MODELING THE PROCESS OF RISK MANAGEMENT RESPONSE TO THE NEGATIVE IMPACT OF RISKS AS THE BASIS FOR ENSURING ECONOMIC SECURITY

. Purpose – the main purpose of the article is to form a methodological approach to counteract risks that most negatively affect the system of ensuring the economic security of engineering enterprises. Research methodology – the research methodology involves the application of the theory of graph connections, modeling from IDEF0. Findings – the main risks that most negatively affect the system of ensuring the economic security of engineering enterprises were identified, modeling of the main stages of response to their impact was carried out. Research limitations – the article has a number of limitations and this applies to the area of the study. The emphasis was on the engineering industry. In addition, it should be noted that there are other modeling methods for mapping the stages of response to the negative impact of risks. Practical implications – practical application of our methodological approach can be suitable for engineering enterprises. Originality/Value – the originality of the study lies in the presented methodological approach to identifying the risks that most negatively affect the system of economic security of engineering enterprises and modeling the process of responding to this impact.


Introduction
In modern economic conditions, it is important for an enterprise to avoid possible threats and timely eliminate the harmful consequences of negative phenomena. Riskiness is an integral part of entrepreneurial activity, uncertainty is seen as a primary phenomenon, and risk is secondary. The greater the uncertainty in making a business decision, the greater the degree of risk. It is impossible to eliminate risks related to the activities of business entities, since they are an element of objective reality. The main difference between risk and uncertainty is the ability to measure and estimate: uncertainty cannot be measured, while risk can be estimated. So, risk, as opposed to uncertainty, can be managed.
Risk management is a systematic use of the methods, tools and techniques available to managers to solve problems related to risks: setting the context, analysis (identification and assessment), influence, monitoring and communication.
In the enterprise management system, the risk management system is designed to become an integral part of the organization's management subsystem, that is, it should be integrated into its general policy, work plans and activities. When this condition is met, the application of the risk management system is an effective process. Risk management is associated with both negative and positive consequences. The essence of risk management is to identify potential deviations from planned results and to manage these deviations to improve prospects, reduce losses and improve the soundness of decisions made. Risk management means defining perspectives and identifying opportunities for improvement, as well as preventing or reducing the likelihood of undesirable developments.
Foreign practice shows that company leaders successfully use the risk management system both in individual segments and in general. According to a survey conducted by the Federation of European Risk Management Associations: 79% of surveyed enterprises carry out risk mapping, while 44% of them identified risk management as a subsystem of enterprise management.
In connection with the development of market relations, entrepreneurial activity in Ukraine has to be carried out in the conditions of the growing uncertainty of the situation and the variability of the economic environment. It becomes difficult to obtain the expected end result, and therefore, the risk increases, that is, the danger of failure, unforeseen losses. This is especially inherent in the initial stages of the development of entrepreneurship. There is no business without risk. This is due to the fact that the goal of its implementation is to maximize profit, and the greatest profit, as a rule, is brought by market transactions with increased risk. The entrepreneur is forced to assume the risk by the uncertainty of the economic situation and the conditions of the political and economic state and the prospects for changing these conditions. The greater the uncertainty of the economic situation of decisionmaking, the higher the degree of risk. The implementation of entrepreneurship in any of its forms, which is associated with risk, is usually called economic, or entrepreneurial.
In the process of countering the negative impacts aimed at engineering enterprises, the management of this enterprise pays less attention to risks, since in their opinion they are the least threatening. That is why this problem has acquired particular relevance today, given that risks can potentially turn into a threat or danger. An example of this can be called the fact that at the beginning of last year there was only the risk of a pandemic lockdown, which quickly turned into uncontrollable threats and dangers. It is because of the low attention to risk management and risks in general that we have chosen this topic.
Risk management is the management of the enterprise as a whole, taking into account the impact of risks on the basis of the process of their identification, assessment and analysis, as well as the choice and use of methods to neutralize their consequences in order to achieve an optimal balance between the level of risk and the strategic capabilities of the enterprise. Accordingly, risk management is aimed at finding the optimal balance between a high level of risk, which can lead to the collapse of the enterprise, and a complete rejection of it, which leads to a loss of competitiveness.
