Reflections from RMIA Risk Award Winner, Richard Ellis

As we look forward to the 2026 RMIA Risk Awards, we are pleased to share the reflections of Richard Ellis, RMIA’s 2025 Public Sector Risk Leader of the Year.

1. Congratulations on being recognised as RMIA’s Public Sector Risk Leader of the Year! Can you tell us about the initiative or program that earned you this award?

Thank you! It was so awesome to be recognised, and although the award has my name on it, it is really a sum of great people dedicated to improving risk management at the City of Gold Coast. We created a program to ‘make risk sexy’ - this was after an assessment of our risk maturity was quite low. We had a lot of fun with the campaign (think Tom Cruise sliding in socks in Risky Business), and really worked to bring the organisation, the executive group and our local Councillors on the journey to do things differently. We delivered the Council’s first ever risk appetite statements that are driving real decisions at the highest levels, we completely overhauled our risk framework, we delivered a method to identify top strategic risks, we created an internal risk community full of passionate people across the organisation that love risk management, and we worked to lift awareness of our senior leadership in all things risk and assurance. It was a tonne of work but we had great buy-in from the highest levels to make it a success and pleased to say it resulted in a 110% uplift in risk maturity.

2. How did you navigate the complexities of risk management within a public sector environment?

Local Government risk management is epic! Think about the sheer complexity and diversity of services – we have drinking water storage and distribution, sewage treatment, roads and waste collection. We do construction, town planning, lifeguards and community centres. There’s animal management, safety cameras, environmental protection, parking enforcement and development compliance. And that’s just the half of it, not to mention we are the lead for disaster management! Safe to say that Local Government’s carry a lot of risk exposure across its service offering, as well as the risks that all organisations are tending with such as cyber, financial sustainability and regulatory compliance. How do I navigate it? 3 key things.

1. Gather insights and form relationships – Local Government is so diverse that you need to first get a grip on what we do and the kind of risks we carry. This can be from data, people, research or anything you can get your hands on.

2. Prioritise! I’ve never been a fan of communicating broad messages like ‘it’s everyone’s responsibility to manage risk’. At an enterprise level for a diverse local government, you need to prioritise risk management capability to ensure your highest inherent risk exposures are managed well. Your risk identification, control mapping, assurance program, capability uplift and governance should revolve around this. Focus your efforts here – it’s more bang for your buck.

3. Get out and about. You’ll quickly realise most people you meet are actually glad you are there to support them in helping to make sure key risks are managed.

3. How do you build a strong risk culture across diverse teams and departments?

It’s not easy, but it does start with people knowing you’re in it with them. I know it’s cliché, but the tone really is set from the top, and if you can work on engaging with your executive team and Councillors they will be the biggest advocates. Your messaging needs to resonate WHY risk management is important. Maybe a little controversial, but I don’t like the taglines such as ‘risk management helps make better decisions’. I’ve never found that this messaging cuts through. We tend to push messages like ‘risk management is protecting what matters most’ or ‘a well-managed risk is an avoided post-incident review’. Back that up with a few examples or stories of where bad things have happened, then it becomes real. We found people then start taking comfort in a ‘second line’ and a ‘third line’ there to support them. Once people buy into the message, and see the organisation and framework is there to support them, people start really engaging. The other side of the coin is really starting to push the messaging of risk vs reward. Once the organisation sees that taking risk can be a great thing in pursuit of reward, and it aligns with the set risk appetite, then risk management becomes truly empowering.

4. What advice would you give to those aspiring to lead risk in public service?

Do it! I really believe public sector risk management is a whole different ball game. In Local Government there are risks to the city, the community, the environment and the economy, as well as risks to the sustainability and continuity of the organisation. But the kicker is that your risk management approach, framework and implementation can make a real difference to the public. You can help keep the community safer, promote trust in government and help create an amazing city through better risk management. It’s true, you can see the differences in the community you live and work in, and it’s inspiring. It also never gets boring! I feel every day I learn something new about the city we work in or the services we provide, so if you’re a risk manager wondering where too next, you have a real chance to make a difference in Local Government.