TOWARDS SUSTAINABLE DEVELOPMENT: RISK MANAGEMET FOR ORGANIZATIONAL SECURITY

Controlling risk and skilful planning of the continuity of the organization’s operation positively influences the value of the organization, its image and the ability to achieve the planned goals in the economic, social and environmental dimensions. This article presents risk management as a determinant of the implementation of sustainable development assumptions in an organization. The process consisting of: identification and analysis of stakeholders, setting partial goals and relations between the key perspectives of the organization’s functioning (legal, economic, social and environmental), risk identification, its measurement, regulation, monitoring and control contributes to the improvement of the organization’s safety. Thanks to the focus on the concept of sustainability, organizations manage risk in a systematic manner. One of the basic assumptions of the “triple bottom line” concept is the organization’s focus on economic goals, i.e. profit maximization. The second foundation is focusing on the human aspect in the organization and achieving goals under the assumption of corporate social responsibility. The third is to focus on environmental goals and eco-efficiency. The aim of the research was to identify critical variables for improving risk management in the organization in the context of the implementation of the concept of sustainable development, and to indicate the approach applied to risk management by organizations that manage many aspects in a systemic manner. The research was carried out in 150 organizations in Poland that have at least one certified management system, e.g. ISO 9001, ISO 14001. It was determined that such a number of surveyed organizations is representative, taking into account the fact that the ISO 9001 certificate in Poland can be found in almost 15,000 organizations.


Introduction
"We have changed our environment so radically that we have no choice but to change ourselves and adapt to this changing environment" (Wiener, 1989).
The complexity of the organization's environment, the need to flexibly respond to changes occurring in it, determine a new approach to management. The new quality of management is strongly associated with innovation, creativity, the ability to analyse the organization's environment and a quick response to emerging opportunities and threats. One of the key tasks of the organization is to cope with uncertainty and volatility and continuous improvement of functioning, which is possible thanks to a strategic approach to risk management.
"The effect of improving the organization is to make the organization resistant to disruptions, increase efficiency and develop the ability to achieve system goals and objectives of individual participants" (Masłyk -Musiał, 2002).
Risk management is a key process that contributes to the improvement of efficiency and the achievement of the organization's goals. Systematic application of management procedures and practices to activities in the area of identifying, analysing, evaluating, dealing with risk, monitoring and reviewing risk leads to the improvement of the process of establishing the organization's strategy, increasing the probability of achieving economic, social and environmental goals and improving the decision-making process.
Risk management is a determinant of the implementation of the assumptions of sustainable development in the organization, and thus the improvement of economic, social and environmental security.

