Sustainability of Business through Project Risk Identiﬁcation with Use of Expert Estimates

: Projects are a tool that enables enterprises to implement innovation and development activities and achieve the goals in the set time, costs and required quality but they also bring risks that need to be adequately identiﬁed, analyzed and assessed. Important tools that can be used in project management in the process of risk identiﬁcation are expert estimates. However, little attention is paid to determining the accuracy of expert estimates. To verify the accuracy of expert estimates, an analysis of all completed projects for a certain period of enterprise that implemented them was performed. The purpose of the study was to determine the accuracy of expert estimates in the enterprise implementing projects. This was ascertained by analyzing all available completed projects and by Barnard’s test at the signiﬁcance level of α = 0.05. The Phi coefﬁcient of association was used to determine its extent. In the paper, we pointed out how inappropriate expert estimates affect the completion of the project within the speciﬁed period.


Introduction
At the present time, enterprises use a variety of tools to achieve their goals and manage changes, in an effort to make the most of their potential and ensure the continuing sustainability, survival and development of enterprises and organizations in a globalized market where the risks can spread across borders [1]. It is also an effort to ensure their competitiveness which is reflected in the continuous process of improving products and processes. If an enterprise wants to ensure successful future development, it is necessary to be able to respond to external changes and use its strengths and not leave it to chance. Project management is widely used for these purposes. The sustainability of an organization should not be understood as non-constant growth processes over time, but rather as a holistic, consistent and gradual growth processes (economic, social and environmental). This means that these holistic and consistent growth processes over time also focus on long-term challenges and do not just address the immediate important challenges that organizations are currently facing [2][3][4][5].
Project management can be defined as the application of knowledge, skills, tools and techniques to project activities, to meet project requirements, at all different stages of the project life cycle [6]. The goal of project management is to ensure the success of the project. Success itself is a subjective concept and depends on the perspective of the participant who measures it. Adherence to schedule, cost and quality has traditionally been used as a criterion for measuring project success. However, even in the criteria of success, there is no agreement among researchers. There are many variables that affect the outcome of the in advance, major damage and to make the most of opportunities. Unfortunately, many organizations still do not take the risks into account (but the situation is improving from year to year), problems are usually not addressed until they arise, and good opportunities flow between their fingers. On the other hand, it is also undesirable to overestimate the importance of risks and try to minimize all risks at all costs which is indisputable, especially for less financially demanding projects where large losses are not clear. It is true that the cost of risk management should not exceed the losses caused by the omission of a risk. These risk management costs need to be included in the project budget. In addition, when working with risks, it is always necessary to take into account the type of project, i.e., the amount of funds spent, and to consider other contexts because each project is unique and risk management needs to be adapted to it [33]. There is also a need to focus on a wider range of risks. Some authors point to the important involvement of crisis managers in the risk assessment process [34]. Crisis managers use a number of software that could be used in the process of identifying some risks and then modeling their extent [35][36][37].
The identification of the different risks, their interrelationships and possible drivers, together with appropriate mitigation measures, can be of particular importance. It can help project management and associated decision-making environments become more specific and conducive [38,39]. Identification, assessment and response to potential risk can help projects reduce adverse effects during project cycles [40][41][42]. The determination of risk factors cannot generally be supported by some model techniques but it relies mainly on the knowledge, experience and intuition of the staff involved in the preparation of the business. Experience from the preparation and implementation of projects of a similar or related nature in the past is particularly important here. When identifying, it is important to assess the reliability of the information sources used, the need to obtain additional information, the suitability of the selection of persons involved in the identification, the completeness of the list of identified sources of risk, etc. [43][44][45].
This fact is followed by our study which aimed to determine the accuracy of expert estimates in the enterprise implementing projects. Just these expert estimates affect the correct setting of measures as well as the approach to risk management in the project. Verification of the accuracy of expert estimates has not received the attention they require. Therefore, an analysis of completed projects was performed, in which the accuracy of ex-pert estimates was verified. Our proposed analysis of completed projects as a whole would help to improve the issues addressed in enterprises dealing with projects. The larger number of completed projects analyzed as a whole allows us to determine whether the expert estimates were correct and how they affected the success of the project.

