Federal agencies are increasingly expected to adopt enterprise risk management (ERM). However, public sector adoption of ERM has typically focused on the economic efficiency of tax-financed activities based on control-based practices. This reflects an emphasis on quantifiable concerns that invariably directs attention to risk, that (by definition) relates to identifiable and measurable events, thereby downplaying uncertain and unknown aspects of public exposures. This is a potentially serious shortcoming as government entities often act as society's risk managers of last resort. When extreme events happen what were previously considered private matters can quickly turn into public obligations. Hence, there is a need for proactive assessments of the evolving public risk landscape to discern unpredictable-even unknowable-developments.
The article reviews recent empirical studies on public risk management practices, effects of digitalization in public sector institutions, current strategic management research, and insights uncovered from a recent study of risk management practices in federal agencies. On this basis, the article explains how the ability to generate value from ERM can be enhanced when it intertwines with local responsive initiatives and central strategic risk analyses. It can form a dynamic adaptive risk management process where insights from dispersed actors inform updated risk analyses based on local autonomy and open exchange of information. This approach builds on specific structural features embedded in culture-driven aspirations to generate collaborative solutions. Its functional mode is an interactive control system with open discussions across levels and functions in contrast to conventional diagnostic controls that monitor predetermined key performance indicators (KPIs) and key risk indicators (KRIs).
Backed by theoretical rationales and empirical research evidence, it is found that applications of ERM frameworks can produce positive results but is unable to deal with a public risk landscape characterized by uncertain unpredictable conditions with potentially extreme outcome effects. It is shown how interactive exchange of fast local insights and slow integrated strategic risk analyses supported by digitized data processing can form a dynamic adaptive system that enable public sector institutions to deal with emergent high-scale exposures. It is explained how the requirement for conducive organizational structures and supportive values require a new strategic risk leadership approach, which is contrasted to observed practices in federal agencies that are constrained by prevailing public governance requirements.
The need to deal with uncertainty and unknown conditions demands a cognitive shift in current thinking from a primary focus on risk to also appraise complexity and prepare for the unexpected where data-driven methods can uncover emergent exposures through dynamic information processing. This requires strategic risk leaders that recognize the significance of complex public exposures with many unknowns and a willingness to facilitate digitalized information processing rooted in a collaborative organizational climate. If handled properly, adoption of ERM in public risk management can consider emergent dimensions in complex public exposures applying interactive information processing as a dynamic adaptive risk management approach incorporating digitized methods to solicit collective intelligence for strategic risk updating.