THE DEvElopmEnT of An ATTiTuDE TowArDs risk mAnAgEmEnT in THE conTExT of counTry compETiTivEnEss

. The paper analyses the prevailing definitions of risk, uncertainty and risk management as well as attitudes towards risk identification, analysis and re sponse in the context of the enterprise and country as a whole. The article presents a scheme of attainment of risk-intelligent enterprise management and discloses its application possibilities to country risk management. The paper also shows the schematic views of particular techniques applied in each step of the risk manage ment process. After analysing a report on global country risks, a generalized risk map of global risks is formed and detailed further trends of research are determined in order to develop a thorough picture of country risks in Lithuania. reference to this paper should be made as follows: Stasytytė, V. 2013. The devel opment of an attitude towards risk management in the context of country competi -tiveness, Business, Management and Education 11(2): 281–293.


introduction
There is no agreed definition of the concept of risk. Literature points to a number of different ways of understanding this concept. Some definitions are based on probability, chance or expected values, some of those -on undesirable events or danger, whereas others emphasise uncertainties (Aven 2012). Naturally, risk means different things to different people, and they perceive risk in different ways depending on what area they are working within (Riabacke 2006). Many studies have attempted to deal with this problem and studied the role of risk in their respective fields (Sweeney et al. 1999;Sadka 2006;Tohidi 2011). According to French and Liang (1993), "risk is a much overused word; indeed, it has been used in so many senses as to become virtually meaningless".
Risk management in a company is often limited to financial risk management: market risk, credit risk, exchange rates risk, etc. However, the management of enterprise activity risk is as much important as financial risk management, and therefore should be treated with no smaller effort and resources in order to achieve the efficiency of the company's activity (Stasytytė 2012a).
Considering research on country risk, a trend towards the analysis of financial aspects is obvious in scientific publications (Di Gregorio 2005;McAleer et al. 2011;Baglioni, Cherubini 2013), though there are some broader investigations (Herrero et al. 2011;Sanjo 2012). The analysis of country risk can be also performed using similar methods as those applied for enterprise risk analysis. Thus, this paper puts forward research on risk identification and analysis techniques pursuing intelligent risk management.
Taking into account the variety of issues related to risk management and a rising need to apply adequate methods to solve these questions, a scientific problem of the paper can be defined as a growing need to successfully manage arising risks and insufficient knowledge about various aspects, methods and ways of implementing enterprise and country risk management.
The objective of research is to analyse methods and techniques for risk identification and further analysis proposing the ways and combinations of their application in order to increase the efficiency of risk management that could be applied to a company or country as a whole.
In order to attain the above stated objective, the following tasks have been distinguished: − to analyse risk and uncertainty definitions provided in scientific literature and practical user guides to risk management; − to discuss the main aspects of risk identification and analysis accompanied with the presentation of respective techniques; − to investigate how country risks can be analysed with the help of the proposed methods and techniques.
The applied research methods are scientific literature analysis, comparative analysis, synthesis and generalization, graphical visualization.

Does risk have a close or distinct meaning to uncertainty?
Due to a great amount of research on risk management, many different definitions of risk appeared. According to Oxford English Dictionary (Thompson 1996), a definition of risk it provides is 'a chance or possibility of danger, loss, injury or other adverse consequences', and a definition of at risk is 'exposed to danger'. In this context, risk is used for signifying negative consequences. However, taking risk can also result in a positive outcome. A third possibility is that risk is related to the uncertainty of the outcome.
Definitions of risk can be found from many sources. Sometimes literature can display two parallel definitions of risk: 1. Risk is an uncertain situation with possible negative outcomes. 2. Risk is a potential variation in outcomes. The variation can be either positive (upside risk) or negative (downside risk).
Definition 2 is mainly used in finance where both positive and negative positions in securities are possible. In other fields, Definition 1 is more common.
Based on the findings of Knight (1921), Luce and Raiffa (1957) provide us with a useful definition of risk in the field of decision-making. The definition distinguishes three types of decision-making situations. We can state that most decision-makers are in the realms of decision-making under either: − certainty where each action is known to lead invariably to a specific outcome; − risk where each action leads to one of a set of possible specific outcomes, each outcome occurring with a known probability; − uncertainty where actions may lead to a set of consequences, but where the probabilities of these outcomes are completely unknown (Luce, Raiffa 1957).
Thus, a risky situation is the situation where the outcome is unknown to the decisionmaker, i.e. he/she is not sure which outcome will occur and uncertainty may lead to erroneous choices.
The analysis of the concepts of risk and uncertainty can be perfectly accomplished by the findings of Aven (2012) who developed a thorough classification system for risk definitions. Such definitions involving uncertainty are provided in Table 1. Each of the definitions belonging to every of the three groups related to uncertainty has been proposed by a particular researcher. As the objective of the current paper is not to engage in a deep historical analysis of the evolution of risk definitions, but rather to concentrate on tools for risk identification and analysis, which, by the way, could partly depend on how one perceives risk, the original sources of literature have not been presented but can be easily found in Aven (2012).

