Managing Risks in Public Organizations: A Conceptual Foundation and Research Agenda

Managing Risks in Public Organizations: A Conceptual Foundation and Research Agenda Abstract Over the past 20 years, the subject of public management has received much attention. Although this research has clearly demonstrated relationships between management and performance in the public sector, there have been few attempts to incorporate the management of risk and its effect on performance. In this article, we seek to provide a discussion and research agenda from which scholars can begin to address this gap. After clarifying the notion of risk and distinguishing it from other related concepts, we consider some behavioral foundations for a research agenda focused on how public managers deal with situations in which they face risky prospects. We explicate the relatively limited treatment of risk thus far in the public management research literature, as well as how agencies and governments have typically approached the theme of risk. Fortunately, fields including risk analysis, behavioral psychology, and decision making provide starting points for scholars. We build from these foundations to sketch the beginnings of a theoretically driven research agenda on risk and managerial decision making. It is our hope that this effort draws attention to the subject and points toward an agenda that can stimulate work in this important area. Introduction The research subject of public management and performance has emerged over the course of the past two decades (Akkerman and Torenvlied 2011; Lynn, Heinrich, and Hill 2001; O’Toole and Meier 2011). One of the major goals of this literature has been to examine theoretically and empirically the effect public managers can have on the performance of public organizations (O’Toole and Meier 2015). In pursuit of this objective, scholars have identified an array of management activities that may influence the outputs and outcomes of public organizations. These include exploiting the organization’s environment; supporting ongoing operations; as well as structuring, motivating, and allocating resources, among many others (O’Toole and Meier 2015). However, one important management function that deserves more attention is the management of risk in the decision making process. Although this subject has mostly been ignored in the public management and public performance academic literature, risks and their management in the public sector seem all the rage elsewhere. There is no shortage of alarming headlines on the subject. The US Office of Personnel Management was the target of a massive theft of personal information affecting 21.5 million individuals in 2015.1 Cyber-attacks on political and electoral systems have dominated news accounts of the 2016 US national elections and are likely to do so for some time to come. The US Government Accountability Office (GAO) estimates that more than $144 billion in improper payments were authorized by the federal government during fiscal year 2016, with the largest attributed to the Medicare Fee for Service Program at $41.1 billion.2 No less alarming, global climate change and its consequences, both short-term and projected over decades, threaten to upend policy agendas and plans at all levels of government and on all continents. The financial collapse triggering the Great Recession affected many millions, with consequences even now continuing to be evident. And needless to say, governments face innumerable risks that do not grab the headlines but are significant and call for better management. Governments, as a result, have hardly been idle. As explained later, the GAO has developed a Risk Management Framework, and several federal agencies have taken steps to implement aggressive risk management strategies. The Canadian government has been similarly active, as have the national authorities in Australia, Britain, and New Zealand. Given the intimidatingly long and ominous list of risks facing governments, these governmental responses are surely encouraging developments. But an important and under-recognized gap remains—a theoretically-driven approach to risk in the public managerial decision-making process. The purpose of this article is to clarify this missing piece of the puzzle, indicate its potential importance, and begin the task of developing a theoretical logic that might enhance how scholars are able to analyze the subject of the public management of risks. The argument of the article can be briefly sketched. The initial point to establish is that the subject of risk and its management has often not been defined and analyzed carefully. Indeed, even among specialists on the matter of risk, there continues to be some disagreement about how to define the boundaries of this topic. Conceptual disagreement can lead to diffuse and unsystematic treatment. To avoid confusion of terms and concepts we start with a brief discussion of our definitions of risk, hazards, errors, and uncertainty in the next section. Second, we turn briefly to the research literature on public management. The public management literature has considered the subject mostly in a peripheral fashion, as we can show, and scholars have also not gotten far beyond a relatively narrow focus on structural components including program or organizational design and risk-related policies to engage with the decision-making behavior of managers at the individual level. An overall consequence has been that the relevant work thus far has largely worked from an implicitly optimizing or maximizing decision-theoretic frame: encouraging or exhorting organizations and managers to consider more alternatives, use their units’ analytical capacity to estimate consequences more fully, and incorporate secondary and tertiary impacts more explicitly. As Simon (1957) indicated long ago, public administrative exhortations toward more rationality typically ignore the limitedly rational nature of human decision making. The attention to structural issues—building systems for more thoroughgoing and systematic analysis of potential problems and/or organizational protections against perturbations—has yielded some useful recommendations for risk management in practice, but it is incomplete. We argue that what is missing on the subject of public sector risk management is a careful treatment of the micro-foundations of behavioral decision making by public managers who have responsibility for dealing with risks. We begin to address this lacuna by sketching some such behavioral assumptions that are grounded in well-established research. We then initiate an effort to develop some theoretical expectations about how real-world public managers are likely to address the subject of risk. Such a theoretical effort, more realistically grounded in what we know about actual decision making, offers the prospect of helping to understand and thereby potentially improve the management of risk. The Concept of Risk in the Decision Making Process for Public Managers What is Risk? Any serious consideration of risk and its management must contend with questions of definition and scope. Leaving aside common language notions, “risk” carries somewhat different meanings in different forums and fields of research. The most strict definition is favored in the classic engineering, decision-theoretic notion. As LaPorte and Consolini (1991) put it, risk in this sense refers to “the product of the magnitude of harmful consequences and the probability of an event causing them” (p. 23). This definition is akin to what Jasanoff (1993; 1998) calls “quantitative risk” and Renn (1998a) labels “technical assessments.” In this approach, the authors specifically distinguish risk from two other concepts: hazards and errors. LaPorte and Consolini (1991, 23) define the former as the “characteristics of a production technology such that if it fails significantly the damage to life and property can be very considerable,” and the latter as “mistakes or omissions in procedure or operational decisions that result in occurrences judged as undesirable and sometimes costly to remedy.” Advantages of this classic approach include a precise delineation of the relevant situations and questions and the generation of quantitative research estimating the risk(s) entailed in a number of specific empirical situations. The strict definition is useful but needs to be broadened slightly to allow for the types of events that public managers may consider as relevant risks. These additional types may include perceived risks (to include perceived hazards and errors, as defined by LaPorte and Consolini) and risks emanating from many kinds of sources, often simultaneously, and often in the absence of precise quantitative estimates of both negative3 consequences and their associated probabilities. One danger that has been noted in the literature is expanding the definition too far so that virtually everything may constitute a risk, which has been a criticism of the literature on what is known as “enterprise risk management” (Bromiley et al. 2015). There are competing notions of “risk,” and we want to be quite explicit about what we mean by risks in the context of public management. Risk, in this context, is determined by the known (or estimated) probability of an event occurring and the resulting consequences. Our definition differs from the classical definition in two important ways. First, we consider both positive and negative consequences that can result in either losses or gains to an organization. Second, these events include what Renn (1998a) labels as hazards and errors. We also emphasize the management of these risks at the individual, managerial level which involves making decisions across choice sets or options that have probabilistic outcomes. We do note the difference between risks with known (or estimated) probabilities and consequences and the concept of uncertainty in which the value of the outcome may be known, but the probability of the event is unknown (Knight 1985). Although we are primarily focused on risk in this article, much of the theoretical agenda and micro-foundations also applies to uncertainty. In establishing the behavioral or micro-foundations of risk and its management within public organizations, we begin by relying on work from a field of analysis that has its roots in psychology but has become known as behavioral economics. In this field, making decisions across situations that have probabilistic outcomes, associated with some expected benefit or cost, is known as making decisions across risky prospects (Kahneman and Tversky 1979, 1982; Tversky and Kahneman 1992). This literature defines a risky prospect as having a decision to make where the outcome has some value (benefit or cost) that will occur with some probability. The risk in this context is that the decision maker (e.g., a manager) does not know the outcomes of their choice with certainty. They only know (or have an estimate of) the expected average benefit or costs of their choices. When risk is present in the decision making process, decision makers reliably make irrational decisions, which means they do not pick the choice with the largest expected benefit (Kahneman and Tversky 1979; Slovic 2000). For all the attention currently to risks in a broad sense, including large-scale and calamitous events, this public-managerial challenge has been mostly neglected. Behavioral Foundations Social science literature has empirically established that when decision makers are faced with a choice across risky prospects, on average, they make decisions that reliably deviate from standard notions of rationality (Kahneman 2011; Slovic 2000). For example, we know that decision makers regularly use decision-making heuristics to simplify their decision making process when the choices for the decision maker have components of risk (Kahneman 2011). We know that for decision makers relative losses loom twice larger than relative gains (Tversky and Kahneman 1991, 1992). Finally, we know that, in general, decision makers over-weight high-probability events as quite certain and under-weight low-probability events as completely unlikely (Kahneman 2011). These notions of how decision makers deal with risk are well established from the experimental setting and can be used to inform hypotheses, but we are less certain of how these behaviors translate in the context of managers working within complex public organizations. In addition to the work done on risk and decision making in the fields of psychology and behavioral economics, some research has been conducted in the fields of political science and public administration that highlights how decision makers within public organizations handle notions of risk. The earliest work here was initiated by Herbert Simon (1955, 1957), who conceptualized bounded rationality at the core of theoretical efforts to explain individual decision making. Building from this work, Jones (2002, 2003) has discussed at length the limitations of the rational actor model as a micro-level foundation for understanding policy implementation and the public policy process. He argued (Jones 2002) that the foundation of limited rationality, put forth by Simon, would yield a number of aspects of human cognition that could influence decision makers’ choices—including long term memory, short term memory, emotions driving priorities, central versus peripheral planning, a preparation-search trade-off, and affective identification with prepackaged options. These notions do not directly deal with risk but rather help to explicate the behavior of decision makers even without the presence of risk. One can extrapolate: it seems likely that when decision makers are making decisions across choices with a risk component, these influences may be magnified.4 The Context of Public Organizations For the development of a coherent approach to risk and its management within public organizations, we take the behavioral foundations above as assumptions for how decision makers are influenced by the introduction of risk into their decision making calculus. Although we rely on the notion of risk and the behavioral foundations discussed above, it is important to highlight that we are interested in decision makers (managers in particular), who reside within the context of public organizations. Public organizations have a number of characteristics or, as put by Carpenter and Krause (2012, 400), “stylized facts” that, we assert, are also frequently relevant to the relationship between the management of risk and performance of a public organization. Although some organizational features have the potential to support more rational action, others can reinforce or magnify individual limitations exhibited by managers. In particular, this dynamic can be encouraged by tendencies of public agencies to be more differentiated and less unified than is often assumed, to treat as irreversible those decisions that can be reversed (legally or technically), to hedge against risk via “contingent actions,” to emulate other organizations as a way of insulating against criticism, and to juggle or hedge as a way of balancing competing audience or stakeholder preferences or expectations (Carpenter and Krause 2012). Several of these characteristics highlight the near-ubiquity of risks and ambiguity within public organizations as part of their defining characteristics. The upshot is that decisions to be made by managers within public organizations are typically suffused with risk (see also Ansell, Boin, and Keller 2010, who emphasize this theme in particular for the management of transboundary crises, a common circumstance for public organizations and public managers). The complex and multifaceted context of public organizations is likely to increase the breadth of decisions that have risk components, a point that further emphasizes the importance of considering the managerial role in managing risks within public organizations. Public Management and the Treatment of Risk The preceding section suggests a line of theoretical logic that can connect earlier basic research related to decision making and risk to the theme of public management and performance. However, as we argue in this section, that link has been mostly undeveloped in the recent work on this latter theme. The good news is that the research subject of public management and performance is flourishing. What had historically been a field with a case-study emphasis has given way to much more systematic and empirical approaches (examples from a much larger set include Akkerman and Torenvlied 2011; Boyne and Walker 2004; Boyne et al. 2006; Lynn, Heinrich, and Hill 2001; Walker and Andrews 2015; Walker, Boyne, and Brewer 2010). A major conclusion is that management contributes to public program and public organizational performance, and there are numerous aspects of management that seem to be consequential (O’Toole and Meier 2011). This meta-finding is hardly a surprise, but it has now been validated in dozens of carefully conducted empirical studies. The bad news, nonetheless, is that the upsurge in interest in this topic has thus far failed to achieve a careful incorporation of the notion of risk and its management into the core work on public management. This section briefly reviews public management research to indicate the state of the field, and also how risk has been dealt with thus far—mostly by omission or obliquely. In the explicit, systematic treatment of public management and performance, we can note the efforts of Meier and O’Toole (2003), for instance, who have demonstrated that internally- as well as externally-oriented managerial activity result in positive contributions to public organizational outputs and outcomes. In some of their more recent work (O’Toole and Meier 2015; see also Meier and O’Toole 2011), they have expanded their formal modeling effort to incorporate numerous features of “context”—internal and external—that might moderate the effect of management on performance. Although some aspects of context might be implicitly related to risk, the theme is not explicitly