Model of business risks and their impact on operational performance of SMEs

Abstract Risks can negatively affect not only internal processes within a company and business results but also managerial decisions. One of the preconditions for sound decision-making would be the identification of specific risks. The primary goal of this paper is to create a structural model for exploring the interrelationships among sources of business risks and the operational performance of SMEs. A survey was conducted in 1,781 SMEs from selected Central European countries. CFA (Confirmatory Factor Analysis) was used to check the reliability and validity of the model. The Cronbach's alpha test was used to assess the internal consistency of data collection instruments. For measurement of sample adequacy, Kaiser-Meyer-Olkin (KMO) test was used. The model presented in this paper provides a tool for identifying the interrelationships among sources of business risks, operational performance and the market position. The model can help managers of SMEs focus on specific areas of their business that should not be ignored in decision-making processes.


Introduction
Maintaining a market position belongs to the strategic goal of every developed enterprise. This process covers identifying and creating sustainable competitive advantages for the company and implementing appropriate risk management. For small and medium enterprises (SMEs), can be this process crucial for their profitability and their existence. On the other side, SMEs can see these activities as non-profitable, time consuming and useless. According to Marcelino-S adaba et al. (2014), many SMEs do not use risk management practices due to a lack of human resources. Risk management was highlighted in the context of sustainability of enterprises by many authors (Dankiewicz et al., 2020;Font et al., 2016;Kornilaki et al., 2019;Ol ah et al., 2019, Vychytilova et al., 2020. The number of companies that realise the importance of risk management has grown in recent years (Meluz ın et al., 2017). Dvorsky et al. (2020) state that the SMEs which operate in competitive environment perceive risks more intensively than companies which operate in narrower business environment. High-quality risk management positively impacts company performance (Ai et al., 2018). Although SMEs are intuitively aware of threats which can affect their business, they cannot recognise risks which have never been addressed (Abbas, 2018;Bogodistov & Wohlgemuth, 2017, Kov acsn e Mozs ar & Michelberger, 2018Pietrasie nski & Slusarczyk, 2015). Therefore, it is necessary to develop knowledge and experiences among SMEs managers about risks and risk sources and their consequences.
Small and medium enterprises are the primary source of economic progress (Mura & Klju cnikov, 2018). 99% of all companies in the European Union belong to the category of SMEs. (European Parliament, 2021). Most of the experts agree that SME significantly contributes to the growth of employment and growth of Gross Domestic Product (Shuying & Mei, 2014). According to Fiala and Hedija (2015), SMEs grow quicker than corporations. They are also more flexible in looking for a new business opportunity (Blackburn et al., 2013). On the other hand, they operate with less automated equipment and have less access to resources than large corporations (M€ uller et al., 2018). This article focuses on the impact of business risks and their sources on the operational performance and the market position of SMEs. Its primary purpose is to create a model which describes a relationship among business risks, operational performance and market position of SMEs. Venkatesh et al. (2015) state that one risk can start a chain effect and start an action of other risks in the company. Therefore, it is necessary to analyse all risks in the company comprehensively.
While the relation between risk management and operational performance was analysed (Callahan & Soileau, 2017;Durst et al., 2019;Henschel & Durst, 2016;Mohammed & Kn apkov a, 2016), the link between risks and operational performance and market position has been not taken in consideration. Thus, the study fills a gap in international study by attempting to address the lack of issues about losing market position as a result of risks (Belas et al., 2015;Farrell & Gallagher, 2015).
The article is arranged as follows: The first segment classify business risks and highlights the importance of risk management. Then, the research, data collecting and a theoretical model of examining the influence of various business risks on operational performance and the risk of losing the market position are introduced in the second part. Then, some hypotheses are developed from the theoretical model, and they are tested using appropriate statistical methods. Results and discussion follow this part. Finally, the paper is concluded by a summary of the research, its practical benefits and limitations.

