Microsoft Word - 42landucci.docx


CHEMICAL ENGINEERING TRANSACTIONS 

VOL. 82, 2020 

A publication of 

The Italian Association 
of Chemical Engineering 
Online at www.cetjournal.it 

Guest Editors: Bruno Fabiano, Valerio Cozzani, Genserik Reniers
Copyright © 2020, AIDIC Servizi S.r.l. 
ISBN 978-88-95608-80-8; ISSN 2283-9216

Access of SMEs to the Risk Management Process 

Tereza Belantováa*, Kamil Peterekb 
a
Tomas Bata University in Zlin, Faculty of Management and Economics, Mostní 5139, 760 01 Zlín, Czech Republic, 

b
Tomas Bata University in Zlin, Faculty of Logistics and Crisis Management, Studentské nám. 1532, 686 01 Uherské 

Hradiště, Czech Republic 
belantova@utb.cz 

Every year in the Czech Republic, the number of incurred companies is increasing regardless of the industry 
in which the companies do business. However, this not only brings new jobs and the prospect of profit but also 
brings new unidentified risks. Some risks are predictable and entrepreneurs are aware of their probability of 
occurrence but also of their impact long before their business is established and can intervene in a timely 
manner to eliminate or reduce the likelihood of their occurrence. However, there are also risks that 
entrepreneurs may not be aware of and which, without any treatment, can reach such proportions that they 
will be liquidation for the company. 
There are a number of studies showing that risks largely affect not only the project results, but the whole 
business plan. Depending on the level of implementation of the risk management process in a company, we 
can find a significant difference between successful and unsuccessful companies, which indicates the 
importance of the risk management process in companies. Of course, the larger the scope of the risk 
management process in all areas of the business, the better the business results. There is no doubt about 
how important it is for an enterprise to have an established risk management process. The introduction of a 
functional risk management system is essential for the long-term functioning of the company. 

1. Introduction

Just the functional system of the risk management process is what gives businesses a competitive advantage. 
In today's turbulent and increasingly global world, with increasing market competition and the development of 
increasingly new and more complex technologies, risk management is gaining importance. It consists mainly 
of the effort to consciously work with uncertainties so that especially those risks with negative consequences 
are recognized in time and subsequently treated.  
This technical-economic discipline focuses on risk analysis and treatment using a wide range of methods and 
procedures. This is not only about the current risks that businesses have, but also they work with future risk 
factors, that have the power to cause the outbreak of risks in its entirety. All risks, whether real or future, can 
have one or more causes. If there is a risk, it can have one or more impacts.  
The whole process is a never-ending systematic and recurring set of interconnected processes and activities 
that aims not only to reduce the likelihood of risk but also to reduce the impact of risk. Businesses should 
continually assess real risks and actively seek out and then assess potential risks. Risk management is one of 
the underestimated areas not only in the company and companies should pay the same attention to this issue 
as they do in any other area in the company. This article focuses on the risk management process in small 
and medium-sized enterprises doing business in the Czech Republic. As far as the definition of small and 
medium-sized enterprises is concerned, it is those enterprises that operate in different sectors and have less 
than 250 employees. Their annual turnover must not exceed EUR 40 million and their total annual balance 
must not exceed EUR 27 million. At least 75% of the assets must be owned by the company and the company 
must be managed by the owners in person. Once one of these criteria is exceeded, the enterprise falls into the 
category of large enterprises. 

  DOI: 10.3303/CET2082007 

Paper Received: 21 January 2020; Revised: 2 May 2020; Accepted: 10  July  2020 
Please cite this article as: Belantova T., Peterek K., 2020, Access of Smes to the Risk Management Process, Chemical Engineering 
Transactions, 82, 37-42  DOI:10.3303/CET2082007 

