Now and in the future.

Philip Auzimour en Allan Vendelbo | november 2005

Flooding, school fires, unemployment, urban development and IT safety are some of the large and complicated risk issues for public organisations. These issues are essential to any public CEO who is faced with risks that not only involve the organisation itself but often the whole community. Still, what is the best way to address these significant risks? Should public risk management aim to minimise risks at all times? Or will this approach keep the public organisations from innovating? Although tight budgets in the public sector often set a limit for a proactive approach, the fact that risks have many facets and also positive aspects cannot be ignored. 

These views were repeatedly brought up and recognised by practitioners and experts at the PRIMO conference in Copenhagen on 25 November 2005. Although the conference offered no straight answers to the questions, their importance was clear to everybody. 

150 participants from 10 European countries and the US joined the first international PRIMO conference. Some of PRIMO Denmark’s private partners presented their expertise in risk management at pitches in the breaks between the conference talks. Pull-ups flashed colourful logos of insurance, HR, IT and finance companies. 

The conference took place on one of the first actual winter days. Around Europe, there have been reports of airports closing down because of snow. Snowflakes also melted into the dark seawater outside the large conference room at Hotel Marriott, and the weather contributed to the vibrant yet cosy atmosphere among the risk-oriented guests. 

Philippe Auzimour, European Entities Practice Leader, Marsh, presented the conference speakers and welcomed the participants to a day of reflection and new perspectives on risk management.

Opening of the Conference – by Allan Vendelbo, President of UDITE and Chief Executive of the Municipality of Ballerup, Denmark 

Allan Vendelbo, President of UDITE, presented risk management as part of the organisation’s decision-making on the strategic level. ”Risk management cannot be reduced to a way of cutting costs or a question of insurance”, he stated. Further, Allan Vendelbo emphasised the importance of sharing experiences from and with our European neighbours and learning from their experiences. To elaborate, Allan Vendelbo presented examples of the impact that risk management can have, when carried out on a day-to-day basis in local municipalities in different European countries. 

Mapping the New World of Public Risk management – by Professor Peter C. Young, The E. W. Blanch Chair in Risk Management, the University of St. Thomas, Minneapolis, USA and academic advisor to EIRM 

Professor Peter C. Young presented risk management from a helicopter view. He described the area from the early start in the fifties until today and outlined risk issues that can be seen as unique for the public sector. 

A historic view 

“In the fifties, risk management focused on insurable risk in the area of health, safety and legal issues”, Peter C. Young explained. In the seventies, a financial perspective was added to risk management. Both paths expanded and have evolved into Enterprise Risk Management (ERM), which describes the strategic, coordinated and holistic management of all risks. This means that risk management from an ERM perspective has become organisation-wide. 

Enterprise Risk Management (ERM) 

Peter C. Young sees risk management as an area that idealistic should involve everybody in the organisation. ”We should think of risk management as an organic idea which is not only about keeping bad things from happening but also about taking opportunities – taking risks to add value to the organisation,” he stated. In other terms, even though Peter C. Young identifies several drivers for risk management – rules and regulations, e.g., he also believes that it is central to value maximisation. 

Following this reflection, Peter C. Young defines Enterprise Risk Management as a managerial area combining strategy and operations: “While a strategy can be summarised into the following question: Where do we want to go? – And the operational question as: How should we do this? – Risk Management includes a different perspective, where you must ask yourself: How might my plans turn out differently?” 

ERM in the public sector 

”The main role of governments is to manage risks”, Peter C. Young said. He elaborated and explained that the governments, first and foremost, must manage risks like crime and pollution. These are public risk issues because they cannot be managed in the private sector since they are non-exclusive – “We are all exposed to these risks,” he said. 

Peter Young sees three main factors for public sector risk management: 

• Managerial; this means that the public sector has to manage its own risks inside the organisations.
• Stewardship, which means taking responsibility for the risks of the community – environment, health, industrial development roads e.g. 
• Regulation, which means that the public sector has an influence on the regulation of private activity. 

Current developments 

Anchoring ERM in the organisation is a big challenge, explains Peter Young. He says that the top management must recognise risk management as an important issue on the strategic level in order to have it integrated into executive thinking. Thus, he also believes that risk management should be the responsibility of all employees since risks are crucial for the entire organisation. ”The question is: How can we identify what part of a person’s job that is risk management -and how do we  find the existing risk management expertise in the organisation,” Peter C. Young explained. According to Peter C. Young, public entities are practicing risk management today. In his opinion the big question is – is it practiced as it should be? 

Public Sector Risks: Looking into the future  – by Dr Lynn Drennan, Executive Director, The Cullen Centre for Risk and Governance, Glasgow Caledonian University, Scotland. 

Star Trek and Frankenstein’s monster are ex-amples of how we perceive the future in our imagination. Lynn Drennan presented these examples from fiction to illustrate patterns of how we understand risks in social groups and as individuals. Following an introductory presentation of risk management from an in- dividual point of view, Lynn Drennan elevated the perspective to give recommendations on how the society should handle risks. 

