COMPREHENSIVE RISK MANAGEMENT IN A BUSINESS

A comprehensive approach constitutes a new paradigm of risk management in a business in the current conditions characterized by turbulence and uncertainty of the business environment. It results from the evolution of the risk management concept, whose origins can be traced in the insurance activity and then in what is referred to as the dispersed (frag-mented) approach. Comprehensive risk management concerns all types of risks identiﬁ ed in the business functional areas. It is realized on a continuous basis at all management levels and co-ordinated across the company. Comprehensive risk management should take account of both pure and speculative risk management on the one hand, and operational and strategic risk management on the other. It is not only comprehensiveness that matters – the risk management strategic and integrated character is also important, which means that risk should be incorporated into the process of the business management.


Introduction
Almost all authors generally agree that the risk notion has an inter-or even a trans-disciplinary character. Risk appears in almost all scientifi c disciplines, including psychology, sociology, mathematics and statistics, natural and technical sciences, economics and management (McNeil, Frey, Embrechts, 2015). Economics or management experts make attempts to identify and characterize risk in the economic reality (Drennan, McConnell, 2007;Hull, 2012;Urbanowska-Sojkin, 2013, p. 20).
Economic or management sciences offer no uniform interpretation of risk because risk is the focus of interest of researchers coming from different specialist areas or disciplines, such as insurance, fi nance, accounting, banking, auditing and corporate governance or business management. Depending on the specialization and the adopted research approach, the point of view and some specifi c aspects of the analysis will refer to a different layer and class of issues. But regardless of the differences in the research approach, it is undeniable that risk is an inherent part of the activity of any market entity or organization, especially at the time of continuous and increasing turbulence affecting business processes (Buła, 2015, p. 13).
The aim of this paper is to present the essence of risk and the evolution of risk management in the economic activity (in a business), including characterization of the role and signifi cance of comprehensive and integrated risk management compared to the traditional approach to risk (referred to as the dispersed approach).

Risk management as a strategic instrument for creating competitive advantage of a business
Colloquially, risk is usually understood as a concept that entails a possibility of failure. It may be related to a venture the result of which is uncertain. In literature, risk is often identifi ed with the function of two variables: the probability of failure and the potential loss (Nahotko, 2001, p. 38). This understanding of the term is included in what is referred to as the negative concept of risk. Nowadays, there is a need to put the risk issue in a broader perspective. More and more often, it is considered from a positive angle, i.e. attention is focused on taking advantage of opportunities for benefi ts. In this case, risk can be described as failure to seize opportunities that present themselves (Garlick, 2006, p. 12). The third concept -referred to as neutral -is based on the assumption that risk is neither positive nor negative. It is related to the uncertainty concerning the future outcome of specifi c events (Urbanowska--Sojkin, 2013, p. 19).
Risk management becomes a strategic instrument for creating the business competitive advantage on the market and for increasing the level of gain and profi tability. Due to the higher rate of changes taking place in companies, the management staff have to face a huge number of complex types of risk that have a substantial impact on the functioning of their entities (Anderson, 2014).
How risk management is defi ned depends on the adopted defi nition of risk. Using a negative perspective, risk means a possibility of incurring a loss. Under this approach, risk management can be treated as a set of measures enabling identifi cation of threats arising in a company that make it impossible to achieve the assumed fi nancial result, or limiting the possibility of the occurrence of threats or -if they do occur -mitigating their effects. The aim of risk management is to prevent losses that might have a negative impact on further functioning of the business. If the neutral concept of risk is adopted, risk management is treated differently. It can be defi ned as a process that the company offi cers use to defi ne, assess, monitor and control the risk related to the business activity, where the aim of the process is not to minimize the risk but to keep it below a level acceptable in terms of the business strategy (Thlon, 2012, p. 41).
Risk management is by no means a novel issue because as early as in 1916 Fayol pointed to the safety function (la function de sécurité) as one of six basic functions of a business. The traditional approach to risk, developed in theory and in practice in the 1940's and 1950's, was limited primarily to the management of pure risk related to the protection of property and employees covered by insurance. And it was insurance activity that for a long time remained one of the main instruments of risk management (Rejda, 2011). In the 1960's and 1970's it was found that the scope of risk management was much wider, and insurance was not the only way to infl uence the risk level in a business. Some comprehensive challenges to risk management were noticed that concerned not only specifi c measures to be taken but also organizational formalization of the activity. In the late 1970's individual types of business risk were defi ned, widening the traditional perception of fi nancial risk (Monkiewicz, 2010, p. 64).
In the next years, with changes in social and economic life and with different business activity methods, the approach to risk started to change, too. Due to the achieved level of the insurance sector development, the company's attention shifted primarily towards speculative, dynamic risk which involves taking specifi c active steps. However, this type of risk is characterized by a different degree of measurability. The beginnings of the contemporary approach to risk management in a business can also be linked to the development of the project risk management concept, the origins of which can be traced back to the 1970's (Chapman, Ward, 2003;Raydugin, 2013).
At present, a multi-stage perspective of the risk management process dominates in literature, and individual proposals vary from one author to another. Despite the differences, however, some common elements of the process can be distinguished, such as the risk factor analysis, risk identifi cation and quantifi cation, measures taken in response to individual risk types, monitoring and analysis of the process and of the process results. The process stages make up a logical sequence, and every step is considered taking account of the effects and conclusions derived from previous stages. The entire process draws on the feedback covering the analysis of the effects of risk management and of the course of the process itself (Adamska, 2009, pp. 16-18).

