Effective risk management in public sector enterprises
Poverty Reduction Strategies (PRS), Millennium Development Goals (MGDs), Structural Adjustment Programmes (SAP), Economic Recovery Programmes (ERP), and the other numerous multilateral and bilateral packages have for sure not given us the trajectory of wealth and prosperity.
These strategies did not and have not provided a clear way of sealing off leakages and managing risk to avoid a pouring-water-into-a-basket sort of a situation.
So the agendum has been poverty reduction instead of wealth creation to mimic the Asian tigers and the most competitive nation in Africa and the Middle East.
The reason is more likely to be due to lack of robust public sector risk management and the effects of investments and capital leakages out of resource regions and the wider economy.
Moreover, the continent has spent more time and efforts submitting (rather than collaborating) to “superior management” than mobilising internal resources to create and accumulate wealth now and for generations to come.
The way forward for us in Africa and Ghana in particular, is a risk-based approach to creating and managing wealth. A public sector risk based strategy will suppress and identify risk drivers and any activity or recommendation that derails the net worth on the country’s balance sheet.
Risk management has never been more significant for financial institutions and the public sector as the nation sets development agenda to attain goals set within visions.
While the processes are being more progressively embraced, risks are certainly not static and the demands are ever increasing with boundaries of management always expanding.
Evidence shows that risk management (operational, business, reputational, market, credit among others) plays an integral role in financial planning for 81 per cent of financial institutions as well as municipal and district authorities. Risk management is intimately tied to strategic planning.
The major risks facing the public sector include negligence, self-centredness, critical incidents and business continuity, wrong partnerships, blurred vision, wrong investments, misapplication of capital, failure to achieve objectives, service delivery, and operational lapses (human, safety, technology, and processes).
Public Sector Risk Management should be a co-ordinated management of all risks. This framework serves to include risk-taking where it thrives to meet overall organisational objectives.
This wider concept of risk management, known as ‘enterprise (organisation) risk management,’ emphasises that risk management is a general management task that pervades an organisation, is glued to the organisation’s overall strategic plan, and serves to facilitate the operational triumph of organisational goals and objectives.
Covering this body of reference, risk management is not something of a mere departmental management practice on a public body; it is rather an organisational value that informs and supports the duties and activities of all managers and employees. Risk management should be considered from the outset of every project, built into the allocation of resources and covered in the training of public sector workers and officials.
Developing risk intelligence from risk data collection, migration and risk modelling should therefore not be left for the next generation.
Now is the moment to conduct risk identification and assessment in the public sector and establish the basic causes of risk at both stand-alone and connected levels for public sector improvements, public safety uplift and reduction of the public confidence liability.
Measurement, management, and reviews of risk drivers and risk strategy development will surely constitute a clearer spectacle for prevention of investment leakages (both within and without) and for improved management and faster achievement of goals and objectives.
Managers of public sector institutions must now begin to look into risk management blueprinting and implementation and provide assurance in delivering information system controls to protect business and public sector information assets.
In addition, more should be done to ensure consistency in system implementation, business process and application reviews, data management and the entire life cycle of risk engagement.
Overcautious approach to public sector management can stifle innovation, impede progress creating a box-ticking blame culture where minor risks are over-managed and major risks are missed. “Risk appetite”, “risk registers” and “risk management” envisions a culture in which public bodies take “well thought-through risks where the long-term rewards are anticipated to be greater than any short-term losses”.
There is a need for a breadth and depth of expertise to help public sector managers address pressing issues including: Integrating risk management into wider business processes and performance catalogues to improve ‘risk culture’; investigating the assurance needs of business models; making sure appropriate governance structures are emplaced: adequate risk management and assurance for effective senior reporting; and improving the effectiveness of audit committees.
Risk management in the public sector must engage stakeholders to protect assets, reputation, and future successes.
Public agencies must build capacity to align IT and business processes to help enable simpler, faster, and more cost-effective execution of enterprise risk management and compliance initiatives.
Institutions must identify, employ, and share best practices for risk management and compliance internally and externally, connect different systems to help give employees a holistic approach to achieving effective risk management and compliance, integrate with legacy systems, to enable the organisation leverage of existing technology investments, ensure corporate rules are followed and help secure systems, documents, and records from unauthorised or unintentional access.
In the process there will be a provision of records to track who has accessed documents at what time and simplify document management and help ensure that the institution complies with requirements on how to store, retrieve, archive, and dispose data.
If risk assurance efforts remain incongruent, public institution will be limited to responding to risks reactively.
By successfully balancing risk and control, public sector organisations can significantly augment the value delivered to stakeholders. Organisation must speed up efforts to integrate risk assurance related activities by assessing risk profile, analyse risk profile, strengthen its distinctive ‘wiring’ and its wider operating environment.
With the increasing need for efficiencies across the public sector, and the aspiration to deliver shared business services across government, a new strategy for creating awareness and management risk is essential.
The management of risk is a fundamental responsibility of government. Whether risks arise from the physical environment, the economic environment, or even from changes in voter preferences, public institutions have a broad responsibility to assess and address the risks that impact the community they serve and their organisation.
Imposing Best Value Regime on public bodies, will not only force them to perform more efficiently, effectively and responsively but also develop best practices and bench-marking criteria to exhibit brighter performance. Public Sector Risk Management addresses the major challenges facing public bodies today and measures the impact of failure for better future decisions.
It provides risk innovations and blueprints that inject value of public good in financial terms. The process removes scepticism from public minds and engages all to deliver the optimum best for faster economic growth and a more sustainable creation of wealth.
Credit: Dr Samuel Frimpong Boateng
Source: Daily Graphic