UK Resilience

Risk

Background

The Government aims to ensure all organisations have clear and effective risk assessment processes in place. We work at all levels to assess and mitigate the risk from emergencies facing the country as a whole. This section outlines what is meant by risk in an emergency preparedness context, and the importance of risk assessment as a continual process aimed at reducing and mitigating the risks that we all face.

What is risk?

In the context of emergency preparedness, risks are those hazards (i.e. non-malicious events such as flooding) or threats (i.e. malicious events such as terrorist attacks) which could adversely affect an organisation and its ability to carry out its functions. Risk is a function of the likelihood and impact of a given hazard or threat. This reflects, on the one hand the possibility of an emergency occurring which could adversely affect the organisation (e.g. flooding or nuclear accident). And on the other hand, the extent to which the event impacts upon the organisation (e.g. lack of staff, disruption to power supply, damage to facilities).

Risk assessment

Effective identification and assessment of the risks which could potentially seriously obstruct an organisation in the performance of its functions should underpin all other emergency planning and business continuity management processes.

The Government advocates a six-step risk assessment process, which is widely recognised as being good practice. The steps can be split into 3 phases:

1. Contextualisation involves defining the nature and scope of the risk and agreeing how the risk management process will be undertaken.
2. Risk evaluation covers the identification of those threats and hazards that present significant risks, analysis of their likelihood and impacts, and the combination of these values to produce overall risk scores.
3. Risk treatment involves deciding which risks are unacceptably high, developing plans and strategies to mitigate these risks, and then testing the plans and any associated capabilities.

Risk assessment should drive a standard emergency planning process, informing emergency plans (and Business Continuity plans) which are then tested through audit and validation exercises. Regular updating of the risk assessment in turn leads to revision of plans and further testing. The risk assessment should also respond quickly to changes in the risk environment. This means that the process should be iterative and contain risk monitoring and updating mechanisms.

Risk assessment at the local level

The Civil Contingencies Act places a risk assessment duty on all Category 1 responders. Category 1 responders assess risk as often as is necessary to ensure that they are in a reasonable position to maintain and update their emergency plans and to perform the civil protection duties under the Act, including the duty to maintain business continuity plans.

• Details of local resilience forums

As part of the Local Resilience Forum (LRF) process (see the Co-operation section), Category 1 responders must co-operate with each other in maintaining the Community Risk Register (CRR). The CRR provides an agreed position on the risks affecting a local area and on the planning and resourcing priorities required to prepare for those risks.

It is recognised that requiring each Category 1 responder to perform the risk assessment duty in isolation would lead to a wasteful duplication of resources. It is more efficient, and effective, for individual Category 1 responders to fulfil their risk assessment duties by participating in a collaborative exercise that results in a single, collective risk assessment.

Category 1 responders also have a statutory duty to publish their risk assessments, to the extent necessary to reduce the impact of an emergency on the community. Click here to see guidance on Communicating Risk [PDF, 80 Pages 4.2MB].

Risk assessment at the regional level

The regional tier is a crucial part of England's civil protection framework, ensuring co-ordination between representatives of Category 1 and 2 responders and central government bodies. For more information on the regional tier, go to the English Regions section.

Regional Resilience Forums (RRFs) have a key role in developing regional risk assessments which provide a judgement of the likelihood and impact of emergencies that could occur in the region. The regional risk assessments build on the local risk assessments produced by LRFs, and equally ensure consistency and co-ordination with the central guidance provided by the Government on the risks facing the UK as a whole. Risk likelihoods are assessed for a five year period so that the risk assessment will support strategic planning for the medium term, informing decisions about capability development.

Risk assessment in the Devolved Administrations

It is equally important that organisations within the Devolved Administrations conduct effective risk assessment. The Devolved Administrations section provides more detail on the extent to which the Civil Contingencies Act duties apply in the Devolved Administrations, and their individual emergency planning arrangements.

