National Risk Assessments

National Risk Assessments

A Cross Country Perspective You do not have access to this content

Click to Access:
  • PDF
  • READ
05 Mar 2018
9789264287532 (PDF) ;9789264287525(print)

Hide / Show Abstract

This report provides a synthetic view of national risk assessments (NRAs) in twenty OECD Member countries. NRA are used to support risk management decisions in a rapidly changing global risk landscape characterized by increasingly complex, interconnected societies and highly mobile people, information and goods. The report highlights good governance practices in establishing NRAs and how the results are used to inform public policy. It identifies challenges that OECD Member countries continue to confront in their efforts to implement NRA, and makes concrete recommendations where improvements could still be made.

loader image

Expand / Collapse Hide / Show all Abstracts Table of Contents

  • Mark Click to Access
  • Foreword

    When disruptive events occur that could have a significant impact on the population and the national economy, governments have the primary responsibility for managing them. Citizens expect governments to manage the impacts of extreme events whether they come from natural disasters, terrorist attacks, industrial accidents or disease outbreaks. How can governments invest their finite resources most efficiently to mitigate the effects of these events? Since not all hazards and threats can be prevented, important trade-offs need to be made in preparing for different types of disaster risks.

  • Executive summary

    National risk assessments (NRA) identify and analyse risks that have consequences of national significance. NRA help inform decisions concerning the emergency situations that require the attention of policy makers at the centre of government. They cover the entire risk management process, from analysing preparedness for different types of national risks to putting society on notice about them, and as a result are an essential tool for supporting a country’s overall resilience. This report presents a unique overview of NRA across a range of countries. Part I provides a cross-country analysis distilling lessons from the use of NRA. It provides recommendations for countries that might wish to establish an NRA and can be a useful reference for countries seeking to reform their current practices. Part II of this report presents National Risk Assessment processes in 20 countries.

  • Add to Marked List
  • Expand / Collapse Hide / Show all Abstracts National Risk Assessment – Country Profiles

    • Mark Click to Access
    • Australia

      Australia was one of the first countries to develop a standardised risk management approach to the identification of hazards. This chapter discusses the governance framework for risk management in Australia and the importance of the National Emergency Risk Assessment Guidelines (NERAG) which introduced the reform methodology for a top down bottom up approach to risk management. The chapter also discusses transparency and accountability in the context of the risk assessment process and the hazard identification approach initiated by the NERAG. Impact analysis, likelihood and plausibility analysis form part of the process with a standardised approach being provided. The NERAG also advises that likelihood calculations can be based on elements of probability within the overall approach. The chapter discusses risk evaluation monitoring and re-evaluation as part as the ongoing risk management process as well as the importance of using the national risk profile to raise awareness of risks.

    • Austria

      Austria’s National Risk Assessment or as the Austrian Government has called it, the National Risk and Threat Assessment (NaTRAn) was developed as a result of a new national security strategy introduced in July 2013 which replaced the 2001 Security and Defence Doctrine. This chapter discusses the background of this new initiative based on a new risk management approach which relies on strategic planning and a common methodology for analysing the risks across a number of areas. An important element of the strategy discussed is the dual function of the strategy being able to meet the demands of both national and international requirements. This includes the various EU Directives and programmes and deadlines for implementation of critical infrastructure and cyber response requirements. The chapter also discusses the approach that Austria has taken in respect to governance and the participation by the multiplicity of stakeholder in the different levels of government and those with horizontal cross-cutting responsibilities in the risk assessment process.

    • Canada

      The Canadian All Hazards Risk Assessment (AHRA) has been developed as a result of the government’s acknowledgement that there is an increase in natural and man-made threats and lessons learnt from domestic and international events which could also affect developed nations such as Canada. This chapter discusses the approach to emergency management in Canada and the governance framework in the risk assessment process which revolves around the concept of an all hazards approach with the objective of assessing and viewing risks in a standardised approach using a common set of principles and steps. While the AHRA methodology is published, transparency and accountability does not extend to full publication of the identified risk profile due to national security concerns. The introduction of legislation dictates specific roles and responsibilities to a lead ministry and specific ministries with responsibility for their own sector. This is discussed in the chapter as a core element for a standardised risk assessment methodology leading to effective multi-level governance and multi-actor participation.

