Risk management has long been an area which many public sector managers know exists and are aware that they ought to be doing something about. Sadly in many cases, they have chosen to ignore it on the basis that 'we will get round to it'. The failure to implement risk management strategies has produced an upsurge in time, money and resources being spent on matters which could have been avoided in the first place if the risks had been properly identified and managed.
However, the most recent risk management survey, compiled jointly by the Audit Commission and ALARM (the National Forum for Risk Management in the Public Sector), has revealed that public sector organisations are at last starting to make some progress in implementing strategic risk management arrangements.
The Audit Commission and ALARM joined forces to question public sector organisations across England, Scotland and Wales about their corporate risk management arrangements. The results show a clear upward movement in the introduction of risk management strategies and a greater focus on strategic risks, compared with the last survey in 2000. There is a definite sense that this trend will continue in 2004.
The majority - 85% - of authorities responding to the survey have produced a formal written strategy for managing risk. This is up from 50% in the 2000 survey. Furthermore, 83% of authorities have allocated responsibilities for corporate/business risk management to named individuals. However, there are still concerns about the lack of movement in embedding risk management within the corporate framework, and despite the many positive steps being taken, ALARM believes there is some way to go.
Only 54% of those questioned in the survey considered upside risk taking and innovation as part of their risk management arrangements, and less than half have an action plan for implementing controls. Many organisations have no formal process for advising their members of risks, or for linking their risk profile to corporate performance measurement.
Bob Cope, chairman of ALARM said: "The survey provides some positive messages, with an increase in the strategic management of risk. Improvements in self-assessment, for example, are also very encouraging, but we need to ensure that a corporate risk management framework is actively embedded into decision making and business planning arrangements, with links to how organisations monitor their overall performance."
As well as an improvement in the way public sector organisations address their risk management strategies, there are some signs that attitudes to risk are changing in the outside world. Recent court rulings have shown a diminishing level of tolerance for the blame and claim culture and, this is encouraging for risk management organisations such as ALARM.
Fraudulent claims have been one of the main risks for public sector organisations in recent years, and the speed with which the trend has been growing has seen millions of pounds drained from public coffers to pay dubious claimants.
The days when claimants sued public sector organisations for all manner of minor accidents, confident that they would win some sort of settlement, seem to be on their way out, and the courts are beginning to re-establish the fundamental principle that people need to take responsibility for their own actions to a greater extent.
For example, there was the case of an individual jumping into a public lake and then claiming for injuries. If the council in question had been found liable, an obvious risk management measure would have been to close the lake, thus depriving the community of a valuable leisure facility.
The judiciary took the clear view that this was to be avoided.
Hopefully, such rulings will help the public realise that accidents do happen, and that a handful of dubious claims cannot be allowed to spoil the enjoyment of everyone else. ALARM must of course agree that people suffering genuine injuries due to negligence by public sector organisations are entitled to compensation.
Accidents do happen, but lack of management and planning can make the consequences worse than they would otherwise have been. Risk management is about identifying and managing risks before incidents occur and devising strategies to deal with them when they do. Public sector organisations in particular need to avoid unforeseen occurrences, as time, money and resources are already in short supply. Proper management and strategies can help identify possible risks and ensure they are properly managed before an incident occurs.
As attitudes towards dubious compensation claims gradually change, we are also seeing the increasing recognition that good risk management is not only a safety valve, but enables organisations to seize opportunity in a structured and managed way. As more and more organisations give individuals responsibility for risk management arrangements, and with risk management gradually clawing its way up the corporate agenda, there is widespread hope that it is a discipline which will soon be one of the main considerations when making strategic decisions in the public sector.