Public sector ‘lacks effective risk management mechanisms’

MORE THAN a third of public sector organisations do not have effective mechanisms in place to manage risk, research from the Chartered Institute of Internal Auditors (CIIA) suggests.

Heads of internal audit at 42% of central government departments, and 37% of local government organisations, rated their risk awareness and management as ‘in the early stages’, ‘in development’ or even ‘non-existent’.

The IIA warns that a large proportion of the public sector could be vulnerable to serious financial or operational failures.

“The public sector is undergoing huge structural reorganisation at the moment, and with restructuring invariably comes new and changed risks,” said Dr Ian Peters, chief executive of the IIA (pictured).

He went on to say: “This makes the poor ratings on the management of risk given by many public sector Heads of Internal Audit to their own organisations a matter of serious concern.”

According to the IIA’s research, 24% of public sector heads of internal audit are predicting budget reductions next year, compared to less than 10% in the private sector.

Peters added: “While heads of internal audit understand they cannot be immune from the drive for greater efficiency, the ability of the profession to respond to these challenges is being constrained by a lack of resources.”

The research also showed outsourcing was listed as a top risk by 12% of public sector organisations’ heads of internal audit, compared 37% in the private sector.

The CIIA highlights that outsources public sector projects to private sector contractors has resulted in problems. These include the failure of G4S to provide adequate security staff for the Olympics, which forced the organisers to call on the army.

“The private sector is generally aware of the risks of outsourcing – if a supplier fails to deliver on price, quality and deadlines that can wreak significant financial and reputational damage,” said Peters.

Related reading


  • arwanto

    what is the risk for goverment if they don’t use risk management in their job??