Risk Management in the Management Control System in Polish Local Government Units—Assumptions and Practice

: The issues related to management control and risk management are related not only to the safe operation of a given organization, but also contribute to ensuring the continuity of its operations. The main purpose of this article is to present the general principles of the organization of the management control and risk management system and to check the knowledge of its essence and principles by the employees of local government units. In the empirical part of the article, the method of desk research was used, as well as a questionnaire, which check the knowledge of rules and procedures by local government units’ employees. The research results show that the understanding of the essence and principles of management control system and risk management by employees is incomplete. Therefore, it is recommended to conduct training in the ﬁeld, increasing the knowledge of the management control system. This is important because a properly functioning management control system may contribute to the improvement of public service provision, better use of resources, and may also prevent wastage.


Introduction
The management control system and risk management are integral functions in local government units (LGUs). When carrying out their own, as well as commissioned, tasks, local government units are exposed to external and internal risk. It is worth emphasizing that in the activities of LGUs, there are events, actions, or even the abandonment of activities that may cause negative effects, and thereby affect the achievement of the goals and implementation of the tasks of LGUs. It should be noted that the risk in the activities of local government units cannot be confused with dysfunctional behavior in the organization (e.g., negligence, lack of competence, unlawful activity, criminal acts), because the decisionmaking process in local government units requires compliance with the law and procedures, transparency, and professionalism. Therefore, the provisions of applicable law, on the one hand, reduce the likelihood of irrational actions, and on the other hand, allow the taking of actions burdened with various types of risk.
In the empirical part of the article, the method of desk research was used (documentation on management control and risk management in the Polish legal system), as well as a questionnaire (check the knowledge of these rules and procedures by local government units' employees). The purpose of the conducted research was to check how the management control system and risk management function in local government units. The key issue was also to check the knowledge of the principles of management control by employees. Due to the profile of the conducted research, the analysis concerns only local government units. The subject matter discussed in the article is important not only due to the methods and quality of management in local government units, but also due to the situation caused by the COVID-19 pandemic. Considering the latest developments, the ability to effectively manage risk is essential to properly identify threats and react appropriately. Information obtained in the risk identification process should contribute to correct decision-making and prevent destabilization in the functioning of the organization. Additionally, the most crucial challenge for organizations operating in conditions of uncertainty is the ability to respond to unpredictable situations actively (Dobrowolski 2020).
The article omits many theoretical issues and issues related to regulations concerning management control and risk management. The discussed issues focus mainly on the organization of the management control system and risk management, as well as the knowledge of the rules and procedures by the employees of local government units. The guidelines from official documents prepared by the Ministry of Finance were analyzed. The author realizes that the research she has carried out illustrates only a fragment of reality, because it was carried out in just two voivodeships and, as a result, only 200 responses were received. Due to the above-mentioned reasons, it is recommended that further research be conducted in this area.

Management Control in the Polish Legal System
In the case of a management control system, meeting the statutory assumptions is related to knowing and understanding its essence. The cognition process should apply to not only the management staff, but also to the employees who are the key links in the management process.