The essence of risk management in standardized management systems
Risk management can be considered a phenomenon of the future. It is an important element of an effective and comprehensive corporate governance system. Organizations, more than ever, should recognize, assess and respond to all forms of risk they face. Organizations and corporate leaders must learn from failures by developing risk management practices. Effective risk management can be considered a leading competitive advantage that determines the survival and success of enterprises in an uncertain global environment (Miloš, 2014).
In order to effectively manage risk, an organization should develop a risk model, the design of which must go through several stages, i.e. identification of measures, risk development, model and assessment of the risk model (Ibnugraha, Nugroho, Santosa 2020).
The assessment of operational risk management becomes important due to organizational and infrastructural changes, as well as the business and technological environment. Risk management is a management process that covers all techniques and methods of risk assessment and analysis. It is represented by various processes, such as measurement, control, reporting or selection of decisions that lead to the reduction of all risks (Prasad, Sekhar, 2019).
Effective company management may be based on the requirements contained in standardized management systems regarding the following aspects: quality, environment, health and safety at work, but also on finding solutions to improve the effectiveness and efficiency of quality control in the risk management process, when the results achieved are not consistent with the goals set. Risk, as a result of uncertainty, affects the goals of almost all human activities, thus implying the risk of loss. Risk is present in every aspect of our lives; therefore, risk management is universal, but is fully based on estimates and predictions made with inherent uncertainty that takes into account the extent of the probability that a given condition may or may not exist (Bowers, 2016).
The ISO 31000 standard defines risk as: "the effect of uncertainty on objectives". According to the indicated standard: uncertainty causes a positive or negative deviation from expectations, goals may relate to various aspects and be implemented at various levels, risk is determined in relation to potential events and consequences or their combination, and uncertainty is the lack of information about an event, its consequences or probabilities.
The ISO 31000 standard defines risk as: "coordinated activities related to the management and supervision of an organization in relation to risk". According to the requirements of the ISO 31000 standard, risk management should be an integral part of all processes in the organization, it should contribute to the achievement of goals and continuous improvement, it should be systematic and timely, it should be adapted to the context of the organization, the risk analysis should be constantly updated and react to changes (PN-ISO 31000, 2012).
By implementing the risk-based approach, the organization should plan and implement activities that take into account risks and opportunities, which leads to an increase in the effectiveness of the quality management system and improvement of the organization's performance.
At the stage of planning the quality management system, the organization should take into account external factors influencing the functioning of the organization. A strategic analysis of the organization should be carried out. Strategic analysis is a stage of strategic management involving the use of appropriate methods to identify factors influencing the organization's future operations. The analysis of the environment consists in identifying the processes and events in the environment as well as the activities of other organizations, which may create opportunities or pose a threat to it (Gierszewska, Olszewska, Skonieczny, 2013). Canton (2007) believes that strategic planning is the cornerstone of a crisis management programand binds the various elements of the program together and ensures that the resulting actions are properly aligned with the shared vision of the organization's stakeholders (Canton, 2007). Strategic planning is an adaptable set of concepts, procedures, tools and practices designed to help people and organizations decide what to do, how and why (Manning, 2020).
It is very important to analyse the legal, technological, competitive, market, cultural, social, economic, as well as international, national, regional or local environment. It is also necessary to analyse internal factors regarding issues related to the organization's potential, values, culture, knowledge, processes taking place in the organization, those factors that are important for the purpose and strategic direction of its operation, and to identify the needs and expectations of its stakeholders.
The organization is responsible for the application of the risk-based approach and for the actions it takes to address the risk, as well as for the management of the necessary documentation in this regard. Top management plays a key role in risk management, and should demonstrate leadership and commitment to promoting a processbased and risk-based approach within the organization.

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2021 Volume 8 Number 3 (March) http://doi.org/10. 9770/jesi.2021.8.3(33) 530 The organization shall plan actions to address risks and opportunities, how to integrate and implement these actions into the processes of the functioning quality management system, and how to evaluate the effectiveness of these actions. It is very important that top management takes action to ensure that risks and opportunities that affect product and service compliance and the ability to increase customer satisfaction are identified and addressed (ISO 9001, 2015).
The ISO 31000 standard helps organizations to develop a risk management strategy to effectively identify and reduce risk, and thus increase the degree of achievement of the assumed goals and ensure the safety of the organization in the economic, social and environmental area.
The implementation of ISO 31000 also helps organizations to see both the positive opportunities and the negative consequences associated with risk and allows for more informed and thus more effective decision making, especially when allocating resources. Moreover, it can be an active element in improving the organization's management and ultimately its performance (Wisianto, 2020).
The following risk management principles according to ISO 31000: 2018 can be indicated:  Integrated -Risk management is an integral part of all organizational activities.  Structured and comprehensive -A structured and comprehensive approach to risk management contributes to consistent and comparable results.  Adapted -The risk management framework and process are aligned and proportionate to the organization's goals.  Inclusive -Inclusive adequate and timely stakeholder involvement enables the inclusion of their knowledge, views and insights.  Dynamic -Risks can appear, change or disappear as the external and internal context of the organization changes.  Best available information -The risk management inputs are based on historical and current information as well as future expectations.  Human and cultural factors -Human behaviour and culture significantly influence all aspects of risk management at every level and stage.  Continuous improvement -Risk management is continuously improved through learning and experience (Wilbanks, Byrd, 2020).

