Part One – An overview of Risk Management at a Local Government level
In this, the first of a series of articles exploring the role and impact of risk management at a local government level, we provide a general overview of risk management within this vital sector and the overwhelming impact it can have on society.
“May you live in interesting times” has long been quoted as an old Chinese curse, used ironically to imply that uninteresting times, where conflict, political turmoil and instability are absent, offer conditions far more favourable to living a longer life than do interesting times, where these elements are rife. And although the origin of the phrase may be in question, truth be told, we do live in extremely interesting times indeed. So are we cursed? I’d argue that far from being a curse, “living in interesting times” is in fact a blessing, filled with a myriad of opportunities to effect massive change, sometimes through big, bold, world-altering actions, but more often through small, decisive and well executed activities and programs. Big picture thinking is vitally important to the future success of any society, and in the public sector, policy setting can dictate long term success or failure for a country, with a knock-on effect felt through every element of its citizenry. But policy direction, legislation and political ideologies remain purely words and ideals until implemented at the coalface, and the real responsibility for turning these words into actions lies with municipalities, the public servants employed by them, and their constituents whom they serve.
One of the key cornerstones of good governance in the public sector is a strong, focused and dedicated approach to the management of risk. Risk management has in fact been identified as a strategic imperative, no longer an option, key to the achievement of objectives, and the effective utilisation of what we all know is very limited resources, in order to deliver a broad range of services. This is no more evident than at a local government level, where metropoles, districts, and local municipalities are constantly focused on providing infrastructure and services in order to grow their economies, consistently delivering both essential and non-essential services, and of course maintaining the support of their constituents. No mean feat when one considers the challenging economic and social challenges faced.
Within the spheres of local government (and in fact within most components of the public sector in South Africa as a whole), excellent legislation and guidelines have been put in place with a view to encouraging the adoption of sound risk management principles, and the maintenance of effective, efficient and transparent systems of risk management and control. The Municipal Finance Management Act (MFMA) quite clearly states in Section 62 (1)(c) that it “Requires the Accounting Officer to ensure that the municipality has an effective, efficient and transparent system of financial and risk management that is supported by a system of internal control”, and the Public Sector Risk Management Framework with its various guidelines and supporting documents has gone some way towards clarifying what is required when implementing this risk management policy within a municipality. When read in conjunction with other local legislation such as the Municipal Systems Act, Disaster Management Act, Occupational Health and Safety Act and the Hazardous Substances Act, as well as codes of best practice such as the Integrated Risk Management Framework (IRMF), ISO31000, and the King IV™ Code, there is no shortage of guidance urging sound risk management.
When effectively implemented, these acts, guidelines and codes can go a long way to enhancing the achievement of the municipality’s governance obligations, improving results through a far more informed decision-making process, promoting a risk and control based approach by encouraging responsible risk-taking within a context of oversight control, strengthening accountability via a sound understanding of the risk structure and the linking of these risks to performance measures, and greatly enhancing leadership by strengthening the capacity to provide a high level of public service. In reality though there are multiple challenges to confront when converting these sound principles into meaningful action, and these challenges have been shown to derail risk management within a municipal setting on several occasions in the past.
In the June 2016 Auditor General Report on local government outcomes for the 2014-2015 financial year, which saw some major improvements to audit outcomes in certain areas, it was noted that governance at several municipalities was greatly enhanced by well-functioning audit committees, as well as the support of internal audit units. Councils and municipal management used the internal audit units to identify risks, as well as the controls to be implemented to mitigate these risks. In the same report though, it was found that management (accounting officers and senior management), the political leadership (mayors and councils), as well as oversight, do not respond with the required urgency to consistent messages about addressing risks and improving internal controls, with the majority of municipalities’ status in all areas of control rated as either ‘concerning’ or ‘intervention required’. This points quite clearly to a disconnect between the attitude towards risks and controls raised and highlighted through an internal audit process, and the actual day-to-day operational realities faced by the risk department to inculcate risk and control management into everyday business processes.
It is broadly accepted that for risk management to thrive within any organization, there are several critical success factors that need to be in place such as support from the various management levels, the involvement of all stakeholders combined with a conscious effort to improve their risk awareness and knowledge, and the effective communication of risk information throughout that organization. However, our observation based on interactions with risk officers within local government in South Africa is that risk management is often implemented in a silo, allocated to one official (Chief Risk Officer), treated as a tick-box compliance exercise, and often not viewed as an important enough element of the decision-making process. This lack of involvement of risk management in the strategic decision-making of the municipality results in a deficiency of any meaningful action, and often sees the risk department reduced to the role of reporting mechanism, with very little follow through on the analysis done up to that point. It is thus vital that risk management is seen as a strategic program with critical and wide-reaching objectives, intricately aligned with policy, with complete transparency throughout all shareholders, including its citizens. The goal of risk management within a municipality should be to ensure that municipal employees are well prepared for any eventuality, whether it be related to health and safety, extreme weather, or changes in the political and/or economic landscape, and that cities and towns are kept clean and safe, so that the elements that contribute to the quality of life of its residents (such as teaching, policing and recreation) can receive the vital attention they need.
To bring the human element into this, the “Batho Pele” (“People First”) principles of consultation, service standards, access, courtesy, information, openness and transparency, redress, and value for money require public servants to be polite, open and transparent and to deliver good service to the public, thus ensuring a common goal, and a drive throughout the municipality to achieve this goal. The implementation and adherence to “Batho Pele” can play a very important role in the effectiveness of the risk management policy and framework by ensuring every stakeholder is service and outcome driven. The purpose, as aspirational as it may sound, is to enable all municipal employees to be soldiers in an army of risk champions, well trained and armed with the appropriate tools to enable them to view risk management as an essential part of their job, and to ensure that the army’s General, the Chief Risk Officer, has the ability to consider all risks and opportunities faced, throughout the entire municipal structure, based on sound information gathered.
We all know that when the rubber meets the road, and we’re thrust into this vehicle called a Municipal Risk Management Department, reality kicks in, and we’re faced with some impediments to our lofty goals of transforming our specific entity through a brilliant risk management approach.
In the next article we’ll go into more detail in examining some of the challenges faced by municipal risk officers when initially implementing a risk management framework and methodology as well as the obstacles encountered when trying to maintain this strategy going forward. We would love to hear your feedback, as well as some of the experiences you’ve had. Please feel free to email me on paul@barnowl.co.za.
“If we could change ourselves, the tendencies in the world would also change. As a man changes his own nature, so does the attitude of the world change towards him… We need not wait to see what others do” – Mahatma Gandhi
Author – Paul van der Struys
May 2017