contemporary trends towards enterprise risk management
A corporation can manage risks in one of two fundamentally different ways: (1) one risk at a time, on a largely compartmentalized and decentralized basis; or (2) all risks viewed together within a coordinated and strategic framework. The latter approach is often called "enterprise risk management" or "ERM" (Nocco, Stulz 2006). Other definitions of this approach embrace integrated risk management, corporate risk management, holistic risk management or enterprise-wide risk management. Thus, risk management is now moving away from a silos perspective of risk towards a holistic way of looking at risk, in which all risks are managed jointly and analyzed across the entire enterprise (Korombel 2012).
Enterprise risk management, according to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), is "a process effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise and designed to identify potential events that may affect the entity and manage risk to be within its risk appetite so that to provide reasonable assurance regarding the achievement of entity objectives" (COSO 2004). According to Hopkin (2010), however, the ERM approach means that an organization looks at all risks that it faces across all operations it undertakes. ERM is concerned with the management of risks that can impact the objectives, key dependencies or core processes of the organization.
Currently, many organizations and institutions all over the world deal with the development of integrated risk management standards (Knight 2002 The aim of the risk management process is to identify potential events which, if occurred, could have a negative impact on the achievement of the objectives set by an enterprise, to assess their effects and probability of occurrence as well as to indicate the ways of limiting them. Naturally, the occurrence of an event may also have a positive impact on the company's objectives, though in practice, the events that cause negative deviations from the set objectives are mainly considered (Korombel 2012). The process of risk management in companies usually consists of such steps as risk identification, risk assessment, risk response (treatment), communication and monitoring. Sometimes additional steps at the beginning of the process such as the analysis of an internal company's environment or objective setting are added (COSO 2004). Also, risk analysis, as well as risk identification, can be seen as a "substep" of the major risk assessment step (IRM 2002).
Thus, it often happens that the companies that succeed in creating effective ERM have a long-run competitive advantage over those that manage and monitor risks individually. By measuring and managing its risks consistently and systematically, and by giving its business managers information and incentives to optimize tradeoff between risk and return, a company strengthens its ability to carry out its strategic plan. Also, ERM can add some value for company shareholders.

