Enterprise Risk Management: The Public Sector (III)

Risk management is not a new concept within the public sector. What is needed is to integrate risk management into the strategic and decision making processes that cut across ministries, departments and agencies (MDA’s), and abandon the outdated practice of managing risks within functional silos. The adoption of Enterprise Risk Management (ERM) makes this possible.

Recent failures in the private sector have put a spotlight on enterprise risk management as a critical component of an organisation’s overall health and long-term sustainability. Studies and other writings have shown that ERM can and does help companies perform better. It was found that organisations that have embraced ERM have realised a concrete advantage in their risk management competency. The purpose of this concluding three part article is to provide public sector managers with the “HOW” and “WHAT” to consider when implementing ERM.

In response to the public’s demand for change, government managers as well as those within the public sector must find ways to weave risk management strategies and tactics into their everyday operations and strategic decisions at the highest level. ERM is fast becoming an important activity for many agencies to undertake as a solution for bringing various agency risk activities all together. While traditional risk management has its merits, it is often still carried out in silos, leaving the “white spaces” between organisational functions “open to interpretation.” ERM challenges the status quo and requires managers and leaders to step out of their organisational comfort zones and into a collaborative environment to discuss not only common risks, but uncover latent risks as well.

While there is great expectation and hope for this management practice, there are very few success stories and best practices available in the public sector in Nigeria to benchmark. This may be due in part to the multiplicity of missions and objectives of government agencies, which makes it difficult to achieve a uniformed approach to ERM.

The lack of a standard methodology across the public sector should not discourage agencies from implementing ERM, as variations in ERM are expected. Each agency brings a unique perspective to ERM, driven by different goals and objectives. Despite these differences, each agency can use the approach of one of the established risk management standards and frameworks as working models. The overall approach of each of the standards is similar, and should be selected based on relevance to particular circumstances. Some of the best established standards include ISO 31000 (2009), the Committee of Sponsoring Organisations of the Tread-way Commission (COSO) Enterprise Risk Management Integrated Framework and the Canadian Integrated Risk Management Framework.

The decision to implement an ERM program which must be guided by a certified specialist, must include the investment to train workers to change their mindset and attitudes to risk. ERM is an initiative that is championed by the highest level of management, driven down into the organisation. To get started, a summary of the following steps can be taken:- a program implantation must start with developing a risk management lexicon to ensure consistency of terminology across the MDA • Establish a communications plan • Customise ERM strategy, approach and methodology based on the specific requirements.

The next stage is organizing for ERM by establishing a Risk Office • Have a dedicated “risk champion” with good communication skills • Head of the risk organization /”risk champion” should be a member of executive management –preferably at director level in the civil service • Establish and maintain executive level support, ideally from the highest levels in the MDA.

Then comes the development of the ERM framework. This will entail: – Designing a policy that outlines the organization’s expectations regarding the management of risks, the strategy, appetite, attitudes and philosophy • Document the process and analysis so that it can be replicated • Design the risk architecture which defines roles and responsibilities. This will involve engaging those who manage risks, as well as areas with inherent risks, to develop analytical tools and techniques • Seek diverse perspectives on issues, as they are critical to risk and opportunity management.

Like everything else, implementation of an ERM program is not without its challenges and limitations. It must be driven with commitment and will take time and dedication to achieve. Limitations result from the realities that human judgment in decision making can be faulty. Other challenges include, insufficient sponsorship of ERM at the executive level and competing priorities. Federal government regulations and requirements, a lack of understanding about risk management and lack of qualified risk management professionals and expertise all add to the challenges.

For many agencies, it will take a holistic approach across the entire organisation to realise the full impact of risk management. For others, having some variation of ERM, no matter the scale or scope, will be enough to point the agency in the right direction towards better performance, management, and results.

The effort to integrate risk management and tying risk processes together through ERM will separate adaptable and responsive MDA’s from stagnate ones. ERM in the public sector is essential if government is to take a proactive stance in crises management, and projects and service delivery. This way government can play their proper role in the long-term development of our economy and society, and in the protection of our natural environment.

Related Articles