One in six properties in England are at risk of flooding. Storm Desmond, which affected northern England in December 2015, highlighted once again the importance of how the country should be better prepared for future extreme weather events. The Government’s action to tackle this risk was emphasised by the commitment to initiate a National Flood Defence Review in February 2016. This is to be commended.

This paper discusses the important concept of enterprise risk management techniques to manage flood risks at a national level using successful innovative concepts from business. By its very nature, flooding is always localised to a region, but implications are local and national. We feel it is time to rethink the way manage flood risk at national level by using some concepts successfully used in the commercial world, in particular the concept of enterprise risk management. We are confident this will achieve cost savings. It will also improve efficiency and productivity to streamline risk management and foster collaboration to harness energy of all stakeholders including residents, businesses, government agencies and local government and national government institutions. The following five recommendations are proposed:

1. National Risk Framework
Complex businesses have often developed their own enterprise risk management frameworks to capture emerging risks. These frameworks employ forward-looking governance structures and quantitative techniques to assist in decision-making processes. These organisations generally have good risk management practices for specific risks at a ‘business unit’ level, but also have the ability to aggregate these risks across the entire organisation sometimes applying correlation factors between risks. These organisations employ the three lines of defence concept to escalate emerging risks.

We propose that the Government documents a national risk framework for managing flood risks clearly articulating three lines of defence. The structure is outlined below:
• First level of defence is local government bodies and national agencies (such as Environment Agency) who are responsible for managing the risk;

• Second level of defence should be independent from the first line of defence whose responsibility is to ensure the first line is performing to the same standards as the national risk framework. The Civil Contingencies Secretariat (CSC) can be given this responsibility.

• Third level of defence makes sure the first and second line of defences perform their duties in accordance with the national framework. The National Audit Office can be given this responsibility.

A risk crystallises if all these defences fail to act.

2. Crisis management
The primary function of COBR(A) (Cabinet Office Briefing Room A) is to coordinate the national response to an emerging or actual significant emergency. The Cabinet Office engages proactively with central, local and other partners in preparing for such events by developing and testing response plans with a wide range of partners. The COBRA mechanism is triggered by emergencies, which require sustained central Government coordination and support from a number of Departments and where appropriate, their devolved administrations. This process currently works well, but should go further. The flood risks should be treated as similar to a national security risk, which is currently overseen by the Joint Committee of National Security Strategy. We propose that it is time the Government gives similar focus on flood risks by creating a Joint Committee on National Flood Risk Strategy.

3. Resilience planning and testing
The Government has made a reasonable start on this by the work done by the Civil Contingency Secretariat of the Cabinet Office. For example, in 2011 an extensive contingency plan to prepare and test for extreme flooding in England called Project Excessive Watermark was formulated. This was undertaken following the Pitt review following the 2007 summer floods.

The lack of strategic focus could result in a failure to be proactive and as such more robust architecture is needed to mitigate the effects of such occurrences. There is much to do, and the commercial sector offers some useful ideas for contingency planning and testing. We propose that the Government undertake regular resilience planning exercises at least once in 8 to 10 years to measure the Government’s readiness at national and local level.

4. Avoiding groupthink
Most business organisations are aware of the dangers of groupthink and they will actively seek expertise from outside the industry to formulate their risk strategy. To promote this enterprise-wide risk management, most companies are also aware of the importance of risk culture and the role it plays in identifying and escalating risks promptly through the chain of command. These organisations invest in governance structures and invite external members with various business disciplines provide both independent external oversight and bring their own experience and expertise to bear.

We propose that the Government create a multi-disciplinary panel to advise on flood risk management possibly making this explicit responsibility of the BIS’s Foresight Horizon Scanning Centre.

5. Education of flood risk management
Many residents at serious risk of being affected by flooding are not aware of the extent of that risk. Many are also not aware of what they can do to reduce the effects of flooding, if it does occur. The Government’s public dialogue on flood risk communication re-initiated last year by the Environment Agency and Science Wise in partnership with several stakeholders was a commendable initiative, but it needs to go further. We recommend that this initiative should be extended to schools as part of mandatory primary and secondary education in partnership with Department of Education.

6. Risk Response to floods (4Ts – Tolerate, Terminate, Transfer, Treat)
There are four risk responses available to the Government.
• Tolerate: Do nothing. This could also mean rejecting the risk if it is within the ‘risk appetite’ of the key stakeholders.
• Terminate: Eliminate the risk. Although not all risks can be totally eliminated some may be avoided by taking this pre-emptive action. This could mean improving or relaxing design constraints of flood response schemes.
• Transfer: Risk transfer means moving risk to a third party or share risks with a third party. In some instances this means taking adequate insurance cover and pass the risk to an insurance company.
• Treat: Absorb the risk through contingency arrangements. We recommend that building regulations should be changed so that the repairs carried out at flood-damaged properties can withstand future flooding. By this way, the UK will be able to a build housing stock, which is better resilient to future flooding.

Finally, Government policy has brought flood risk strategy to a high standard. The current Flood Resilience Review is a good opportunity to relook at these structures and use best practices from the commercial sector to create a state-of-art flood risk management framework that would be the first in the world. Failure to do will result in a missed opportunity for the country as a whole.