Risks IMO are minimal, at least with cell phones, gets to another level of risk when we are talking smart phones, and other computing devices (PC’s, Tablets, Ereaders etc.). The primary risk is how the agency avoids reimbursing employees for non-professional use. What I saw one agency do is reimburse employees for the percentage of the bill, not to exceed a maximum, which the cell phone was used in the performance of duties.
What that agency did was trust but verify with random audits with “public adomishment” for the violators, The numbers that I last saw was even, with the additional audit requirements, was a win/win situation for ALL. The employees did not have to carry 2 cell phones, and were reimbursed for a percentage of thier costs and the cell phone budget fell by a significant amount.