37



There were estimated to be approximately 25.1 million small and medium-sized enterprises (SMEs) in the 
European Union in 2018, with the vast majority of these enterprises micro-sized firms that employed fewer 
than nine people. A further 1.47 million enterprises were small firms with between 10 and 49 employees and 
approximately 236 thousand enterprises were medium-sized firms that had 50 to 249 employers. SMEs are an 
important part of the European economy, but their value varies greatly from country to country (Clark, 2019). 
Companies, small, medium or large, must carefully monitor their spending and predict potential costs that 
could be caused by the risk-taking actions of their actions. Risk is associated with all business functions and is 
found in all types of business activities. To ensure the survival of companies and create sustainable value, it is 
essential to know how to identify risks, assign value and a priority scale, propose actions and mechanisms to 
minimize risks, and continuously monitor the evolution of risk. This is particularly true for small and medium-
sized enterprises, which are most exposed to the harmful effects of risks due to limited resources and 
structural elements. SMEs more than larger organizations require the adoption of a risk management strategy 
and methodology, due to lack of resources to respond quickly to internal and external threats.  
This can lead to large losses that seriously endanger their survival. Risk occurs in all human activities, in all 
types of business and in all areas of corporate governance. In many cases, however, the risk can be predicted 
from the experience of the manager. The task of the risk management process is to identify risks, measure the 
probability with which they may arise and the potential impact they can cause, further treat risks, eliminate or 
reduce their effects with minimal investment of resources. The traditional definition of risk states that risk is 
measured by two combined variables - the frequency or probability of a risk event, ie the number of times a 
risk event recurs in a predetermined period, and the second variable is the extent of the consequences that 
the event generates (Verbano & Venturini, 2013).  
Chapman & Cooper (1983) defined the concept of risk as an opportunity to suffer economic and financial 
losses or material damage as a result of the uncertainty surrounding the measure taken. Risk is defined as the 
potential of complications and problems with respect to project completion and project achievement. This is an 
uncertain future event or condition with an incidence greater than 0% but less than 100%, affecting at least 
one of the project's objectives (scope, schedule, cost or quality, etc.). In addition, the impact or consequences 
of this future event must be unexpected or unplanned (Chia, 2006). It is well known that risk can be effectively 
managed to mitigate its adverse effects on project objectives, although this is unavoidable in all project 
commitments. Therefore, risk management is becoming a strategic business activity (Andersen, 2006), which 
is not limited to models, algorithms, checklists or programs. Today, risk management is increasingly seen as 
an indicator of good corporate governance (Drew & Kendrick, 2005) some even think that ignoring it has 
become a source of risk for corporations (Corvellec, 2009). The International Organization for Standardization 
(International Organisation of Standardisation, 2009) identifies the following principles of risk management 
process: create value; be an integral part of the organizational processes; be part of decision making that 
explicitly addresses uncertainty; be systematic and structured; be based on the best available information; be 
tailored; take into account human factors; be transparent and inclusive; be dynamic, iterative and responsive 
to change; and be capable of continual improvement and enhancement. There are companies that prefer to 
avoid risk, but this strategy is not recommended and it is better to choose early diagnosis and management 
(Keizer, Halman, & Song, 2002). Risk management, therefore, participates in identifying, evaluating and 
prioritizing risk by monitoring, controlling and applying managerial resources with coordinated and economic 
efforts to minimize the likelihood or impact of unfortunate events in order to maximize the achievement of the 
project objectives (Douglas, 2009).  
Systemic project risk management has an effect on project success. It is found that there is a strong 
relationship between the amount of risk management efforts undertaken in a project and the level of the 
project's success (Elkington & Smallman, 2002). There was a fundamental difference in the level of use of risk 
management methods between successful and unsuccessful projects, indicating the importance of the risk 
management process in projects. The authors also point out that the greater the scope of risk management, 
the better the project results (Papke-Shields, Beise, & Quan, 2010). Project risk management is therefore 
explained as a proactive approach where consciously work with uncertainties so that the uncertainties with a 
negative impact are identified and treated in time (Společnost pro projektové řízení, 2013). This is a 
management area that focuses on risk analysis and risk reduction through various risk prevention methods 
and procedures. These methods and procedures eliminate current and future factors that could cause an 
increase in risk. Risk management is a systematic and recurring series of interrelated activities to manage 
potential risks, thereby reducing the likelihood of their occurrence or reducing their impact. The purpose of risk 
management is to avoid any problems or negative phenomena. (Bartošíková, Bilíková, & Taraba, 2014).  
The entire risk management process can be summarized in a four-step process of effective project risk 
management - Risk identification, risk assessment, risk response, and risk monitoring and review. Risk 
identification is the first step in determining which risks may adversely affect a project. Risk characteristics are 
documented at this stage (KarimiAzari, Mousavi, Mousavi, & Hosseini, 2011). Risk assessment is a step that 

