|
January/February 2006 · Volume 88 · Number 1
Risk and Reward in Local Government ManagementPublic managers work in a complex and uncertain environment. Despite careful planning, unexpected events and inaccurate assumptions can prevent governmental activities from producing the desired results. Managing this "risk," or the likelihood that results will often differ from those expected, is a key component of effective public management. A newer way of thinking about risk management is necessary, and fortunately risk management is evolving into enterprise risk management (ERM), a term that more closely fits the challenges of an event like Hurricane Katrina. Risk is a complex matter and is challenging to address in a comprehensive way. The word is often associated with negative consequences and with results worse than expected, but risky efforts may also have positive consequences. In the private sector, risk is the foundation of investment return. Most investments have the potential to produce a range of returns, including loss of the entire invested amount. The greater the chance of a loss, the higher the potential return on investment must be to attract investors. So risk plays an integral role in determining investment reward. The same principle applies in the public sector. Local governments assume risk when they promote economic development by offering financial incentives for companies to locate in their jurisdictions. Essentially, the local government "invests" in these incentives, hoping for a return in the form of more jobs, economic expansion, and greater tax revenue. If the effort fails, the government loses its investment, so when deciding whether to make an investment, public managers weigh the expenditures against the gains expected if they achieve their goals. Noting the presence of both peril and opportunity adds to the manager's challenge, but, more important, it does offer a different way of thinking about risk management in the public arena. The awesome destructive force of Hurricane Katrina and the widely debated response illustrate vividly the web of risk that makes up the public sector environment. Analysts will be dissecting the negative consequences of this catastrophe for years, and the lessons learned will help us better understand our own exposure to risk and uncertainty and the constraints on our ability to respond. As difficult as it may seem, given the loss of life and property inflicted by Hurricane Katrina, the present authors would argue that a comprehensive effort to learn from it must also consider how this tragic event may even produce opportunity. One example is the effect that the historic displacement of hundreds of thousands of New Orleans residents has had on neighboring communities. Nearby Baton Rouge, as well as other host communities, did not suffer Katrina's massive storm surge but did experience a large population surge, composed of rescue workers and displaced New Orleans residents, that challenged their ability to provide adequate public services, housing, and office space.1 In the short run, delivering more government services and maintaining community equilibrium have clearly been a challenge for these host communities. But this displacement might also bring unexpected opportunity. In the short run, the increased population also raised the demand for some local businesses' goods and services. In the long run, host communities may experience previously unexpected growth, if displaced persons and businesses remain and invest in their new community. The host communities' management challenge will be to avoid the negative consequences of unplanned growth while taking advantage of the opportunities that growth offers. As traditionally viewed within local government, risk management would play a small role in addressing a challenge of the scope and complexity of Hurricane Katrina. Some local government managers think of risk management as a narrow and technical function focused on buying insurance and managing insurable risks by avoiding, controlling, and financing property and liability losses. These functions are important, even in the context of Katrina, but this limited view does not address the interplay of economic, legal, political, social, and other forces, or the point of seeing risk as opportunity. A newer way of thinking about risk management is necessary, and fortunately risk management is evolving into enterprise risk management (ERM), a term that more closely fits the challenges of an event like Katrina. Enterprise Risk ManagementEnterprise risk management expands the focus of risk management to address all aspects of risk that may affect an organization's ability to achieve its objectives. ERM seeks to develop an organization that can take advantage of opportunities and can act quickly and effectively to minimize the adverse consequences of unexpected challenges. Here are ERM's more important features: ERM seeks to address all risks. ERM is not just about preventing or controlling bad things but also about enhancing the prospects of good things. This subtle but significant shift in emphasis means that issues like investment management and economic development can now form part of the risk management framework. Top managers and elected officials set the policies that drive