Management of Opportunities in Public Administration as Part of an Enterprise Risk Management
Brüesch, Caroline; Fuchs, Sandro (2014). Management of Opportunities in Public Administration as Part of an Enterprise Risk Management. 6th ERRN European Risk Management Conference, Napels, 4.-5. September
1. Topic Description
In recent years risk management standards have been established (inter alia COSO, 2004; ASZ/NS ISO 31000, 2009; ONR 49000, 2010; TBS, 2010), some specifically for the public sector (INTOSAI 2007) - highlighting the “management of opportunities” (MOO). Although risk management is considered to be part of good governance in public administration today it still focuses mainly on the management of “downside” (or “negative”) risks. Possible explanations may be that:
the standards themselves provide little guidance on how to deal with opportunities;
there is little practical experience in the MOO within the context of risk management in the private sector.
2. Research questions and case study
A conference paper by Brüesch/Kager at International Research Society for Public Management (IRSPM) in Berne 2010 discussed the establishment of a risk culture in a risk adverse public administration, using the city of Zurich as an example. This paper is based on the model presented in the 2010 study which makes a distinction between the following three dimensions of risks:
the system (aims and general framework, definition of risks etc.),
the process (establishing the context, identification, analysis, evaluation, treatment, monitoring, review) and
the culture (management handling and comprehension of risk, etc.).
The system and process influence the culture of an organization, and at the same time the culture affects the system and the process. This paper, which follows on from the aforementioned study, will focus on the MOO embedded in the systems and processes of risk management, specifically in the context of a risk-averse organization. The following questions were asked:
What kind of guidelines and principles regarding the system and process dimension of risk management do the standards provide to public administrations which are implementing the MOO as part of their risk management?
What kind of support is provided by recent literature and by practical experiences in the private and the public sector of Switzerland for the implementation of MOO as part of risk management?
What conclusions can be drawn from the standards and recent literature for the implementation of MOO as part of a risk management in the city of Zurich?
What are the lessons learned from the case study (city of Zurich) which implemented the MOO in their enterprise risk management and what are the recommendations for strengthening the MOO in public administration in general?
3. Research Methods
This study follows a descriptive approach, based on the qualitative and quantitative case study results of the City of Zurich. The following specific research methods are used in this study:
a) review of risk management standards concerning the MOO in the private and public sector as well as recent literature;
b) discussion of best practice examples in the MOO, including how to integrate the MOO in risk management;
c) on the basis of the results above, methods for integrating the MOO into risk management in a public administration were developed and applied in practice;
d) quantitative and qualitative analysis of the opportunities derived in the risk report of the City Council;
e) evaluation of the implemented MOO through the use of structured questionnaires and qualitative interviews with senior executives and risk officers.
By adopting the generic standards in the political and organisational context of Zurich, the guiding principle that opportunities (upside risks) need equal attention as (downside) risks was implemented in the system and process of risk management. The evaluation of the report on opportunities and risk to the City Council in 2011 and qualitative interviews with Senior Executives and Risk Officers 2013 will show that MOO:
provides the political authority with additional information on “upside” risks, especially on strategic aspects;
is considered as an important part of risk management in public administration;
is suitable for motivating the management of a risk averse public organization to discuss risks more openly.
The evaluation also shows that more time is needed for the implementation and the integration of MOO in the management systems.