Risk Management in Government
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Prajapati Trivedi
May 11, 2018
In this column I argue that risk management is a means toward an end and not an end in and of itself. If the end goal (the bottom line) for a government agency is not clear, risk management could be a waste of time, if not worse.
Risk management is an impressive sounding term that many, if not most, government officials do not fully understand. Most officials are, therefore, happy to leave “risk management” to consultants while they are busy doing the “real” work of the people.
The same is true for most policy makers at higher echelons of decision making in governments. They understand the two words separately—”risk” and “management”—but generally they do not have a good grasp over the true significance of “risk management” in the context of government, let alone have ideas on how to meaningfully operationalize it.
While there are some good efforts, in general, academic writers on risk management in government have simply borrowed jargon from the business management literature (e.g. enterprise risk management) and applied it to government context with only cosmetic changes.
The very first business school class in risk management for the private sector begins with the following example to illustrate the concept of risk management.
In the above example, a chief executive of a private sector company is faced with two options for achieving the same objective – (1) by investing more on in-house innovation efforts or (2) by buying a company that already has a similar technology. That is, the benefits from the two options are the same but the risk and, hence, the implied cost implications are different for both options. The “risk” is defined as the product of: “exposure” (“magnitude” or “impact”) and the probability of its occurrence.
Which of the two options would (should) the chief executive of the company choose? The unambiguous answer for a profit maximizing private sector chief executive is Option 1.
A private sector company can compare a range of risks faced in various stages of its supply chain and manage it because it has a yardstick called “profit.” Every aspect of risk management is defined and implemented around this simple criterion. The operating rules are simple: First, any risk mitigation action that increases profit (or minimizes losses) is desirable. Second, risks are prioritized based on their potential impact on profit. This seemingly common sense-based approach to risk management crumbles when we begin to apply it to government.
The main reason for this difficulty to undertake effective risk management in government lies in the fact that a government agency or department does not have a well-defined bottom line. Thus, while a government department can certainly assess risk for each of its individual programs and projects, it cannot aggregate the risks across the organization. Of course, as I have argued in an earlier column, bottom line does not imply ‘profit.’ Clearly, governments do the most important things for a society, but they still must provide clarity on their bottom-line. This is an entirely fixable problem and many government around the world have done so successfully.
This absence of an explicit bottom line is not only a fatal flaw for risk management but also for overall management of a government agency. Indeed, in the absence of a clear bottom-line, undertaking risk management in government is at best illusory and often paralyzing.
In economics there is a theory of second best that argues that when one or more required, necessary conditions cannot be fulfilled, the next-best solution will invariably involve changing other conditions. The most common example of this theory is as follows. We have known since Adam Smith wrote The Wealth of Nations in 1776 that free markets work best if we have large number of buyers and sellers and they have perfect information about prices and quality of goods and services. Imagine, if there was only one seller and the information about their service was imperfect. Will having a completely free unregulated market under these circumstances still be a good option for the society? Some would look at the recent Facebook imbroglio and say “no.”
Similarly, according to the theory of second best, undertaking risk management in the absence of a methodology for aggregating risks across a government organization and in the absence of a clearly defined bottom line, may lead to perverse consequences. Thus, the bottom line is that the absence of a bottom line in government is the biggest risk we need to manage. All other risks flow from this mother of all risks.
Author: Prajapati Trivedi is Director in Commonwealth Secretariat with the responsibility for the Economic, Youth, and Sustainable Development (EYSD) Directorate. Till recently he was a Senior Fellow (Governance) and Faculty Chair for the Management Program in Public Policy (MPPP), Indian School of Business (ISB). From 2009-2014 he served as chief performance officer for the Government of India. A Fellow of the National Academy of Public Administration (NAPA), Washington, DC, he continues to be a Visiting Faculty, Harvard Kennedy School of Government, Harvard University and Visiting Fellow, IBM Center for the Business of Government, Washington, DC. He can be reached at: [email protected]
(No Ratings Yet)
Loading...
