The UK’s National Risk Register (NRR) needs to be anchored in an improved risk management system, according to the former head of the Joint Terrorism Analysis Centre, Suzanne Raine.
Writing an opinion piece for the Royal United Services Institute for Defence and Security Studies (RUSI), Raine suggested that the 2020 NRR is a reasonably exhaustive list of bad things that could be done to us, by someone else, by ourselves or by nature. Three of these – serious and organised crime, disinformation and hostile state activity – are new additions.
However, Rained commented, It does not include threats to plans and opportunities, or the risks to the achievement of the country’s goals:
“It is not clear under current arrangements what the mechanism is by which the UK can measure the risks to and impacts on its ambitions, and through identification take the first step to addressing them. When the Integrated Review is produced, it ought to be possible to translate this into a set of strategic aims, and then to work out what would thwart them.”
“If this missing half of the risk register were developed, it might usher in a genuinely new era of coherent and collaborative cross-departmental effort.”
Raine also focused on the role of the Civil Contingencies Secretariat, asking whether it could it be made more efficient, more decisive, with better command and control and better information flows.
“The creation of a National Situation Centre in the Cabinet Office may be a step in the right direction, but it is really only half a step,” she said.
“Although it includes a welcome emphasis on situational awareness, it still seems to be focused on crisis response and ‘data-led analysis’ to ‘drive evidence-informed action’ and ‘data-driven decision-making’. Sometimes, paradoxically, too much data leads to a lack of clarity. Data is not the answer unless you have a comprehensive assessment system to turn it into understanding. If you wait for evidence you will fail to anticipate. Data has a role to play as an input into a risk-assessment process, but the judgement and instinct of analysts who track the risk 24/7 is the critical component.”
She added that a national risk-management system will only work if the gap in the centre is filled, calling for the creation of a central risk assessment function in the Cabinet Office which coordinates the assessment and analysis across all risks and has a formal role in signalling when risks are changing in real time, not as part of a periodic review:
“The creation of a central risk assessment function to match the NRR would require investment in building assessment capability and training of its professional analysts. This would be money well spent: the better the situational awareness and anticipation, the better the decisions and the less need for costly damage limitation.”
“It would require some radical reshaping and breaking down of vested interests. But it just might work. And if it enabled the UK to be alert and ready for whatever happens next, it would be worth it.”