Economic conditions
One of the most critical economic risks is the availability of financial sources. This risk is closely connected to the financial risk because lack of financial sources causes financial complication for the company. Typically, SMEs without economic history and a lack of sufficient collateral or companies without sufficient transparency have problems obtaining a bank loan (Bel as et al., 2016). The companies which get external financing face the risk of interest rate growth. In addition, all companies must be aware of taxes and their development. Artemenko et al. (2017) identified the risk connected to the taxes as follows: regular changes in tax legislation, level of a tax burden, new taxes, and differences among regions or business entities. Another critical economic risk is connected to the growth of prices of essential production factors (e.g., energy). For business risk evaluation, energy costs should be taken into account (Guselbaeva & Pachkova, 2015). Economic risks for this study encompass interest rate changes, tax advancements, an inadequate funding, and an increase in energy price levels.
H 1 : There is a positive impact of economic conditions, including economic risks, on operational business in SMEs in selected countries of Central Europe.

Financial performance
The factors that affect SMEs' financial performance were defined as follows: a risk of the company's unsatisfactory profit, a corporate debt, a risk caused by unpaid receivables (liquidity risk and inability to pay financial commitments)) (insolvency). Financial risks appear in all aspects of financial management and are connected with the use and distribution of capital. SMEs need to identify these risks concerning their business (Kljucnikov & Belas, 2016, Shuying & Mei, 2014. However, SMEs are less informed about sources of financial risks and the tools that prevent the company's failure due to the financial risks (El Kalak & Hudson, 2016, Sauka & Welter, 2014. In addition, SMEs are highly dependent on external capital, which is often in venture capital (Gama & Geraldes, 2012;Mutezo, 2013). Finally, high levels of debt financing can be a risk. Suppose the return is lower than required interest rates from liabilities. In that case, the company cannot pay interest without a loss in that year, which cut some equity and can lead to a dramatic situation in the next period (Mutezo, 2013).
Although operational risk has a definite impact on financial performance, it is still unclear if those 'operational risks' have a measurable impact on overall financial performance (Kopia et al., 2017). Fuentes-Fuentes et al. (2015) noted that entrepreneurial orientation is positively related to operational and financial performance.
H 2 : There is a positive impact on financial performance, including financial risks on operational business in SMEs in selected countries of Central Europe.  confirmed that human capital is the most essential element of a company. The company's manager should support employees to innovate work processes to improve the company's performance. The personnel risk is closely connected to the training of employees. Inadequately trained people can bring a significant loss (Epstein & Rejc Buhovac, 2005). As a result, in the following decade, human capital will be one of the most important productivity drivers (World Economic Forum, 2019). Based on the literature review, it has been concluded that the risk related to human resources can be identified as follows: health and wellbeing of employees (Dewlaney & Hallowell, 2012), productivity (Demerouti et al., 2009), financial risks (Leaver & Reader, 2016), employee turnover; Glambek et al., 2014), reputation (Kayes et al., 2007), legal problem, innovation (Ballinger et al., 2011) and absenteeism (Battisti & Vallanti, 2013). Human errors are also significant to the business risks. Baybutt (2002) states that up to 90% of operational risks appear due to a human error. According to the facts above, the personnel risk in this publication is characterised as follows: a high rate of employees' job changing, insufficient staff qualifications, errors of employees, a decline in morale and discipline.

Data security and asset management
Many authors found out that information security management is a part of management in companies. It focuses on establishing, implementing, monitoring and improving information security (Davidaviciene et al., 2019;Rajnoha et al., 2017). Jai Arul et al. (2011) define three basic rules describing safety objectives in the information system: ensuring confidentiality and integrity, ensuring the availability of information, ensuring the users' responsibility and the activity inside. Tu et al. (2018) and Ol ah et al. (2019) concentrated their efforts on identifying and modelling elements that affect information security management success. They identified six critical success factors: business alignment, organisational support, IT competencies and organisational awareness of security risks and controls, and information security controls. Each of these factors affects information security, while the complex solutions include combinations of all of them. Kesan and Zhang (2020) warn that cyber incidents are often not properly distinguished and can lead to very different and huge losses. Organisations can be victims of fraud from several sources: consumers, employees and the Internet (Hess & Cottrell, 2016). Increased awareness regarding this issue led many organisations to apply the concept of data security management to identify sources of risk and provide measures for their control or elimination (Shamala et al., 2017).
The security risks were classified as follows: certain accidents and external threats (flood, fire), misuse of information, poor employee health and safety, and property crime (stealing).
H 4 : There is a positive impact of Data Security and Asset Management, including security risks on operational business in SMEs in selected countries of Central Europe.

