Risk Management is becoming a major topic for both the public and private sector organizations. I recently discussed the result of a risk study conducted by EY consulting firm located in the United Kingdom (UK). Recently, the Local Government Information Unit (LGIU), in conjunction with Browne Jacobson, and ALARM published a report “Navigating risk in local government: challenge, change and capacity”.

LGIU is an independent not-for-profit organization which supports local governments. It was founded in 1983 by councils in the UK.  LGIU works to make local government stronger through the sharing of ideas and connecting local governments.

Browne and Jacobson are a law firm in the United Kingdom.

ALARM is a professional association for risk management.

Methodology

LGIU interviewed ten risk managers across England and Scottland.  All were members of ALARM. The interviews were conducted between June and September 2024. The interviews were qualitative in nature. The interviews sought to assess the ways risk management was handled within the councils and the prospective challenges. “The approach enables us to present the differences as well as the commonalities in how risk is perceived and managed.”

Findings

The findings indicate that while risk management is being recognized as needing a holistic organizational approach, there are problems.  First among them is the need for risk managers to realize that the scope of their work is changing.

“Traditionally risk management, in the corporate as well as government sectors, focused largely on financial, operational and legal risks. In the modern, evolving risk landscape the scope of risk has expanded.” (1) The additional risks that must be considered are:

1. Cybersecurity: As digital transformation accelerates in local services, cyberattacks and data breaches have become major risks.
2. Climate and environmental risks: Flooding, wildfires, and other climate-related hazards now form a core component of local risk strategies, especially in cities and regions vulnerable to extreme weather events.
3. Public Health: Public health became a local authority responsibility under the Coalition government and councils include public health emergencies in their risk frameworks as part of the Civil Contingencies Act.
4. Social and economic risks: Socioeconomic inequalities, housing shortages, and changes in employment patterns are contributing to new risks that local government must navigate. (2)
5. Reputation: Is all encompassing and it’s right across the council. It is also inherited. (3)

Even though many councils use a risk matrix to rate and prioritize the risks they face, there is not sufficient granularity for the assignment of risk management responsibility. Nor have councils or risk managers come to terms with the notion that risk managers must have the capability of bridging the gap between silos by communicating the importance of enterprise wide risk management. To this end, LGIU developed four recommendations to assist councils in developing a dynamic approach to risk management.

Recommendations

LGIU to facilitate implementation of its four recommendations, attaches two actions to each. The recommendations and their action items are below.

• Risk management must be embedded within local authorities’ organizational structure and culture. Effective risk management is an essential part of everyday work including councils’ operational and strategic planning processes. Councils should:

1. Establish clear roles, responsibilities and reporting lines within their organisation for risk management.
2. Eliminate silos through training and processes that span council departments, embedding a culture and set of behaviours around risk.

• Executive leadership need to fully support the Risk Management (RM) function to ensure it has sufficient backing and authority. Leadership should:

1. Sponsor Rangers Managers and RM function so that staff at all levels are aware it is a top priority, crucial to the strategic operation of the council.
2. The is include requirements to attend training sessions and to assign time and capacity within teams to engage with RMs and develop responses to risk.

• To ensure the future of risk management we need a thriving talent pool of younger graduates and recruits with the complex skills that have been outlined in this paper. Councils need to:

1. Acknowledge the importance of the non-technical skills that the role entails with well-developed employee value propositions for the next generation of risk managers.
2. Provide opportunities for training and shard learning used ono precisely this s kill set that RMs tell us they deploy in their day-to-day work.

• Government should develop, with local government involvement, a shared platform for identifying and prioritizing risk areas:

1. As part of new structures outlined in recent government policy to boost and strengthen center-local dialogue, a forum for shared understanding of risk at global, national and local levels would help to share best practice distribute resources and support, but also to develop approaches for pooling risk across institutions. Local Resilience Forums have risk groups, which could be further supported and connected.
2. This would pool information from the sources that RM currently refer to, including the World Economic Forum’s Global Annual Risk Report, the Business Continuity Horizon Scan Annual Report and the UK’s National Risk Register. (4)

Discussion

While the survey is the result of a very small sample, it provides information on the direction and concerns of risk managers at the local government level in the UK. The results also indicate a close philosophical association with the WEF’s risk assessment and the EY study. This can be seen in cybersecurity and climate change. A major difference is the localization of municipal risks in socioeconomics, public health and reputation. One issue with respect to climate change, socioeconomic and public health, is the need to granulate the risks so they can be measured, mitigative actions assigned and monitored for the effectiveness at the local level. To do this local government needs the assistance of the national government in the UK. With respect to reputational risk, there are two issues. One is convincing chief executives and governing bodies that reputational risk must be taken seriously. If an organization has a bad reputation, public trust is eroded and needed resources may not be forthcoming. Second, reputational risk is not a problem for just one council cycle, a bad reputation can last for years. Thereby adversely impacting future councils.

Endnotes

1. LGIU, 2025, Navigating risk in local government: challenge, change and capacity, page 8, https://lgiu.org/wp-content/uploads/2025/01/Navigataing-risks-in-local-government-LGIU.pdf.
2. Ibid page 8.
3. Ibid page 9.
4. Ibid page 5.

BIO:

James J. Kline has a PhD from Portland State University. He has worked for the federal, state, and local government. He has consulted on economic, quality and workforce development issues. He has authored numerous articles on quality and risk management in government. His books Enterprise Risk Management in Government: Implementing ISO 31000:2018 and Risk Based Thinking for Government, are available on Amazon. He edited “Quality Disrupted” which is also available on Amazon.