Today, the issue of forming a methodological approach is extremely relevant, which will allow top managers of the enterprise to better organize the negative impact of risks, with the aim of its subsequent elimination. Considering the above, the main goal of the article is to form a methodological approach to an adequate response and counteraction to risks that most negatively affect the system of ensuring the economic security of engineering enterprises.
The structure of the article provides for a review of specialized literature, which became the basis for the study, a description of the methodology used in the course of the study (the research methodology involves the application of the theory of graph connections, modeling from IDEF0); the results of the research and discussion, which included the identification of risks and the construction of a model of response to them, a description of how our research differs from the existing ones and the conclusions.
The proposed methodological approach to modeling the management process is suitable for engineering enterprises. In the future, this model is planned to be used at one of the leading engineering companies in the Western region of Ukraine for its practical verification.

Literature review
Ensuring economic security at enterprises today is becoming a priority area of scientific research. At the same time, risk management and mitigation of their negative impact plays a special role (Parfitt & Barnes, 2020).
An effective tool for responding to changes in the economic environment of an enterprise is risk management, which is defined as a set of integrated management actions aimed at identifying, analyzing and regulating risks. Within the framework of the proposed approach, risk management can be considered as a process of influencing a business object, which provides the widest possible range of coverage of possible risks, preventive actions, their reasonable accounting when making management decisions and reducing the degree of influence of the identified risks to the minimum limits. Studies of modern conceptual approaches to risk management have made it possible to form a set of methods and methods of an integrated risk management system.
The issue of ensuring the optimal operation of enterprises and ensuring economic security, in the context of risk management, is the subject of interest of a large number of scientists. For example, in the work of Pauliukevičius and Skusevičienė (2013), the basis for the formation of an effective system of combating risks that affect the functioning of the enterprise is to improve the institutional system of the country, while Shynkar et al. (2020) and Pushak et al. (2021) believe that the main role is played by the formation of a powerful internal risk management system. Risk management problems have been of interest to the scientific community for more than a decade. Modern technologies and the impact of globalization in general significantly affect changes in the activities of enterprises and therefore more and more groups of risks arise and, as a result, new problems that need to be addressed.
Risk management is the subject of interest of leading scientists in the field of security at the enterprise. The ambiguity and inaccuracy of today's risk management systems are highlighted in Kim (2020) work, which determines the relationship between inaccuracies and imperfections in risk management systems and the performance of an enterprise.
For example, the basic concepts of the essence of such a phenomenon as "risk" were considered by Aven (2012) and Head (2009). However, our research is more methodological in nature and aims to identify and respond to them.
What risk concepts may exist and which subspecies and how they may differ has been explored by Belles-Sampera et al. (2013), Chatterjee et al. (2003) and Regan and Patè-Cornell (1997). Of course, concepts and theoretical analysis are very important, but we strive to demonstrate how it is possible to depict the process of counteracting negative influences through modeling. Stasytyte and Aleksienė (2015) and Korombel (2012) examined the specifics of operational risks that are encountered in SMEs. We take into account certain operational risks in our research, but strive to cover the negative impact of others.
The very process of organizing the work of the risk management system is well described in the works of Di Serio et al. (2011), Verbano and Venturini (2013) and Islam et al. (2006). According to some scientists, risk management can be part of other enterprise management systems. For example, in the work of Wu and Meng (2019), risk management is part of management security. In our opinion, today risks play one of the most important roles in the system of enterprise functioning, taking into account this risk, management should act as an independent functional management system at the enterprise.
Risk management and its role in the activities of the enterprise has always been accompanied by a certain element of surprise and uncertainty. The specifics of the process of risk management activities were investigated by Tohidi (2011) and Tamošiūnienė and Savčuk (2007). We took into account the specifics of the risk management activity process for our research and its reflection in the proposed model.
Of course, human resources and plant personnel are at the greatest risk, an issue actively explored by Thevendran and Mawlesley (2004) and Zhi-Qiang and Tao (2008).
