Home page
> Archive > Managing risk in the personnel processing system
> Employment policy and advice
‹ Previous page
Last updated: 19 December 1996
Managing risk in the personnel processing system
Please note: This document is for reference purposes only and is no longer considered by the APS Commission to be current. It may contain good practice advice and/or advice on the transitional arrangements between the 1922 and 1999 Public Service Acts.
Linking risk management principles with people management
One of the very clear messages which came from the first and second stages of the Achieving Cost Effective Personnel Services (ACEPS) project, was the limited use of risk management principles in relation to people management.
Agencies have expressed the view that they would like to adopt a risk management approach to people management processes, indeed some have. However, there is a strongly held belief that there is a lack of support for this approach. The APS is rightly subject to scrutiny; however, agencies have felt constrained by the manner in which this scrutiny has been applied by review agencies such as the Australian National Audit Office (ANAO), Parliamentary committees and others. The perception that scrutiny has often been applied to individual transactions rather than to the risk management strategy used by agencies.
What problems were identified by the ACEPS project?
The ACEPS project found that the APS has created a highly specific, prescriptive and complicated set of rules, which are often, over a long period of time, subject to exhaustive checking rather than managed using a risk management approach.
Devolution of authority has been very limited. In most agencies it has been the activity which has been decentralised to line mangers, not the authority to make decisions which relate to people management issues. For the most part, the authority to make people management decisions continues to be held in the HR area or at very senior levels in agencies.
There is a general absence of measurement or monitoring of HR activities in terms of efficiency and effectiveness. HR activities are controlled at the micro-activity level in terms of aspects such as authority and approvals. However, the absence of measurement has led to difficulties in achieving macro-organisational control in HR activities.
Directions for change
MAB/MIAC recently released report No.22, "Guidelines for Managing Risk in the Australian Public Service". The report (extract at Attachment A) makes it clear that agencies will need support from review agencies if they are introduce fully effective risk management strategies. Strategies which are an integral part of agency good management practice. The ANAO has been very supportive of the need to apply risk management principles to people management processes (refer Attachment B ).
A key question...
Given that APS agencies are moving to an environment of less prescriptive rules and greater devolution and discretion being given to line managers, how should the risks be managed?
Attachment A: Recognising the multiple accountability mechanisms
Management of risk involves making decisions that must stand up to scrutiny from the APS accountability mechanisms. The accountability mechanisms all public service agencies should consider include:
- Parliamentary committees
- the Administrative Appeals Tribunal (AAT)
- the Australian National Audit Office (ANAO)
- the Commonwealth Ombudsman
- the Public Service and Merit Protection Commission (PSMPC).
In addition, decisions may be reviewed under the Administrative Decisions (Judicial Review) Act, by the Human Rights and Equal Opportunity Commission (HREOC), by the courts and by a range of agency specific statutory and non-statutory processes.
To ensure that integrity is always beyond question, programs should be managed so that scrutiny by these agencies can be done readily and openly.
A MAB-MIAC publication, Accountability in the Commonwealth Public Sector, discusses the difficulty with managing risk in the APS. Risk management, it says,
'recognises that mistakes will be made - but should not be repeatedly made. That would be risky management as would the case of a single palpably obvious and serious mistake that could have been avoided. If need be, public servants would be expected to defend the judgements involved in that risk assessment before Ministers and, through them, parliamentary committees. Adoption of a risk management approach has not led to any diminution in the requirement for due process, but rather to a heightened focus on cost-effective outcomes.'The process of reviewing programs will be far more efficient if the reasons for the decisions made are obvious and justifiable. A disciplined and systematic approach to managing risk will provide this.
(MAB-MIAC 1993a:16)
Attitudes and actions adopted by review agencies will mould expectations of APS managers. If the management of risk is to become an integral part of good management practice, review agencies have a responsibility to recognise and promote good risk management practice. If review agencies do not adopt supportive attitudes they may create a counter-culture to best practice in risk management.
Management Risk and the ANAO
The ANAO recognises that risk management has an important role to play in public administration and will continue to emphasise the need for the proper and effective use of risk management in the public sector.
The ANAO gives strong support for the implementation of these Guidelines as a useful framework and reference point for managers at all levels in applying a risk management approach in the Australian Public Sector. The Guidelines also provide a rational framework within which a broad and balanced approach to decision-making can be defended.
The ANAO will continue to review the implementation of risk management by agencies as a part of its ongoing audit programs and will, from time to time, identify areas which will require improvement.