introduced in the full set of more than 20 hypotheses developed.5 The closest that their research program gets to the subject of risk is its incorporation of the notion of buffering, or protection, by management (and sometimes by structural elements) from potentially disruptive “shocks” emanating from the environment of the program or organization.6 The same can be said for other well-known approaches to understanding managerial effects on public organizational performance. The reduced-form model of governance suggested by Lynn, Heinrich, and Hill (2001), for example, makes room for management and offers a number of insights but does not address any of the risk-related aspects of public management. The Government Performance Project, sponsored by the Pew Charitable Trusts,7 sought to record and assess numerous aspects of management in federal, state, and urban government systems in the United States, but the 14-year initiative did not attend explicitly to managerial implications of risk.8 In the same vein, leading research-based texts in the field of public management fail to include entries for risk (examples include Hill and Lynn 2008; Rainey 2014). In short, the now-extensive and growing research-based literature on public management and performance includes many managerial nuances but does not address the management of risk and how it might shape managers’ and organizations’ responses. The implicit consideration of the management of risk is fairly oblique but tacitly considered in a couple of additional areas of public management research. For one thing, a portion of the research (and popular) depictions of the public-private sector differences and organizational comparisons has it that public organizations and public managers may be more risk averse than counterparts in the for-profit sector (for a prominent example, see Osborne and Gaebler 1993). Although there are reasons to expect such a difference, including a difference between “risk cultures” in public versus private organizations, systematic investigation indicates that “there is considerable variance in organizations’ risk culture, but the sector of an organization tells us little about its risk culture” (Bozeman and Kingsley 1998, 109).9 Similarly, the set of research questions focusing on red tape in public organizations is often premised on reasons why public managers and organizations might be enmeshed in more rule-bound settings, but the risk management-oriented aspects of such settings typically are not carefully analyzed (Bozeman and Feeney 2011). Finally, some explicit treatments of “government as risk manager” focus largely on the public sector’s role vis-à-vis risks in the market economy (Moss 2002), rather than on risks in and to public agencies themselves. In another line of work, public administration scholars have explored the themes of redundancy and reliability in public organizations. Beginning with the contributions of Martin Landau (1969), and particularly via the theoretical and empirical work of some of his students (Bendor 1985; Chisholm 1992) as well as others (LaPorte 2007; LaPorte and Consolini 1991; LaPorte and Metlay 1996), interesting work has been done explicating the benefits of organizational redundancy and the design of high-reliability systems.10 Indeed, Hood (1991, 11, 13–4) has emphasized the importance of what he calls “lambda” values of resilience and reliability in administrative systems and the use of redundancy to avoid catastrophes. Once again, implicit in such (mostly structural) analyses has been the objective of risk reduction and management, particularly in situations for which it is highly costly or impossible to reverse and correct errors: mass transit system infrastructure, nuclear power plants and the production of weapons-grade nuclear materials, air safety in an era of salient international terrorism (Frederickson and LaPorte 2002), and so forth. This literature clearly implies ideas about risk and its management, and the work is provocative and has been a part of the field for some time. Still, it has played a minor role in the recent proliferation of research on public management. Finally, some recent work has bucked the trend and includes a specific treatment of risk and risk choices in the management and performance function. Nicholson-Crotty et al. (2017) highlight the potential role of relative risk aversion. Their work notes that facets of managerial decision making (such as decisions with unknown payoffs, which are considered risky choices) and performance are underexplored. They find that public managers become more risk averse when they feel that they are simply accomplishing their goals rather than under- or over-performing. In short, with few exceptions there has been relatively little theoretical attention to risk in the recent—and now extensive—research literature on public management and performance. The subject has typically appeared as a theme or consideration, but rarely in the core management and performance work undertaken during the past two decades. However, as indicated at the outset of this article, governments at all levels are now newly alert to the risk-relevant aspects of their agencies’ performance and are seeking to document and minimize various aspects of their own risks, as the next section documents. Risk Management in US Federal Agencies Although there has been a dearth of theoretically-driven research on how public managers consider risks and how these management practices affect performance, risk management has become a prominent topic with many government agencies. Rather than a systematic empirical approach to identifying the ways in which risk may influence managers, decisions, and performance, however, these governmental efforts mostly focus on structural approaches—establishing controls, building data systems, institutionalizing analytic units, and safeguards—and sometimes imply something like a rational-actor premise. These efforts also tend to focus on hazards and errors as defined above. Still, the activity does highlight a desire to manage risks that may influence public organizations. As one example of the US government’s attempt to institute comprehensive risk management practices, the GAO developed the GAO Risk Management Framework11 in 2005. This framework brought together several previous attempts including parts of the Government Performance and Results Act (GPRA) of 1993, government auditing standards, and Office of Management and Budget guidelines.12 This Framework includes a cycle of risk management phases that are meant to be continuous and dynamic rather than linear. The phases include (1) strategic goals, objectives and constraints, (2) risk assessment, (3) evaluation of alternative countermeasures to reduce risk, (4) management selection of resources and investments, and (5) implementation and monitoring of countermeasures. In addition to the GAO guidelines there are several relevant federal-level risk management policies that agencies must comply with including the Federal Manager’s Financial Integrity Act (FMFIA) of 1982, OMB Circular A-123, “Management’s Responsibility for Internal Controls,” OMB Circular A-136, “Financial Reporting Requirements,” and the Improper Payment Elimination and Recovery Act of 2010. All of these directives require agencies to maintain internal controls, collect relevant data, and prepare detailed financial reports—steps that are a necessary condition for effective management of risks to organizations. Most recently, The Chief Financial Officers Council and Performance Improvement Council have jointly released a “playbook” that builds on Circular A-123 to provide guidance and tools to help government departments and agencies develop comprehensive risk management strategies that meet the requirements of OMB.13 As described in Hardy (2010), several US federal agencies are leading the way in implementation of comprehensive risk management strategies. For example, the Food and Drug Administration (FDA) implemented a new initiative that includes the development of an integrated system to analyze electronic health data to identify potential risks and assess the safety of medical products after they have been made available to the public. In the field of security risks, both the Department of Defense (DOD) and the Department of Homeland Security (DHS) have implemented risk management processes to identify threats and vulnerabilities and determine which assets are most critical, so that more informed management decisions can be made. It should also be mentioned that many other governments around the world have made significant efforts to integrate risk management into their public agencies and public management. In 1994, for instance, the Canadian government issued the Canadian Risk Management Policy. Departments within the Public Service of Canada are required to identity, minimize, and contain risk; and to compensate for, restore, and recover from risk events. Similarly, the Australian/New Zealand Risk Management Standard framework14 was released in 2004, and the British Risk Management Code of Practice15 was released in 2008. All three sets of standards emphasize communication and monitoring throughout the risk management processes and day-to-day operations including people, processes, and information security (Hardy 2010). As these examples highlight, governments remain interested in attempting to manage their administrative organizations’ exposure to potentially negative outcomes. This is done under the banner of risk management, but typically these efforts are atheoretical, and they focus on identifying and attempting to avoid hazardous events or errors. They also tend to neglect the implications of psychology, behavioral economics, and limitedly rational decision making for how public managers make their choices. The missing piece here, therefore, is similar to the missing piece from the academic literature on public management. There is not at present a theoretically driven and nuanced discussion of how the presence of risk in the decision making process is managed by public managers and how perceptions and reactions to risk can influence organizational performance. Potential Research Agenda Two points should now be clear. First, despite a robust literature linking public management to performance, risk management—as an explicit public management function—has not been systematically incorporated into theoretical management models. Accordingly, there have been few direct empirical tests of the relationship between the management of risk and the effect that risk in the decision making process has on organizational performance. Second, the US federal government, along with other central governments throughout the world, has begun requiring agencies to implement risk management strategies, but these strategies do not appear to systematically approach risk and risky prospects, rather they provide frameworks for minimizing hazards and errors. These points clearly highlight the need for the systematic study of the links between risk management—as part of the public management function—and performance. How much of the risk management literature can be imported with little modification into the study of such issues in the public sector? And how much of the risk management function in public organizations is necessarily distinctive? The interim answer is that currently we know too little about the risk-relevant aspects of the public sector to answer with confidence. To some extent, at a minimum, the public organizational context warrants its own line of inquiry. Given the relative absence of systematic information on even the descriptive aspects of risks, risky prospects, and their management in public organizations, we argue that a future research agenda would focus both on obtaining more descriptive information with regards to public organization risks and on developing a theoretically-driven agenda. To more carefully consider the role of risk in public management, answers to some basic, largely descriptive, questions would be helpful. What risks are generally most prevalent for public organizations? What strategies can potentially aid in mitigating these risks? Are certain risk management strategies more useful in this context? What types of external risks are faced by public organizations? Are there strategies that have been developed by public organizations or their managers that help mitigate these? Data regarding management strategies are already provided in federal agency annual reports, federally-mandated systematic collection of improper payments, and incidents of government failures with respect to risk management. Much of these data are already widely available to researchers, and substantially more could be generated in the form of comparative case studies. These data could be utilized to develop a systematic understanding of the risk-mitigating strategies already in place. However, even without knowing many of the answers to questions framing the descriptive agenda, it is possible to begin a sketch of more theoretically driven expectations about how the public management research agenda intersects with risk, risky prospects, and their management. The next step in this research agenda is to develop a theoretically-driven research agenda. We provide the foundations of such an agenda below. The Beginnings of a Theoretically-Driven Research Agenda As an initial step, a clarifying conceptual point is in order: too often discussions of risk and its management proceed without precise indications of which type(s) of risk are being addressed. We begin the effort in this article by concentrating on the risks to and in public organizations. Some of these risks, it should be noted, can emanate from within, but others can stem from impacts on the organization from the external environment. In an open-system world, risks to the internal workings or status of a public organization can find their sources in the surroundings of the organization. Next, it is useful to make some assumptions and theoretical beginnings explicit. We start with the assumption of limitedly rational public managers as decision makers, that not only satisfice (Simon 1955, 1957, 1965) but also are likely to be loss averse rather than risk averse. Loss averse managers are risk seeking under certain conditions, and they are influenced by heuristics (shortcuts) in their decision-making process. These heuristics lead to reliably biased deviations from rationality for an individual’s behavior (Kahneman and Tversky 1979, 1982, 1984).16 Further, we stipulate that the framing utilized by such managers is likely to be narrow unless this tendency is countered by other features of the decision setting context (Tversky and Kahneman, 1981). Despite managers’ broad mandate to operate (for instance) in the public interest and/or to consider both short-term and long-term effects of the choices they and their agencies make, we expect that managers’ specialization, agency/program socialization, and the normal political oversight processes and expectations will magnify these decision makers’ inclination to use narrow framing. In addition, we assume a managerial tendency to downplay the likelihood of unusual events (Taleb 2010). Possible, but extreme, outcomes at the tails of a distribution will receive less attention. This pattern too will reinforce narrow framing. Finally, other features of the decision setting, particularly mandates, organizational structures, and processes, can work to counteract the biases just sketched, so long as they are designed with this purpose as an objective. On the basis of these stipulations, we can build on existing formal models of public management and performance, such as the O’Toole and Meier (1999) model.17 The O’Toole and Meier model distinguishes several managerial functions: internal management, externally oriented tapping or exploitation of resources and opportunities in the organizational environment, and externally oriented buffering of organizational production from perturbations emanating from the outside. This approach also takes explicit account of stabilizing structures and processes that can work to support ongoing operations. A decision on the part of managers to exploit the environment would amount to a choice, in effect, to take on some risk to the organization—perturbations from the environment are often unpredictable and uncertain—in the interest of securing a prospective overall gain.18 Without necessarily adopting the entire functional form of the relationships stipulated by O’Toole and Meier, we can make use of their conceptual distinctions in beginning to theorize about how public managers deal with risks to their organizations and the role of risk in the decision making process. In short, we believe that a useful way to develop theory about the public management of risk is to begin with what we know about public organizations and public management. It bears repeating that we offer here the beginnings of a positive theory of public management and risk, rather than a normative one; the appropriate tests, corrections to, and elaborations of what follows constitute a program of empirical research. Relying on the theoretical logic sketched by O’Toole and Meier’s distinction between internally focused and externally directed management of public organizations, we consider both in sequence, as they pertain to managers’ likely responses to risk and the role of risk in decision making. The following hypotheses are derived from the micro-foundation established earlier in the article—and elaborated on in this section—to sketch out a theoretically-driven research agenda that explores the role that risk plays in the decision-making process for managers in public organizations. It should be noted that these theoretical beginnings are illustrative rather than definitive or comprehensive. The important point is to begin the effort to theorize about managers and how they address risk; contributions by others, and perhaps corrections to the current effort, will likely be needed. From the work of many behavioral