FOIA Failures, Broken Records, and Unchecked Misconduct:
Why Counties Need Risk Management Units Now
Counties are bleeding money because nobody owns risk as a system. FOIA failures, discovery breakdowns, prosecutorial misconduct, judicial rubber-stamping, records that don’t hold up under pressure. That is not random. That is a governance failure — and it has a fix.
Counties are experiencing FOIA failures, record inconsistencies, and unchecked prosecutorial and judicial misconduct because risk is not being actively managed as a system-level function. Establishing dedicated Risk Management Units would centralize oversight, identify procedural breakdowns early, and prevent costly litigation, settlements, and reputational damage. Based on public-sector research and cost modeling, RMUs could save counties hundreds of thousands to tens of millions annually — depending on size.
What’s Actually Failing
Barry County and Washtenaw are not edge cases. They are signals.
When FOIA requests go unanswered or are mishandled — when court records contain inconsistencies or gaps — when prosecutors operate without meaningful internal accountability — when judges rely on incomplete or structurally flawed records — you are looking at unmanaged institutional risk. Not isolated mistakes. A pattern.
FOIA noncompliance — response failures, improper redactions, and request patterns that signal systemic breakdown rather than one-off errors.
Record inconsistencies — gaps, altered timestamps, missing filings, and data pipeline failures that undermine the evidentiary foundation cases are built on.
Prosecutorial conduct without internal accountability — no one tracking patterns, no one flagging repeat behavior, no one connecting individual decisions to systemic exposure.
Judicial reliance on incomplete records — downstream outcomes shaped by upstream failures that were never caught because no function existed to catch them.
Public sector research is unambiguous on this: without structured risk systems, organizations experience fraud, compliance failures, and economic loss — alongside erosion of public trust that compounds every other cost. And once failures surface, they are expensive. The question is never whether the damage is real. It is whether the county absorbed it before or after it became a lawsuit.
Power without enforcement of accountability becomes permission. Systems without risk ownership become liability.
What a County Risk Management Unit Actually Is
This is not internal audit. It is not legal. It is not compliance. An RMU sits across all of them — and it fills the gap none of them were designed to cover.
Legal defends after the fact. Audit looks at financials. Compliance checks boxes. None of them are structurally positioned to map how systems fail before failure becomes litigation. That is the missing function. That is what a Risk Management Unit does.
If institutional risk reporting is routed through the county’s legal function, the function becomes capture. Legal’s interest is in minimizing liability exposure after the fact — which creates structural pressure to suppress findings that could become discoverable. The RMU must report to the County Executive or Board directly to operate with the independence the function requires.
What They Actually Do — Day to Day
An RMU is not a committee that meets quarterly to review reports. It is a systems team with daily operational functions tied directly to the failure modes that generate litigation exposure.
- Track response timelines and failure rates across all departments
- Audit redaction decisions for completeness and legal defensibility
- Flag repeat request patterns as early warning signals of systemic issues
- Identify missing, altered, or internally inconsistent records
- Validate timestamps, filings, and service records against independent sources
- Monitor court and prosecutor data pipelines for structural gaps
- Analyze complaints against prosecutors and judges over time, not just in isolation
- Identify repeat actors, escalation patterns, and systemic behavior trends
- Cross-reference with case outcomes, reversals, and appellate records
- Identify cases likely to produce civil rights claims before they are filed
- Flag wrongful incarceration exposure and Brady violation risk early
- Map appeal probability across active case inventory
- Trace where workflows break: filing ? service ? hearing ? record
- Surface where authority is exercised without clear legal basis
- Identify policies that exist on paper but are not being followed in practice
- Monthly dashboards: FOIA compliance rate, litigation exposure, procedural failure trends
- Translate operational noise into decision-making intelligence for leadership
- Flag emerging risk before it reaches the board as a crisis
Public-sector research shows structured risk reporting improves leadership decision-making by increasing the quality and availability of information available at the point of decision. Right now, county executives are making decisions without that infrastructure. The result is predictable: they react to failures they could have been shown coming.
Why This Doesn’t Already Exist
Because governments prioritize immediate operational pressure over systemic governance risk. This is not an observation — it is documented behavior in the public-sector literature. Institutions focus on the crisis in front of them, not the pattern underneath it.
