Risk management in defense program : Evidence from Ukrainian arm forces

Article history: Received: February 12, 2019 Received in revised format: March 16, 2019 Accepted: March 28, 2019 Available online: March 28, 2019 The research paper may be of interest to the representatives of the audit service, internal control participants, managers of all levels within the system of the Ministry of Defense of Ukraine and the Armed Forces of Ukraine, and other interested parties directly involved in the implementation of internal control, which is oriented towards risk management. The timely detection and identification of threats and risks depends on the efficiency and timeliness of exercising functions assigned by the subject of internal control and acquiring the necessary capabilities for the accomplishment of assignments. The research paper formulates the scientific task of determining the necessary competencies of the members of the risk assessment group to the subject of internal control. In accordance with the Interim Procedure for the Organization of Internal Control in the Ministry of Defense of Ukraine and the Armed Forces of Ukraine, risk assessment groups are established, which require the inclusion of officials with the highest level of competence in the relevant field. At the same time, there was an urgent need during the formation of these groups for a scientific substantiation of the list of necessary competencies, whose carriers could effectively fulfil their assigned tasks in identifying risks in relevant processes. A partial analysis of the governing documents regulating the organization and functioning of internal audit and internal control systems in the defense department is conducted in the course of the study. Based on foreign experience, functional responsibilities and guidance documents, 90 competencies were distinguished distributed according to the relevant blocks. The research paper uses the expert evaluation method to determine the key competences of members of the risk assessment group. The method of the mean scores, the median method, the determination of the coefficient of concordance and the Pearson’s fitting criterion were used for the analysis of the results of the expert evaluation. The research paper determines a number of priority competencies of the members of the risk assessment working group and elaborates appropriate conclusions for further research. © 2019 by the authors; licensee Growing Science, Canada


Introduction
Resolution of the National Security and Defense Council of Ukraine dated May 20, 2016 "On the Strategic Defense Bulletin of Ukraine" approved by Decree of the President of Ukraine No. 240/2016No. 240/ (2016) ) determined the operational goal of establishing an integrated risk management system as part of a defense planning system.The Ministry of Defense of Ukraine and the Armed Forces of Ukraine introduce a system of internal control, with its element being risk management at all levels of military management.The established system of internal control and risk management provides an opportunity to prevent and respond in a timely manner to the threats occurring in the course of any type of activity.The success of fulfilment of the planned tasks and achievement of the set goals are dependent on this process.
In the process of research on the implementation of the optimal risk management model in the defense department, the best international standards for risk management in the ISO series (ISO, 2009a;ISO, 2009b), Risk Management Standard (RM, AIRMIC and ALARM (FERMA RMS) (IRM, 2002), Integrated Framework Enterprise Risk Management -Integrated Framework (COSO ERM) (COSO, n./d.) and best practices of NATO partner countries (NSA, 2013;NATO, 2012;Jenison and Kubica, 2016;Department of Defense, 2013) were analyzed.In accordance with Clause 1.4 of the Interim Procedure for the Organization of Internal Control and Risk Management in the Ministry of Defense of Ukraine and the Armed Forces of Ukraine (Ministry of Defense of Ukraine, n./d.), a risk assessment working group is established to identify and assess risks.The risk assessment working group is a group of officials of the internal control subject with the highest level of competence in the relevant area that is able to identify the risks and assess the likelihood of their occurrence and the impact on the achievement of the set objectives.According to the Law "On Higher Education" (as amended) (Law of Ukraine No. 1556-VII, 2014), competence is a dynamic combination of knowledge, expertise and practical skills, ways of thinking, professional, world-view and civic qualities, moral and ethical values, which determines the ability of a person to successfully carry out professional and further training activity and is the result of studying at a certain level of higher education.For the purpose of scientific substantiation and identification of the most important competencies to be held by the members of the working group for risk assessment and the practical implementation of internal control and risk management in the Ministry of Defense of Ukraine and the Armed Forces of Ukraine, there is an urgent need for the study of this issue and the development of recommendations for an optimal set of competencies of members of the risk assessment working group in the process of organization and functioning of internal control.

Setting objective
The objective of this work is scientific research and identification of the most important competencies of the risk assessment group that members of the risk assessment group should consider as a prerequisite for identifying risks and preventing violations of property and resources management by the subjects of internal control of the Ministry of Defense of Ukraine and the Armed Forces of Ukraine.

Material and Method
The range of problems of internal control and risk management in defense planning processes is not sufficiently investigated, including the issue of the formation of working groups for risk assessment by subjects of internal control.This is explained by the fact that the organization of internal control in the defense department is at the stage of formation.The application of new approaches to the organization of internal control is envisaged from January 1, 2019.One should also mention the recent separation of internal control and internal audit in the defense department in accordance with Resolution of the Cabinet of Ministers of Ukraine No. 1062No. (2018)).At the same time, the problems of internal control in the Ministry of Defense of Ukraine and the Armed Forces of Ukraine are explored and studied in works of Kustrich and Loishyn (2018), Loishyn et al. (2018) and others.

