Knowledge Risk Management: From Theory to Praxis

This book provides an in-depth introduction to knowledge risk management (KRM) as well as methods, tools and cases to address knowledge risk management issues in both the public and private sector. It focuses on the integration of knowledge risks into the holistic risk management of organizations. In addition, this book is accompanied by an external website that includes additional checklists, videos and company cases. The combination of a sound theoretical framework along with practical instruments, tools and ancillary materials makes this book a unique, interactive book for professionals, managers, and executives as well as students, academics and policy makers.

• Language: English
• Publisher: Springer
• Release date: Feb 4, 2020
• ISBN: 9783030351212

Book preview

Part IKnowledge Risk Management—State of Research

© Springer Nature Switzerland AG 2020

S. Durst, T. Henschel (eds.)Knowledge Risk ManagementManagement for Professionalshttps://doi.org/10.1007/978-3-030-35121-2_1

Knowledge Risk Management—State of Research

Susanne Durst¹   and Thomas Henschel²

(1)

Department of Business Administration, Tallinn University of Technology, Ehitajate Tee 5, 19086 Tallinn, Estonia

(2)

Hochschule für Technik und Wirtschaft Berlin, Treskowallee 8, 10318 Berlin, Germany

Susanne Durst

Email: susanne.durst@taltech.ee

Abstract

The aim of this chapter is to set the frame for the book’s topic, namely knowledge risk management. In order to do so, the chapter starts broadly and introduces the topics of risks and risk management and knowledge risks and knowledge risk management, respectively. This is followed by a brief summary of the current body of knowledge with regard to knowledge risk management from a research point of view. The outcome shows that there is a clear need for more systematic research; thus, this chapter opens the door for the subsequent chapters presented in this book and intended to further our understanding of knowledge risk management.

Keywords

RisksKnowledge risksKnowledge risk managementRisk management

1 Introduction

This chapter is a general introduction to the topic which provides the background to the book. This chapter provides an overview of the relevant terms and explores the meaning, concept and scope of knowledge risk management. There is no single definition of the concept of knowledge risk management or one right way to pursue the concept, and the book is designed to help you think strategically rather than to provide specific plans to suit particular situations. It considers the whole concept of knowledge risk management and its importance within organizations and the economy in general.

2 Risks

People have actively managed risks for centuries. However, it was mainly in the last century that they increased their efforts in systematically understanding and mitigating past events as well as their attempts to shape the future (Mohun 2016; Vasvári 2015). The knowledge has been turned into science related to decision-making (Myšková and Doupalová 2015). Despite the long existence and management of risk, there is no single definition in the discipline of management studies. However, there is agreement that risk is mainly something negative; therefore, it is closely related to the idea of uncertain developments (Henschel and Heinze 2018), and the different definitions of the term risk are very diverse. They range from quantifiable or measurable uncertainty (Knight 1921) to complex measures of risk such as speculative risk (Leitner 1915).

Risk in a wide definition describes uncertain future events. They can be positive as well as negative (Brustbauer 2016). According to the definition of the ISO 31000: 2018 standard, the risk is the effect of uncertainty on objectives (ISO 2018). Risk according to this definition is not just limited to harmful events, but it focuses more on the impact of an organization’s objectives (Leitch 2010). Risk in a close definition is mainly seen as financial loss due to uncertainty. Risk and uncertainty are closely connected as the former do not exist without the latter (Hetland 2003). Figure 1 classifies the term risk and presents it in a wide and close definition (Henschel and Heinze 2018; Mowbray et al. 1969; Vasvári 2015).

../images/469532_1_En_1_Chapter/469532_1_En_1_Fig1_HTML.png

Fig. 1

Classification of the term risk.

Source Adapted from Glaser (2018), Kless (1998)

The acceptance of risk is part of every entrepreneurial activity (Henschel and Heinze 2018) and therefore closely connected to decision-making. With regard to the types of risks, firms should focus on both financial and non-financial risks and their management (Henschel and Durst 2016). Currently, it seems that firms prefer to focus on financial risks and thus quantitative approaches to risk management (RM), because of greater experience in dealing with such risks (Louisot 2004). Additionally, risk management should also look into the impact of different sorts of risks on one another (Vargas-Hernández 2011). Managing risks, however, must not mean that business activities are stopped but that they are facilitated in a more manageable and proactive way (Durst and Ferenhof 2016).