Project Risk Management
Although project management, according to Mern, Al-Thani [46], has been used in practice for decades, risks have only been systematically addressed in projects since the 1980s, initially only in the form of quantitative risk analysis. At present, focusing on risk management is one of the main goals of any organization. Failure to assess project risks during the planning phase can be dangerous throughout the project life cycle. Risk assessment is therefore so important and various methods have been developed for it. Current standards and methodologies (PMI, IPMA, CAS, ISO) require project risk management in each project life cycle [6,10,47,48].
The risk management process is described in ISO 31000: 2018. It is defined as coordinated activities to direct and control an organization with regard to risk. "The purpose of risk management is the creation and protection of value, it improves performance, encourages innovation and supports the achievement of objectives" [49].
Risk assessment and risk management are naturally the main concerns in the field of project management. As a rule, there is a growing awareness in organizations about the need for risk management. This trend shows, for example, the way in which the most widespread management standards, such as ISO 9001: 2015, ISO 10001: 2018 and ISO 45001: 2018, have evolved in their latest revisions and as a result of the emergence and possibly increased application of ISO 31000: 2018 on risk management [50].
ISO 31000: 2018 [49] and ISO / IEC 31010: 2019 [51] provide a set of principles for risk management and assessment. They are based on the "Deming" cycle [52], with regard to the sequence of steps: "Plan, do, control, act". The Deming cycle (also known as PDCA cycle) is implemented on the basis of the principle of continuous improvement. The PDCA cycle emphasizes that all activities of an organization must begin with careful planning, must result in effective activities, must be controlled and possibly adapted, and must again lead to careful planning without interrupting the cycle [46]. ISO / IEC 31010: 21019 provides a detailed explanation of the risk assessment process and the tools used where the context defines the risk situation with their external and internal effects, risk assessment consisting of their identification, analysis and evaluation; treatment, monitoring and review of risk, which realize the implementation of corrective measures and changes in risks, and communication and consultation with the aim of informative dissemination of risk situations to the organization [53,54]. Folch-Calvo et al. presents the importance of dynamic risk assessment which updates information about events that may lead to an accident, actuates the probability of risk [53].
Risk management is a process in which a particular entity seeks to prevent the effects of existing or future factors that cause adverse effects or events. It is used especially in the daily operation of the company or in the implementation of projects, where risk management and risk analysis can also be considered as a project that the company implements. An important part of risk management is the design of the resulting solutions and recommendations based on risk analysis. These aim to eliminate the effect of adverse effects and allow the use of positive effects for the subject. In order to properly design individual recommendations, a number of factors (economic, technical, social, political) need to be taken into account. The task is to identify in advance the sources of possible threats and respond to them, ideally with the help of pre-planned anti-risk measures and minimize potential damage. Risk management, which includes the appropriate use of funds and coordination of resources, as well as the formulation of response measures after risk confirmation, evaluation and prioritization, can reduce the likelihood of adverse events, mitigate the impact of these events and maximize the achievement of project objectives. The ultimate goal of risk management is to confirm which risk factors exist and to develop appropriate risk response strategies [55][56][57].
Zholonko et al. [58] stated that the main task in risk management is to find an alternative that provides the optimal combination of risk and reward, taking into account that the more profitable the investment project, the higher the level of risk in its implementation. In terms of purely qualitative definitions, risk is defined as the possibility of an unfortunate event; the potential occurrence of negative consequences arising from an incident; the set of consequences deriving from an activity and associated uncertainties or, moreover, the deviation from a reference value and the corresponding uncertainty measures [59]. In connection with the focus of research, we will next focus on the identification of negative risks in project management.
Project risk can result in structural complexity due to many elements (stakeholders, workflows, etc.) or dynamic complexity due to any detrimental feature of a complex system where internal or external behavioral influences among components may alternate over time [60][61][62].
Fridgeirsson et al. [60] stated that typical probabilistic and event-based approaches to risk assessment are significant and have proven their usefulness. However, they have their limitations, in particular with regard to unanticipated events, which include risks with low probability or high impact, systemic risks and risks that are less technical and more psychological or social character. This approach is used both by the ISO 31000: 2018 standard [49] and the PMI methodology [6].
