Governance, risk and compliance : a case study within the Maltese public sector

Abstract

A cohesive approach towards Governance, Risk Management and Compliance (GRC) in the Public Sector might be a new technical concept. The Public Administration is usually linked with risk avoidance culture, with a reactive rather than proactive approach towards the management of Risk. An improved holistic approach seems required, in view of the magnitude of the Public Administration, and the challenges it faces to connect the services, clients and the different levels of governance. This project report is intended to assess the maturity level of GRC within the Maltese Public Sector. This project report seeks to determine the principal themes required to develop an effective GRC practice across the Public Sector. This will be first obtained through documentation analysis of the available literature on the subject. Afterwards, the researcher will design a questionnaire based on the identified GRC themes. This online questionnaire is targeted towards Public employees across different Ministries, Departments, Agencies and Entities, enabling the researcher to obtain their perception about the subject. Any gaps, weaknesses or limiting factors towards the implementation of an effective GRC will be identified. The results determined that most of Public Sector bodies have GRC practices present in their daily operations and internal environment, with Governance obtaining the highest mean score, followed by compliance and control. This shows a well-developed Governance structure. However, the substantial percentage of scepticism towards some of the themed GRC statements, especially those related with Risk Management (RM) and Internal Auditing, requires observation. It seems that RM is the least developed theme, whilst the overall perception on Internal Auditing requires improvement. In the last chapter of this research project, the researcher indicates several recommendations that may reduce the identified gaps and ultimately enhance the overall level of GRC maturity. Possible areas of further studies on the subject were also mentioned. The ultimate responsibility for enhancing the Public Sector’s GRC state of maturity rests on the Management and Public Leaders.