Accept Refuse

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52015XC0808(01)

Commission notice — Risk Management Capability Assessment Guidelines

OJ C 261, 8.8.2015, p. 5–24 (BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

8.8.2015   

EN

Official Journal of the European Union

C 261/5


COMMISSION NOTICE

Risk Management Capability Assessment Guidelines

(2015/C 261/03)

Table of Contents

1.

Introduction 5

2.

Scope and Objectives 6

2.1.

Scope of the Guidelines 6

2.2.

Objectives 6

3.

Methodology 6

3.1.

Actors and timelines 6

3.2.

Process 7

3.2.1.

Risk Assessment 7

3.2.2.

Risk Management Planning 7

3.2.3.

Implementing Risk Prevention and Preparedness Measures 7

3.3.

Role of the Guidelines 8

4.

Content of the Assessment 8

4.1.

Risk Assessment 8

4.2.

Risk Management Planning 11

4.3.

Implementing Risk Prevention and Preparedness Measures 14

5.

Summary 18

6.

List of references and relevant documents 23

1.   INTRODUCTION

In view of the significant increase in the number and severity of natural and man-made disasters in recent years, in large part due to climate change, and in a situation where future disasters will be more extreme and more complex with far-reaching and longer-term consequences, disaster prevention is of key importance to achieve a higher level of protection and resilience against disasters. It requires further action and an integrated approach to disaster risk management, linking risk prevention, preparedness and response actions.

Under the Decision on a Union Civil Protection Mechanism (‘the Decision’) (1), which entered into force on 1 January 2014, Member States agreed to carry out a number of disaster prevention actions, including the sharing of the ‘… assessment of their risk management capability at national or appropriate sub-national level every three years following the finalisation of the relevant guidelines’ (2). The Decision establishes that the Commission shall develop together with Member States guidelines ‘on the content, methodology and structure of these assessments’ (3).

The following Guidelines have therefore been prepared together with experts from Member States based on the new Decision and taking into account existing good practices in Member States, as well as recent experience in developing national risk assessments (4). The Guidelines also build on the findings of a workshop organised by the Italian Presidency of the Council in July 2014 and the subsequent Council Conclusions on the Assessment of Risk Management Capability (‘Council Conclusions’), adopted in October 2014 (5). Moreover, the Guidelines are informed by the Commission's Guidelines on national risk assessments for disaster management (‘Risk Assessment Guidelines’) (6).

The purpose of these Guidelines is to provide Member States with a non-binding comprehensive and flexible methodology that will assist them in the self-assessment of their risk management capability.

The Guidelines may be reviewed in light of the practical implementation experience in Member States.

2.   SCOPE AND OBJECTIVES

2.1.   Scope of the Guidelines

Risk management capability is defined in the Decision as ‘the ability of a Member State or its regions to reduce, adapt to or mitigate risks (impacts and likelihood of a disaster), identified in its risk assessments to levels that are acceptable in that Member State’.

It will be up to each Member State to consider what levels are acceptable in the specific context and for the different risks. This flexibility was introduced by the Decision to allow for the different situations in different Member States. However, what levels are acceptable is normally an implicit element in any capability assessment. With time and experience, some of the choices made in this regard may become more explicit in the national assessments. The Organisation for Economic Cooperation and Development (‘OECD’) recently recommended that methods be defined to support all stakeholder levels in determining acceptable levels of risk and that these methods and results be subject to transparent publication to raise awareness among all stakeholder groups (7).

The Decision specifies that a risk management capability is assessed in terms of the ‘technical, financial and administrative capacity’ of a Member State, either at national or the appropriate sub-national level, to carry out adequate (a) risk assessments; (b) risk management planning for prevention and preparedness; and (c) risk prevention and preparedness measures. The assessment of risk management capability therefore covers the whole risk management cycle.

Member States may assess risk management capabilities for individual risks or assess the overall risk management capability in a multi-risk approach. The Guidelines recommend covering natural and man-made disasters as set out in Article 1(2) of the Decision on a Union Civil Protection Mechanism.

2.2.   Objectives

The Guidelines have the following objectives:

(1)

to support Member States' authorities to further build up awareness about the strengths and potential weaknesses of their disaster management system, to identify good practices, and to initiate a process of improvement;

(2)

to contribute to the development and sharing of knowledge-based and evidence-based disaster management policies and practices among the relevant administrative levels in the Member States and across the different sectors and different but related policy competencies;

(3)

to facilitate cooperation in the efforts to manage risks among Member States in the context of the Union Civil Protection Mechanism and other relevant disaster management systems.

As stipulated by the Decision, the Commission will assist Member States in fulfilling these objectives in a number of ways, including facilitating the sharing of experiences on risk management capability and its assessment (8).

3.   METHODOLOGY

3.1.   Actors and timelines

Experience from Member States and other countries shows the advantages of coordination of the national risk management capability assessment by one entity. In particular, the appointment of a coordinating body to help steer the assessment can help ensure the application of a coherent methodology and foster the sharing of good practices. At the same time, the level of the assessment — either national or appropriate sub-national level — will be decided by each Member State on the basis of its own governance system.

Member States have agreed to undertake these assessments every three years with the first assessments due three years following the finalisation of the Guidelines. A regular assessment is important to ensure continuous improvement in risk management capability, including the identification of needs and ensuing implementation of relevant measures.

3.2.   Process

The assessment of risk management capability covers the whole risk management cycle, i.e. risk assessment, risk management planning for prevention and preparedness and the implementation of risk prevention and preparedness measures.

3.2.1.   Risk Assessment

In undertaking a risk assessment, the aim should be to reach a common understanding, with all relevant stakeholders, of the risks faced and their relative priority. The risks identified, assessed and prioritised in the risk assessment are the basis for the risk management planning and the successive implementation of risk prevention and preparedness measures (9). As recommended in the Risk Assessment Guidelines, Member States that carry out their national risk assessment process for the first time should concentrate on the most important risk scenarios (10).

