties and main-

5.Monitoring and assessment of control system by ongoing assessment of the efficiency of the control system and its components and day-to-day problemsolving by all employees depending on their competences, including by self-

tain effectiveness of internal and external communication systems.

• Conformity of activity with provisions of law and internal procedures

**62**

	- Probability of the occurrence of risk
	- Consequences of certain events
	- Acceptance of risk (resulting from the fact that costs of prevention exceed potential losses related to the occurrence of a particular phenomenon)
	- Withdrawing from certain activities
	- Counteracting risk (creating and implementing action plans)
	- Transfer of risk (e.g. taking out insurance policies, relying on guarantees of correct performance of contracts)

Governments and public services in European Union (EU) countries often make available information on the nature and scope of investment in risk management because stakeholders want to be sure that risk is adequately supervised and resources are adequately protected [21]. If Poland wants to be perceived as a country where investments pay off, it should implement a risk management system which will meet relevant standards established by the European Commission. In the administrative system, senior management is responsible for risk management whose objectives are the following [22]:


A risk management system is of particular importance in this process. Risk management in the public sector can be defined as a logical and systematic method of creating context; identifying, analysing and assessing risk, action and supervision and informing about risk in a way which enables an organization to minimize loss and maximize opportunities [23]. Thus, the process of risk management includes:


Risk management is one of the basic processes (elements of managing a unit), and its primary aim is to increase the probability of achieving objectives. In order to manage risk successfully, objectives of particular units should be established in order to identify risks which may prevent from achieving them. Risk management is a continuous process. According to financial control standards, the head of a unit systematically identifies both internal and external risk related to the achievement of the unit's objectives, concerning the whole unit as well as particular programmes, projects or tasks separately [24]. When there is a change of conditions in which a unit operates, identification of risk should be performed again. Each identification of risk should be analysed in terms of potential consequences and the probability of their occurrence. A manager will perform ongoing assessment of task completion with the use of qualitative and quantitative indicators or with the use of other established criteria. Each sector of public finance should develop and implement a method of identifying and analysing risk. The implemented programme must enable identification and understanding of all types of risk which a unit is exposed to when providing services and achieving its goals.