Results and Discussion
As of today, a new internal control system is being implemented by the Ministry of Defense in accordance with the decisions of the senior management of the state (Decree of the President of Ukraine No. 240/2016, 2016; Decree of the President of Ukraine No. 555/2015No. 555/ , 2015) ) the Ministry of Defense of Ukraine (2016a), Ministry of Defense of Ukraine (2016b) and the Armed Forces of Ukraine, which is focused on risk management and preventive response to threats.From January 1, 2019, to supplement the norms set forth in Order of the General Staff of the Armed Forces of Ukraine No. 340 (2016), the Interim Procedure for the Organization of Internal Control and Risk Management in the Ministry of Defense of Ukraine and the Armed Forces of Ukraine enters into force, which will regulate the issue of organizing internal control at the level of the defense department.As of today, a preparatory stage is being implemented, that is the development of the necessary organizational documents.
The Interim Procedure determines a circle of participants in the internal control process, including: the heads of the subjects of internal control and structural units of the structural division within the subject of internal control, the coordinators of the relevant bodies of military management, managers, risk assessment working groups and other officials.Thus, in accordance with the Interim Procedure, it is determined that the risk assessment working group is a group of officials of the subject of internal control with the highest level of competence in the relevant field that are able to identify the risks and assess the probability of their occurrence, and influence on the achievement of the set goals.At the same time, the list and specification of the necessary competencies of the members of the working group are not determined.
Competence (from the Latin competentia) means a range of issues in which a person has a profound knowledge and experience.The competence of the employee is the degree of his/her qualification, which allows him/her to successfully solve the tasks assigned to him/her.Thus, there is a need to substantiate the optimum level of qualification of an official, which will enable him/her to efficiently carry out his/her activities in the risk assessment working group taking into account national peculiarities of the Ukrainian mentality.
The functioning of internal control involves identifying risks and organizing preventive work to prevent them.The working group on risk assessment consists of officials of the subject of internal control appointed by the relevant order of the entity on the organization of internal control and risk management of the subject of internal control.It is clear that a representative of a certain direction of one of the structural subdivisions of the risk assessment group may not fully objectively carry out a risk analysis because of being a participant in the process under analysis.Therefore, it is proposed to include in this group, if possible, specialists in this direction, but at the same time, from different structural units, which ensure the functioning of different processes.For the clarity of the foregoing, one can give a relevant example.Thus, during the formation of a risk assessment working group in a higher educational institution for the analysis and identification of risks in processes related to the financial and economic activity, a representative of the unit directly involved in this process and a representative of the corresponding department of the educational institution was engaged.Thus, we involve in this process both specialists in the theory and specialists who are the practical carriers of the functions performed in the process under analysis.A feature of this is the combination of a theoretical and practical view of risk identification.However, it should be understood that the representative of the relevant department in previous periods of his activities, as a rule, is the bearer of practical knowledge and fulfilled tasks in the financial and economic area.
When selecting and identifying candidates for a risk assessment group, the relevant characteristics such as the ability to think creatively, personal relationships, charisma, firmness in decision making must be taken into account.It should be added that in business processes, not only managers give characteristics to managers, but managers -to the overall system of senior management (Bock, 2017).When forming a risk assessment working group, heads of the subject of internal control may face the above problem -that is, determination of the competencies of the working group members.Taking into account the above, we are invited to investigate the issues of scientific substantiation of approaches to the formation of the necessary competencies of the risk assessment working group.In connection with the lack of statistical information on the organization of the work of the risk assessment working groups in the defense department and for the scientific substantiation of the above, it is suggested to determine the optimal set of competencies using the expert estimation method.A determined set of necessary competencies of an official who may be included in the risk assessment working group will allow the group to perform efficiently.Therefore, to determine the list of necessary competencies, an appropriate questionnaire was compiled with the grouping of factors by the following blocks: general skills and abilities (self-criticism, skills of observation, ability to systematize information, trace the relationship between elements, etc.); -ability to think (ability to withstand difficulties, be able to give an independent assessment, ability to simulate a situation, etc.); -ability to cooperate (psychological tact, communication skills, ability to resolve discrepancies and conflicts, etc.); -ability to adapt (display resistance to difficulties, dramatically change the vector of work, etc.); -determining the level of the required military rank; -determining the level of the required academic rank; -determining the level of the required level of education; -detailing of practical experience in the relevant field; -level of position held; -block of social and emotional level (level of satisfaction with life, respect for others, life values, etc.); -determining the importance of each of the blocks presented in the questionnaire.