3.2.2.   Risk Management Planning

Risk management planning can be carried out per individual risk or, in an integrated cross-sectorial or even multi-risk approach. The specific aim during the planning is to set out how each risk can be reduced, adapted to or mitigated in terms of impacts and likelihood by implementing selected prevention and preparedness measures (11). The planning would also need to indicate the required resources and timelines, and assign responsibilities, as appropriate.

Adequate measures will first have to be identified, prioritised and then selected in a decision-making process that sufficiently involves all relevant stakeholders, so as to secure a good understanding of the measures, their necessity and their priority, thus ensuring broad support. First indications on the methodology on how to identify and prioritise such measures are included in the Risk Assessment Guidelines in the section on ‘risk evaluation’ (12). Other examples that Member States may wish to consult include the Civil Defence Emergency Management (CDEM) Capability Assessment Tool developed by the Ministry of Civil Defence & Emergency Management of New Zealand (13), the Dutch National safety and security strategy, or the French Direction de la Défense et de la Sécurité Civile, ORSEC (14)Organisation de la Réponse de Sécurité Civile. A more complete list of good practices is available on the EU's Climate-Adapt platform (15). Expanding the list of good practices and examples over time could contribute to the assessment process.

Methodologies for risk management planning at national or sub-national level will need to be tailored to the needs and governance structures of Member States. This may include a risk management plan for each or all combined risks, which breaks down the main risks into actionable operations — i.e. prevention and preparedness measures — to reduce, adapt to or mitigate the identified risks to acceptable levels. This may also include a comparison of different measures with respect to their net beneficial impact and the costs to implement them.

It is important that the planning process identifies and leads to a selection of suitable and concrete prevention and preparedness measures for implementation. This would draw on the results of the risk assessment.

3.2.3.   Implementing Risk Prevention and Preparedness Measures

Under the third dimension of the risk management capability assessment, Member States should assess their ability to implement the measures identified in the risk management planning. The implementation includes the allocation of responsibilities and resources, the monitoring duties, as well as an evaluation and lessons learned process.

3.3.   Role of the Guidelines

The Guidelines propose a methodology for the assessment that is not exhaustive and will need to be adapted to the needs of each Member State. They should be seen as a common starting point and foster a common understanding of the elements that the national risk management capability assessment should include.

The risk management capability assessment should start with a detailed (qualitative and where relevant quantitative) description of the disaster risk management cycle. The questions listed in Section 4 are designed to guide Member States' national or sub-national entities in assessing their own risk management capability on the basis of a set of administrative, technical and financial capacity criteria. When answering these key questions, it is important to cover in qualitative and as far as possible also in quantitative terms the situation, which needs were identified and which measures have been or can be taken.

It is important to not only carry out an assessment of the generic administrative, technical and financial capacity to adequately assess the three dimensions of the disaster management cycle, but to also assess the capability in light of the prioritised risks (including risks identified in the course of the national risk assessment process) in order to achieve a realistic assessment of the management of concrete risks.

The assessment of the risk management capability could be summarised with the help of the template outlined in Section 5, which was designed to provide a brief overview of the self-assessment of the disaster risk management capability.

4.   CONTENT OF THE ASSESSMENT

In line with the Decision, the assessment at national and/or appropriate sub-national level should include three sections — risk assessments, risk management planning, and implementing risk prevention and preparedness measures. Each section should focus on a set of elements related to administrative, technical and financial capacities, such as the framework, coordination, expertise, stakeholders, information and communication, methodology, infrastructure, equipment and financing.

4.1.   Risk Assessment

This section provides a set of questions, which covers the administrative, technical and financial capacities to carry out risk assessments.

For the assessment of the administrative capacity it is important to concentrate on the existence of a relevant framework, the allocation of competencies and responsibilities, the existence of required expertise, the extent of the involvement of external stakeholders and communication.

For the assessment of the technical capacity it is important to focus on assessing the use of appropriate methodology and infrastructure. Carrying out a comprehensive risk assessment could also include covering the cross-border and cross-sectorial dimensions of risk when relevant, as well as the impact on infrastructure.

For the assessment of the financial capacity it is important to focus on assessing the availability of financial resources.

Sufficiently detailed answers to each question would include explanations about what, how and when risk assessments are carried out, as well as data, figures and references as adequate and available.

Framework

Risk assessments should be defined and be part of an overall framework.

Question 1: Does the risk assessment fit within an overall framework?

Explanation: Clarify whether this framework is legal or procedural, and whether it is defined at national and/or at an appropriate sub-national level.

Coordination

A risk management structure assigns clear responsibilities to all entities involved in the risk assessment so that overlaps or mismatches between responsibility and capability are avoided.

Question 2: Are clearly defined responsibilities and roles/functions assigned to the entities participating in the risk assessment?

Explanation: Describe on which basis responsibilities for the risk assessment are distributed within the administration, if this basis or the corresponding procedures are documented in writing (e.g. in legal texts), if overlaps or needs exist, how these are addressed.

Question 3: Are the responsibilities to assess specific risks allocated to the most relevant entities?

Explanation: Describe the process how the relevant entities are involved the risk assessment, how the responsibility or ownership to deal with specific risks following the risk assessment is ensured.

Question 4: Has the cross-sectorial dimension of risks been integrated in the risk assessments?

Explanation: Describe which risks assessed include a cross-sectorial and multi risk dimension and to what extent this is included in defining the risk scenario. Where relevant describe the nature of their cooperation with other national and/or appropriate sub-national authorities in carrying out these risk assessments.

Expertise

The experts carrying out the risk assessment should have the necessary competencies and responsibilities and received adequate training to carry out the risk assessment.

Question 5: Is the distribution of responsibilities for the assessment of the risks regularly reviewed?

Explanation: Describe which entities or departments participate in the risk assessment, how they are identified/selected, which competencies are considered when the responsibilities are distributed.

Question 6: Are the experts responsible for the risk assessment(s) adequately informed, trained and experienced in the assessment of risks?

Explanation: Describe if and what kind of training is available for experts, the level of experience of experts, and which technical expertise and tools are used and considered necessary in carrying out risk assessments.

Other Stakeholders

The capability to assess risks depends increasingly on the involvement of various public and private stakeholders. Entities carrying out risk assessments may cooperate with a range of stakeholders, including from the private sector, academia and other government entities not directly involved in the assessment process.