Legal issues
Nowadays, increasing regulation of the business environment complicates the situation of enterprises, especially in the case of SMEs. Moreover, the Aon Market Report (2018) states that the legal side of the business is nowadays more important than sales. The last huge change in regulation was focused on personnel data protection. The General Data Protection Regulation (GDPR) of the European Union is the most important shift in data privacy regulation in the previous two decades. This regulation was handled across every sector worldwide and followed the IT revolution in the previous years. According to Risk.net (2019), it ranked the ten most considerable risks, indicating the increasing importance of legal risks and security risk. TOP 10 risks are data compromise, IT disruption, IT failure, organisational change, theft and fraud, third-party risk, regulatory risk, data management, Brexit, mis-selling.
The legal risk for this research is characterised as follows: low law enforcement, frequent changes in legislation, low judicial independence, and long duration of resolution of litigation.
H 5 : There is a positive impact of Legal Issues, including legal risks on operational business in SMEs in selected countries of Central Europe.

Business environmentother risks
Another significant factor of the business environment is the political system and the force of state authorities. Political systems are increasingly open and create the possibility of improving the authorities. In combination, these trends create a unique opportunity for social and economic development, poverty reduction and growth (Ol ah et al., 2018). Therefore, another factor with influence on the market position of SMEs was created. It isn't easy to generalise the name of this group. For this reason, we entitled it Business environment (which include only other risks defined in this paragraph.
The other risks were identified as corruption, favourability based on the political determination, poor quality of public services, high administrative requirements H 6 : There is a positive impact of the Business environment, including other business risks, on operational business in SMEs in selected countries of Central Europe.

Operational performance
People, systems, and processes are all linked to operational performance in businesses. Legal risk, fraud risk, supply-chain risk, and environmental risk are also included (Epstein & Rejc Buhovac, 2005). Inadequate maintenance and poor service can lead to high operational risk. The use of obsolete or unsuitable technologies is a significant risk to the company's successful operation. Innovation is obliged to ensure operational efficiencies throughout the entire enterprise's progress (Sen & Ghandforoush, 2011). Hvolkova et al. (2019) assumed that there is a difference between the innovation barriers to SMEs [15] and the importance given to specific size of enterprise classes.  state that SMEs do not pay attention to the innovative ways of operational performance. The risk of losing market position can appear from interruptions in operation involved in the supply chain (Juttner, 2005), a disruption in the distribution of products to the user (McKinnon, 2006) or uncertainty of customers and their unexpected requests (Nagurney et al., 2005).

Objectives, methodology and data
The paper's main aim is to create a structural model for examining the interrelationships among sources of business risks and operational performance of SMEs in Central Europe. This study included four countries with similar pasts, economic circumstances, and geostrategic ideas (the Czech Republic, Slovakia, Poland, and Hungary). Because there is no universal definition of a SME, the European Union definition (according to Commission Recommendation, 2003/361) was chosen. The research was organised by Tomas Bata University in Zl ın (Czech Republic). To boost the chances of getting a statistically significant sample of replies, other three institutions based in selected countries were included in the distribution of questionnaires in each country. Between 2017 and 2018, data were gathered through the use of a structured questionnaire. The whole sample consisted of 1,781 SMEs from selected countries (around 400 SMEs from each country considered a statistically significant sample). The questionnaire had an online form and was placed separately in each country in its native language. The entrepreneurs were randomly chosen from specialized databases of each country. The owner or risk manager was responsible for completing the questionnaire. The questionnaire was divided into two parts. The questionnaire was separated into two parts. The first section included eight questions about social and demographic factors such as the gender and age of the entrepreneurs, their education, the size and length of the business, the region, and the industry sector. The second part included questions about identifying and assessing business risks, and their sources. The answers have been measured using a five-point Likert scale, with 1 representing the least impact, 2 neutral, and 3 representing the greatest impact. The primary characteristics of respondents can be seen below: The Czech Republic micro business 261 (64 percent); small business 96 (24 percent); medium business 51 (12), from which 91 (22 percent) operate in industry, 93 (23 percent) operate in trade, 15 (4 percent) operate in agriculture, 63 (15 percent) operate in construction, 20 (5 percent) operate in transportation; 25 (6 percent) operate in accommodation and restaurants and 101 (25 percent) are in other services. 84 enterprises (21 percent) have been on the market for less than 5 years, while 324 enterprises (79 percent) have been on the market for more than 5 years. Eighty-four companies (21%) being on the market for less than 5 years, 324 (79%) more than 5 years.
The model showed below (Figure 1) was created to examine the influence of business risks on the operational performance of SMEs and their market position.