Comprehensive approach as the new paradigm of risk management
Risk management can be performed applying two basic approaches -the dispersed and the comprehensive one. In the former, used practically by most companies (and also referred to as the silo or the traditional approach), risk management has a fragmented character -it concerns selected risk types and is rooted in different functional areas and at different levels of management which are often determined by industry-specifi c conditions. In this format, risk management organization assumes focusing on specifi c areas of the business activity and ceding managerial functions to selected units in the company's organizational structure that -independently of each other -realize the process of the management of risks specifi c to a given area (Buła, 2015, p. 56). Managing individual types of insurance, technological, fi nancial, marketing or ecological risk has an independent character. Consequently, there is generally no co-ordination in the risk management sphere and new risks that arise are not identifi ed fast enough (Krzakiewicz, 2013, p. 136).
The turn of the 20 th and the 21 st century marked a transition to another risk management paradigm which recommends analysing all organizational units and all directions of the company business activity in terms of the occurrence of risk (Woods, 2011). From this perspective, the essence of risk management is not really counteracting or eliminating risk but rather exerting infl uence on the risk source. The new model of strategic risk management, also referred to as comprehensive and integrated, has a universal nature -risk management is performed and co-ordinated across the entire company (Krzakiewicz, 2013, p. 136).
Comprehensive risk management can be defi ned as "a process realized across the entire company, aiming to identify all risk factors, whether positive or negative, and to rationalize the risk consequences. This means making decisions and taking measures to minimize or eliminate the negative impact of risk, as well as controlling risk and making informed decisions which concern the chances of development without exceeding the acceptable risk level in order to maximize the company's value" (Buła, 2015, pp. 23-24). The process should cover all areas of the company's activity and run at all management levels (cf. Fig. 1). The integrated nature of the risk management process means that risk is incorporated into the management of the company (Kaczmarek, 2008, pp. 116-119). Decision-making in a company is always fraught with risk because the decisions are oriented towards future effects. More and more often now, the process of the company management is assigned the strategic safety element, which can be understood as the company's general state characterized by the maximum limitation of the impact of negative factors on effi ciency and the strategic potential -the company's main resources and skills (Stabryła, 2000, p. 107). In this case, risk is related among others to the danger of making wrong decisions that make it impossible to achieve assumed targets. The negative approach to risk described above should be connected with the positive aspect in the form of seizing an opportunity, i.e. gaining a benefi t.
Recognizing the need for changes, many companies make a gradual transition to the new risk management model which is comprehensive and integrated. The managers of such companies assume that by using the comprehensive approach to risk management they create, protect and increase the organization assets.