risk intelligence as a proposed attitude towards risk
Besides recent improvements in the risk management process and development of enterprise risk management and risk management standards, one more innovative trend -the so-called risk intelligent enterprise management -has been noticed (Risk Intelligent ...2010). This approach considers risk as a key input into leadership decisions versus as an outcome to be managed after the fact.
It is worth making contrast between risk intelligent enterprise management and the way many companies are approaching ERM today. A number of companies have implemented ERM programs in response to investor and regulator demands for more effective risk management. These ERM programs are intended to evaluate, monitor and document an organization's risks bringing some degree of structure to what might formerly have been a disparate set of information-gathering and risk mitigation processes. But while an ERM program can help an enterprise in better organizing its risk-related activities, it is not, in itself, enough to embed a thoughtful, sustainable consideration of risk into the organization's key decision-making processes. Risk intelligent enterprise management, unlike many companies' approach to ERM, treats risk management as an integral part of managing the enterprise strategy and operations, not as a separate, siloed process. In risk intelligent enterprise management, executives understand that every action that could create value also carries the potential for risk. They recognize that the discussion about risk and value cannot be separated, and therefore view risk as a decision driver rather than as a consequence of decisions that have already been made. Knowing this, they endeavour to make risk-intelligent choices that expose the enterprise to just the "right" amount of risk needed to pursue value creation. They consider risk on the front end of every decision they make both to identify potential threats and to strategically select risks they choose to take in order to pursue value. In order to start implementing, or at least moving towards risk management intelligence, a risk manager in a company should understand in what place exactly the company or organization is on the way to intelligent risk management. This can be done with the help of a risk intelligence maturity model (Fig. 1).
Thus, depending on how risk management is performed in the company, it can find its place on the axis showing a direction towards intelligent risk management. At companies that only start managing risk and lack appropriate knowledge and experience, or may be have not faced such a necessity yet, risk management is implemented chaotically, differently at various parts of organizations and has little in common with the corporate strategy. The more we move towards the maturity of risk management, the more integrated, reasonable and quantitatively-based it becomes (Stasytytė 2012b). The risk-intelligent approach to risk management requires the four main factors to be taken into account: 1) risk discussion included in the strategic fields of the company's activity; 2) early warning system about high risks; 3) linkage to performance measures and incentives; 4) risk modelling. In this case, a problem of optimal resource allocation between the above mentioned factors appears. Thus, an assumption that a company assigns a certain amount of resources to manage risks can be made. However, if the company identified itself being at the initial or fragmented stage of risk management (Fig. 1), then, it should gradually pass all further stages, and first of all, assign resources to the activities of every subsequent stage. After the greatest possible effect of the current stage is achieved, the company moves to the next stage etc. until reaches risk management intelligence. The risk management activities attained at every stage are broadly described in the earlier publication of the author (Stasytytė 2012b).
For the optimal allocation of resources and formation of risk management activity portfolio, the method of an adequate portfolio should be applied, as described in the publications by Rutkauskas (2006), Rutkauskas andStasytytė (2011a, 2011b).

Qualitative and quantitative tools for risk identification, analysis and response
According to various methodologies and standards, risk identification is one of the most important steps of the risk management process. Risk identification is sometimes named as event identification; for example, in COSO Risk management cube (COSO 2004). The events can be both positive and negative (Fig. 2). An event is an incident or occurrence emanating from internal or external sources that affects the implementation of a strategy for achieving the set objectives. The events may have a positive or negative impact, or both. Also, event identification can be made according to the predetermined categories defined in PESTEL, internal-external factor analysis or internal context (Fig. 3).

PESTEL analysis
Internal-external factor analysis In event identification, management recognizes that uncertainties exist but does not know whether and when an event will occur or its precise impact in case it occurs. Management initially considers a range of potential events − stemming from both internal and external sources − without necessarily focusing on whether the impact is positive or negative. In this way, management identifies not only potential events with a negative impact but also those representing opportunities to be pursued. To avoid overlooking relevant events, identification is best made apart from the assessment of the likelihood of the event occurring and its impact. However, practical limitations exist, and it is often difficult to know where to draw the line. However, even the events with a relatively low possibility of occurrence should not be ignored if the impact on achieving an important objective is great.
Plenty of external and internal factors drive events that affect strategy implementation and achievement of the established objectives. As a part of enterprise risk management, the executives recognize the importance of understanding these external and internal factors and the type of the events that can emanate therefrom.
The proposed scheme for determining categories of the events in the risk identification process can help companies with developing event categories based on the categorization of their objectives thus using a hierarchy that begins with high-level objectives and then cascades down to the objectives relevant to organizational units, functions, or business processes. Each company, depending on its size and field of activity, can have slightly different event categories.

particular techniques for identifying events
A methodology for identifying an entity event may comprise a combination of techniques together with supporting tools. For instance, management may use interactive group workshops as a part of the methodology for its event identification with a facilitator employing any of a variety of technology-based tools for assisting participants.
Event identification techniques look to both the past and the future. The techniques also may vary depending on how they are applied within an entity -in a top-down or bottom-up direction.
The most widely used and proposed in literature event identification techniques (COSO ERM Integrated Framework 2004;ISO 31000:2009) are event inventories, internal analysis, facilitated workshop, process flow analysis, leading event indicators, loss event data, brainstorming, delphi technique, cause and effect diagrams Along with the techniques and methods mentioned above, some traditional techniques such as SWOT, PEST, PESTLE or more sophisticated like system analysis, scenario analysis and system engineering can be used for risk identification. Besides, an entity may choose a combination of techniques or methods for more successful risk identification.

