Measuring and managing risk in the quest for resilience

The bow of the Dali cargo ship and the collapsed Francis Scott Key Bridge sit in the water in the Patapsco River in Baltimore.

The bow of the Dali cargo ship and the collapsed Francis Scott Key Bridge sit in the water in the Patapsco River in Baltimore. Wesley Lapointe for The Washington Post via Getty Images

 

Connecting state and local government leaders

COMMENTARY | Incidents like the Baltimore bridge collapse should motivate local leaders to think carefully about risk management, prevention and mitigation.

You're reading Route Fifty's Public Finance Update. To get the latest on state and local budgets, taxes and other financial matters, you can subscribe here to get this update in your inbox twice each month. You can find a full archive of these newsletters here

***

The collapse of the Francis Scott Key Bridge in Baltimore last month showed how quickly a major disruption to our transportation network can have ripple effects beyond just the physical infrastructure sinking below the water.

Lives were lost on that bridge that early Tuesday morning in March, and commerce, jobs and commutes were strangled. Leaders in Baltimore were jolted into action, but so were government officials around the country as they rushed to assess their own infrastructure vulnerabilities.

The catastrophe was an opportunity for local leaders to reevaluate their community’s risk profile and grapple with a concept that is complex but vital for local resilience: the total cost of risk, or TCOR. The big challenge in these events is to weigh not only the risk itself but also those ripple effects that ultimately prove to be the most costly.

By categorizing and quantifying the costs—calculating the TCOR—municipal leaders can get better at managing the fiscal impacts and directing resources toward mitigating them, thereby preventing some of the damage.

TCOR appears to be increasing for most governments, although we can’t know for sure because most jurisdictions haven’t been capturing that data. However, looking at the risk of failing infrastructure, ever more frequent environmental disasters, reports of cyberattacks on local governments and today’s litigious environment, it’s hard to escape that conclusion.

Measure and Manage

To borrow insight from the management visionary Peter Drucker, you cannot manage risks you haven’t measured.

To better understand TCOR, ”you must look at all of its component parts,” explains Dorothy Gjerdrum, senior managing director at the consulting firm Gallagher, which focuses on the financial services industry. “If an entity wants to understand what is driving the cost of risk, they need to look at the drivers. Otherwise, you’ll focus on either the biggest budget item or most inflammatory issue, and then you go into that rabbit hole.”

Measuring TCOR includes identifying the cost of transferring risk (such as insurance deductibles and premiums), the cost of retaining risk (uninsured expenses and the cost of capital), and current risk management expenses (outside-vendor and in-house costs).

These help to:

  • Proactively allocate risk management costs throughout the enterprise.
  • Improve the understanding of risk throughout the enterprise.
  • Develop benchmarks for TCOR.

Various events can cause TCOR to increase, such as climate change and crumbling infrastructure, growing numbers of sexual assault and molestation lawsuits, and the increased scrutiny around police misconduct. In addition to cyberattacks on municipal systems and services, other new and emerging risks include the impact of newly mandated limitations on PFAS (“forever chemicals") in local water supplies.

Assessing your jurisdiction’s total risk profile is a complicated undertaking. “Talk to your experts,” suggests Ann Gergen, executive director of the Association of Governmental Risk Pools. “Talk to your risk manager and loss prevention specialists, your risk pool, your entity’s attorney, insurance broker or agent, OSHA contacts, and others. Start thinking about where you may be particularly vulnerable to risk and ways to reduce the exposure. And benchmark your own year-over-year data to measure improvement.”

Focus on What You Know

Clearly, you cannot control the weather, prevent all accidents or eliminate all misconduct, but you can invest to reduce those risks. Focus on where you know you can make an impact. That might involve analyzing data and identifying preventable accidents and vulnerabilities, or investing in staff training to reduce the risk of cyber breaches or harassment lawsuits.

As the saying goes, an ounce of prevention is worth a pound of cure. Nevertheless, it’s preventive measures that are often perceived as “nice-to-haves” rather than essential and are first on the chopping block when budgets are cut. But if you do the math and evaluate which interventions would have the greatest return on investment, it will help you prioritize and make the argument to policymakers and the public to take preventive measures.

One thing that the increased severity and frequency of natural hazards has shown is that mitigation is a wise investment that can save money, property and, most importantly, lives.

And it can have positive benefits. According to a 2017 FEMA study, “Activities designed to reduce disaster losses also may spur job growth and other forms of economic development. Mitigation represents a sound financial investment. … Society saves $6 for every $1 spent through mitigation grants … and a corresponding benefit-cost ratio of 4:1 for investments [meeting building code standards].”

Over a 20-year period, municipalities with modern building codes would save $32 billion in losses from natural disasters compared to jurisdictions without modern codes, according to another FEMA study, which concluded that the adoption of modern building codes can have even more significant benefits in areas prone to floods, earthquakes and hurricane-force winds. Using flood and hazard mapping data to inform modifications to zoning and building codes is a cost-effective method to help reduce the damage and improve local resilience.

Left and Right of “Boom”

Managing risk in a world that’s increasingly volatile, uncertain and multifaceted demands that leaders think of risk on a continuum. It’s not so much a question of if disaster will strike, but how ready you will be when it does. As Juliette Kayyem describes in her book The Devil Never Sleeps: Learning to Live in an Age of Disasters, it’s the difference between making decisions “left of boom,” in anticipation of the risk, or “right of boom,” dealing after the fact with an event’s costs and impacts. While the cost of prevention can be deferred, the cost of disaster cannot.

Cybersecurity is one example of where being “right of boom” can have crippling consequences. The Center for Internet Security reported recently that from 2022 to 2023 the number of malware attacks against state and local governments increased by 148%, while ransomware attacks rose by 51%. “Endpoint security services incidents” such as data breaches, unauthorized access and insider threats skyrocketed by 313%.

Training employees to practice cyber hygiene is one significant step your organization can take “left of boom.” And it’s probably prudent to assume that attacks will come at the worst time: A few weeks ago, the New York Legislature’s bill drafting operation was hit with a cyberattack just as lawmakers were trying to pass an overdue budget.

Maintaining Municipal Services

Grappling with TCOR and managing risk are crucial to a local government’s ability to provide vital public services— police and fire protection, water and power, and so much more. Yet, it’s difficult for leaders to act “left of boom,” making long-term, costly decisions and sticking with them because the payoffs often don’t manifest until much later down the road. It’s not politically expedient if you’re not going to get credit for it.

That said, you have to take care of the money to take care of people. Ultimately, the point of the money is maintaining or improving constituents’ quality of life.

Incidents like the Baltimore bridge collapse, and how it could have been prevented, should motivate local leaders to think carefully about risk management, prevention and mitigation. To raise these issues to elected officials and get community support, city managers and other municipal executives must pay closer attention to the total cost of risk and its drivers.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.