Leading on risk

Risk is an inevitable part of business, and for those working to deliver public sector services and projects, the turmoil of the past few years has left them managing multiple risks with little hope of respite.

A survey carried out for a new ACCA report has found that almost three-quarters (73.4%) of staff working in the public sector believe that risk to their organisation will increase in the future. The outlook for public finances in many countries remains challenging, and addressing fiscal risks – including high interest rates, political red lines on taxes, high debt levels and increasing demand for public spending – demands a shift from 'business as usual'.

The report, Calculated risk, due out on 12 December, explores what risk means for public sector organisations and the finance professionals that work in them. It concludes that public sector organisations need clear objectives, a strong understanding of the threats and opportunities they face, and an effective risk management process. If finance professionals are open to new approaches, it argues, they can take a lead in addressing risk and building a more resilient public sector.

Building risk culture

Using the International Organisation for Standardisation’s definition of risk as ‘the effect of uncertainty on objectives’ as a starting point, the report highlights three major aspects of risk that need to be taken into account in any organisation:

• A consideration of how risk affects its objectives is the essential first step in identifying, planning for and managing risk. The Calculated risk report acknowledges it is often more difficult for public sector organisations to develop a clear understanding of their objectives.
• Risk can threaten the achievement of an organisation’s goals, but it can also bring positive opportunities. Either way, risk events are not part of business as usual.
• Risk can be categorised as internal or external.

The report argues that successful risk management in the public sector needs more than processes and systems.

‘Building and maintaining a risk culture that is well understood and reflected in planning and decision-making is crucial,’ it says. This includes setting the right tone from the top, with the senior leadership team ensuring that the risks associated with the organisation’s objectives are clearly identified and communicated. Structures should also be in place to ensure that decision-makers and staff think about and discuss risk on an ongoing basis.

The report reiterates the behaviours associated with a good risk culture, first highlighted in the ACCA report Risk culture.

Breadth of risks

The broad range of risks faced by organisations in the public sector is apparent from the survey carried out as part of the report. No single risk identified by respondents was cited by more than half of respondents, although five risks were named more frequently than others:

• fraud and corruption
• ability to finance public services
• talent and skills deficit
• economic inflation/recession
• meeting changing demands and expectations of service delivery.

Financial resilience, says the report, is at the centre of risk. Public sector organisations are better prepared for the risks they face if they are resilient enough to continue to deliver the services that the public expects. Finance professionals, it adds, must be at the heart of managing risk and building resilience in the public sector.

Even so, only half of finance staff surveyed agreed they were regularly involved in identifying and reviewing relevant operational risks, and 47% said finance staff were involved in assessing external strategic risks.

‘Further progress is needed to embed the role of finance staff in risk identification, particularly of external risks,’ concludes the report. ‘Decision-makers need to involve the finance function in the whole risk management process, rather than seeing their role as limited to advising on financial risks.’

Room for improvement

Those responding to the survey sent the clear message that developing the skills and capabilities of staff, particularly their risk management skills, is the most important way of building resilience in their own organisation. The report recommends a number of further improvements that would help strengthen public sector organisations:

• Access to the right technology to help finance staff work effectively. ‘The experience of Covid-19 demonstrated how vital technology was in ensuring robust contingency plans,’ says the report. ‘Resilient technology systems are essential in enabling day-to-day activity to continue during a crisis.’
• Adapting governance structures to manage risk. Structures that allow high-impact risks to be widely understood underline the connection between an organisation’s strategy, decision-making processes and risk management. The report says: ‘Governance arrangements should ensure that decision-makers are engaged in thinking about and discussing risk frequently.’
• Embedding risk assessments. Risks assessments must be used to prioritise the risks that pose the most significant threat to an organisation’s objectives. ‘Ultimately, there will always be an element of subjectivity in deciding on the probability that a risk will materialise,’ says the report, ‘but by focusing on consequences, rather than likelihood, organisations will be able to build resilience to face the shocks with most impact.’
• Strengthening data quality. The public sector has access to huge quantities of data, which could provide valuable insight for the risk management process. ‘Enabling this data to be better integrated into the risk management process, at both the planning and reporting stage, will help to embed finance professionals at the heart of risk management,’ the report concludes.

Return to this article on or after 12 December to find the link to the report.