Risk Management in Public and Private Sectors

Learning Through Differences

Public agencies and private sector entities have a lot to learn from each other despite having different strategic goals. Public-private partnerships (PPPs) across the world, including Australia, have proved to be fairly successful. Most often, it is evident to large-scale infrastructure projects.

Among the benefits of such partnerships many experts single out the ability of the private sector to carry out risk assessments and use its findings to monitor progress in a rigorous manner. It is often perceived as the critical factor justifying the cost and time incurred on the PPPs, which is opposed to traditional contract delivery schemes.

The ability of an organization to carry out an effective risk assessment, manage identified risks, and mitigate potentially harmful impacts has a lot to say about the degree to which the organization can be described as an agile entity. It is a truly critical component of its institutional capacity to apply best practices in adaptive management.

That’s why I have decided to focus on the lessons public sector agencies can learn from the private sector entities to advance their own capacity to manage risks. This article aims to review 3 key lessons learned by private sector entities in applying risk management practices. These are the very lessons public sector agencies can learn from. With this, they address their own gaps in assessing and managing risks.

Holistic Risk Management

The private sector has come a long way assessing and managing risk in a comprehensive, holistic manner. Enterprise risk management (ERM) has been around for quite a while. Most of the leading, top-notch companies use it as a structured and disciplined approach. This is to identify, assess, analyze, and manage risks. Overall, the private sector has been doing a far better job in applying the analysis at an enterprise-wide level.

By contrast, public agencies are often bogged down in disparate, isolated risk assessment and management exercises. Yet, it does not always aggregate to whole-of-agency policies and practices. This means that many public agencies take excessive periods of time for the assessment per se. Even, many of its findings and recommendations may be rendered obsolete or irrelevant by the time the assessment produces action points.

It is therefore incumbent upon the public agencies to learn from the efficient and comprehensive risk assessment and management approaches pursued by successful companies world-wide. To do this, public agencies need to learn from the private sector how to depart from siloed, myopic work processes to portfolio views of risks and their implications. This is a nice segue to the next big lesson.

Buy-In and Ownership

Public agencies do not always excel when it comes to securing long-term and sustained support of senior leadership. Risk assessment and management plans are no exception. More often than not, public agencies carry out risk assessments as add-on exercises. ‘Ticking the box’ is a commonplace phrase in large bureaucracies. It often thwarts broad-based discussions about critical challenges and risks.

As seen, two things are warranted for a successful risk assessment and management process. First, buy-in of the leadership. Second, ownership of staff. This is an ideal combination, which paves the way for a coordinated and mutually beneficial engagement. Similarly, it facilitates speedy decision-making reinforced by the effective implementation of the decisions made.

Those public agencies that are able to adopt this approach, well-tested by companies to be effective, are able to tackle the old-school “silo approach” successfully. By fostering communication between different departments and stakeholders, they are able to address risk in a systemic and systematic manner as opposed to actions on an ad hoc basis.

Companies are also doing better in terms of delegating responsibilities between managers and staff reporting to them. Above all, creating space for employees, providing incentives, and rewarding outstanding performance are all crucial steps. Noting that, a shared, coherent and effective risk assessment and management processes would be evident.

Accelerated Digital Transformation

With digital transformation permeating portfolios and project management practices, the private sector has been quicker and more efficient in embracing change and making the most of the benefits it offers. For them, digital transformation means a faster and more efficient way to do business. Optimized work processes mean interactions, analyses, and action happen in a more comprehensive, inclusive, and informed manner.

When it comes to risk management, companies with more advanced levels of digitization are more likely to facilitate a risk assessment and management process that is hands-on and data-driven. Furthermore, it allows them to build on the most up-to-date resources, engage a broad range of experts, and scrutinize some of the most realistic mitigation measures in real time.

Public sector agencies have also embarked on digital transformation. However, it is not always easy to accelerate the change processes with most of them being established bureaucracies. Digital transformation is often sluggish, and it hits a whole array of roadblocks. At worst, the entire process might come to a grinding halt. None of this bodes well for those managing risk management in public agencies.

Digital transformation has conceived to benefit both private and public entities. For instance, risk management as a process is more effective when supported by technological progress and advanced tools and resources. Private sector entities have been more successful in applying them to risk management successfully. Time has come for the public agencies lagging behind to follow suit.


In conclusion, there are lots of lessons public and private sector entities can share for mutual benefit. The experience of some public-private partnerships has shown that such an exchange is not only possible but also more efficient. Risk management is an area in which private sector entities have really excelled. This is in terms of the quality and efficiency of the assessment and management workflows. There is a lot public agencies can learn from them to improve their approaches to risk management. With committed leadership and involved staff, public agencies can be no less effective in adopting holistic and data-driven risk management practices rooted in continuous improvement and accelerated digital transformation. Until next time, you are up to date.

This article was originally published at DigitalJournal