Risk management and business continuity management
In order for the organization to comprehensively implement the risk management approach, it should identify the key processes and resources that will become necessary to ensure business continuity and fulfilment of its obligations towards stakeholders in the event of a risk.
Ensuring the organization's consistent operation in the event of disruptions in any part of it is possible thanks to the implementation of the Business Continuity Management (BCM).
Business Continuity Management complements the risk management framework. BCM is a broader concept than risk management. In addition to identifying the products, services and processes that determine the survival of the organization and performing risk assessment and related activities, in line with the BCM idea, it is also important to identify what the organization needs to continue to fulfil its obligations in the event of a risk. Maintaining

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2021 Volume 8 Number 3 (March) http://doi.org/10. 9770/jesi.2021.8.3(33) 531 business continuity is a much broader issue than risk management. The activities performed in the scope of risk management constitute the basis of the business continuity management system. Business Continuity Institute defines business continuity management as a holistic management process that aims to identify the potential impact of disruptions on the organization and create conditions for building resilience to them and the ability to respond effectively in the protection of key interests of owners, reputation and brand of the organization, as well as the values achieved in its activities to date (Standard BS 2599).
Thanks to BCM, the organization is thus able to recognize what needs to be done before a possible event occurs to protect its employees, site, technology, information, supply chain, stakeholders and reputation.
Currently, the approach to risk management is evolving towards ensuring business continuity. Business continuity is understood as an organizational procedure that creates the organization's ability to respond effectively in the event of a disruption as a result of a specific interaction of threats with the vulnerability of the organization's internal infrastructure or resources. In this sense, ensuring business continuity is the subject of operational management and is the last link in operational risk management (Rot, Pękala, 2016).
Business Continuity Management (BCM) ensures that processes and resources are available after a business disruption to ensure that you continuously meet your critical goals. Business Continuity (BC), by definition, aims to maintain critical business continuity. Business Continuity Management (BCM) ensures the availability of processes and resources after a business interruption to ensure the continual achievement of critical goals (Hiles, Andrew, Noakes-Fry, 2014).
ISO 22301 is the world's first international standard for business continuity management. ISO22301 is a standard for the implementation of the BC management system and the continual improvement of the BC capability based on management priorities and feedback. The purpose and intention of the standard is to plan, establish, implement, operate, monitor, review, maintain and continuously improve the documented management system in order to protect against any disruptions that may arise, reduce the likelihood of occurrence, prepare for, respond to an incident causing disruptions and repair it. The standard contains auditable requirements, such as certification that shows that an appropriate BCMS exists. Organizations that have obtained ISO 22301 certification demonstrate BC compliance and commitment to customers and other stakeholders.
The following international standards apply to business continuity management:  ISO 22301:2019 Security and resilience -Business continuity management systems. Requirements. This document specifies the requirements for the implementation, maintenance and improvement of the management system in order to prevent, reduce the probability of disruptions, prepare for them, respond to them and repair them after their occurrence (ISO 22301, 2019 BCMS (Business Continuity Management Systems Standard) can help an organization build its management system in a clear and specific way through the creation, implementation and training of management system requirements and procedures .
The following principles of business continuity management can be identified: long-range Focus, leadership, governance, good business practice, multidisciplinary function, communication, value preservation, adaptation (Wong, Shi, 2015).
The ISO 22301:2019 Security and resilience standard -Business continuity management systems -Requirements contains a framework for identifying key risk factors affecting the organization and for maintaining its operations in the most difficult conditionsthus it concerns the business continuity management system (BCM). (ISO 220301, 2019). ISO 22301 can be a valuable tool that will help an organization achieve stability and management efficiency by creating a business continuity program (Roskoski, Maureen, 2020).
ISO 22301 combines international best practices to help organizations effectively respond to and recover from disruptions. This means lower costs and less impact on business results in the event of disruptions. Additionally, for organizations with multiple locations or divisions, it provides a consistent management approach across the organization. By implementing the requirements of the ISO 22301 standard, the organization achieves the following benefits:  gains the ability to reassure customers, suppliers, regulators and other stakeholders that they have robust systems and processes to ensure business continuity,  achieves better business results and increases its organizational resilience,  by analysing critical problems and sensitive areas, it is easier to manage the organization.
It can be concluded that business continuity management is a holistic management process aimed at determining the potential impact on the organization and creating conditions for building resistance to them and the ability to respond effectively in the protection of the key interests of the owners, reputation and brand of the organization, as well as the values achieved in the current activities (Wołowski, Zawiła-Niedźwiecki, 2012).
At the end of 2019, 6231 business continuity management system certificates in accordance with the ISO 22301:2012 Societal security standard -Business continuity management systems -Requirements were awarded. In Poland, this number is 101 certificates. The leader in terms of the number of ISO 22301 certificates granted is India with 1966, United Kingdom of Great Britain and Northern Ireland -609, United States of America -406, Japan -301, Singapore -300, China -291 (ISO, 2020). ISO 22301 provides a comprehensive approach to protecting business continuity and employee safety, and presents good practices and guidelines for:  identification of threats,  assessment of the potential effects of their occurrence,  development and testing of emergency plans,  management support, communication, resources. Business continuity management provides a comprehensive approach to the risk management process. When characterizing both processes, it can be concluded that the main method used in the risk management process is risk analysis, and in the case of Business Continuity Management, the weight of losses is analysed. The main analysis parameter in risk management is the event and the probability of its occurrence, while in business continuity managementthe event and the time of its occurrence and duration. Another difference between the two processes concerns the type of events, in risk management they are all typeshowever, they can be classified and not always clearly affecting the business, while in business continuity managementvarious types of events significantly affecting the company's imbalance. When making a comparison in terms of severity and size of events, risk management adoptsdifferent sizesbut estimable costs, and in business continuity managementa strategy designed to overcome each difficulty regardless of the severity of the event. Another aspect of the comparative analysis is the scope of both processes, in the case of risk managementa characteristic feature is the focus on risks relating mainly to the core business of the enterprise, and in the case of business continuity managementfocusing primarily on events having a potential or real impact on businessmainly outside the core activities of the organization. The final aspect of the comparison is the strength and impact of the processes, in relation to risk managementthe range from increasing problems to sudden incidents, while in the case of business continuity managementmainly sudden and quick events; culture that allows to overcome growing problems (Kaczmarek, Ćwiek, 2009).