visualization techniques for adequate risk analysis and response
The way of how the gathered information about risks pertaining to an entity is presented impacts the efficiency of the future treatment and management of identified risks. Thus, one needs to present the results of risk assessment in the most user-friendly way. For this reason, a number of means and tools can be used. The author distinguishes a risk map and risk register as the most suitable and informative means. The axes of the risk map can be quantitative (impact expressed in monetary terms, likelihood -in percentage or both in conditional units if, for their determination, expert valuations have been used) and qualitative (impact ranging from insignificant to catastrophic; likelihood ranging from negligible to probable). The form of the risk register also can vary depending on the industry, size and other specifications of the company under analysis. Fig. 4 presents the most common view of the above mentioned tools, which is effective for the initial analysis of risks within the entity. For a more comprehensive analysis of risk such indicators as possible loss, detailed response (treatment) actions, cost, human resources and time needed to implement the selected response can be also included into the risk register.
The above-described means can be successfully applied to country risk analysis, and therefore some insights of such investigation will be presented in the next chapter.

The possibility of assessing and managing country risk pursuing competitiveness
A comprehensive analysis of country risk is a complicated enough task requiring adequate decision methods. Some of those applied to enterprise risk analysis and management can be also considered in the analysis of risks pertaining to the country. However, researchers often narrow their investigations to merely financial risks that country is exposed to. Timurlenk and Kaptan (2012) distinguish the four main groups of methods for financial country risk analysis: 1) fully qualitative method, 2) structured qualitative method, 3) checklist method and 4) other quantitative methods (ex. Discriminant Analysis, Principal Component Analysis, Logit Analysis and Classification, Regression Tree Method). Yim and Mitchell (2005) analyse country risk models based on hybrid neural networks, Kohonen networks, discriminant analysis, logit and probit models, artificial neural networks and cluster techniques, and made a conclusion that hybrid artificial neural networks is the best method for predicting country risk.
However, the authors of the report "Global Risks 2012" performed a questionnaire and interviewed 469 respondents working in various types of organizations, living in different countries of the world and having their own area of expertise. According to the report, the following five global risk categories were distinguished: 1) economic risks; 2) environmental risks; 3) geopolitical risks; 4) societal risks; 5) technological risks. Each category included particular risks that were placed on the two-dimensional risk map according to their likelihood and impact (Fig. 5). Moreover, the centre of gravity (highest risk according to both impact and likelihood as respondents provided) in each category of risk was established. The centres of gravity are as follows: 1) economic -chronic fiscal imbalances; 2) environmental -rising greenhouse gas emissions; 3) geopolitical risks -global governance failure; 4) societal risks -water supply crises; 5) technological risks -cyber attacks. Each centre of gravity with a respective number has been placed on the generalized risk map. The numeration of axes is in conditional points starting from 3.0 and finishing 4.5 for convenience.
However, each country may have its own risk map and its own centres of gravity in each risk category. Analysing the situation in Lithuania, an assumption that, regarding the category of environmental risks, the risk of mismanaged urbanization or land and waterway use mismanagement would achieve greater scores than rising greenhouse gas emissions could be made. Also, unmanaged migration, the mismanagement of the aging population or unsustainable population growth could possibly surpass water supply crises, which is critical in the global environment in the category of societal risk.

conclusions
Scientists still have not agreed on a unique definition of risk. Some definitions are based on probability, chance or expected values, some -on undesirable events or danger, whereas others on -uncertainties. People perceive risk in different ways depending on what area they are working within.
However, despite the variety of definitions of risk, such elements as loss, danger and uncertainty are clearly embedded in the perception of risk. The main difference between risk and uncertainty appears to be that risk is measurable while uncertainty is not.
A great number of risk identification and analysis methods for an enterprise have been already developed. However, the suitability of their application in particular situation depends on many factors pertaining to an entity. Moreover, not all of those are adequate to country risk analysis. Still, the risk map and risk register are the most universal tools for risk analysis in every perspective.
For identifying country risk, the method of questioning, or appealing to a smaller number of more professional respondents, an expert valuation is suitable. Hence, thorough expert investigation should be made in order to determine a clear picture of country risks in Lithuania. However, for a further analysis of identified risks, especially if they are not limited to the financial ones, the scheme similar to enterprise risk analysis could be used.
The management of country risk could also seek the highest level of intelligence where the competitiveness of the country is pursued. In such a case, the initiator of risk management activities should be a defined public or governmental organization. The question of resource allocation for such public management of country risk, as well as the detailed steps of the practical implementation of risk analysis and response, is a field for further research.