220 words. Updated 11 May 2024.
Public sector risk assessment
Early adopters of Enterprise Risk Management should lead the way, not go backwards.
“Glaring disregard for basic management and contracting practices” is the headline of the Auditor General of Canada report on the procurement of an app (total estimated costs: $59.5 million) whose purpose is to collect your personal health information at the border.
”...project management practices—such as developing project objectives and goals, budgets and cost estimates, and risk management activities—were not carried out.”
Karen Hogan, the Auditor General, in an interview, acknowledged what were supposed to be pressing circumstances.
The federal government's intended Integrated Risk Management practice, whose roots go back at least to 2001, is now retrograde. Project management basics are not even in place, and behaviour of government employees “created a significant risk or perception of a conflict of interest around procurement decisions.” (AG's full report pdf, p.11).
Culture of accountability
People in responsible positions, if intellectually accepting of the imperative to manage risk, are usually struggling with ERM methods. That is, they do risk identification with unspecified, informal and ad hoc procedures, at times in the absence of properly formulated goals.
Of course, in the absence of a culture of accountability, then all bets are off: Enterprise Risk Management methods themselves cannot be at fault, and existing controls are subverted.