Managing Emerging Critical Risks

The presence of dedicated institutional roles aids methodical identification of emerging critical risks.

For instance, Ireland conducts risk assessments through different departments—the Department of the Taoiseach and the Department of Defence—but lacks a dedicated institution for systematic risk identification, which may result in overlaps or gaps (Department of Defence, 2023; Department of the Taoiseach, 2024).

Meanwhile, Korea’s CRIA ensures an explicit focus on the identification of emerging critical risks through its established institutional role.

Regularly updating risk assessments and employing iterative processes make it possible to respond to new knowledge about emerging risks. The case studies reveal varying practices in this regard.

Ireland updates its National Risk Assessment (NRA) annually, incorporating horizon scanning and public consultations to address new and emerging risks (Department of the Taoiseach, 2024).

In Israel, NEMA periodically reassesses threats and the country’s readiness for each. Ministries adjust their priorities annually to respond to gaps in their preparedness. For emerging threats that require real-time adjustments, NEMA makes recommendations to the Ministry of Finance and supports other ministries in their requests if there is a new need identified mid-cycle.

Korea also has regular review and evaluation processes, such as the selection committee that convenes twice a year, as well as regular follow-up communications to help ensure that emerging risk insights inform strategic planning and public awareness efforts.

On the other hand, the United States’ decentralised approach to risk assessment means that update cycles vary from assessment to assessment.

Managing transboundary and systemic risks effectively implies co-ordination within and between governments. Fragmented authorities and varying assessment methodologies among agencies hinder consistent co-ordination. The case studies highlight challenges in this area, often stemming from decentralised structures or unclear delineation of roles.

Ireland assigns responsibility for risk management to Lead Government Departments within their domains but lacks a standard procedure for co-ordinating on cross-cutting emerging risks (Department of the Taoiseach, 2024). This decentralisation can result in gaps where no single entity is accountable for risks that require co-ordinated action across departments.

Israel's National Emergency Management Authority (NEMA) works with various government agencies through committees and working groups to facilitate information sharing and co-ordination (Interview IL-5). However, while these mechanisms support domestic co-ordination, formal structures for international collaboration on transboundary risks are not extensively documented.

In the United States, government size and specialisation lead to varying assessment methodologies and co-ordination challenges. The more complex a risk is, such as transboundary risk, the more challenging it is to co-ordinate.

Using exercises to test assumptions, identify gaps, and foster innovation enhances preparedness and response capabilities. The case studies reveal that the use of emerging risk exercises is not widespread, indicating an opportunity for enhancement in risk management practices.

Israel conducts regular exercises involving multiple agencies to test preparedness and response capabilities (Interview IL-3).

Korea has also conducted emerging risk exercises to help test response capabilities and operational practices, although more could be done to strengthen their linkage to strategic foresight and after-action reviews.

The adoption of advanced technologies and methodologies offers opportunities to enhance the identification and assessment of emerging critical risks. The case studies demonstrate varying levels of implementation of such tools.

In specific sectors, Israel leverages technological tools to enhance risk monitoring. The Ministry of Health's health intelligence unit uses global data to monitor disease patterns, facilitating early detection of health-related risks (Interview IL-2). The Israel National Digital Agency (INDA) uses methods including real-time monitoring, behavioural data, and predictive analysis to detect emerging risks. Tools include AI, behavioural sensors (such as smartwatch data tracking sleep and anxiety levels), and big data analytics to gain insights into public sentiment and situational needs. INDA's methodologies extend to unconventional data sources such as Google Trends and aggregated purchase data, picking up on shifts in public behaviour or resource demands which may be indicative of emerging risks materialising.

Korea’s use of multidimensional frameworks such as “science, technology, economy, environment, politics” (STEEP) analysis, as well as classification of emerging risks into categories according to level of uncertainty, demonstrates an established grasp of foresight in identifying and understanding those risks.

In the United States DHS, the use of advanced analytical tools is present in some agencies but not others. An official stated that "tools and software are used inconsistently, and there is no centralised adoption of specialised analytical tools for emerging critical risks" (Interview US-1).

A consistent challenge identified across the case studies is the link between the identification of emerging critical risks and their integration into management and policy frameworks. While countries have processes for recognising risks, translating these insights into actionable strategies often proves difficult due to organisational and structural barriers.

In some cases, decentralised governmental structures lead to fragmentation, making it challenging to assign responsibility and co-ordinate efforts. An official noted that "assigning responsibility for risks is challenging due to lack of incentives. Leadership may be reluctant to take on additional responsibilities without corresponding resources" (Interview US-1). Addressing the challenge of translating risk identification into actionable strategies requires both procedural mechanisms and effective communication with leadership and stakeholders.

Ownership and strong leadership commitment increase the chances that emerging critical risks will be identified and successfully managed. Assigning responsibility for specific risks, supported by effective communication, ensures that there is accountability and sustained focus on addressing them. However, the case studies reveal that when ownership is unclear or dispersed, risks may not receive the necessary attention.

Ireland’s Lead Government Department Approach ensures attribution of responsibility of risks, although there may be room for improvement in the attribution of shared responsibility for emerging risks which transcend departments.

