Advanced search
Publication Cover
Public Money & Management Volume 42, 2022 - Issue 6: THEME: RISK MANAGEMENT AND MANAGEMENT ACCOUNTING IN THE PUBLIC SECTOR—EMERGING ISSUES AND FUTURE RESEARCH PERSPECTIVES Guest editors: Tarek Rana, Enrico Bracci and Danture Wickramasinghe
Submit an article Journal homepage
2,083
Views
1
CrossRef citations to date
0
Altmetric
New developments

New development: Management control for emergent risks in the public sector—a levers of control perspective

Georgiou Vasileiosa Accounting and Finance University of York Management School Church Lane Building, York Science Park, Heslington, YO10 5ZF, York, UK
&
Alvise Favottob Accounting & Finance University of Glasgow, Adam Smith Business School University Avenue, Glasgow, G128QQ, UKORCID Iconhttps://orcid.org/0000-0002-7121-7149
ORCID Icon
Pages 417-419 | Published online: 12 Oct 2021

IMPACT

At a time when public service organizations (PSOs) are facing increasing pressure to account for a heterogeneous array of risks, this article discusses the insights that the levers of control framework can offer regarding the dynamic tension between competing notions of risk subsumed by different control mechanisms an organization adopts; the way in which ad hoc risk management tools can be meaningfully integrated in pre-existing management control system (MCS) arrangements; and the limits that reliance on MCS poses to a PSO’s conceptualization of risk. Overall, the framework can support practitioners in realizing the possibilities associated to designing MCS to holistically manage risk.

ABSTRACT

To what extent are competing notions of risk captured by management control systems (MCS) in public service organizations (PSOs)? The authors revisit the conceptual underpinnings of the levers of control framework and argue that it offers a point of departure for theorizing the dynamic interplay between risk and control in PSOs. At both intra- as well as inter-organizational levels, the framework can reflect competing notions of risk and uncertainty, offering valuable insights for practice.

View correction statement:
Correction

Introduction

Public service organizations (PSOs) are exposed to an ever-expanding array of risks, well beyond those associated with their financial performance (Ansell et al., Citation2020; Rana, Wickramasinghe, et al., Citation2019). In this article we draw on scholarship on management control system (MCS) design to explore the extent to which control systems can account for competing notions of risk. To do so, we propose the levers of control framework (Simons, Citation1995) as a valuable standpoint for theorizing the dynamic interplay between risk and control in PSOs. Although originally conceived to make MCS contingent on strategy formulation, this framework has the potential to reflect and accommodate for tensions between situated notions of risk subsumed by different levers of control.

Notions of risk have ‘exploded’ (Holzer & Millo, Citation2005; Power, Citation2005) as PSOs try to account for and gain control over a variety of organizational and societal issues, beyond those falling in the financial realm. To illustrate, the fact that PSO operations fall under intense scrutiny from politicians and the civil society is hardly new. Yet, such occurrences have been increasingly conceived and understood in the language of risk: as ‘reputational’ or ‘litigation’ risks that PSOs must monitor and control for (Cuganesan et al., Citation2012; Rika & Jacobs, Citation2019). The traditional duality between risk and uncertainty, whereby the latter is deemed unquantifiable and uncontrollable, has been called into question in a quest for making any uncertainty measurable and controllable (Power, Citation2007). This ‘risk explosion’ has attracted the attention of researchers and practitioners who proposed a variety of classifications of risks based on, for example, their tangibility (Gephart et al., Citation2009); inter-connectedness with ethical conduct and societal expectations; or degree of organizational awareness (Andersen et al., Citation2014).

At the same time, the risk management function has gained strategic prominence in PSOs having to interface expanding understandings of risk with strategic priorities and organizational controls (Andersen, Citation2016). Management control system (MCS) design is central for identifying and managing an inclusive array of idiosyncratic risks and their potential effects on organizational objectives (Bhimani, Citation2009; Mikes, Citation2009; Soin & Collier, Citation2013). Empirical works focusing on private firms have explored the co-existence of risk management and MCS practices (see for example Mikes, Citation2009; Citation2011; Arena et al., Citation2010; Arjaliès & Mundy, Citation2013). With a few notable exceptions (see Power et al., Citation2009; Woods, Citation2009), this terrain has remained substantially uncharted with respect to PSOs. Perhaps more importantly, the literature does not explicitly theorize the extent to which MCS design can capture notions of risk. Simons (Citation1995) classification of control systems based on their managerial use represents—we argue—a suitable point of departure for eliciting such understanding.

