This paper examines the management of risk in a large public sector organization. Accounting research on “new” risk management in the public sector has focused on how formal risk management systems emerge through a top–down approach, primarily driven by external demands. Our study contributes to this body of work by detailing the emergence and operation of vernacular risk management systems, that is, systems self‐generated by organizational actors in the context of their work and not officially sanctioned within the organizational hierarchy (cf., Kilfoyle, Richardson & MacDonald, 2013). In this, we theorize how such systems interact with formal risk management systems, thereby also contributing to other disciplines such as crisis management and project management. Drawing on Fischer and Ferlie (2013), we detail how several vernacular systems co‐exist and have different interaction modes with the formal risk management system, and consider how these modes of interaction also change over time. Finally, our results highlight the link between the operation of “new” risk management and inter‐organizational relationships, demonstrating that such relationships can be an important asset to build on in risk management work.