Israel ensures unity of effort through NEMA’s common reference scenarios, and the requirement for ministries to develop plans for how they would respond to risks that do not fall explicitly within their mandate.

In Korea, regular contact with the press supports the sharing of updates, helping ensure that emerging risk insights contribute to public awareness efforts.

In the United States DHS, instances where leadership provides clear direction and resources reveal that risk management initiatives tend to advance more effectively than they would without such initiative.

Reflecting the main findings above, Governments may consider the following measures to strengthen their anticipation and management of emerging critical risks:

• Dedicated institutional roles for systematic risk identification: identifying or designating specialised institutions or roles focused on the methodical identification of emerging critical risks to ensure comprehensive coverage and reduce overlaps or gaps.

• Regular updates and iterative processes to respond to dynamic risk environments: updating risk assessments and employing iterative processes to incorporate new knowledge about emerging risks.

• Cross-departmental and transboundary engagement for managing emerging risks: strengthening co-ordination within and between governments to manage transboundary and systemic risks effectively; establishing standard procedures for cross-cutting emerging risks to ensure accountability and cohesive action across departments.

• Use of emerging risk exercises: developing exercises that simulate emerging risk scenarios to validate risk assessments, identify gaps, and foster innovation.

• Advanced technologies and methodologies for enhanced risk identification and assessment: adopting advanced tools such as artificial intelligence, big data analytics, and specialised methodologies to improve the detection and assessment of emerging critical risks– such as the OECD Common guideposts to promote interoperability in AI risk management (OECD, 2023[1])

• Link between risk identification and management: developing procedural mechanisms to translate risk identification into actionable strategies within policy frameworks.

• Ownership, advocacy, and leadership commitment: assigning clear responsibility for specific risks and advocate for their management to ensure accountability.

The varying levels of maturity among the countries highlight the usefulness of the OECD's maturity model in revealing areas of strength and potential for improvements.

The Framework provides a structured approach, but effective application varies. Challenges such as decentralisation and lack of unified processes suggest that the framework could emphasise mechanisms for co-ordination and integration.

Reflecting the areas of knowledge that fell out of the scope of this study, the following areas could be researched to deepen the insights created in a follow-up study.

• Further Data Gathering: Looking at implementation plans for each government department, where these differ or are prepared in separate processes to those reported in the case studies.

• Adapting to National Contexts: The framework should allow flexibility to accommodate different governmental structures.

• Explore Federal-State Interactions: Study the dynamics between different government levels in risk management.

• Investigate Technological Impacts: Assess how emerging technologies affect risk landscapes and management strategies.

• Additional Case Studies: Expand the analysis to include more countries for broader insights. This is a key final point, as the generalisability of the research hinges on replicating it and drawing lessons from the diverse and dynamic governance systems in which it is intended to promote learning.

The analysis across participating countries demonstrates that while each country has taken steps towards anticipating and managing emerging critical risks, significant variation exists in their levels of maturity across the seven steps of the Framework. Institutional roles, co-ordination mechanisms, and the integration of advanced tools and methodologies influence the effectiveness of identifying, assessing, and managing these complex threats. In all four cases, comprehensive and forward-looking approaches have begun to materialise, such as the establishment of dedicated units, the adoption of scenario-based exercises, and the pursuit of more flexible planning frameworks. However, all the countries still have areas to work towards in creating fully matured, unified systems that consistently connect risk identification to policy, budgeting, and strategic planning decisions.

The application of the maturity model has helped to highlight specific strengths and areas needing improvement in each country’s approach. For instance, methods like horizon scanning and foresight exercises have proven valuable in detecting early warning signals of new threats, while robust exercises and scenario analysis have underscored the importance of testing and validating response capabilities. At the same time, decentralised authorities, unclear ownership of risks, and limited after-action processes remain pervasive challenges that hinder accountability and continuous improvement.

From these findings, several key lessons emerge. Governments can strengthen their preparedness by establishing institutional roles dedicated to systemic risk identification, ensuring more regular updates and iterative review processes, and employing emerging risk exercises as standard practice rather than as isolated pilots. Assigning clear responsibilities, leveraging advanced technologies and analytics, and bolstering leadership commitment further support the timely translation of risk identification efforts into actionable strategies. The success of these measures also relies on effective communication and stakeholder engagement, ensuring that risk insights shape decision-making at all levels.

While the Framework and the maturity model provide valuable guidance for measuring progress, they can also be improved. Ways to do this include increasing their adaptability to local contexts and diverse governance structures. As governments refine their methods and learn from one another’s experiences, they can advance toward more systematic and cohesive governance setups capable of anticipating and managing the emerging critical risks of an increasingly uncertain world. Future research and expanded case studies can reinforce these insights, enabling an even richer exchange of knowledge and strategies to foster global resilience against the challenges on the horizon.

[1] OECD (2023), “Common guideposts to promote interoperability in AI risk management”, OECD Artificial Intelligence Papers, No. 5, OECD Publishing, Paris, https://doi.org/10.1787/ba602d18-en.