Measurement of sample adequacy and structure validation
For MSA (Measure of Sampling Adequacy) analysis we used Kaiser-Meyer-Olkin (KMO) test. The indicator's value for the sample used in the paper is 0.913, and the value which can be accepted is 0.60. It was confirmed that the sample used for research is suitable for the application of factor analysis (Cerny & Kaiser, 1977;Kaiser, 1974). In addition, Bartlett's spherical test shows that there are significant correlations among question groups within the questionnaire (Hair et al., 2006). The obtained values of this test are v2 ¼ 24652.405, df ¼ 496, p ¼ 0.000.

Validation of the theoretical model
The theoretical model's validation for examining the impact of various sources of business risk on operational performance and the risk of losing companies' market position from selected countries (shown in Figure 1) was carried out with software SPSS 25.0 LISREL 8.8. Based on PCA (Principal Component Analysis), factor analysis demonstrated the one-dimensionality of all eight groups of latent variables in the observed model (Kingir & Mesci, 2010). Table 1 displays the factor analysis results, which show the obtained values for the percentage of variance, which is explained by the one-dimensional factor for each group of questions, and the obtained load factor values. The minimum acceptable load factor is 0.3, and the obtained factor loadings verify a high degree of internal consistency between the groups of questions in the defined model (Sheppard, 1996). (Sheppard, 1996).
First, the measurement model was evaluated by testing the convergent and divergent characteristics. The convergent validity is demonstrated when loads of the variables (matrix Lambda -K x and K y ) are above 0.60 (Anderson & Gerbing, 1988). Discriminant validity is checked by examining the magnitude of the correlations between latent variables of the model. Its existence proved when Phi (U) correlations between latent variables are lower or equal to 0.60. Thus, the convergent validity was established, but the discriminant validity was greater than recommended values between the latent variables: Financial performance -Data security and Legal issues -Business environment. Using SPSS, the bivariate correlation was performed, and the variables that showed the highest correlation coefficients causing the lack of discriminant validity between the mentioned latent variables were eliminated.
In order to ensure the reliability and validity of the tested model, CFA (Confirmatory Factor Analysis) analysis was performed. Checking the internal consistency of data collection instruments was conducted using Cronbach's alpha test (Cronbach, 1951). In this way, the values of Cronbach's alpha coefficients (a) are obtained, which denote the average correlation values among the items when the grading is done based on the given scale (in this case, it was the five-step Likert scale).
If the a values are larger than 0.70, the questions have a high degree of internal consistency and appropriate modeling options based on the data received from the tested sample. Values around 0.60, on the other hand, are regarded as acceptable (Boyer & Pagell, 2000). The obtained coefficient values are also shown in Table 1. Based on the obtained coefficient values for groups of questions, it is reasonable to state that the validity and reliability of the risk management questionnaire in small and medium enterprises have been demonstrated, and that reliable modeling results can be expected based on the data collected. Calculated t values, which are also shown in Table. 1, are almost always very high, with a level of significance of p 0.1, indicating that the tested model is valid. As a result, all 32 variables (defined within eighteen latent groups of variables) can be used to define the theoretical model, as shown in Figure 1.