The levers of control framework: an integrated approach for theorizing PSO risk management

The levers of control framework offers a conceptualization of how MCS are designed to fit the strategic blueprint of an organization and guide employee behaviour towards meeting desired objectives (Simons, Citation1995; Malmi & Brown, Citation2008). Simons (Citation1995) suggests that managers can achieve overall organizational control by utilizing four different control systems—or levers—in a complementary fashion. Specifically, boundary controls delineate the acceptable domain of strategic innovation and business conduct at the strategic and operational levels respectively (Tessier & Otley, Citation2012). Belief systems inscribe organizational culture in terms of accepted values, rules and routines. Finally, two more systems aid strategic monitoring and innovation. On the one hand, controls are used diagnostically to offer a measurable understanding of how organizational objectives are met when compared to pre-set targets (Tessier & Otley, Citation2012). On the other hand, strategic innovation and organizational learning is promoted when controls are used interactively (Tessier & Otley, Citation2012).

In the context of PSOs, the levers of control framework has been employed to theorize how organizations establish a dynamic balancing between levers of control in face of changes in their regulatory and competitive environment. For instance, Kober et al. (Citation2007) use the concepts of interactive control to understand how meetings between various managers in an Australian health centre contributed to organizational learning and strategy re-formulation in times of crisis. At the inter-organizational level, Kominis and Dudau (Citation2012) suggested that interactive controls, in the form of board level meetings, promoted organizational learning for uncertainty and effectiveness improvement in the case of a UK-based youth care institution. In this article, we use the framework as our theoretical standpoint to survey the empirical literature on risk management in PSOs.

PSO risk management: a review of the literature

For Simons (Citation1999, p. 92) each lever of control subsumes an understanding of risk, the levers—he argues—‘are the mechanisms managers can adjust to control risk as a company pursues its strategy’. In particular, he recognizes the functions that boundary and interactive systems play in shaping an organization’s understanding of risk associated with its operations and strategy. Specifically, boundary controls are aimed at identifying the acceptable domain of operation in face of ‘defined business risks’ (Simons, Citation1995, p. 39). These systems will convey acceptable business conduct by setting appropriate limits to managerial action. On the other hand, interactive controls are aimed at monitoring and gathering information on strategic uncertainties that may impinge on an organization’s prospects (Simons, Citation1991). Such controls initiate multi-level information sharing to enhance communication and organizational learning. This information is fed into strategy formulation processes to allow necessary revisions and guarantee sustainability.

A substantial body of research on the use of MCS for risk management in the public sector has explored the extent to which senior management conveys and monitor pre-determined risks in a ‘diagnostic’ fashion. To illustrate, Woods (Citation2009) explores how risks identified by the top management of Birmingham City Council are communicated to various services of the council and subsequently ‘translated’ into performance measures and targets that middle managers and front-line personnel are expected to achieve. Rana, Hoque, et al. (Citation2019) show evidence of partial integration between risk management and control systems in the aftermath of a legislative reform affecting the Australian public sector. The reform introduced the idea of a ‘risk culture’ that civil servants had to operationalize into risk processes and performance targets (Rana, Hoque, et al., Citation2019, p. 40). In a similar vein, evidence from the higher education sector suggests that diagnostic controls are used to ‘capture’ potential risks associated with quality assurance of teaching and research impact via the identification of ad hoc indicators of performance (Power et al., Citation2009; Soin et al., Citation2014). Moreover, to comply with the existing regulatory regime, UK academic institutions utilize MCS to promote and instil a ‘risk culture’ among their members (Soin et al., Citation2014).