The Public Finance Act of 27. August 2009 obliged the heads of public finance sector units to develop and implement a management control system (from 1 January 2010). The introduction of the concept of management control to the Polish legal system resulted in the fact that all areas of activities carried out by units of the public finance sector were included in the scope of this obligation. In literature on the subject, management control has been defined as a process ensuring that resources are acquired and used in such a way as to achieve the goals of the organization effectively and efficiently. Moreover, management control facilitates the cooperation between employees and organizational units (Dobrowolski 2017). Additionally, thanks to management control, the autonomy of public institutions in relation to central authorities was extended, and the priority of meeting the needs of citizens was indicated, considering the principles of market economy and financing related to the effects (Sołtyk 2013;Winiarska 2016;Dobrowolski 2017). Management control has been defined in numerous ways, and most definitions stress the exercise of influence to secure sufficient resources, and to mobilize and orchestrate individual and collective action toward given ends (Alvesson and Karreman 2004). One of the essential elements of management control is setting goals and tasks and monitoring the degree of their implementation (Šljivić et al. 2015;Dobrowolski 2017). On the other hand, the concept of management control in the normative approach was presented in article 68. of the Act on Public Finance of 27 August 2009, as the whole of activities undertaken to ensure the implementation of goals and tasks in the following manners: legal, effective, economical, and timely. Management control in public sector entities covers all dimensions of the entity's activities. It should be noted that until 2009, in Polish legal acts, there was no defined management control. Until then, financial control was in force, which resulted from the Act on Public Finance of 30 June 2005. Interestingly, management control does not only concern instructions and orders of management. The effectiveness of management control also depends on the way employees perform their duties. All units of the public finance sector have been obliged to implement management control procedures. The management control standards were presented by the Minister of Finance (Komunikat Nr 23 Ministra Finansów 2009). These are general requirements due to the diverse range of operation of the units. The document emphasizes that the introduction of standards is aimed at promoting the implementation of a coherent and uniform model of management control in the public finance sector, in line with international standards in this regard, considering the specific tasks of the unit implementing it and the conditions in which the unit operates (Komunikat Nr 23 Ministra Finansów 2009;Piaszczyk 2017). It is also worth noting that the standards create guidelines that should be used by persons responsible for the functioning of management control in order to evaluate and improve the system. Management control standards have been classified into five groups: Management control standards oblige management to adhere to the principles of ethical conduct and to promote the values adopted by the organization. It should be kept in mind that the management control system should be subject to constant monitoring and evaluation. Ongoing monitoring of individual elements of management control helps to identify possible errors early and allows for timely response.
The concept of effectiveness is also associated with the management control system, which is defined as doing the right things or the ability to choose the right goals (Kowal 2013). In the context of management control, effectiveness is related to achieving the goals indicated by the legislator: Each of the listed management control objectives is essential from the managerial point of view. Specific objectives are a kind of supplement to the main objective included in the definition of management control. According to the act, the management control system is integrated with all processes taking place in the organization. Therefore, a precise definition of goals is crucial when assessing the implementation of the adopted actions. Functioning in accordance with the guidelines will allow for an accurate diagnosis of weaknesses and corrective measures to be taken in a timely manner. Thanks to this, individuals will have a chance to achieve the planned goals.
It should be noted that the objectives of management control do not only have an economic dimension. Obviously, the issues related to the achievement of the individual's goals, resources, and proper management are extremely important, but also the relations within the organization are emphasized. It should be stressed that proper relations between employees, free flow of information and ethical behavior affect the quality of services provided. This also applies to relations with the environment-external public sector-on this basis, the image of a given entity is built. Moreover, appropriate knowledge and understanding of the objectives of management control are essential for its proper functioning. To sum up, it can be said that management control encompasses the human and technical (machines and processes) systems of an organization (Hewege 2012;Sołtyk 2013;Dobrowolski 2017).
The rules of management control contain recommendations for its self-assessment at least once a year. This should be done by employees and management. Moreover, the self-assessment of management control should be documented. Report templates and supporting questions were also developed by the Ministry of Finance (Komunikat Nr 3 Ministra Finansów 2011). Management should mainly use information obtained from audits and controls, as well as the monitoring and evaluation of management control. However, there are numerous doubts about the credibility and reliability of the reports. Moreover, Dobrowolski (2017) notes that: "Incorrectly conducted self-assessment may be a tool for destroying trust (...). Among the factors that may increase the risk of ineffective self-assessment, the following were listed: lack of visible, strong support from the entity's management, selection of a self-assessment coordinator who does not have adequate knowledge and skills, too much limitation of the scope of self-assessment, misunderstanding of the purpose of self-assessment by the employees of the unit, underestimation of resources (time, people) necessary to efficiently conduct and document the self-assessment, organizational culture in the unit." As noted, the listed factors are just some of the reasons, some of which may vary depending on the organization.