    • Denmark

      The Danish Emergency Management Agency (DEMA), as the lead agency, has the responsibility to develop the risk assessment process (National Risk Profile 2013) in Denmark. The NRP is a broad perspective on the most serious natural and man-made risks affecting Denmark at this time. This chapter discusses the governance framework and organisational structure for crisis management including the role of DEMA in developing the NRP. Transparency and accountability is provided by the publication of a suite of guidance documents to assist in this process and consultation has taken place with international agencies and neighbouring countries. In respect to hazard identification and impact analysis the NRP is based on historical events that have affected Denmark in the past and therefore considered likely to occur in the future. Communication of the results of the NRP is a core element of the strategy as public and private sectors are in a position to develop their own response as a result of the published content.

    • Estonia

      Estonia’s crisis management process is enshrined in the 2009 Emergency Act. The act functions as the legal basis for putting in place emergency planning policy and procedures including the national risk assessment methodology. The governance framework in Estonia comprises of committees at national, regional and local levels. This chapter outlines the overarching governance framework that applies in Estonia. Transparency and accountability is at present difficult to access as indicated in the chapter by virtue of the de-centralised nature of the risk assessment process. The chapter analyses how the risk assessment is carried out, and where (as in many countries) the hazard identification is based on past history of major emergencies. Communication to the public is achieved by the publication of a summary of the results of the risk assessment process, although the chapter discusses the fact that the NRA is primarily used as a tool to identify the need for incident management plans and to identify the most serious of risks that may affect Estonia.

    • Finland

      This chapter on Finland’s National Risk Assessment outlines the actions that Finland has taken to overhaul its risk assessment process by putting in place an NRA in 2015. The governance framework is discussed in the context of senior level government leadership beginning at the Prime Minister’s office cascading down to ministerial responsibility by various departments with responsibility for emergency response. Synergies with neighbouring countries and the European Union methodologies are also discussed in the development of the NRA process as good practice and cross border requirement in the event of a national incident with cross border dimensions. Transparency and accountability is ensured by a collaborative approach at senior government level. This occurs on regional and local levels and with public and private entities although independent validation of the process has not taken place at the time of writing. Communication is facilitated by the involvement of a large number of stakeholders within the process. Public access to the NRA is currently restricted.

    • Germany

      This chapter on Germany outlines how the governance framework functions in national and regional risk assessments. At a Federal level the risk assessment process for civil protection makes a clear distinction between risk analysis and risk evaluation. The Federal Office of Civil Protection and Disaster Assistance (BBK) consulted internationally when compiling the NRA and applied good practice and ISO standards throughout. Transparency and accountability is widespread in the case of Germany with exposure in public forums such as the Federal Parliament and to the public online. This chapter discusses the methodology for hazard identification and analysis, in addition to vulnerability and impact analysis in some detail. There is substantial ongoing exposure for the NRA at the highest level of government which serves to keep it up to date and relevant.

    • Hungary

      Hungary began the process of disaster risk identification by carrying out an initial pilot in 2011 and as a result followed on by completing a National Disaster Risk Assessment (NRA) in 2014. One of the most important aspects of this assessment is the adherence to good practice in its compatibility with European Commission guidance on risk assessment practices and time horizon milestones in adapting to climate change. In respect to governance, a lead agency (National Directorate General for Disaster Management NDGDM) is designated to co-ordinate the process assisted by working groups comprising of subject matter experts. The national risk assessment process is seen as evolving in Hungary with some work still to be completed. This chapter contains an outline of this effort and main lessons and policy outcomes to date.

    • Korea

      This chapter on Korea reflects information gathered from an OECD workshop held in Seoul on a National Risk Assessment Process. The information was updated following the Sewol Ferry accident in 2014 and the subsequent re-structuring of Korea’s crisis management system. Since 2016, Korea has been developing relevant institutional framework to introduce NRA and preparing risk analysis tools, such as risk assessment techniques for implementing the scenario-based NRA and scenario-based disaster models. The chapter also provides a brief outline of the National Disaster Management System (NDMS,) which is an information management support system used to manage crisis preparedness and response in Korea. There is substantial effort to communicate information on risk and the warning of potential disasters to the public, which support some of the same operational purposes as National Risk Assessments.

