17. Today's civil servants need to be risk managers with the skills to manage the associated risk of dealing with contractors, large budgets, complex delivery chains, and the risks of delivery failure.[64] Taking opportunities to improve public services requires taking risks, and the ability to manage those risks requires officials to have the skills, knowledge and training to do so.[65]

Encouraging innovation and well managed risk taking

18. In a mature risk culture which encourages innovation and well managed risk, it is recognised that when risks are taken projects will not always succeed.[66] If departments are too cautious and risk averse they are unlikely to act on opportunities to move forward and improve services.[67] Just one quarter of departments in the NAO's survey, however, consider they know how much risk they can take to achieve objectives.[68] A department with well managed risks will have formed a view about its risk appetite, in terms of its willingness and preparedness to take risks and where it should be more risk averse. For example a department may be prepared to take more risks in new policy initiatives, whilst it may need to monitor closely or minimise risks being taken in essential service delivery or corporate governance.[69]

19. The performance partnership which is now reached with heads of departments sets down their major objectives, public service agreements, and incentives for them to perform.[70] Although three quarters of departments in the NAO's survey said they supported innovation to achieve objectives and two thirds said they supported well managed risk taking, just 20% considered they rewarded well managed risk taking. Despite support for the concept, therefore, in practice there is a perception that there is little incentive for civil service managers to take well managed risks.[71]

Securing improved performance from better risk management

20. By April 2004, the main perceived impact of the Risk Programme amongst risk improvement managers in departments had been in helping them put in place procedures, systems, policies and strategies, and engaging senior managers.[72] Reliance on processes at the expense of good judgement can however create an environment in which staff see risk management as a bureaucratic burden. Emphasis on processes and procedures may even encourage them to be more risk averse.[73]

21. To maintain the momentum generated by the Risk Improvement Programmes, more progress is needed to embed risk management in the day to day activities of departments. While three quarters of departments have implemented risk strategies in key areas, these are not always sufficiently well developed or understood by staff.[74] Departments 'living the risks' in the everyday thoughts and actions of staff are more likely to embrace a culture which encourages well managed risk taking.[75] Such departments will regularly review the risks they face,[76] whether external events and developments, risks arising from operations such as projects not being delivered on time and budget, or risks arising from changes and new ways of doing things, such as the introduction of new policies. They will also assess their preparedness and capabilities to manage the risks, deploying the right resources to manage actively the risks[77] and communicating support for risk management to staff.[78]

65   Q 112 Back

66   C&AG's Report, para 25  Back

67   Q 14 Back

68   C&AG's Report, para 19 Back

69   ibid, para 26 (ii) Back

70   Q 82 Back

71   C&AG's Report, para 2.24; Q 82 Back

72   C&AG's Report, Figure 12; Q 81 Back

73   C&AG's Report, para 1.10; Q 110 Back

74   C&AG's Report, para 21 Back

75   Q 110 Back

76   Q 2 Back

77   Q 112 Back

78   C&AG's Report, para 25 Back