Basic types of risk in the comprehensive approach
The comprehensive character of the risk management process in a company means that it covers both pure and speculative risk management on the one hand, and operational and strategic risk management on the other. Pure risk can be defi ned as risk causing only negative or neutral effects for the company (loss or lack of loss). It has a static and defensive nature and the company has no impact on it whatsoever. It occurs on a massive scale and can be observed by recording the number of events over time and their negative effects. Pure risk management aims to eliminate or limit negative random consequences of phenomena which are beyond the company's control, and most efforts concentrate on the procedures for formal risk assessment. This kind of risk is usually referred to the effects of random events and it is managed mainly through an adequate insurance policy.
Pure risk with a random character, insurable risk in particular, does not in fact constitute the strategic approach to risk management in the company. From the point of view of risk management, a more important issue is speculative risk, which is often interpreted as risk inherent in activity or managing. Its core is not the probability of incurring a potential loss due to the occurrence of unfavourable events (processes) but the possibility of deviating from the goal (advantageous or disadvantageous), the achievement of which depends on a decision fraught with risk. Speculative risk is related to a situation that may entail effects in the form of a loss or lack thereof, but also -which is of utmost importance from the point of view of management -in the form of potential benefi ts. Understood in this manner, risk inherent in a benefi t-oriented economic activity is one of the most signifi cant components of entrepreneurship.
The comprehensive approach to the risk management concept refers pure and speculative risks to individual levels of the company hierarchical management (operational and strategic). In the theory of management, operational risk is usually perceived as short-term risk related to the current activity in the technical and organizational area, including the ineffi ciency of the course of processes and of the functioning of technical or technological systems, human errors and inappropriate control. Considering this, it has rather negative connotations. The aim of operational risk management is to prevent the loss of key resources or the loss of control over them. It is realized by ongoing monitoring of internal processes in the company, assessing the functioning of systems and people, detecting and counteracting negative effects of risk arising from external events, as well as implementing the necessary corrections or preventive measures for this purpose (Buła, 2015, pp. 22-23).
An intensive growth of interest can now be observed in the problem of strategic risk identifi cation and assessment, but interpretations of the concept differ substantially depending on the source. Although the concept draws on the achievements in sciences of management and is usually defi ned based on them, other areas of science often offer their own specifi c interpretation of the word "strategic". Taking strategic risk has always been an integral part of strategic planning with a long-term character. Nowadays, the interpretation of strategic risk is related to the company's strategy, to the creation of the strategic position and the achievement of strategic goals. A trend can also be observed that refers to psychology and sociology. In it, the strategic risk issue emerges clearly in the context of managers having to make strategic decisions.
Literature adopts a fairly broad concept of strategic risk. In one of the earliest defi nitions, strategic risk is identifi ed with "strategic actions oriented towards improving the company's results related to ventures so far unknown, the fi asco of which could shake the fundamentals of the company. The effects of those actions, as well as the probability of their occurrence, are not known entirely, and therefore their objectives, which are diffi cult to defi ne, may not be achieved" (Światowiec-Szczepańska, 2012, p. 108).
Another approach defi nes strategic risk as "the possibility of the company failing to succeed in the achievement of objectives which are fundamental to its existence, conditioned by factors related to the internal potential and its environment" (Urbanowska--Sojkin, 2013, p. 57).
Taking account of the strategic management process components, the following types of strategic risk, made of many elements, are distinguished (Urbanowska--Sojkin, 2013, p. 63): -the risk of strategic choices, which is related to the selection process and to the selection results in the form of decisions concerning strategic goals and strategies subject to implementation and realization; -the risk involved with the implementation of strategic decisions and its determinants in the following phases: goal operationalization, securing resources, motivating employees, IT support of management processes and adjusting organizational methods and the company's organizational culture to future conditions of activity; -the risk related to monitoring and forecasting changes in the environment and within the company (control), treated as the basis for dynamic adjustment to them.

Conclusion
Comprehensive risk management across a business refl ects the changes in the paradigm that managers rely on, acting on the uncertainty factors which make it diffi cult to achieve the business objectives. While the traditional paradigm was characterized by a dispersed approach to risk management -each risk type was analysed separately -the modern strategic approach has a comprehensive nature that takes account of all risk types presenting themselves in a business (cf. Table 1).
The development and implementation of a comprehensive risk management system is a complex and diffi cult task which depends on a number of variables. There is no unequivocal or precise procedure that could ensure that such a venture will be successful in terms of achieving all assumed goals. This results from the fact that implementation of this type of management usually involves a substantial organizational change affecting the company as a whole and having an impact on long-standing habits and the order of work (Sosiński, 2011, p. 148). A ccording to Krzakiewicz (2013, p.139), "there is no single recipe for an effective risk management system within a business as a whole. Much depends here on the company's organizational culture and the features of the managers involved in perfecting the system".