economists, we know that relative losses loom larger than relative gains, and we also know that individuals are more attuned to known costs as opposed to unknown benefits. We expect that these generalizations pertain to public managers as well. Thus, from these behavioral assumptions across risky prospects, we can hypothesize that: H1: In their management efforts, public managers will tend to under-invest in innovations that have potential benefits and devote most of their risk management efforts toward protecting against losses. Certain specific aspects of the theoretical expectations can be inferred from the assumptions outlined above. For example, given the constraints that are attendant to limitedly rational decision makers, and also the many possible sources of risk to public organizations, it is unlikely that managers will be prepared to address them all. Undoubtedly, there will be some rationing of attention in the risk management process toward certain risks and away from others, despite possible expected (dis)utilities involved, as viewed for instance by analysts. In which directions can we expect this rationing to take place? One such expectation can be identified, if one considers the realities of accountability and internal control management strategies such as performance evaluation systems. The structure of the evaluation system will drive the public managers’ attention and focus such that: H2: Different performance appraisal and incentive systems in public organizations are likely to encourage attention/inattention to different kinds of risks, either explicitly or by implication. An important aspect of public organizational performance appraisal and incentive systems is the process for collecting data and documenting performance. Documentation, then, can guide the level of attention that managers pay to certain types of risks. The regular, systematic source of documentation is the set of data accumulated as part of performance management processes. Given limitedly rational decision makers and selective attention, H3: Performance management processes will move choices and performance away from any risks that can be expected to be documented, including ex-post. Similar reasoning suggests additional biases in the risk management function. For instance, longer-term or accumulative risks are more likely to be ignored or sidelined than short-term or immediate risks. This type of bias can be seen in financial management decision making regarding tradeoffs between various risks to revenues and expenditures and the decision to use pay-as-you-use versus pay-as-you-go financing for capital assets (Pagano 2002; Wang et al. 2007). Discounting the future to present value contributes to this pattern, and discounting a highly uncertain future can be expected to exacerbate this tendency: H4: Long-term and accumulative risks are more likely to be ignored or sidelined than more immediate risks, or risks that present as imminent step functions in terms of expected damage to public organizations. This tendency can be expected to be further encouraged by the short-term calculus of most parts of political systems and most actors involved in administrative oversight (Nicholson-Crotty 2009). Following this line of reasoning about limitedly rational managers with finite time and attention, one can expect that decision-making efforts involving risky prospects requiring substantial initial investments of time, attention, and possibly financial resources are therefore less likely to be implemented than those that can be easily or inexpensively executed. Therefore, we can hypothesize about the decision-making process with regard to new initiatives such that H5: Risks that have not yet been experienced, risks that are novel, and risks that are perceived as very rare events will receive especially less attention from public managers than other risks of similar magnitude. We next consider externally directed management. As noted earlier, managers can seek to exploit opportunities in their environment by taking on some associated risk. As H1 implies, we expect managers to do so less often than a strict absolute calculation might suggest. Nonetheless, recent research consistent with the assumptions we have adopted here suggests that the degree of risk aversion is partially a function of the performance reference points adopted by these decision makers (Nicholson-Crotty et al. 2017). In addition, we note the likely importance of the buffering function of management.19 The many contributions in organization theory, including those that have been extended to the public sector, have made buffering a prominent function and treated this activity as an important one (for a classic depiction, see Thompson 1967). Although buffering in the usual sense touches upon only a slice of what might be regarded as the general subject of risk and its management, it is often explicitly incorporated in the literature and represents what can be considered a key feature of standard public organizational theory (Agranoff and McGuire 2003). This function should generally be important to risk management in any open-system operation. Although both public and private organizations are exposed to risks and have reasons to buffer their internal operations from perturbations from outside, we expect that this function is likely to be larger in the public sector than the private. To the extent that private organizations are exposed to market forces, they are likely to be required to adapt to such forces (rather than buffer them) more often and more fully than most public organizations, which deal with less overt competitive pressures. This logic suggests that public organizations will generate a higher level (larger amount) of buffering than will private organizations (Meier and O’Toole 2011, i291). In particular, additionally, we expect a larger impact on organizational outcomes from buffering in the public sector. Negative shocks from outside would normally be expected to result in a performance decline from the public organization. But the larger buffering component expected in the public sector should yield a correspondingly greater assist to performance. Therefore, as expected also from the analysis of Meier and O’Toole (2011, i294–5) we hypothesize that: H6: The impact of buffering – that is, a set of risk management practices – is larger for organizational performance in the public sector than the private. Public organizations have demonstrated a variety of management strategies in dealing with external risks. Given the demands on managers with biases and limited rationality, one of these strategies has been to establish a dedicated risk management position. In a study of organization-level risk management strategies, Beasley et al. (2005) show the importance of dedicated risk managers and support from senior management and stakeholders when implementing risk management strategies. Although these types of approaches tend to be structurally focused, it is reasonable to expect that specifying (an) individual(s) with expertise in risk management within the organization would provide additional resources, personnel, and focus to assist managers in the decision-making process when risk is present. Thus: H7: Public organizations with dedicated risk management subunits will be more likely to invest in established risk management practices and have higher levels of performance in mitigating external risks. Public organizations face unique external risks. One example is the array of political risks, which differ for public organizations compared to the largely regulatory-based political risk facing private organizations. In particular, and beyond the general point that organizations encounter many political risks, it can be argued that additional risk management challenges arise out of the multiorganizational, networked character of many public programs. The organizational partners may be public agencies of the same government, implementing entities of other governments, and/or nonprofit and/or for-profit units. Strong evidence suggests that such arrangements predominate in contemporary policy settings (Hall and O’Toole 2000). They create the prospect of enhanced or leveraged capacity for addressing complex policy challenges, but they are also more difficult to manage on behalf of the joint or shared policy objectives. A collective action logic would suggest possible inducements to free riding when a public organization is one of multiple such entities sharing responsibility for a program—particularly in circumstances for which discrete parts of the program are not primarily in the hands of one or another of the agencies so that a failure or breakdown cannot be attributed clearly to a particular organization or actor. When the management of a program is distributed across multiple organizations, the efficacy of any individual manager’s investment in risk management is lowered and the costs (in time, financial resources, political capital, etc.) for such a manager are greater. Thus, absent a special, high-profile (and likely well-funded) government-wide initiative, presumably with a new or special lead unit for implementation, we would expect that: H8: Governments and their managers are likely to underperform most severely on managing multiorganizational and intergovernmental risks. As with political risk, public organizations are increasingly aware of risks to their reputation, defined as a set of beliefs about an organizations capacities, intentions, history, and mission (Carpenter 2010; Carpenter and Krause 2012). Organizational reputation is determined through beliefs held by external audiences but has internal implications related to employee motivation, professional norms, and accountability. The role of cognitive biases when making decisions that may harm an organization’s reputation suggest that public managers will be loss averse because they weight losses more heavily than gains. On this subject, sectoral difference can also be expected to matter considerably. For public organizations, entities that are usually somewhat constrained by regulation or custom from exercising marketing or public-relations initiatives on their own behalf, reputation can be an especially important and valuable resource. Given the particular importance of organizational reputation in the public sector (Carpenter 2001, 2010), and given the well-known difficulty of developing unambiguous bottom lines for the performance of public organizations, we can expect that: H9: Efforts to manage reputational risk will generally be more important – have larger consequences for organizational outcomes – than an equivalent amount of reputational risk management in the private sector. Another aspect of externally focused managerial decision making with risky prospects is the set of interpersonal connections that managers make and which forums they participate in to share information. When making decisions with risky prospects, decision makers value information that may reduce uncertainty or increase the accuracy of probability estimates. In this context, managers with limited rationality and multiple demands on their time and attention value credible information (not to mention commitment) from trusted partners. This concept has been discussed at length in the social capital literature that considers the interpersonal networks and organizational networks that managers engage in to facilitate collaboration (Putnam 1993). Managers who operate in environments with substantial social capital, in consequence, will often have an easier time implementing programs (O’Toole and Meier 2015, 249). But for risk management the pattern can be more complicated, depending on the form of social capital and the sources of possible risk. For example, the “risk hypothesis” outlined by Berardo and Scholz (2010) argues that actors will seek either bridging social capital relationships with well-connected, popular partners or bonding social capital relationships with transitive, reciprocal relationships depending on the incentives for their partners to cheat or defect from agreements. More detailed and specific hypotheses regarding bridging and bonding capital may be developed using Berardo and Scholz’s risk hypotheses along with other social capital and policy network scholarship. In the context of public organizations, we expect that limited rationality managers use similar strategies such that, H10: When risky prospects are present, public managers develop more bridging and bonding relationships to facilitate the exchange of information. In short, it is possible to suggest numerous points of possible connection between the approaches and varieties of risk management and the developing research on public management. This preliminary theoretical foray is selective, but it suggests the value of a more explicit and rigorous approach to understanding risk management for public organizations and programs. Conclusion In this article we have noted the considerable attention that the subject of risk and its management has received from governments in recent years and we have largely concurred with this emphasis. The broad topic is sizable and salient, and it is deserving of sustained attention from a variety of disciplines, including from those who conduct systematic research on public management. Although we believe that much of the current governmental focus is sensible, it is also incomplete: it gives short shrift to how public managers actually make decisions. In particular, it fails to take advantage of some of the knowledge developed in the social sciences about the behavior exhibited by decision makers facing risky prospects. This behavior is also relevant to the analysis of risk management, and it should not be neglected by those who care about improving governmental responses. This gap regarding the treatment of risk and risk management by managers also characterizes the scholarly literature on public management. As we have indicated, while that field has blossomed in recent years, it has paid almost no attention to the theme of risk—in the sense outlined in this article. We provide a potential research approach that could begin to address this lacuna. Although a helpful step would be to develop more systematic basic descriptive information about the kinds of risks that public managers must grapple with, we emphasize a more ambitious effort to utilize what is known about how people deal with risky prospects to develop a theoretical approach to understanding and explaining the relevant managerial behavior. The efforts of this article constitute only first steps; we have focused, for instance, only on risks to and for the public organization rather than the more extensive set of risks of all types. More theory and empirical testing will be needed, but we believe that this broad strategy offers a promising approach. The main argument here is that the ongoing governmental efforts to draw attention to large-scale risks and build systems to avoid or mitigate these should be buttressed and guided by more fundamental work at the individual level—at the intersection of decision making and risk for public managers. This need not be an either-or proposition. The basic theoretical development and testing will certainly yield implications for how agencies and governments can most appropriately respond to risky prospects facing managers. It will surely be useful, for instance, to be able to assess which kinds of structural supports are most needed and practical to anticipate or respond to certain kinds of decision contexts. And, as some of the hypotheses sketched earlier imply, it can be quite helpful to know the specific kinds of situations in which public managers are most inclined to act on biases that could expose agencies and programs to considerable harm—not to mention in which kinds of situations managers, when unaided, are most likely to miss substantial opportunities to enhance the public welfare. In fact, constructing a more theoretically-driven approach to risk management could pay off in other ways as well. Although we have not emphasized it in this exposition, the largely private-sector research on risk and its management proceeds from relatively atheoretical categories or types of risk—risks stemming from technology, risks attributed to people, and so forth. A more foundational approach to the study of risk management will likely produce a categorization and framework driven by how decision makers interact with risky prospects; and the development of solutions is, accordingly, more likely to be strategic rather than ad hoc—with consequently enhanced efficacy. At least two additional points are worth emphasizing. First, we suggest a broader point about research on public management, one that extends beyond the theme of risk: scholarship in this field can and should make more use of the insights and theoretical contributions from other social science specialties on human decision making. The work of many researchers, for instance the development and validation of prospect theory, can inform basic questions of public management; thus far, however, only very limited use has been made of these advances within the confines of basic public management work. The latter will definitely be improved by more explicit incorporation of the former. And finally, we note that ultimate payoff for the systematic investigation of risk in public management is to improve governmental performance. Indeed, some of the hypotheses sketched in the preceding section address certain performance implications. A great deal of systematic research has been conducted in the last two decades on the public management and performance question. These efforts often do work from a starting point grounded in managers and what they do, and the progress made has been quite valuable. However, the treatment of risk has been essentially absent from this research enterprise. We argue that it is sensible to expand the management-and-performance agenda by incorporating risk as an element of systematic analysis. It seems time for public management scholars to devote more intellectual space to this neglected part of the management-and-performance function, and to this largely unaddressed aspect of the emerging theme of risk. The practical payoff would be improved outputs and outcomes from public programs. A preliminary version of this article was presented at the Public Management Research Conference, Aarhus University, Denmark, June 23, 2016. Another preliminary version was presented at the Seventh Conference on Empirical Studies of Organizations and Public Management, “Taking Sector Seriously: Managers, Socialization, and Performance,” Texas A&M University, May 20–21, 2016. We thank the participants of these conference for helpful comments. We would also like to thank the anonymous Perspectives on Management and Governance for their helpful comments. References Agranoff , Robert , and Michael McGuire . 