Results & discussion
In order to define the essential elements of the statistical set used for research in this paper, standard statistical parameters for all 8 question groups (mean, standard deviation, variance and frequency) are calculated, as shown in Table 1. From Table 1 can be seen the summary of descriptive statistics which describes each part of the model. The eight factors were created and analysed in detail. In each factor can be seen as the highest source of risk of the group. For example, the tax and mandatory contribution growth are perceived as the highest source of economic risk. As can be seen, the most severe risks without a division into groups of risks is the number of competitors, following by a loss of customers, tax and mandatory contribution growth and high administrative requirements. The less important risk seems to be inadequate protection of IT system, property criminal (stealing), and increasing complaints. The different results were registered by Hess and Cottrell (2016), who identified the fraud caused by consumers, employees and the Internet as one of the most known and most significant risks. Shamala et al. (2017) state that organisations are aware of security risks and often apply data security management to identify security risks and eliminate them.
The obtained values of the coefficients a are shown in Table 1. The validity and reliability of the questionnaire were proved based on the results in the table. As a result, depending on the data acquired, reliable modelling results can be expected. The obtained t values are, in almost all cases, very high, with a level of significance p < 0.1, which confirms the validity of the tested model. Therefore, all 32 variables (defined within eight latent groups of variables) can be used to determine the theoretical model shown in Figure 2.
For data analysis, covariance-based structural equation modelling (CB-SEM) was utilized since it allows the researcher to examine causal hypotheses in the same way that linear regression analysis does. CB-SEM statistical methodology integrates several multivariate techniques (i.e., regression analysis, path analysis, and confirmatory factor analysis) (Cheung, 2015). It can perform simultaneous analysis of the observed variable and latent structures, relationships, and impact on appropriate outcomes. CB-SEM is intended for follow-up research and analysis. It focused on covariance (i.e., explanation of items' relationships), a solid prior theory and established questionnaire is needed, it supports a big sample (e.g., > ¼ 300), and multi-collinearity before analysis need to be addressed.
LISREL, a statistical data processing software package, was used to test the validity of the theoretical model shown in Figure 1. As a result, the statistical reliability of the data for model validation was satisfactory. In the beginning, the values of the indicators that show whether the proposed model fits the input data adequately were determined. Table 2 displays the results of the fitting indicator values that were examined. In this case, a relative chi-square (v 2 /d.f.) value can be considered significant because the requirement for it is fulfilled (<3.00) (Malhotra et al., 2014). RMSEA indicator shows the fit of the model to the covariance matrix of the sample, taking into account the degrees of freedom. Its obtained value shows the proper fitting of the model. GFI represents comparison residuals of squares of the model versus the model suggested by the sample, and AGFI is GFI adjusted by the degrees of freedom. In this case, GFI and AGFI values are below the recommended values. In addition to the above-mentioned indicators, the CFI and IFI indicators were utilized to analyze the fitting. Their results were greater than or equal to 0.90, indicating that they were completely adequate. The obtained values of the fitting indicators (Table 2) show a satisfactory degree of fitting in the defined model. Thus, the defined theoretical model (Figure 1) can be reliably calculated.
In order to make a final decision on the acceptance of the defined theoretical model, it was necessary to determine t-values for each of the seven defined hypotheses.
The obtained t-values are shown in brackets in Figure 2. For hypotheses H 1 , H 2 and H 3 , H 4 and H 7 , t-values are greater than 2, which confirm a stronger positive correlation between the independent variables 'Economic conditions', 'Financial performances', 'Human resources' and 'Data security and asset management' and dependent variable 'Operational performance'. On the other hand, in hypothesis H 5 t-value is negative (À3.29) and indicates that between the independent variable 'Legal issues' and the dependent variable 'Operational performance', there is a negative correlation. Source: own Figure 2 shows that each of the defined hypotheses in the model have positive path coefficients, verifying the positive influence of independent variables on the dependent, excluding the H5 hypothesis (b ¼ À0.13, p 0.1, t ¼ À3.29), which indicates that legal issues have a negative impact on operational performance. The hypothesis H1, H2, H3, H4, and H6 show that economic conditions, financial performance, human resources, data security and asset management, and business environment all have a positive impact on operational performance (b ¼ 0,14 and t ¼ 5.02; b ¼ 0.23 and t ¼ 6.64; b ¼ 0.22 and t ¼ 5.89; b ¼ 0.40 and t ¼ 8.44; b ¼ 0.043 and t ¼ 8.44; b ¼ 0.043 and t ¼ 1.14 in each case). Finally, the H7 hypothesis proves that operational performance has a positive influence on the risk of losing market position (b ¼ 0.62, p 0.1, t ¼ 14.91). The findings supported previous research, which found that risk management knowledge can improve a company's operational performance (Durst et al., 2019, Mohammed & Kn apkov a, 2016. The degree of interconnection between the six independent groups of variables was investigated below as well. The values of the obtained correlation coefficients can be seen in Table 3's correlation matrix. Table 3 shows that all variables defined in the model are correlated. The strongest correlation exists between independent variables 'Business environment' and 'Legal issues' (0.74; statistical significance p < 0.05) and 'Data security and asset management' and 'Human resources' (0.71 statistical significance p < 0.1). The correlation between Business environment and Legal issues shows that SMEs perceive a strong connection between legal risks (poor law enforcement, ambiguities in law, independence of the courts and slow resolution of litigation) and the problems in the business environment (such as corruption, poor quality of public services and high administrative demands on SMEs). Research of economic and financial risk and its relationship to economic performance and market position was confirmed by many authors (e.g., Bel as et al., 2016;Artemenko et al., 2017;Guselbaeva & Pachkova, 2015;Vaznyte & Andries, 2019). According to authors, Sauka and Welter (2014), SMEs are less informed about the source of financial risks and cannot prevent the company's failure. Epstein and Rejc Buhovac (2005) found that inadequately trained people bring a significant loss to the company. Baybutt (2002) states that up to 90% of operational risk appear due to a human error (personnel risk). In our research, the relationship between personnel risk and operational performance was confirmed. This result confirms Del Giudice et al. (2017) and Scuotto et al. (2017). They state that SMEs face a lack of capital, technological, and skilled human resources, which negatively impacts their performance.

