The challenge of outsourcing is balancing the risks and rewards.
There is no doubt that outsourcing is a significant challenge for most chief executive officers (CEOs) and many managers at all levels of the public service. But outsourcing is basically a means to an end - and it is the ends that are of primary strategic and operational importance to those managers. This priority is reflected in the government's public service reforms, particularly with the outputs and outcomes focus both on performance and for budgeting.
The question that has to be asked is what stands between managers and the achievement of required results. I contend there has been a growing realisation that a key impediment has been a failure to deal adequately with risk, including recognising risk as an opportunity and not simply something that has to be minimised or eliminated. In this connection, I was interested to read Richard Humphry's comment to the Senate Finance and Public Administration References Committee on his independent review of information technology outsourcing.
"The report was produced, at the request of government, on future risk," Humphry wrote. He went on later to observe: "The key interest I have was in identifying risks".
As I read his report, his overriding concern was to make recommendations on how best to manage those risks. That is a concern I also share.
Humphry pointed out that there were several risk management lessons to be learned.
The most significant risk factors were the unwillingness to change and the failure to buy in the appropriate expertise.
There was a lack of focus on the operational aspects of implementation.
There was insufficient attention paid to the necessary process of understanding the agencies' business.
There was insufficient consultation with key stakeholders.
As Auditor-General, I see documentation of key risk management principles and management decisions as an essential element of the public sector accountability framework. However, just as importantly, documenting and communicating key processes and decisions throughout an organisation: improves the transparency and consistency of decisions made by the agency over time; contributes to the cost-effective achievement of stated outcomes; promotes a shared ownership of decisions throughout the agency; and places the agency in a considerably stronger position to defend to the parliament and clients any decisions made.
Risk management is primarily the responsibility of the CEO and the board. Effective governance arrangements require senior management and directors to identify business risks as well as potential opportunities, and ensure establishing, by management, of appropriate processes and practices to manage all risks associated with the organisation's operations.
There is no doubt that the more "market-oriented" environment being created in the Commonwealth public sector is inherently more risky from both performance and accountability viewpoints. To good managers, it is an opportunity to perform better, particularly when the focus is more on outcomes and results and less on administrative processes and the inevitable frustration that comes from a narrow preoccupation with the latter.
It is important for us all to remember that the public service is just as accountable to the government and the parliament for processes as it is for the outcomes it achieves. That is inevitable and proper. In my experience, however, some agencies, faced with the prospect of adverse comment in an audit report about the transparency and accountability of their risk management or other processes, have argued for a greater emphasis on the outcomes achieved by the agency. As with many decisions in the public sector, a suitable balance has to be struck. Sound processes can contribute significantly to good outcomes or results. They are not alternatives. This may also be a lesson for the private sector in its dealings with the public sector, not least in the management of contracts for outsourced services.
Pat J Barrett is the Commonwealth Auditor-General
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.