Steve Monaghan, Vice President, AI for Public Safety
April 25, 2025
4 Min Read
Summit Art Creations/shutterstock
Local governments are facing escalating threats that extend beyond traditional risk management. Climate-induced disasters, cybersecurity breaches, public health crises and social challenges such as homelessness necessitate a comprehensive approach known as Enterprise Risk Management (ERM). This holistic strategy enables municipalities to identify, assess and mitigate risks across all sectors, fostering resilience and safeguarding communities.
The imperative for ERM in local governments
Historically, local government risk management focused on specific areas like workers' compensation and legal liabilities. However, today’s multifaceted risks demand an integrated approach. ERM transcends departmental silos, ensuring risks are managed collectively rather than in isolation. This approach is crucial for addressing the interconnected challenges cities and counties face.
Case studies: Evolving risk landscape
Wildfires and environmental hazards
The 2018Camp Firein Butte County was the deadliest and most destructive wildfire in California's history, resulting in 84 fatalities and the destruction of more than 18,800 structures. Beyond immediate devastation, long-term environmental impacts include air quality deterioration and soil contamination. These events prompted local governments to reassess land-use policies and emergency response strategies to enhance resilience.
Related:Ransomware in 2025: Understanding the four stages of attack and why zero trust is critical for state and local governments
Homelessness and public health
San Francisco exemplifies the intricate link between social issues and public health. Despitesubstantial investments in shelter beds and permanent housing, the city struggles with a significant homeless population. A report by theSan Francisco Controller's Officehighlighted challenges in supporting shelter guests with severe mental illness or addiction due to insufficient funding and resources. Addressing these risks requires integrated strategies encompassing housing and health services.
Cybersecurity threats
In 2023, the San Bernardino County Sheriff’s Department experienceda ransomware attackthat disrupted operations and compromised sensitive data. Cyberattacks like these highlight the necessity for robust cybersecurity protocols and the integration of cyber risk management into broader ERM strategies.
Public safety and infrastructure
Wildfires in Los Angeles, particularly in Pacific Palisades, exposed vulnerabilities in urban planning and infrastructure. The destruction of homes and loss of life underscored gaps in emergency preparedness, inadequate urban water systems and risky housing developments in fire-prone areas. Addressing these issues requires integrating urban planning with ERM strategies to mitigate long-term risks.
Related:As local governments acquire new technology, they need to ensure that the new system is future-proof
Here are 10 enterprise risks facing cities and counties:
Wildfires & climate disasters:Increasing frequency and severity of wildfires, floods and extreme heat threaten lives and infrastructure.
Cybersecurity threats:Ransomware attacks and data breaches disrupt government services and compromise public safety.
Aging infrastructure & utility failures:Deteriorating roads, bridges and water systems lead to costly failures.
Homelessness & affordable housing crisis:Rising homelessness strains public services and law enforcement.
Public health crises:Pandemics, addiction and mental health challenges overburden health systems.
Crime & public safety challenges:Gun violence, property crime and law enforcement resource constraints impact community safety.
Budget shortfalls & economic instability:Declining revenues and pension liabilities threaten financial sustainability.
Legal & compliance risks:Ethics violations, lawsuits and regulatory mandates create financial and reputational damage.
Transportation & mobility failures:Failing public transit and traffic congestion reduce economic competitiveness.
Election security & misinformation:Threats to voting systems and disinformation campaigns erode public trust.
Related:From legacy systems to cloud mastery: The path forward for local government ERP
Challenges in implementing ERM
Transitioning to ERM presents several challenges for local governments:
Resource constraints:Limited budgets make it difficult to invest in ERM training and personnel.
Cultural resistance:Moving from traditional risk management to an integrated approach requires a shift in organizational culture.
Complexity of risks:Addressing diverse threats requires specialized knowledge and coordination across departments.
Leading ERM frameworks
• COSO ERM frameworkTheCOSOframework provides a comprehensive, structured approach to risk management that integrates risk into governance and strategy, which is vital for local governments. It focuses on embedding risk management into organizational culture and aligning risk with strategic objectives, which is crucial when managing public resources and services.
• ISO 31000ISO 31000offers a flexible and scalable approach that can be easily tailored to the specific needs of local governments. The framework emphasizes systematic risk management processes and continuous improvement, making it a good fit for organizations that need to integrate risk management into their daily operations and decision-making.
• TheRisk Management Society (RIMS) Risk Maturity ModelThis model provides a practical way for local governments to assess the maturity of their risk management practices and progressively improve them. It allows governments to implement incremental changes and improve overtime, which is ideal for agencies that might be in the early stages of risk management maturity.
• OCEG Red BookThe Open Compliance and Ethics Group’s GRC (governance, risk and compliance) framework is ideal for local governments because it focuses on integrating governance, risk management and compliance functions across the entire organization. Since local governments deal with significant regulatory oversight and public accountability, this framework helps in aligning risk management with both governance and compliance requirements.
Recommendations for effective ERM implementation
• Establish dedicated ERM leadership:Appointing Chief Resilience Officers centralizes risk management efforts and ensures accountability.
• Foster interdepartmental collaboration:Encouraging joint initiatives among departments promotes a unified approach to risk management.
• Invest in training and capacity building:Equipping staff with risk management skills enhances proactive mitigation efforts.
• Engage with external stakeholders:Partnering with community members, businesses and other government entities leads to more effective risk mitigation.
• Utilize data-driven decision making:Leveraging data analytics informs proactive measures and policy development.
A call to action: Embracing ERM with urgency
The increasing frequency and severity of risks facing communities demand immediate action. Local governments must adopt ERM frameworks to navigate modern challenges effectively. By doing so, they can enhance resilience, protect citizens and ensure sustainable development in the face of uncertainty. The time to act is now, as the cost of inaction is too great to bear.