Implementation of the goals of sustainability and the safety of the organization
The concept of corporate sustainability has been defined as a business approach that creates long-term value for shareholders through the use of opportunities and risk management related to economic, environmental and social development (PWC/ SAM -The Sustainability Yearbook 2008).
In the literature on the subject, the following terms are used interchangeably: global sustainability, sustainable word, sustainable development, which emphasize the global aspect of the issue. Similarly, the following terms are often used interchangeably: sustainable enterprises, corporate sustainability, enterprise sustainability, referring to the enterprise level. Corporate sustainability is a concept that involves the organization's commitment to achieving a competitive advantage through the strategic adaptation and development of ecological and social processes supporting the production of ecological and social products and services as well as innovative human resource management practices (Dunphy, Griffıths, Benn, 2003).
Corporate sustainability consists in achieving a state of development of the organization in which it meets the needs of stakeholders, without compromising its ability to meet their needs in the future. An organization implementing the concept of corporate sustainability must be sure that its activities are balanced in relation to its economic, social and environmental results (Hockerts, 1999).
Organizations wishing to adapt to the changes taking place in the environment should implement sustainable development (Adamczyk, Nitkiewicz, 2007).
Some organizations see the two goals of profit maximization and sustainability as mutually exclusive. Organizations are increasingly realizing that long-term profitability requires greater involvement of organizations in creating sustainability. A sustainable enterprise is one that contributes to sustainable development while offering economic, social and environmental benefits (Hart, Milstein, 2003).
The concept of sustainability is business means sustainable development of the enterprises by ensuring economic, social and environmental benefitsthe so-called triple bottom line (Elkington, 1994). Sustainable development: "is the process of achieving human development in a fair, reasonable and safe manner" (Gladwin, Kennelly,