The ANAO considers that the documentation of key risk management principles and management decisions is an essential element of risk management. Documentation should be sufficient to enable a decision or the design or a process to be reviewed and evaluated.
The ANAO does not expect agencies to produce separate risk management plans for the benefit of review agencies. Provided there is tangible evidence that the process has been conducted properly, documentation can and should be integrated into the normal planning and operational processes of an agency in the way that best suits their organisational needs.
Managing Risk and the Parliament
At the national launch of the Exposure Draft of the Managing Risk Guidelines the then Chair of the Joint Committee on Public Accounts (JCPA), Mr Les Scott MP, said:
'A systematic and inclusive risk management process that is fully integrated into all phases of program design, implementation and evaluation is not only a means of maximising program effectiveness but also a very good defence against public and parliamentary censure.'
While this statement cannot be taken to represent the views of all members of the JCPA, or the other committees of the Parliament, it nevertheless represents a very positive attitude to risk management principles and policies on the part of the JCPA.
Managing Risk and the Commonwealth Ombudsman
The Ombudsman's office points to a number of issues about the effect on clients of transferring risk from the Commonwealth to them.
It can be appropriate for agencies to transfer risks to clients when it is fair and equitable to do so, and when clients are fully aware of the risks and are in the position to manage these risks. Where the client is not in the best position to control the risk, or where there is no reasonable provision for those clients who may have special needs, it is not appropriate to transfer risks to clients.
The Ombudsman's office identifies the possibility of inappropriate transfer of risk to clients in streamlining work practices. For example, moves by agencies towards greater use of telephone advice to clients can constitute a more efficient use of resources. This can result in an increased risk of wrong advice being provided. The Commonwealth Ombudsman suggests that the risk can be managed better by agencies if they ensure that brief records of the oral advice are made and if they are prepared to compensate clients who suffer as a result of acting on wrong advice.
Agencies can transfer risk to clients through designing processes which are intended to be as simple and efficient as possible for operation of the program. When agencies streamline procedures to reduce the level of checks or the cost of some processes, they should take care not to transfer unreasonable requirements or responsibilities to clients.
Attachment B: Auditor-General's comments on the application of risk management principles to people management processes in the APS
Management of risk should be regarded as an integral part of the APS reform program..Prescription rather than trust is the basis on which many APS people management processes are founded. In order to move forward to a culture where staff are trusted, and therefore to have processes which are not overly prescriptive or rigid, agencies will need to adopt appropriate risk management practices.
"Managing Risk: Guidelines for Managing Risk in the Australian Public Service", Exposure Draft, July 1995.
In response to questions from the project team about the capacity to which risk management principles can be applied to people management processes, the Auditor-General has provided the following comments.
The Auditor-General supports the integration of appropriate risk management techniques in the day-to-day decision making of APS managers.
The Australian National Audit Office (ANAO) takes a positive approach to agencies who approach risk management by systematically applying management policies, procedures and practices to the task of identifying, analysing, assessing, treating and monitoring risks.
It is important that agencies are able to demonstrate that they have given deliberate attention to managing risk in the design of new or streamlined procedures. Those that ensure that their "rigorous, forward, responsible, and balanced"1 thinking is monitored, and can be reported upon if required, can confidently take the opportunities offered to improve their performance as they occur.
The ANAO recognises that risk management has an important role to play in public administration. Human resource managers in the APS who wish to implement more cost effective people management systems would be encouraged by ANAO, so long as the systems are defensible and appropriately documented and monitored.
Specifically:
- ANAO auditors expect Departments to consult widely and make well founded decisions when they are determining processes to be followed. When it comes to auditing, the ANAO would be looking for evidence that the agreed system was in place and being monitored appropriately;
- What is often needed in agencies is a greater awareness of the processes that have been agreed as an acceptable way to manage risks, better documentation, and evidence that when/if things go wrong, that there is an agreed approach to remedying the deficiency; and
- There needs to be agreement in the agency that the risk management system in place for that agency is a "communication device" which is useful to the managers as a tool to monitor what is going on in their agency, (something that is often more implicit in systems than explicit, and consequently a weak point in the overall management of an agency).
The ANAO is interested in how well risk management system is operating to deliver efficient and effective program outcomes. The controls built into the system are likely to be a focus of a financial statement audit.
1 The approach detailed in Managing Risk, Guidelines for Managing Risk in the Australian Public Service, Exposure Draft, Joint Publication of the Management Advisory Board and its Management Improvement Advisory Committee, Number 17, Commonwealth of Australia, 1995.