Recent research also shows an increasing interest in the study of risks related to knowledge and intangibles (e.g. Durst 2013; Durst and Zieba 2018). In considering risk related to tangibles and intangibles, such as knowledge risks, it is expected to have a more balanced and holistic picture of firms’ operations and its risk-bearing capacity (Durst and Zieba 2018).

3 Knowledge Risks

Knowledge risk can be viewed as a measure of the probability and severity of adverse effects of any activities engaging or related somehow to the knowledge that can affect the functioning of an organization on any level (Durst and Zieba 2018).

In fact, any organization is exposed to several different knowledge risks. Durst and Zieba (2018) propose a division of knowledge risks into human, technological and operational ones. According to the authors, human knowledge risks refer to an individual and his or her personal, social, cultural and psychological factors. Thus, this knowledge risk dimension addresses issues related to human resources management in particular. An example of this knowledge risk dimension is the risk of knowledge hiding. The next dimension, technological knowledge risks, could be the result of using various technologies, including information and communication technologies (ICTs). Risks assigned to this dimension may also be triggered by the use of old and outdated software and/or hacker attacks. Eventually, the operational dimension of knowledge risks covers all the risks resulting from organizations’ day-to-day operations as well as their overall functioning, e.g. entering into collaborative agreements, outsourcing certain business functions or applying wrong or obsolete knowledge in business operations (Durst and Zieba 2018). Like any risk, knowledge risks should be actively managed, while at the same time acknowledging that not all of them can be eliminated. Moreover, the map proposed by Durst and Zieba (2018) illustrates that knowledge risks should not be addressed in isolation, but one should always have in mind that one knowledge risk is likely to be connected with another knowledge risk. Thus, organizations will need to take an integrative approach.

4 Risk Management and Knowledge Risk Management

The aim of risk management is therefore to control and manage the existing and future risks of a company so that, given reduced risks and continuing opportunities for earnings, the value of a company increases and that there is an assurance that the risk position of a company (i.e. the sum of the risks entered into by a company) does not exceed its risk-bearing capacity (Henschel 2008). The risk-bearing capacity is the ability of the company to bear losses arising from the risks it has entered into without becoming insolvent. Risk management is thus an important aspect of value-based management (Dickinson 2001).

It is generally accepted that the RM process basically consists of the following four steps (see Vaughan and Vaughan 2001):

Identification of risks

Quantification and thus evaluation of risks

Management and control of risks

Continued reporting on the development of risks.

As part of the organization of risk management, the board of directors, therefore, has to set out the basic strategies for risk management and to nominate the personnel in the company to be responsible for the steps outlined above.

Over the years, the requirements for risk management approaches have increased significantly and calls for broader more integrative approaches have been made (Bromiley et al. 2015). According to ISO, the purpose of risk management is now …the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives (ISO 31000:2018). The risk management is seen as an integral part of all organizational activities. Therefore, the term holistic risk management was coined in. However, no general and widely accepted concept for holistic risk management has developed yet (Lundqvist 2015; McShane 2018).

There is an agreement in the literature that at least the following aspects should be covered in a holistic risk management system. The first aspect is the continuous monitoring of all sources of risk (Smallman 1996; COSO 2017). The monitoring should span across the entire organization, aimed at identifying possible events that can adversely affect the company such as market, strategic, human, operational, technological and financial risks (Verbano and Venturini 2013). This will try to avoid the so-called silo approach, looking only at easily quantifiable risks which the company is familiar and failing to identify critical factors early enough (McShane 2018).

