Managing risk

Managing risk

Lessons from the 'house of horrors' - the Australian government’s home insulation programme.

This is an election year, and the Australian Federal Government’s home insulation programme has become its own “house of horrors”, forcing the Prime Minister to make some frank admissions. So, how could a process-oriented government find itself stuck in this position? What are the implications for IT project managers who are frequently required to deliver systems to manage government programmes?

The home insulation programme began with such high expectations. It was set up as part of the Government’s response to the Global Financial Crisis to help stimulate the economy. At the same time the programme was expected to deliver green savings to home owners, and provide a showpiece for the Government’s green credentials. However it all went wrong in the most spectacular fashion, as a number of Australian homes turned into death traps due to poor contractor workmanship.

The recent political debate has focused on the programme’s failings and the appropriateness of its risk matrix. But, risk management is more than just managing a documentation tool, risk management is all about managing risk.

The home insulation programme turned out to be a high risk one. It was high risk to citizens, high risk to small business and, ultimately, high risk to the government. As such, the Prime Minister and the responsible Minister, Peter Garrett, have been forced to eat humble pie.

In an election year, this poorly-planned programme delivers some powerful messages about the way government agencies need to manage risk.

The programme’s risk matrix did raise a number of startling concerns, and this has fuelled intense political debate about it. However, we must take care not to shoot the messenger. The authors of risk management plans should be encouraged to uncover all potential risks and to document them as plainly and as clearly as possible. But this is just one step along the way.

Risk management can sometimes be seen as an annoying distraction from real project delivery work. Optimistic managers can sometimes place too much hope on the heroic efforts of key individuals and their ability to deal with any potential problems.

If there is to be any take home message from the failed home insulation programme, it is the realisation that citizens rightly expect appropriate risk management from their government officials. Indeed, it is a basic foundation for efficient and effective government service delivery.

Government ICT learned many years ago that you can’t outsource accountability. Government managers are responsible for managing project risk even if the delivery is outsourced. But the pressure to deliver government outcomes can sometimes be significant, and it can take a brave project manager to raise questions about risk.

Sir Peter Gershon noted this issue in his review of government ICT in October 2008.

He said, “There is too much variation in the degree and quality of interaction between policy formulation and implementation. There is a broad spectrum of practice, ranging from early and ongoing consultation between policy makers and policy implementers, to no consultation, and announcements made in the press which come as a surprise to those delivering the policy. This issue is exacerbated by the increasing complexity of some policies.”

“There are real downstream implications and risks for policy implementation from poorly considered policy design”.

However, it is not all bad news. Australia has a long history of world leadership in the development of risk management standards.

Australia first released its national standard, some 15 years ago. Over subsequent years, government tenders have mandated the application of this standard in its contracts. In November last year, the Australian standard was replaced by a new international standard ISO 31000. The new standard largely built on the Australian standard.

Given Australia’s impressive history in developing risk standards, it is probably time for us to take our own medicine. Managing risk is much more than developing a matrix. It is a major cultural shift that impacts all operations of an agency.

The new standard outlines a clear approach for measuring whole of agency performance in dealing with risk. The criteria are:

• Continual improvement.

• Full accountability for risks.

• Application of risk management in all decision making

• Continual communications.

• Full integration in the organization's governance structure.

Given the heightened sensitivities in an election year, there may be value in agencies quickly assessing themselves against the new criteria.

Kevin Noonan is a research director in Ovum’s government practice in Australia and New Zealand.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags costovumopinionanalystpublic sectorproject failuregovernment CIOGovernment ICT

Show Comments