Strengthening public sector governance: The case for embedding risk management in  state institutions

By Kenneth Owusu Asante Amponsah

Ghana’s public sector is central to national development. It delivers essential services, drives major infrastructure projects, and oversees vast fiscal responsibilities.

Yet, year after year, reports from the Auditor-General and the Public Accounts Committee highlight recurring issues: procurement irregularities, underperformance of SOEs, lapses in project delivery, and financial leakages. At the heart of these issues is a governance gap.

As Ghana strives toward inclusive development, macroeconomic stability, and improved public service delivery, one foundational pillar remains underdeveloped in many public and state-owned institutions: a structured and proactive approach to risk management.

While risk management is embedded in private sector governance—particularly within financial institutions—it remains largely informal or absent in much of the public sector; this is a missed opportunity.

Risk events are often managed reactively after damage has occurred. In contrast, institutions with structured risk management frameworks anticipate risks and implement controls to avoid them altogether.

What is Risk Management in Public Services?

Risk management in a public institution involves systematic identification, evaluation, and treatment of threats that could affect the achievement of service delivery, policy implementation, or institutional reputation. These threats may be:

1. Operational: Disruption in service delivery due to outdated infrastructure.
2. Financial: Budget overruns or misuse of funds.

• Reputational: Public backlash from unfulfilled promises or perceived corruption.

1. Compliance-related: Breaches of procurement laws or regulatory guidelines.
2. Strategic: Inadequate planning or failure of national programs.

It is a myth that risk management is only relevant to corporate boardrooms or financial institutions. In truth, governments face even more complex risks, especially in this era of climate uncertainty, rapid technological change, geopolitical shifts, and increasing public scrutiny.

Public Institutions need Risk Management functions to effectively achieve the following:

1. Better Resource Stewardship: Government projects often involve large budgets sourced from public funds or international partners. Risk management ensures that these funds are used efficiently by minimizing fraud, waste, and inefficiencies.
2. Strengthened Institutional Reputation: Public trust in state institutions is built when citizens see transparency, accountability, and responsiveness. Risk-aware institutions are better at communicating decisions, managing expectations, and avoiding reputational crises.

• Proactive Response to Emerging Threats: From cyberattacks on e-government platforms to climate-related disasters, the risks facing the public sector today are dynamic and interconnected. Risk management helps anticipate and plan for these scenarios, avoiding major disruptions.

1. Alignment with National Development Goals: A risk-based approach ensures that policies and programs are executed with precision and foresight. This supports Ghana’s long-term goals under Agenda 111, Ghana CARES, and the SDGs.

Lessons from the Private Sector:

The banking sector offers a useful blueprint. A well-documented risk governance framework is a standard in every Ghanaian bank, driven by both regulation and business need. The appointment of Chief Risk Officers (CROs), the use of enterprise risk management (ERM) systems, and risk appetite statements have become critical to ensuring financial stability.

Public institutions can adopt similar frameworks—with necessary adaptations. For instance, ministries can establish Risk Oversight Committees under their Chief Directors, supported by internal risk units that develop and monitor risk registers, compliance dashboards, and project-specific risk assessments.

Global Best Practices

International models show the benefits of embedding risk management in government operations:

1. United Kingdom: The UK government uses the ‘Orange Book’, a guide for risk management in public services, including risk registers, accountability maps, and performance monitoring tools.
2. Australia: Agencies are required by law to integrate risk management into strategic planning and reporting.

• Rwanda: The country’s national risk management policy requires all ministries to maintain active risk logs and report to the Office of the Prime Minister.

Ghana can draw lessons from these frameworks while designing a context-specific approach that fits our governance structures.

Whose Responsibility is it Anyway?

One common challenge is defining the boundary between organizational and individual responsibility in managing risks. In the context of public institutions:

• Employers (Government agencies) must provide the structure in the form of dedicated risk units, policies, tools, training, and leadership support.
• Employees (Public servants) are responsible for applying risk principles in their roles, reporting red flags, and championing ethical conduct.

This dual responsibility fosters a culture of risk ownership, where every officer sees risk management as part of their role, not just a compliance checklist.

Policy Recommendations: A roadmap forward

To institutionalize risk management in Ghana’s public service, the following actions are recommended:

1. Mandate Risk Units in Public Agencies: Every major ministry, department, and SOE should have a risk unit or officer with direct reporting lines to top management.
2. Develop a National Risk Management Framework: Led by the Ministry of Finance or Office of the President, this framework should offer templates, benchmarks, and training models.

• Capacity Building and Partnerships: Public sector staff should undergo tailored training in risk governance. Institutions like Chartered Institute of Bankers, the Ghana Banking College, and other local universities can support this effort. Other professional entities like the Global Association of Risk Professionals (GARP) and the Professional Risk Managers’ International Association (PRMIA) can also support the capacity building of public sector staff.

1. Monitor and Report Risks Publicly: A culture of transparency can be fostered through the publication of key institutional risk reports as part of annual performance reviews.
2. Promote Cross-Sector Collaboration: Encourage partnerships between public and private sector risk professionals to share best practices and develop sector-specific guidelines.

To conclude, Ghana’s journey toward sustainable development will depend not just on bold policies, but on resilient institutions. Risk management is the invisible guardrail that ensures policies translate into impact.

By embedding risk management into public services, Ghana will reduce inefficiencies, strengthen governance, and restore public trust. It is time to move beyond reactive crisis management and toward a future where our public institutions are proactive, prepared, and performance driven.

Let us invest in the systems that protect our investments—and secure the future of our nation.

The writer is the Chief Risk Officer, UBA Ghana