ERM. These leaders are accountable for risk management effectiveness. Risk management is practiced throughout the organization, not just by a risk management department. A risk manager or a risk management department may provide oversight, but every employee is responsible for managing the risks within the scope of his/her responsibilities, and employees are accountable for practicing risk management in accordance with the organization's overall policy. ERM breaks down the silos in which risk has historically been addressed. In the past, risk issues have often been addressed in "silos" that correspond to the sources of risk. Workplace health and safety, for example, might have been addressed separately from risks arising from possible environmental pollution. ERM seeks to break down these silos, facilitating the consideration of how sources of risk and the strategies to manage it may interact. An individual or a team of individuals addresses technical issues requiring special knowledge. For instance, setting up a captive insurance company, developing a catastrophe management program, managing information technology (IT) risks, or addressing financial risk issues all require specific knowledge. An individual who oversees the management of uncertainty for the entire organization is often referred to as the chief risk officer, and teams are referred to as strategic risk teams. ERM performance is measured by its success in directly improving the satisfaction of organizational performance objectives. It is not measured solely by such traditional metrics as loss ratios or a reduced number of employee injuries. In the private sector, many view ERM as the most significant risk management development in the past 50 years. Most European and North American countries (plus Australia and New Zealand) now have a guideline, a standard, a directive, or a rule that lays out the expectations for risk management, and all of these rely on (or imply) an ERM framework. In the public sector, the introduction of the ERM approach is occurring at a somewhat slower pace. In part, this is because the emerging rules and guidelines apply primarily to private sector organizations. The signs, however, are pointing to an acceleration in the rate of ERM adoption by local governments and public entities. ERM in the United KingdomThe United Kingdom is working to extend ERM into the public sector. In late 2002, the U.K.'s Cabinet Office Strategy Unit ("Strategy Unit") released a far-reaching report entitled Risk: Improving Government's Capability to Handle Risk and Uncertainty, which can be found online at http://www.strategy.gov.uk/downloads/su/risk/report/downloads/su-risk.pdf. This report identifies three broad roles of government in managing risk and uncertainty: regulation, stewardship, and management. Government's regulatory role is its responsibility to address broad public risks like environmental pollution. The stewardship role is the government's leadership responsibility in addressing community-based or social risks that are not necessarily specific to the public entity, such as community health or intergovernmental responses to natural disasters. The management role involves risks that are specific to the individual public entity (police liability suits, fires in public facilities), and this role is similar to current public-entity risk management practice in the United States. The Strategy Unit's report was developed in the context of the Labour government's "better government" initiatives, but it was also a response to changes in the risk management field. One important influence was the emerging framework of private sector risk management, first set forward by the London Stock Exchange but expanded upon by the Financial Services Authority and the auditing community. These private sector initiatives asserted that effective corporate governance required demonstrated evidence of competent risk management, defined as the integrated management of all organizational risks. Responsibility was laid squarely at the feet of the chief executive and the board. Picking up on these themes, the Strategy Unit argued that the public is better served when a public-entity chief executive (or elected official) and the board (elected or otherwise) effectively become the top risk managers of the public entity and are responsible for setting and effectively implementing a broad policy for risk management. As Carolyn Halpin, immediate past chairman of the Association of Local Authority Risk Managers in Great Britain, noted in a recent speech, "Risk management has become a top agenda item in U.K. local authorities. Effective risk management provides evidence to citizens that their communities are well managed." The U.K. is not the only country exploring the adoption of ERM by the public sector. Massive reorganization of local authorities in Denmark, due to be completed by 2007, has included initiatives to reframe risk management practices in an ERM context. ERM work is also occurring in Norway, Sweden, Ireland, Australia, and New Zealand. Effective emergency and catastrophe mitigation, management, and recovery efforts are simply ERM in an event-specific form: comprehensive, integrated, and responsive but also forward-looking. ERM in the United StatesIn the United