Search results

Understanding the context of any subject is crucial and this is certainly true of risk management in the public sector. Undoubtedly, what we face today is the highly path-dependent result of what has happened in the past. And, what happens today in a local government, for example, is very much influenced by the wider current situation that surrounds it. Further, it must be said that even the future can be part of the present context (climate change would be a stark example of this).

Described in this way, it seems a daunting challenge to understand past, present, and future – and, indeed, it verges on the impossible. The remaining chapters of this book revisit the context through the lens of the various components of risk management (assessment, analysis, forecasting, and more) and by looking at the present and future through the concepts and principles used by risk managers. Here, in Chapter Three, the issue of context is first considered by examining the relationship between past and present with specific reference to risk management as a management practice. Thus, the chapter does not specifically address how uncertainty is assessed, or how insurance is used, or even how a risk management programme operates – these are topics for later chapters. Rather, the history of risk management is presented as a narrative that seeks to explain how risk management has evolved into what it is today.

Finally, the chapter leads into the present by providing an overview of the current public environment in Europe. This allows the book to develop both a history of how risk management became what it is today, and to understand the key risks and uncertainties that define the current context. Chapter Four presents the administrative nature of today’s practices and offers some speculation about alternative ways of thinking about risk management practices now and in the future.

The evolution of risk management has placed some emphasis on the language of risk management practices. The classic categories risk control and risk financing, as umbrella terms for the range of risk management tools that may be employed, are still widely used – but as has been pointed out elsewhere in this book, the broadening of risk management has led to a reconsideration of the continuing accuracy and usefulness of the older terminology. For example, historically the term insurance-buying was expanded to include risk financing, which allowed recognition of newer, non-insurance tools. Similarly, loss prevention became risk control to include risk reduction, risk distribution, hedging, and more. More recently, risk treatment has emerged as a term that encompasses both the control and financing categories.

One of the significant changes in practice is the inclusion of opportunities that may arise from risks. Here the terminology has not quite kept pace with changes in the field. Additionally, while assessment and analysis has long captured the idea of evaluating risks and uncertainties, the more explicit inclusion of uncertainty, along with emergent phenomena, complexity, and the unknown/unknowable has led to questions about whether risk control meaningfully conveys the essence of these activities. The search for an alternative terminology is ongoing, but for the time being the term adaptive response (AR) is used here, which refers to a range of actions that could be taken to capture the full range of exposures.

Chapters Nine and Ten continue to use the term risk financing. This is more of a concession to practicality as, in any other setting, financial measures logically are ARs. Nevertheless, there are technical and substantive reasons to maintain some separation. But even here, the pressures of change are being felt. For example, while most risk financing arrangements focus on addressing the costs of risk (e.g. indemnifying an organisation for losses), the role of financial measures in encouraging or discouraging certain practices – including paying the risk manager’s salary, or incentivising certain desired practices – has historically not been considered in discussions

This book is about risk management in the public sector, in general, and particularly risk management in public sector organisations. Risk management in the public sector is a much broader topic than risk management in public sector organisations because it touches on many issues of a public nature that are not the direct or sole responsibility of any specific public organisation. Sometimes a public organisation must deal directly with such risks, but often laws and regulations can adequately address broader public risk issues, governments can participate indirectly and behind the scenes, or participation can be in collaboration with private and non-profit organisations. In some cases, government organisations play no role at all.

This chapter focusses on an important contextual issue; the environment in which risk management is practised in the public sector and in which public risks arise. In much of this book, the unique or unusual attributes of the public sector are shown to profoundly affect risk and the forms and functions of risk management. This chapter introduces some of these attributes and highlights their likely impact on risk management. The public environment is one with movable boundaries, and it essentially encompasses any action or object that a society considers public. Over time, attitudes can change about publicness, but a key point is that while government entities occupy part of the public environment, they are not its only inhabitants.

There are several ways that risks and uncertainties might be discussed in the context of assessment and analysis – several of which could be inferred from previous chapters. Here, Chapters 6 and 7 are structured around what might be called strategic risks/uncertainties and operational risks/uncertainties.

This chapter presents the strategic risk/uncertainty assessment and analysis challenge. Most current thinking on risk management – enterprise risk management (ERM), but even including more traditional approaches – place expectations on leaders and top managers to provide guidance on risk policy, but also require those individuals to understand the challenges for which they are responsible. As implied previously, this domain mainly consists of uncertainties. Typically, top managers deal with aggregated operational data that – in itself – might be measurable but owing to the effects of consolidation tend to present leaders with a singular strategy/issue that is unique to the organisation and therefore not well-suited to statistical analysis. Furthermore, scanning for future threats and opportunities is decidedly a matter of considering the unknown, the emergent, and even the unimaginable. Within this assortment of challenges are the very large-scale features that – among many things – compel consideration of collaboration with other organisations. Here these special risks/uncertainties are labelled global risks.

The issue of complexity is here revisited, and this discussion serves two particular purposes. Complexity theory (and complex adaptive systems) offers some insights into methods of assessment and analysis, but they also provide some useful views on the nature of the uncertainty field in the context of complex environments. This discussion will offer some consideration of traditional, ERM, and alternative approaches and the appropriate ‘fit’ of assessment and analysis into these frameworks.

Traditional or technical risk management practices have been observed in local governments since the early 1960s. These practices tended to focus on the management and control of insurable risks (fires, thefts, and liability suits), as well as responsibility for insurance purchasing, for occupational safety and health, security, and similar matters. Later, financial risk management became a rather distinct technical practice, among other technical additions.

