Assess the impacts of risks happening

The impact could lead to:

• severely compromising multiple strategic objectives of the organisation
• severely compromising whole programme or sub-project outcomes or benefits
• severe ongoing impact on service delivery across multiple organisations
• severe political or reputational damage to the Minister, NZ government or multiple organisations
• a serious breach of laws or litigation against the NZ government
• costing large amounts of extra resources, financial or human, and changing the organisation’s work and risk priorities.

The impact could lead to:

• significantly compromising multiple strategic objectives of the organisation
• significantly compromising whole programme or sub-project outcomes or benefits
• significant ongoing impact on service delivery across multiple organisations
• significant political or reputational damage to the NZ government or multiple organisations — damage to the Minister’s reputation or political situation is a severe impact
• a significant breach of laws or litigation against the NZ government or multiple organisations
• costing significant extra resources, financial or human, and changing the organisation’s work and risk priorities.

The impact could lead to:

• moderately compromising a strategic objective of the organisation
• moderately compromising whole programme or sub-project outcomes
• moderate impact on work delivery across the NZ government or border protection agencies
• moderate political or reputational damage to the NZ government or multiple agencies
• being managed with modest amounts of extra resources, financial or human, and some changes to the organisation’s planning
• the Minister needing to be briefed
• litigation against 1 or more organisations.

The impact could lead to:

• a minor impact on work delivery across the organisation
• a minor impact on a strategic objective of the organisation
• its management being handled by current resources, financial or human, with some changes to the organisation’s planning
• needing to brief key stakeholders.

The impact could lead to:

• no real effect on the outcomes of the organisation
• no real effect on a strategic objective of the organisation
• being able to absorb the impact without it affecting the organisation’s capacity or capability
• no impact on any stakeholder.

Reputation

• The organisation suffers severe political or reputational damage that it cannot easily recover from.
• The NZ government suffers severe negative impact to its reputation and the Prime Minister loses confidence in the Minister or the government organisation’s senior management.
• The Minister and Chief Executive need to be briefed and regularly updated.
• Media interest is sustained for more than a week with major criticism levelled at the Minister or the government organisation.
• The government organisation breaches multiple laws, which leads to legal action from the affected stakeholders.
• An external, independent investigation is commissioned by either the Public Service Commission (PSC), Government Chief Digital Officer (GCDO) or Office of the Privacy Commissioner.
• The PSC and GCDO manage the communications and recovery.

Health and safety

• Loss of life.
• A major health and safety incident involving members of staff or the public.
• Those who are hurt suffer major injuries with long-term effects that leave them permanently affected.
• An external authority investigates the government organisation’s safety practices, which are found to be negligent.

Service delivery

• Severe compromise of the government organisation’s goals.
• Severe compromise of the strategic objectives of the NZ government or other organisations.
• Severe ongoing impact on service delivery across the NZ government or multiple organisations.
• Skills shortages severely affect the ability of the organisation to meet its strategic objectives and goals.
• The organisation’s work hours for staff are increased by more than 50%, 20 hours per week, for more than 30 days.
• Staff turnover increases by 10% or more in a 6-month period and it can be directly linked to the risk happening.

Financial

• The impact cannot be managed without additional funding from the NZ government.
• The impact cannot be managed without large increases in human resources.
• Yearly operating costs increase by more than 12%.
• The 1-time financial cost of the risk happening is greater than $100,000.

Reputation

• The government organisation suffers signficant political or reputational damage.
• The Minister suffers reputational damage and loses confidence in the government organisation’s senior management.
• The Minister and Chief Executive need to be briefed and regularly updated.
• Media interest is sustained for up to a week with minor criticism levelled at the government organisation.
• Key stakeholders need to be informed and kept up to date with any developments that affect them.
• The government organisation breaches the law, which leads to legal action by the affected stakeholders.
• An external, independent investigation is commissioned by either the Public Service Commission (PSC), Government Chief Digital Officer (GCDO) or Office of the Privacy Commissioner.
• The government organisation can manage the communications and recovery internally with strong guidance from the PSC and GCDO.