Question 7: Are relevant stakeholders involved in the risk assessment process?

Explanation: Describe the range of relevant stakeholders involved in the risk assessment process. These can include academia, research organisations, the private sector, as well as government authorities not directly contributing to the assessment process, including from other Member States or international organisations. Member States could underline any lessons learnt that could be shared.

Information & Communication

The assessment of risks requires effective information and communication systems. Understanding the required administrative capacity to communicate the results of risk assessments and its relevance to an overall risk communication strategy can help improve information sharing, data sharing and communication with relevant stakeholders.

Question 8 Is the necessary administrative capacity available to communicate the results of risk assessments to the public?

Explanation: Detail how the communication with citizens on the dissemination of risk assessment results is organised.

Question 9 Is the necessary administrative capacity available to communicate internally the results of risk assessments, including scenarios, lessons learnt, etc.?

Explanation: Describe how the information flow is organised between different public authorities and different levels of administration.

Question 10: Are the results of risk assessments integrated in a risk communication strategy?

Explanation: Describe how the dissemination of risk assessment results available to the public is included in a national and/or sub-national risk communication strategy.

Methodology

Question 11: Has the national or sub-national entity developed a methodology for risk assessment? Is this methodology laid down or published and what are the key elements of this methodology?

Explanation: Describe the national or sub-national approach to risk assessment (risk-by-risk, scenarios, real life examples, generic), describe the methodology used to analyse possible impacts, the methodology to calculate probabilities, the considerations or methodology to prioritise and to discard risks, describe if risk assessments are reviewed and within which time frame, if the methodology is compiled in a document, if the risk assessment methodology is disclosed and to whom, if any of the information in the risk assessment is accessible to the public.

Question 12: Has the cross-border dimension of risks been integrated in the risk assessments?

Explanation: Describe which risks assessed include a cross-border dimension and the extent to which this cross-border dimension is included in the risk assessment (e.g. scenario building). Where relevant, Member States could describe the nature of their cooperation with other Member States in carrying out risk assessments with a cross-border dimension.

Question 13: Is infrastructure included in the assessment of risks?

Explanation: Identify which types of critical (both national and European) infrastructure is included in the development of scenarios and the assessment of the risks. These can include, inter alia, roads, buildings, dams, rails, bridges, satellites, underground systems, cables, hospitals, shelter facilities.

Information and communication technology

Question 14: Is relevant ICT infrastructure available to carry out risk assessments?

Explanation: Describe what kind of infrastructure is available to carry out the risk assessments, which can include ICT tools, satellites, etc. Member States could describe ongoing research for the development of new ICT infrastructure to support the assessment of risks. In the event that infrastructure is shared with other countries, Member States could also describe the type of cooperation in place (e.g. satellite imagery).

Question 15: Is appropriate information and data (including historical data) available to carry out risk assessments?

Explanation: Describe what sources of information and data are used and whether databases exist to carry out risk assessments. Member States could describe new developments which are under way to improve the collection of data and information.

Financing

Financing comprises the overall identification, estimation and reservation of funds required to carry out and update risk assessments.

Question 16: Is the appropriate financial capacity available to carry out and update work on risk assessments?

Explanation: Describe if financial resources are available to develop risk assessments and ensure the update of existing assessments.

4.2.   Risk Management Planning

This section provides a set of questions, which covers administrative, technical and financial capacities to do risk management planning.

For the assessment of the administrative capacity, it is important to concentrate on the coordination of the process, the existence of required expertise, the existence of relevant methodologies, the extent of the involvement of external stakeholders and communication.

For the assessment of the technical capacity, it is important to focus on assessing the use of appropriate equipment.

For the assessment of the financial capacity, it is important to focus on assessing the availability of financial resources.

Sufficiently detailed answers to each question would include explanations about what was done, how it was done, when it was done as well as data, figures and references as adequate and available.

Coordination

A risk management structure assigns clear responsibilities to all those involved in the risk management planning, so that overlaps or mismatches between responsibility and capability are avoided.

Question 17: Are clearly defined responsibilities and roles/functions assigned to the entities participating in the planning of risk prevention and preparedness measures?

Explanation: Describe on which basis responsibilities for the planning process are distributed within the administration, if this basis or the corresponding procedures are documented in writing (e.g. in legal texts), if overlaps or needs exist, how these are addressed, and if the cross-sectorial dimension is covered.

Question 18: Are the responsibilities to plan for specific risks ensured and regularly assessed?

Explanation: Describe how the responsibility to plan for specific risks is ensured, if there is a process in place to assess the allocation of responsibilities for specific risks.

Expertise

Methodologies for workforce planning should be in place so that optimal staffing is ensured. The experts tasked to carry out the risk management planning should have the necessary information and receive adequate training.

Question 19: Are sufficient experts available to carry out the planning of prevention and preparedness measures based on the identified risks in the risk assessment?

Explanation: Describe which entities or departments participate in the planning process, how they are identified/selected, if the staffing is considered to be adequate.

Question 20: Is there effective training available for the experts at different levels responsible for the planning of prevention and preparedness measures?

Explanation: Describe if and what kind of training is available for experts carrying our planning activities.

Question 21: Are the experts involved in the planning of prevention and preparedness measures informed about the overall policy objectives/priorities related to disaster risk management?

Explanation: Describe if a risk management strategy is in place and if yes, how the objectives, priorities or processes are communicated to the experts involved in planning of prevention and preparedness measures.

Question 22: Is there a process in place to ensure that the knowledge of experts tasked with the planning of prevention and preparedness measures is preserved and further developed?

Explanation: Describe how knowledge is shared among the experts involved in the planning process, how it is ensured that knowledge is preserved.

Methodology

The national or sub-national entity should have developed a methodology to carry out risk management planning for expected impacts of identified risks which are assessed according to a methodology developed and accordingly prioritised.

Question 23: Do the different responsible entities have methodologies developed for risk management planning? What are the key elements of these methodologies?

Explanation: Describe the national or sub-national approaches to planning, describe the methodologies used to develop prevention and preparedness measures and to analyse their possible impacts on risk mitigation.

