Performing risk assessments for hierarchical, multi-functional systems, such as a municipality, is an activity that requires input from a multitude of actors. In such systems risk assessments can be performed at many system levels and support different types of decisions. For issues that are constrained to a specific sub-system, such as a municipal department, decisions can be preferably taken at sub-system level. However, for other issues, such as those crossing many sub-systems and system levels decisions should preferably be taken at higher system levels, e.g. at the municipal level. At the same time, these decisions require extensive information from the sub-systems. The aim of the present paper is therefore to outline a framework for how risk information can be aggregated—with application in the context of Swedish municipalities. The research builds on previous work by the authors where a method for performing risk and vulnerability assessments in municipal departments has been developed using an action research approach. The method will soon be implemented in each municipal department in the municipality of Malmö, Sweden, and the next step is to develop the aggregation of these assessments. It is argued that this aggregation is facilitated by ensuring that key aspects of the risk assessments in the municipal departments are harmonized. At the same time, too much standardisation may also reduce the utility of the assessments for the municipal departments.