The second aspect is to use a combination of qualitative and quantitative techniques for the risk assessment and risk monitoring to support the identification and management of the critical success factors of an enterprise (Gatzert and Martin 2015; Khan et al. 2016). The third aspect is concerned with organizational learning (Smallman 1996; Lundqvist 2015). As empirical studies have revealed, a participative leadership style has a positive effect on risk management performance (Sax and Torp 2015). Thus, holistic risk management should include both a holistic, formalized enterprise risk management system and organizational initiatives that enhance the strategic responsiveness through employee involvement (Sax and Torp 2015; Heinze and Henschel 2019). To make this happen, it is important to establish an organizational environment in the company that allows the learning from past errors and disasters and where culture is established in the company that allows for a positive approach to dealing with mistakes and does not punish employees for mistakes. In this vein, proper knowledge management will be an important cornerstone for holistic risk management (Smallman 1996, 1999; Bogodistov and Wohlgemuth 2017).

KRM can be defined as a systematic way of applying tools and techniques to identify, analyse and respond to risks associated with the creation, application and retention of organizational knowledge (Durst et al. 2016). Similar to knowledge management, KRM should have a long-term orientation and different KM practices can be expected to support continued risk management of an organization’s knowledge that is up to date and relevant. Durst and Ferenhof (2016) proposed a knowledge risk management process which is composed of four activities. The first activity risk identification is designed to continuously detect the risks the organization in question is exposed to, e.g. risk of losing human capital and relational capital due to ownership and/or management succession or risk of unintentionally losing knowledge through conversations with suppliers. This is followed by the activity qualitative and quantitative analysis which analyses the risks identified in the previous activity 1 according to their risk level (i.e. the risk’s probability of occurrence). Durst and Ferenhof (2016) further highlight that the people in charge of KRM should be prepared to include measures that are based on a non-monetary denominator as well. Activity number 3 management and control of the present and future risks deals with the development and implementation of actions to deal with the critical knowledge risks. This means that the actions behind this item should contribute to a reduction of risk probability. Additionally, it shall guarantee that all actions underway are being executed properly. Eventually, the last activity continued risk reporting is about the reporting of the risks identified, the measures taken and the outcomes achieved; thus, it keeps the organization informed about its knowledge risk management activities. Taking into consideration time constraints as well as the intention to produce reports that are actually read and used, according to Durst and Ferenhof (2016), the reports should be short and straightforward but long enough to provide the basis for informed decisions.

5 The Current Body of Knowledge Regarding KRM

The study of KRM or risks related to knowledge is still in its infancy (Massingham 2010; Durst and Zieba 2017; Durst et al. 2019), which is surprising against the strategic importance that is assigned to knowledge (Grant 1996). It also means a clear contrast to the study of risk management (Alhawari et al. 2012). For example, Durst et al. (2016) conducted a literature review of KRM and identified 24 papers of which the authors assigned 14 papers to the topic frameworks and methodologies. The remaining papers addressed KRM-related issues such as KRM awareness, KRM complexity, KRM identification and classification, KRM strategy, KRM protection and KRM practices. In a more recent paper, Durst (2019) reviewed the extant literature on knowledge risks and related issues. Her study covered 52 papers and were assigned to ten broad subject matters: awareness-raising, conditions for improved KM/KRM, frameworks for improved knowledge risk management, knowledge loss, measurement, relationship between KRM and performance, theory development, tools supporting the dealing with knowledge risks in business operations, trade-off between investment in KRM and benefits, and other types of knowledge risks. The extant body of knowledge clearly shows that there is a strong need for more systematic research on risks related to knowledge and the risk management of these particular risks. And this research should be conducted in all types of organizations and not only in those organizations that have historically invested in risk management due to heavy regulation, such as utilities, banking or insurance. Durst et al. (2019) who examined the effect of KRM on organizational performance showed that public and private organizations can benefit from KRM.

6 Conclusion

The introductory chapter has shown that the management of risks has gained in breadth and depth over the years. Against present and future challenges, all types of organizations are exposed to, and a holistic, integrated and forward-looking risk management has to take account of a different number of traditional risks but also new ones. Many of the present and new risks are knowledge-related underlying the need for more rigour research in this area. The present book addresses this need by emphasizing the relevance of risk management for public and private organizations in general and by raising awareness for risk-related knowledge and in turn the need for new risk management methods, tools and approaches to take advantage of this additional type of risks and leverage their value.