In practice, the Government works closely with the Scottish Executive, Welsh Assembly Government (WAG) and Northern Ireland departments to promote effective risk assessment work that is, as far as possible, consistent with that of the rest of the UK. The Local Risk Assessment Guidance (LRAG), for example, is provided to Wales, Scotland and Northern Ireland emergency planning departments. In Northern Ireland, only a limited number of organisations have duties under Part 1 of the Act. Most organisations in Northern Ireland deliver civil contingencies activities in line with the Northern Ireland Civil Contingencies Framework, which requires organisations to carry out individual risk assessments, and encourages them to co-operate in producing risk assessments and sharing information.

Risk assessment at the UK government level

The UK Government has a national risk assessment capability which identified risks to the UK as a whole over a five year period, and assesses their likelihood and impact. This forms the basis for decisions about emergency preparedness and about capability planning. The section on UK Government provides more detail on national risk assessment processes.

This national risk assessment process feeds into the Devolved Administrations, regional and local levels to ensure fully integrated risk assessment processes at all levels which underpin coherent emergency planning throughout the UK. The Government provides guidance to LRFs and RRFs on the likelihoods of emergencies based on national assessments, which can then be flexibly tailored to meet local and regional judgements of the risks facing their areas.

Key Documents

You should refer to:

• Emergency Preparedness, Chapter 2: "Co-operation" [PDF, 14 pages, 74KB] (pp10-23)
  • Annex 2A: "Model terms of reference for the Local Resilience Forum" [PDF, 1 page, 15KB]
• Emergency Preparedness, Chapter 4: "Local responder risk assessment duty" [PDF, 13 pages, 103KB] (pp34-46)
  • Annex 4A: "Summary of the six-step local risk assessment process" [PDF, 3 pages, 27KB]
  • Annex 4B: "Illustration of a Local Risk Assessment Guidance (LRAG)" [PDF, 7 pages, 41KB]
  • Annex 4C: "Example of an individual risk assessment" [PDF, 2 pages, 25KB]
  • Annex 4D: "Likelihood and impact scoring scales" [PDF, 3 pages, 28KB]
  • Annex 4E: "Community Risk Register" [PDF, 1 page, 22KB]
  • Annex 4F: "Risk rating matrix" [PDF, 2 pages, 19KB]
• Emergency Preparedness, Chapter 17: "Co-operation at the regional level in England" [PDF, 7 pages, 39KB] (pp167-173)
  • Annex 17A: "Model terms of reference for a Regional Resilience Forum" [PDF, 1 page, 14KB]
• Emergency Preparedness, Chapter 18: "Planning at the regional level in England" [PDF, 4 pages, 27KB] (pp174-177)
• Guidance document Communicating Risk [PDF, 80 Pages 4.2MB]
• A Guide to Emergency Planning Arrangements in Northern Ireland [External PDF, 148 pages, 1.56MB] - Northern Ireland Central Emergency Planning Unit guidance document.
• A Guide to Risk Assessment in Northern Ireland [External Word document, 39 pages, 407KB] - Northern Ireland Central Emergency Planning Unit guidance document.

Key Links

• HM Treasury: Risk management - useful links [External website]
• HSE: Risk Management [External website] - practical guidance on risk management, and risk analysis tools to reduce risks and cut costs.
• London Prepared [External website] - includes sections with advice to businesses, including on risk management and business continuity.
• The Association of Insurance and Risk Managers [External website]
• The Association of Local Authority Risk Managers (ALARM) [External website]
• The Institute of Risk Management [External website]

Training

• The Emergency Planning College (EPC) [External website] is the leading provider of training for emergency preparedness, attracting delegates with responsibility for preventing, planning for, responding to or recovering from a major incident. The EPC runs courses on risk management as well as other aspects of civil protection.
  • Risk Management 1 - Developing & Maintaining Emergency Risk Assessments [External website]
  • Risk Management 2 - Integrating & Communicating Emergency Risk [External website]
  • Risk Management 3 - Strategic Emergency Risk Management [External website]

Other Documents

You may also wish to refer to:

• HM Treasury: Management of Risk - Principles and Concepts (The Orange Book) - Broad based general guidance on the principles of risk management [External PDF, 52 pages, 473KB]
• Cabinet Office Strategy Unit report "Risk: Improving Government's capability to handle risk and uncertainty", November 2002 [External website]

Other Links

• Local Government Association (LGA) [External website] - The LGA promotes the interests of English and Welsh local authorities.

[return to top]