Understanding risks 

Through a presentation of different utopias and dystopias gathered from fiction, Lynn Drennan described our symbolic perception of risks. She stated that as a main rule, risks can be understood through learning from the past and imagination of the future. Following this perspective, Frankenstein’s monster can be seen as an example of the common idea that man creates something that turns out to be more powerful than its creator. This horror movie was related to our fear, based in reality for a new clear catastrophe. 

Lynn Drennan also characterised our under- standing of risks by saying that we see risks as something that either occurs suddenly or emerges over time. She emphasised that what we don’t see or know about is often the most frightening. 

When it comes to learning from the past, Lynn Drennan presented the term hindsight – the understanding of previous experiences. From an organisational point of view, hindsight means the ability to learn from own experiences or to learn from a similar organisation, possibly a company in the private sector. 

The precautionary principle 

“The precautionary principle” is one of the methods for risk management. “In the private sector it often means keeping products from the market until they are safe,” Lynn Drennan explained. 

In the public sector, on the other hand “the precautionary principle” is often about to stop doing something – whether it is the use of a playground or a product that is removed from the market. Lynn Drennan emphasised that in order to work from this principle, it is important to balance risks and benefits, and to develop governance guidelines to improve the accountability of predicting risks. Lynn Drennan explained that in the public sector there is in general a low tolerance of risks failures, which makes it difficult to establish the right balance between risks and benefits. However, Lynn Drennan warned about seeing risk management as a question of avoiding risks since this will mean losing essential opportunities for innovation. 

Looking into the future 

Lynn Drennan believes that the global risk factors are growing. In her opinion the grow- ing risks are related to the growth paradigm; the fact that man-made creations tend to be continuously larger and more powerful. The larger the man-made creation is, for instance an airplane, the bigger the catastrophe might be. Also climatic changes like hurricanes and flooding tend to present growing risks, Lynn Drennan stated. 

Following this perspective, Lynn Drennan recommended organisations to find out whether a business continuity plan can stand major issues like bird flu, terrorism and riots. Thus she also said that risks seldom repeat themselves and therefore can be impossible to predict: “The most important failure when predicting risks is that of our imagination. In this perspective only aiming for compliance with legislation is far too narrow. It is neces- sary to use our imagination – to focus broadly, planning for the inevitable, thinking the unthinkable and to take steps to ensure safe communities,” Lynn Drennan concluded. 

Round Table One: Hot Risk Issues for CEOs and Public Organisations around Europe. What are the hot issues? 

Speakers:

• Gérard Combe, Directeur de Cabinet,  Région Rhône-Alpes, and Founder President  of UDITE.
• Ronny Frederickx, City Secretary of Essen, Belgium, and Substitute board member of  the Executive Committee of UDITE.
• Emma de Lange, Gemeentesecretaris De Ronde Venen, The Netherlands, and Board member of the Executive Committee of UDITE.
• Juan Ignacio Soto Valle, Secretari Ajuntament de Badalona, Spain and Board member of the Executive Committee of UDITE.
• Jesper Hjort, Chief Executive of the Munici- pality of Odder, Denmark, and President of PRIMO Denmark.

At round table one, the speakers gave examples of how the municipalities are dealing with risks in local communities in France, Belgium, the Netherlands, Spain, and Denmark. 

The main focus was the numerous major risks, public CEO’s are faced with every day. All kinds of risks were described – from unemployment and flooding to air plane crashes and risks in the field of finance and IT. 

It was a common view that public top managers are responsible for reacting to major risks within tight budgets, a fact which often makes a proactive approach almost impossible. One of the speakers mentioned the fact that innovation means running risks, which can be very difficult in the public sector. It was seen as a paradox that public leaders are  to deal with the responsibility for large risks but with limited possibilities to act in a proactive way. 

The responsibility for public risks was another hot issue at round table one. “When 30 people are killed at a gas explosion, what is my responsibility as a public CEO?” Ronny Frederickx asked. His question was an example of a general request at round table one for policies and action plans for risk management. In The Netherlands, local public risk management has just started, Emma de Lang told. She explained: “The communities are obliged to make a financial and a strategic risk chapter each year and all CEO ́s are trained to deal with the risks of threats such as terrorism, big fires and flooding.” 

Jesper Hjort described the three major projects in Denmark, which are carried out in a public-private partnership set up by PRIM O Denmark and he emphasised the importance of developing more local PRIM O organisations. 

It was a general conclusion at round table one, that the coming national PRIMO organisations will be of vital importance as a European platform to strengthen the local governments. 

Round Table Two: Experience of Public Sector Risk Management in the UK – and a voice from the USA. 

Speakers:

• Carolyn Halpin, Immediate Past Chairman,  ALARM, London.
• Martin Fone, Charles Taylor Consulting, London.
• Steve Fowler, Chief Executive Officer, The  Institute of Risk Management, London.
• Mark Watson, Representative of ICMA, City of Yuma, Arizona, USA. 

At round table two, the speakers, who were experts from the UK and the US, presented their work in the field of risk management and gave their advice on how to carry out risk management in practice. 

The speakers welcomed Enterprise Risk Management as a holistic and comprehensive approach to risk management, and empha-sised the importance of seeing risks not only as something to avoid or minimise, but also a path for development. 