References

Alhawari, S., Karadsheh, L., Talet, A. N., & Mansour, E. (2012). Knowledge-based risk management framework for information technology project. International Journal of Information Management,32(1), 50–65. https://​doi.​org/​10.​1016/​j.​ijinfomgt.​2011.​07.​002.Crossref

Bogodistov, Y., & Wohlgemuth, V. (2017). Enterprise risk management: A capability-based perspective. Journal of Risk Finance,18(3), 234–251. https://​doi.​org/​10.​1108/​JFR-10-2016-0131.Crossref

Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management: Review, critique, and research directions. Long Range Planning, 48(4), 265–276.

Brustbauer, J. (2016). Enterprise risk management in SMEs: Towards a structural model. International Small Business Journal,34(1), 70–85. https://​doi.​org/​10.​1177/​0266242614542853​.Crossref

Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2017). Enterprise risk management—integrating with strategy and performance. Retrieved 22.11.2018 https://​www.​coso.​org/​Documents/​2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.​pdf.

Dickinson, G. (2001). Enterprise risk management: Its origins and conceptual foundation. The Geneva Papers on Risk and Insurance, 26(3), 360–366.Crossref

Durst, S. (2019). How far have we come with the study of knowledge risks? VINE Journal of Information and Knowledge Management Systems. https://​doi.​org/​10.​1108/​VJIKMS-10-2018-0087.Crossref

Durst, S. (2013). An exploratory study of intangibles risk disclosure in annual reports of banking companies from the UK, US, Germany and Italy—Some descriptive insights. Financial Reporting (Vol. 1, pp. 81–120); Durst, S. (2012). Innovation and intellectual capital (risk) management in small and medium-sized enterprises. International Journal of Transitions and Innovation Systems, 2(3/4), 233–246.

Durst, S., & Ferenhof, H. A. (2016) Knowledge risk management in turbulent times. In K. North, & G. Varvakis (Eds.), Competitive strategies for small and medium enterprises increasing crisis resilience, agility and innovation in turbulent times (pp. 195–209). Springer International Publishing, Cham.

Durst, S., & Zieba, M. (2018). Mapping knowledge risks: Towards a better understanding of knowledge management. Knowledge Management Research & Practice. https://​doi.​org/​10.​1080/​14778238.​2018.​1538603.Crossref

Durst, S., & Zieba, M. (2017). Knowledge risks—towards a taxonomy. International Journal of Business Environment,9(1), 51–63.Crossref

Durst, S., Bruns, G., & Henschel, T. (2016). The management of knowledge risks: What do we really know? International Journal of Knowledge and Systems Science (IJKSS),7(3), 19–29.Crossref

Durst, S., Hinteregger, C., & Zieba, M. (2019). The linkage between knowledge risk management and organizational performance. Journal of Business Research,105, 1–10. https://​doi.​org/​10.​1016/​j.​jbusres.​2019.​08.​002.Crossref

Gatzert, N., & Martin, M. (2015). Determinants and value of enterprise risk management: empirical evidence from the literature. Risk Management and Insurance Review,18(1), 29–53.Crossref

Glaser, C. (2018). Risikomanagement im Leasing: Grundlagen, rechtlicher Rahmen und praktische Umsetzung (2nd ed.). Wiesbaden: Springer Gabler.Crossref

Grant, R. M. (1996). Toward a knowledge-based theory of the firm. Strategic Management Journal,17, 109–122.Crossref

Heinze, I., & Henschel, T. (2019). Risk(ing) sophistication: Towards a structural equation model for risk management in small and medium-sized enterprises. International Journal of Entrepreneurship and Small Business, in press.

Henschel, T. (2008). Risk management practices of SMEs: Evaluating and implementing effective risk management systems. Berlin: Erich Schmidt.

Henschel, T., & Durst, S. (2016). Risk management in Scottish, Chinese and German small and medium-sized enterprises: A country comparison. International Journal of Entrepreneurship and Small Business,29(1), 112–132. https://​doi.​org/​10.​1504/​IJESB.​2016.​078048.Crossref

Henschel, T., & Heinze, I. (2018). Governance, risk and compliance. In W. Schmeisser, Becker, W., Beckmann, M., Brem, A., Eckstein, P., & Hartmann, M. (Eds.), Neue Betriebswirtschaft. Theorien, Methoden, Geschäftsfelder. UVK Publishing, München (pp. 339–370).