Each block contains a list of relevant competencies (from 5 to 20 factors), it is proposed to assess a total of 90 competencies.It should be noted that the list of competences proposed to experts is determined on the basis of the analysis of the management documents (Resolution of the Cabinet of Ministers of Ukraine No. 246, 2016) of both departmental level and national level, foreign experience of application of standards of internal control, functional responsibilities, etc.In our opinion, determination of the high priority of the factors set out in the block of social and emotional level may help to identify a person with an inclination to corrupt acts, and as a consequence -prevention of distortion of objective information about the identified risks to the subject of internal control, and as a result -prevention of financial and other violations in the process of managing state property and resources.Next, it is suggested, with the help of experts, to determine the optimal composition of competencies of the members of the risk assessment working group with the help of appropriate questionnaires with subsequent mathematical modeling of the result.According to the views of Permiakov (2005) and other scholars, the expert group usually consists of 12 to 20 specialists.Thus, if the number of experts is very large, their opinions may not be consistent, whereas, if a small number of experts are involved, there may be some difficulties with the accuracy of the generalized assessments.This is primarily due to the fact that the number of experts should be sufficient to take into account the essential features of the problem to be solved and to ensure the accuracy of the forecast.Taking into account the above-mentioned range of problems concerning organization, functioning of internal control and further evaluation of its functioning, the category of experts who were involved in the expert evaluation was determined.First, the representatives of the Chief Inspectorate of the Ministry of Defense of Ukraine were included in the group of experts, namely the representatives of the structural unit headed by the Chief Inspector of Internal Control of the Ministry of Defense of Ukraine and the Armed Forces of Ukraine.The Main Inspectorate, in co-operation with the Internal Audit Department of the Ministry of Defense of Ukraine, directly implemented internal control, which is based on risk management.Secondly, in accordance with the Interim Procedure for the Organization of Internal Control in the Ministry of Defense of Ukraine and the Armed Forces, the assessment of the state of internal control within the system of the Ministry of Defense of Ukraine and the Armed Forces of Ukraine is entrusted to the Department of Internal Audit of the Ministry of Defense of Ukraine and its territorial units.In view of the above, the inclusion of experts from among the representatives of the audit service is mandatory.Thirdly, representatives of the financial and economic units of the Armed Forces of Ukraine, who are directly deal with the financial and economic processes of the subject of internal control, are invited to conduct the expert evaluation.By obtaining the main (key) factors that influence the formation of competency in the field of risk assessment and identification, we will be able to formulate requirements for the members of the risk assessment group.
One of the methods of questioning was used to determine the key and most important factors that would make the necessary set of competencies required for this group, namely: the method of mean scores, that is, the hierarchical placement of elements depending on the significance of the process being investigated by assigning a certain score, in our case -from 1 to 10 scores.
During the study, the following algorithm of the method of mean scores was applied: 1. Calculation of the finite sum for each factor (Sij = Σbij); 2. Calculation of the arithmetic mean rank (rj = Sij/n) 3. Building a new factor ranking. 4. Choosing the most significant factors in accordance with the principle -the lower the mean rank, the more significant factor.
After determining the method of the mean scores of key competencies for the relevant block, the median method was used to verify and confirm the results obtained.A group assessment can be considered objective and reliable only if the opinions of experts are coherent.Because of this, the statistical processing of information received from experts should include an assessment of the degree of consistency of experts' opinions and the causes of their heterogeneity.The consistency of expert's opinions is estimated using the coefficient of concordance W, that is, the total coefficient of rank correlation for the group consisting of m experts.The coefficient of concordance (Belov & Chumakov, 2007;Belov & Chumakov, 2011;Kendall and Stuart, 1958;Zastelo, 2015) can vary from 0 to 1 W ∈ [0,1], taking into account the above, its equality to one means that all experts gave the same estimates of the determined factors, and in the case that the result equals zero -that there is no connection between the scores received in the process of questioning of experts (Traskovetska et al., 2013).In view of the above, in order to verify the consistency of experts, the coefficient of concordance was determined using the Eq. ( 1), which is applied in case that the experts assign the same scores (ranks) to several factors: where ∑ , is the number of identical rank in i th row.
The last stage of the mathematical processing of the results of expert evaluation was the determination of the significance of the concordance coefficient by its conduction using the Pearson criterion given in Eq.
(2); this is due to the fact that in some blocks the number of factors is n>7: Thus, all 90 factors in the blocks determined above were evaluated.By carrying out the appropriate mathematical calculations for the processing of information obtained on the basis of the questionnaire of experts, the following was determined: In order to give practical reflection of the results obtained during the study, it would be advisable, in our opinion, to provide a generalized table of the identified key competencies by the blocks indicated above and, in the final analysis, clearly demonstrate the processing of expert evaluations of the ranking of the importance of each of the blocks.
Thus, on the basis of the mathematical calculation of the information obtained from experts regarding the assessment of the importance of each individual block of certain competencies presented in the questionnaire, it is established: 1. Designation of the blocks of competencies (Table 1):

