Risk Assessment

… a core concept used in Implementation and Delivery and Atlas107

Concept description

Leslie Pal (reference below) describes the steps in conducting a risk assessment in the public sector.

The following is reformatted from Pal (2014, pages 321-323)

Conducting an environmental scan with PEST

“The first step … is conducting an internal and external environmental scan. The internal risk factors typically are organizational: personnel, resources, information technology, and so on. A standard way of assessing the external environment is in terms of the PEST schema (also known as the STEP schema):

  • Political (federal–provincial relations, turf wars with other agencies, other governments, international bodies, international and domestic social movements, and stakeholders that may take adverse positions to policy)
  • Economic (local and national markets, price fluctuations, currency fluctuations, labour force movements, competition in one’s target markets)
  • Social (demographic trends, current social debates and fashions); and
  • Technological (new technologies on the horizon and how they will be integrated into operations, scientific discoveries, new uses for old technologies, adequacy of internal technologies in the face of changing external technological environment).
Determining the type and nature of risk

“The next step is the consideration of the types and nature of risk facing the organization. The Treasury Board of Canada (2011) provides the following categorization of risks:

  • Business processes: Threats and opportunities associated with business process design or implementation.
  • Capital infrastructure: Threats and opportunities associated with an organization’s capital infrastructure including hard assets (e.g., buildings, vessels, scientific equipment, fleet), but excluding IT.
  • Communications: Threats and opportunities associated with an organization’s approach and culture of communication, consultation, transparency and information-sharing, both within and outside the organization.
  • Conflict of interest: Threats and opportunities associated with perceived or potential conflicts between private and public interests.
  • Financial management: Threats and opportunities associated with the structures and processes of an organization to ensure sound management of financial resources and its compliance with financial management policies and standards.
  • Governance and strategic direction: Threats and opportunities associated with an organization’s approach to leadership, decision-making and management capacity.
  • Human resources management: Threats and opportunities associated with staff/management turnover; employment/work culture; recruitment, retention and staffing processes and practices; succession planning and talent management; and employee development, training and capacity building.
  • Information management: Threats and opportunities associated with an organization’s capacity and sustainability of information management procedures and practices.
  • Information technology: Threats and opportunities associated with an organization’s capacity and sustainability of information technology, both the infrastructure and utilization of technological applications.
  • Knowledge management: Threats and opportunities associated with an organization’s collection and management of knowledge, including intellectual property, organizational or operational information and records, and scientific data.
  • Legal: Threats and opportunities associated with an organization’s management of its legislative, advisory and litigation activities, including the development and renewal of, and compliance with, laws, regulations, international treaties/agreements and policies.
  • Organizational transformation and change management: Threats and opportunities associated with significant structural or behavioural change within an organization related to mandate, operating context, leadership and strategic direction.
  • Policy development and implementation: Threats and opportunities associated with an organization’s design, implementation and compliance with the government-wide policy suite as well as its own internal policies and procedures.
  • Privacy/Information stewardship: Threats and opportunities associated with an organization’s protection of intellectual property and personal information.
  • Program design and delivery: Threats and opportunities associated with an organization’s design and delivery of specific programs, which may impact the organization’s overall objectives.
  • Project management: Threats and opportunities associated with an organization’s process and practice of developing and managing major projects in support of its overall mandate, as well as risks associated with specific projects that may require ongoing management.
  • Political: Threats and opportunities associated with the political climate and operating context of an organization.
  • Reputational: Threats and opportunities associated with an organization’s reputation and credibility with its partners, stakeholders and the Canadian public.
  • Resource management: Threats and opportunities associated with the availability and level of resources of an organization to deliver on its mandate, as well as the organization’s management of these resources.
  • Stakeholders and partnerships: Threats and opportunities associated with an organization’s partners and stakeholder demographics, characteristics and activities.
  • Values and ethics: Threats and opportunities associated with an organization’s culture and capacity to adhere to the spirit and intent of the Values and Ethics Code for the Public Service.”
Atlas topic, subject, and course

Managing Risk (core topic) in Implementation and Delivery and Atlas107.

Sources

Leslie Pal (2014), Beyond Policy Analysis – Public Issue Management in Turbulent Times, Fifth Edition, Nelson Education, Toronto. See Beyond Policy Analysis – Book Highlights.

Treasury Board of Canada. (2011). Guide to risk taxonomies. Available at http://www.tbs-sct.gc.ca/tbs-sct/rm-gr/guides/grt-gtr01-eng.asp#toc2, accessed 9 April 2017.

Page created by: Ian Clark, last modified 9 April 2017.

Image: Construction Health and Safety Limited, at http://www.ppconstructionsafety.com/newsdesk/2016/03/02/risk-assessment-summary-of-key-hse-guidance/, accessed 9 April 2017.