38



indicates the risks that need to be prioritized and managed and which are not addressed. The risk assessment 
method is an essential part of this step. Existing methods are classified into simple classical methods and 
advanced mathematical models (KarimiAzari et al., 2011). Existing risk assessment methods are either 
qualitative or quantitative and require different information and a level of risk detail. Simple classical methods 
integrate deterministic modeling and risk analysis into Critical Path Method (CPM) planning. If there are many 
factors that should be considered before the project risk manager chooses the risk assessment method to be 
implemented. It is about the cost of employing the technique, the level of external party`s approval, 
organizational structure, agreement, adaptability, complexity, completeness, level of risk, organizational size, 
organizational security philosophy, consistency, usability, feasibility, validity, and credibility and automation. 
The last phase of the entire risk management process is risk monitoring and control. These include monitoring 
the implementation of the risk response plan, monitoring identified risks, monitoring residual risks, identifying 
new risks and assessing the effectiveness of the risk management process (Rezakhani, 2012). 

2. Methodology

The survey was carried out in three stages, which took place from April 2019 to December 2019. The first 
stage, which was to analyze relevant information sources in the field of risk management, took place during 
April and May. For the purposes of this article, the Web of Science, Scopus, ProQuest, and Google Scholar 
databases were used, where definitions of the concept of risk management were searched by keywords like 
risk management, risk management in the SMEs, etc. The second stage, which was aimed at collecting data 
on companies operating in the Czech Republic, was conducted in the form of a questionnaire survey between 
June and August 2019. The questionnaire was created based on the results of the first stage and was 
distributed by e-mail to small and medium-sized companies. 
On the basis of a survey, two research questions (cases) were analyzed. Statistical dependence of individual 
answers with respect to the size of the company was verified. The research questions were defined as:  

1. Whether the size of the company affects the amount of crisis management expenditure,
2. Whether the size of the company affects the number of people involved in the risk management process.

The occurrence of individual answers from the survey was evaluated according to the contingency tables. 
These tables were used to summarize the relationship between the variables. A chi2 test can be conducted on 
these contingency tables to test whether or not a relationship exists between variables. Cramer's coefficient 
was used to measure the strength of the relationship between variables. It could take values from 0 to 1. 
Values close to 0 indicate a weak association and values close to 1 indicate a strong association between the 
variables. Due to the page limitation of this paper, only the results of hypothesis testing are presented. 

Figure 1: Amount of expenditure by companies on crisis management 

39



Figure 2: Number of people involved in the crisis management process in companies 

3. Results

The research was focused on small and medium-sized enterprises according to the number of employees, but 
for our purposes also micro-enterprises with only the maximum number of 9 employees were included in the 
section of small enterprises. 
The first question examined from our questionnaire survey was whether the size of the company affects the 
amount of expenditure on crisis management. 

A null and an alternative hypothesis was established for the first research question: 

H10: The size of the company does not affect the amount of crisis management expenditure.     
H1A:   The size of the company affects the amount of crisis management expenditure. 

A total of 42 small enterprises and 35 medium-sized enterprises were analyzed. As mentioned above, for the 
purposes of our survey, micro-enterprises with a total number of employees up to 9 are also included. During 
the analysis of the first research question, we obtained these results of the monitored values: The chi-square 
statistic is 12.204. The critical value is 5.991. The p-value is .002239. So, there is a significant difference 
between the observed and expected frequencies. The result is significant at p < .05. The Cramer's coefficient 
is 0.398 and that means mean dependence between variables. 
The second question examined from our questionnaire survey was whether the size of the company affects 
the number of people involved in the risk management process. 

A null and an alternative hypothesis was established for the second research question too: 

H20: The size of the company does not affect the number of people involved in the risk management process. 
H2A: The size of the company affects the number of people involved in the risk management process. 

During the analysis of the second research question, these results of the monitored values were obtained: The 
chi-square statistic is 6.247. The critical value is 3.841. The p-value is .01244. So, there is a significant 
difference between the observed and expected frequencies. The result is significant at p < .05. The Cramer's 
coefficient is 0.285 and which means weak dependence between variables. 