Carolyn Halpin expressed the importance of partnerships in order to share knowledge. Martin Fone stated that risk management is not a controlled mechanism that should be aligned with the strategic goals of the board. In his opinion, risk management can support risk taking. “Successful risk management is not a strategy that eliminates all risks. If you cannot take a risk, you cannot develop”, Martin Fone said. 

Steve Fowler, who is working with the educational aspects of risk management, offered a list of guidelines for practitioners. These are some of the “golden rules” on his list: 

• Communicate effectively and consistently. 

• Understand what drives your CEO. 

• Learn the language of finance, and elevate the visibility of risk management.

• Get involved in all areas of the organisation. 

• Build alliances with major organisations and inside your own organisation, and attend meetings. 

It was a general conclusion at round table two that risks in general are interdependent, and that you need to consider the wider implications of a given risk in order to be prepared for any difficulties that you might have to face. For that reason it is necessary to think comprehensive and holistic when dealing with risks. 

Furthermore, Mark Watson encouraged continued cooperation between the US and Europe/PRIMO. Mark Watson said that valuable experience could be gained and he welcomed an initiative to establish local PRIMO organisations. 

Round Table Three: Public Risk Management and Private Sector Knowledge 

Speakers:

• Jon Iversen, Consultant

• Brian Shaw, Director, Marsh

• Henrik Holmark, Partner, Ernst & Young

• Lars Norup, Director, Head of Derivatives  Marketing & Structuring, Nordea Markets

• Christophe Julliard, Directeur Dévelopment International, DEXIA 

At the third round table, private partners talked of experiences they found relevant for the public sector. 

Lars Norup and Christophe Julliard outlined different aspects of the management of financial risks, and Jon Iversen described his study on legal risk management in the public sector. Jon Iversen is currently writing a book on the legal aspects of risk management in local municipalities. The book relates legal matters to good public governance and it presents a discussion on legal authority in a municipality. Lars Norup focused on financial risk management and he spoke of the need for better tools for financial risk management in the local governments. 

Henrik Holmark talked about risk management from a strategic point of view. He emphasised the importance of relating risk management to the overall strategy and added: “I think it is important to see the implementation of Enterprise Risk Management as an evolution rather than a revolution.” Henrik Holmark also presented a survey by Ernst & Young, which shows that more than 30% of Danish companies today, work systematically with risk management. 

Brian Shaw said that Marsh as an insurance broker is purely dealing with risk management. “We are risk managers,” he said. He also commented on the development of local PRIM O organisations around Europe and said that knowledge sharing across the borders of Europe is important. He explained that Marsh’s engagement in PRIM O is mainly an investment of time and energy, which at the same time is a great opportunity to learn more about risk management. 

Conclusions – By Lynn Drennan and Peter C. Young 

Public CEO’s, as well as HR managers and IT managers are practicing risk management today, Lynn Drennan and Peter C. Young concluded. Thus, in their opinion risk management is practiced with a focus on reacting to disasters rather than having a proactive approach, which in their opinion is desirable. “There are pull and push factors in risk management, where the push factors are such as legislation and compliance. The push factors are our interest in managing risks in order to develop and move forward. We have to deal with risks to innovate”, Lynn Drennan and Peter C. Young stated. They also concluded that in the world of risks, everything is related. They gave examples from the round table speakers and said: “Risks cannot be singled out, and therefore a holistic approach to risk management is required. We must think comprehensive.” 

Lynn Drennan and Peter C. Young finished by listing a number of characteristics for good risk management. On the list were terms like: Coordinated, planned, holistic, organisation wide, imaginative. Lynn Drennan and Peter Young also emphasised that because risk management is such a comprehensive area, it should be carried out in a partnership.

In this perspective Lynn Drennan and Peter C. Young saw the role of PRIMO as a way to foster a county-by-county European conversation about how to carry out good risk management. 

Final words – By Allan Vendelbo President of UDITE and Chief Executive of the Municipality of Ballerup Denmark 

Allan Vendelbo thanked the speakers and the rest of the participants for an interesting day of new views on risk management. He stated that the conference had presented a clear image of the wishes and needs for learning across the geographical borders in Europe. Allan Vendelbo found that PRIM O had already proved to be a good European framework for development and knowledge sharing. He was convinced that the national PRIMO organisations to be established in the near future will be a strong support for the local govern- ments. 

As a personal reflection he said: “All risk managers must be able to identify risks and address them in a professional manner. In this way risks can be turned into opportunities. Risk management should be a part of the job description for all top managers. In other terms, risk management has come to stay!” 

Thus the conference did not bring a clear recipe of how to deal with public risks, the practitioners among the conference speakers made it clear, that risk management is already a hot issue in the public sector around Europe. In this way, the conference pointed to the need for more learning and knowledge sharing in order to set standards on how to implement risk management in public organisations. 

During 2006 PRIMO will work dedicated to develop local organisations as a framework to qualify risk management in the public sector. PRIMO would like to thank the speakers, partners and all the participants for an interesting day with new insight into the world of public risks.