What Does GEMS Say About the Governance of Estate Risk, and What Should a Board Be Doing About It?

Across my work in External Reviews of Governance, board development, and strategic governance advisory practice, the most common estate risk governance failure I encounter is not that risk is unmanaged. It is that risk is managed at operational level and reported to the board without the board having any structured means of challenging what it is told. The risk register exists. Inspections are carried out. The estates lead presents a summary at the appropriate meeting. The board notes it. None of that constitutes governance of estate risk. Governance of estate risk requires the board to understand its accountability, have a defined escalation pathway, and actively challenge the information it receives. GEMS is explicit on all three of these requirements.

What Does GEMS Say About Estate Risk Governance?

GEMS addresses risk management across several areas: safety and security, investment need, long-term planning, emergency preparedness, and continuity. In each area, GEMS establishes expectations not just for how the estate should be managed but for how the board should be engaged with the management of risk.

GEMS defines the purpose of governance in estate management as providing strategic leadership, accountability, and oversight and assurance. It warns directly that without clear governance, there is no accountability at board or executive leader level, property decision-making can become fragmented, and operational activities can become uncoordinated. This is not a description of a worst-case scenario. It is GEMS's description of what happens when governance is absent.

The specific governance requirements that GEMS places on the board in relation to estate risk centre on three functions: challenge, escalation, and accountability.

Challenge. GEMS establishes that the board should challenge its executive leaders across the full range of estate management responsibilities, including safety and security, investment need, long-term planning, resource allocation, value for money, procurement, and emergency preparedness. Challenge is a distinct board function from oversight. The board that receives a report and notes it is performing an oversight function. The board that interrogates the report, asks what the risk register shows, enquires about overdue inspections, and requires an explanation for any deterioration in compliance position is performing a challenge function. GEMS requires the second, not the first.

Escalation. GEMS requires clear governance processes that define how estate risks and decisions exceeding practitioner authority reach the board. Without a formal escalation pathway, risks identified at operational level may not reach the board before they become crises. The escalation pathway is not a reporting line. It is a governance design: a defined mechanism that ensures the right risks, at the right threshold, are placed before the board at the point where the board can exercise its authority to make decisions, not just note outcomes.

Accountability. The responsible body is accountable for the estate. Not the estates team, not the site manager, not the director of operations. The responsible body. GEMS requires that the board understands this accountability and has put in place governance arrangements to discharge it.

What Is the Difference Between Receiving a Report and Receiving Assurance?

This distinction matters more than any other in estate risk governance, and it is the distinction that most boards have not yet made explicitly.

A report tells the board what has happened: which inspections were completed, which were not, what the compliance position is, what risks are open. A board that receives reports about estate management is informed about the estate. It is not necessarily assured about it.

Assurance requires the board to understand not just what the current position is but whether the systems that produce and maintain that position are reliable. A board that is assured about estate risk can answer: Is the escalation pathway functioning? Are the right risks reaching the right level? Is the evidence behind the compliance position genuine and current? Has the board itself challenged the information it has been given or accepted it at face value?

Across my work in External Reviews of Governance and governor training on estate oversight obligations, boards that have moved from reporting to assurance share a common characteristic: they have asked the question explicitly. They have made the distinction between being told things and being given founded confidence that those things are true.

What Governance Structures Does GEMS Require?

GEMS requires that governance arrangements for the estate are clearly defined and documented. The specific structural requirements are:

Named accountability at board level. There must be clear accountability for the estate at board level. In a MAT, this is typically a trustee with named responsibility for estate oversight. At Level 4 of the Estate Management Standards, a dedicated board member for estates is an explicit requirement. At Level 1, named board-level accountability is the minimum the Standards expect.

Named responsibility at operational level. There must be clear responsibility at school or operational level for the day-to-day management of the estate. The responsible body must be able to identify who holds this role, what their responsibilities are, and to whom they report.

Documented governance arrangements. The governance arrangements must be documented, not assumed. The board cannot be said to have clear governance if the accountability structure exists in practice but has never been written down and approved.

