Why don’t agency top leaders know about significant management problems in their organizations before it is too late?
So-called scandals seem to be more prevalent these days, ranging from seemingly dishonest reporting of telework hours at the Patent Office or veterans hospital access wait times, to the safety of CDC labs, to lavish conferences at the General Services Administration.
Wouldn’t it have been better if agency leaders learned about brewing issues before they became problems? Tom Stanton and Doug Webster, in their new book on managing risk and performance in government, say there are two key challenges to being able to head off problems in advance:
· First, important information in large agencies oftentimes is located at the frontline and with middle managers and bad news tends to not filter upward. So how does trustworthy information flow in an organization, and how do you get the right information flow to decision-makers without flooding them with unimportant data?
· And second, sometimes leaders just make bad decisions. Effective leaders need to create an environment for “constructive dialogue” where the decision-making process brings important information to the fore before action is taken on a decision.
Given that these two challenges are endemic, how can a good leader put in place some form of organizational self-defense?
Stanton, Webster, and others share insights on how public sector leaders can do this. They note that these self-defense mechanisms exist in the private sector, and are most mature in the finance and insurance industries. They say the 2008 financial crisis was largely triggered by companies that systematically ignored their risk management experts.
Largely since the 2008 financial crisis, there has been a recent flurry of articles, books, and seminars around the importance of creating “enterprise risk management” initiatives, especially in areas beyond finance and insurance.
For example, a number of federal agencies have designated “chief risk officers” to advise agency leadership on the potential impact of risks across their portfolio of programs – instead of the traditional approach of examining risks within each individual program or function. The designation of chief risk officers has grown organically in agencies over the past few years at both the departmental and bureau levels. The pioneer was the federal student aid program in the Department of Education.
OMB recently charged agencies with being responsible for managing risks, stating that agencies “should identify, measure, and assess challenges related to mission delivery, to the extent possible.” Its guidance describes the role of chief risk officers (CROs) as the “champion agency-wide efforts to manage risk within the agency and advise senior leaders on the strategically-aligned portfolio view of risks at the agency.” However, OMB notes that it is not requiring agencies to designate CROs.
In the next few weeks I’ll share insights from the Stanton and Webster book, along with other resources, addressing questions such as:
· Why does government place itself in risky situations in the first place?
· How agencies develop a risk-responsive strategy to deal with the uncertainty of external risks, such as financial crises, cyberattacks, and natural disasters.
· How agencies address internal risks, such as scandals that affect their reputations.
· And finally, how did a pioneering agency institutionalize risk management functions into its culture?
Are there other enterprise-wide risk management issues that in your mind should be addressed, as well?