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2021 Volume 8 Number 3 (March) http://doi.org/10.9770/jesi.2021.8.3(33) Krause, 1995). It is a development that meets the needs of the present generation without compromising the ability of future generations to meet their needs. It means integrating the organization's goals of ensuring high quality of life, health and well-being, taking into account social justice and preserving the potential of the Earth. These social, economic and environmental goals are interdependent and mutually reinforcing.
Sustainable development can be seen as a way of expressing the broader expectations of society as a whole. Sustainable development has three dimensionseconomic, social and environmentalwhich are interrelated, for example, eradicating poverty requires promoting the ideas of social justice and economic development and environmental protection (ISO 2010).
Regarding sustainable development and the role of business in this respect, the World Business Council for Sustainable Development (WBCSD) states that… the world's leading organizations of the future will be those that provide goods and services and focus on the need to solve the world's greatest problems: poverty, climate change, resource scarcity, globalization and demographic change (WBCSD -World Business Council for Sustainable Development, 2006).
Organizations implementing the concept of sustainability constantly strive to achieve a balance between economic, environmental and social goals, and this balance is the key assumption in formulating their strategies in terms of improving the security of the organization.
Security is an interdisciplinary term. It is of interest to many fields of science, including management, economics, history, psychology, sociology, legal sciences, politics science and many others.
Security also means quality or the state of safety, freedom from danger, fear (http://merriam-webster.com/). Security defined in a narrow sense means the ability of the entity to resist threats, and in a broad context it means the ability of the security entity to survive and develop. Security has accompanied mankind since the dawn of history and is an elementary, primary need of individuals, social groups and nations, as well as created institutions (Wojtaszczyk, Materska-Sosnowska, 2009).
In the literature, safety is perceived as: • guarantee of inviolable survival and free development of the security entity (Stańczyk, 1996); • the state of peace, certainty, no threat and protection against it (Zięba, 2007); • preservation of sovereignty and territorial integrity, free choice of the country's development path, achievement of individual well-being and social development (Czaputowicz, 2003); • appropriate state of organization of defense and protection against military and non-military threats in various areas of state activity (Szubrycht, 2006;Genys, Krikštolaitis, 2020;Tvaronavičienė et al., 2020;Chehabeddine, Tvaronavičienė, 2020).
Security is treated as a specific state or feeling, a synonym for the absence of threats, as a certainty of the absence of threats, a state of peace and existential certainty of individual and collective entities, but also in a dynamic aspect as a process.

Ryszard Zięba states that the most general definition of security is included in the UNESCO Dictionary of Social
Sciences. The definition contained there, by Daniel Lerner, reads: "In the most literal sense, safety is virtually identical with safety and means no physical danger or protection against it". Ryszard Zięba suggests adopting the definition formulated by Franz-Xaver Kauffman, who defines the threat as: "the possibility of one of the negatively valued phenomena occurring" (Zięba, 1999).

Research methodology
The aim of the research was to identify critical variables for improving risk management in the organization in the context of the implementation of the concept of sustainable development, and to indicate the approach applied to risk management by organizations that manage many aspects in a systemic manner.
Earlier research conducted by the author, using a two-tier cluster analysis, confirmed the assumption that organizations that have implemented quality, environment and occupational health and safety management systems take into account a wide range of aspects focused on quality, environment, safety and hygiene and use a wider range of methods and management techniques (Wysokińska-Senkus, 2013). Therefore, when conducting research for this study, the focus was only on a sample of organizations with two or more management systems. The research for this study was carried out in 150 randomly selected organizations in Poland that have at least two certified management systems, e.g. ISO 9001, ISO 14001. It was determined that such a number of surveyed organizations is representative, taking into account the fact that the ISO 9001 certificate in Poland is owned by has approximately 15,000 organizations.