According to legal acts, the implementation of the management control system was aimed at improving the performance of public tasks. It is worth emphasizing that management control is directly related to the management process. The implementation of management control procedures was aimed at achieving the intended goals by maximizing opportunities and minimizing risk (Hewege 2012;Dyczkowski and Dyczkowska 2014;Šljivić et al. 2015). Additionally, Dobrowolski (2017) notes that properly implemented management control ensures, among other things: compliance of activities with the law and internal procedures; reliability of reports; resource protection; ethical conduct. The basic principle of the proper functioning of the management control system in units of the public finance sector should be understanding its essence and treating it as an auxiliary tool in achieving planned goals.

Risk and Risk Management
The implementation of the principles of risk management in the public sector was designed along the lines of corporate governance commonly used in business entities. The solutions proposed by the legislator are to contribute to more effective and efficient planning, organization, and the actual implementation phase of public tasks.
Public sector units play specific roles in the field of social life, focusing mainly on the implementation of tasks in the field of education, health protection, social security, unemployment prevention, social welfare, environmental protection, transport, and communication (Kumpiałowska 2011). In connection with the above, risk management is to help people responsible for the operation of financial management in the proper identification of risk, and then in making optimal decisions. In addition to the achievement of their objectives, organizations are increasingly applying risk management processes and developing an integrated approach to risk management to improve the management of potential opportunities (ISO 2009;Eastburn and Sharland 2017;McShane 2018).
In the Polish legal system, risk management is one of the objectives of management control, which is obligatory not only in local government units, but also in other units of the public finance sector. The rules of its operation are defined by procedures and guidelines developed by the Ministry of Finance. Decision making in each unit, regardless of the sector, should be based on risk and uncertainty. It is extremely difficult to define risk clearly and precisely, and it differs depending on the area. It is much easier to tell what a risk is not. In the literature on the subject, it is sometimes equated with uncertainty, probability, threat, loss, but also with potential profit. Additionally, by measuring and managing its risks consistently and systematically, an organization strengthens its ability to carry out its strategic plan (Nocco and Stulz 2006).
In management sciences, risk is defined as a measurable probability that an economic entity, in connection with some aspect of its activity, will suffer a loss or may not achieve a previously planned result (Orzeł 2012). In addition, risk is sometimes defined as the possibility of failure to achieve the intended goal, i.e., negative deviation from the desired state (negative approach to risk) or any deviation (both positive and negative from the intended target (neutral approach to risk) (Domańska-Szaruga 2016; Eastburn and Sharland 2017). One of the precursors to the definition of risk in economics and management was FH Knight, who in the 1920s made a clear distinction between the terms risk and uncertainty, which had previously been used interchangeably. "Measurable uncertainty", while stressing that the uncertainty sensu stricto is immeasurable. Possibility of measurement, uncertainty becomes a risk (Ożga 2016). On the other hand, risk management means making decisions and carrying out actions leading to the achievement of an acceptable level of risk by a given entity (Rowe 2003;Jajuga 2009; Key Risk Indicators 2010). Additionally, risk management can also be referred to as a synchronized set of actions and approaches to direct an organization to minimize the risk for achieving the organizational goals (Gurtu and Johny 2021).
Risk management in accordance with the guidelines of the Minister of Finance for the public finance sector in the field of risk planning and management: these are procedures and policies, as well as coordinated actions undertaken by both the management of the entity and its employees. Moreover, this document includes the risk analysis as well as defines adequate responses to risk, increasing the probability of achieving goals and completing tasks (Komunikat Nr 6 Ministra Finansów 2012). Due to the fact that risk management consists of many interpenetrating and interdependent elements, it can be called a system (Komunikat Nr 6 Ministra Finansów 2012). According to Krzysztof Czerwiński (2004), risk management is a way of thinking, and documents and specific actions require the fulfillment of two basic conditions: • senior management should manage and support activities aimed at risk management, • risk management should be an integral part of the management process (Czerwiński 2004; quoted in: Sołtyk 2014).