2003 . Collaborative public management: New strategies for local governments . Washington, DC : Georgetown Univ. Press . Akkerman , Agnes , and Rene Torenvlied . 2011 . Managing the environment: Effects of network ambition on agency performance . Public Management Review 13 : 159 – 74 . Google Scholar CrossRef Search ADS Ansell , C. , A. Boin , and A. Keller . 2010 . Managing transboundary crises: Identifying the building blocks of an effective response system . Journal of Contingencies and Crisis Management 18 : 195 – 207 . Google Scholar CrossRef Search ADS Beasley , M. S. , R. Clune , and D. R. Hermanson . 2005 . Enterprise risk management: An empirical analysis of factors associated with the extent of implementation . Journal of Accounting and Public Policy 24 : 521 – 31 . Google Scholar CrossRef Search ADS Bendor , Jonathan . 1985 . Parallel systems: Redundancy in government . Berkeley, CA : Univ. of California Press . Berardo , R. , and J. T. Scholz . 2010 . Self-organizing policy networks: Risk, partner selection, and cooperation in estuaries . American Journal of Political Science 54 : 632 – 49 . Google Scholar CrossRef Search ADS Boyne , George A. , Kenneth J. Meier , Laurence J. O’Toole , Jr. , and Richard M. Walker , eds. 2006 . Public service performance: Perspectives on measurement and management . Cambridge : Cambridge Univ. Press . Google Scholar CrossRef Search ADS Boyne , George A. , and Richard M. Walker . 2004 . Strategy content and public service organizations . Journal of Public Administration Research and Theory 14 : 231 – 52 . Google Scholar CrossRef Search ADS Bozeman , Barry , and Mary K. Feeney . 2011 . Rules and red tape: A prism for public administration theory and research . Armonk, NY : M. E. Sharpe . Bozeman , Barry , and Gordon Kingsley . 1998 . Risk culture in public and private organizations . Public Administration Review 58 : 109 – 18 . Google Scholar CrossRef Search ADS Bromiley , Phillip , Michael McShane , Anil Nair , and Elzotbek Rustambekov . 2015 . Enterprise risk management: Review, critique, and research directions . Long Range Planning 48 : 265 – 76 . Google Scholar CrossRef Search ADS Carpenter , Daniel P . 2001 . The forging of bureaucratic autonomy: Reputations, networks, and policy innovation in executive agencies, 1862–1928 . Princeton, NJ : Princeton Univ. Press . ——— . 2010 . Reputation and power: Organizational image and pharmaceutical regulation in the FDA . Princeton, NJ : Princeton Univ. Press . Carpenter , D. P. , and G. A. Krause . 2012 . Reputation and public administration . Public Administration Review 72 : 26 – 32 . Google Scholar CrossRef Search ADS Chisholm , Donald . 1992 . Coordination without hierarchy: Informal structures in multiorganizational systems . Berkeley, CA : Univ. of California Press . Dong , Hsiang-Kai Dennis . 2014 . Individual risk preference and sector choice: Are risk-averse individuals more likely to choose careers in the public sector ? Administration & Society 49 : 1121 – 42 . Google Scholar CrossRef Search ADS Frederickson , H. George , and Todd R. Laporte . 2002 . Airport security, high reliability, and the problem of rationality . Public Administration Review 62 : 34 – 44 . Google Scholar CrossRef Search ADS Hall , T. E. , and O’Toole , L. J. , Jr . 2000 . Structures for policy implementation: An analysis of national legislation, 1965–1966 and 1993–1994 . Administration & Society 31 : 667 – 86 . Google Scholar CrossRef Search ADS Hardy , Karen . 2010 . Managing risk in government: An introduction to enterprise risk management . Washington, DC: IBM Center for The Business of Government . Hill , Carolyn J. , and Laurence E. Lynn , Jr . 2008 . Public management: A three-dimensional approach . Washington, DC : CQ Press . Hood , Christopher . 1991 . A public management for all seasons ? Public Administration 69 : 3 – 19 . Google Scholar CrossRef Search ADS Ingraham , Patricia W. , Philip G. Joyce , and Amy Kneedler Donahue . 2003 . Government performance: Why management matters . Baltimore, MD : Johns Hopkins Univ. Press . Jasanoff , Sheila . 1993 . Bridging the two cultures of risk analysis . Risk Analysis 13 : 123 – 39 . Google Scholar CrossRef Search ADS ——— . 1998 . The political science of risk perception . Reliability Engineering and System Safety 59 : 91 – 9 . Google Scholar CrossRef Search ADS Jones , Bryan . 2002 . Bounded rationality and public policy: Herbert A. Simon and the decisional foundation of collective choice . Policy Sciences 35 : 269 – 84 . Google Scholar CrossRef Search ADS ——— . 2003 . Bounded rationality and political science: Lessons from public administration and public policy . Journal of Public Administration Research and Theory 13 : 395 – 412 . Google Scholar CrossRef Search ADS Kahneman , D . 2011 . Thinking, fast and slow . New York : Farrar, Straus, and Giroux . Kahneman , D. , and A. Tversky . 1979 . Prospect theory: An analysis of decision under risk . Econometrica 47 : 263 – 91 . Google Scholar CrossRef Search ADS ——— . 1982 . Judgment of and by representativeness . In Judgment under uncertainty: Heuristics and biases , ed. D. Kahenman , P. Slovic , and A. Tversky , 84 – 100 . New York : Cambridge Press . ——— . 1984 . Choices, values, and frames . The American Psychologist 39 : 341 – 50 . Google Scholar CrossRef Search ADS Knight , Frank H . 1985 . Risk, uncertainty, and profit . Chicago, IL : Univ. of Chicago Press . Landau , Martin . 1969 . Redundancy, rationality, and the problem of duplication and overlap . Public Administration Review 29 : 346 – 58 . Google Scholar CrossRef Search ADS LaPorte , Todd R . 2007 . Critical infrastructure in the face of a predatory future: Preparing for untoward surprise . Journal of Contingencies and Crisis Management 15 : 60 – 4 . Google Scholar CrossRef Search ADS LaPorte , Todd R. , and Paula M. Consolini . 1991 . Working in practice but not in theory: Theoretical challenges of ‘High-Reliability Organizations.’ Journal of Public Administration Research and Theory 1 : 19 – 48 . LaPorte , Todd R. , and Daniel S. Metlay . 1996 . Hazards and institutional trustworthiness: Facing a deficit of trust . Public Administration Review 56 : 341 – 7 . Google Scholar CrossRef Search ADS Lynn , Laurence E. , Jr. , Caroline J. Heinrich , and Caroline J. Hill . 2001 . Improving governance: A new logic for empirical research . Washington, DC : Georgetown Univ. Press . Meier , Kenneth J. , Nathan Favero , and Ling Zhu . 2015 . Performance gaps and managerial decisions: A Bayesian decision theory of managerial action . Journal of Public Administration Research and Theory 25 : 1221 – 46 . Google Scholar CrossRef Search ADS Meier , Kenneth J. , and Laurence J. O’Toole , Jr . 2003 . Public management and educational performance: The impact of managerial networking . Public Administration Review 63 : 675 – 85 . Google Scholar CrossRef Search ADS ——— . 2004 . Conceptual issues in modeling and measuring management and its impacts on performance . In The Art of Governance: Analyzing Management and Administration , ed. Patricia W. Ingraham and Laurence E. Lynn , Jr ., 195 – 223 . Washington, DC : Georgetown Univ. Press . ——— . 2009 . The dog that didn’t bark: How public managers handle environmental shocks . Public Administration 87 : 485 – 502 . Google Scholar CrossRef Search ADS ——— . 2011 . Comparing public and private management: Theoretical expectations . Journal of Public Administration Research and Theory 21 : i283 – 99 . Google Scholar CrossRef Search ADS Meier , Kenneth J. , Laurence J. O’Toole , Jr. , and Alisa Hicklin . 2010 . I’ve seen fire and I’ve seen rain: Public management and performance after a natural disaster . Administration and Society 41 : 979 – 1003 . Google Scholar CrossRef Search ADS Mitchell , Vincent-Wayne . 1995 . Organizational risk perception and reduction: A literature review . British Journal of Management 6 : 115 – 33 . Google Scholar CrossRef Search ADS Moss , David . 2002 . When all else fails: Government as the ultimate risk manager . Cambridge : Harvard Univ. Press . Moynihan , D. , and Lavertu , S . 2012 . Cognitive biases in governing: Technology preferences in election administration . Public Administration Review 72 : 68 – 77 . Google Scholar CrossRef Search ADS Nicholson-Crotty , S . 2009 . The politics of diffusion: Public policy in the American states . The Journal of Politics 71 : 192 – 205 . Google Scholar CrossRef Search ADS Nicholson-Crotty , S. , Nicholson-Crotty , J. , and Fernandez , S . 2017 . Performance and management in the public sector: Testing a model of relative risk aversion . Public Administration Review 77 : 603 – 14 . Google Scholar CrossRef Search ADS O’Toole , Laurence J. , Jr. , and Kenneth J. Meier . 1999 . Modeling the impact of public management: Implications of structural context . Journal of Public Administration Research and Theory 9 : 505 – 26 . Google Scholar CrossRef Search ADS ——— . 2003 . Bureaucracy and uncertainty . In Uncertainty in American politics , ed. Barry Burden , 98 – 117 . Cambridge : Cambridge Univ. Press . ——— . 2010 . In defense of bureaucracy: Public managerial capacity, slack, and the dampening of environmental shocks . Public Management Review 12 : 341 – 61 . Google Scholar CrossRef Search ADS ——— . 2011 . Public management: Organizations, governance, and performance . Cambridge : Cambridge Univ. Press . ——— . 2015 . Public management, context, and performance: In quest of a more general theory . Journal of Public Administration Research and Theory 25 : 237 – 56 . Google Scholar CrossRef Search ADS Osborne , David , and Ted Gaebler . 1993 . Reinventing government: How the entrepreneurial spirit is transforming the public sector . New York : Penguin Books . Pagano , M. A . 2002 . Municipal capital spending during the “boom” . Public Budgeting & Finance 22 ( 2 ): 1 – 20 . Google Scholar CrossRef Search ADS Putnam , R. D . 1993 . The prosperous community . The American Prospect 4 : 35 – 42 . Rainey , H. G . 2014 . Understanding and managing public organizations . San Francisco, CA: John Wiley & Sons . Renn , Ortwin . 1998a . The role of risk perception for risk management . Reliability Engineering and System Safety 59 : 49 – 62 . Google Scholar CrossRef Search ADS ——— . 1998b . Three decades of risk research: accomplishments and new challenges . Journal of Risk Research 1 : 49 – 71 . Google Scholar CrossRef Search ADS Rosa , L. D . 1998 . Metatheoretical foundations for post-normal risk . Journal of Risk Research 1 : 15 – 44 . Google Scholar CrossRef Search ADS Simon , H . 1955 . A behavioral model of rational choice . Quarterly Journal of Economics 6 : 99 – 118 . Google Scholar CrossRef Search ADS ——— . 1957 . Models of man . New York : Wiley . ——— . 1965 . Administrative behavior: A study of decision-making processes in administrative organization . New York : Free Press . Slovic , P . 2000 . The perception of risk . New York : Taylor & Francis . Taleb , Nassim Nicholas . 2010 . The Black Swan: The impact of the highly improbable . New York : Random House . Thompson , James D . 1967 . Organizations in action . New York : McGraw-Hill . Tversky , A. , and D. Kahneman . 1981 . The framing of decisions and the psychology of choice . Science 211 : 453 – 8 . Google Scholar CrossRef Search ADS ——— . 1991 . Loss aversion in riskless choice: A reference-dependent model . The Quarterly Journal of Economics 106 : 1039 – 61 . Google Scholar CrossRef Search ADS ——— . 1992 . Advances in prospect theory: Cumulative representation of uncertainty . Journal of Risk and Uncertainty 5 : 297 – 323 . Google Scholar CrossRef Search ADS Walker , Richard M. , George A. Boyne , and Gene A. Brewer , eds. 2010 . Public management and performance: Research directions . Cambridge : Cambridge Univ. Press . Google Scholar CrossRef Search ADS Walker , Richard , and Rhys Andrews . 2015 . Local government management and performance: A review of evidence . Journal of Public Administration Research and Theory 25 : 101 – 33 . Google Scholar CrossRef Search ADS Wang , W. , Y. Hou , and W. Duncome . 2007 . Determinants of Pay-as-You-Go financing of capital projects: Evidence from the States . Public Budgeting & Finance 27 : 18 – 42 . Google Scholar CrossRef Search ADS Footnotes 1 https://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html?mcubz=3&_r=00, accessed August 24, 2017. 2 https://paymentaccuracy.gov/, accessed August 24, 2017. 3 Some scholars have recommended expanding the use of the term risk for uncertain outcomes regardless of whether they are positive or negative (Rosa 1998; Renn 1998b; see also Mitchell 1995). 4 The field of generic management offers some support for this notion as well. In a review and synthesis of industrial organizations’ purchasing behavior, for instance, Mitchell (1995, 117) notes the importance of the perceptions of managers regarding risk and the departure of these from technical notions of risk. The primary interest in this literature is on the variance of managers’ perceptions rather than the foundational features. 5 A couple of features of this research agenda implicitly suggest the relevance of risk to management and performance. One is the treatment of stability largely as a set of supports, rather than problems, for the autoregressive feature of public organizational action. Also, the aspect of management labeled as M4 clearly implies certain aspects of risk management. However, the model incorporates this aspect only insofar as it deals with externally generated risks. It is also left almost completely abstract. 6 Additional theoretical and empirical contributions on this theme include Meier and O’Toole 2009; Meier, O’Toole, and Hicklin 2010; O’Toole and Meier 2003. One of these explores some aspects of how public managers handle “uncertainty,” but the focus is almost exclusively on buffering, and especially on various forms that buffers might take – as well as their modeling implications. And no aspect of this research program considers risk or uncertainty as they might flow from within organizations themselves. 7 See http://www.pewtrusts.org/en/archived-projects/government-performance-project, accessed April 25, 2016. 8 For a detailed explanation of the rationale behind the research, see Ingraham, Joyce, and Donahue 2003. 9 Bozeman and Kingsley do find that a number of other factors do help to explain the risk culture of organizations, particularly the willingness of top managers to trust employees and the clarity of an organization’s mission (Bozeman and Kingsley 1998). For a different line of analysis see also Dong (2014). 10 A related notion is how organizational slack can serve a protective function; see O’Toole and Meier 2010. 11 Government Accountability Office, Report # GAO-09-687. 12 These guidelines include OMB Circular A-123 and OMB Circular A-136, discussed below. It should also be noted that OMB has a long history of recommending risk analysis and management best practices through the Clinton and Bush Administrations. As an example of earlier guidelines, see OMB Circular A-4. 13 Playbook: Enterprise Risk Management for the US Federal Government. Retrieved on August 2, 2016 from https://cfo.gov/wp-content/uploads/2016/07/FINAL-ERM-Playbook.pdf. 14 RM Guidelines AS/NXS 4360:2004. 15 BSI British Standards-BS 31100:2008. 16 There is a limited but growing use of these concepts in the field of public administration. The Nicholson-Crotty et al. (2017) study relies in part on these behavioral constructs, as does Moynihan and Lavertu’s (2012) work on election administration and decisions to purchase direct recording electronic voting machines. 17 The O’Toole-Meier model is as follows: Ot = β1(S+M1)Ot−1 + β2(Xt/S)(M3/M4) + εt, where O is some measure of outcome, S is a measure of stability, M denotes management, which can be divided into three parts (M1 is management’s contribution to organizational stability through additions to hierarchy/structure as well as regular operations, M3 management’s efforts to exploit the environment of the organization, M4 management’s effort to buffer the unit from environmental shocks, X is a vector of environmental forces, ε is an error term, the other subscripts denote time periods, and β1 and β2 are estimable parameters. The M3/M4 ratio is sometimes simplified as M2, or externally oriented management. Those researchers have provided an extensive set of empirical studies and found, for the most part, support for many aspects of the model including most of its functional form. They have also offered more detailed modeling ideas about the various aspects of externally oriented management in networks (Meier and O’Toole 2004). 18 Managers sometimes act in this fashion, behavior dependent in part on such factors as the level of organizational performance that their units are achieving (Nicholson-Crotty et al. 2017; see also Meier, Favero, and Zhu 2015). 19 It is useful to keep in mind that, although much external management is directed at managing risks to others, including clients and the public, we focus here on risks to the organization. © The Author(s) 2018. Published by Oxford University Press on behalf of the Public Management Research Association. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Perspectives on Public Management and Governance Oxford University Press