Chapter Three focussed on developments since the late 1980s, notably a general trend of expansion and extension of risk management followed closely by a rapidly evolving view – both in academia and in practice – that risk management should take an organisation wide and integrated stance and that this integration would be demonstrably value adding. Recent legal, regulatory, and best practice initiatives have further accelerated the expansion of risk management. But while this expansive view, ultimately emerging as enterprise risk management (ERM), is well advanced in the private sector, it has not penetrated the public sector in any significant way. And, indeed when it has been applied, it has revealed several fundamental problems. As a result, the current state of risk management is somewhat less easily summarised than might be expected. Traditional (hereafter ‘technical’) practices remain uneven, though widespread; holistic ERM-like efforts are somewhat widely – but inconsistently – implemented in the private sector while in the public sector technical practices are seen, though to a lesser degree, and there have been very few ERM adoptions. Nevertheless, as sometimes happens, the presence of an idea (ERM) has been highly influential and sufficient to reorient thinking about risk management.

For discussion and clarity purposes, this chapter introduces the concept public organisation risk management (PORM). Clarity is important, but the concept PORM serves a second function here. It provides a label that allows actual technical practices to be linked to the ERM ideas that shape thinking about risk management in the public sector. Furthermore, this concept also allows for the inclusion of some even more recent developments (beyond ERM) that will lead to an alternative framing of risk management in the final chapters. PORM, therefore, ultimately involves an inclusion of past, present, and future thinking about risk management in public sector organisations.

Insurance is a contract whereby one party (the policyholder) promises and makes a payment or series of payments in exchange for the second party’s (the insurance company’s) promise to indemnify the policyholder for losses covered under the terms of the policy. Perhaps it is easier to just think of insurance as a transaction where the policyholder trades small regular losses (the premium paid) for large and irregular gains (claims proceeds).

While it may seem somewhat disproportionate to devote an entire chapter to more detailed treatment of a single risk financing tool, insurance has a very large impact, not only in terms of its intrinsic value, but also in terms of the many ways in which insurance influences risk management thinking and practice. As will be shown, some of this influence is waning and in other cases it could be argued that insurance ‘thinking’ has hindered efforts to respond to facts on the ground and the ability to adapt the role of risk management in organisations.

To provide a useful discussion, this chapter will cover both the products that the insurance industry offers and the structure of the industry itself, along with addressing legal and regulatory matters that were touched upon in Chapter Nine. The chapter concludes with an overview of public sector insurance issues that provides a basis for understanding alternatives to insurance that have emerged in dramatic fashion in recent decades – which in turn provides a basis for considering some of the constraints that insurance imposes on risk management practice.

Risk management involves assessing and dealing with objective risks and therefore risk managers are expected to have reasonably advanced analytical knowledge and skills. However as noted earlier, many, if not most, of the elements within the uncertainty field do not provide much in the way of adequate data or information, and – even when they do – there can be significant problems with data quality. Thus, statistical or actuarial analysis tools are best used thoughtfully and mainly in the context of cases where an organisation has many similar exposures (a fleet of hundreds of vehicles, large numbers of employees) or when external data analysis fits convincingly with the more limited experience of the organisation itself. In any case, the overarching challenge for risk managers is to develop a consistent approach to thinking about all risks, uncertainties, emergent/unknown phenomena, even when they have very different characteristics.

Chapter Eleven adopts an approach that is somewhat different from Chapter One to Chapter Ten. Previously, a general, descriptive overview of the subject is given beforehand, and then a slightly different discussion is offered to provide an alternative commentary. Here, the alternative insights are woven into a discussion of decision-making. After presenting this different approach, the traditional decision-making tools are presented and discussed. Since Chapter Twelve also serves as a summary, a more integrated approach is used here.

sGiven the topics covered in the first 11 chapters, it seems a tall order to bring such a large number of topics into a cogent summary. Additionally, the book has introduced three distinct views of risk management – the traditional/technical view, enterprise risk management, and an alternative view that is yet-to-be-fully-articulated. The summary is further complicated by the challenges of managing in complex environments. Nevertheless, an effort should be expected.

Here, the framing of public organisation risk management in practice (which will be applicable to risk management in other public contexts), begins with setting sustainable resilience as the central organising idea. From this come several practical principles that will serve to contextualise a range of specific processes and actions that constitute risk management as understood in the book. This requires some consideration of operational issues – programme implementation tactics, defining particular roles, evaluating outcomes, embedding assessment and analysis, and implementing tools. However, it also discussed somewhat more philosophical issues like the development of ‘network schema’, leadership in complexity, and the twin ideas of innovation and adaptation. Recognising that effective risk management always depends on the particular organisation or situation, a general guide to practice is outlined here.

The second major area of the so-called risk treatment is risk financing. Risk financing includes measures to finance the costs of losses, risks, and uncertainties. Historically, risk financing has been virtually synonymous with buying insurance. However, over time alternatives to insurance have evolved – self-insurance, pools, captives, large deductible programmes, finite insurance programmes, banking arrangements, and capital market-based solutions. The concept of risk financing has expanded to include products that address a range of financial risks such as interest rate and credit risk. These products include derivatives and some new innovative securities.

Today, the rapid development of the risk financing market has created several practical problems. Notably, regulatory and legal structures have not always kept pace with change, leading to much confusion about risk financing alternatives. Many products look and function almost identically to others, and yet history and custom have dictated very different treatment by regulators, tax authorities, and others. There is growing pressure for significant legal and regulatory realignment.

For newcomers to the field, risk financing measures can be thought of as existing on a continuum, ranging from pure retention (all losses paid directly out of pocket) to pure transfer (where a third party accepts and bears the full costs of risk). An important recognition of the continuum of risk financing is that there are no products that are fully retention or transfer, but rather a varying blend of the two. Hedging of risk, for example, is arguably here a near perfect blending of a retention and a transfer of risk.