Suresh Kumar (left) and Ed DeSeve (Larry Lettera/ Camera 1)
Risk and uncertainty lurk around every corner. While it is impossible to predict every outcome, it is possible to set up ways to avoid or shift risk. Confronting the consequences of natural disasters, financial calamities and operational malfunctions should be high on the list of concerns for every federal executive.
Unfortunately, this is often not the case. In fact there is almost no guidance — legislative or administrative — that deals with risk management issues. What then is the federal executive to do?
Recently, we set out a four principles that we feel can serve as a guide for agencies:
1. Boost risk responsibility and governance to deepen organizational awareness of risks and continuous participation in solutions.
Effective risk management calls for sponsorship from the top to ensure the integration of risk management into core processes of strategic planning, budget development and resource deployment. It is also critical for instilling a risk-mindful culture throughout the organization, from the leadership team through to front-line personnel.
2. Make risk assessments count by focusing attention on undesirable outcomes and the risks that most threaten the mission.
Risk management programs lack traction where management attention is dissipated across a multitude of risks.
Defining situations and outcomes that are unacceptable to agency stakeholders (within government or the nation at large) and identifying and analyzing the drivers of uncertainty that materially affect the agency’s ability to deliver its mission can help embed actionable approaches.
3. Align risk management with the agency’s strategy by explicitly addressing uncertainties and investing in initiatives that have clear value.
Good strategies are deeply informed and safeguarded by risk analytics and the agency’s risk appetite. In evaluating initiatives and expenditures, it is essential to ask “what if” questions that alter the assumed levels of risk and affect the performance of programs and projects. For some major investments, implications of potential changes in the risk environment must be considered over 10- or 20-year periods, or even longer.
4. Enhance value from risk-management capabilities by the smart use of risk data and efficiently leveraging expertise both inside and outside the organization.
Efficiently assess and deploy risk management efforts requires meaningful risk data. Increasingly, public-sector bodies struggle with growing volume of data, which needs to be corralled and converted into metrics and insights to drive risk-based decision-making. The best risk-reporting frameworks are crafted on a top-down basis, thereby ensuring that data and analytics link to risk appetite monitoring, planning decisions and performance management.
Risk management across government and beyond
Risk management must be enhanced across agencies and government. To accomplish this the federal government needs to:
■ Institute better two-way (or even multidirectional) flows between departmental risk assessments and the Strategic National Risk Assessment undertaken by Department of Homeland Security.
■ Establish stronger cross-government expectations for departmental and agency approaches to risk management that would encourage more advanced enterprise risk thinking and commitments to capturing opportunities and reducing hazards.
■ Develop a review program based on those expectations to assess the quality of departmental and agency frameworks and the efficacy of their implementation, highlighting best practices, useful tools, and challenges faced.
■ Promote stronger, and more cohesive, interagency collaboration on crosscutting risk issues that threaten the missions of multiple public-sector bodies.
In some cases, it will be necessary to build alliances with other sectors to successfully manage risk.
Across government, greater attention must be paid to the multiple challenges such as cybersecurity and critical infrastructure protection that must be managed on a whole of government. Being more explicit about future expectations will enhance performance at agencies, help shift the focus from process to capability and results, and unlock the true potential of risk management in the public sector. Risk management is beyond foreseeing the unseen; it is being prepared for course corrections that will be required.
As President Kennedy said, “There are risks and costs to action. But they are far less than the long range risks of comfortable inaction.”
Suresh Kumar is a partner at Oliver Wyman, the global management consulting firm where Ed DeSeve is a senior advisor. Suresh and Ed served in the Obama administration. Suresh was Assistant Secretary of Commerce and Director General of the U.S. Foreign Commercial Service, and Ed oversaw the implementation the American Recovery and Reinvestment Act.