Question 24: Do methodologies for risk management planning include the identification of infrastructure relevant for the mitigation of identified risks?

Explanation: Describe how relevant infrastructure is identified, how its condition with view to the mitigation of risks is assessed, if a list of relevant infrastructure is compiled and regularly reviewed, if investment needs are identified.

Other Stakeholders

The capability to manage risk increasingly depends on the involvement of and cooperation with various public and private stakeholders, such as disaster risk management agencies, health services, fire services, police forces, transportation/electricity/communication operators, voluntary organisations, citizens/volunteers, scientific experts, the armed forces, or organisations in other Member States.

Question 25: Are the relevant public and private stakeholders informed and involved in the planning process?

Explanation: Describe the approach to public/private stakeholder involvement, which kind of stakeholders contribute to the planning process and any lessons learnt that could be shared.

Question 26: Are any of the risks identified in the risk assessments shared with public or private companies, and if so, how is it ensured that the planning of prevention and preparedness measures by the public and these companies is encouraged?

Explanation: Describe the interaction with partner organisations in the planning process, if and which agreements are in place to encourage sufficient quality, how do the prevention and preparedness measures planned by these organisations indeed contribute to the expected risk mitigation.

Question 27: Are the national or sub-national entities involved in cross-border planning of prevention and preparedness measures?

Explanation: Describe in which cross-border planning actions these entities recently participated, if concrete arrangements for further cooperation resulted from this joint planning process (e.g. memoranda of understanding or service level agreements) as well as any experiences or lessons learnt that could be shared.

Information & Communication

The management of complex risks requires effective information and communication systems for risk management planning of the prevention and preparedness measures. National or sub-national entities therefore need to ensure that they have rules and procedures in place that allow for information sharing, data sharing and communication with various stakeholders.

Question 28: Are relevant stakeholders, including citizens, informed about the key elements of risk management planning?

Explanation: Describe how the information flow between different public and private stakeholders and between different levels of the administration is organised to ensure that the relevant stakeholders are aware and able to contribute their knowledge. Member States could also detail how the communication with citizens on the planning of certain prevention and preparedness measures is organised and any lessons learnt that could be shared.

Equipment

The part of the technical capacity assessment evaluates if equipment necessary to plan prevention and preparedness measures is available. This could be software tools to support the planning process.

Question 29: Are equipment and tools needed to support and/or carry out the planning of prevention and preparedness measures available?

Explanation: Describe if and which equipment and tools are available, if there are any further needs, mismatches and/or overlaps.

Financing

Financing comprises the overall identification, estimation and reservation of funds regarded necessary to meet potential financial obligations from the management of risks (financing of prevention and preparedness measures) resulting from the prioritisation of risks. It also includes the participation of stakeholders in the financing of risk management where appropriate.

Question 30: As part of the planning process, are financing needs for the implementation of prevention and preparedness measures estimated and possible sources of financing identified?

Explanation: Describe if a methodology exists to estimate financing needs, which sources of financing are identified, if European funding will be or was sought.

Question 31: As part of the planning process, are future investment plans and the possible role of private sector financing considered?

Explanation: Describe if and how the planning process helps to identify future investment priorities, how far private organisations are involved in this process, if cooperation with the private sector is sought for the financing of prioritised investments.

Question 32: As part of the planning process, are procedures or plans identified or established ahead to ensure financing is in place for the prevention and preparedness measures needed to mitigate the identified risks?

Explanation: Describe how budgetary and legal questions related to flexible resource allocation are treated in the planning process, if concrete measures are taken or launched that allow for flexibility, if legal or political barriers to such an approach exist.

4.3.   Implementing Risk Prevention and Preparedness Measures

This section provides a set of questions, which cover administrative, technical and financial capacities to carry out prevention and preparedness measures.

For the assessment of the administrative capacity, it is important to concentrate on the existence of relevant strategy, policy and methodologies, the existence of required expertise, the coordination of the process, the extent of the involvement of stakeholders and communication and procedures in place.

For the assessment of the technical capacity, it is important to focus on assessing the use of appropriate infrastructure, equipment and supplies and the existence and appropriateness of technical expertise.

For the assessment of the financial capacity, it is important to focus on assessing the availability of financial resources.

Sufficiently detailed answers to each question would include explanations about what was done, how it was done, when it was done as well as data, figures and references as adequate and available.

Strategy/Policy/Methodology

The national or sub-national entities have developed approaches to carry out risk prevention and preparedness measures. Expected impacts of planned prevention and preparedness measures on risk reduction are assessed and measures accordingly prioritised and adapted.

Question 33: Is the implementation of prevention and preparedness measures linked to the risk management planning? Is it part of a strategy or policy and was a methodology defined?

Explanation: Describe the national or sub-national approach that links the planning process to the implementation of measures, describe how the implementation is carried out, how the resulting impacts on risk reduction, adaptation and mitigation are analysed and fed back into the planning and risk assessment work with due regard to coherence with existing prevention and preparedness measures on adaptation to climate change impacts where available.

Question 34: Are methods for damage and human loss reporting developed and are the costs of damages estimated, documented and stored?

Explanation: Describe which methods for damage and human loss reporting are developed, if this data is shared with stakeholders and citizens, if stakeholders contribute to the damage reporting and/or to the estimation of costs, if the damages are regularly or occasionally documented and stored, what time period is covered and if these reports are made available to the public.

Coordination

A risk management structure assigns clear responsibilities to all entities involved in the implementation of prevention and preparedness measures so that overlaps or mismatches between responsibility and capability are avoided.

Question 35: Are clearly defined responsibilities and roles/functions assigned to the entities participating in the implementation of risk prevention and preparedness measures?

Explanation: Describe on which basis responsibilities for the implementation process are distributed within the administration, if the corresponding procedures are documented in writing (e.g. in legal texts), if overlaps, further needs and/or mismatches exist, how these are addressed, and if the cross-sectorial dimension is covered.

Expertise

Methodologies for workforce planning are in place so that optimal staffing is ensured. Staff performance management tools are in place, which include regular reviews of training and development needs.

