Risk management is a rapidly developing management discipline coming from private industry and is today advanced in the financial sector. In public sector organisations it is hardly implemented although there is a clear value added in a more systematic and thorough decision-making process, more efficient strategic planning and better cost and resource allocation. Myriad uncertainties have substantial consequences on public-sector organizations which have crucial role in every economy. Implementing enterprise risk management in public sector organisations represents a shift in paradigm. Nevertheless, risk management is a must-have in public administrations and a key element of good public governance.
The Austrian Federal Ministry of Finance committed itself to an integrated Governance-Risk-Compliance Management, which unites risk- and compliance-management processes and coordinates with relevant other organisational areas such as the internal audit or quality management. This approach is unique for a public sector organisation across Europe as mainly only fragmented or siloed risk-management approaches are in place. To professionalise and standardise the process within the Ministry a GRC IT tool was developed.
The GRC IT tool combines the advantages of standardisation, automatization as well as information security and data protection with increased user-friendliness, raised acceptance and enhanced transparency across the Ministry. The tool is interactive and personalised in communication and intuitive when applying and there is no special training necessary. Resources and time are saved for risk updating, analysis, comparisons and tracking of changes and developments. In the sense of a single-source-of-truth the GRC IT tool provides authentic, relevant and referable date and furthermore, it is auditable and has highest security settings.
The GRC Management process on the one hand and the GRC IT tool on the other hand are both easily, and without high resource investments, adaptable and transferable to other public sector organisations. This is possible due to the internationally accepted standard processes that build the basis for the GRC Management and the developed framework for the GRC IT tool.
The agile method used in this case takes into account that software development processes are characterised by learning, innovation and surprise. The stakeholder involvement has proven very successful. The stakeholders could gradually experience the project progress in terms of product deliverables and had the flexibility to adapt their requirements. The development team was highly motivated from the constant feedback and was able to deliver the best results to meet given requirements.
To summarise, there are three main points why this project should be recognised among the best, most innovative and efficient performers from the European public sector. First, today there is no comparable holistic enterprise risk management approach in place in the public sector but this will be the case in the future. Second, it is applied in an up-to-date software solution. And finally, it was developed with an innovative agile method for software development.
|Award category:||new solutions to complex challenges - a public sector citizen-centric, sustainable and fit for the future - european or national level|
|Type of activity:|
|Keywords:||Governance Risk Compliance Management Security Agile IT New Public Management|
|Short English description:||The Austrian Federal Ministry of Finance committed itself to an integrated Governance-Risk-Compliance Management, which unites risk- and compliance-management processes and coordinates with relevant other organisational areas such as the internal audit or quality management. This approach is unique for a public sector organisation across Europe as mainly only fragmented or siloed risk-management approaches are in place. To professionalise and standardise the process within the Ministry a GRC IT tool was developed.|
|Organisation:||Federal Ministry of Finance Austria|
|Level of government:||national level|
|Size of organisation:||>100|
|Number of people involved:||6-10|
|EU membership:||EU member|