Features of the hierarchical ordering of risks can be found in the works of Kmec (2011) and Knight (2002), however, our research is based on significant changes that have occurred in the world and the impact of globalization to significantly change the modern risks that a significant number of enterprises face every day.
Regarding the methodology we use, it should be noted that Sylkin et al. (2019) have already applied a similar methodological approach for their own research, but then it concerned anti-crisis management and the financial security system. Our research combines several methods and focuses primarily on risk management.
Paying tribute and taking into account the scientific contribution of a significant number of scientists to the development of solving the problems of the risk management system at the enterprise, the issue of highlighting the main risks that most negatively affect the system of ensuring the economic security of engineering enterprises and modeling the process of responding to this influence is still relevant.

Methodology
The basis of our research is the methods that will allow us to determine and streamline the level of influence of the main risks on the activities of enterprises and to ensure economic security in general, and to simulate the process of responding to them. To do this, we used the following methods: 1. Formation of a model for hierarchical ordering of the main risks that negatively affect the engineering enterprises of Ukraine. To do this, it is necessary to apply a graph of connections between risks, which are formed on the main use of graph theory. It should be noted that graph theory is one of the key branches of mathematics that studies the properties of graphs. In general, a graph is a geometric configuration that includes points connected by lines. The use of graph theory is found in scientific papers in various fields, it can be informatics, management and logistics, including in economics. As an example, in the field of economic research, we use the theory of networked systems. A network is a generalization of the concept of a graph and is a graph where each edge is assigned a certain number, which is called the "edge weight" and this number has a certain meaning, for example: price, profit, income, etc. Today graph theory is one of the best predictive models used in scientific circles. An example of such use can be considered the work of Davahli et al. (2021), who, using this model, formed a predictive model of the distribution and risks of COVID-19.
The list of risks that have the most negative impact on the activities of engineering enterprises and their system of economic security are presented in Table 1. Risks associated with abuse of their powers in the company RPC Separately, we note that to determine those risks that have the most negative impact on the activities of engineering enterprises in Ukraine and their system of economic security, we apply an expert method of interviewing employees of three leading engineering enterprises, who provided a detailed answer, which risks negatively affect the activities of their company. Unfortunately, the respondents asked to remain anonymous and this right remains with them.
Despite the COVID-19 pandemic, the peer review method was conducted through remote communication using email and video chats. At each of the three enterprises, at least 10 representatives were involved in the survey, whose duties include ensuring economic security at their enterprise. All employees who took part in the survey have at least 5 years of experience in the enterprise in the field of ensuring economic security.
2. Since the process of risk management's response to the negative impact of certain and hierarchically ordered risks is, in its essence, it is a certain process that involves the implementation of actions at certain stages. So, for this you need to depict these stages, clearly demonstrate to the risk management team their visions for responding to the negative impact of risks and ensuring economic security in the company. In our opinion, the functional modeling and graphical description of processes (IDEF0) methodology can be well suited for this. It allows you to better understand the very objectivity of the field of study. It should be noted that the objects of functional modeling and structural analysis according to the IDEF0 methodology are just organizational and economic systems.
The key parameters of our functional model of the process of responding to the negative impact of risks on the economic security system are the following, shown in Table 2.

Results of research
Suppose that the set of certain threats is a certain set . From this aggregate, we will select Z 1 ∈ Z 2 a number of significant threats. For clarity, we will supplement the mathematical designation of each factor with its mnemonic name (Table 1).
At the first stage, the subset of threats Z 1 and possible interrelationships between them, we represent in the form of a directed graph (Figure 1), at the vertices of which the elements of the subset Z 1 are located, the arcs connect the sum of the pairs of vertices (z i , z j ) for which the connection is defined. It indicates a certain dependence of one threat (beginning of the arrow) on another (end of the arrow). Figure 1 shows a graph of the relationship of the set Z 1 with other Z, ie the relationship of Z 1 -risk with other selected risks. The use of a graph of connections is a prerequisite for using graph theory. (1) We place the matrix A of 7 × 7 elements in the table, adding to it an information row and a column with the names of risks (Table 3).  Based on the matrix A, we build the reachability matrix. We form a binary matrix (I + A), where I is the identity matrix. As a result, the reachability matrix must satisfy condition (2): The actual construction of a binary matrix is reduced to filling in the table (Table 4).  The vertex z j is reached from the vertex z i if there is a path in the graph (Figure 1) that leads from the vertex z i to the vertex z j . Such a top is called reachable. We denote the subset of such vertices by S (z i ). Similarly, the vertex z i is in front of the vertex z j if it reaches its vertex. Let the number of predecessor vertices form a subset P (z i ).
