Created: 29 July 2016
Traditional Enterprise Risk Management (ERM) was first introduced and actively practiced in private sector. Recently more and more public sector organizations have been engaging in organization-wide risk management, widely using the term ‘ERM’ for it
The good thing is that public organizations are increasingly mindful about addressing risks. However, only ERM is absolutely insufficient. The critical difference here is the focus of attention. If the focus for the ERM is mainly set on addressing the objectives of the organization itself or its constituencies (one or multiple organizations), for public sector organizations – the focus is primarily set on the priorities of its beneficiaries and not the organization itself.
It seems that public sector organizations (and recently more and more development organizations) are quite often turning a blind eye on this difference, proudly embarking on ERM and claiming to serve the needs of their beneficiaries. This is not to say that ERM has no value in public sector. Obviously, it is important! Public organizations have their own risks that have to be managed. However, the main importance is to understand how these public organizations are serving the needs of the public by addressing the uncertainties of their beneficiaries and helping their beneficiaries to manage their risks.
It has to be mentioned that in parallel to ERM many public (including development) organizations run project/programme risk management. Yet, this helps thus only to a limited extent. The focus of project/programme RM is traditionally placed on minimizing deviation from what is planned, budgeted, and agreed as quality standards. Whereas the complex and emerging context where public organizations operate requires a broader perspective on risk management: avoiding negative ones and exploring the positive ones, on one hand. On the other hand, already at the level of project and programme two distinct focuses have to be taken into consideration: the objectives of the project/programme (through the prism of effectives and efficiency of operations) and the risks of the beneficiaries themselves (through the prism the relevance, sustainability, and impact).
The latter gives rise to a new dimension of risks management: development risks or risks that can impact development objectives of a given society. Some of development (and even humanitarian) organizations are increasingly concerned about the risks they are facing by introducing risk management policies, structures, and processes. All of this could work, if only the difference in focus of ERM and DRM is clearly understood and embraced by those organizations.