Question 36: Is the distribution of responsibilities of experts involved in the implementation of prevention and preparedness measures up to date and are sufficient resources available to implement prevention and preparedness measures based on the planning process?

Explanation: Describe which entities (e.g. departments, agencies) participate in the implementation of measures, how these entities are identified/selected, which competencies of personnel are considered when the responsibilities are distributed, if the staffing is considered to be adequate.

Question 37: Are the experts responsible for the implementation of prevention and preparedness measures adequately informed, trained, experienced?

Explanation: Describe if and what kind of training is available for staff involved in the implementation of measures, how often the persons involved have already been involved carrying out prevention and preparedness measures, how the objectives, priorities or processes have been communicated to the personnel involved in the implementation of prevention and preparedness measures.

Other Stakeholders

The capability to manage risk depends increasingly on the involvement of and cooperation with various public and private stakeholders, such as disaster management agencies, health services, fire-fighting units, police forces, transportation/electricity/communication operators, voluntary organisations, citizens/volunteers, scientific experts, the armed forces or organisations in other Member States (transnational risk management). Dealing with novel risks requires therefore the building of a response network that can mobilise all required capacities across a variety of stakeholders.

Question 38: Are the relevant stakeholders informed and involved in the implementation of prevention and preparedness measures?

Explanation: Describe the approach to public/private stakeholder's involvement or network management, which kinds of stakeholders contribute to the implementation of measures and any lessons learnt that could be shared.

Question 39: Is the national or sub-national entity involved in the implementation of cross-border measures for prevention and preparedness?

Explanation: Describe which cross-border prevention and preparedness measures are carried out, which other stakeholders are involved, if concrete arrangements for further cooperation resulted from the joint implementation of measures (e.g. memoranda of understanding or service level agreements) as well as any experiences or lessons learnt that could be shared.

Question 40: Is the implementation of prevention and preparedness measures by these public or private stakeholders done in sufficient quality to achieve the expected risk mitigation results?

Explanation: Are there agreements in place to encourage sufficient quality, how do the prevention and preparedness measures carried out by these organisations indeed contribute to the expected risk mitigation as well as any experiences that could be shared.

Procedures

Risk management needs to include the development of established processes in order to ensure the functioning of the risk management system. The implementation process of prevention and preparedness measures therefore needs to define procedures that contribute to the reduction of risk.

Question 41: Does the implementation of prevention and preparedness measures include the development of procedures for early warning, activation, dispatching, deactivation or monitoring?

Explanation: Describe if procedures are in place, how they work in practice, if standard operating procedures are developed, for which operation these procedures are developed, any lessons learnt that could be shared.

Information & Communication

The management of complex risks requires effective information and communication systems for the implementation of prevention and preparedness measures. National or sub-national entities therefore need to ensure that they have rules and procedures in place that allow for information sharing, data sharing and communication with relevant stakeholders including citizens at any time of the implementation of prevention and preparedness measures.

Question 42: Is the necessary information available and regularly exchanged inside the national or sub-national entity?

Explanation: Describe how the information flow between different public entities and between different levels of the administration is organised to ensure that the relevant services are aware and able to contribute their knowledge.

Question 43: Are communication strategies in place, including the use of various media tools (including social media) to effectively share information with citizens to increase awareness and to build trust and confidence?

Explanation: Detail how the information and communication with citizens before, during and after the implementation of measures is organised and any lessons learnt that could be shared.

Infrastructure including IT

This part of the technical capacity assessment evaluates if the infrastructure in place, such as roads, buildings, dams, rails, bridges, satellites, underground pipes, cables, hospitals, shelter facilities, early warning systems, etc. that is regarded as relevant for the mitigation of the identified risks fulfils certain security, safety or performance standards.

Question 44: Is the condition of the infrastructure relevant for the implementation of prevention and preparedness measures analysed?

Explanation: Describe how infrastructure that is critical with view to the mitigation of specific risks is identified, how its condition with view to the mitigation of risks is assessed, if a list of relevant infrastructure is compiled and regularly reviewed, if investment needs are identified, if the Member States have a critical infrastructure policy in place.

Equipment and Supplies

The part of the technical capacity assessment evaluates if the equipment for prevention and preparedness fulfils the required standards necessary to implement prevention and preparedness measures.

Question 45: Is there an inventory of available equipment needed to carry out the planned prevention and preparedness measures? Does the implementation of prevention and preparedness measures include the identification of possible equipment needs based on the existing inventory?

Explanation: Describe if an inventory of available equipment and its use is compiled and kept up to date. Describe if and which equipment needs are identified in the implementation process to adequately mitigate the risks addressed in the planning process, if an inventory of available equipment is compiled and analysed with view to its adequacy to discover additional needs or mismatches, which steps are taken to meet the needs.

Question 46: Are supply chain risks identified during the implementation of prevention and preparedness measures and were measures taken to reduce the risk of supply shortages?

Explanation: Describe if and which supply chain risks are identified, how the impact of these risks is analysed, if and which measures are taken to reduce these risks, if cross-border arrangements or cooperation agreements are concluded to reduce such risks.

Technical Expertise

The technical expertise comprises the skills available and the methodologies developed for the implementation of prevention and preparedness measures. Given that technical expertise is an intangible capacity, this requirement also necessitates the safeguarding of this capacity, be it through documentation or sharing and learning.

Question 47: Do the experts tasked with the implementation of prevention and preparedness measures have the necessary technical expertise to ensure the adequate implementation of the measures and is ensured that this knowledge is preserved and further developed?

Explanation: Describe which technical expertise is used and considered necessary to implement the prevention and preparedness measures, if and which technical tools are used for the implementation, if experts receive training to continuously update the knowledge to be able to adequately use the technical tools, how knowledge is shared among the persons involved in the implementation of prevention and preparedness measured, how professional development is encouraged.

Question 48: Do the experts tasked with the implementation of prevention and preparedness measures have the knowledge to apply procurement and logistics procedures to carry out these tasks and have the experts adequately been trained to apply these procedures?

Explanation: Describe how and which training is provided to build up or develop this expertise or any other measures in place that would help to acquire this knowledge.