F.H. Knight argued that the climax in shaping risk management standards was in 1995, when the joint technical committees of Standards Australia and Standards New Zealand developed and published for the first time AS/NZS 4360-Risk Management. The advantages of using risk management in the organization were also noted, including: • the willingness to increase the likelihood of achieving the core business objectives as a result of risk reduction, • intention to minimize financial losses, • intention to improve the learning processes of the organization, • the intention to increase the organization's resilience to crises and disruptions (Bugdol and Jedynak 2012;Domańska-Szaruga 2016).
The stages of risk management are presented in the figure below ( Figure 1) and have been developed in accordance with the ISO 31000 guidelines. The key issue in designing risk management solutions is adjusting it to the unit, i.e., the proper adaptation of solutions appropriate to the size and type of the organization.
It is assumed that the risk management system should be based on a compromise between the level of risk that the entity is willing to accept, and the costs associated with securing it against the risk. It is important that the relationship between benefits and costs is not disturbed. In the risk management process, the starting point is risk identification. According to procedure, the identification of events that may affect the functioning of the unit should take place every year. It should also be noted that employees are required to inform their superiors in the event of events that may affect risk management, especially if they identify a new type of risk or find significant changes in the assessment of a previously identified risk (Domańska-Szaruga 2016). It is worth emphasizing that the effectiveness of the risk management system determines the adoption of solutions for the early identification of risks, their classification, measurement, and then assignment to individual persons. An important aspect is the proper organization of the risk management system in each unit. As you know, the rules must be formalized and strictly defined. In local government units, it is usually organized according to the following scheme: • issuing an order concerning the introduction of a management control system; • as part of the management control system, introducing regulations and procedures describing the risk management process; • developing a template for the annual risk management report; • location of risk management in the organizational unit with an indication of the scope of responsibility of individual employees (Komunikat Nr 6 Ministra Finansów 2012).
Moreover, the identification of the owner of a given risk is important because it has been defined as one of the fundamental principles in the system design process. In the risk management process, each of the entities (head of the unit, management staff, audit committee, employees, risk management coordinator) has specific tasks and responsibilities (Komunikat Nr 6 Ministra Finansów 2012). The key issue in designing risk management solutions is adjusting it to the unit, i.e., the proper adaptation of solutions appropriate to the size and type of the organization.
It is assumed that the risk management system should be based on a compromise between the level of risk that the entity is willing to accept, and the costs associated with securing it against the risk. It is important that the relationship between benefits and costs is not disturbed. In the risk management process, the starting point is risk identification. According to procedure, the identification of events that may affect the functioning of the unit should take place every year. It should also be noted that employees are required to inform their superiors in the event of events that may affect risk management, especially if they identify a new type of risk or find significant changes in the assessment of a previously identified risk (Domańska-Szaruga 2016). It is worth emphasizing that the effectiveness of the risk management system determines the adoption of solutions for the early identification of risks, their classification, measurement, and then assignment to individual persons. An important aspect is the proper organization of the risk management system in each unit. As you know, the rules must be formalized and strictly defined. In local government units, it is usually organized according to the following scheme: • issuing an order concerning the introduction of a management control system; • as part of the management control system, introducing regulations and procedures describing the risk management process; • developing a template for the annual risk management report; • location of risk management in the organizational unit with an indication of the scope of responsibility of individual employees (Komunikat Nr 6 Ministra Finansów 2012).
Moreover, the identification of the owner of a given risk is important because it has been defined as one of the fundamental principles in the system design process. In the risk management process, each of the entities (head of the unit, management staff, audit committee, employees, risk management coordinator) has specific tasks and responsibilities (Komunikat Nr 6 Ministra Finansów 2012).