Hetland, P. W. (2003). Chapter eight uncertainty management. In N. J. Smith (Ed.), Appraisal, risk and uncertainty: Construction management series (pp. 59–88). London: Thomas Telford.

ISO 31000. International Organisation of Standardisation. (2018). Principles and generic guidelines on risk management. Retrieved 22.11.2018 https://​www.​iso.​org/​standard/​43170.​html.

Khan, M. J., Hussain, D., & Mehmood, W. (2016). Why do firms adopt enterprise risk management (ERM)? Empirical evidence from France. Management Decision,54(8), 1886–1907.Crossref

Kless, T. (1998). Beherrschung der Unternehmensrisiken: Aufgaben und Prozesse eines Risikomanagements. Deutsches Steuerrecht, 36(3), 93–96.

Knight, F. H. (1921). Risk, uncertainty and profit. New York: Hart, Schaffner and Marx.

Leitner, F. (1915). Die Unternehmensrisiken—Einzelwirtschaftliche Abhandlungen, Heft 3. Berlin: Friedrich Reimer.

Leitch, M. (2010). ISO 31000: 2009—the new international standard on risk management. Risk Analysis,30(6), 887–892.Crossref

Louisot, J.-P. (2004). Managing intangible asset risks: Reputation and strategic redeployment planning’. Risk Management: An International Journal,6(3), 35–50.Crossref

Lundqvist, S. A. (2015). Why firms implement risk governance—stepping beyond traditional risk management to enterprise risk management. Journal of Accounting and Public Policy,34(5), 441–466. https://​doi.​org/​10.​1016/​j.​jaccpubpol.​2015.​05.​002.Crossref

Massingham, P. (2010). Knowledge risk management: A framework. Journal of Knowledge Management,14(3), 464–485.Crossref

McShane, M. (2018). Enterprise risk management: History and a design science proposal. The Journal of Risk Finance,19(2), 137–153. https://​doi.​org/​10.​1108/​JRF-03-2017-0048.Crossref

Mohun, A. P. (2016). Constructing the history of risk. Foundations, tools, and reasons why. Risikogeschichte: Wie, warum und zu welchem Ende schreiben wir eine Geschichte des Risikos? Historical Social Research,41, 30–47. https://​doi.​org/​10.​12759/​hsr.​41.​2016.​1.​30-47.Crossref

Mowbray, A. H., Blanchard, R. H., & Williams, C. A. (1969). Insurance: Its theory and practice in the United States (6th ed.). New York: McGraw-Hill.

Myšková, R., & Doupalová, V. (2015). Approach to risk management decision-making in the small business. Procedia Economics and Finance,34(1), 329–336.Crossref

Sax, J., & Torp, S. S. (2015). Speak up! Enhancing risk performance with enterprise risk management, leadership style and employee voice. Management Decision,53(7), 1452–1468.Crossref

Smallman, C. (1996). Risk and organizational behaviour: A research model. Disaster Prevention and Management,5(2), 12–26.Crossref

Smallman, C. (1999). Knowledge management as risk management: A need for open governance? Risk Management,1(4), 7–20.Crossref

Vargas-Hernández, J. (2011). Modeling risk and innovation management. ACR,19(3/4), 45–57.

Vaughan, E. J., & Vaughan, T. (2001). Essentials of risk management and insurance. New York, Chichester, Weinheim, Brisbane, Singapore, Toronto, John Wiley & Sons.

Verbano, C., & Venturini, K. (2013). Managing risks in SMEs: A literature review and research Agenda. Journal of Technology Management & Innovation,8(3), 186–197.Crossref

Vasvári, T. (2015). Risk, risk perception, risk management—a review of the literature. Public Finance Quarterly,60(1), 29–48.