Okudan et al. [63] stated that a continuous risk management throughout the project life cycle can help decision-makers to develop proactive risk response strategies that emerge during a project. Given that prevention is always better than cure, active response strategies are certainly the key to achieving the project's goals. According to Nunes and Abreu [64], companies should have focused on models that would enable them to better achieve their risk objectives. In their study, Dvorsky et al. [65] also pointed to a weak focus on strategic risks, which negatively affects the sustainability of the company in a competitive environment.
Improper risk management has been found to be a major cause of excess of time, cost and quality and safety issues. Project organizations select and implement various projects to achieve their qualitative and quantitative goals. Assessing the real conditions of these projects, it can be argued that organizations are rarely successful in timely completion in addition to meeting financial and quality objectives. One of the most important factors that leads to the incompleteness of most projects is the lack of attention paid to the effect of risks in the projects, so that the aggregate effect prevents the required completion of projects. Various techniques have been proposed to assess the risk of the project. In most of these techniques, risks are analyzed separately and interactions between them are not considered [66,67].
In 2019, IPMA, AIPM and KPMG carried out a survey to identify and highlight the challenges to the future of project management. The results of the survey show that two out of five organizations have never used a risk management methodology throughout the course of a project [68].
Masar et al. [48] stated that the results of several surveys confirm that improper management is the most common problem as to why projects fail, especially in the area of project shift or initialization. Human resource plans are also inappropriately defined. Poor project risk management can be accomplished in one step for the most part at each stage of the project. If we compare results, we found out, that project managers, who manage project risks in enterprises in Poland and Czech, use the most some project risks methodology and standards, like project managers, who manage the project in Slovakia. Standards-based on PMBOK methodology and ISO 31000: 2018 is the most used in Czech and Poland. He argued that the importance of using risk identification methods and techniques should not be underestimated in project risk managers. If project managers want to identify negative and positive risks, they should use methods and techniques that are appropriate for the project.
According to ISO Guide 73:2009, risk identification is the process of finding, recognizing and describing risk [69].
The identification of the main risks, together with the nearest sub-risks, may allow for better risk management in terms of risk awareness, risk sharing, proactive decisions and implementation. Cumulatively, it can be crucial to avoid harmful losses that could be caused by hidden risks or less significant risks [70]. This fact is of great importance, as risks that are not identified at this stage are excluded from further analysis.
When existing data and modeling tools cannot provide decision-makers with all the information they need to design and implement effective policies and implement optimal management options, decision-makers often complement other forms of information with the judgment of experts. They can provide useful information to support decision-making, forecasting and risk assessment, including risk identification [71]. Professional judgment is a formal and structured process of synthesizing professional experience with a particular subject. Expert judgment is often required when data on a technical issue are sparse or unavailable, have great uncertainty, or are too complex to be accurately modeled [72]. Expert judgment is obtained mainly during interviews with experts in response to a technical question [73].
As Morgan and Henrion [74] noted, if traditional science and statistics cannot provide all the inputs needed for model or policy analysis, decision-makers have several alternatives to asking experts. Incorporating professional judgment is a way to quantify un-certainty about otherwise unknown parameters, and may involve methods that are di-verse, such as asking a single expert for his or her best estimate, informally finding col-leagues, or following a formal documented procedure to obtain and combine probabilistic tests, judgments. The third type of method is called expert invocation. The proposed research contributes to the understanding of the use of expert estimates in the identification of project risks and the use of risk management in various phases of the project life cycle. Effective risk management in projects is a primary prerequisite for their success and results from the effectiveness of the application of appropriate risk management methods and tools in project management. Therefore, it is important to focus on the implementation of risk management which allows to minimize losses and maximize opportunities with regard to risks. One of the most important phases of the risk management process is risk identification. It is the most extensive part, with the greatest effort to obtain and work with relevant information, because risks that are not identified subsequently fall out of the next risk assessment (analysis and evaluation) process and will not be proposed measures (preventive, reactive), so they can, without being able to influence it, jeopardize the entire implementation of the project.