Risk Management in Government
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Prajapati Trivedi
May 11, 2018
Risk management is an impressive sounding term that many, if not most, government officials do not fully understand. Most officials are, therefore, happy to leave “risk management” to consultants while they are busy doing the “real” work of the people.
The same is true for most policy makers at higher echelons of decision making in governments. They understand the two words separately—”risk” and “management”—but generally they do not have a good grasp over the true significance of “risk management” in the context of government, let alone have ideas on how to meaningfully operationalize it.
While there are some good efforts, in general, academic writers on risk management in government have simply borrowed jargon from the business management literature (e.g. enterprise risk management) and applied it to government context with only cosmetic changes.
The very first business school class in risk management for the private sector begins with the following example to illustrate the concept of risk management.
In the above example, a chief executive of a private sector company is faced with two options for achieving the same objective – (1) by investing more on in-house innovation efforts or (2) by buying a company that already has a similar technology. That is, the benefits from the two options are the same but the risk and, hence, the implied cost implications are different for both options. The “risk” is defined as the product of: “exposure” (“magnitude” or “impact”) and the probability of its occurrence.
Which of the two options would (should) the chief executive of the company choose? The unambiguous answer for a profit maximizing private sector chief executive is Option 1.
A private sector company can compare a range of risks faced in various stages of its supply chain and manage it because it has a yardstick called “profit.” Every aspect of risk management is defined and implemented around this simple criterion. The operating rules are simple: First, any risk mitigation action that increases profit (or minimizes losses) is desirable. Second, risks are prioritized based on their potential impact on profit. This seemingly common sense-based approach to risk management crumbles when we begin to apply it to government.
The main reason for this difficulty to undertake effective risk management in government lies in the fact that a government agency or department does not have a well-defined bottom line. Thus, while a government department can certainly assess risk for each of its individual programs and projects, it cannot aggregate the risks across the organization. Of course, as I have argued in an earlier column, bottom line does not imply ‘profit.’ Clearly, governments do the most important things for a society, but they still must provide clarity on their bottom-line. This is an entirely fixable problem and many government around the world have done so successfully.
This absence of an explicit bottom line is not only a fatal flaw for risk management but also for overall management of a government agency. Indeed, in the absence of a clear bottom-line, undertaking risk management in government is at best illusory and often paralyzing.
In economics there is a theory of second best that argues that when one or more required, necessary conditions cannot be fulfilled, the next-best solution will invariably involve changing other conditions. The most common example of this theory is as follows. We have known since Adam Smith wrote The Wealth of Nations in 1776 that free markets work best if we have large number of buyers and sellers and they have perfect information about prices and quality of goods and services. Imagine, if there was only one seller and the information about their service was imperfect. Will having a completely free unregulated market under these circumstances still be a good option for the society? Some would look at the recent Facebook imbroglio and say “no.”
Similarly, according to the theory of second best, undertaking risk management in the absence of a methodology for aggregating risks across a government organization and in the absence of a clearly defined bottom line, may lead to perverse consequences. Thus, the bottom line is that the absence of a bottom line in government is the biggest risk we need to manage. All other risks flow from this mother of all risks.
Author: Prajapati Trivedi is Director in Commonwealth Secretariat with the responsibility for the Economic, Youth, and Sustainable Development (EYSD) Directorate. Till recently he was a Senior Fellow (Governance) and Faculty Chair for the Management Program in Public Policy (MPPP), Indian School of Business (ISB). From 2009-2014 he served as chief performance officer for the Government of India. A Fellow of the National Academy of Public Administration (NAPA), Washington, DC, he continues to be a Visiting Faculty, Harvard Kennedy School of Government, Harvard University and Visiting Fellow, IBM Center for the Business of Government, Washington, DC. He can be reached at: [email protected]
Follow Us!