Chapter 3: Risk and innovation
- Effective risk management is essential for the APS to achieve its outcomes and maintain public trust through strong governance.
- Active promotion of risk management issues and effective communication from senior leaders are positively associated with employee perceptions of risk culture.
- APS employees who were more likely to agree their agency is enabling innovation also viewed their agency as having a positive risk culture.
- Innovation through incremental change, rather than transformational change, is more common in the APS.
- Employees who are encouraged to make suggestions and feel valued for their contribution, have the most positive perceptions about innovation.
- The influence and ability of senior leaders to communicate strategic direction and organisational change effectively, supports positive perceptions about innovation.
In an increasingly complex policy development and delivery context, where public sectors are expected to manage within tight resourcing parameters, the ability to innovate is critical.
The OECD has circulated a draft proposal for a Declaration on Public Sector Innovation amongst member countries. The draft is seeking commitment of member countries to:
- embrace and enhance innovation within the public sector
- acknowledge that innovation is a responsibility of every civil servant
- equip civil servants to innovate
- cultivate new partnerships and involve diverse voices
- generate multiple options through exploration, iteration and testing
- diffuse lessons and share experience and practice.23
A key APS Value is commitment to service, specifically that the APS is professional, objective, innovative and efficient, and works collaboratively to achieve the best results for the Australian community and the Government.
Employee perceptions of innovation in their agency are captured in the annual APS employee census. The census assesses innovation through dedicated questions that contribute to an index score. This innovation index score assesses whether employees feel willing and able to be innovative, and whether their agency has an enabling culture for this to occur. The overall innovation index score in the APS is 64 per cent, a two percentage point increase from 2017.
This index comprises five questions about perceptions of innovation within an agency.
Figure 15: APS employee perceptions of innovation in their agency
Source: 2018 APS employee census
Most respondents believed that one of their responsibilities was to continually look for new ways to improve the way they work. Many also believed that their immediate supervisor encouraged them to come up with new or better ways of doing things. This encouragement from the immediate supervisor for innovation and creativity is reflected in other areas of the census. For example, more than 70 per cent of respondents indicated that their supervisor:
- encouraged them to contribute ideas
- invited a range of views, including those different to their own
- challenged them to consider new ways of doing things.
A substantial proportion of employees neither agree nor disagree with several items assessing innovation, such as their agency is inspiring and supports innovation. This suggests that more work is required at the agency-wide level.
Figure 16 shows that agencies with a higher innovation index are perceived to be much better at encouraging suggestions, caring about health and wellbeing, having high-quality SES who set clear strategic direction, and managing the workforce and change well. The results show that employee views about senior leadership and their immediate supervisor are strongly associated with their perceptions of their agency’s innovation culture.
Figure 16: Percentage point differences between the top and bottom 10 agencies for innovation
Source: 2018 APS employee census
In the 2018 APS employee census, 53 per cent of respondents indicated that their immediate workgroup had implemented innovations over the previous 12 months. Around two-thirds of these innovations related to process improvements. The top three impacts of the innovations implemented were:
- efficiencies created (30 per cent)
- service delivery enhanced (26 per cent)
- client experience improved (13 per cent).
The results suggest that incremental change, rather than transformational change, is more common in the APS. When asked to reflect on the barriers to implementing innovation in their agency, the top three barriers identified were insufficient time (44 per cent), inadequate resources (36 per cent) and lack of funding (35 per cent).
Australian Transaction Reports and Analysis Centre (AUSTRAC)—ASEAN-Australia Codeathon
The Australian Transaction Reports and Analysis Centre (AUSTRAC) hosted the 2018 Association of Southeast Asian Nations (ASEAN)-Australia Codeathon in Sydney during March 2018. This was the first financial intelligence Codeathon in Australia. The event brought together technology and innovation specialists to tackle regional challenges in the fight against terrorism.
The Codeathon was closely tied to the Prime Minister’s counter-terrorism agenda for Australia and ASEAN. It drew on the alliances between public and private partnerships and leveraged them to deliver counter-terrorism outcomes.
One hundred innovators from 10 countries, representing 27 organisations, collaborated to solve complex challenges focused on the theme of ‘leveraging innovation to combat money laundering, terrorism financing and cyber risks’. The teams were given 32 hours to solve challenges unveiled on the first day of the Codeathon:
- using big data to combat terrorism financing
- disrupting money launderers, terrorists and cyber criminals across ASEAN-Australia
- exploiting financial data to gain insights into crime and terrorism risks
- applying artificial intelligence to improve Anti-Money Laundering and Counter-Terrorism Financing compliance and suspicious matter reporting
- applying blockchain technologies to improve financial services
- collaborating and sharing knowledge to combat cybercrime, money laundering and terrorism.