40



4. Conclusions

The aim of the research was to identify and describe the approach taken to the risk management process by 
small and medium-sized enterprises operating in the Czech Republic. The article briefly introduces theoretical 
foundations with an emphasis on risk management. Data collection was conducted through a questionnaire 
survey in the second quarter of 2019. The questionnaire survey was deliberately aimed at executives and 
company management, where at the beginning they were asked about the length of activity in the company to 
prevent probation workers and increase the credibility of the sample. The number of questionnaires sent was 
563 and the number of questionnaires processed was 77. The return rate was less than 14%. 
The research was primarily interested in the relationship between the size of the company and the amount 
spent on the risk management process and also on the relationship between the size of the company and the 
number of persons involved in the risk management process. 
In the first research question, a chi-square test of independence was performed to examine the relation 
between the size of the company and the amount of crisis management expenditure. The relation between 
these variables was significant. The null hypothesis can be rejected and it can be concluded that the larger the 
company is, the more spends money on the risk management expenditure. 
The second research question examined was whether the size of the company affects the number of people 
involved in the risk management process. The results show that the relation between these variables was 
significant as well. Also here, the null hypothesis can be rejected and it can be concluded that the larger the 
company is, the greater the number of people are involved in the risk management process. 

Acknowledgements 

This paper was supported by the Integral Grant Agency, Tomas Bata University in Zlín IGA/FAME/2019/006, 
and by support research program of Tomas Bata University in Zlín (RVO).  

References 

Andersen, T. J., 2006, Perspectives on Strategic Risk Management. Denmark: Copenhagen Business School 
Press. 

Bartošíková, R., Bilíková, J., & Taraba, P., 2014, Risk Management in the Business Sector in the Czech 
Republic. Vision 2020: Sustainable Growth, Economic Development, and Global Competitiveness - 
Proceedings of the 23rd International Business Information Management Association Conference. 

Chapman, C. B., & Cooper, D. F., 1983, Risk engineering: Basic controlled interval and memory models. 
Journal of the Operational Research Society, Vol 34, 51–60. https://doi.org/10.1057/jors.1983.7 

Chia, E. S., 2006, Risk assessment framework for project management. IEEE International Engineering 
Management Conference, (October 2006), 376–379. https://doi.org/10.1109/IEMC.2006.4279889 

Clark, D., 2019, Number of small and medium-sized enterprises (SMEs) in the European Union in 2018, by 
size. Retrieved from www.statista.com/statistics/878412/number-of-smes-in-europe-by-size/ 

Corvellec, H., 2009, The practice of risk management: Silence is not absence. Risk Management, Vol 11, 
285–304. https://doi.org/10.1057/rm.2009.12 

Douglas, Hubbard, W., 2009, The Failure of Risk Management: Why It’s Broken and How to Fix It. Wiley. 
Drew, S. A. W., & Kendrick, T., 2005, Risk Management: The Five Pillars of Corporate Governance. Journal of 

General Management, Vol 31, 19–36. https://doi.org/Risk Management: The Five Pillars of Corporate 
Governance Stephen A. W. Drew, Terry KendrickFirst Published December 1, 2005 Research Article 
https://doi.org/10.1177/030630700503100202 

Elkington, P., & Smallman, C., 2002, Managing project risks: a case study from the utilities sector. 
International Journal of Project Management, Vol 20, 49–57. https://doi.org/https://doi.org/10.1016/S0263-
7863(00)00034-X 

International Organisation of Standardisation., 2018, ISO 31000:2018 Risk management — Principles and 
guidelines. Retrieved from www.iso.org/standard/43170.html 

KarimiAzari, A., Mousavi, N., Mousavi, S. F., & Hosseini, S., 2011, Risk assessment model selection in 
construction industry. Expert Systems with Applications, Vol 38, 9105–9111. 
https://doi.org/https://doi.org/10.1016/j.eswa.2010.12.110 

Keizer, J. A., Halman, J. I. M., & Song, M., 2002, From experience: applying the risk diagnosing methodology. 
Journal of Product Innovation Management, Vol 19, 213–232. 
https://doi.org/https://doi.org/10.1016/S0737-6782(02)00138-8 

Papke-Shields, K. E., Beise, C., & Quan, J., 2010, Do project managers practice what they preach, and does it 
matter to project success? International Journal of Project Management, Vol 28, 650–662. Retrieved from 
https://doi.org/10.1016/j.ijproman.2009.11.002 

41



Rezakhani, P., 2012, Current state of existing project risk modeling and analysis methods with focus on fuzzy 
risk assessment - Literature review. Frattura Ed Integrita Strutturale, 20, 17–21. 
https://doi.org/10.3221/IGF-ESIS.20.02 

Společnost pro projektové řízení., 2013, Doporučená praxe Společnosti pro projektové řízení - oblast Řízení 
rizik. 

Verbano, C., & Venturini, K., 2013, Managing risks in SMEs: A literature review and research agenda. Journal 
of Technology Management and Innovation, Vol 8, 186–197. https://doi.org/10.4067/s0718-
27242013000400017 

42