Characteristics of the research sample
Among the organizations covered by the research, the largest group -71% were limited liability companies, followed by partnerships -15.8% and joint-stock companies -13.2%, as shown in Figure 1. As for the size of the organizations, the largest group were medium-sized organizations -52%, followed by small -27%, large -15.8 and micro-enterprises -5.3 (Figure 2). Figure 3 presents the characteristics of the research sample according to the criterion of the dominant sectors of activity. The most numerous were production enterprises -38%, service -11%, construction -10%, representing the following sectors: logistics and warehousing -6%, banking services -5%.  Figure 4 shows how top management approaches risk management. The analysed organizations use various approaches to the risk management process, the following were most often used: acceptance of the risk resulting from the implementation of new products, methods, management systems (80.9%), focusing on securing against possible losses (80.9%), conducting a risk analysis and implementation of preventive actions (80.9%), diversification of the organization's activities (53.3%), transferring the business risk to other entities, for example, through: insurance, guarantees, sureties, forward transactions (50%). The conducted research showed that 38.8% of organizations do not take the risk related to the implementation of new products, methods and management systems.

Figure 2. Organization size Source: Compiled by authors
Although the analysed organizations manage many aspects: economic, social, ecological, the approach to risk presented by them should be indicated as requiring continuous improvement. Organizations should conduct ongoing risk analysis, which should form the basis of all decision-making in the organization. The decision-making process is very complex, therefore organizations should focus their attention on providing a comprehensive set of data and information that will help reduce the risk of making a wrong decision. aaccepts the risk arising from the implementation of new products, methods and management systems, bfocuses on securing against possible losses, cconducts a risk analysis and tries to implement preventive measures, ddiversifies the activities of the organization, etransfers the business risk to other entities, for example through: insurance, guarantees, sureties, forward transactions, fdoes not take risks related to the implementation of new products, methods and management systems.

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2021 Volume 8 Number 3 (March) http://doi.org/10. 9770/jesi.2021.8.3(33) 538 The conducted research allowed to identify critical variables for the improvement of risk management in the organization in the context of the implementation of the concept of sustainable development. The determinant of improving risk management in the organization is monitoring the degree of achievement of goals and a thorough analysis of problems arising in the organization. The analysis of the causes of the occurring inconsistencies contributes to finding new, effective methods of solving them and making the right decisions, the main goal of which is to maximize the company's profit while maintaining a balance between individual elements of the organization.
Top management reviews individual aspect which leads to minimizing the risk of errors and non-conformities and is a preventive method that eliminates the causes of problems before they occur. According to the conducted research, the frequency of monitoring of individual aspects presented in Figure 5 takes place at least once every six months and more often.
It should be stated that good management practices recommend regular management audits and reviews. The frequency of management review depends on the specificity of the organization's functioning, but it is usually performed at least once a year. The surveyed organizations have implemented standardized management systems. The study recognizes the impact of the implementation of management systems on the safety of the organization by identifying and removing potentially dangerous practices, developing formal preventive and corrective action processes, and institutionalizing routine management audits and reviews. However, it should be recognized that the frequency of monitoring individual aspects should be greater, as organizations focus to the greatest extent on measuring economic aspects. In 2013, the author of the study conducted research in a group of organizations that have implemented at least 3 management systems, the analyses showed that among the measured and monitored indicators in the field of investment security were: ACC -Internal Financial Audit Results (79.4%); QIAR -Results of Internal Quality Audits (78.3%); CADR -Credit Rating (46.7%); EIAR -Results of Internal Ethics Compliance Audits (29.4%); LINR -Results of Internal Legal Audits (e.g. Software) 23.3% (Table 1). 539 Figure 5. The frequency of reviews of specific aspects by top management Source: Compiled by authors aproject budgets, baction plans, c-economic goals, dorganizational effectiveness measures, edescription or course of processes, f -production and marketing purposes, gopportunities for the organization resulting from trends in sustainable development, hsocial goals, irisks the organization faced arising from trends in sustainable development, jenvironmental objectives.
The organization should take into account economic, social and environmental aspects when building a strategy, setting mission and vision, and measuring. In addition, a mechanism for monitoring the degree of achievement of the indicated objectives should be designed. When formulating an organization's strategy, one should focus on identifying key processes, formulating goals for each of them, developing a set of indicators of the degree of achievement of goals. The implementation of process orientation at this stage will contribute to an increase in the efficiency of the organization.