Finally, a section of subsets of reachable and predecessor vertices, that is, subset (3): The vertices that are not reached from any of the vertices of the set Z 1 , the remaining ones, determine a certain level of the hierarchy of the priority of the action of the influence of risks assigned to these vertices. An additional condition in this case is to ensure equality (4): P(z 1 ) = R(z 1 ). (4) Performing the combination of the above actions gives the first level (the lowest in terms of the importance of influencing the process under study) of the hierarchy of risks. To determine it on the basis of a preliminary matrix, we build a Table 5. 1, 5, 6, 7 6 6 7 1, 7 2, 6, 7 7 The second column of this table is the numbers of the unit elements of the corresponding rows of the access matrix, the third is the numbers of the unit elements of the columns of this matrix. Equality (4) is fulfilled for 2 -Risks associated with loss due to delayed payments and 6 -Risks associated with the wrong choice of capital investment method, type of securities for investment, these risks refer to a low priority level of impact on the activities of engineering enterprises. Further Table 5 we remove lines 2 and 6, and in the i-th columns we delete numbers 2 and 6. Next, the second iteration is calculated, etc. Without further calculations, it can be argued that the highest level of the hierarchy will be occupied by 1 -The risk of loss of property as a result of theft, which entails constant technical and financial costs (for Ukraine, this is a very common phenomenon) and 5 -Risks arising from problems of legislative support.
Arranging risks at certain levels, we obtain a hierarchically structured model (Figure 2), simulating the priority of their impact on the activities of engineering enterprises and their system of economic security.
The next step will be to form a methodological approach to reflecting the decomposition of the risk management response process and the negative impact of the above risks on the activities of engineering enterprises.
For this, we will apply the methodology of functional modeling and graphical description of processes (IDEF0).
Let's build a tree of nodes, a list of functions and objects with appropriate explanations will become the initial basis for their creation (Figure 3).
Note that each block in the IDEF0 functional model diagrams implements the process of converting input to outputs through certain mechanisms. For our task, it is enough just to talk about the transformation of information objects and streams.
Integrally, the entire system we simulate is denoted by the A-0 block. In accordance with this, all inputs, outputs, controls and mechanisms will be connected to the block by limit arrows and codes in Figure 4. Figure 4 has several mathematical notations that cover the basic problem. So, input -In (n = 1), control -Cn (n = 1, 2), output -On (n = 1, 2), mechanism -Mn (n = 1, 2).
Figures 5 show the decomposition of the first of the three levels of the context diagram of the IDEF0 functional model of responding to the risk of negative impact of risks.    Figure 5. Decomposition of the context diagram of the IDEF0 of the response process risk management negative impact of risks Based on the decomposition constructed by us in Figure 5, we should consider in detail the list of functions that are depicted by blocks in the model diagram: A1 -According to our proposed model, the manager must form a model for hierarchical ordering of the main risks that negatively affect their company. This will help streamline the negative impact of existing risks.
A2 -When the negative impact is identified, an appropriate team of managers, specialists in risk management should be formed to provide an appropriate response to this negative impact.
A3 -the formation of basic ideas for the implementation of decisions on the provision of responses to counter the negative impact of risks on the activities of engineering enterprises.
A4 -Selection and implementation of the selected option to counteract the negative impact of risks on the activities of engineering enterprises.

Discussions
We would like to acknowledge the work of Kryshtanovych et al. (2020) and Merigó (2014), which have brought significant developments in addressing security and risk management issues. First, note the fact that the results of the study by Kryshtanovych et al. (2020), also apply the modeling method through IDEF0; however, our study suggests its application to map the process of risk management's response to the negative impact of certain and hierarchically ordered risks.