Part IIKnowledge Risk Management in Private Organizations

© Springer Nature Switzerland AG 2020

S. Durst, T. Henschel (eds.)Knowledge Risk ManagementManagement for Professionalshttps://doi.org/10.1007/978-3-030-35121-2_2

Knowledge Risk Management in Companies Offering Knowledge-Intensive Business Services

Malgorzata Zieba¹  

(1)

Gdansk University of Technology, ul. Narutowicza 11/12, 80-233, Gdansk, Poland

Malgorzata Zieba

Email: mz@zie.pg.gda.pl

Abstract

The aim of this chapter is to present and analyze knowledge risks and their management in companies offering knowledge-intensive business services. The chapter illustrates potential knowledge risks, with a special emphasis on risks related to firms offering knowledge-intensive business services, and then discusses the results of a case study research conducted among 13 small KIBS firms from Poland. The study is of a novel character, as there is hardly any study devoted to a plethora of knowledge risks in companies, and therefore, it contributes to the development of the research field of knowledge risks. It also takes a look at the perspective of KIBS firms, which is still an underexplored topic. As the study shows, the most frequently indicated risk was the loss of knowledge associated with the departure of an employee. This result confirms the expectations that for KIBS firms’ human resources are important, and the risks related to them are of special interest. At the same time, leaving employees often supply competitive organizations or even establish their own companies to provide similar services. This is due to a large specialization in a given area of knowledge, necessary to perform tasks at KIBS firms. Other risks identified by the respondents include: problems in communication and knowledge flow, lack of codified/documented knowledge, theft of knowledge (e.g., by competitors), possession of false knowledge or inability to properly use true knowledge (e.g., in the case of clients), contradiction of knowledge obtained from various sources, lack of acquiring knowledge or even disowning by the customer receiving knowledge, aging knowledge, and excess of knowledge.

Keywords

Knowledge-intensive business servicesKIBSKnowledge risk managementKnowledge risks

1 Introduction

This chapter presents a case study research of knowledge risk management in small companies offering knowledge-intensive business services (KIBS). Nowadays, knowledge starts to be perceived not only as a source of potential competitive advantage of organizations (Berman et al. 2002; Quintas et al. 1997; Victer 2014), but also as a source of various risks and hazards (Durst and Zieba 2017; Zieba and Durst 2018; Durst et al. 2016; Bratianu 2018; Hurmelinna-laukkanen 2015). On the basis of a systematic literature review devoted to knowledge risks, Durst (2019) stated that without an understanding of knowledge risks and their possible consequences for both public and private organizations, the specified knowledge strategies and KM approaches cannot be effective. It seems unquestionable that knowledge risks are paid more and more attention in the literature and they require to be further examined.

Knowledge-intensive business service companies are firms whose basic value-added activity consists in the accumulation, creation, and dissemination of knowledge in order to develop such a solution (tailored service or product) that will meet the client’s needs (Bettencourt et al. 2002). Such companies are characterized by the ability to receive information from outside the company and transform this information together with knowledge in the company into specialized services for their clients (Hipp 1999). Knowledge for these companies is an especially significant resource and that is why they should pay attention to its management and protection against various risks. Therefore, the topic of this chapter is devoted to knowledge risk management in this particular type of companies.

The remaining part of this chapter is structured as follows. First, a short review of knowledge risks and their management is presented, with a special emphasis on risks particularly valid for KIBS firms . Second, the methodology is described and research questions are formulated. Third, research results are delivered and discussed. Finally, the concluding remarks are provided, together with research limitations and further research avenues.

2 Knowledge Risks and Their Management

The research on knowledge risks and their management is still in its infancy. First of all, there is hardly any definition of knowledge risk available. One of the few definitions was offered by Perrott (2007), who defined a knowledge risk as a likelihood of any loss resulting from the identification, storage, or protection of knowledge that may decrease the operational or strategic benefit of the company (Perrott 2007). Another one was proposed by Zieba and Durst (2018), who stated that knowledge risk is a measure of the probability and severity of adverse effects of any activities engaging or related somehow to the knowledge that can affect the functioning of an organization on any level (Zieba and Durst 2018). Knowledge risk is understood in this second way in this chapter.