Risk identification should be systematic and repeatable, adjusted to changing conditions on an ongoing basis, but also related to the planning process. An interesting approach to the issue of risk management is presented by T. Gasiński and S. Pijanowski, using the Pareto principle, according to which: in each organization, approx. 20% of key risk factors are responsible for 80% of the potential losses or the failure to take advantage of 80% of the possible opportunities. Therefore, managers should focus on these 20% of scenarios, both positive, involving the use of opportunities, and negative, related to the materialization of threats (Gasiński and Pijanowski 2016). It should also be remembered that the proper identification of risks should consider the specificity of the organization, its tasks and goals, but also its further and closer environment. Of course, there is no single, proper identification method, but the guidelines of the Minister of Finance propose exemplary techniques: lists of potential events, moderated workshops and interviews, process analysis, and brainstorming (Komunikat Nr 6 Ministra Finansów 2012). However, in the identification and analysis of risk, the following analysis tools can also be used in strategic management: • stakeholder analysis, • analysis of strengths, weaknesses, opportunities, threats (SWOT analysis-strengths, weaknesses, opportunities, threats), • analysis of the political, economic, sociocultural, technological, environmental, and legislative environment (PESTEL analysis-political, economic, sociocultural, technological, environmental, legal) (Gasiński and Pijanowski 2016).
The indicated tools, however, are rarely used in local government units. When identifying a risk, the following categorization of risks is typically used: • financial (budget, fraud and theft, insurable, public procurement and outsourcing, liability), • human resources (personnel, health, and safety), • activities (internal regulations, organization and decision making, internal control, information, image, IT systems), • external (infrastructural, economic, legal, political environment) (Komunikat Nr 6 Ministra Finansów 2012).
However, it should be emphasized that the above-mentioned risks are not an exhaustive list, and they can only be an indication for persons responsible for the risk management system. An important element in the risk management process is the determination of an acceptable level for each type of risk by decision-makers. The risk assessment methodology includes various types of techniques, both qualitative and quantitative, that allow the estimation of the risk significance ratio, which is calculated based on the likelihood of the risk occurring and its consequences: The risk significance factor = probability of risk occurrence × consequences of risk occurrence It is worth highlighting that the likelihood of a risk occurrence and its effect can be assessed using a point scale. For this purpose, 3-, 4-, or 5-point scales are most commonly used. It is particularly important to adopt uniform rules for the entire unit. After performing the risk analysis, it is possible to systematize the risks and prepare a map showing how individual types of risk are assessed (Komunikat Nr 6 Ministra Finansów 2012).
For each of the analyzed risks, you should define the actions that are necessary to reduce the risk to an acceptable level (Rowe 2003;Jajuga 2009; Key Risk Indicators 2010). When the risk significance factor is low, usually no actions are taken to lower its significance to an acceptable level (risk tolerance). However, in the event of a significant risk, specific actions need to be taken, possible responses include: • transfer (transferring some or all the risk to another entity), • recall (departure from risk-related activities), • action (taking actions to reduce the risk to an acceptable level) (Komunikat Nr 6 Ministra Finansów 2012).
Understanding the risk profile of a given entity is also related to keeping a risk register in paper, spreadsheet, or database form, or using a specialized program dedicated to risk management. An exemplary risk register (Table 1) was proposed by the Ministry of Finance and contains all information about the types of risks that have been identified in the unit. One of the fundamental principles in the organization and management of the risk system should be the belief that it is not a burden for the individual, but the basis for its proper functioning. Effective risk management not only enables the provision of public services at a higher level, but also contributes to a better use of resources, reduction of waste, and a more efficient introduction of various types of innovations (Domańska-Szaruga 2016). Moreover, the management control and risk management system contribute to the rational management of public funds. What is more, it also has a huge impact on minimizing the occurrence of risk factors that generate, consequently, premises resulting in violation of public finance discipline (Sołtyk 2014).