Managing Risks in Public Organizations: A Conceptual Foundation and Research Agenda

Loading next page...
 
/lp/ou_press/managing-risks-in-public-organizations-a-conceptual-foundation-and-2SXAhvSiF7
Publisher
Public Management Research Association
Copyright
© The Author(s) 2018. Published by Oxford University Press on behalf of the Public Management Research Association. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com.
ISSN
2398-4910
eISSN
2398-4929
D.O.I.
10.1093/ppmgov/gvx016
Publisher site
See Article on Publisher Site

Abstract

Abstract Over the past 20 years, the subject of public management has received much attention. Although this research has clearly demonstrated relationships between management and performance in the public sector, there have been few attempts to incorporate the management of risk and its effect on performance. In this article, we seek to provide a discussion and research agenda from which scholars can begin to address this gap. After clarifying the notion of risk and distinguishing it from other related concepts, we consider some behavioral foundations for a research agenda focused on how public managers deal with situations in which they face risky prospects. We explicate the relatively limited treatment of risk thus far in the public management research literature, as well as how agencies and governments have typically approached the theme of risk. Fortunately, fields including risk analysis, behavioral psychology, and decision making provide starting points for scholars. We build from these foundations to sketch the beginnings of a theoretically driven research agenda on risk and managerial decision making. It is our hope that this effort draws attention to the subject and points toward an agenda that can stimulate work in this important area. Introduction The research subject of public management and performance has emerged over the course of the past two decades (Akkerman and Torenvlied 2011; Lynn, Heinrich, and Hill 2001; O’Toole and Meier 2011). One of the major goals of this literature has been to examine theoretically and empirically the effect public managers can have on the performance of public organizations (O’Toole and Meier 2015). In pursuit of this objective, scholars have identified an array of management activities that may influence the outputs and outcomes of public organizations. These include exploiting the organization’s environment; supporting ongoing operations; as well as structuring, motivating, and allocating resources, among many others (O’Toole and Meier 2015). However, one important management function that deserves more attention is the management of risk in the decision making process. Although this subject has mostly been ignored in the public management and public performance academic literature, risks and their management in the public sector seem all the rage elsewhere. There is no shortage of alarming headlines on the subject. The US Office of Personnel Management was the target of a massive theft of personal information affecting 21.5 million individuals in 2015.1 Cyber-attacks on political and electoral systems have dominated news accounts of the 2016 US national elections and are likely to do so for some time to come. The US Government Accountability Office (GAO) estimates that more than $144 billion in improper payments were authorized by the federal government during fiscal year 2016, with the largest attributed to the Medicare Fee for Service Program at $41.1 billion.2 No less alarming, global climate change and its consequences, both short-term and projected over decades, threaten to upend policy agendas and plans at all levels of government and on all continents. The financial collapse triggering the Great Recession affected many millions, with consequences even now continuing to be evident. And needless to say, governments face innumerable risks that do not grab the headlines but are significant and call for better management. Governments, as a result, have hardly been idle. As explained later, the GAO has developed a Risk Management Framework, and several federal agencies have taken steps to implement aggressive risk management strategies. The Canadian government has been similarly active, as have the national authorities in Australia, Britain, and New Zealand. Given the intimidatingly long and ominous list of risks facing governments, these governmental responses are surely encouraging developments. But an important and under-recognized gap remains—a theoretically-driven approach to risk in the public managerial decision-making process. The purpose of this article is to clarify this missing piece of the puzzle, indicate its potential importance, and begin the task of developing a theoretical logic that might enhance how scholars are able to analyze the subject of the public management of risks. The argument of the article can be briefly sketched. The initial point to establish is that the subject of risk and its management has often not been defined and analyzed carefully. Indeed, even among specialists on the matter of risk, there continues to be some disagreement about how to define the boundaries of this topic. Conceptual disagreement can lead to diffuse and unsystematic treatment. To avoid confusion of terms and concepts we start with a brief discussion of our definitions of risk, hazards, errors, and uncertainty in the next section. Second, we turn briefly to the research literature on public management. The public management literature has considered the subject mostly in a peripheral fashion, as we can show, and scholars have also not gotten far beyond a relatively narrow focus on structural components including program or organizational design and risk-related policies to engage with the decision-making behavior of managers at the individual level. An overall consequence has been that the relevant work thus far has largely worked from an implicitly optimizing or maximizing decision-theoretic frame: encouraging or exhorting organizations and managers to consider more alternatives, use their units’ analytical capacity to estimate consequences more fully, and incorporate secondary and tertiary impacts more explicitly. As Simon (1957) indicated long ago, public administrative exhortations toward more rationality typically ignore the limitedly rational nature of human decision making. The attention to structural issues—building systems for more thoroughgoing and systematic analysis of potential problems and/or organizational protections against perturbations—has yielded some useful recommendations for risk management in practice, but it is incomplete. We argue that what is missing on the subject of public sector risk management is a careful treatment of the micro-foundations of behavioral decision making by public managers who have responsibility for dealing with risks. We begin to address this lacuna by sketching some such behavioral assumptions that are grounded in well-established research. We then initiate an effort to develop some theoretical expectations about how real-world public managers are likely to address the subject of risk. Such a theoretical effort, more realistically grounded in what we know about actual decision making, offers the prospect of helping to understand and thereby potentially improve the management of risk. The Concept of Risk in the Decision Making Process for Public Managers What is Risk? Any serious consideration of risk and its management must contend with questions of definition and scope. Leaving aside common language notions, “risk” carries somewhat different meanings in different forums and fields of research. The most strict definition is favored in the classic engineering, decision-theoretic notion. As LaPorte and Consolini (1991) put it, risk in this sense refers to “the product of the magnitude of harmful consequences and the probability of an event causing them” (p. 23). This definition is akin to what Jasanoff (1993; 1998) calls “quantitative risk” and Renn (1998a) labels “technical assessments.” In this approach, the authors specifically distinguish risk from two other concepts: hazards and errors. LaPorte and Consolini (1991, 23) define the former as the “characteristics of a production technology such that if it fails significantly the damage to life and property can be very considerable,” and the latter as “mistakes or omissions in procedure or operational decisions that result in occurrences judged as undesirable and sometimes costly to remedy.” Advantages of this classic approach include a precise delineation of the relevant situations and questions and the generation of quantitative research estimating the risk(s) entailed in a number of specific empirical situations. The strict definition is useful but needs to be broadened slightly to allow for the types of events that public managers may consider as relevant risks. These additional types may include perceived risks (to include perceived hazards and errors, as defined by LaPorte and Consolini) and risks emanating from many kinds of sources, often simultaneously, and often in the absence of precise quantitative estimates of both negative3 consequences and their associated probabilities. One danger that has been noted in the literature is expanding the definition too far so that virtually everything may constitute a risk, which has been a criticism of the literature on what is known as “enterprise risk management” (Bromiley et al. 2015). There are competing notions of “risk,” and we want to be quite explicit about what we mean by risks in the context of public management. Risk, in this context, is determined by the known (or estimated) probability of an event occurring and the resulting consequences. Our definition differs from the classical definition in two important ways. First, we consider both positive and negative consequences that can result in either losses or gains to an organization. Second, these events include what Renn (1998a) labels as hazards and errors. We also emphasize the management of these risks at the individual, managerial level which involves making decisions across choice sets or options that have probabilistic outcomes. We do note the difference between risks with known (or estimated) probabilities and consequences and the concept of uncertainty in which the value of the outcome may be known, but the probability of the event is unknown (Knight 1985). Although we are primarily focused on risk in this article, much of the theoretical agenda and micro-foundations also applies to uncertainty. In establishing the behavioral or micro-foundations of risk and its management within public organizations, we begin by relying on work from a field of analysis that has its roots in psychology but has become known as behavioral economics. In this field, making decisions across situations that have probabilistic outcomes, associated with some expected benefit or cost, is known as making decisions across risky prospects (Kahneman and Tversky 1979, 1982; Tversky and Kahneman 1992). This literature defines a risky prospect as having a decision to make where the outcome has some value (benefit or cost) that will occur with some probability. The risk in this context is that the decision maker (e.g., a manager) does not know the outcomes of their choice with certainty. They only know (or have an estimate of) the expected average benefit or costs of their choices. When risk is present in the decision making process, decision makers reliably make irrational decisions, which means they do not pick the choice with the largest expected benefit (Kahneman and Tversky 1979; Slovic 2000). For all the attention currently to risks in a broad sense, including large-scale and calamitous events, this public-managerial challenge has been mostly neglected. Behavioral Foundations Social science literature has empirically established that when decision makers are faced with a choice across risky prospects, on average, they make decisions that reliably deviate from standard notions of rationality (Kahneman 2011; Slovic 2000). For example, we know that decision makers regularly use decision-making heuristics to simplify their decision making process when the choices for the decision maker have components of risk (Kahneman 2011). We know that for decision makers relative losses loom twice larger than relative gains (Tversky and Kahneman 1991, 1992). Finally, we know that, in general, decision makers over-weight high-probability events as quite certain and under-weight low-probability events as completely unlikely (Kahneman 2011). These notions of how decision makers deal with risk are well established from the experimental setting and can be used to inform hypotheses, but we are less certain of how these behaviors translate in the context of managers working within complex public organizations. In addition to the work done on risk and decision making in the fields of psychology and behavioral economics, some research has been conducted in the fields of political science and public administration that highlights how decision makers within public organizations handle notions of risk. The earliest work here was initiated by Herbert Simon (1955, 1957), who conceptualized bounded rationality at the core of theoretical efforts to explain individual decision making. Building from this work, Jones (2002, 2003) has discussed at length the limitations of the rational actor model as a micro-level foundation for understanding policy implementation and the public policy process. He argued (Jones 2002) that the foundation of limited rationality, put forth by Simon, would yield a number of aspects of human cognition that could influence decision makers’ choices—including long term memory, short term memory, emotions driving priorities, central versus peripheral planning, a preparation-search trade-off, and affective identification with prepackaged options. These notions do not directly deal with risk but rather help to explicate the behavior of decision makers even without the presence of risk. One can extrapolate: it seems likely that when decision makers are making decisions across choices with a risk component, these influences may be magnified.4 The Context of Public Organizations For the development of a coherent approach to risk and its management within public organizations, we take the behavioral foundations above as assumptions for how decision makers are influenced by the introduction of risk into their decision making calculus. Although we rely on the notion of risk and the behavioral foundations discussed above, it is important to highlight that we are interested in decision makers (managers in particular), who reside within the context of public organizations. Public organizations have a number of characteristics or, as put by Carpenter and Krause (2012, 400), “stylized facts” that, we assert, are also frequently relevant to the relationship between the management of risk and performance of a public organization. Although some organizational features have the potential to support more rational action, others can reinforce or magnify individual limitations exhibited by managers. In particular, this dynamic can be encouraged by tendencies of public agencies to be more differentiated and less unified than is often assumed, to treat as irreversible those decisions that can be reversed (legally or technically), to hedge against risk via “contingent actions,” to emulate other organizations as a way of insulating against criticism, and to juggle or hedge as a way of balancing competing audience or stakeholder preferences or expectations (Carpenter and Krause 2012). Several of these characteristics highlight the near-ubiquity of risks and ambiguity within public organizations as part of their defining characteristics. The upshot is that decisions to be made by managers within public organizations are typically suffused with risk (see also Ansell, Boin, and Keller 2010, who emphasize this theme in particular for the management of transboundary crises, a common circumstance for public organizations and public managers). The complex and multifaceted context of public organizations is likely to increase the breadth of decisions that have risk components, a point that further emphasizes the importance of considering the managerial role in managing risks within public organizations. Public Management and the Treatment of Risk The preceding section suggests a line of theoretical logic that can connect earlier basic research related to decision making and risk to the theme of public management and performance. However, as we argue in this section, that link has been mostly undeveloped in the recent work on this latter theme. The good news is that the research subject of public management and performance is flourishing. What had historically been a field with a case-study emphasis has given way to much more systematic and empirical approaches (examples from a much larger set include Akkerman and Torenvlied 2011; Boyne and Walker 2004; Boyne et al. 2006; Lynn, Heinrich, and Hill 2001; Walker and Andrews 2015; Walker, Boyne, and Brewer 2010). A major conclusion is that management contributes to public program and public organizational performance, and there are numerous aspects of management that seem to be consequential (O’Toole and Meier 2011). This meta-finding is hardly a surprise, but it has now been validated in dozens of carefully conducted empirical studies. The bad news, nonetheless, is that the upsurge in interest in this topic has thus far failed to achieve a careful incorporation of the notion of risk and its management into the core work on public management. This section briefly reviews public management research to indicate the state of the field, and also how risk has been dealt with thus far—mostly by omission or obliquely. In the explicit, systematic treatment of public management and performance, we can note the efforts of Meier and O’Toole (2003), for instance, who have demonstrated that internally- as well as externally-oriented managerial activity result in positive contributions to public organizational outputs and outcomes. In some of their more recent work (O’Toole and Meier 2015; see also Meier and O’Toole 2011), they have expanded their formal modeling effort to incorporate numerous features of “context”—internal and external—that might moderate the effect of management on performance. Although some aspects of context might be implicitly related to risk, the theme is not explicitly introduced in the full set of more than 20 hypotheses