In addition, scholarship has devoted attention to the adoption of integrated management tools such as enterprise risk management (ERM) in public sector settings (Rana, Wickramasinghe, et al., Citation2019). ERM proposes a holistic approach to risk management, following mechanisms for managing known risks, as well as being proactive towards uncertain conditions. The latter are defined as ‘emergent risks’ (Andersen et al., Citation2014) due to their possible, as yet undefined, effects on organizational objectives. ERM leverages on the complementarity between diagnostic and interactive MCS. It compounds processes intended to diagnostically manage the effect of known risks. At the same time, in an interactive fashion, ERM encourages managers gather information about and discuss the impact of unpredictable eventualities, that can represent threats or opportunities for the organization (Andersen et al., Citation2014). Not only have PSOs started realizing the importance of understanding and managing a composite array of strategic uncertainties (Power, Citation2007; Power et al., Citation2009), they have also begun putting interactive systems in place to uncover such emergent risks (Scheytt et al., Citation2006).

Our survey of the literature suggests that PSOs use diagnostic and—to a lesser extent—interactive control systems for managing a diverse array of risks. By adopting Simons’ conceptualization of MCS, this literature generally concentrates on how risk-oriented controls are operationalized in daily activities, while paying limited attention to the organizational control assemblage that they are part of. These works note that diagnostic and interactive controls for risk are part of an organization’s wider ‘risk culture’ (Soin et al., Citation2014) and define ‘red lines’ with respect to risky activities (Woods, Citation2009), yet the interaction between operational controls and underlying systems of beliefs is seldom explored. As such, they call for an understanding of the control texture in which competing notions of risk are inscribed. We suggest the levers of control framework can provide researchers and practitioners with such indispensable mapping.

Management control for PSO risks: The levers of control conceptual potential

Underlying the levers of control framework lies the recognition that MCS are aimed at managing fundamental organizational tensions: tensions between innovation and predictability, and between enablement and coercion (Simons, Citation1995). By making explicit the assumptions around risk underlying different uses of MCS, this theoretical lens can help scholars explore the extent to which MCS are implicated in the way in which PSOs strike a difficult balance between the risks posed by opportunity seeking behaviours versus those associated with ‘check box’ compliance.

Perhaps more importantly, the model allows operational controls for risk to be reconciled with the guidance offered by systems of belief and core values that underpin PSOs. As such, the framework can help distilling a comprehensive understanding of the ‘risk appetite’ an organization has. Scholars in this domain have warned against ‘impoverished’ understandings of such a vital construct for managers and regulators (Andreeva et al., Citation2014). Understanding risk appetite is frequently reliant on making operations controllable or auditable via ad hoc risk measurement systems. The conceptual map provided by Simons’ framework allows for the fact that PSOs are value laden with respect to risk and it opens up the possibility of conceiving of risk appetite as a: ‘dynamic organizational process involving values as much as metrics’ (Power, Citation2009, p. 849).

Conclusions

In this article we have explored the insights that Simons (Citation1995) levers of control framework can offer for conceptualizing the interplay between risk and control in the public sector. PSOs are under pressure to gather information on and monitor a heterogeneous array of risks and this framework offers a conceptual mapping that allows researchers and practitioners to reflect upon:

  • The dynamic tension existing between competing notions of risk subsumed by different levers of control.

  • The way in which ad hoc risk management tools (for example ERM) can be meaningfully integrated in pre-existing MCS assemblages.

  • The limits reliance on MCS poses to a PSO’s understanding of risk—this is key for guaranteeing a PSO viability over time, as well as in collaborative arrangements.

Overall, the framework can support, practitioners in realizing the possibilities associated to designing MCS for a holistic management of risk.

Disclosure statement

No potential conflict of interest was reported by the author(s).

