Local government liability exposure is far-flung and both large and small municipalities are vulnerable. As the landscape of risk has evolved, not only facilities and service delivery risk management come into play. Now in-house and third party management is essential for risk areas that include cybersecurity, IT, privacy, data security and business resiliency controls. The most recent victim, hit in November, was San Francisco’s Municipal Transportation Agency, which was effectively shut off from its fare revenue for several days, reportedly through the use of ransomware. ((Weekend Muni hack shows that cybersecurity affects us all. The San Francisco Chronicle. November 28, 2016. http://www.sfchronicle.com/opinion/editorials/article/Weekend-Muni-hack-shows-that-cybersecurity-10641036.php))
Since the loss of municipal immunity in the late 1970’s, large city and small town managers and mayors have been responsible for an ever expanding range of risks, which now include social media exposure and such elements as body camera and drone use. Such exposure place municipalities at crossroads where difficult choices abound. For instance, new technology can reduce costs but may include the use of third parties to carry out critical functions, which in turn increases exposure to risk through third party systems.
Municipal sector best practice responses to these pressures dictate that risk managers adopt an enterprise-wide approach, where they take control of local risk management practices through strategic planning that addresses ongoing risk evaluation and monitoring where managers anticipate third party risk issues and apply proactive solutions. Shared Assessments members include municipalities that have turned to our member-driven knowledge base and Program Tools, which can be tailored to meet local needs, to help them build stronger, more resilient programs for managing and mitigating risk.
Long-term benefits of strong prevention and management include:
- Risk management aligned to the community’s unique defined risk profile;
- More engaged leaders;
- Improved workplace culture;
- Safer communities; and
- Reduced taxpayer burden.
With local government affecting all aspects of community, risk evaluation and proactive planning is critical to: reducing, preventing and mitigating losses; cutting insurance costs; allowing for effective budgeting for risk management program needs; building a culture of accountability that includes third party and other risk management, so that they can serve their main purposes of providing services and maintaining local infrastructure while remaining viable economically.
Marya Roddis is Vice President of Communications for The Santa Fe Group, Shared Assessments Program. She develops blog content and assists staff and members to document committee projects in white papers and briefings, as well as working on blog editing, press releases and other marketing documentation projects. She has worked as a Resource Development Consultant since 2003 for primarily non-profit organizations in the fields of arts, education, social services and regional economic and business development.