Risk

In a recent Insights publication, the Australian Government Auditor-General has recently reported that since 1 July 2021, only 31% of audit findings relating to risk management were positive.
This forced us at Sententia Consulting to think about whether risk management in the Australian Government really is that bad.
We have concluded that the answer is yes… and no.
The fact is that the Australian Government (and government generally) is responsible for some of the most complex and risky ventures and activities in the country. Defence of the nation, operating healthcare systems that must cater for every citizen, delivering environmental outcomes in the face of massive environmental headwinds, all are ventures that can just as easily be unsuccessful as be successful … as well as being just plain difficult. Yet there are plenty of (often unheralded) successes by Government in all of its responsibilities.
It’s easy to look at some of the more challenging episodes in the Australian Public Service and attribute those to poor risk management – Robodebt, the “pink batts” scheme, any number of Defence materiel design and construction projects, and the 2013 lost ballot papers in the Federal Election, amongst others. Further, most agencies and public servants have experienced their own challenged procurements, failed programs, poor grant decisions, and policy implementations which in hindsight could have gone better.
While there is almost inevitably some truth to the comment that all of these are a result of poor risk management, that is simplistic and only part of the circumstances. (Note here, we are not seeking to misinterpret the Auditor-General’s comments, which were not that simplistic.)
Risk management represents just one part of good governance, or good project management, or good procurement management, or good program management, or good contract management, or frankly any model or framework for effective execution of aspects of public administration. Each of these have frameworks with multiple components that all need to work together to create good outcomes. Typically, those frameworks involve having good people doing the right jobs, good planning, effective process design, strong stakeholder engagement, tight legislative compliance, and clear accountability mechanisms.
While risk management definitely is important in contributing to all of these components of effective management, it is not the only discipline that needs to be in place and operating to support good outcomes. Put another way, good risk management does not guarantee a good outcome, but poor risk management does expose agencies to poor outcomes, and reduces defensibility when those poor outcomes occur.
In my 20-something years of working with the Australian Government, I have seen plenty of examples of really good risk management, and I have seen just as many examples of poor (or non-existent) risk management.
That 20 years of experience has taught us that the key ingredients to good risk management are:
Note here that I have not mentioned risk registers once. I have not referenced the Commonwealth Risk Management Framework once.
Each of these are important tools – tools that support good process and each of the ingredients I have referred to above. For all projects I lead or contribute to, I ensure I do follow the Framework, and I do maintain a focussed risk register.
But, where agencies miss the point with risk management is that they focus all of their energy in connection with risk management on the register and having a register that is “complete”, and a process for risk management that follows all of the steps in the manual or the policy or the Framework. And insufficient energy on some of the ingredients outlined above – and therefore on actually preventing or responding to risk.
To close this article I am reminded of two quotes that are influential in my approach to risk management:
Our team of experts will work closely with you to deeply understand your challenges and find how we can leave you feeling protected, or better equipped to drive change, and impact society.