Australian/New Zealand Risk Management Standard started the movement in
1995 (see RMR March 1995), expanding in 1999 with specific provisions
to fit the public sector. The Treasury Board of Canada Secretariat built
on that base and created an integrated risk management framework for government
in 2001 (see RMR September 2000). Now Her Majesty’s Government
in the United Kingdom raises the ante with the latest, and, I think, the
most complete, innovative approach to our discipline for government. Risk:
Improving government’s capability to handle risk and uncertainty,
published by the UK’s Strategy Unit in November 2002, is a direct result
of recent crises that include BSE, rail safety, vaccines, environmental
change, and, of course, the shock of September 11, 2001. It is a candid
admission that government has lost public trust by failing to address
many risks as well as it should. The Report, plus its six major and 66
specific recommendations, will be implemented within the next two years.
In his Foreword, Prime Minister Tony Blair confirms that “risk management—getting
the right balance between innovation and change on the one hand, and avoidance
of shocks and crises on the other—is now central to the business of good
government.” This report, a summary of 16 months of study, incorporates
a brief summary, a 133 page primary section and a 71 page Annex. It is
the clearest description of the current development of the risk management
discipline that I’ve read. It is thorough and logical, expressed in precise
prose, avoiding jargon.
First, it acknowledges that “all states are at root guarantors of the
security of their citizens” and that public expectations are creating
new demands for that security. The nature of risk has changed because
of the “rapid pace of development of new science and technology” and because
of the “greater connectedness of the world.” Government, including the
UK government, must take a new approach to risk and uncertainty.
Second, the Report recognizes that the language of risk management continues
to be unclear, even messy, confusing both the public and government officials.
It tries to redress the balance, defining both “risk” and “risk management”
in sensible terms. Risk refers to “uncertainty of outcome, whether positive
opportunity or negative threat, of actions and events. It is the combination
of likelihood and impact, including perceived importance.” Bringing the
idea of risk perception into this definition is significant.
Risk management “covers all the processes involved in identifying, assessing
and judging risks, taking actions to mitigate or anticipate them, and
monitoring and reviewing process.” The Report carefully avoids the trap
of measuring risks, response and results primarily in financial terms.
Third, the basic Report proceeds in six chapters, following the introduction,
to describe the changes that will be made in the next 24 months.
Chapter 2 addresses the three roles of governments: as a regulator
of others who
create risk, as a steward of risks not attributed to others, and as
a manager of the
risks arising from its own services.
Chapter 3 defines the challenge at strategic, program and project/operational
levels, with special attention to a global decline of trust in institutions.
Chapter 4 develops a new approach to public sector management of risk:
- Embedding risk handling in all decision processes
- Establishing new risk management techniques
- Creating the organizational structure and responsibilities
- Developing new skills to embed risk management thinking
- Creating a comprehensive quality standard
Chapter 5 focuses on the critically important area of communicating
with the public: more transparency in decisions, more reflection of
public values and concerns, more information about risks and responses,
all to “win public trust.” It correctly emphasizes greater two-way communication.
Chapter 6 identifies the need for leadership from the top by Ministers
and Permanent Secretaries, to overcome the current culture. It quotes
the UK Comptroller and Auditor General: “The problem is not that the
Whitehall culture is risk averse . . . Rather it is risk ignorant. It
takes the most fantastic risks without knowing it is doing so.”
Chapter 7 summarizes the conclusions and six major recommendations:
- Firmly embed risk handling in government’s policy-making, planning
- Enhance Government’s capacity to handle strategic risks.
- Support risk handling by good practice, guidance and skills development.
- Make departments and agencies earn and maintain public trust, a
priority when dealing with risks to the public.
- Ministers and senior officials should take a clear lead in improving
- Improve the quality of government risk handling through a two-year
program of change.
Annexes to this Report include further material on definitions, public
attitudes to risk, references and website, five case studies and referrals
to governmental risk management in other jurisdictions.
refreshing comment from the authors refers to the increasing and suspect
dominance of quantitative approaches to risk management: "Important common
issues are the imaginative use of experience (as opposed to mechanistic
process application), and a more systematic approach to the softer areas
of risk—including public perceptions, strategic fit, and reputational
This Report is a major contribution to the development of the discipline
in the public sector. Those in the private sector will also find rewards
in reading it for a new perspective. A Summary Report and the full Report
plus its Annexes are available electronically at The Strategy Unit website
at www.strategy.gov.uk, or from
The Strategy Unit, Admiralty Arch, The Mall, London SW1A 2WH, UK. Email:
The point that I want to make is that in business, it’s
not just action that counts—it’s an
interplay among hypotheses as to what’s going to happen
next. . . . I want to make this
point very strongly: There is no correct answer. If you’re
strategizing at the strategic
level here, management ought to be confused.
W. Brian Arthur, “The Inevitability of Uncertainty,”
Across the Board, January/February 2003