Through adequate risk management methods in projects aimed at optimizing processes in manufacturing enterprises, we can identify the risks affecting the course of the project. These risks are specifically identified for each environment. Awodi et al., as well as Treshchevsky, pointed out in their research the diversity of risks in specific environments and the importance of their specification based on the experience of experts [43,45]. Project risks do not affect the process of its individual phases of the project life cycle in isolation. As a rule, when activating the effects of risks, the relevant risks are chained or they occur simultaneously and affect several areas of ongoing project activities. These influences negatively affect the implementation of the project in due time and within the set limits of time, finance and quality. Determining the right scope and balance of preventive measures against project risks is problematic and directly dependent on the financial capabilities of enterprises. One of the tools that can be used in project management in the risk identification process is expert estimates which significantly facilitate project management in developing the right range of preventive measures to reduce risks, as well as allocating adequate resources and means to respond to expected risks. These estimates focus in particular on the anticipated risks that may arise during the project.

Materials and Methods
Expert estimates play an important role in creating new projects. Prior to the actual implementation of the project, they are used to identify weaknesses and create space for the adoption of the necessary measures to help manage the risks more appropriately. In order to verify the accuracy of expert estimates, it is necessary to perform an analysis of all completed projects for a certain period. The study was focused on a specific company that deals with complex solutions in the field of industry. During the implementation of projects, the company ensures increased productivity in the field of production, logistics, planning, automation and other key areas in the industry. The data were obtained through the archiving of projects performed by the company for the period 2013-2020. The division that dealt with the projects consisted mainly of 65 experts, of which 20 were assigned to expert estimates. As part of the assessment of individual projects, teams ranging from 3 to 12 people were set aside. The size of the team depended on the specific enterprise, especially in what phase of the economic cycle it was, its financial health but also the actual expected duration of the project. Due to staff turnover and the expertise of experts, the majority of the team was always made up of employees with many years of experience. Expert estimates were also determined on the basis of data from projects carried out in previous periods. The company also identified risks from this data that affect the course of the project. These resulted from management, scope, time, cost, human resources, quality, communication and procurement. These risks occurred during the implementation of previous projects. For this reason, the team of experts considered them significant and made a list of expected risks. Based on their experience, other experts and agencies also used such identification of risk categories [75][76][77]. The number of completed projects was 60 and Table 1 shows the examined data from the analyzed projects. Identifiers are divided into several categories. We tried to focus on the most important criteria that need attention. It is very important for the project to complete it in due time. The success of a project can therefore be measured by whether it has been delayed or not. Each project should be completed on time, but the risks and their combination may prolong the solution of projects. The projects included the possibility to agree on a maximum allowable time for project delays. This agreement should be based on certain assumptions and expert estimates that justify why the project may be delayed. Therefore, we also focus on whether, in the event of a delay, the project was completed within the agreed maximum allowable time for the delay.
For the correct evaluation of statistical data, it is necessary to divide the data into groups. Given the number of projects n = 60, attention was focused on dichotomous qualitative features. Among the monitored values was also the duration of the project which can be included among the quantitative values. In order to obtain dichotomous qualitative features from these values, the values were divided into two intervals, subtracting from the highest value the lowest and then dividing the resulting value in half. This made it possible to view the data being compared. These data were arranged in contingency tables to perform the independence test. Some authors used the chi-squared method and Pearson's chi-squared test for the independence test [78,79]. This test is suitable for large files where n > 20. For small files, there could be a problem with holding Cochran's rule. Therefore, it was necessary to focus on other tests that are especially suitable for small files. For small files, authors tend to use Fisher's exact test [80,81] or Barnard's test [82] as an alternative in their research. Based on Almendra-Arao et al. who recommended the use of the Barnard's test in their research, which has more power in examining the association, this test was used [83]. Using this test at the significance level of α = 0.05, several null hypotheses were tested on both sides.
Due to the number of null hypotheses, the hypotheses were grouped into four groups. In them, we also tested the parts that were in the given group (e.g., each risk separately): • Group 1-H 0 : The risk that was estimated by the expert estimate did not arise during the project. The paper presents the results of the tests performed. This testing will allow us to determine the accuracy of expert estimates as well as the appropriateness of implementing risk management.
If the null hypothesis was rejected at the significance level of α = 0.05, its alternative hypothesis H1 was accepted: In the alternative hypothesis, it is important to determine the degree of dependence between the characters. The Phi coefficient of association was used to determine this rate.

