Enterprise Risk Management: The Public Sector (II)


The response to the Ebola outbreak by the various agencies was proof that the public sector in Nigeria is capable, and can respond well in times of crises. This required interagency and intergovernmental coordination, and included decisions that had to be implemented through a variety of MDA’s (ministries, departments and agencies). The capacity to coordinate crises management is a fundamental element of good governance, as it tests government’s ability to provide the appropriate responses at the right time and mitigate the impact of disasters.

Public sector MDA’s must be agile and ready at all times, and not only in a crisis. They must recognise the need to weigh the probabilities of what could go wrong before it happens.

The role of government involves the delivery of essential services, successful execution of projects and protection of citizens. Risk knowledge is at the foundation of this mandate for successful project delivery, and crises and emergency preparedness. Enterprise Risk Management (ERM) principles have been tested abroad for agencies to undertake as a solution for mitigating various agency risk activities all together. It enables response planning through a holistic risk assessments by analysing hazards, threats and vulnerabilities across agencies.

ERM redefines the value proposition for public agencies by providing the processes and tools they need to become more anticipatory and effective in managing uncertainties. By better managing risk at an “enterprise” level, government can run more efficiently, resulting in more missions accomplished, fewer surprises and greater public trust.
Enterprise risk management (ERM) has demonstrated its value in the private sector. The public sector can utilize the principles of this proven method to better manage risks that tend to hide in complex bureaucracies with limited interdepartmental communication.

Building on the evolution of risk management, ERM recognises that risks can be threats and opportunities, and are an agency-wide daily concern that is embedded in the operations. ERM transforms risk management from a silo approach to a holistic approach that can be coordinated at the highest level within MDA’s.

ERM is a means to an end, not an end in itself. The process of implementing ERM is fundamentally a process of education: building awareness, developing buy-in and, ultimately, assigning accountability and accepting ownership. It should be viewed as a commitment to continuous improvement.

There is no doubt that the next few years will present unprecedented challenges to those tasked with delivering Nigeria’s public services. Oil price fluctuations leading to budgetary pressures will have an effect on all major services, not least education, infrastructure development, internal security and health. This will also have a dramatic impact on local government service provision, as well as the work currently carried out by community and social organisations (CSOs).

The effects of the economic downturn and associated demographic changes will compound these pressures, as there will continue to be a rise in demand for the services offered by the public service. The recession is likely to lead to an increase in social impacts such as crime and health problems, sub-optimal maintenance of existing infrastructure, and support services for disadvantaged communities – among a myriad of other problems.

Some key challenges which public service providers face include: Economic Volatility; Geopolitical Volatility; Technology Advances; Climate Change; and Financial Misappropriation. The combination of these interlocking challenges, create a complex matrix of risks for those delivering public services. The list of risks include: Loss of funding and financial instability; Short-term decisions with long-term implications; Partnership working & supply chain challenges; Damage to reputation; Loss of community cohesion; Workforce planning challenges; Emergency & crisis response threats; Data loss & privacy incidents; Failure to manage organisational change; Climate change threats; Demographic change and Governance & regulatory failure.

All of these risks are serious and a combination of some of the most likely and most severe risks could be hugely damaging, not just to the agencies concerned, but also those receiving their services, and society as a whole.
Using any agency as an example, the ultimate objective of implementing ERM is the management of risks. To direct and control the effect of uncertainties on objectives, carried out using a specified set of processes defined in a risk management framework, supported by a risk management system embodied in chart of roles and responsibilities.

Before implementing ERM, leadership needs to develop a shared vision of the role of risk management in the agency. A shared vision is a call for action to drive the organisation to identify, design and build the risk capabilities needed to close significant gaps and make selected risk responses happen. To set objectives, leaders must define those goals within the context of the agencies mission and strategy. Such an exercise requires asking critical questions, including: – What is it we are trying to accomplish as an agency – what is our mission? Which specific future events could interfere with our ability to achieve these objectives? What are our expected outcomes? If we accept risks or exposures that are inherent to our services, do we have sufficient resources to achieve our objectives, despite any anticipated setbacks?

Honest answers to these questions provide a powerful context to define its next steps, as well as its risk appetite, which is the amount of risk the agency is willing to accept in pursuit of its mission.

Again, it is important to remember that ERM is a journey, and that success will not be achieved overnight. The next article, which will be the concluding in this series, will address the “HOW” – steps for implementation of ERM in the public sector.