Accountability and Expertise in Public Sector Risk Management: A Case Study

• DOI: http://doi.org/10.1111/faam.12039
• Published date: 01 August 2014
• Date: 01 August 2014
• Author: Tommaso Palermo

Financial Accountability & Management, 30(3), August 2014, 0267-4424

Accountability and Expertise in

Public Sector Risk Management:

ACaseStudy

TOMMASO PALERMO∗

Abstract: This paper examines the adoption of a formal risk management

framework in a large public sector organisation. The paper shows the relevance

of risk management as an accountability tool, extended by means of disclosure to the

scrutiny of distant others. The paper also reveals how the use of risk management

is dependent on relational skills, knowledge of business activities and professional

experience. Risk management can be seen as both a context-dependent device and

as a technique abstracted from a context. The paper discusses how risk officers deal

with this complexity, addressing the expectations of multiple organisational actors

and external entities.

Keywords: risk management, accountability, expertise, public sector

INTRODUCTION

Since the late 1990s, formal risk management processes, techniques and roles

have become increasingly diffused in the public sector (Fone and Young, 2000;

Drennan and McConnell, 2007; and Collier, 2009). These private-sector-derived

organisational arrangements, which constitute a ‘new world of generic risk

management’ (Hood and Miller, 2009, p. 3), are considered a dimension of

good governance and a tool to improve public service delivery (CIPFA, 2001;

Audit Commission, 2001; and HM Treasury, 2004).

However, the adoption of generic risk management frameworks in the public

sector has been criticised by a number of scholars who point to their use for

∗The author is from the Department of Accounting, London School of Economics and Political

Science. He acknowledges the helpful comments from John Ferguson, Martin Messner, Dane

Pflueger and the participants in the 2011 NPS seminar (Edinburgh Business School). The

financial support of the Management Control Association is also gratefully acknowledged.

The author would like to thank the managers who collaborated for their time and patience.

Address for correspondence: Tommaso Palermo, Department of Accounting, London School

of Economics and Political Science, Houghton Street, London WC2A 2AE.

e-mail: T.Palermo@lse.ac.uk

C

2014 John Wiley & Sons Ltd, 9600 Garsington Road,

Oxford OX4 2DQ, UK and 350 Main Street, Malden, MA 02148, USA. 322

RISK MANAGEMENT IN THE PUBLIC SECTOR 323

defensive management and blame-avoidance in a context uniquely influenced

by the political and societal spheres (Power, 2007; Hood and Miller, 2009; and

Lapsley, 2009). Moreover, corporate failures such as WorldCom and Enron and

the recent financial crisis have raised questions regarding the efficacy of the

‘new’ risk management1in private and public sector organisations alike (Hood

and Miller, 2009; Lapsley, 2009; and Mikes, 2011).

This paper aims to explore why private-sector-derived risk management

principles and instruments are adopted and retained in the public sector, despite

corporate failures and growing criticism of formal and generic risk-related

organisational arrangements. To this end, the paper examines how a new risk

management framework is developed in a large UK public sector organisation.

Drawing on new institutional theory and research on risk management and

accounting change in the public sector, the paper explores how formal risk

management structures, roles and instruments are related to a variety of

environmental pressures and the work of multiple organisational actors.

The case study findings draw attention to notions of accountability and

expertise in relation to public sector risk management. First, the study shows the

relevance of risk management as an accountability tool, extended by means of

disclosure to the scrutiny of distant others. In line with prior studies (Crawford

and Stein, 2004; Woods, 2009; and Collier and Woods, 2011), accountability

expectations are shown to be related to environmental pressures such as

government policies, external assessment criteria, and professional standards.

The paper adds to the literature by exploring the multifaceted nature of

exchange and communication of internal mechanisms between an organisation

and external entities. Whilst risk management accountability is often related to

a dysfunctional emphasis on auditable trails and documentation (Power, 2007;

and Lapsley, 2009), the case study suggests that risk management disclosure can

also influence organisational performance by reducing the cost of borrowing and

insurance premiums. The case study findings also challenge the idea of a clear-

cut distinction between intra-organisational dynamics and external pressures.

An example of this is that the case study organisation itself became a model

that others sought to use in developing their own risk management processes.

Second, the paper sheds light on the expertise required to put risk

management at work. Prior research (e.g., Scheytt et al., 2006; and Woods,

2009) suggests that various entities such as practising organisations, the

media and consultants contributed to make risk management an increasingly

formalised organisational and management practice. The case study shows

that the use of risk management tools is dependent on elements such

as relational skills, knowledge of business activities and prior professional

experience. Specifically, the paper provides insights into the role of risk officers

as change agents. In line with recent new institutional work (Lounsbury, 2008;

and Modell, 2009), the paper shows how their activities can be related to

the ambivalent logic of the ‘new’ risk management, which emphasises both

generic organisation-wide representations of risks and front line responsibility

C

2014 John Wiley & Sons Ltd