Table1
Assigning symbols to the questionnaire blocks for further calculations

Calculation of the arithmetic mean:
The total amount will be divided by the number of experts -resulting in an average arithmetic rank.Based on the results of the calculation, we can build the final order using the principle "the greater the average indicator, the more significant block" (Table 3).Thus, the ranking by the sum of ranks (by arithmetic mean rank) has the form: F <E <I <J <D <G <C <A <H <B.That is, the record "F <E" indicates that block E is preceded by block F (in terms of significance, block E is better than block F).
4. To verify and confirm the obtained results we use the median method.
That is, we arrange a score of each of the experts.Next, we find the median, that is, the mean value, which is located at m = 12/2 = 6/7 places (Table 4).Thus, the ranking by medians has a new look (Table 5): Table 5 Determining the location of the element of the block of the questionnaire in an ordered row We determine the new indicator of the value for the elements of the block (Table 6):

Table6
Indicator of the value of the block based on ranking by medians So we can make a ranking series: E, F <I <D, J <C <A, G <B, H. Since some blocks, as a result of the conducted evaluation, received the same number of score, based on the application of the median method, they are equivalent, and therefore are united into a class of equivalence.
5. Using the matrix of the rankings calculated above, we calculate the coefficient of concordance, building the matrix of the ranks to verify the correctness of the matrix compilation based on the calculation of the check total (Table 7-8): The total for columns of the matrix is equal to each other and the check total, thus, the matrix is compiled correctly: 6. Determination of the assessment of the degree of consistency of expert opinions using the Eq. ( 1 -the number of connectives (types of repetitive elements) in the estimates of the ith expert, -the number of elements in the lst connective for the ith expert (the number of repetitive elements).This is explained, first of all, by the fact that the group of experts consisted of representatives in three areas of participation in the process of functioning of internal control in the Ministry of Defense of Ukraine and the Armed Forces of Ukraine.
7. General ranking of the blocks of competencies of the expert evaluation (Table 9): Taking into account the above, experts have determined that the main blocks of competencies are: -Ability to think; -Practical experience in the relevant field; -General skills and abilities.
According to experts, who at the same time are representatives of the Defense Department, a military rank and position is not a sufficiently weighty argument to carry out effective prediction of risks and negative events that may affect the functioning of the subject of internal control.
It should be recalled that the experts also evaluated the sub-competencies in the identified blocks.Thus, when assessing the ability to think, the main sub-competencies were determined to be the following: -organize the interconnection of past and present events; -be able to give an independent assessment; -have the ability to analyze; -have the ability to simulate the situation; The necessary practical experience in the relevant field was scored by experts in the range of 10 to 20 years.
General skills and abilities were presented in the block of 20 competencies, but the highest marks scores were for: the ability to be responsible for the decision; -ability to systematize information; -knowledge of the requirements of the guidance documents (awareness of recent legislative changes in the relevant area).

Conclusions and prospects of further research
Taking into account the results of the research, a set of key competencies which will allow members of the risk assessment group to effectively carry out their activities in identifying financial and other risks in the management of property and resources were scientifically grounded.Taking into consideration the conducted research, it can be concluded that even if the research is conducted within the Ministry of Defense, the military rank for performing the said functions is not critical, but the emphasis is placed on the ability to model, analyze and predict, the relevant experience, regardless of the position held.That is, in the process of Ukraine's integration into the European community, specialists orient themselves primarily on professionalism, and not on the traditions laid in Soviet times.
It should be added that, as of today, science provides a sufficient variety of tests and tasks that can reveal certain abilities.
Prospects for further research are seen in the practical testing of the results obtained by examining the issue of identifying ways of determining the said competencies.
It is also proposed to create a risk assessment working group from among the carriers of these abilities in the system of the Defense Department, namely in one of the subjects of internal control; and on the basis of annual monitoring and analysis of reporting provided for by the Interim Procedure for the Organization of Internal Control and Risk Management in the Ministry of Defense of Ukraine and the Armed Forces of Ukraine to compare the economic effect of its activities with the risk assessment working group of another similar subject of internal control for the number of identified risks and developed solutions for their prevention and neutralization.
Number of the place in the ordered rowLocation of the block according to the expert'

Table 4
Determining the medians of the values of questionnaire

Table 7
Verifying the correctness of the matrix compilation based on the check total calculation

Table 8
Final Indices of the Ranking of Matrix Elements

Table 9
Ranking of the blocks of competencies of the expert evaluation