A risk register reviewed by the board. GEMS requires that a risk register is maintained and reviewed. The board's role is not to maintain the risk register. It is to receive it, understand what it shows, and hold the executive accountable for managing the risks it identifies.

An escalation pathway. The route by which risks beyond practitioner authority reach the board must be defined. What constitutes a risk that requires board-level decision? What is the threshold? Who is responsible for triggering the escalation? These are governance design questions, and the answers must be documented.

What Should the Board Be Doing in Practice?

The board's estate risk governance responsibilities are not discharged by receiving a monthly or termly report. They require active engagement with four specific questions.

Does the board know what risks it owns? The responsible body is accountable for all estate risks. The board does not need to manage those risks operationally, but it does need to understand what the significant risks are, whether they are being managed, and what would constitute an unacceptable level of residual risk.

Does the board have an escalation threshold? There should be a defined point at which an estate risk is escalated to board level. That threshold should be agreed, documented, and understood by the estates lead and the board. Without it, the decision of what reaches the board is made operationally, not governmentally.

Does the board challenge what it receives? A board that does not challenge estate reporting is not fulfilling its assurance function. Challenge does not mean adversarialism. It means asking whether the evidence supports the position being reported, whether trends are moving in the right direction, and whether the risks the board is being told about are the risks that actually warrant board attention.

Does the board have a named member with estate oversight responsibility? In a MAT, this is the board member with accountability for estate management. Their role is to maintain sufficient knowledge of the estate to engage meaningfully in board challenge and to act as the primary point of escalation between the executive and the full board when estate risks require board-level decision.

Frequently Asked Questions

Is estate risk governance a separate function from the board's general risk oversight?

No. Estate risk sits within the responsible body's overall risk framework. The question is whether estate risks are visible within that framework at an appropriate level of specificity. A risk register that includes "estates compliance risk" as a single line item does not give the board the information it needs to exercise meaningful oversight. Estate risks, including statutory compliance, condition-related, safety, and planning, should be identified, assessed, and escalated through the same governance structures as other organisational risks.

How often should the board review estate risk?

GEMS requires regular review. The appropriate frequency depends on the organisation's estate complexity and risk profile. An annual review of the risk register at board level is a minimum. Significant changes in risk, including an overdue inspection, a safety finding, or a major condition issue, should trigger escalation outside the standard review cycle, via the defined escalation pathway.

What does "challenge" look like in practice?

Challenge means asking specific questions of the information presented. Is the compliance position supported by current evidence or is it based on last year's certificates? Which items on the risk register are improving and which are deteriorating? What is the plan for closing overdue inspection gaps? Has the estates lead's assessment of risk been reviewed by an independent competent person? A board that asks and expects to receive specific answers to these questions is exercising challenge. A board that receives a summary and moves to the next agenda item is not.

Does the board need to understand the technical detail of estate risk?

No. The board member with estate oversight responsibility needs sufficient knowledge to engage meaningfully in challenge. The full board needs to understand the accountability picture: what the organisation is responsible for, what the significant risks are, and whether those risks are being managed. Technical expertise is the role of the estates function. Governance expertise is the role of the board.

What if the board has never had a clear escalation pathway for estate risk?

Establishing one is the immediate governance task. The responsible body should define what constitutes an escalation-worthy estate risk, document the pathway from operational identification to board notification, and agree the threshold at which the board is required to make a decision rather than simply receive information. This is a governance design exercise that can be completed without specialist technical knowledge.

Does this apply to single-academy trusts and maintained school governing bodies as well as MATs?

Yes. The governance obligation applies to every responsible body regardless of size or type. For a single-academy trust, the board of trustees carries the full accountability described in GEMS. For a maintained school governing body, the position is more nuanced: the local authority is the Responsible Body, but the governing body retains active accountability for how the estate is managed at school level and must be able to demonstrate engagement with the estate management obligations that affect its school. Smaller organisations may have simpler governance arrangements, but the principles of named accountability, a defined escalation pathway, and active challenge of estate reporting apply equally. A small trust or governing body that cannot answer the four questions above has a governance gap, and that gap is no less significant for the organisation being small.

Mel Stokes is a founding partner of The Estates Strategy Partnership and Director of Legacy Governance Solutions.