Collaborating involved constructing innovative digital solutions to integrate and maximise the benefits of ICT in countering terrorism financing. Participants enjoyed the challenge of engaging to develop their skills, network with peers and collaborate to solve financial intelligence challenges. The outcomes of the Codeathon were presented in various forms including live applications or prototypes.
Since the event, AUSTRAC’s Innovation Hub has continued to work with event participants, including a team of university students. The Cyber Six’s solution involved applying artificial intelligence to improve Anti-Money Laundering and Counter-Terrorism Financing compliance and suspicious matter reporting. AUSTRAC and an event sponsor have organised for the team to participate in mentoring and development sessions, with a short-term goal of further developing their prototype for Financial Intelligence Units and the banking sector to detect risks from financial data.
AUSTRAC is developing an information sharing prototype with the assistance of other Codeathon participants which may be used by Financial Intelligence Units and law enforcement agencies to overcome challenges in following the money trail of criminal syndicates across the region.
The Codeathon demonstrated innovative thinking, encapsulating and empowering people to test and experiment with new ideas and approaches to solving Australia’s most complex law enforcement and intelligence problems.
Digital Transformation Agency—co-lab innovation hubs
The Digital Transformation Agency has established a co-lab innovation hub at its Sydney office and will open a second hub in Canberra in 2018. The labs will enable multidisciplinary teams from APS agencies to work with the Digital Transformation Agency, researchers and the private sector. The Department of Human Services will initially be hosted to develop initiatives for driving more co-ordinated digital service delivery across the department. It is anticipated this work will have flow-on benefits to other service delivery agencies, including the Department of Veterans’ Affairs.
In the 2018 APS employee census, respondents more likely to agree that their agency is enabling innovation, also viewed their agency as having a positive risk culture.
Engaging with risk
Most public service agencies still have a way to go in moving from reactive, defensive risk management to proactive, performance-focused risk engagement. Too often there remains a tendency to focus on compliance … rather than on performance. There remains too much focus on looking backwards, relying on evaluation and audit to identify problems after the event. There is not enough looking forward to prevent mistakes occurring.
Peter Shergold AC, Learning From Failure (2015)24
Effective risk management is essential for the APS to achieve its outcomes and to maintain public trust through strong governance.
Effective risk management can lead to opportunities, such as encouraging innovation and improvements to organisational processes and practices. The PGPA Act requires APS agency heads, as Accountable Authorities, to manage their organisations in a way that effectively manages risk and internal governance processes25 without imposing unreasonable levels of red tape, or stifling innovation.26
The recent review of the PGPA Act found examples of strong risk management across the Commonwealth public sector, but also examples of risk management failure, for example the IT failures at the start of the 2016 National Census.
Some of the risks faced by government can be complex and profound. Public sector entities must implement the decisions of government, or perform functions assigned to them in legislation enacted by the Parliament. Often these decisions and functions are bound by policy, compliance and accountability requirements that limit options for managing risk.
Alexander and Thodey, Independent Review into the Operation of the Public Governance, Performance and Accountability Act 2013 and Rule (2018).27
APS agency approaches to risk vary due to the many different types of work undertaken and the context in which it is performed.
The recent PGPA Act review found that:
… risk practice across the Commonwealth is still relatively immature. There is still significant work to be done to embed an active engagement with risk into policy development processes and program management practice, and to have officials at all levels appreciate their role to identify and manage risk.28
The 2018 APS employee census asked questions about employee perceptions of risk management and risk culture within their agency.
Figure 17: APS employee perceptions of risk management in their agency
Source: 2018 APS employee census
Encouragingly, most respondents agreed that their agency supports escalating risk-related issues to managers. Almost two-thirds of respondents agreed that risk management concerns are discussed openly and honestly in their agency. However, only 28 per cent agreed that appropriate risk taking is rewarded. A large proportion of respondents neither agreed nor disagreed with the questions posed.
I think we are managing risk far more effectively than we did five years ago and we are far more productive because of this.
- EL 2, large operational agency
The results suggest that a significant cohort of employees may not understand their agency’s risk management framework, may not observe or experience risk management in action, or simply do not know how the statements apply in practice in their agency. This suggests there is some way to go in building an appropriate risk culture in the APS.
Perceptions of risk culture are associated with workplace performance and satisfaction with senior leadership. Employees who viewed their agency as having a positive risk culture were more likely to:
- rate their agency as high performing
- rate their SES managers as being of high quality
- rate the communication between SES managers and other employees as effective
- agree that SES managers in their agency articulate the direction and priorities for the agency.
Respondents who viewed their workplace as operating in a high corruption-risk environment, tended to have more positive attitudes towards risk management.