States, advances have come more slowly. In large part, this is because central governments in other countries have assumed a leadership role in promoting an ERM view among local authorities, and this has not yet happened in the United States. Homeland security initiatives, however, may be compelling public organizations to work together to address risks on a basis broader than traditional practices could deliver. Dakota County, Minnesota, is a local government that uses an ERM approach. Although Taud Hoopingarner, the county's director of operations management, has a background in risk management, he oversees functions that span the county's operations and interacts closely with county officials. These functions include risk and homeland security management, which has a dotted-line reporting channel directly to the county manager. The county's goal is to create an environment in which everyone in the government-employees, managers, and elected officials-recognizes risk and makes good decisions. Government officials and employees are, in effect, responsible for managing day-to-day risk in their areas of operation. Support includes online training, field visits, and prompt and useful responses to inquiries and requests for assistance. Risk personnel actively cultivate a reputation for being a value-added resource to employees, officials, and the public. Dakota County's program has performed well according to traditional risk management measures, such as loss ratios. But it measures its performance using a balanced scorecard approach that better reflects ERM. Operations management measures itself against the achievement of objectives that are divided into four major categories: learning and growth, financial, internal, and stakeholders. Five of the operations-management departmental objectives are included in the overall county-board objectives. One is to implement an 800-MHz radio system for a single, integrated public-safety dispatch center that will serve Dakota County and the cities within it, operating at a cost lower than that of the separate systems it will replace. Where Are We Headed?The challenges presented by Hurricane Katrina straddle the regulatory, stewardship, and managerial roles of public sector risk management, as defined in the U.K. Strategy Unit report. Individual local governments must address the hurricane's direct impact on public assets and employees (managerial). Land and waterways polluted by floodwaters must be cleaned, and action taken to reduce the contamination of floodwaters in future events (regulatory). The stewardship role (response to community-based or social risks that are not necessarily specific to the public entity) is perhaps the most challenging aspect of the response and recovery efforts: can we achieve effective multijurisdictional and multisector responses to complex events like Hurricane Katrina? The authors believe that ERM is the best way to approach the disaster hazard. The enterprise affected is the entire community, the region, or even the nation. Citizens, businesses, and nonprofit organizations are all components of effective recovery, mitigation, and contingency planning. Positive concerns like future economic development are inseparable from efforts to mitigate property damage, loss of life, dislocation, and environmental contamination from future flooding. Effective emergency and catastrophe mitigation, management, and recovery efforts are simply ERM in an event-specific form: comprehensive, integrated, and responsive but also forward-looking. Disasters are just one example of how ERM can be used to improve local government performance. Its benefits are not limited to disasters. Dakota County exemplifies how ERM spreads the benefits of the risk management process throughout a government entity, even to operations not traditionally thought parts of a risk management program. Not every public entity will adopt ERM in the same way. ERM can be adapted to the needs of the entity that is using it and can be implemented in phases. It will always be a work in progress because it is in the nature of risk management to require ongoing reevaluation and adjustment as needs and activities change. But ERM is the future of risk management, and as local governments in the United States become more accustomed to thinking about risk outside the insurance context, it is likely to be the future of public sector risk management as well. 1Abblebome, Peter. "Amid One City's Welcome, a Tinge of Backlash." The New York Times on the Web. Sept. 7, 2005. The New York Times. http://www.nytimes.com (Sept. 7, 2005).Opdyke, Jeff D. "Baton Rouge Becomes Hot Property." Wall Street Journal Online. Sept. 6, 2005. The Wall Street Journal. http://online.wsj.com/home/us (Sept. 8, 2005). Randolph, Ned. "BR Sprints to Retain N.O. Firms." 2theadvocate.com. The Advocate. http://www.2theadvocate.com/index.shtml (Sept. 7, 2005). Schmit, Julie, and Jon Swartz. "Coastal Businesses Work to Recover, Relocate, Survive." USA Today.com. [Posted] Sept. 7, 2005. USA Today. http://www.usatoday.com (Sept. 7, 2005). |
|
|
Learn about the benefits of joining ICMA and receiving PM magazine as part of your benefits package at http://icma.org/join. To subscribe to PM, call 202/289-ICMA (202/289-4262) or e-mail bookstoremanager@icma.org. |
