Public Organisation Risk Management

Traditional or technical risk management practices have been observed in local governments since the early 1960s. These practices tended to focus on the management and control of insurable risks (fires, thefts, and liability suits), as well as responsibility for insurance purchasing, for occupational safety and health, security, and similar matters. Later, financial risk management became a rather distinct technical practice, among other technical additions.

Chapter Three focussed on developments since the late 1980s, notably a general trend of expansion and extension of risk management followed closely by a rapidly evolving view – both in academia and in practice – that risk management should take an organisation wide and integrated stance and that this integration would be demonstrably value adding. Recent legal, regulatory, and best practice initiatives have further accelerated the expansion of risk management. But while this expansive view, ultimately emerging as enterprise risk management (ERM), is well advanced in the private sector, it has not penetrated the public sector in any significant way. And, indeed when it has been applied, it has revealed several fundamental problems. As a result, the current state of risk management is somewhat less easily summarised than might be expected. Traditional (hereafter ‘technical’) practices remain uneven, though widespread; holistic ERM-like efforts are somewhat widely – but inconsistently – implemented in the private sector while in the public sector technical practices are seen, though to a lesser degree, and there have been very few ERM adoptions. Nevertheless, as sometimes happens, the presence of an idea (ERM) has been highly influential and sufficient to reorient thinking about risk management.

For discussion and clarity purposes, this chapter introduces the concept public organisation risk management (PORM). Clarity is important, but the concept PORM serves a second function here. It provides a label that allows actual technical practices to be linked to the ERM ideas that shape thinking about risk management in the public sector. Furthermore, this concept also allows for the inclusion of some even more recent developments (beyond ERM) that will lead to an alternative framing of risk management in the final chapters. PORM, therefore, ultimately involves an inclusion of past, present, and future thinking about risk management in public sector organisations.