Materials and Methods
The author focuses on Polish local government units because the management control system is a relatively new solution. The Public Finance Act of 27. August 2009 obliged the heads of public finance sector units to develop and implement a management control system (from 1 January 2010). Therefore, on 1 January 2021, 11 years have passed since the implementation of the system in the Polish public sector. In the author's opinion, it was a great opportunity to reflect and check how the adopted solutions work in practice. Thanks to the conducted research, it is possible to identify irregularities and propose certain organizational solutions.
The purpose of the conducted research was to check how the management control system and risk management function in local government units. The key issue was also to test the knowledge of the principles of management control by employees. Therefore, at the time of designing the research, a research question appeared: Do the employees of local government units understand the essence and scope of management control and risk management?
The article was prepared according to a pragmatic approach, which recognizes the practical consequences of actual effects as important components of meaning and truth (Rossman and Wilson 1985). Moreover, the pragmatic approach is focused on solving prac-tical problems and its basic criterion is effectiveness in making changes that are to lead to an increase in the effectiveness of the organization's functioning (Sułkowski 2016). According to this approach, it is justified to choose Mixed Methods Research, in which collect and analyze data, integrate the results, and draw conclusions using both qualitative and quantitative approaches or methods in a single project or research program (Creswell 2009(Creswell , 2013. The research was carried out using desk research and a questionnaire. The desk research concerned legal acts and research reports on the management control system. In turn, the survey questionnaire was created in Google Forms and contained 20 questions. Questionnaires were sent by e-mail to communes and districts in two voivodeships. The research was conducted in 2019.
To assess the functioning of the management control system, the issues related to the understanding of management control by employees, understanding its objectives, knowledge of internal rules, the scope of employees' responsibilities, and promotion of the principles of ethical conduct, and risk management were examined.
As a result, 200 questionnaires were received, completed by the management and employees of local government units. Of the survey participants, 60% were women, while 40% were men, and the most populous group was people aged 36-50 (52% of respondents), followed by people over 50 (27%), and people under 35 years of age making up 21%. The questionnaire also included data on the number of years of work in LGUs, the respondents indicated: 44% over 15 years, 30% of the respondents between 3 to 10 years, 22% of the respondents 11-15 years, and 4% of respondents under 3 years. The research group consisted of managers (47% of respondents) and employees (53% of respondents) of local government units. The questions constructed in the survey concerned several issues: the management control system, its self-assessment and risk management. The aim of the research was to check the understanding of the concept of management control and risk management by the management and local government employees. As noted, the conducted research concerned the entire management control system, one of the elements of which is risk management.
In the private sector, risk management issues are well known and fit in with the corporate governance principles. However, in the public sector, the issues related to managerial control and risk management are relatively new phenomena. The responses obtained in the research process will be presented and discussed below. The first question in the questionnaire concerned the concept of management control, and the respondents were asked to describe their understanding of this principle in their own words. The results of the research showed that the majority (60%) of the respondents indicated the normative definition of management control. Others (26% of respondents) answered that the system is equated with a process aimed at achieving the intended goals. However, there were also answers (14% of respondents) which show that not everyone understands the essence of management control, defining it, inter alia, as: control of the management method in the organization.
The above answers show that some people treat management control as another form of control. The answers are disturbing because the lack of understanding of the essence of management control certainly does not affect its effectiveness.
