Enterprise Risk Management: The Public Sector (I)


Case: Nigeria’s response to the Ebola outbreak- On 20 July, 2014 a symptomatic air traveler whose sister had just died from the Ebola virus in Liberia entered Lagos, Nigeria, and was driven to a private hospital, where he told staff he had malaria. Over the coming days, 9 doctors and nurses became infected with the virus and 4 of them died.

After the Ebola virus was announced as the causative agent on 23 July, the public health agency swung into action. No one believed that effective contact tracing could be undertaken in a chaotic and densely populated city like Lagos, with many poor people living in crowded slums and a population that swelled and ebbed every day as people came to the city looking for work. Many envisioned an urban apocalypse.

That explosion never happened, thanks to leadership and the public sector response through effective coordination that was both immediate and aggressive.

The government generously allocated funds. Isolation facilities were built, as were designated Ebola treatment facilities. House-to-house information campaigns and messages on local radio stations, in local dialects, were used to ease public fears.

In what W.H.O described as a “spectacular success story”, the country held the number of cases to 19, with 7 deaths. World-class epidemiological detective work eventually linked all cases back to either direct or indirect contact with the air traveler from Liberia. Nigeria was declared free of the Ebola virus transmission on 20 October.

The fast and effective response by the various agencies to manage the Ebola crises was proof that the public sector in Nigeria is capable, and can respond well in times of crises. The lesson is to shift from being reactive to a proactive stance. Risk management frameworks provide the proactive solutions to manage potential health or other crises.

Public sector organisations (MDA’s – ministries, departments and agencies) must be agile and ready at all times, and not only in a crisis. Three internal forces of resistance that make it hard to become agile without a crisis and to maintain that agility after it ends, include, a cultural aversion to risk, functional silos, and organisational complexity.

The public sector is characterised by a cultural aversion to risk. Government officials, for example, worry about being wrong, angering superiors, and alienating other agencies more than they become excited about proposing new programs, developing faster operating models, or piloting new partnerships. Without an imperative to act (such as the profit motive in the private sector), it’s rational to seek ever more information, to conduct additional analyses, to await permission, or to optimise for the interests of the “tribe” rather than the organisation as a whole. The range of stakeholders to satisfy and scrutiny from the media further diminish the willingness of public-sector executives to take risks.

It appears that only crises situations cause people in the public service to stick out their necks. At that point, inaction itself becomes a risk, and entrepreneurship and best-effort judgments are rewarded. Errors are no longer feared; they are expected, accepted—and corrected.

The existence of layers of management structures and functional silos often force decisions up to higher and higher levels of authority. In a typical government ministry for instance, where there are several agencies, it is difficult to integrate activities across functional, agency, and geographic lines.

The ingrained culture of micromanagement and bureaucracy in the public sector is such that recommendations and approvals must be passed from one level to the next one above, which tends to slow things down tremendously.
In a crisis, however, the urgent need to come up with solutions often breaks down typical barriers between agencies. Rapid, cross-agency, and often personal engagement replaces slow-moving, territorial communication, often through lengthy reports. Leaders develop solutions together and share credit for them. Averting a crisis is a team sport.
Another reason for the slow response in the public sector could be the organisational complexity that obtains. Public-sector organisations are among the largest, most complex in existence today. Complexity makes getting things done harder. Government procurement regulations, for instance, are very complex with tens of thousands of pages of rules and policies.

But in times of crisis, when bureaucrats say that something can’t be done quickly, other bureaucrats ask why not. Suddenly, it becomes obvious that the force behind many rules is habit, not law. In the Ebola case study, the rules were revised to provide for greater transparency and faster decision making.

In contrast to risk management in the private sector, public sector risk management affects much of the population, and so should generate a great deal of political interest and some controversy. It is also particularly complicated, and often problematic – not least on account of the numbers of people involved, the tradition of strong employment protection and high levels of trade union representation. The rationale for public sector risk management is also very different to that in the private sector, one important factor being that it is not motivated by a decrease in demand for its services. Recent needs for public sector risk management has almost exclusively been triggered by the dire state of public finances and tightening budgets.

In recent years, the federal government has been on the receiving end of new legislation and regulations that require it to better manage risk and improve controls in various areas. Generally, to comply with the requirements of each of these new mandates, agencies have had to put in place compliance programs. This silo approach to compliance is costly and does not optimise value. This column in the coming weeks will explore how public sector managers can help guide their agencies to take a more holistic approach to risk management by implementing an Enterprise Risk Management (ERM) framework system. This approach helps reduce the total cost of compliance, while helping agencies achieve greater value from their risk management activities.

– Mbonu, FERP, CIRM(UK), HCIB, MsRM (Stern), studied Engineering, is an experienced Banker and Enterprise Risk Management professional. Earned a post graduate degree in Risk Management from New York University Stern School of Business, and is a member of the Institute of Risk Management -UK. Can be reached on 09092092046 (SMS Only); email: rm4riskmgt@gmail.com