Risk management is a rapidly developing management discipline coming from private industry and today, it is advanced in the financial sector. In public sector organisations it is hardly implemented, although there is a clear added value in a more systematic decision-making process, more efficient strategic planning, and better costs and resources allocation. Implementing enterprise risk management in public sector organisations represents a shift in paradigm; nevertheless, it is a must-have in public administrations and a key element of good public governance.
The Austrian Federal Ministry of Finance committed itself to an integrated governance-risk-compliance management, which unites risk and compliance management processes and coordinates with relevant other organisational areas such as internal audit or quality management. This approach is unique for a public sector organisation across Europe as mainly only fragmented or siloed risk-management approaches are in place.
To professionalise and standardise the process within the Ministry, a governance-risk-compliance (GRC) IT tool was developed. This tool combines the advantages of standardisation and automatisation as well as information security and data protection, with increased user-friendliness, raised acceptance and enhanced transparency across the Ministry. It is interactive and personalised in communication, and intuitive when applying – no special training is necessary. Resources and time are saved for risk updating, analysis, comparisons and tracking of changes and developments. The GRC IT tool provides authentic, relevant and referable data, it is auditable and has the highest security settings. The GRC management process on the one hand and the GRC IT tool on the other hand are both easily, and without high resource investments, adaptable and transferable to other public sector organisations. This is possible due to the internationally accepted standard processes that build the basis for the GRC management and the developed framework for the GRC IT tool. The agile method used in this case takes into account that software development processes are characterised by learning, innovation and surprise.