Source: Compiled by author
A very important factor that organizations should take into account when designing a strategy is risk analysis in relation to economic, social and environmental aspects. Figure 6 shows the extent to which the surveyed organizations take into account economic, environmental and social aspects when building their strategies. Economic/market aspects were identified as the most important -92.1% of organizations assessed this aspect as important and very important, then environmental -67.8% followed by social -65.8%.
According to research carried out in 2013 in a group of organizations that have at least 3 management systems implemented, all aspects are also very important when building the organization's strategy: economic, ecological and social, but the most important were economic/market aspects with the number of indications 96.7% (WRO -0.88), followed by environmental -96.1% (WRO -0.78), and then social -88.9% (WRO -0.74). In this case, the number of responses completely coincided with the hierarchy of the relative assessment indicator (Wysokińska-Senkus, 2013).
Organizations should focus to a greater extent on the implementation of social and environmental goals, as a strategic approach to these goals can be an effective tool for managing the risk of their business (in relation to threats related to the impact on particular groups of stakeholders) and the implementation of the principles of sustainable development.

Conclusions
Risk management is a key process that contributes to the improvement of efficiency and the achievement of the organization's goals. Risk management is a determinant of the implementation of the assumptions of sustainable development in the organization, and thus the improvement of economic, social and environmental security. Currently, the approach to risk management is evolving towards ensuring business continuity. Business continuity management is a holistic management process that aims to identify potential impacts on an ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2021 Volume 8 Number 3 (March) http://doi.org/10. 9770/jesi.2021.8.3(33) 541 organization and create conditions for building resilience to them. The implementation of the sustainable development goals allows organizations to achieve a high level of economic, environmental and social security. Organizations that have implemented quality, environmental and occupational health and safety management systems take into account a wide spectrum of aspects focused on quality, environment, safety and hygiene and use a wider range of management methods and techniques.
The conducted research has shown that organizations use different approaches to the risk management processes, as many as 38.8% of the analysed enterprises do not take the risk related to the implementation of new products, methods and management systems, and about 20% do not have an opinion on this subject. Therefore, it is recommended to be more actively involved in risk management and to develop a comprehensive management approach in this aspect. The surveyed organizations take into account economic, environmental and social aspects when building their strategies, the most important were economic/market aspects -92.1% of organizations assessed this aspect as important and very important, then environmental -67.8%, and then social -65.8%. According to the conducted research, the most frequently monitored aspects include: project budgets, action plans, economic goals, measures of organizational effectiveness. It should be recognized that the frequency of monitoring individual aspects should be greater, as organizations focus to the greatest extent on measuring economic aspects. The review of individual aspects by the top management minimizes the risk of errors and noncompliance, and thus determines the improvement of the risk management process. Management reviews give senior management the opportunity to assess the effectiveness of the organization and make any changes that could improve economic, social and environmental security.
Summing up, it should be mentioned that the analyzed organizations did not sufficiently analyze and monitor the risk. There was no comprehensive approach to risk management and the perception of a given risk as an opportunity or a threat. The limitation in risk management was the complexity of the organization's environment, the dynamics of changes taking place in it, and the lack of appropriate methods in this area. The solutions that is proposed in the study, indicated in the ISO 22301 standard for business continuity management, enables organizations to adopt a modern, comprehensive approach to risk management.
Moreover, the solution for the organization may be integrated with other available risk management standards, among which the following can be distinguished, developed by: Federation of European Risk Management Associations (FERMA), Committee of Sponsoring Organizations of the Treadway Commission (COSO II). The use of these standards by the organization allows the organization to accept the existing risk and take appropriate action if it occurs.