Health and safety

• A significant health and safety incident involving multiple members of staff or the public.
• Those who are hurt suffer significant injuries with long-term effects that leave them permanently affected.
• An external authority investigates the government organisation’s safety practices, which are found to be inadequate.

Service delivery

• Significant compromise of the government organisation’s goals.
• Significant compromise of the strategic objectives of the NZ government or other organisations.
• Significant ongoing impact on service delivery across 1 or more business units or multiple organisations.
• Skills shortages affect the ability of the government organisation to meet its strategic objectives and goals.
• The organisation’s work hours for staff are increased by more than 38%, 10 to 15 hours per week, for 30 days.
• Staff turnover increases by 3% to 10% more in a 6-month period and it can be directly linked to the risk happening.

Financial

• The impact cannot be managed without re-prioritising work programmes.
• The impact cannot be managed without a significant increase in financial and human resources.
• Yearly operating costs increase by 10% to 12%.
• There is a 1-time financial cost between $50,000 and $100,000.

Reputation

• The government organisation suffers moderate political or reputational damage.
• The Minister is informed and may request a briefing.
• The government organisation’s Chief Executive and senior management need to be briefed and regularly updated.
• The government organisation breaches its compliance obligations.
• Media interest is sustained for less than a week with minor criticism levelled at the government organisation.
• Key stakeholders need to be informed and kept up to date with any developments that affect them.
• The government organisation commissions an external, independent investigation.
• The government organisation can manage most of the communications and recovery internally with some guidance from the Government Chief Information Officer.

Health and safety

• A moderate health and safety incident involving multiple members of staff or 1 or more members of the public.
• Those who are hurt suffer injuries with long-term effects, but they are not permanently affected.
• The government organisation’s practices are questioned and found to be inadequate.

Service delivery

• Moderate compromise of the strategic objectives and goals of the agency.
• Moderate impact on service delivery across 1 or more business units because of a prolonged service failure.
• The organisation’s work hours for staff are increased by less than 25%, 8 to 10 hours per week, for a period of 2 to 4 weeks.
• Staff turnover increases by 1% to 3% more in a 6-month period and it can be directly linked to the risk happening.

Financial

• The impact can be managed with some changes to the organisation’s planning.
• The impact can be managed with modest increases in financial and human resources.
• Yearly operating costs increase by 7% to 10%.
• There is a 1-time financial cost of $20,000 to $50,000.

Reputation

• Senior management or key stakeholders, or both, believe that the government organisation’s reputation has been damaged.
• The government organisation’s Chief Executive needs to be advised.
• The government organisation’s senior management need to be briefed.
• Media interest is short-lived, up to a couple of days, and the government organisation is not blamed.
• The government organisation can manage the communications and recovery internally.

Health and safety

• A minor health and safety incident involving multiple members of staff or the public.
• Those who are hurt suffer minor injuries with short-term effects — they are not permanently affected.

Service delivery

• Minor impact on service delivery across 1 or more of the government organisation’s branches because of a brief service failure.
• Limited effect on the outcomes or objectives of more than 1 business unit.
• The organisation’s work hours for staff are increased by less than 15%, 6 hours per week, for less than 2 weeks.
• Staff turnover increases by less than 1% in a 6-month period and it can be directly linked to the risk happening.

Financial

• With some minor changes to the government organisation’s planning, the impact can be managed using its current resources.
• Yearly operating costs increase by 5% to 7%.
• There is a 1-time financial cost of $10,000 to $20,000.

Reputation

• The government organisation’s reputation is not affected.
• The Minister does not have any questions for the government organisation if the risk happens.
• There is no media attention.
• The government organisation can manage the communications and recovery internally.

Health and safety

• No loss or significant threat to the health or life of people.
• The government organisation’s safety practices are questioned, but they are found to be appropriate.

Service delivery

• Limited effect on the outcomes or objectives of a business unit in the government organisation.
• The organisation’s work hours for staff are increased by less than 5%, 1 to 2 hours per week, for less than 2 weeks.
• There is no increase in staff turnover as a result of the risk happening.

Financial

• The impact can be managed using the government organisation’s current resources — it does not need to revisit and change its planning to do so.
• Yearly operating costs increase by less than 5%.
• There is a 1-time financial cost of less than $10,000.