Editor's note: This article was originally published in American City & County, which has merged with Smart Cities Dive to bring you expanded coverage of city innovation and local government. For the latest in smart city news, explore Smart Cities Dive or sign up for our newsletter.
Local governments are facing escalating threats that extend beyond traditional risk management. Climate-induced disasters, cybersecurity breaches, public health crises and social challenges such as homelessness necessitate a comprehensive approach known as Enterprise Risk Management (ERM). This holistic strategy enables municipalities to identify, assess and mitigate risks across all sectors, fostering resilience and safeguarding communities.
The imperative for ERM in local governments
Historically, local government risk management focused on specific areas like workers' compensation and legal liabilities. However, today’s multifaceted risks demand an integrated approach. ERM transcends departmental silos, ensuring risks are managed collectively rather than in isolation. This approach is crucial for addressing the interconnected challenges cities and counties face.
Case studies: Evolving risk landscape
Wildfires and environmental hazards
The 2018 Camp Fire in Butte County was the deadliest and most destructive wildfire in California's history, resulting in 84 fatalities and the destruction of more than 18,800 structures. Beyond immediate devastation, long-term environmental impacts include air quality deterioration and soil contamination. These events prompted local governments to reassess land-use policies and emergency response strategies to enhance resilience.
Homelessness and public health
San Francisco exemplifies the intricate link between social issues and public health. Despite substantial investments in shelter beds and permanent housing, the city struggles with a significant homeless population. A report by the San Francisco Controller's Office highlighted challenges in supporting shelter guests with severe mental illness or addiction due to insufficient funding and resources. Addressing these risks requires integrated strategies encompassing housing and health services.
Cybersecurity threats
In 2023, the San Bernardino County Sheriff’s Department experienced a ransomware attack that disrupted operations and compromised sensitive data. Cyberattacks like these highlight the necessity for robust cybersecurity protocols and the integration of cyber risk management into broader ERM strategies.
Public safety and infrastructure
Wildfires in Los Angeles, particularly in Pacific Palisades, exposed vulnerabilities in urban planning and infrastructure. The destruction of homes and loss of life underscored gaps in emergency preparedness, inadequate urban water systems and risky housing developments in fire-prone areas. Addressing these issues requires integrating urban planning with ERM strategies to mitigate long-term risks.
Here are 10 enterprise risks facing cities and counties:
- Wildfires & climate disasters: Increasing frequency and severity of wildfires, floods and extreme heat threaten lives and infrastructure.
- Cybersecurity threats: Ransomware attacks and data breaches disrupt government services and compromise public safety.
- Aging infrastructure & utility failures: Deteriorating roads, bridges and water systems lead to costly failures.
- Homelessness & affordable housing crisis: Rising homelessness strains public services and law enforcement.
- Public health crises: Pandemics, addiction and mental health challenges overburden health systems.
- Crime & public safety challenges: Gun violence, property crime and law enforcement resource constraints impact community safety.
- Budget shortfalls & economic instability: Declining revenues and pension liabilities threaten financial sustainability.
- Legal & compliance risks: Ethics violations, lawsuits and regulatory mandates create financial and reputational damage.
- Transportation & mobility failures: Failing public transit and traffic congestion reduce economic competitiveness.
- Election security & misinformation: Threats to voting systems and disinformation campaigns erode public trust.
Challenges in implementing ERM
Transitioning to ERM presents several challenges for local governments:
- Resource constraints: Limited budgets make it difficult to invest in ERM training and personnel.
- Cultural resistance: Moving from traditional risk management to an integrated approach requires a shift in organizational culture.
- Complexity of risks: Addressing diverse threats requires specialized knowledge and coordination across departments.
Leading ERM frameworks
COSO ERM framework The COSO framework provides a comprehensive, structured approach to risk management that integrates risk into governance and strategy, which is vital for local governments. It focuses on embedding risk management into organizational culture and aligning risk with strategic objectives, which is crucial when managing public resources and services.
ISO 31000 ISO 31000 offers a flexible and scalable approach that can be easily tailored to the specific needs of local governments. The framework emphasizes systematic risk management processes and continuous improvement, making it a good fit for organizations that need to integrate risk management into their daily operations and decision-making.
TheRisk Management Society (RIMS) Risk Maturity Model This model provides a practical way for local governments to assess the maturity of their risk management practices and progressively improve them. It allows governments to implement incremental changes and improve overtime, which is ideal for agencies that might be in the early stages of risk management maturity.
OCEG Red Book The Open Compliance and Ethics Group’s GRC (governance, risk and compliance) framework is ideal for local governments because it focuses on integrating governance, risk management and compliance functions across the entire organization. Since local governments deal with significant regulatory oversight and public accountability, this framework helps in aligning risk management with both governance and compliance requirements.
Recommendations for effective ERM implementation
Establish dedicated ERM leadership: Appointing Chief Resilience Officers centralizes risk management efforts and ensures accountability.
Foster interdepartmental collaboration: Encouraging joint initiatives among departments promotes a unified approach to risk management.
Invest in training and capacity building: Equipping staff with risk management skills enhances proactive mitigation efforts.
Engage with external stakeholders: Partnering with community members, businesses and other government entities leads to more effective risk mitigation.
Utilize data-driven decision making: Leveraging data analytics informs proactive measures and policy development.
A call to action: Embracing ERM with urgency
The increasing frequency and severity of risks facing communities demand immediate action. Local governments must adopt ERM frameworks to navigate modern challenges effectively. By doing so, they can enhance resilience, protect citizens and ensure sustainable development in the face of uncertainty. The time to act is now, as the cost of inaction is too great to bear.
About the Author
Steve Monaghan is vice president, AI for public safety, at Ladris. Monaghan leverages more than 25 years of government leadership, including concurrent roles as CIO, agency director and director of emergency services, to drive technological innovation in public safety. His strategic expertise, numerous awards, and commitment to advancing community resilience underscore his leadership in AI-driven solutions. Monaghan earned a Bachelor of Science degree in computer science from Chico State University.
