Andrew Walker, Bridget Tatham: The case for better risk management

First published on Local Government Chronicle.

Risk management can be instrumental in creating more resilient organisations, write the head of research at the Local Government Information Unit and a partner at Browne Jacobson.

Given the increasing complexity of the challenges local authorities face—ranging from financial pressures and cybersecurity threats to climate change and public health crises— there is a growing need for proactive, strategic approaches to risk management.

Risk management has undergone a rapid period of development across the corporate and public sectors. Local government is no less enmeshed in this changing landscape and indeed many local authorities’ procedures for incorporating risk have adapted accordingly.

Working in partnership, the LGIU and Browne Jacobson interviewed 10 risk managers – all members of Alarm, which supports risk management practitioners – from local authorities across England and Scotland to find out how councils manage risk and how their perception of risk has changed over time.

Our findings were recently published in a report - Navigating risk in local government: challenge, change, and capacity.

Actively managing risks

From our interviews we learnt that risk management in local government has undergone a huge transformation in recent years. One manager told us that their primary focus has been transforming risk management from a neglected, box-ticking exercise to an integral part of the council's operations.

They said: "Risk management was massively under-thought in local authorities ... we had a risk management function, but it was very much ‘let’s produce the report for people who don’t understand it’."

There has been a conscious effort to reform how risk is understood across the council, a manager told us. Our research turned up examples where risk managers have restructured the council's approach to risk, emphasising cultural change, proactive planning and tailored communication.

Their work has been instrumental in creating more resilient organisations, where risks are actively managed rather than passively acknowledged, and where staff at all levels are engaged in the risk management process.

Despite these successes, challenges remain, particularly in fostering sustained engagement among councillors and overcoming negative perceptions of risk management as a punitive process.

Reputational risk

Traditional risk management, in the corporate and government sectors, has focused largely on financial, operational and legal risks. In the modern, evolving risk landscape the scope of risk has expanded to include cybersecurity, climate and environment, public health and social and economic inequalities.

It is apparent from our research that risk management is business-critical for the effective delivery of local government services. One interviewee suggested the role should be established on a statutory basis to underscore its importance.

However, financial pressure represents one of the principal and ongoing risks for local government. Additionally, several interviewees identified reputational damage as a critical risk for the council, particularly as it intersects with public perception and media scrutiny. One related challenge councils face is ensuring that senior figures and councillors understand the reputational risks inherent in council operations.

Our research also explored the skills required for risk management. While experience in areas like insurance was commonplace among risk managers, the emphasis on people skills and communication was striking.

One manager told us: "Reading the room and the mood music and working with people and winning hearts and minds ... I often use a term ‘emotional bank balance’ ... How invested are you in what I've got to say?"

Another said “relationships and being very nosy” were important, adding: “You do have to be not pushy as such but you do need to have that inquiring mind and be prepared to ask some of those challenging questions and not just accept everything as given to you to push back.”

Healthy and dynamic approach

In our report, we make the following recommendations to ensure a healthy and dynamic approach to risk management prevails. This would help local authorities adapt and thrive in the modern world.

Risk management must be embedded within local authorities' organisational structure and culture. Councils should stablish clear roles, responsibilities and reporting lines within their organisation for risk management, and eliminate silos through training and processes that span council departments, embedding a culture and set of behaviours around risk.

Executive leadership needs to fully support the risk manager function to ensure it has sufficient backing and authority. Leadership should sponsor risk management so that staff at all levels are aware it is seen from the top as crucial to the council's strategic operation.

To ensure the future of risk management we need a thriving talent pool of younger graduates and recruits with the necessary attributes councils need. We must acknowledge the importance of the non-technical skills that the role entails with well-developed employee value propositions for the next generation of risk managers.

The government should work with local authorities to develop a shared platform for identifying and prioritising risk areas. As part of new structures outlined in recent government policy to boost and strengthen centre-local dialogue, a forum for shared understanding of risks at global, national and local levels would help to disseminate best practice, distribute resources and support, but also to develop approaches for pooling risk across institutions. Local resilience forums have risk groups, which could be further supported and connected.

Andrew Walker, head of research, LGIU; Bridget Tatham, partner, Browne Jacobson