Conclusion
The purpose of this article is to define the relationship between operational performance and business risks and how are they related to SMEs' market position. The major goal of the article was to develop a structural model for examining the interrelationships between sources of business risks and SMEs' operational performance in Central Europe. Our research also confirmed the positive effect between risks, operational performance and market position of the SMEs. The results can be interesting not only for research organisation investigating the development of SMEs and threats affect the business environment but also for state institution or private agencies seeking to adopt national support for SMEs. The model can help managers identify risks in the company comprehensively and identify their importance and relationship with the company's market position. This knowledge is very important also in the process of decision making. Business risks can threaten the company's market position, but based on the incorrect decision, the company can fail. In terms of theoretical benefits, the article introduces a new theoretical model that depicts the relationship between business risks and the company's market position. Although the article has many benefits, some limits can be identified. Firstly, the research covers only SMEs in selected countries, and the structural model was not proven in other areas. Furthermore, the questionnaire has been translated into the mother tongue of each country. Even so, errors could have occurred in the translation or misunderstanding of the question's significance by the addressed subjects. Also, one of the disadvantages of this study is that the same questionnaire was used to survey respondents from different cultures. Therefore, the question arises to what extent this conceptual model and results' interpretation correspond to the questionnaire's culture.
Common method bias (CMB) happens when variations in responses are caused by the instrument rather than the basic predispositions of the respondents that the instrument attempts to uncover. In other words, the instrument introduces a bias, hence variances, which will be analysed. If the total variance for a single factor is less than 50%, it suggests that CMB does not affect your data. In this study, the CMB in almost all cases affects the obtained data. This indicates to us that we have not been able to prove the diversity of the constructs fully. The reason may be the similarity of the content of the question, misunderstanding of the question, bias in the sample, and several other factors that indicate that further work is needed on the validation of this questionnaire.
Finally, the research was carried across all sectors. Some industries can be risker and can be characterised by different risks than others. This fact is not considered in the study. In the future, research will be applied to a broader group of countries to extend the validity of results worldwide. The sector differences will be considered.

Disclosure statement
No potential conflict of interest was reported by the authors.