Question 49: Do the experts tasked with the implementation of prevention and preparedness measures have the knowledge to do life cycle and surge capacity planning and are these methodologies applied to review the functioning of equipment and systems and to be able to increase capacity in the case of an emergency?

Explanation: Describe if these methods are applied with view to prevention and preparedness measures, if and which training is provided to build up or to develop this expertise or any other measures in place that would help to acquire this knowledge.

Financing of Implementation Measures

This requirement assesses if it is ensured that financial means are available and can be quickly accessed to finance likely emergency situations as identified in the risk assessment and planning.

Question 50: When carrying out prevention and preparedness measures needed to reduce, adapt to and mitigate the identified risks, are a budget, a legal base and procedures identified or established to plan ahead for flexible resource allocation?

Explanation: Describe how budgetary and legal questions related to flexible resource allocation are treated in the implementation process, if concrete measures are taken or launched that allow for flexibility, if mismatches or further needs, legal or political barriers to such an approach exist.

Question 51: Does the implementation of prevention and preparedness measures include the preparation of agreements with stakeholders that regulate the sharing of costs?

Explanation: Describe if any plans are in place regarding the sharing of the financial burden; if Member States approached stakeholders, which stakeholders are approached and if any agreements are sought or in place to cover these costs.

5.   SUMMARY

At the end of the assessment, Member States would have a good cross-sectorial overview of the different risks they would need to address, a view of the suitability and actual performance of the process of risk management planning, including the identification of appropriate prevention and preparedness measures, as well as a clear picture on the implementation processes of the relevant measures.

The following table may be used as a tool to provide a summary of the different components of national risk management capability assessment. The table would complement the assessment of risk management capability at national or appropriate sub-national level, which, in line with the Decision, Member States are to carry out and make available to the Commission every three years following the finalisation of these guidelines.

For each of the questions below, the appropriate level should be identified based on the following distribution of levels:

—   n/a: capacity not identified or not considered applicable to be developed,

—   (1): capacity considered applicable — work has not yet started,

—   (2): capacity identified — initial progress achieved,

—   (3): capacity implemented in key areas,

—   (4): capacity embedded and being improved,

—   Comments: further justification for the choice of level.

 

Questions

Levels

Comments

Risk Assessment

Question 1: Does the risk assessment fit within an overall framework?

n/a

(1)

(2)

(3)

(4)

 

Question 2: Are clearly defined responsibilities and roles/functions assigned to the relevant entities participating in the risk assessment?

n/a

(1)

(2)

(3)

(4)

 

Question 3: Are the responsibilities to assess specific risks allocated to the most relevant entities?

n/a

(1)

(2)

(3)

(4)

 

Question 4: Has the cross-sectorial dimension of risks been integrated in the risk assessments?

n/a

(1)

(2)

(3)

(4)

 

Question 5: Is the distribution of responsibilities for the assessment of the risks regularly reviewed?

n/a

(1)

(2)

(3)

(4)

 

Question 6: Are the experts responsible for the risk assessment(s) adequately informed, trained and experienced in the assessment of risks?

n/a

(1)

(2)

(3)

(4)

 

Question 7: Are relevant stakeholders involved in the risk assessment process?

n/a

(1)

(2)

(3)

(4)

 

Question 8: Is the necessary administrative capacity available to communicate the results of risk assessments to the public?

n/a

(1)

(2)

(3)

(4)

 

Question 9 Is the necessary administrative capacity available to communicate internally the results of risk assessments, including scenarios, lessons learnt, etc.?

n/a

(1)

(2)

(3)

(4)

 

Question 10: Are the results of risk assessments integrated in a risk communication strategy?

n/a

(1)

(2)

(3)

(4)

 

Question 11: Has the national or sub-national entity developed a methodology for risk assessment? Is this methodology laid down or published and what are the key elements of this methodology?

n/a

(1)

(2)

(3)

(4)

 

Question 12: Has the cross-border dimension of risks been integrated in the risk assessments?

n/a

(1)

(2)

(3)

(4)

 

Question 13: Is infrastructure included in the assessment of risks?

n/a

(1)

(2)

(3)

(4)

 

Question 14: Is relevant ICT infrastructure available to carry out risk assessments?

n/a

(1)

(2)

(3)

(4)

 

Question 15: Is appropriate information and data (including historical data) available to carry out risk assessments?

n/a

(1)

(2)

(3)

(4)

 

Question 16: Is the appropriate financial capacity available to carry out and update work on risk assessments?

n/a

(1)

(2)

(3)

(4)

 

Risk Management Planning

Question 17: Are clearly defined responsibilities and roles/functions assigned to the entities participating in the planning of risk prevention and preparedness measures?

n/a

(1)

(2)

(3)

(4)

 

Question 18: Are the responsibilities to plan for specific risks ensured and regularly assessed?

n/a

(1)

(2)

(3)

(4)

 

Question 19: Are sufficient experts available to carry out the planning of prevention and preparedness measures based on the identified risks in the risk assessment?

n/a

(1)

(2)

(3)

(4)

 

Question 20: Is there effective training available for the experts at different levels responsible for the planning of prevention and preparedness measures?

n/a

(1)

(2)

(3)

(4)

 

Question 21: Are the experts involved in the planning of prevention and preparedness measures informed about the overall policy objectives/priorities related to disaster risk management?

n/a

(1)

(2)

(3)

(4)

 

Question 22: Is there a process in place to ensure that the knowledge of experts tasked with the planning of prevention and preparedness measures is preserved and further developed?

n/a

(1)

(2)

(3)

(4)

 

Question 23: Do the different responsible entities have methodologies developed for risk management planning? What are the key elements of these methodologies?

n/a

(1)

(2)

(3)

(4)

 

Question 24: Do methodologies for risk management planning include the identification of infrastructure relevant for the mitigation of identified risks?

n/a

(1)

(2)

(3)

(4)

 

Question 25: Are the relevant public and private stakeholders informed and involved in the planning process?

n/a

(1)

(2)

(3)

(4)

 

Question 26: Are any of the risks identified in the risk assessments shared with public or private companies, and if so, how is it ensured that the planning of prevention and preparedness measures by the public and these companies is encouraged?

n/a

(1)

(2)

