Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Frameworks and Best Practices

Business Risk Management in Government

October 1, 2000 3-min. read

While risk management practices have blossomed in the private sector, there is currently no comprehensive risk management guidance for the public sector.  In order to develop this guidance, the inherent differences in the private and public sectors must be taken into consideration.  To address these differences and make recommendations, three areas of government risk management are discussed:

  • Equivalencies between Private and Public Sector Risk Management
  • Potential Pitfalls of Inappropriate Risk Management in Government
  • Implications for Good Practice

Equivalencies between Private and Public Sector Risk Management

In order to develop a business risk management approach for the public sector, we must determine what it should be based upon.  Should it build on public-sector-specific experiences and problems, or should it be based on developed business models? 

The second option is problematic, because of the inherent differences between private-sector business models and the way government is run.  Specifically, there are three features in traditional business risk management approaches for which no exact equivalent is found in government:

  • Risk management guidance is aimed at the enterprise (or profit center) as the primary decision unit.  In government, there are often many organizations making decisions, rather than a single profit center.
  • Risk is conceived in terms of shareholder value to the organization.  In the public sector, there are no shareholders, and the government entity is assessed based on its value to the public.  This public value is difficult to quantify.
  • Risk identification is done with the use of decision aids and tools of discovery in order to link risk with general corporate strategy.  This is difficult to do in government, due to the fact that decisions are often dispersed over multiple organizations.

Potential Pitfalls of Inappropriate Risk Management in Government

If business risk management practices are inappropriately applied to government, it could worsen the blame-avoidance culture that is present in public organizations.  Among the potential pitfalls of inappropriately applied risk management, three are identified:

  • Liability Limiting Imperative – Business risk management practices that seek only to limit liability to the organization may worsen the blame-avoidance practices in government.  Blame will be passed to the governmental entity that are politically weakest rather than those best placed to assume risk responsibility.
  • Mechanistic Approach – Risk management practices that are too mechanistic will only further the bureaucratic culture in government.  Public entities will simply follow procedural rules at the expense of adding public value.
  • Unbalanced Application – Since governmental entities and their operations are more transparent than private entities, improper risk management policies could result in public organizations try and hide errors or malfunctions.  This will undermine transparency and learning. 

Implications for Good Practice

Business risk management in government needs to be designed to minimize the negative side affects discussed earlier, because the implications of a poorly designed risk model are serious.  Three implications for good practice in governmental risk management can currently be identified:

1. ‘Getting the Whole System in the Room’ – In order to promote problem solving and avoid blame-shifting, procedures to bring together all the systems and organizations responsible must be developed.

2. Focus on Systemic Risk – Especially in government, systemic risk must be emphasized.  This will avoid the governmental blame-avoidance tendencies and get management to focus on the real problems affecting the entity.

3. Focusing on Intelligent Deliberation – Government practices tend to rely on procedural tick-box styles of decision making rather than intelligent deliberation.  Procedures to foster discussion must be developed and given the time and resources to flourish.

Click below for a link to download full article.

Original Article Source: “Business Risk Management in Government: Pitfalls and Possibilities”, Christopher C. Hood and Henry Rothstein, National Audit Office, October 2000

More From Enterprise Risk Management Initiative

Elona Ruka-Wright

Integrating ERM with Other Risk and Assurance Functions
David Hughes

Focusing on Strategic Risks in Interviews with Executives
Zach Wolff

Balancing ERM’s Focus on Operational Risks and Emerging Risks