developed.5 The closest that their research program gets to the subject of risk is its incorporation of the notion of buffering, or protection, by management (and sometimes by structural elements) from potentially disruptive “shocks” emanating from the environment of the program or organization.6 The same can be said for other well-known approaches to understanding managerial effects on public organizational performance. The reduced-form model of governance suggested by Lynn, Heinrich, and Hill (2001), for example, makes room for management and offers a number of insights but does not address any of the risk-related aspects of public management. The Government Performance Project, sponsored by the Pew Charitable Trusts,7 sought to record and assess numerous aspects of management in federal, state, and urban government systems in the United States, but the 14-year initiative did not attend explicitly to managerial implications of risk.8 In the same vein, leading research-based texts in the field of public management fail to include entries for risk (examples include Hill and Lynn 2008; Rainey 2014). In short, the now-extensive and growing research-based literature on public management and performance includes many managerial nuances but does not address the management of risk and how it might shape managers’ and organizations’ responses. The implicit consideration of the management of risk is fairly oblique but tacitly considered in a couple of additional areas of public management research. For one thing, a portion of the research (and popular) depictions of the public-private sector differences and organizational comparisons has it that public organizations and public managers may be more risk averse than counterparts in the for-profit sector (for a prominent example, see Osborne and Gaebler 1993). Although there are reasons to expect such a difference, including a difference between “risk cultures” in public versus private organizations, systematic investigation indicates that “there is considerable variance in organizations’ risk culture, but the sector of an organization tells us little about its risk culture” (Bozeman and Kingsley 1998, 109).9 Similarly, the set of research questions focusing on red tape in public organizations is often premised on reasons why public managers and organizations might be enmeshed in more rule-bound settings, but the risk management-oriented aspects of such settings typically are not carefully analyzed (Bozeman and Feeney 2011). Finally, some explicit treatments of “government as risk manager” focus largely on the public sector’s role vis-à-vis risks in the market economy (Moss 2002), rather than on risks in and to public agencies themselves. In another line of work, public administration scholars have explored the themes of redundancy and reliability in public organizations. Beginning with the contributions of Martin Landau (1969), and particularly via the theoretical and empirical work of some of his students (Bendor 1985; Chisholm 1992) as well as others (LaPorte 2007; LaPorte and Consolini 1991; LaPorte and Metlay 1996), interesting work has been done explicating the benefits of organizational redundancy and the design of high-reliability systems.10 Indeed, Hood (1991, 11, 13–4) has emphasized the importance of what he calls “lambda” values of resilience and reliability in administrative systems and the use of redundancy to avoid catastrophes. Once again, implicit in such (mostly structural) analyses has been the objective of risk reduction and management, particularly in situations for which it is highly costly or impossible to reverse and correct errors: mass transit system infrastructure, nuclear power plants and the production of weapons-grade nuclear materials, air safety in an era of salient international terrorism (Frederickson and LaPorte 2002), and so forth. This literature clearly implies ideas about risk and its management, and the work is provocative and has been a part of the field for some time. Still, it has played a minor role in the recent proliferation of research on public management. Finally, some recent work has bucked the trend and includes a specific treatment of risk and risk choices in the management and performance function. Nicholson-Crotty et al. (2017) highlight the potential role of relative risk aversion. Their work notes that facets of managerial decision making (such as decisions with unknown payoffs, which are considered risky choices) and performance are underexplored. They find that public managers become more risk averse when they feel that they are simply accomplishing their goals rather than under- or over-performing. In short, with few exceptions there has been relatively little theoretical attention to risk in the recent—and now extensive—research literature on public management and performance. The subject has typically appeared as a theme or consideration, but rarely in the core management and performance work undertaken during the past two decades. However, as indicated at the outset of this article, governments at all levels are now newly alert to the risk-relevant aspects of their agencies’ performance and are seeking to document and minimize various aspects of their own risks, as the next section documents. Risk Management in US Federal Agencies Although there has been a dearth of theoretically-driven research on how public managers consider risks and how these management practices affect performance, risk management has become a prominent topic with many government agencies. Rather than a systematic empirical approach to identifying the ways in which risk may influence managers, decisions, and performance, however, these governmental efforts mostly focus on structural approaches—establishing controls, building data systems, institutionalizing analytic units, and safeguards—and sometimes imply something like a rational-actor premise. These efforts also tend to focus on hazards and errors as defined above. Still, the activity does highlight a desire to manage risks that may influence public organizations. As one example of the US government’s attempt to institute comprehensive risk management practices, the GAO developed the GAO Risk Management Framework11 in 2005. This framework brought together several previous attempts including parts of the Government Performance and Results Act (GPRA) of 1993, government auditing standards, and Office of Management and Budget guidelines.12 This Framework includes a cycle of risk management phases that are meant to be continuous and dynamic rather than linear. The phases include (1) strategic goals, objectives and constraints, (2) risk assessment, (3) evaluation of alternative countermeasures to reduce risk, (4) management selection of resources and investments, and (5) implementation and monitoring of countermeasures. In addition to the GAO guidelines there are several relevant federal-level risk management policies that agencies must comply with including the Federal Manager’s Financial Integrity Act (FMFIA) of 1982, OMB Circular A-123, “Management’s Responsibility for Internal Controls,” OMB Circular A-136, “Financial Reporting Requirements,” and the Improper Payment Elimination and Recovery Act of 2010. All of these directives require agencies to maintain internal controls, collect relevant data, and prepare detailed financial reports—steps that are a necessary condition for effective management of risks to organizations. Most recently, The Chief Financial Officers Council and Performance Improvement Council have jointly released a “playbook” that builds on Circular A-123 to provide guidance and tools to help government departments and agencies develop comprehensive risk management strategies that meet the requirements of OMB.13 As described in Hardy (2010), several US federal agencies are leading the way in implementation of comprehensive risk management strategies. For example, the Food and Drug Administration (FDA) implemented a new initiative that includes the development of an integrated system to analyze electronic health data to identify potential risks and assess the safety of medical products after they have been made available to the public. In the field of security risks, both the Department of Defense (DOD) and the Department of Homeland Security (DHS) have implemented risk management processes to identify threats and vulnerabilities and determine which assets are most critical, so that more informed management decisions can be made. It should also be mentioned that many other governments around the world have made significant efforts to integrate risk management into their public agencies and public management. In 1994, for instance, the Canadian government issued the Canadian Risk Management Policy. Departments within the Public Service of Canada are required to identity, minimize, and contain risk; and to compensate for, restore, and recover from risk events. Similarly, the Australian/New Zealand Risk Management Standard framework14 was released in 2004, and the British Risk Management Code of Practice15 was released in 2008. All three sets of standards emphasize communication and monitoring throughout the risk management processes and day-to-day operations including people, processes, and information security (Hardy 2010). As these examples highlight, governments remain interested in attempting to manage their administrative organizations’ exposure to potentially negative outcomes. This is done under the banner of risk management, but typically these efforts are atheoretical, and they focus on identifying and attempting to avoid hazardous events or errors. They also tend to neglect the implications of psychology, behavioral economics, and limitedly rational decision making for how public managers make their choices. The missing piece here, therefore, is similar to the missing piece from the academic literature on public management. There is not at present a theoretically driven and nuanced discussion of how the presence of risk in the decision making process is managed by public managers and how perceptions and reactions to risk can influence organizational performance. Potential Research Agenda Two points should now be clear. First, despite a robust literature linking public management to performance, risk management—as an explicit public management function—has not been systematically incorporated into theoretical management models. Accordingly, there have been few direct empirical tests of the relationship between the management of risk and the effect that risk in the decision making process has on organizational performance. Second, the US federal government, along with other central governments throughout the world, has begun requiring agencies to implement risk management strategies, but these strategies do not appear to systematically approach risk and risky prospects, rather they provide frameworks for minimizing hazards and errors. These points clearly highlight the need for the systematic study of the links between risk management—as part of the public management function—and performance. How much of the risk management literature can be imported with little modification into the study of such issues in the public sector? And how much of the risk management function in public organizations is necessarily distinctive? The interim answer is that currently we know too little about the risk-relevant aspects of the public sector to answer with confidence. To some extent, at a minimum, the public organizational context warrants its own line of inquiry. Given the relative absence of systematic information on even the descriptive aspects of risks, risky prospects, and their management in public organizations, we argue that a future research agenda would focus both on obtaining more descriptive information with regards to public organization risks and on developing a theoretically-driven agenda. To more carefully consider the role of risk in public management, answers to some basic, largely descriptive, questions would be helpful. What risks are generally most prevalent for public organizations? What strategies can potentially aid in mitigating these risks? Are certain risk management strategies more useful in this context? What types of external risks are faced by public organizations? Are there strategies that have been developed by public organizations or their managers that help mitigate these? Data regarding management strategies are already provided in federal agency annual reports, federally-mandated systematic collection of improper payments, and incidents of government failures with respect to risk management. Much of these data are already widely available to researchers, and substantially more could be generated in the form of comparative case studies. These data could be utilized to develop a systematic understanding of the risk-mitigating strategies already in place. However, even without knowing many of the answers to questions framing the descriptive agenda, it is possible to begin a sketch of more theoretically driven expectations about how the public management research agenda intersects with risk, risky prospects, and their management. The next step in this research agenda is to develop a theoretically-driven research agenda. We provide the foundations of such an agenda below. The Beginnings of a Theoretically-Driven Research Agenda As an initial step, a clarifying conceptual point is in order: too often discussions of risk and its management proceed without precise indications of which type(s) of risk are being addressed. We begin the effort in this article by concentrating on the risks to and in public organizations. Some of these risks, it should be noted, can emanate from within, but others can stem from impacts on the organization from the external environment. In an open-system world, risks to the internal workings or status of a public organization can find their sources in the surroundings of the organization. Next, it is useful to make some assumptions and theoretical beginnings explicit. We start with the assumption of limitedly rational public managers as decision makers, that not only satisfice (Simon 1955, 1957, 1965) but also are likely to be loss averse rather than risk averse. Loss averse managers are risk seeking under certain conditions, and they are influenced by heuristics (shortcuts) in their decision-making process. These heuristics lead to reliably biased deviations from rationality for an individual’s behavior (Kahneman and Tversky 1979, 1982, 1984).16 Further, we stipulate that the framing utilized by such managers is likely to be narrow unless this tendency is countered by other features of the decision setting context (Tversky and Kahneman, 1981). Despite managers’ broad mandate to operate (for instance) in the public interest and/or to consider both short-term and long-term effects of the choices they and their agencies make, we expect that managers’ specialization, agency/program socialization, and the normal political oversight processes and expectations will magnify these decision makers’ inclination to use narrow framing. In addition, we assume a managerial tendency to downplay the likelihood of unusual events (Taleb 2010). Possible, but extreme, outcomes at the tails of a distribution will receive less attention. This pattern too will reinforce narrow framing. Finally, other features of the decision setting, particularly mandates, organizational structures, and processes, can work to counteract the biases just sketched, so long as they are designed with this purpose as an objective. On the basis of these stipulations, we can build on existing formal models of public management and performance, such as the O’Toole and Meier (1999) model.17 The O’Toole and Meier model distinguishes several managerial functions: internal management, externally oriented tapping or exploitation of resources and opportunities in the organizational environment, and externally oriented buffering of organizational production from perturbations emanating from the outside. This approach also takes explicit account of stabilizing structures and processes that can work to support ongoing operations. A decision on the part of managers to exploit the environment would amount to a choice, in effect, to take on some risk to the organization—perturbations from the environment are often unpredictable and uncertain—in the interest of securing a prospective overall gain.18 Without necessarily adopting the entire functional form of the relationships stipulated by O’Toole and Meier, we can make use of their conceptual distinctions in beginning to theorize about how public managers deal with risks to their organizations and the role of risk in the decision making process. In short, we believe that a useful way to develop theory about the public management of risk is to begin with what we know about public organizations and public management. It bears repeating that we offer here the beginnings of a positive theory of public management and risk, rather than a normative one; the appropriate tests, corrections to, and elaborations of what follows constitute a program of empirical research. Relying on the theoretical logic sketched by O’Toole and Meier’s distinction between internally focused and externally directed management of public organizations, we consider both in sequence, as they pertain to managers’ likely responses to risk and the role of risk in decision making. The following hypotheses are derived from the micro-foundation established earlier in the article—and elaborated on in this section—to sketch out a theoretically-driven research agenda that explores the role that risk plays in the decision-making process for managers in public organizations. It should be noted that these theoretical beginnings are illustrative rather than definitive or comprehensive. The important point is to begin the effort to theorize about managers and how they address risk; contributions by others, and perhaps corrections to the current effort, will likely be needed. From the work of many behavioral economists, we know that relative losses loom larger than relative gains, and we also know that individuals are more attuned to known costs as opposed to unknown benefits. We expect that these generalizations pertain to public managers as well. Thus, from these behavioral assumptions across risky prospects, we can hypothesize that: H1: In their management efforts, public managers will tend to under-invest in innovations that have potential benefits and devote most of their risk management