**5. Score-based risk assessment in public financial institutions**

Score-based risk assessment is one of the methods of internal control mechanisms which enable risk detection. It includes the definition of risk for various levels of impact and probabilities of occurrence. This method prioritizes risk (increases transparency) and enables assessment of the identified risk in terms of its impact on the achievement of goals (**Tables 1**–**3**).


**65**

consequences.

**Impact**

*Score-based impact of risk.*

*Source: [25].*

**Table 2.**

*Source: [25].*

*Matrix of score-based risk assessment.*

**Table 3.**

*Risk Assessment Methodology in Public Financial Institutions*

loss > PLN 500,000

100,000 < PLN 500,000

10,000 < PLN 100,000

100 < PLN 1000

loss < PLN 100

Of course, the number of probability levels for different risk events for an organization may vary. It will be adjusted depending on the state, ownership, sector and industry in which the organization operates. In the further methodology, it will translate into the level of economic effects having a certain impact on the functioning of the organization. In this chapter we have to deal with the public organization

Catastrophic 5 10 15 20 25 Serious 4 8 12 16 20 Average 3 6 9 12 15 Small 2 4 6 8 10 Insignificant 1 2 3 4 5 **Frequency of occurrence** Infrequent Unlikely Average Likely Almost certain

**Financial Organizational Health** 

Failure to achieve key objectives

Failure to achieve the key objective

Small disturbances in activity

Short-term disturbance in activity

Disturbances in activity

**and safety**

Serious injuries

Some injuries

Small injuries

Small injuries **Reputation**

the entire country

Some information in national media

Some information in local or regional media

Limited information in local or regional media

Scarce information in local or regional media

Death Media coverage in

In this method, the scores describing the impact and probability are multiplied to calculate a total score-based risk assessment. Tables presenting the assessment of impact and probability of risk are adjusted depending on the entity under analysis. This chapter presents an example of a matrix of risk management in public administration developed for the Ministry of Finance, which was an EU requirement. This enables to identify risk early enough and take decisions to counteract negative

concerning the implementation of budgetary tasks in Poland.

*DOI: http://dx.doi.org/10.5772/intechopen.91152*

**Score Description Criteria**

5 Catastrophic Financial

4 Serious Financial loss PLN

3 Moderate Financial loss PLN

2 Small Financial loss PLN

1 Insignificant Small financial

#### **Table 1.**

*Score-based probab ility of the occurrence of risk.*


#### **Table 2.**

*Risk Management and Assessment*

and objectives

achieving its goals.

*Source: own work based on [25].*

on the achievement of goals (**Tables 1**–**3**).

*Score-based probab ility of the occurrence of risk.*

includes:

A risk management system is of particular importance in this process. Risk management in the public sector can be defined as a logical and systematic method of creating context; identifying, analysing and assessing risk, action and supervision and informing about risk in a way which enables an organization to minimize loss and maximize opportunities [23]. Thus, the process of risk management

• Identifying risks related to operational activities as soon as possible

• Implementing adequate risk control measures

responsible for risk and documentation concerning risk

**5. Score-based risk assessment in public financial institutions**

Score-based risk assessment is one of the methods of internal control mechanisms which enable risk detection. It includes the definition of risk for various levels of impact and probabilities of occurrence. This method prioritizes risk (increases transparency) and enables assessment of the identified risk in terms of its impact

**Score 1 2 3 4 5** Description Infrequent Unlikely Average High probable Almost certain Probability 0–10% 11–30% 31–49% 50–75% 76–100%

• Assessing the degree of influence of risk on a particular organization's results

• Risk management structures, including organizational plans, policies and procedures concerning risk management, data on all teams and individuals

