Public-Private Sector Risk Management: is there a difference?

en•

Peter Young | February 2007, Public Risk Forum

Are there differences between risk management in the public and private sectors? As a professor who has spent time in both public administration and business administration programs, I have had several opportunities to think about both sides of the debate.

On one side, we have those who argue that management is management and that differences in the public and private sectors are modest (“if only government were run like a business”). Opponents of the “management is management” point of view argue that the public sector is so different from the private sector that it is a distinctly separate thing and, thus, requires different knowledge and management skills.

For a very long time, I tended to believe that “management was management.” Politics exist in private and public organisations, and both have multiple stakeholders. Some large private organisations have dispersed authority, while some public institutions have fairly focused authority. Some private organisations are very process-oriented and some public entities emphasize outputs. Further, it is difficult to draw demarcation lines between public and private sectors. What would we call, for instance, an arrangement where a private transportation company is contracted to a nonprofit care facility for disabled individuals, which in turn is under contract with a local authority?

“Indeed, we might say that if a risk is able to be managed privately, there is a reasonable chance it is not – by definition – a public risk”

In recent years, however, I have begun to change my views on public vs. private risk management, and I now believe that while there are important similarities, the “public” aspect of public management does present some important distinctions. I would like to address those distinctions in this essay.

Public sector risk management differs from its private sector counterpart because:

Governmental entities, as social institutions, present an exposure to risk that is substantively different from a private entity.
The characteristics of public risks present a set of risk management issues not fully present in the private sector, including:
Inability of government to avoid responsibility for risks within its purview.
Frequent absence of markets as a risk management tool.
Complexity of relationships between risks.
The interaction of risks with governmental purposes.
The breadth of the government’s exposure to risk.

Being in the public sector does present public risk managers with a set of distinct challenges. Notably, this means that government involvement in public affairs commonly arises when private behaviors (and markets) are somehow unable to deliver the good or service efficiently, if at all, or to manage a risk. Although we know there are degrees of government intervention, risks, goods, and services that meet the test of government intervention have done so because of characteristics that are not “market manageable.”

They exhibit characteristics of high complexity and high uncertainty (often), they are market-failure inducing, and their effects on the public are diffuse. Also, the effects of these risks may call into question matters of fairness and social adequacy and thus may be impervious to tests of economic efficiency.

So, one distinction between private and public risk management is that the risks are substantially different. Indeed, we might say that if a risk is able to managed privately, there is a reasonable chance it is not – by definition – a public risk. Additionally, the nature of government and its authority and responsibility is different. Whereas government might privatize garbage collection, or a health care delivery, or prisons, government’s responsibility and authority for those activity areas remains. Operating in the public sector makes the risks different, and it makes exposure different too.

“…we need to be reminded that public organisations may have responsibility for organisational and social risks, and that traditional risk management skims the surface and fails to attack risk comprehensively”

I think the preceding discussion suggests some other relevant lessons for risk management. The typical risk manager has responsibilities for a set or risks that can be characterized generally as falling within the “organisational risk” domain — property loss exposures, legal liability-based risks, workers’ compensation exposures, and so on. While all these areas are important, we need to be reminded that public organisations may have responsibility for organisational and social risks, and that traditional risk management skims the surface and fails to attack risk comprehensively. A broader framework for thinking about risk management is necessary. We call this broader framework enterprise risk management (ERM).

Second, by raising the possibility that the management of social risks is part of public risk management, we extend the accumulated knowledge of the risk management field into the public policy arena, where it has been woefully absent. For example, the systematic and critical analysis that risk managers apply to complex property and liability risks would be a breath of fresh air in the debate over public investment in alternative energy development. It is sad to say that today’s risk managers are rarely involved in public policy planning and execution, but this must change and there is evidence, if fact, that it is.

“Indeed, we might say that if a risk is able to be managed privately, there is a reasonable chance it is not – by definition – a public risk”

“…we need to be reminded that public organisations may have responsibility for organisational and social risks, and that traditional risk management skims the surface and fails to attack risk comprehensively”

Dit delen:

Related