Times are changing for government organisations, and for many it’s going to come as quite a shock. When it comes to risk, we haven’t seen anything that’s actually required government agencies to set up a framework that really aligns to processes. The framework is aimed to fully manage risk and proactively put tools in place to mitigate any potential outcomes.
By the 1st July, under new guidelines, it’s time for organisation to progress beyond compliance.
Rod Farrar, Director of Paladin Risk Management Services has been working with organisations for years, helping them to develop and implement risk management frameworks for their business. He explained how in many organisations, if risk management is done at all, it is in a token manner and is mainly seen as a compliance exercise – it does not add value to the organisation in any way. Even with the introduction of the PGPA, there is a danger that Government Agencies will do just enough to be compliant but it’s time to start looking at the wider strategic and operational picture. If embraced fully, in the long term, there’s huge potential to achieve the national objective of doing ‘more with less’.
It’s time for change
What needs to happen between now and July 1st? According to Rod, organisations need to embrace the true benefits of ERM to achieve their full potential: “Many Government organisations are in a situation where they spend more time crisis managing than they do on risk management. If they start to see risk management as more than a compliance activity, one which is fully integrated into their other organisational programs, then huge efficiencies are to be gained.
“There are some key areas that need to change, and it has to start with a culture shift driven from within. To manage risk effectively, we need to be working in a no blame culture, where we learn from our mistakes.”
“When you have a culture that embraces open discussion around mistakes, people are more encouraged to prevent it happening again and therefore adapt new processes. There’s absolutely no capability of a risk framework succeeding if there is a blame culture.”
For many organisations, this would require a big shift in culture, with support needed from top to bottom
“Everyone is accountable for driving a positive culture, management need to lead through open communication, but all tiers need to embrace change in order to switch from re-active to pro-active. There needs to be a transition from ‘doing risk management’ to ‘managing risk.’
“I look around the public service now and government agencies have to come up with efficiency dividends. This is usually done by reducing staff numbers. If we managed risk properly, however, efficiency dividends may not be needed.
Where the benefits can be seen
It seems clear there are some real benefits to be had for the entire business when risk management is seen as more than just a compliance exercise. Rod described the knock on effect that has seen many organisations dramatically improve operations:
“Organisations are currently spending too much time managing a crisis. It’s been shown that managing crises costs more than proactively managing risk.
“What risk management will do – if it’s integrated properly with strategic and business planning, compliance, performance management and internal audit is reduce the amount of work an organisation is required to do and will significantly reduce expenditure. “Risk management has also been shown to improve objectives, planning and relationships with stakeholders.
“Simply relying on risk champions within your organisation to be the focus of the risk management effort will not work – the organisation as a whole needs to embrace the program within a well-structured risk management framework.”
Join the Masterclass