https://civilservice.blog.gov.uk/2015/04/10/better-risk-management/

Better risk management

General Elections are typically periods when the Civil Service needs to prepare for potential change. But there are some things which will stay the same. I can guarantee that whoever wins on 7 May will want to see a Civil Service which is professional and has the capability to deliver. Central to that is better financial and risk management.

Sir Nicholas MacPhearson, Permanent Secretary at HM Treasury
Sir Nicholas Macpherson, Permanent Secretary at HM Treasury

Driving up financial capability is more important than ever. Over the last decade, we have made huge progress in professionalising finance functions. Our ability to control public spending has improved considerably. And we have a far better understanding of how and where taxpayers’ money is spent. Shortly, before Parliament was dissolved, we published the Whole of Government Accounts for 2013-14. Not only is this the most comprehensive set of accounts published by any country in the world: but with each year of the last parliament it was published just a little bit earlier – a positive reflection on finance professionals across the whole of the public sector.

Of course, there is still more we can do to improve the quality of financial management. I want to see an even better understanding of how inputs translate into outputs across every area of public spending.

I also want to see an even more professional approach to risk management.

There are two caricatures of civil servants. The first alleges that we are too risk averse, and overly obsessed with being hauled before the Public Accounts Committee; the second claims we don’t stand up to ministers enough, agreeing to unrealistically ambitious timetables which sow the seeds of projects’ own destruction. In my view, neither caricature is true. I have seen plenty of examples of really well managed projects and policies: delivered on time, to budget.

But one salutary lesson I drew from the banking crisis of 2007-09 is that one thing that professionals in the private sector and officials in the public sector have in common is that at times they can get risk management very wrong indeed. I can recall a model of an eminent investment bank predicting the probability of a crisis of the scale experienced being several million to one, whereas the reality is a minor banking crisis tends to happen once every twenty years; a major one every hundred years or so.

It is no wonder that the Treasury and Bank of England have reappraised their approach to risk management since the financial crisis. And Boards across Whitehall have been doing the same. Non-executive directors have highlighted four main types of risk which we, and other large organisations, have to manage on a daily basis: strategic, operational, project and business. The Cabinet Office has recently collated some departmental perspectives on risk management which can be read here. And I would also commend the Management of risk Guidance and the Treasury’s Orange Book.

Above all, my tip is not to leave risk management exclusively to the specialists. If we can make it integral to all our work, we will be better placed to innovate and to deliver better results for the public.

But at the same time specialists can help. To that end, I would like to give a special plug to the Government Actuary’s department, who know all about the quantification of risk, and to the Government Internal Audit Agency which was launched earlier this month. Internal auditors, for the most part, will remain bedded out in departments but bringing them all together into one organisation will enhance career development and professionalism and aid the development of best practice across Whitehall. I wish the new agency well in its new role.