There are also only a few studies available on knowledge risks, and they present only fragmented insights into the topic. For example, there are some studies devoted to knowledge loss (e.g., Durst et al. 2017; Norman 2004; Parise et al. 2006; Schmitt et al. 2012); knowledge leakage (e.g., Ahmad et al. 2014; Annansingh 2012; Mohamed et al. 2007; Parker 2012); knowledge spillovers (e.g., Audretsch and Feldman 2004; Feinberg and Gupta 2004; Fernandes and Ferreira 2013); knowledge hiding (e.g., Arshad and Ismail 2018; Cerne et al. 2014; Connelly et al. 2012; Hernaus et al. 2018; Kumar Jha and Varkkey 2018; Wang et al. 2018), etc. However, there is no study so far related to all the potential knowledge risks faced by knowledge-intensive business services.

According to the taxonomy proposed by Zieba and Durst (2018), there are the following categories of knowledge risks: human, technological, and operational. Human knowledge risks relate to an individual’s personal, social, cultural, and psychological factors and human resources management. Technological knowledge risks originate from the application of technologies (also information and communication technologies) and other issues related to technology in general (e.g., hacker attacks). The last category, the operational category of knowledge risks concerns risks that appear as a consequence of everyday operations and functioning of organizations (e.g., cooperation with other entities, outsourcing, basing on wrong knowledge, etc.) (Zieba and Durst 2018). Among human knowledge risks, there are knowledge hiding , knowledge hoarding , unlearning , forgetting , and missing/inadequate competencies of organizational members; among technological knowledge risks, one can list risks related to cybercrime, old technologies, digitalization, and social media; and finally, among operational knowledge risks, there are knowledge waste , risks related to knowledge gaps, relational risks, knowledge outsourcing risks , risk of using obsolete/unreliable knowledge, risk of improper knowledge application, espionage, continuity risks, communication risks, knowledge acquisition risks, knowledge transfer risk, and Merger and Acquisition risks (Zieba and Durst 2018).

Taking into account knowledge and its importance for KIBS firms , which rely on the knowledge and its proper application (Hertog 2000; Miles et al. 1995), some particular knowledge risks might be especially valid for these companies. KIBS firms are reliant on their employees, who collect, share, disseminate, and generate knowledge, and therefore, it might be expected that human knowledge risks will be of special importance in the case of such firms. Another characteristic feature of KIBS companies is that they create their services in close relation with their customers, who deliver their knowledge for a better realization of the service. This phenomenon can be called co-production, where the customer is engaged in the creation and delivery of service (Ordanini and Pasini 2008). The required level of this co-production is different for various types of KIBS services (Lehrer et al. 2012), but it can cause some potential operational knowledge risks resulting from this cooperation. Among such risks, one can list improper knowledge application or knowledge transfer risk . Finally, as among KIBS firms there are IT companies, it can be expected that for them, technological knowledge risks will be of high importance (e.g., risks related to cybercrime or social media). Some of these risks may have a strategic impact on the KIBS firms, meaning that their occurrence may hinder seriously the functioning of the KIBS firm or even its closure. An example of such a risk might be the loss of reputation for an accounting company, due to a fake news spread in social media.

3 Methodology and Research Questions

The main aim of the presented study was to investigate knowledge risk management practices in companies from the knowledge-intensive business services sector. On the basis of the literature review presented above, the following research questions were formulated:

R1.

What kind of knowledge risks can be identified in KIBS firms ?

R2.

How do KIBS firms manage the indicated knowledge risks?

To answer these research questions, the case study method was applied. This type of methodology is suitable when little is known about the explored area, as is the case for knowledge risks and their management (Durst 2019). Therefore, an inductive methodology involving a multiple case study method seemed to be the best choice (Yin 2009). As indicated in the introduction, small KIBS firms were selected for the study. They were chosen from a database with KIBS firms located in one of the regions in Poland, the Pomerania region. KIBS sector encompasses the following types of economic activities according to the NACE 2.0 classification: 62—computer programming, consultancy, and related activities; 63—information service activities; 69—professional, scientific, and technical activities; 70—activities of head offices; management consultancy activities; 71—architectural and engineering activities; technical testing and analysis; 72—scientific research and development; and 73—advertising and market research (Schnabl and Zenker 2013). A total of 13 small companies from the KIBS sector were selected for the study, offering various types of services (including consultancy, legal, accounting, advertising, surveying, IT, research and development) and employing a diverse number of employees. Detailed characteristics of the sample are presented in Table 1.

Table 1

Characteristics of the examined companies