    • The Netherlands

      This chapter on the Netherlands outlines how the governance framework functions from a national perspective led by the Ministry of Safety and Justice and through a decentralised structure involving a myriad of stakeholders. The methodology presented in this chapter has been tried and tested for many years by the Netherlands and the involvement of subject matter experts from the public, private and academic sectors in the NRA process is seen as good practice. This chapter also discusses the methodology for hazard identification, impact analysis and, likelihood and plausibility analysis. The Government subscribes to transparency in the process in both the detailed results and methodology used for the NRA which is under constant review given the changing threat landscape.

    • New Zealand

      This chapter discusses the broad concept of New Zealand’s national risk management strategy as a framework for a comprehensive collaborative approach to deal with a full range of national security challenges. From a governance perspective national security issues are overseen by the cabinet and involve oversight of a system of Domestic and External Security Co-ordination (DESC) which is integrated at all levels. The ongoing management of these risks has been influenced by the catastrophic Christchurch Earthquake that the country suffered in 2011 and the potential for further seismic activity in the future. This chapter discusses the methodology used in New Zealand for hazard identification, impact analysis and, likelihood and plausibility analysis. An all hazards approach is used in the risk analysis process with involvement by public and private entities such as government agencies, critical infrastructure owner/operators, SME’s and academia.

    • Norway

      Norway has put in place a National Risk Analysis (NRA) which is co-ordinated by the Directorate for Civil Protection (DSB). This chapter outlines how the NRA governance framework functions from a national and regional (Municipality) perspective. It is firmly rooted in legislation outlining the roles and responsibilities of government bodies and municipal authorities. Subject matter experts are included in the process from the beginning with wide consultation taking place. Transparency and accountability is widespread in the case of Norway with publication of the NRA process and outcomes available to the public online. This chapter discusses the methodology for hazard identification/analysis and vulnerability and impact analysis in some detail. There is ongoing exposure for the NRA at the highest level of government which serves to keep it up to date and relevant. The DSB receive substantial feedback on an ongoing basis and have made adjustment based on this feedback.

    • Poland

      In Poland the National Risk Assessment (NRA) is part of the National Crisis Plan. The NRA is guided by two agencies, the Government Centre for Security (GCS) and the Internal Security Agency. The process provides for a top down bottom up system of risk identification allowing the public sector, ministries, central offices and provincial administrative areas (Voivods) to work together to identify risks and to provide a central government response to the most serious threats which are contained in the National Crisis Plan. This chapter discusses the methodology for hazard identification/analysis and vulnerability and impact analysis in some detail. The NRA takes an all hazards approach taking a broad perspective on potential threats from both internal and external sources. Poland takes an active role in keeping its NRA up to date with a legal obligation placed on each ministry to monitor, analyse and foresee threats in their area of responsibility. Awareness rising forms a large part of the government’s strategy with widespread exposure within appropriate departments.

    • Portugal

      Portugal’s National Risk Assessment includes widespread representation from all sectors in society under the direction of the National Commission for Civil Protection where civil protection is based on territorial management organised at national, regional and municipal level. Uniquely Portugal’s NRA excludes risks of an international dimension which was a deliberate policy choice. In addition, the NRA contributes to the National Platform for Disaster Risk Reduction in respect to implementation of the Sendai Framework in Portugal. This chapter discusses the methodology for hazard identification/analysis and vulnerability, and impact analysis in some detail. The process follows European good practice guidelines (Risk Assessment and Mapping Guidelines for Disaster Management) with a view prevailing that it is not necessary to try to re-invent the wheel. Communication of the NRA process is widespread through each government ministry and the public have access online where some areas are restricted.