References

  • Andersen, T. J., Garvey, M., & Roggi, O. (2014). Managing risk and opportunity: The governance of strategic risk-taking. Oxford University Press.
  • Andersen, T. J. (2016). Introduction: Strategic risk management. in Andersen, T. J. (2016). The Routledge companion to strategic risk management. Routledge.
  • Andreeva, G., Ansell, J., & Harrison, T. (2014). Governance and accountability of public risk. Financial Accountability & Management, 30(3), 342–361.
  • Ansell, C., Sørensen, E., & Torfing, J. (2020). The COVID-19 pandemic as a game changer for public administration and leadership? The need for robust governance responses to turbulent problems. Public Management Review, 1–12.
  • Arena, M., Arnaboldi, M., & Azzone, G. (2010). The organizational dynamics of enterprise risk management. Accounting, Organizations and Society, 35(7), 659–675.
  • Arjaliès, D. L., & Mundy, J. (2013). The use of management control systems to manage CSR strategy: A levers of control perspective. Management Accounting Research, 24(4), 284–300.
  • Bhimani, A. (2009). Risk management, corporate governance and management accounting: Emerging interdependencies. Management Accounting Research, 20(1), 2–5.
  • Cuganesan, S., Goode, S., & Jacobs, K. (2012). Celebrating adversity: inter-organizational dependence and public sector performance reporting in the Australian federal police. Public Administration, 90(2), 393–411.
  • Gephart, R. P., Van Maanen, J., & Oberlechner, T. (2009). Organizations and risk in late modernity. Organization Studies, 30(2–3), 141–155.
  • Holzer, B., & Millo, Y. (2005). From risks to second-order dangers in financial markets: Unintended consequences of risk management systems. New Political Economy, 10(2), 223–245.
  • Kober, R., Ng, J., & Paul, B. J. (2007). The interrelationship between management control mechanisms and strategy. Management Accounting Research, 18(4), 425–452.
  • Kominis, G., & Dudau, A. I. (2012). Time for interactive control systems in the public sector? The case of the Every Child Matters policy change in England. Management Accounting Research, 23(2), 142–155.
  • Malmi, T., & Brown, D. A. (2008). Management control systems as a package—Opportunities, challenges and research directions. Management Accounting Research, 19(4), 287–300.
  • Mikes, A. (2009). Risk management and calculative cultures. Management Accounting Research, 20(1), 18–40.
  • Mikes, A. (2011). From counting risk to making risk count: Boundary-work in risk management. Accounting, Organizations and Society, 36(4–5), 226–245.
  • Power, M. (2005). The invention of operational risk. Review of International Political Economy, 12(4), 577–599.
  • Power, M. (2007). Organized uncertainty: Designing a world of risk management. Oxford University Press.
  • Power, M. (2009). The risk management of nothing. Accounting, Organizations and Society, 34(6-7), 849–855.
  • Power, M., Scheytt, T., Soin, K., & Sahlin, K. (2009). Reputational risk as a logic of organizing in late modernity. Organization Studies, 30(2–3), 301–324.
  • Rana, T., Hoque, Z., & Jacobs, K. (2019). Public sector reform implications for performance measurement and risk management practice: insights from Australia. Public Money & Management, 39(1), 37–45.
  • Rana, T., Wickramasinghe, D., & Bracci, E. (2019). Integrating risk management in management control systems—lessons for public sector managers. Public Money & Management, 39(2), 148–151.
  • Rika, N., & Jacobs, K. (2019). Reputational risk and environmental performance auditing: A study in the Australian commonwealth public sector. Financial Accountability & Management, 35(2), 182–198.
  • Scheytt, T., Soin, K., Sahlin-Andersson, K., & Power, M. (2006). Special research symposium: Organizations and the management of risk introduction: organizations, risk and regulation. Journal of Management Studies, 43(6), 1331–1337.
  • Simons, R. (1991). Strategic orientation and top management attention to control systems. Strategic Management Journal, 12(1), 49–62.
  • Simons, R. (1995). Levers of control. Harvard Business School Press.
  • Simons, R. (1999). How risky is your company? Harvard Business Review, 77, 85–95.
  • Soin, K., & Collier, P. (2013). Risk and risk management in management accounting and control. Management Accounting Research, 24(2), 82–87.
  • Soin, K., Huber, C., Wheatley, S. (2014). Management controls and uncertainty: risk management in universities. In Otley, D., & Soin, K. (2014). Management controls and uncertainty. Palgrave Macmillan.
  • Tessier, S., & Otley, D. (2012). A conceptual development of Simons levers of control framework. Management Accounting Research, 23(3), 171–185.
  • Woods, M. (2009). A contingency theory perspective on the risk management control system within Birmingham City Council. Management Accounting Research, 20(1), 69–81.
Download PDF
Supercharge Your Next Research Paper: Research and write your next paper with Jenni AI.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.