efforts toward protecting against losses. Certain specific aspects of the theoretical expectations can be inferred from the assumptions outlined above. For example, given the constraints that are attendant to limitedly rational decision makers, and also the many possible sources of risk to public organizations, it is unlikely that managers will be prepared to address them all. Undoubtedly, there will be some rationing of attention in the risk management process toward certain risks and away from others, despite possible expected (dis)utilities involved, as viewed for instance by analysts. In which directions can we expect this rationing to take place? One such expectation can be identified, if one considers the realities of accountability and internal control management strategies such as performance evaluation systems. The structure of the evaluation system will drive the public managers’ attention and focus such that: H2: Different performance appraisal and incentive systems in public organizations are likely to encourage attention/inattention to different kinds of risks, either explicitly or by implication. An important aspect of public organizational performance appraisal and incentive systems is the process for collecting data and documenting performance. Documentation, then, can guide the level of attention that managers pay to certain types of risks. The regular, systematic source of documentation is the set of data accumulated as part of performance management processes. Given limitedly rational decision makers and selective attention, H3: Performance management processes will move choices and performance away from any risks that can be expected to be documented, including ex-post. Similar reasoning suggests additional biases in the risk management function. For instance, longer-term or accumulative risks are more likely to be ignored or sidelined than short-term or immediate risks. This type of bias can be seen in financial management decision making regarding tradeoffs between various risks to revenues and expenditures and the decision to use pay-as-you-use versus pay-as-you-go financing for capital assets (Pagano 2002; Wang et al. 2007). Discounting the future to present value contributes to this pattern, and discounting a highly uncertain future can be expected to exacerbate this tendency: H4: Long-term and accumulative risks are more likely to be ignored or sidelined than more immediate risks, or risks that present as imminent step functions in terms of expected damage to public organizations. This tendency can be expected to be further encouraged by the short-term calculus of most parts of political systems and most actors involved in administrative oversight (Nicholson-Crotty 2009). Following this line of reasoning about limitedly rational managers with finite time and attention, one can expect that decision-making efforts involving risky prospects requiring substantial initial investments of time, attention, and possibly financial resources are therefore less likely to be implemented than those that can be easily or inexpensively executed. Therefore, we can hypothesize about the decision-making process with regard to new initiatives such that H5: Risks that have not yet been experienced, risks that are novel, and risks that are perceived as very rare events will receive especially less attention from public managers than other risks of similar magnitude. We next consider externally directed management. As noted earlier, managers can seek to exploit opportunities in their environment by taking on some associated risk. As H1 implies, we expect managers to do so less often than a strict absolute calculation might suggest. Nonetheless, recent research consistent with the assumptions we have adopted here suggests that the degree of risk aversion is partially a function of the performance reference points adopted by these decision makers (Nicholson-Crotty et al. 2017). In addition, we note the likely importance of the buffering function of management.19 The many contributions in organization theory, including those that have been extended to the public sector, have made buffering a prominent function and treated this activity as an important one (for a classic depiction, see Thompson 1967). Although buffering in the usual sense touches upon only a slice of what might be regarded as the general subject of risk and its management, it is often explicitly incorporated in the literature and represents what can be considered a key feature of standard public organizational theory (Agranoff and McGuire 2003). This function should generally be important to risk management in any open-system operation. Although both public and private organizations are exposed to risks and have reasons to buffer their internal operations from perturbations from outside, we expect that this function is likely to be larger in the public sector than the private. To the extent that private organizations are exposed to market forces, they are likely to be required to adapt to such forces (rather than buffer them) more often and more fully than most public organizations, which deal with less overt competitive pressures. This logic suggests that public organizations will generate a higher level (larger amount) of buffering than will private organizations (Meier and O’Toole 2011, i291). In particular, additionally, we expect a larger impact on organizational outcomes from buffering in the public sector. Negative shocks from outside would normally be expected to result in a performance decline from the public organization. But the larger buffering component expected in the public sector should yield a correspondingly greater assist to performance. Therefore, as expected also from the analysis of Meier and O’Toole (2011, i294–5) we hypothesize that: H6: The impact of buffering – that is, a set of risk management practices – is larger for organizational performance in the public sector than the private. Public organizations have demonstrated a variety of management strategies in dealing with external risks. Given the demands on managers with biases and limited rationality, one of these strategies has been to establish a dedicated risk management position. In a study of organization-level risk management strategies, Beasley et al. (2005) show the importance of dedicated risk managers and support from senior management and stakeholders when implementing risk management strategies. Although these types of approaches tend to be structurally focused, it is reasonable to expect that specifying (an) individual(s) with expertise in risk management within the organization would provide additional resources, personnel, and focus to assist managers in the decision-making process when risk is present. Thus: H7: Public organizations with dedicated risk management subunits will be more likely to invest in established risk management practices and have higher levels of performance in mitigating external risks. Public organizations face unique external risks. One example is the array of political risks, which differ for public organizations compared to the largely regulatory-based political risk facing private organizations. In particular, and beyond the general point that organizations encounter many political risks, it can be argued that additional risk management challenges arise out of the multiorganizational, networked character of many public programs. The organizational partners may be public agencies of the same government, implementing entities of other governments, and/or nonprofit and/or for-profit units. Strong evidence suggests that such arrangements predominate in contemporary policy settings (Hall and O’Toole 2000). They create the prospect of enhanced or leveraged capacity for addressing complex policy challenges, but they are also more difficult to manage on behalf of the joint or shared policy objectives. A collective action logic would suggest possible inducements to free riding when a public organization is one of multiple such entities sharing responsibility for a program—particularly in circumstances for which discrete parts of the program are not primarily in the hands of one or another of the agencies so that a failure or breakdown cannot be attributed clearly to a particular organization or actor. When the management of a program is distributed across multiple organizations, the efficacy of any individual manager’s investment in risk management is lowered and the costs (in time, financial resources, political capital, etc.) for such a manager are greater. Thus, absent a special, high-profile (and likely well-funded) government-wide initiative, presumably with a new or special lead unit for implementation, we would expect that: H8: Governments and their managers are likely to underperform most severely on managing multiorganizational and intergovernmental risks. As with political risk, public organizations are increasingly aware of risks to their reputation, defined as a set of beliefs about an organizations capacities, intentions, history, and mission (Carpenter 2010; Carpenter and Krause 2012). Organizational reputation is determined through beliefs held by external audiences but has internal implications related to employee motivation, professional norms, and accountability. The role of cognitive biases when making decisions that may harm an organization’s reputation suggest that public managers will be loss averse because they weight losses more heavily than gains. On this subject, sectoral difference can also be expected to matter considerably. For public organizations, entities that are usually somewhat constrained by regulation or custom from exercising marketing or public-relations initiatives on their own behalf, reputation can be an especially important and valuable resource. Given the particular importance of organizational reputation in the public sector (Carpenter 2001, 2010), and given the well-known difficulty of developing unambiguous bottom lines for the performance of public organizations, we can expect that: H9: Efforts to manage reputational risk will generally be more important – have larger consequences for organizational outcomes – than an equivalent amount of reputational risk management in the private sector. Another aspect of externally focused managerial decision making with risky prospects is the set of interpersonal connections that managers make and which forums they participate in to share information. When making decisions with risky prospects, decision makers value information that may reduce uncertainty or increase the accuracy of probability estimates. In this context, managers with limited rationality and multiple demands on their time and attention value credible information (not to mention commitment) from trusted partners. This concept has been discussed at length in the social capital literature that considers the interpersonal networks and organizational networks that managers engage in to facilitate collaboration (Putnam 1993). Managers who operate in environments with substantial social capital, in consequence, will often have an easier time implementing programs (O’Toole and Meier 2015, 249). But for risk management the pattern can be more complicated, depending on the form of social capital and the sources of possible risk. For example, the “risk hypothesis” outlined by Berardo and Scholz (2010) argues that actors will seek either bridging social capital relationships with well-connected, popular partners or bonding social capital relationships with transitive, reciprocal relationships depending on the incentives for their partners to cheat or defect from agreements. More detailed and specific hypotheses regarding bridging and bonding capital may be developed using Berardo and Scholz’s risk hypotheses along with other social capital and policy network scholarship. In the context of public organizations, we expect that limited rationality managers use similar strategies such that, H10: When risky prospects are present, public managers develop more bridging and bonding relationships to facilitate the exchange of information. In short, it is possible to suggest numerous points of possible connection between the approaches and varieties of risk management and the developing research on public management. This preliminary theoretical foray is selective, but it suggests the value of a more explicit and rigorous approach to understanding risk management for public organizations and programs. Conclusion In this article we have noted the considerable attention that the subject of risk and its management has received from governments in recent years and we have largely concurred with this emphasis. The broad topic is sizable and salient, and it is deserving of sustained attention from a variety of disciplines, including from those who conduct systematic research on public management. Although we believe that much of the current governmental focus is sensible, it is also incomplete: it gives short shrift to how public managers actually make decisions. In particular, it fails to take advantage of some of the knowledge developed in the social sciences about the behavior exhibited by decision makers facing risky prospects. This behavior is also relevant to the analysis of risk management, and it should not be neglected by those who care about improving governmental responses. This gap regarding the treatment of risk and risk management by managers also characterizes the scholarly literature on public management. As we have indicated, while that field has blossomed in recent years, it has paid almost no attention to the theme of risk—in the sense outlined in this article. We provide a potential research approach that could begin to address this lacuna. Although a helpful step would be to develop more systematic basic descriptive information about the kinds of risks that public managers must grapple with, we emphasize a more ambitious effort to utilize what is known about how people deal with risky prospects to develop a theoretical approach to understanding and explaining the relevant managerial behavior. The efforts of this article constitute only first steps; we have focused, for instance, only on risks to and for the public organization rather than the more extensive set of risks of all types. More theory and empirical testing will be needed, but we believe that this broad strategy offers a promising approach. The main argument here is that the ongoing governmental efforts to draw attention to large-scale risks and build systems to avoid or mitigate these should be buttressed and guided by more fundamental work at the individual level—at the intersection of decision making and risk for public managers. This need not be an either-or proposition. The basic theoretical development and testing will certainly yield implications for how agencies and governments can most appropriately respond to risky prospects facing managers. It will surely be useful, for instance, to be able to assess which kinds of structural supports are most needed and practical to anticipate or respond to certain kinds of decision contexts. And, as some of the hypotheses sketched earlier imply, it can be quite helpful to know the specific kinds of situations in which public managers are most inclined to act on biases that could expose agencies and programs to considerable harm—not to mention in which kinds of situations managers, when unaided, are most likely to miss substantial opportunities to enhance the public welfare. In fact, constructing a more theoretically-driven approach to risk management could pay off in other ways as well. Although we have not emphasized it in this exposition, the largely private-sector research on risk and its management proceeds from relatively atheoretical categories or types of risk—risks stemming from technology, risks attributed to people, and so forth. A more foundational approach to the study of risk management will likely produce a categorization and framework driven by how decision makers interact with risky prospects; and the development of solutions is, accordingly, more likely to be strategic rather than ad hoc—with consequently enhanced efficacy. At least two additional points are worth emphasizing. First, we suggest a broader point about research on public management, one that extends beyond the theme of risk: scholarship in this field can and should make more use of the insights and theoretical contributions from other social science specialties on human decision making. The work of many researchers, for instance the development and validation of prospect theory, can inform basic questions of public management; thus far, however, only very limited use has been made of these advances within the confines of basic public management work. The latter will definitely be improved by more explicit incorporation of the former. And finally, we note that ultimate payoff for the systematic investigation of risk in public management is to improve governmental performance. Indeed, some of the hypotheses sketched in the preceding section address certain performance implications. A great deal of systematic research has been conducted in the last two decades on the public management and performance question. These efforts often do work from a starting point grounded in managers and what they do, and the progress made has been quite valuable. However, the treatment of risk has been essentially absent from this research enterprise. We argue that it is sensible to expand the management-and-performance agenda by incorporating risk as an element of systematic analysis. It seems time for public management scholars to devote more intellectual space to this neglected part of the management-and-performance function, and to this largely unaddressed aspect of the emerging theme of risk. The practical payoff would be improved outputs and outcomes from public programs. A preliminary version of this article was presented at the Public Management Research Conference, Aarhus University, Denmark, June 23, 2016. Another preliminary version was presented at the Seventh Conference on Empirical Studies of Organizations and Public Management, “Taking Sector Seriously: Managers, Socialization, and Performance,” Texas A&M University, May 20–21, 2016. We thank the participants of these conference for helpful comments. We would also like to thank the anonymous Perspectives on Management and Governance for their helpful comments. References Agranoff , Robert , and Michael McGuire . 