Emerging risk trends - Gaining assurance

12 Aug 2025

by Tilden Watson, Gallagher

There is no such thing as perfect risk management. Risk management is a forward-looking process that uses human perceptions, which are often flawed.

The past decade of public service delivery has taught us much about the unpredictability of risk. There have been numerous ongoing, evolving and new challenges, and we have met and managed them. We all understand the mantra that the more an organisation proactively engages positively with risk management, the more likelihood those risk agendas will be managed effectively.

However, we should always ask: how robust is our approach to risk management?

Assurance can give us some answers.

Assurance provides confidence that risk controls are appropriate and are working effectively. Assurance should be an ongoing aspect of managing risk, to ensure the measures you implement match your risk appetite and your risk landscape. You also need assurance that the risks you consider, record and manage reflect the global, societal, economic, and legal and regulatory changes and challenges that may impact your organisation.

The core objective of assurance

Readers of this article are likely to agree with the notion that risk management is a fundamental process within their organisation. However, discussions may arise regarding the core objective of assurance, which is to instil confidence in the robustness of the approach.

Assurance can be seen through multiple lenses:

Process and approach: how does the approach work and compare to best practices?
Results: how do the results compare not only to sector norms but also to emerging risk trends?
Sentiment: what are the attitudes and understanding of risk and risk management internally? Does it provide the benefits and outcomes senior leaders need from the investment of time? If sentiment is against the process, it is likely to be merely a tick-box exercise, and the results will be far from dynamic.

Assurance essentials:

Undertaking robust risk management is only part of the risk journey – gaining assurance is essential.
Key documents such as the NRR and the Global Risk Report are valuable tools for comparison.
Assurance doesn’t just apply to your organisation; it applies to your partners and supply chain as well.

By focusing on these aspects, organisations can better navigate the complexities of emerging risks and ensure a more resilient future.

Navigating risk and assurance

The VUCA (Volatility, Uncertainty, Complexity, and Ambiguity) environment will continue to challenge public service delivery as local government reform progresses, fiscal pressures persist, climate change worsens, and AI disrupts traditional business and employment models.

The World Economic Forum Global Risk Report 2025 (WEF) was stark in its outlook over the next two years:

Short and long-term global outlook: ‘Which of the following best characterises your outlook for the world over the following time periods?’

Stormy: Global catastrophic risks looming – 5%
Turbulent: Upheavals and elevated risk of global catastrophes – 31%
Unsettled: Some instability, moderate risk of global catastrophes – 52%
Stable: Isolated disruptions, low risk of global catastrophes – 11%
Calm: Negligible risk of global catastrophes – 1%

I would love to meet the 11% of people who feel the outlook is going to be ‘stable or calm.’ I suspect they don’t deliver public services!

Both the Government National Risk Register (NRR) reportand the cheerily titled Chronic Risk Analysis (CRA) report echo many of the challenges set out in the WEF report, while placing an emphasis on UK-specific risks, such as the failure of an adult social care provider and public disorder.

These reports emphasise the narrative that a dynamic risk management approach is a fundamental prerequisite in the current VUCA environment. Risk management is now a true differentiator in providing confidence to stakeholders, including funders and government.

Governance

Risk management is a fundamental part of governance in public service delivery. This is underscored by its prominence within the principles set out in the CIPFA/SOLACE Framework of Good Governance and as part of the inspection principles from both the Housing Regulator and the Office for Students.

Governance and risk trends can drive organisations to undertake risk management. The benefits of articulating confidence of a robust risk management process to third parties should not be lost on those investing in risk processes and approaches. These third-party stakeholders include investors, financial markets, risk transfer markets, sector partnerships, government agencies, and the public.

Assurance can take many forms. From my experience as a former audit manager, audits can be invaluable around processes and standards, yet they often fall short in delivering comprehensive insights into outcomes. Additionally, other internal assessments often lack the independence needed to objectively evaluate organisational attitudes towards the approach as they are part of the organisation.

This is where the expertise of specialist partners and advisors, like Gallagher, becomes crucial in providing the required assurance. Organisations do not exist in isolation. They exist within a network, and gaining assurance also applies to that network. Your partners are likely to face many of the same challenges. How much confidence do you have in respect of their approach to risk?

Author

Tilden Watson, Gallagher

Strategic Risk Advisor

Tilden has spent a career embedding practical risk, resilience and internal control solutions within organisations. As a qualified accountant (CIPFA), Internal Auditor (IIA), and member of the Business Continuity Institute (BCI), Tilden has dedicated nearly two decades to the public sector, serving in senior roles in local and central government

Email:: [email protected]

The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.

Arthur J. Gallagher Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 55 Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909.

Gallagher is a global business insurance, risk management and consulting services company offering clients and customers innovation and tenacity across 130 countries.