(3)

(4)

 

Question 27: Are the national or sub-national entities involved in cross-border planning of prevention and preparedness measures?

n/a

(1)

(2)

(3)

(4)

 

Question 28: Are relevant stakeholders, including citizens, informed about the key elements of risk management planning?

n/a

(1)

(2)

(3)

(4)

 

Question 29: Are equipment and tools needed to support and/or carry out the planning of prevention and preparedness measures available?

n/a

(1)

(2)

(3)

(4)

 

Question 30: As part of the planning process, are financing needs for the implementation of prevention and preparedness measures estimated and possible sources of financing identified?

n/a

(1)

(2)

(3)

(4)

 

Question 31: As part of the planning process, are future investment plans and the possible role of private sector financing considered?

n/a

(1)

(2)

(3)

(4)

 

Question 32: As part of the planning process, are procedures or plans identified or established ahead to ensure financing is in place for the prevention and preparedness measures needed to mitigate the identified risks?

n/a

(1)

(2)

(3)

(4)

 

Implementation of prevention and preparedness measures

Question 33: Is the implementation of prevention and preparedness measures linked to the risk management planning? Is it part of a strategy or policy and was a methodology defined?

n/a

(1)

(2)

(3)

(4)

 

Question 34: Are methods for damage and human loss reporting developed and are the costs of damages estimated, documented and stored?

n/a

(1)

(2)

(3)

(4)

 

Question 35: Are clearly defined responsibilities and roles/functions assigned to the entities participating in the implementation of risk prevention and preparedness measures?

n/a

(1)

(2)

(3)

(4)

 

Question 36: Is the distribution of responsibilities of experts involved in the implementation of prevention and preparedness measures up to date and are sufficient resources available to implement prevention and preparedness measures based on the planning process?

n/a

(1)

(2)

(3)

(4)

 

Question 37: Are the experts responsible for the implementation of prevention and preparedness measures adequately informed, trained, experienced?

n/a

(1)

(2)

(3)

(4)

 

Question 38: Are the relevant stakeholders informed and involved in the implementation of prevention and preparedness measures?

n/a

(1)

(2)

(3)

(4)

 

Question 39: Is the national or sub-national entity involved in the implementation of cross-border measures for prevention and preparedness?

n/a

(1)

(2)

(3)

(4)

 

Question 40: Is the implementation of prevention and preparedness measures by these public or private stakeholders done in sufficient quality to achieve the expected risk mitigation results?

n/a

(1)

(2)

(3)

(4)

 

Question 41: Does the implementation of prevention and preparedness measures include for example the development of procedures for early warning, activation, dispatching, deactivation or monitoring?

n/a

(1)

(2)

(3)

(4)

 

Question 42: Is the necessary information available and regularly exchanged inside the national or sub-national entity?

n/a

(1)

(2)

(3)

(4)

 

Question 43: Are communication strategies in place, including the use of various media tools (including social media) to effectively share information with citizens to increase awareness and to build trust and confidence?

n/a

(1)

(2)

(3)

(4)

 

Question 44: Is the condition of the infrastructure relevant for the implementation of prevention and preparedness measures analysed?

n/a

(1)

(2)

(3)

(4)

 

Question 45: Is there an inventory of available equipment needed to carry out the planned prevention and preparedness measures? Does the implementation of prevention and preparedness measures include the identification of possible equipment needs based on an existing inventory?

n/a

(1)

(2)

(3)

(4)

 

Question 46: Are supply chain risks identified during the implementation of prevention and preparedness measures and were measures taken to reduce the risk of supply shortages?

n/a

(1)

(2)

(3)

(4)

 

Question 47: Do the experts tasked with the implementation of prevention and preparedness measures have the necessary technical expertise to ensure the adequate implementation of the measures and is ensured that this knowledge is preserved and further developed?

n/a

(1)

(2)

(3)

(4)

 

Question 48: Do the experts tasked with the implementation of prevention and preparedness measures have the knowledge to apply procurement and logistics procedures to carry out these tasks and have the experts adequately been trained to apply these procedures?

n/a

(1)

(2)

(3)

(4)

 

Question 49: Do the experts tasked with the implementation of prevention and preparedness measures have the knowledge to do life cycle and surge capacity planning and are these methodologies applied to review the functioning of equipment and systems and to be able to increase capacity in the case of an emergency?

n/a

(1)

(2)

(3)

(4)

 

Question 50: When carrying out prevention and preparedness measures needed to reduce, adapt to and mitigate the identified risks, are a budget, a legal base and procedures identified or established to plan ahead for flexible resource allocation?

n/a

(1)

(2)

(3)

(4)

 

Question 51: Does the implementation of prevention and preparedness measures include the preparation of agreements with stakeholders that regulate the sharing of costs?

n/a

(1)

(2)

(3)

(4)

 

6.   LIST OF REFERENCES AND RELEVANT DOCUMENTS

A Simple Guide to Risk and its Management, Broadleaf Capital International PTY Ltd, 2012 (based on ISO 31000:2009)

http://broadleaf.com.au/old/pdfs/trng_tuts/Tut_Simple_Guide_to_Risk_v11.pdf

An overview of the EFQM Excellence Model, EFQM, Brussels; The model can be used to assess an organisation's current capabilities

http://www.efqm.org/

Best Practices on Flood Prevention and Mitigation, presented at the meeting of the Water Directors in Athens in June 2003, prepared by The Netherlands and France (an update of the United Nations and Economic Commission for Europe (UN/ECE) Guidelines on Sustainable Flood Prevention of 2000)

http://ec.europa.eu/environment/water/flood_risk/pdf/flooding_bestpractice.pdf

Civil Defence Emergency Capability Assessment Tool v. 4.2 (final) — CDEM Capability Assessment Tool, based on the National CDEM Strategy of New Zealand, Excel tool focusing on organisational capability covering questions of compliance, performance and outcomes

http://www.civildefence.govt.nz/cdem-sector/monitoring-and-evaluation/cdem-capability-assessment-tool-/