In contrast to the work of Merigó (2014) and Stasytytė (2013), we focused on how, due to the use of the link graph, to form a model for the hierarchical ordering of the main risks that negatively affect engineering enterprises.
In the work of Drobyazko et al. (2020), the identification of risks was carried out using Kohonen maps, which should form a full assessment of the level of protection against risks. This assessment model is complex and requires the construction of a separate map for each impact factor, in addition, it is necessary to deduct the integral indicator and the impact coefficient. Graph theory and functional model are much easier to use, so they can be used at the level of any enterprise.
So, the main difference from such studies and, together, the originality of our article lies in the presented methodological approach to identifying risks, most negatively affect the system of ensuring the economic security of engineering enterprises and modeling the process of responding to this influence.

Conclusions
Based on the results of our research, we have identified the main risks that affect most negatively to the system of ensuring the economic security of engineering enterprises, and we have modeled the main stages of response to their impact.
The company needs to form its own risk management system, which should contain potential sources for financing losses that the company may incur as a result of the negative realization of the risk. The choice of a mechanism for risk management should be aimed at finding the optimal, expedient and cost-effective method of influence in a particular situation. As a result, the enterprise will be able to form a comprehensive risk management strategy, that is, the ability to make decisions focused on financial, labor, material resources, distribute tasks among managers, consult with specialists, and the like. In general, the adopted mechanism for minimizing risks largely determines the effectiveness of the enterprise's risk management and, as a consequence, the success of the results of activities and competitiveness in the market.
The present requires from the heads of enterprises to constantly monitor risk-generating factors to create an effective and flexible management system in a market environment and limited resources, which leads to the need for a risk management system, all its aspects, basic principles and management methods. Enterprise risk management should be organized in such a way as to provide continuous introspection and self-control. The more detailed the monitoring process, the less the need for additional checks on the activities of the enterprise. An important aspect of enterprise risk management is the choice of an effective mechanism for preventing and minimizing, eliminating or accepting risks that determine the efficiency of the enterprise. Ignorance of the enterprise's propensity to take risks can lead to unpredictable consequences, crisis and bankruptcy.
The formation of a risk management system at the enterprise should become a condition for the effective operation of an enterprise in a changing uncertain environment. Risk management is a risk management system based on the process of their identification, assessment and analysis, as well as the choice and use of methods to neutralize their consequences, aimed at achieving the necessary balance between the strategic capabilities of the enterprise and the level of risk, as well as finding the optimal balance between the high level of risk, which can lead to bankruptcy of the enterprise, and complete rejection of it, which leads to a loss of competitiveness. The risk management system is designed to become an integral part of the organization's management subsystem. The development of risk management standards indicates that a change in the business environment leads to the emergence of new dangers and risks that require timely optimization.
The aim of the study was to form a methodological approach to dealing with risks that may affect the economic security of an engineering enterprise. As a result of the expert assessment, we have identified the main risks affecting the economic security of an engineering enterprise.
Thanks to the use of the graph connections, we have formed models for the hierarchical ordering of the main risks that negatively affect the engineering enterprises of Ukraine. Due to the use of the methodology of functional modeling and graphical description of processes (IDEF0), we have depicted the process of risk management's response to the negative impact of certain and hierarchically ordered risks.
Of course, our research has limitations. The article has a number of limitations and this applies to the area of the study. The emphasis was on the engineering industry. In addition, it should be noted that there are other modeling methods for mapping the stages of response to the negative impact of risks.
In the end, we can conclude that the results obtained in the course of the study indicate the effectiveness of the existing model of the response of the risk management system to the negative impact of risks. In the future, the model we have formed will be implemented at one of the leading engineering companies in the Western region of Ukraine for its practical verification.
Taking into account the existing limitations that arose during the writing of the article, the next steps of our research will be the formation of the same methodological approach for other types of hazards at the enterprise, as well as the adaptation of our methodology to the organizational structure of enterprises in other European countries. Despite the fact that our model is applied only for cutters of economic security of engineering enterprises, this model is plastic in its structure and can be modified for other types of security.