Interview with Dr. Lynn Drennan, CEO of ALARM, about risk management
Jack Kruf | 2023 from original (Dutch) by Jos Moerkamp| 2006
Great Britain is the European example of well-developed risk management in the public sector. In a country where you can insure yourself against almost anything, governments and other public organisations appear to do a lot to eliminate and limit risks.
ALARM (Association of Local Authority Risk Managers) has grown into a national public sector risk management forum with over 1,800 participating organisations— a conversation with Dr. Lynn Drennan, ALARM chief executive.
She has only been in office since August this year, but Lynn Drennan has been active in risk management for many years. She was affiliated with Glasgow Caledonian University, ‘the only university in Europe that offers a university degree in risk management,’ says Drennan. “And that since 1982. Many of our graduates now work as risk managers in the corporate world, for consultants such as Marsh and Aon and for public organisations.”
Great Britain is seen as a pioneer in risk management in the public sector. Do you share that view?
Drennan: “Sure. Risk management has a history of about three decades here. Initially, it was a matter for the private sector. However, when business concepts spilt over from the business community to the government in the 1980s, the concept of risk management also took hold there. That eventually led to the foundation of ALARM. Some members were, therefore, already involved in the only risk management organisation that existed at the time. Due to common issues, different from issues in the business world, the need arose for a governmental organisation. That’s how ALARM started.”
Why is risk management more developed in the British public sector than elsewhere in Europe? In the 1980s, business concepts were also transferred to the government in the Netherlands.
Drennan: “I think several factors play a role. First of all, Great Britain has a long history of corporate governance. The 1992 Cadbury Report is the starting point. Although that report was primarily intended for listed companies, public organisations soon adopted the ideas. Faster than in other European countries (The Dutch corporate governance code dates from 2004, ed.).
The message of corporate governance is that the chief executive officers of organisations bear responsibility for all risks that their organisations face or will face. This responsibility obliges the effective identification, evaluation, removal or reduction and weighing of risks. The ideas of corporate governance have contributed significantly to putting risk management on the agenda, including in the public sector.
In addition, our national government emphasises the efficient and effective use of public resources. I know that message is being preached everywhere now, but our government was early on. That heavy emphasis on effectiveness and efficiency is the second key that focuses on risk management. How can you provide the best services at the best prices if you don’t consider the potential dangers or bottlenecks that hold you back from that performance? This cause for the development of risk management has been particularly influential in the public sector.
I would also like to mention the growing claims culture as a reason. In this respect, Great Britain differs from other European countries. Many municipalities suffered from fraudulent claims. For example, individuals made false or exaggerated damage claims because they fell over loose paving stones. Initially, such claims were generally honoured.
After all, if you looked at the individual amounts, they didn’t differ much, and making it a case was a hassle. But as the number and height increased, congregations became more resolute. They actually went to investigate instances and defend themselves against allegations. On the other hand, municipalities also started to pay more attention to possible risks for both the public and their employees.
This development also contributed to the maturing of risk management. I know that municipalities have managed many tons of compensation payments. Finally, there may be a cultural-historical component. In Great Britain, we traditionally approach risks from two angles. The first is insurance: where can I buy the cheapest policy to cover my risk? The second is the realisation that it may be more convenient to reduce or eliminate risks, that insurance is not always the only possible answer.”
Can you explain how to ensure risk management is more than controlling financial resources? Because that is already a highly developed discipline in the Netherlands.
Drennan: ‘Risk management in public organisations is – perhaps in the first place – about the reputation of organisations. After all, it determines the quality of democracy. For municipal organisations, the relationship with the local community is decisive.
Themes that can cause fear or anxiety must be handled with utmost care. Think of topics such as the closure of a hospital or a school, the construction of a new road, or a wind farm, which, according to part of the community, affects the landscape. These are political choices with supporters and opponents and advantages and disadvantages.
You must adequately manage the associated risks to do the decision-making process correctly. For example, it is essential to communicate very well with the community. In fact, you are already involved in risk management: managing the risks of political decision-making. “If we make this decision, what are the likely consequences? What are the possible reactions from sections of the public? What will our employees think of it?
”Then you look for strategies to manage those risks as well as possible. You know you never please everyone; that’s inherent to political decision-making. But by thinking through how different stakeholders will respond, you can think in advance about how to deal with those reactions instead of being surprised by them. I admit this is a considerably more challenging aspect of risk management than calculating financial risks. In Great Britain, we must also make considerable progress in these areas. It’s not just about managing physical risks, but also strategic decision-making and the resulting risks.”
Is risk management not at odds with change? Don’t public organisations become extremely cautious when they estimate all potential risks in advance?
Drennan: “That is definitely a danger. Some people already feel that the public sector tends to avoid risks as much as possible. That is, of course, not the intention. We have to take risks to make progress and bring about change and improvement. Also, it involves tough decisions, of which you know in advance that you will encounter a lot of resistance. Then, you cannot become indecisive because of risk management.
The starting point must be that you cannot please everyone. So we must not hide behind arguments such as “we don’t know enough about it yet” and then do nothing. Public organisations are responsible for providing good services to society and continuously improving those services. Such an initiative to improve—for example, electronic services—by definition means that you also introduce new potential risks.
Nevertheless, such innovation must, of course, continue, including estimating risks. In this case, you will have to consider, for example, what electronic services mean for the elderly or people without internet access. Then, devise strategies that eliminate or significantly reduce such risks. But estimating risks should never lead to the conclusion that you should never start on something new because new things are risky.”
Bibliography
Moerkamp, J. (2006). Lange geschiedenis van corporate governance geeft UK een koppositie. B&G Magazine, oktober 2006. BNG Bank.
Essay in Nederlands.
PRIMO Res Publica 