So problems accumulate quietly until they explode. Lawsuits. Media exposure. State intervention. Federal oversight. Each of those outcomes costs far more than the prevention function would have. But prevention functions don’t generate the kind of visible crisis that produces budget allocation — so they don’t get funded until after something breaks badly enough to make the front page.
FOIA noncompliance accumulates ? escalates to oversight complaint ? generates legal response ? produces settlement cost. Record inconsistencies accumulate ? surface in appeal ? result in reversal ? expose county to wrongful incarceration liability. Prosecutorial behavior accumulates ? reaches critical mass ? explodes in media and litigation simultaneously. Each failure mode follows the same arc: quiet accumulation, expensive explosion. The RMU interrupts that arc at the accumulation stage — where the cost of intervention is a fraction of the cost of the explosion.
What It Would Cost vs. What It Saves
This is where the case becomes unavoidable. The numbers are not theoretical — they are drawn from public-sector ROI research, litigation cost data, and risk management benchmarks.
| County Size | Annual RMU Cost | Est. Annual Loss Without RMU | Potential Annual Savings |
|---|---|---|---|
| Small (?100k pop.) | $300k – $600k | $1M – $3M | $500k – $2M |
| Mid-size (100k–500k) | $600k – $1.5M | $5M – $15M | $2M – $10M |
| Large (500k+) | $1.5M – $4M | $20M – $100M+ | $10M – $50M+ |
The loss figures include litigation costs from civil rights and wrongful incarceration claims, FOIA violation settlements, insurance premium increases driven by claims history, staff inefficiency and process rework, and failed records and IT systems. Public-sector project data shows nearly one in five projects exceeds budget by more than 25%. Add litigation exposure on top of that and the case for intervention closes itself.
Public-sector evaluation research consistently shows organizations that invest 3–5% of budget in risk and evaluation functions generate measurable returns that exceed that investment — through avoided litigation, reduced rework, earlier detection of fraud, and better allocation of capital. An RMU is not overhead. It is the function that makes other spending defensible.
What This Would Have Prevented — Realistically
A functioning RMU in Washtenaw County or Barry County would not have required a crystal ball. It would have required someone whose job was to read the signals that were already there.
This is the operational difference a Risk Management Unit produces. Not a reduction in the frequency of institutional errors — those will always occur. But a structural change in when those errors are caught: before they become claims, before they become headlines, before they become eight-figure liability exposure.
Why This Matters
Right now, counties are reacting to failure. A Risk Management Unit shifts that to predicting and preventing failure — and the distinction is not rhetorical. It is financial, legal, and institutional.
The difference between defending lawsuits and not creating them in the first place. Between public trust erosion and institutional credibility. Between isolated “mistakes” that keep repeating and systemic accountability that catches the pattern before it becomes the story.
Counties don’t have a misconduct problem. They have a risk ownership problem. Until someone is responsible for identifying how systems fail, the failures will keep repeating — just with different names attached and different dollar amounts in the settlement column.
The function exists in every well-run private institution that handles comparable liability exposure. The question for county government is not whether they can afford to build it. It is whether they can afford to keep operating without it.
Sources
Rita Williams, FOIA Failures, Broken Records, and Unchecked Misconduct: Why Counties Need Risk Management Units Now, Clutch Justice (Apr. 17, 2026), https://clutchjustice.com/county-risk-management-units-foia-misconduct/.
Williams, R. (2026, April 17). FOIA failures, broken records, and unchecked misconduct: Why counties need risk management units now. Clutch Justice. https://clutchjustice.com/county-risk-management-units-foia-misconduct/
Williams, Rita. “FOIA Failures, Broken Records, and Unchecked Misconduct: Why Counties Need Risk Management Units Now.” Clutch Justice, 17 Apr. 2026, clutchjustice.com/county-risk-management-units-foia-misconduct/.
Williams, Rita. “FOIA Failures, Broken Records, and Unchecked Misconduct: Why Counties Need Risk Management Units Now.” Clutch Justice, April 17, 2026. https://clutchjustice.com/county-risk-management-units-foia-misconduct/.