In the conducted research, the 7-point Likert scale was used, and the respondents were asked to determine the significance of each of the management control objectives (compliance of operations with legal regulations and internal procedures, effectiveness and efficiency of operations, credibility of reports, resource protection, adherence to and promotion of the principles of ethical conduct, efficiency and effectiveness of information flow, risk management). The respondents had to choose an appropriate numerical value for each of the management control objectives (1-definitely irrelevant, 4-undecided, 7definitely significant). Research confirms that data from Likert scales becomes significantly less accurate when the number of scale points drops below five or above seven (Johns 2010). Therefore, it was decided to use the 7-point Likert scale. The results show that the respondents mostly considered the indicated goals to be definitely significant or significant from the point of view of the unit management. It is worth paying attention to one of the objectives of management control, which concerns the observance and promotion of the principles of ethical conduct. The fact that the legislator drew attention to ethical issues indicates that this is an important issue in the management process also in the public sector. The introduced guidelines, based on integrity and promoted in public life, foster trust in public sector organizations. Another emphasis on the ethical dimension appears in the standards of management control, which were developed by the Ministry of Finance. It is noted that the management and employees should be aware of the ethical values adopted in the unit and respect them in the performance of assigned tasks. Accordingly, two ethical questions appeared in the questionnaire. The first referred to the mechanism of controls that would reveal unethical behavior by management or employees. The respondents (66%) indicated that such mechanisms exist in their units. However, it is the answers denying this fact (14%) that are worrying, because the units are not equipped with these types of tools, and the answers I don't know (20%), which may indicate disregard by the staff of such solutions. Another question related to the code of ethics in force in the unit or other regulations that would promote the ethical behavior of employees. Almost 87% of the respondents indicated that their units had such documents. In the next part, there were questions about risk management. The first question in this area concerned documenting the risk management in a given unit, and 81% of the respondents indicated an affirmative answer. However, the answers no (8% of respondents) and I don't know (11% of respondents) are puzzling, which may indicate the lack of appropriate procedures and the lack of interest on the part of some officials. Another issue related to the techniques that are used in risk identification. The respondents could choose more than one answer and enter their own examples. Most of the respondents (60%) indicated that it was a process analysis, followed by creating a list of potential events (36%), brainstorming (25%), and moderated workshops and interviews (5%). Moreover, 4 people (2%) indicated that they do not know what techniques are used. There was also a question about the participation of employees in risk identification-65% of respondents indicated that they participate in it, while 20% of respondents answered that they did not. The answers I don't know are puzzling-15% of the respondents. The next question raised the issue of the use of IT programs supporting the risk management process, and as many as 66% of the respondents indicated that such solutions are not used in their unit, while 30% of the respondents stated that they do not know. Only 4% of respondents indicated an affirmative answer. The last question concerned the functioning of internal audits. In most units (79%) there is an internal audit, but 2% of the respondents indicated the answer I don't know.
The obtained results reflect only fragmentarily the functioning of the management control and risk management system. The author realizes that the research group is not representative enough to formulate general conclusions about the management control systems in local government units. The research results are only intended to help identify problems that may arise in other units located throughout the country. Therefore, the author recommends conducting research in other local government units in Poland. The research may be conducted with the use of desk research (legal acts, statements on the state of management control) and questionnaires. Moreover, it is recommended to conduct in-depth interviews or focus research with employees and management of local government units. The use of focus research will help to identify irregularities, but also allow for the development of solutions aimed at improving the functioning of the system.

Results
The implementation of the management control system, which includes risk management, may be an organizational challenge for some units. The main purpose of the conducted research was to present the general principles of the organization of the management control and risk management system and to test the knowledge of its essence and principles by the employees of local government units. The effectiveness of management control largely depends on the way employees of the local government unit perform the resulting duties. Each local government unit is different, has different goals and tasks, but also different difficulties and challenges. Therefore, it is the managers who need to know what to do to best accomplish the tasks of his unit. Based on the research results, it can be concluded that the basic determinant of the operation of management control is incomplete understanding of the essence and philosophy of management control by employees and the management of the surveyed local government units. In addition, disclosed nonconformities may result from failure to consider the guidelines provided for in the regulations and management control standards developed by the Ministry of Finance. The adopted research method allowed for the formulation of a general conclusion that the organization of the management control and risk management system in LGUs requires increased awareness and a change in the mindset of people responsible for making decisions, but also ordinary employees who are a key link in the management process. Legal regulations and standards in the field of managerial control and risk management are formulated in a general manner and allow for high flexibility and freedom, while maintaining certain principles and proportionality. While in large entities the use of complex structures and procedures may be justified, in smaller entities, it may disturb the proper relation of benefits and costs.