    • Slovak Republic

      In respect to Slovak Republic, the main purpose of the National Risk Assessment is to improve preparedness and resilience in the local municipalities and to fill the gaps in their capability and capacity to respond to emergencies. The NRA will also create a better understanding of the prevailing threats in their areas. The full standard risk assessment process is scheduled for completion in 2020. The plan includes a risk matrix and a comprehensive joined up national database. The Slovak Republic Government has a very open approach to both transparency and accountability. The lead is taken by the Crisis Management Department with a well-developed cross cutting approach to accountability. A detailed risk register is made widely available to all stakeholders to improve business continuity, community resilience and risk awareness. In addition this overall risk assessment process is reinforced by legislation. The target by 2020 is a well-developed risk matrix and the consolidation of the NRA process.

    • Spain

      The development of the National Risk Assessment (NRA) in Spain was built around the revision of the National Security Strategy of 2013 and in accordance with legislative requirements namely the 2015 National Security Act. Governance arrangements in Spain, similar to many other countries, have taken the form of an all of government/all of society approach to risk in the context of the taking a global view of new and emerging threats, as well as existing well known threats with an integrated and co-ordinated plan of effective mitigation. The overall objective of a national risk assessment for Spain as set out in this chapter is to provide evidence-based advice to the Prime Minister and his/her office , to provide evidence based advice on the overall risk profile and to provide input to Spain’s National Security Strategy in accordance with legislation. At the time of writing, the NRA had not been brought to government due to transition arrangements.

    • Sweden

      This chapter outlines the current NRA process for identifying risks in Sweden which is now called the National Risk and Capability Analysis. The purpose being to foster more informed analysis of the major risks that Sweden as a whole, is likely to face. The Swedish Civil Contingency Agency (MSB) is the lead agency in developing the NRA process which began in 2012 and continued up to 2016 with a number of iterations culminating in the 2016 version. This version contains a bottom up approach to risk and vulnerability assessment with a top down co-ordinated approach to risk assessment. This chapter discusses the methodology for hazard identification/analysis and vulnerability, and impact analysis in some detail. The results of the NRA process is widely available therefore there is widespread awareness of the risk profile by Swedish Society.

    • Switzerland

      The national risk Assessment process in Switzerland is used to prioritise the treatment of hazards, to help prepare emergency plans and capabilities and for training purposes. The requirement to develop a comprehensive approach to disaster risk management came from senior government level where the responsibility for its development was mandated to the Federal Office for Civil Protection (FOCP). There is significant transparency and accountability in the process with arrangement to consult all stakeholders and the publication of the process. There has also been an additional independent review and reporting mechanism put in place by the FOCP and this report has been sent to government. This chapter discusses the methodology for hazard identification/analysis and vulnerability and impact analysis in some detail. There is widespread acceptance and buy in to the NRA process in Switzerland and this is largely due to the widespread consultation with all stakeholders, public private sectors and the public.

    • United Kingdom

      The United Kingdom National Risk Assessment has been in place (in its present form) since 2005 and has been guided by legislation, the Civil Contingencies Act of 2004. The process is co-ordinated by the UK Cabinet Office and looks forward in a time scale of (a 5 year period) drawing of expertise from a wide range of departments, agencies, academia and external experts. It has an all of government approach using evidence to determine the range of risk that the UK should be prepared for. The NRA is designed to function as a top down process and guides the identification of risk for the whole of the UK, guiding regional entities in the identification of their own risks as mandated by the Civil Contingencies Act 2004. In respect to transparency and accountability, the NRA is published in an abridged form but there is widespread consultation and input internally within government circles and subject matter experts.

    • United States

      The Strategic National Risk Assessment (SNRA) in the United States has a wide scope and covers in general terms natural hazards, terrorism, the use of weapons of mass destruction and cyber-attacks. The driving force behind the SNRA is the Presidential Policy Directive 8 (2011) which gives responsibility to the Department of Homeland Security (DHS) to act as lead agency. Stakeholder involvement in this process is high with an ethos of openness when appropriate given national security consideration. It is considered that there is a balance to be struck in making the process as transparent as possible for those who need to know such as planners and regional entities and protecting and ensuring security. The SNRA is therefore not available to the public at this time. National preparedness is seen as a shared responsibility at all levels of government with the integration of risk analysis across state, regional and local levels.

    • Add to Marked List
Visit the OECD web site