2003 . Collaborative public management: New strategies for local governments . Washington, DC : Georgetown Univ. Press . Akkerman , Agnes , and Rene Torenvlied . 2011 . Managing the environment: Effects of network ambition on agency performance . Public Management Review 13 : 159 – 74 . Google Scholar CrossRef Search ADS Ansell , C. , A. Boin , and A. Keller . 2010 . Managing transboundary crises: Identifying the building blocks of an effective response system . Journal of Contingencies and Crisis Management 18 : 195 – 207 . Google Scholar CrossRef Search ADS Beasley , M. S. , R. Clune , and D. R. Hermanson . 2005 . Enterprise risk management: An empirical analysis of factors associated with the extent of implementation . Journal of Accounting and Public Policy 24 : 521 – 31 . Google Scholar CrossRef Search ADS Bendor , Jonathan . 1985 . Parallel systems: Redundancy in government . Berkeley, CA : Univ. of California Press . Berardo , R. , and J. T. Scholz . 2010 . Self-organizing policy networks: Risk, partner selection, and cooperation in estuaries . American Journal of Political Science 54 : 632 – 49 . Google Scholar CrossRef Search ADS Boyne , George A. , Kenneth J. Meier , Laurence J. O’Toole , Jr. , and Richard M. Walker , eds. 2006 . Public service performance: Perspectives on measurement and management . Cambridge : Cambridge Univ. Press . Google Scholar CrossRef Search ADS Boyne , George A. , and Richard M. Walker . 2004 . Strategy content and public service organizations . Journal of Public Administration Research and Theory 14 : 231 – 52 . Google Scholar CrossRef Search ADS Bozeman , Barry , and Mary K. Feeney . 2011 . Rules and red tape: A prism for public administration theory and research . Armonk, NY : M. E. Sharpe . Bozeman , Barry , and Gordon Kingsley . 1998 . Risk culture in public and private organizations . Public Administration Review 58 : 109 – 18 . Google Scholar CrossRef Search ADS Bromiley , Phillip , Michael McShane , Anil Nair , and Elzotbek Rustambekov . 2015 . Enterprise risk management: Review, critique, and research directions . Long Range Planning 48 : 265 – 76 . Google Scholar CrossRef Search ADS Carpenter , Daniel P . 2001 . The forging of bureaucratic autonomy: Reputations, networks, and policy innovation in executive agencies, 1862–1928 . Princeton, NJ : Princeton Univ. Press . ——— . 2010 . Reputation and power: Organizational image and pharmaceutical regulation in the FDA . Princeton, NJ : Princeton Univ. Press . Carpenter , D. P. , and G. A. Krause . 2012 . Reputation and public administration . Public Administration Review 72 : 26 – 32 . Google Scholar CrossRef Search ADS Chisholm , Donald . 1992 . Coordination without hierarchy: Informal structures in multiorganizational systems . Berkeley, CA : Univ. of California Press . Dong , Hsiang-Kai Dennis . 2014 . Individual risk preference and sector choice: Are risk-averse individuals more likely to choose careers in the public sector ? Administration & Society 49 : 1121 – 42 . Google Scholar CrossRef Search ADS Frederickson , H. George , and Todd R. Laporte . 2002 . Airport security, high reliability, and the problem of rationality . Public Administration Review 62 : 34 – 44 . Google Scholar CrossRef Search ADS Hall , T. E. , and O’Toole , L. J. , Jr . 2000 . Structures for policy implementation: An analysis of national legislation, 1965–1966 and 1993–1994 . Administration & Society 31 : 667 – 86 . Google Scholar CrossRef Search ADS Hardy , Karen . 2010 . Managing risk in government: An introduction to enterprise risk management . Washington, DC: IBM Center for The Business of Government . Hill , Carolyn J. , and Laurence E. Lynn , Jr . 2008 . Public management: A three-dimensional approach . Washington, DC : CQ Press . Hood , Christopher . 1991 . A public management for all seasons ? Public Administration 69 : 3 – 19 . Google Scholar CrossRef Search ADS Ingraham , Patricia W. , Philip G. Joyce , and Amy Kneedler Donahue . 2003 . Government performance: Why management matters . Baltimore, MD : Johns Hopkins Univ. Press . Jasanoff , Sheila . 1993 . Bridging the two cultures of risk analysis . Risk Analysis 13 : 123 – 39 . Google Scholar CrossRef Search ADS ——— . 1998 . The political science of risk perception . Reliability Engineering and System Safety 59 : 91 – 9 . Google Scholar CrossRef Search ADS Jones , Bryan . 2002 . Bounded rationality and public policy: Herbert A. Simon and the decisional foundation of collective choice . Policy Sciences 35 : 269 – 84 . Google Scholar CrossRef Search ADS ——— . 2003 . Bounded rationality and political science: Lessons from public administration and public policy . Journal of Public Administration Research and Theory 13 : 395 – 412 . Google Scholar CrossRef Search ADS Kahneman , D . 2011 . Thinking, fast and slow . New York : Farrar, Straus, and Giroux . Kahneman , D. , and A. Tversky . 1979 . Prospect theory: An analysis of decision under risk . Econometrica 47 : 263 – 91 . Google Scholar CrossRef Search ADS ——— . 1982 . Judgment of and by representativeness . In Judgment under uncertainty: Heuristics and biases , ed. D. Kahenman , P. Slovic , and A. Tversky , 84 – 100 . New York : Cambridge Press . ——— . 1984 . Choices, values, and frames . The American Psychologist 39 : 341 – 50 . Google Scholar CrossRef Search ADS Knight , Frank H . 1985 . Risk, uncertainty, and profit . Chicago, IL : Univ. of Chicago Press . Landau , Martin . 1969 . Redundancy, rationality, and the problem of duplication and overlap . Public Administration Review 29 : 346 – 58 . Google Scholar CrossRef Search ADS LaPorte , Todd R . 2007 . Critical infrastructure in the face of a predatory future: Preparing for untoward surprise . Journal of Contingencies and Crisis Management 15 : 60 – 4 . Google Scholar CrossRef Search ADS LaPorte , Todd R. , and Paula M. Consolini . 1991 . Working in practice but not in theory: Theoretical challenges of ‘High-Reliability Organizations.’ Journal of Public Administration Research and Theory 1 : 19 – 48 . LaPorte , Todd R. , and Daniel S. Metlay . 1996 . Hazards and institutional trustworthiness: Facing a deficit of trust . Public Administration Review 56 : 341 – 7 . Google Scholar CrossRef Search ADS Lynn , Laurence E. , Jr. , Caroline J. Heinrich , and Caroline J. Hill . 2001 . Improving governance: A new logic for empirical research . Washington, DC : Georgetown Univ. Press . Meier , Kenneth J. , Nathan Favero , and Ling Zhu . 2015 . Performance gaps and managerial decisions: A Bayesian decision theory of managerial action . Journal of Public Administration Research and Theory 25 : 1221 – 46 . Google Scholar CrossRef Search ADS Meier , Kenneth J. , and Laurence J. O’Toole , Jr . 2003 . Public management and educational performance: The impact of managerial networking . Public Administration Review 63 : 675 – 85 . Google Scholar CrossRef Search ADS ——— . 2004 . Conceptual issues in modeling and measuring management and its impacts on performance . In The Art of Governance: Analyzing Management and Administration , ed. Patricia W. Ingraham and Laurence E. Lynn , Jr ., 195 – 223 . Washington, DC : Georgetown Univ. Press . ——— . 2009 . The dog that didn’t bark: How public managers handle environmental shocks . Public Administration 87 : 485 – 502 . Google Scholar CrossRef Search ADS ——— . 2011 . Comparing public and private management: Theoretical expectations . Journal of Public Administration Research and Theory 21 : i283 – 99 . Google Scholar CrossRef Search ADS Meier , Kenneth J. , Laurence J. O’Toole , Jr. , and Alisa Hicklin . 2010 . I’ve seen fire and I’ve seen rain: Public management and performance after a natural disaster . Administration and Society 41 : 979 – 1003 . Google Scholar CrossRef Search ADS Mitchell , Vincent-Wayne . 1995 . Organizational risk perception and reduction: A literature review . British Journal of Management 6 : 115 – 33 . Google Scholar CrossRef Search ADS Moss , David . 2002 . When all else fails: Government as the ultimate risk manager . Cambridge : Harvard Univ. Press . Moynihan , D. , and Lavertu , S . 2012 . Cognitive biases in governing: Technology preferences in election administration . Public Administration Review 72 : 68 – 77 . Google Scholar CrossRef Search ADS Nicholson-Crotty , S . 2009 . The politics of diffusion: Public policy in the American states . The Journal of Politics 71 : 192 – 205 . Google Scholar CrossRef Search ADS Nicholson-Crotty , S. , Nicholson-Crotty , J. , and Fernandez , S . 2017 . Performance and management in the public sector: Testing a model of relative risk aversion . Public Administration Review 77 : 603 – 14 . Google Scholar CrossRef Search ADS O’Toole , Laurence J. , Jr. , and Kenneth J. Meier . 1999 . Modeling the impact of public management: Implications of structural context . Journal of Public Administration Research and Theory 9 : 505 – 26 . Google Scholar CrossRef Search ADS ——— . 2003 . Bureaucracy and uncertainty . In Uncertainty in American politics , ed. Barry Burden , 98 – 117 . Cambridge : Cambridge Univ. Press . ——— . 2010 . In defense of bureaucracy: Public managerial capacity, slack, and the dampening of environmental shocks . Public Management Review 12 : 341 – 61 . Google Scholar CrossRef Search ADS ——— . 2011 . Public management: Organizations, governance, and performance . Cambridge : Cambridge Univ. Press . ——— . 2015 . Public management, context, and performance: In quest of a more general theory . Journal of Public Administration Research and Theory 25 : 237 – 56 . Google Scholar CrossRef Search ADS Osborne , David , and Ted Gaebler . 1993 . Reinventing government: How the entrepreneurial spirit is transforming the public sector . New York : Penguin Books . Pagano , M. A . 2002 . Municipal capital spending during the “boom” . Public Budgeting & Finance 22 ( 2 ): 1 – 20 . Google Scholar CrossRef Search ADS Putnam , R. D . 1993 . The prosperous community . The American Prospect 4 : 35 – 42 . Rainey , H. G . 2014 . Understanding and managing public organizations . San Francisco, CA: John Wiley & Sons . Renn , Ortwin . 1998a . The role of risk perception for risk management . Reliability Engineering and System Safety 59 : 49 – 62 . Google Scholar CrossRef Search ADS ——— . 1998b . Three decades of risk research: accomplishments and new challenges . Journal of Risk Research 1 : 49 – 71 . Google Scholar CrossRef Search ADS Rosa , L. D . 1998 . Metatheoretical foundations for post-normal risk . Journal of Risk Research 1 : 15 – 44 . Google Scholar CrossRef Search ADS Simon , H . 1955 . A behavioral model of rational choice . Quarterly Journal of Economics 6 : 99 – 118 . Google Scholar CrossRef Search ADS ——— . 1957 . Models of man . New York : Wiley . ——— . 1965 . Administrative behavior: A study of decision-making processes in administrative organization . New York : Free Press . Slovic , P . 2000 . The perception of risk . New York : Taylor & Francis . Taleb , Nassim Nicholas . 2010 . The Black Swan: The impact of the highly improbable . New York : Random House . Thompson , James D . 1967 . Organizations in action . New York : McGraw-Hill . Tversky , A. , and D. Kahneman . 1981 . The framing of decisions and the psychology of choice . Science 211 : 453 – 8 . Google Scholar CrossRef Search ADS ——— . 1991 . Loss aversion in riskless choice: A reference-dependent model . The Quarterly Journal of Economics 106 : 1039 – 61 . Google Scholar CrossRef Search ADS ——— . 1992 . Advances in prospect theory: Cumulative representation of uncertainty . Journal of Risk and Uncertainty 5 : 297 – 323 . Google Scholar CrossRef Search ADS Walker , Richard M. , George A. Boyne , and Gene A. Brewer , eds. 2010 . Public management and performance: Research directions . Cambridge : Cambridge Univ. Press . Google Scholar CrossRef Search ADS Walker , Richard , and Rhys Andrews . 2015 . Local government management and performance: A review of evidence . Journal of Public Administration Research and Theory 25 : 101 – 33 . Google Scholar CrossRef Search ADS Wang , W. , Y. Hou , and W. Duncome . 2007 . Determinants of Pay-as-You-Go financing of capital projects: Evidence from the States . Public Budgeting & Finance 27 : 18 – 42 . Google Scholar CrossRef Search ADS Footnotes 1 https://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html?mcubz=3&_r=00, accessed August 24, 2017. 2 https://paymentaccuracy.gov/, accessed August 24, 2017. 3 Some scholars have recommended expanding the use of the term risk for uncertain outcomes regardless of whether they are positive or negative (Rosa 1998; Renn 1998b; see also Mitchell 1995). 4 The field of generic management offers some support for this notion as well. In a review and synthesis of industrial organizations’ purchasing behavior, for instance, Mitchell (1995, 117) notes the importance of the perceptions of managers regarding risk and the departure of these from technical notions of risk. The primary interest in this literature is on the variance of managers’ perceptions rather than the foundational features. 5 A couple of features of this research agenda implicitly suggest the relevance of risk to management and performance. One is the treatment of stability largely as a set of supports, rather than problems, for the autoregressive feature of public organizational action. Also, the aspect of management labeled as M4 clearly implies certain aspects of risk management. However, the model incorporates this aspect only insofar as it deals with externally generated risks. It is also left almost completely abstract. 6 Additional theoretical and empirical contributions on this theme include Meier and O’Toole 2009; Meier, O’Toole, and Hicklin 2010; O’Toole and Meier 2003. One of these explores some aspects of how public managers handle “uncertainty,” but the focus is almost exclusively on buffering, and especially on various forms that buffers might take – as well as their modeling implications. And no aspect of this research program considers risk or uncertainty as they might flow from within organizations themselves. 7 See http://www.pewtrusts.org/en/archived-projects/government-performance-project, accessed April 25, 2016. 8 For a detailed explanation of the rationale behind the research, see Ingraham, Joyce, and Donahue 2003. 9 Bozeman and Kingsley do find that a number of other factors do help to explain the risk culture of organizations, particularly the willingness of top managers to trust employees and the clarity of an organization’s mission (Bozeman and Kingsley 1998). For a different line of analysis see also Dong (2014). 10 A related notion is how organizational slack can serve a protective function; see O’Toole and Meier 2010. 11 Government Accountability Office, Report # GAO-09-687. 12 These guidelines include OMB Circular A-123 and OMB Circular A-136, discussed below. It should also be noted that OMB has a long history of recommending risk analysis and management best practices through the Clinton and Bush Administrations. As an example of earlier guidelines, see OMB Circular A-4. 13 Playbook: Enterprise Risk Management for the US Federal Government. Retrieved on August 2, 2016 from https://cfo.gov/wp-content/uploads/2016/07/FINAL-ERM-Playbook.pdf. 14 RM Guidelines AS/NXS 4360:2004. 15 BSI British Standards-BS 31100:2008. 16 There is a limited but growing use of these concepts in the field of public administration. The Nicholson-Crotty et al. (2017) study relies in part on these behavioral constructs, as does Moynihan and Lavertu’s (2012) work on election administration and decisions to purchase direct recording electronic voting machines. 17 The O’Toole-Meier model is as follows: Ot = β1(S+M1)Ot−1 + β2(Xt/S)(M3/M4) + εt, where O is some measure of outcome, S is a measure of stability, M denotes management, which can be divided into three parts (M1 is management’s contribution to organizational stability through additions to hierarchy/structure as well as regular operations, M3 management’s efforts to exploit the environment of the organization, M4 management’s effort to buffer the unit from environmental shocks, X is a vector of environmental forces, ε is an error term, the other subscripts denote time periods, and β1 and β2 are estimable parameters. The M3/M4 ratio is sometimes simplified as M2, or externally oriented management. Those researchers have provided an extensive set of empirical studies and found, for the most part, support for many aspects of the model including most of its functional form. They have also offered more detailed modeling ideas about the various aspects of externally oriented management in networks (Meier and O’Toole 2004). 18 Managers sometimes act in this fashion, behavior dependent in part on such factors as the level of organizational performance that their units are achieving (Nicholson-Crotty et al. 2017; see also Meier, Favero, and Zhu 2015). 19 It is useful to keep in mind that, although much external management is directed at managing risks to others, including clients and the public, we focus here on risks to the organization. © The Author(s) 2018. Published by Oxford University Press on behalf of the Public Management Research Association. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com.

Journal

Perspectives on Public Management and GovernanceOxford University Press

Published: Mar 27, 2018

There are no references for this article.

You’re reading a free preview. Subscribe to read the entire article.


DeepDyve is your
personal research library

It’s your single place to instantly
discover and read the research
that matters to you.

Enjoy affordable access to
over 18 million articles from more than
15,000 peer-reviewed journals.

All for just $49/month

Explore the DeepDyve Library

Search

Query the DeepDyve database, plus search all of PubMed and Google Scholar seamlessly

Organize

Save any article or search result from DeepDyve, PubMed, and Google Scholar... all in one place.

Access

Get unlimited, online access to over 18 million full-text articles from more than 15,000 scientific journals.

Your journals are on DeepDyve

Read from thousands of the leading scholarly journals from SpringerNature, Elsevier, Wiley-Blackwell, Oxford University Press and more.

All the latest content is available, no embargo periods.

See the journals in your area

DeepDyve

Freelancer

DeepDyve

Pro

Price

FREE

$49/month
$360/year

Save searches from
Google Scholar,
PubMed

Create lists to
organize your research

Export lists, citations

Read DeepDyve articles

Abstract access only

Unlimited access to over
18 million full-text articles

Print

20 pages / month

PDF Discount

20% off