Electronic service delivery (ESD) has not only increased the number of risks that
governments face, it has heightened the consequences of those risks.
Technological innovation continues to drive fundamental and far-reaching change, increasing uncertainty in the service delivery environment. And the stakes keep getting higher: the resources required to implement these
initiatives are significant, often putting reputation and public confidence on the line.
To implement ESD initiatives successfully, government must be able to anticipate and respond rapidly to changes in the environment. Managers need to have both a clear and timely view of their organization’s risk landscape, and the tools to effectively manage those risks. To achieve these objectives, organizations must implement a sound, tailored and integrated risk management regime, a regime that fits the dynamic nature of ESD and compensates for the fast pace, rapid change, numerous and diverse stakeholders, complex governance structures and sometimes lagging emergence of standards, policies and other drivers.
To manage risk effectively and achieve objectives, many leading organizations, both public and private, are implementing risk management systems. These systems integrate people, processes and technology, enabling the organizations to anticipate, identify and benefit from the positive aspects of change while minimizing potentially adverse consequences.
When governments have the tools to manage risk effectively, they not only can tolerate more risk, they can then translate that increased tolerance into improved efficiency through innovative service delivery and process improvement and through more effective resource allocation and use.
To develop a sound risk management system, government must undertake three steps:
1. Identify risks. Determine which undesirable events are likely to occur and negatively impact the organization.
2. Assess the identified risks. Measure the likelihood of occurrence and potential impact on the organization.
3. Respond to risk. Develop and implement risk mitigation strategies.
Developing a sound and sustainable risk management system is not easy – many factors can hinder its effectiveness. Implementing the following 10 industry best practices will help ensure implementation of a successful risk management system.
1 – Define what is important to ensure success of the initiative. Before creating a list of all potential negative events, first define the categories of risk – or “risk context” – that threaten achievement of the initiative’s objectives. Include only those risk categories that may negatively affect objectives. For example, risks that affect speed of delivery may be tolerated while risks that affect quality may not.
2 – Think holistically. When defining the risk context or identifying risk events for the initiative, don’t limit analysis to technical or project management areas. Include strategic, program, political and legal categories. By defining the risk context and identifying risks holis-tically, stakeholders can better identify relevant risks and more accurately assess the likelihood of exposure because of those risks.
3 – Integrate the risk management system within the existing governance structure. Risk management is not a stand-alone process; it is integral to an effective management regime.
The governance structure required to manage risk must be integrated with existing (or enhanced) governance structures, and should include a champion or central co-ordination point for all risk management activities. The structure should also detail accountability and oversight components, key risk management decision-making information parameters, and how the organization will respond to the identified risks.
4 – Engage all stakeholders. Complex initiatives like ESD often involve a wide variety of stakeholders with differing objectives and moti-vations. By engaging all stakeholders – including service providers -the risk management system can provide a communication and action backbone to encourage teams to work towards a common set of objectives.
5 – Use the existing body of knowledge and tools. There are numerous tools, such as checklists, questionnaires and templates that stake-holders can use to identify risks. These tools are a good start towards developing an effective risk management system; however they must be tailored, refined and improved as the initiative progresses, ensuring that risk assessment remains a proactive effort.
6 – Start measuring. When risk management systems are first implemented, a qualitative scale of “low”, “medium” and “high” is often used to assess the impact and likelihood of risk. However, in order to build the risk management processes and begin developing a more objective assessment, organizations also need to start quantifying risk. It is never too early to start collecting and measuring risk data.
7 – Use external benchmarks with caution. Current benchmarks on ESD solution-related risks are difficult to obtain.
Those that are available are often inaccurate: not enough data exists to build a reliable sample of sound comparisons.
When using benchmarks to assess risk, be aware of inherent assumptions and flaws.
8 – Integrate risk reporting with performance reporting. Performance reporting mechanisms (such as project dashboards) should include indicators that measure particular risks. By monitoring an indicator’s trend, managers cannot only see when a risk is materializing, they also have enough lead time to proactively manage the risk.
9 – Manage the portfolio of risk. Rolling-up and reporting risks at an aggregate or portfolio level (as opposed to a silo, single initiative view) helps management make effective, complex decisions and trade-offs.
10 – Incorporate risk management into every initiative phase. Risk management should be integrated into every phase of an initiative, not
just the execution phase.
Risk management should also be a key component of the business case, the vendor selection process and other decision points during planning and investment justification. Doing so will help management make the decisions that appropriately balance risk and reward.
The way in which government delivers services to Canadians is changing, and the stakes associated with implementing these new delivery solutions continue to rise as citizens demand more effective and efficient government. By implementing a risk management system that will better enable a holistic view of all the ESD initiative risks, managers can more effectively identify, assess and respond to risk, increasing the likelihood of success and revealing new opportunities that create value and provide better service.
Alexandra Psica is a managing partner and Toronto regional manager at Interis Consulting Inc. She is an active practitioner of integrated risk management, working with both public and private sector clients. She may be reached at [email protected].