Real Risk in Relation to the Expected Risk in the Individual Phases of the Project Life Cycle
When implementing new projects, it is necessary to get acquainted with as much available data that can negatively affect the project solution. These data are used by experts to determine the presumption of risk in certain sections. The assumed risk was determined on the basis of expert estimates and was intended to contribute to a better management of the entire project. Therefore, it is important to compare the relationship between assumed and real risk. If a risk arose, a corrective action had to be taken. Table 2 compares the expected risks in the projects with the actual risks encountered during the solution. The table also shows the percentage of individual risks. We also emphasized the importance of risks by the percentage itself. Such a breakdown will make it possible to compare the numbers between projected and real risks more clearly.
Based on the results from Table 2 at the significance level of 0.05, we do not reject either null hypothesis from the first group of hypotheses. It is an alarming finding that there is no relationship between the estimated and the really occurred risk at a given level. Such an error rate in expert estimates may negatively affect further developments in project solutions. Based on these estimates, the implementation of risk management in the individual phases of the project is determined. Therefore, it is necessary to examine the dependence of individual phases of risk management with the risks really occurred. Information on what stage of the project risk management was implemented was analyzed from the available data. We tested these individual phases gradually with all the risks and determined whether there was a dependence on the significance level of 0.05. Risk management was introduced in the planning phase in 46.67% of projects. Risk management in the implementation phase was introduced in 70% of projects and risk management in the evaluation phase in 26.67% of projects. The results of the comparison by testing risk management in individual project phases and real risk are shown in Table 3.  From the results of Table 3 at the significance level of 0.05, we accept all null hypotheses from the second group of hypotheses. In this case, the expert estimates used fail, on the basis of which it was recommended to introduce risk management into specific phases of the project. Risk management is associated with project costs and making reserves, and should therefore be implemented as appropriately as possible. In the case of improper implementation, it affects the occurrence of risk minimally and may appear to be unjustified, but in the absence of it, situations could arise that in certain cases new risks may arise or their negative impact may increase. The non-detection of dependence indicates the incorrect implementation of risk management only in some phases of the project. Therefore, it is necessary to understand and implement risk management comprehensively.

A Project without Delay as an Indicator of Success
Implementation of projects in the company environment is a demanding process which is accompanied by various influences. These effects can cause a delay in the project which also incurs delay costs for the company. Frequent delays in projects can cause distrust in a given company, which in the long run, could have an impact on its future position in a competitive environment. Table 4 shows the results of the tests with respect to the project delay. There were 63.33% projects with agile management and 36.67% with waterfall (traditional) management. When focusing on the project duration, 85% was in the interval <6, 107> and 15% in the interval <107, 220>. These intervals were determined on the basis of the longest and shortest duration of the project with regard to the creation of dichotomous quantitative features. The agreed maximum allowable time for project delays was in 81.67% of cases and the project was delayed in 45% of cases. When testing the null hypotheses from the third group at the significance level of 0.05, we reject only one null hypothesis and the other accept. Alternative hypothesis H 1 Management has been accepted-real risk causes project delay. The Phi coefficient of association was then used to determine the association where we calculated that ϕ = 0.433629. This represents a strong positive relationship. That is why it is necessary to pay specific attention to the risks in project management, which confirmed at the level of significance of 0.05, caused a delay in the project. In expert estimates, attention should be paid to each risk separately. The finding of dependence on real risk in the management and delay of the project points to the importance of examining individual risks separately and then paying adequate attention to them.
The last group of null hypotheses was focused on the delay where the maximum allowable time (time) of the delay was also taken into account. In this case, it was assessed whether the delayed project was completed within the agreed maximum delay time. If the project was with a delay, but not longer than the allowed delay, it was possible for the client to consider the project as successful and completed within the agreed time. When focusing on projects that also exceeded the agreed maximum allowable time for project delays, it was found that their amount is up to 26.67%. Table 5 shows the results of the delay test with respect to the maximum allowable delay times. In the case of verification of the fourth group of hypotheses at the significance level of 0.05, all null hypotheses were accepted. Each project should be completed in due time, but due to certain circumstances, the project may be delayed. That is why before the implementation of the project, the company tried to agree on a deadline that will be accepted in case of delay. It is striking that no dependence on the level of 0.05 was found even if the maximum allowable time for project delays was agreed. This meant that if it was possible to delay the project, this time was incorrectly set and the project was delayed even longer than the agreed maximum allowable time. Additionally, some projects did not have an agreed time to delay and were delayed. In order to better agree on the time, it is also necessary to improve the expert estimates themselves, which would more realistically reflect the reality, especially which factors have the greatest impact on project delays.