Risk management is one of the basic processes (elements of managing a unit), and its primary aim is to increase the probability of achieving objectives. In order to manage risk successfully, objectives of particular units should be established in order to identify risks which may prevent from achieving them. Risk management is a continuous process. According to financial control standards, the head of a unit systematically identifies both internal and external risk related to the achievement of the unit's objectives, concerning the whole unit as well as particular programmes, projects or tasks separately [24]. When there is a change of conditions in which a unit operates, identification of risk should be performed again. Each identification of risk should be analysed in terms of potential consequences and the probability of their occurrence. A manager will perform ongoing assessment of task completion with the use of qualitative and quantitative indicators or with the use of other established criteria. Each sector of public finance should develop and implement a method of identifying and analysing risk. The implemented programme must enable identification and understanding of all types of risk which a unit is exposed to when providing services and

**64**

**Table 1.**

*Score-based impact of risk.*


#### **Table 3.**

*Matrix of score-based risk assessment.*

Of course, the number of probability levels for different risk events for an organization may vary. It will be adjusted depending on the state, ownership, sector and industry in which the organization operates. In the further methodology, it will translate into the level of economic effects having a certain impact on the functioning of the organization. In this chapter we have to deal with the public organization concerning the implementation of budgetary tasks in Poland.

In this method, the scores describing the impact and probability are multiplied to calculate a total score-based risk assessment. Tables presenting the assessment of impact and probability of risk are adjusted depending on the entity under analysis. This chapter presents an example of a matrix of risk management in public administration developed for the Ministry of Finance, which was an EU requirement. This enables to identify risk early enough and take decisions to counteract negative consequences.

Score-based risk analysis enables to prioritize actions, and its aim is to reduce risk:


After ranking risks, an organization must agree on actions to take in order to control particular risks. How they proceed depends on the level of acceptance of risk and the possibility to control it as well as the relation between the cost of reducing or eliminating it and possible negative consequences of such risk.

#### **6. Conclusions**

An organization should have a process of supervising the probability of the occurrence of risk. The manager should receive reports from a register of risk to be able to react to various levels of risk. Reporting on risk should be integrated into currently existing processes of internal reporting. Frequency of reporting should be adjusted to the organization, and measures related to high risk should be monitored on an ongoing basis [26]. The importance of risk management in the public sector is due to the requirement of the European Union to implement risk management systems in units from the public finance sector. During talks on EU accession, one of the requirements was to develop and implement financial management systems and control in units from the public finance sector and develop standards of financial control in self-government units. Controls are performed by an internal auditor and concern risks involved in raising and using public funds. Risk management standards are based on the COSO (Committee of Sponsoring Organizations of the Treadway Commission) model. In this way the legislator obliged units from the public sector to analyse and manage risk pertaining to completing public tasks. This results from the intention to provide citizens with services they need because risk management can streamline processes of making reasonable decisions. It is not the aim of the process to avoid risk but to increase the probability of achieving success in particular areas of operation of the public sector. This also results from the intention to manifest stability and adequate supervision of risk in order to complete tasks assigned by the public sector. Strengthening the function of internal control and risk management in the new Act on public finance, the Polish government follows other European Union countries. Risk management helps to protect the population and ensure efficiency of public administration in the event of a financial crisis or other threats. Changes which are increasingly visible in many Polish institutions are the components of a bureaucratic change in administration towards an effectively managed organization. The aim of this change is to increase the effectiveness of the public sector. Thanks to such an approach, the system of procedures in an organization is adequate to its current needs. The article described the particular stages in risk identification and a score-based risk assessment method, which shows the importance of risk management in units from the public sector for ensuring the possibility to make management decisions early enough.

**67**

**Author details**

Leon Dorozik, Tomasz Strąk and Ireneusz Miciuła\*

provided the original work is properly cited.

Faculty of Economics, Finance and Management, University of Szczecin, Poland

© 2020 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

\*Address all correspondence to: irekmic@wp.pl; ireneusz.miciula@usz.edu.pl

*Risk Assessment Methodology in Public Financial Institutions*

The authors declare no conflict of interest.

The project is financed within the framework of the programme of the Minister of Science and Higher Education in Poland under the name "Regional Excellence Initiative" in the years 2019–2022, project number 001/RID/2018/19, the amount of

*DOI: http://dx.doi.org/10.5772/intechopen.91152*

**Acknowledgements**

**Conflict of interest**

financing PLN 10,684,000.00.