Australian Bureau of Statistics—turning adversity into success
The ABS faced significant public scrutiny following the 2016 Census, as a result of public concerns about privacy and the decision to shut down the online Census form for 43 hours to protect Australians’ privacy. Despite the initial setbacks and the criticism levelled at the agency, the ABS successfully delivered the Census, achieving a 95 per cent response rate and higher-quality data delivered faster.
The ABS took many lessons from the 2016 Census. These included the need for:
- risk management capability to be lifted across the agency, bringing high risks to the attention of ABS Executive and ministers early, providing opportunity to mitigate them
- independent quality assurance for future programs
- strong and continuous community education, proactive issues management and rapid response to emerging challenges and concerns
- early and extensive engagement with community, stakeholders and political leaders in future high-profile, high-risk programs.
On 9 August 2017, the Treasurer directed the ABS to undertake a statistical collection that later became known as the ‘Australian Marriage Law Postal Survey’. This national survey was to inform one of Australia’s most important decisions—whether the law should be changed to allow same-sex couples to marry. It was a high-risk exercise and posed a significant challenge for the ABS, with only 99 days to design, develop and deliver the national survey, including processing and publishing the results.
Building on the lessons from the 2016 Census, the ABS used several new and innovative measures to deliver the Australian Marriage Law Postal Survey.
A designated taskforce was immediately established to follow the Government’s direction, including establishing governance structures to supported rapid delivery, rigorous risk management and central coordination.
The Commonwealth Risk Management Policy
In 2014, the Department of Finance released the Commonwealth Risk Management Policy (Risk Policy).
The Risk Policy’s goal is to embed risk management as part of the culture of Commonwealth entities where the shared understanding of risk leads to well informed decision making. It supports the requirement in the PGPA Act that Commonwealth agencies must appropriately manage risk.
The Risk Policy outlines nine elements of good risk management practice with which non-corporate Commonwealth entities must comply:
- establishing a risk management policy
- establishing a risk management framework
- defining responsibility for managing risk
- embedding systematic risk management into business processes
- developing a positive risk culture
- communicating and consulting about risk
- understanding and managing shared risk
- maintaining risk management capability
- reviewing and continuously improving the management of risk.29
Entities undertake an annual self-assessment of their performance against these elements and report results to Finance. Entities and their risk and audit committees use data from the self-assessment to monitor and improve their risk management performance. Finance uses the data to target its risk services to areas that entities are finding challenging.
This data has shown a consistent increase in risk management maturity in the four years since the Risk Policy was introduced.
Data from 2018 found modest improvements against all of the policy’s nine measures. Entities scored best in establishing risk management policies, embedding systematic risk management and defining responsibilities for managing risk.
The lowest scoring measures were developing a positive risk culture, understanding and managing shared risk and maintaining risk management capability.30 These measures are considered the most challenging to improve because they rely on changes to organisational culture and capability.31 These are also what the Alexander and Thodey Review (2018)32 and the Shergold Review (2015)33 suggested need the greatest improvement.
The 2018 APS census results broadly support the findings from this self-assessment, suggesting that employee perceptions about risk management and the culture within their agency are good indicators of the agency’s risk management performance. Effective risk management, the use of risk appetite and tolerance statements, and the development of a positive risk culture can support higher levels of innovation and, in turn, better organisational performance.
23 OECD (draft), ‘Proposal for a draft Declaration on Public Sector Innovation’. Use of draft authorised by the OECD.
24 APSC (2015), ‘Learning from Failure: why large government policy initiatives have gone so badly wrong in the past and how the chances of success in the future can be improved’, p. vi.
25 Public Governance, Performance and Accountability Act 2013, Part 2-2, Division 2, Subdivision A.
26 Department of Finance (2016), Guide to the PGPA Act for Secretaries, Chief Executives and Governing Boards (Accountable Authorities): Resource Management Guide No. 200.
27 Alexander, E and Thodey, D (2018), Independent Review into the Operation of the Public Governance, Performance and Accountability Act 2013 and Rule, p.20.
28 Alexander, E and Thodey, D (2018), Independent Review into the Operation of the Public Governance, Performance and Accountability Act 2013 and Rule, p.20.
29 Department of Finance (2018), Benchmarking Survey 2018—Risk Management Capability Maturity States.
30 Deloitte (2018), Risk Management Benchmarking Program 2018 Key Findings Report.
32 Alexander, E and Thodey, D (2018), Independent Review into the Operation of the Public Governance, Performance and Accountability Act 2013 and Rule.
33 APSC (2015), ‘Learning from Failure: why large government policy initiatives have gone so badly wrong in the past and how the chances of success in the future can be improved’.