Discussion
Risk identification in project management is often carried out by expert estimates. Participatory peer reviews can be a reliable and time-efficient method for gathering quantitative information when data are not available or there is a clear knowledge gap [84][85][86]. However, they may also be characterized by a degree of inaccuracy in the case of a dynamically changing environment [87]. This is exactly what was confirmed in our study.
Liu [88] pointed out that the prediction of possible future risks of a project is based on existing data, calculation theory and experience, so that the reliability and credibility of its results depend to a large extent on the practical experience and knowledge of the evaluators.
The inclusion of expertise, along with other forms of data in science, technology and decision-making, is essential. The invitation of experts concerns formal procedures for obtaining and combining expert opinions. If existing data and models cannot provide the necessary information, an expert must be called. Therefore, the validation of expert opinions is a challenge because they are used when there are no other data and therefore it is difficult to measure their accuracy [71].
On the examined sample of projects, no dependence was found between the introduction of risk management in individual phases of the project life cycle and the risk incurred. This could be due to inaccurate expert estimates at various stages of the project life cycle. However, despite the inaccurate results of the expert assessment, it can be assumed that the absence of risk management as such would affect the likelihood of additional risks in individual parts of the project, or their greater negative consequences. Therefore, it is necessary to take into account the risk management as a whole, for the specific needs of the project and on the basis of correct expert estimates to implement it appropriately according to the needs of the project management.
With the help of expert estimates, the occurrence of risk is in individual parts and key variables of projects (management, scope, time). However, when testing projects, no dependence was found between the assumed risk in the given part (variable) and the subsequently actually incurred risk of the given part (variable). It is on the basis of these anticipated risks that the possible length of the maximum allowable delay (extension of the project solution time) has been agreed in some projects. The results confirmed that even the agreed maximum allowable project delay time did not affect the completion of projects within the agreed time.
As any extension of the project implementation period represents an increase in costs and often undesirable multitasking of human resources (if other projects are already running in parallel), the importance of identifying the risks that affect the extension of the project implementation period is also confirmed here. However, this in turn presupposes the addition of other types of risk identification methods (semi-quantitative, quantitative) to expert estimates. This fact is similarly presented by Chen and Holden [87] who stated that it may often be advisable to normalize the data and then combined the results with less variable empirical data, such as national injury statistics; this approach has been previously proposed. In addition, emphasis should be placed on breaking down cognitive prejudices in experts' judgments as well as excessive self-confidence, as stated by [86].
It is important that in real risks, we found that the only risk where we could assume that the risk would cause a delay was Management (real risk). This key variable goes through the entire project life cycle, and it is incorrect project management that usually causes the greatest number of risks which result in additional costs and prolongation of the project solution time. That is why it is necessary to pay specific attention to each risk separately from the point of view of prevention and to consider all its consequences.
The ability to manage the project, manage the risks and subjectivity in these activities refers to the fact that the judgment of the experts is based on the knowledge, skills and experience [80]. Just the shortcomings in these areas and, in particular, the insufficient education in the field of risk management, or the underestimation of the importance of risk management, may be the reason why expert estimates are inaccurate and projects unsuccessful, as Masar [48] also pointed out.
Evaluating the impacts and benefits of completed projects is often given undue attention. A survey carried out in 2015 revealed that 59% of organizations formally evaluate the impacts and benefits of completed projects, 34% do not evaluate them and 7% could not determine whether the impacts of the project are evaluated at all [89]. This evaluation usually takes the form of examining specific completed projects separately. In our paper, we focused on examining all completed projects as a whole, which will improve the view of the issue and find weaknesses that can cause project failure. It would be appropriate to carry out such research in other companies that implement projects.
The risk of schedule delays has many effects, such as increased costs, late completion, interruptions, third party claims, lost productivity and quality, disputes and termination of contracts [90]. Improper risk management has been found to be a major cause of overtime, cost overruns and the problem of quality and safety [91].