Core Capabilities Crosswalk, U.S. Department of Homeland Security, Federal Emergency Management Agency (FEMA), update: June 2013

http://www.fema.gov/core-capabilities

Council Conclusions of 26 April 2010, Council Document 7788/10. The EU Internal Security Strategy in Action: Five steps towards a more secure Europe, COM(2010) 673 of 22.11.2010

Council Conclusions of 26 September on the Assessment of Risk Management Capability (13375/14)

Department of Homeland Security Risk Lexicon, Risk Steering Committee/USA, September 2010

https://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf

Council Directive 96/82/EC of 9 December 1996 on the control of major accident hazards involving dangerous substances (OJ L 10, 14.1.1997, p. 13)

Directive 2000/60/EC of the European Parliament and of the Council of 23 October 2000 establishing a framework for Community action in the field of water policy (OJ L 327, 22.12.2000, p. 1)

Directive 2007/60/EC of the European Parliament and of the Council of 23 October 2007 on the assessment and management of flood risks (OJ L 288, 6.11.2007, p. 27)

Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection (OJ L 345, 23.12.2008, p. 75)

Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC (OJ L 197, 24.7.2012, p. 1)

Emergency Management Planning Guide 2010-2011, Public Safety Canada, 2010

http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-pnnng/index-eng.aspx

EN Eurocodes are a series of 10 European Standards, EN 1990-EN 1999, providing a common approach for the design of buildings and other civil engineering works and construction products

http://eurocodes.jrc.ec.europa.eu/home.php

European Commission: Impact Assessment Guidelines, SEC(2009) 92

http://ec.europa.eu/smart-regulation/impact/commission_guidelines/commission_guidelines_en.htm

European Commission: Overview of natural and man-made disaster risks in the EU, European Commission, SWD (2014) 134 final of 8.4.2014

European Commission: A Community approach on the prevention of natural and man-made disasters, Communication COM(2009) 82 final of 23.2.2009

Guidance on Implementing the Capacity Development Provisions of the Safe Drinking Water Act amendments of 1996, United Environmental Protection Agency, USA, July 1998

http://www.epa.gov/ogwdw/smallsystems/pdfs/guidfin.pdf

Guide ORSEC Départemental, Direction générale de la sécurité civile et de la gestion des crises

http://www.interieur.gouv.fr/Le-ministere/Securite-civile/Documentation-technique/Planification-et-exercices-de-Securite-civile

ISO 22300:2012 Societal Security — Terminology

http://www.iso.org/iso/catalogue_detail.htm?csnumber=56199

ISO/CD 22325 Societal Security: Emergency management — Guidelines for emergency management capability assessment (for businesses)

ISO/IEC/FDIS International Standard 31010: Risk Management — Risk Assessment Techniques (2009)

ISO International Standard 31000 (2009): Risk Management — Principles and Guidelines

Methode für die Risikoanalyse im Bevölkerungsschutz, Bundesamt für Bevölkerungsschutz und Katastrophenhilfe, Wissenschaftsforum Band 8, 2010

http://www.bbk.bund.de/SharedDocs/Downloads/BBK/DE/Publikationen/Wissenschaftsforum/Bd8_Methode-Risikoanalyse-BS.pdf?__blob=publicationFile

OECD Risk Management, OECD Working Papers on Public Governance No 23 prepared by Charles Baubion, 2013

http://www.oecd-ilibrary.org/governance/oecd-working-papers-on-public-governance_19934351

OECD Reviews of Risk Management Policies, Italy — Review of the Italian National Civil Protection System, OECD, 2010

http://www.oecd.org/italy/oecdreviewsofriskmanagementpoliciesitaly.htm

OECD Recommendations of the Council on the Governance of Critical Risks, Meeting of the OECD Council at Ministerial Level, Paris, 6-7 May 2014

http://www.oliverwyman.com/content/dam/oliver-wyman/global/en/2014/may/OECD%20-%20Recommendations%20on%20the%20governance%20of%20critical%20risks%20-%202014.pdf

Risk Management Assessment Framework — A tool for departments, HM Treasury, UK, July 2009, a tool for assessing the standard of risk management in an organisation based on the EFQM excellence model

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/191516/Risk_management_assessment_framework.pdf

UNISDR Terminology on Disaster Risk Reduction, United Nations 2009

http://www.unisdr.org/we/inform/terminology


(1)  Decision No 1313/2013/EU of the European Parliament and of the Council of 17 December 2013 on a Union Civil Protection Mechanism (OJ L 347, 20.12.2013, p. 924).

(2)  Ibid, Article 6(c).

(3)  Ibid, Article 5(f).

(4)  See Overview of natural and man-made disaster risk in the EU, SWD(2014) 134 final of 8.4.2014.

(5)  13375/14.

(6)  Commission Risk Assessment and Mapping Guidelines for Disaster Management, SEC(2010) 1626 final of 21.12.2010.

(7)  Organisation for Economic Cooperation and Development, ‘Boosting Resilience through Innovative Risk Governance’, OECD Reviews of Risk Management Policies, 2014, pp. 48-51, ISBN 978-92-64-20910-7.

(8)  This could include bringing together an international group of experts which can support the assessment at all stages of the process as well as Peer Review Programme through which Member States can learn from each other in managing disaster risks.

(9)  The impact of hazards depends in part on the existing mitigation and prevention measures. The risk assessment takes into account existing measures for assessing the impact, likelihood and priority of risks.

(10)  SEC(2010), 1626 final of 21.12.2010, p. 29.

(11)  The planning should take into account plans elaborated for sectorial risks, for instance the Flood Risk Management Plans under the Floods Directive (Directive 2007/60/EC).

(12)  Page 30 of the Risk Assessment Guidelines.

(13)  http://www.civildefence.govt.nz/cdem-sector/monitoring-and-evaluation/cdem-capability-assessment-tool-/

(14)  Guide ORSEC Départemental, Direction générale de la sécurité civile et de la gestion des crises, http://www.interieur.gouv.fr/Le-ministere/Securite-civile/Documentation-technique/Planification-et-exercices-de-Securite-civile

(15)  http://climate-adapt.eea.europa.eu/data-and-downloads?searchtext=&searchsectors=DISASTERRISKREDUCTION&searchtypes=ACTION#


Top