Sir John Bourn, head of the National Audit Office, reported to Parliament today that good progress has been made by departments to improve their risk management capacity since his previous report in August 2000, although departments have further to go to demonstrate that they have made effective risk management a central part of their day to day management processes.
Effective risk management can help departments avoid failures in service delivery. Well managed risk taking also presents opportunities to deliver better public services, make more reliable decisions, improve efficiency and support innovation. The announcement in the Governments July 2004 Spending Review of its intention to achieve savings of 21.5 billion a year, staff reductions of 84,000 in support functions by 2008 and sales of 30 billion of assets by 2010 makes effective risk management even more critical. If these targets are to be successfully met whilst also achieving Public Service Agreement targets risks will need to be successfully managed.
In November 2002 a two year Risk Programme was launched by the Prime Minister and led by the Treasury to give focus and drive to departments in the development of plans and frameworks designed to make effective risk management a reality. The Risk Programme comes to an end in December 2004 and the NAO has identified that it is critical for departments to build on the momentum achieved to date.
The NAO report is based on a survey of the 20 main Whitehall departments, focus groups of 27 departmental risk managers, comparisons with private sector organisations, academic research, and case studies of five departments. The NAO found that departments have made good progress in embedding risk management, providing staff with greater access to training and guidance on risk management, and building a common understanding of risks they face. Progress has been made particularly in defining risk objectives, having processes to report changes in risks and in regarding risk as an opportunity as well as a threat.
There are a number of areas where more needs to be done. Only one quarter of the departments surveyed by the NAO were confident that they have established an overall view about their exposure to risk. The management of working relationships with partner organisations needs to be strengthened, particularly where there are complex delivery networks or where clarity is lacking about which delivery organisation is responsible for different risks. More progress is needed to embed risk management in the day to day activities of departments, particularly by making sure that there is a sufficient critical mass of staff with well developed skills and expertise to manage risk effectively.
The report identifies five key aspects of risk management which, if more widely applied, could contribute to better public services and increased efficiency:
- Sufficient time, resource, and top level commitment needs to be devoted to handling risks;
- Responsibility and accountability for risks need to be clear and subject to scrutiny and robust challenge;
- Judgements about risks need to be based on reliable, timely and up to date information;
- Risk management needs to be applied throughout departments delivery networks;
- Departments need to continue to develop their understanding of the common risks they share and work together to manage them.