Atkinson et al. [92] argued that easily accessible repositories of risk data from past projects are crucial for the quality of estimates. Learning from risks can lead to more realistic risk models and more informed estimates of the future. Before and after the analysis, it is possible to understand the risk impact and identify the reasons for success and failure.
To demonstrate the importance of identifying risk factors in the project of Talabi et al. [93] demonstrated the relationship between the number of risks identified in the project and the quantity of risk occurrence. The results show an inverse relationship between the number of risks identified in the project planning phase and project delays due to uncertainties. This means that the more risks identified in the project, the less uncertainty could lead to delays and cost overruns. The risk-outcome relationship is attributed to the awareness created about risk, which allows for quick planning and increased activity that can help reduce the incidence.
In expert estimates, it is necessary to focus on new types of risks, and we also recommend that within expert estimates, the risk manager analyzes the implemented projects over certain time intervals and thus appropriately adapts expert estimates to real needs. A higher success rate would be possible even if experts had more detailed data on the risk associated with specific projects and the effectiveness of the expert risk assessment methods used in the different parts of the project life cycle was retrospectively verified.

Conclusions
Risk management has resonated in all areas of social and economic life, especially as a tool for crisis prevention. Its role in the field of prevention brings a number of benefits to enterprises that effectively use its tools, related in particular to building a sustainable business and seizing opportunities. Prevention, which is associated with the identification of risks, whether in processes, projects or business as a whole, and effective tools for assessing and managing risks, has the desired impact only if these tools are used correctly and appropriately. Therefore, as pointed out in our study, it is important to avoid repeating mistakes by retrospectively verifying the suitability of the tools used. Expert estimates are a tool that is used very often in project management, and perhaps this is what causes experts to move from a real risk assessment to a formal one, which in turn leads to both the prolongation of projects and the increased financial costs of completing them. This can often be related to the lack of expertise and skills of experts, whether in the field of risk management or project management in a broader context, as they have to work with unexpected changes, especially in the external environment which can have a negative but often positive impact on the project. Based on these facts, it is clear that risk management in projects as a tool for risk prevention is an integral part of project management in order to increase the success of achieving project goals and building business sustainability in general.
The limitation of the study was the lower number of projects. It is important to analyze as many projects as possible from all divisions of the company so that expert estimates can be compared in several sections. For large files, the chi-squared method and Pearson's chi-squared test could also be used. Similar studies should be carried out by companies that want to identify problems with delayed projects. Such control of projects as a whole would serve for more accurate expert estimates which would be positively reflected in project management.
The actual consequences of risk events depend on the organization's ability to man-age risks, therefore company factors and project characteristics that affect project vulnerability should be taken into account [94].
To ensure the success of a project in today's competitive environment, the organization must effectively manage these project risks, even if they face various difficulties. Dikmen et al. [63] argued that it is generally considered to be an activity carried out in order to better quantify the impacts of risk and manage emergencies. However, efforts should also be made to monitor risks effectively, to better communicate risk information between project participants and to build corporate risk memory in order to implement experience-based solutions on how risks can be managed. It is assumed that risk management should be a continuous activity throughout the project. Therefore, risks and related factors should be embedded and assessed at each stage. Creating a complete picture of a risk event in relation to the sources of vulnerability can increase knowledge transfer between projects and can even lead to risk reduction if vulnerability in future projects is minimized.
It is in this area that there are opportunities for further research because the implemented process of risk management in the project and especially effective risk identification using expert estimates (based on relevant information) is one of the tools that can greatly increase the success of project goals and subsequently as well as increasing the sustainability of both project and business activities of the organization. Funding: This research was funded from the VEGA grant No. 1/0371/19 "Societal vulnerability assessment due to failure of important systems and services in electricity sector" and KEGA 026ŽU-4/2020 Innovation and internationalization of teaching as a tool to improve the quality of education at the FSI UNIZA.

Institutional Review Board Statement: Not applicable.
Informed Consent Statement: Not applicable.

Data Availability Statement:
The data presented in this study are available on request from the corresponding author.

Conflicts of Interest:
The authors declare no conflict of interest.