Risk management is at the forefront of corporate governance in public sector organisations. The structures, processes, corporate values, culture and behaviour are all paradigms of a business that need continual risk assessment. It is important for a government organisation to find the perfect fit for managing risk.
A typical risk management process in a public sector organisation involves the following:
- Identifying future events or occurrences that threaten success
- Rating the level of risk in terms of likelihood and extent of impact
- Considering whether to tolerate, treat, transfer or terminate a risk
- Reviewing mechanisms for ensuring risk management decisions are up to date and robust, and stand up to stakeholder scrutiny
- Reporting process updates to management and others charged with governance. (ACCA global)
How is risk management differentiated in the public and private sectors?
Focus on the risk register
Private sector risk registers often focus on the threats that the risk could pose to revenue attribution to the company. Though the public sector share the same commonality, it will more likely focus on the risk that could affect the ability of the organisation to mandate in a cost effective manner and tie in new government legislation that occur.
A cyber breach has negative implications on the competitive edge of private sector organisations. A security breach could also mean loss of company assets to a private organisation. A perfect example of a cyber security private sector breach is the PageUp breach. While the public sector must consider reputational risk and protecting stakeholders, you can simply switch providers in the private sector.
Public sector organisations are focused on misappropriation of cash and other assets. Whereas for the private sector, corporate theft may be accepted as a cost of business.
How can Public Sector organisations enhance their risk posture?
Public Sector organisations need to target the risk assessments first at the enterprise level before focusing on the controls at the process level. They need to map out which risks are potentially the most damaging to the organisational goals. That is the primary question that needs to be addressed before the organisation starts restructuring its processes. This is to ensure that the organisation covers its bases before building on it.
Risk management workshops are where audit committees and board members can challenge the organisation’s understanding of its own risk profile.
Learn how you can effectively incorporate risk management strategies in the public sector and understand the different strategies at the Strategic Risk Management in Government Conference to be held on 14th & 15th November 2018 in Sydney.