Moreover, in some local government units, an internal audit is carried out to assess the management control system. However, it should be emphasized that internal audit is carried out in local government units if the amount of income and revenues or the amount of expenses and outlays included in the budget resolution of the local government unit exceeded PLN 40,000 PLN. It is also possible to conduct an internal audit if the relevant managers decide to conduct it (Ustawa z dnia 27 sierpnia 2009 roku o finansach publicznych 2009). The analysis of documents and the results obtained during the research allowed for the formulation of several conclusions and recommendations relating to the organization of the management control system and risk management: 1.
The research results show that there is a need to conduct training for employees in the field of increasing the knowledge of the principles and essence of management control and risk management. Some local government units should put more emphasis on increasing employees' awareness of the functioning of the management control system. The dynamics of changes and the current epidemiological situation should force decision-makers to take actions aimed at active involvement of employees in the risk management and management control process. 2. The management control system, an element of which is risk management, should be organized in such a way as to have a real impact on improving the effectiveness of management and of the quality of services provided. Procedures are an important and key criterion, but they must not obscure the real problems of the organization. The goal should be to improve the processes taking place in the unit.

3.
Improper organization of the risk management process may lead to dysfunctions, resulting in a violation of public finance discipline. Therefore, in each local government unit (regardless of its size), IT programs should be implemented to support the risk management process. It is also crucial to create organizational units or delegate people who will coordinate the risk management process.
4. The management control system requires ongoing monitoring. When designing control mechanisms, one should consider the costs incurred not only for their implementation, but also for their operation. It is commonly believed that the costs of their implementation should not exceed the benefits obtained by them. In the public finance sector, it is also important due to the general rule concerning the management of public funds, which was included in the Act on Public Finance of 27 August 2009, according to which public expenditure should be made in a targeted and economical manner. 5.
The management control and risk management system should be perceived as a tool supporting the management process. Therefore, it is necessary to build awareness, but also a sense of responsibility in all employees. 6.
Building an effective management control and risk management system is not a oneoff action. Local government units, based on their own experience, but also those of other entities (benchmarking), should implement new solutions or modernize those that have already been adopted, if possible. Therefore, it is recommended to create a catalog of good practices and solutions in the field of management control and risk management, which are successfully applied in other local government units. The research carried out by the author among the employees of local government units, the analysis of documents, and the reading of literature on the subject allowed for the formulation of one more conclusion, which may be a summary of the entire article. There is a concern that the management control and risk management system in Polish local government units is fragmented and insufficient-even though it is usually properly documented, it does not fit into the strategic management framework. Therefore, 11 years after the implementation of the management control system, it is worth considering the modernization of the existing system solutions. Moreover, a properly organized management control system helps to reduce strategic and operational risk, which is important for any public organization.

Conclusions
The issues discussed in the article are extremely important considering the pandemic situation and new challenges facing each of the three sectors. Ensuring the proper functioning of local government units and the performance of public tasks is crucial for the quality of life of citizens. Moreover, the current epidemiological situation requires organizations to learn to function in a turbulent environment. To summarize, it can be concluded that the basic determinant of the operation of management control is understanding of the essence and philosophy of management control by employees and the management of the surveyed local government units.
In the article, the author tried to propose practical tips that may improve the functioning of the management control and risk management system. Of course, the proposed improvements are not a closed catalog, they are only a pretext to start further research on the quality of the management control system and risk management in the Polish public sector. A properly functioning management control system may contribute to the improvement of public service provisions, better use of resources, and may also prevent wastage.
Funding: The publication of this paper has been partly supported by the University of Information Technology and Management in Rzeszow.

Institutional Review Board Statement: Not applicable.
Informed Consent Statement: Not applicable.

Conflicts of Interest:
The author declares no conflict of interest.