Managing Risk

Managing Risk
Prev	Chapter 4. Implementation	Next

Most, if not all, public sector managers are now familiar with the main tenets of risk management as a key process in project management. Many of the risk assessment and mitigation processes in current use are well-documented ‘checklist’ approaches. This means, however, that they sometimes suffer from ‘over-formalisation’. The introduction of eEngagement processes will be undertaken with reference to potential risk.

James L Creighton^[5] provides a useful checklist to assess the level of controversy associated with a topic, an important precursor to the development of appropriate risk management and mitigation strategies. According to Creighton, public managers need to ask:

are the impacts of the change/issue significant?
has there been prior controversy?
does the issue tie into others that have a history of controversy?
does the issue touch on politically charged issues?
is this issue the raison d'etre for stakeholder groups?

By using this form of assessment tool, the level of potential controversy can be determined and particularly sensitive issues or groups identified. While Creighton observes that there is no ‘mathematical formula’ for the identification of levels of sensitivity, this type of risk assessment approach is something that (a) can assist in planning for the avoidance or minimisation of risks and (b) offer an important accountability mechanism if risks become manifest in the process.

This assessment may be developed simply as a mitigation process, however, where risks cannot be mitigated fully, the process will also be necessary as a means of providing information about risks to potential participants. This is particularly true with regard to privacy issues (as discussed in Section 3.3, Managing Identity Issues), where the capacity to provide a completely private environment for participation is limited, due to the agency’s lack of control over the user’s ICT platform (e.g. they may have an insecure personal computing environment). Beyond privacy, the most common issues of concern are security and defamation.

Security

Security is a technical and social concern and relates to:

the safety of participants – particularly if their privacy cannot be guaranteed. While this may be irrelevant in many cases, experiences with consultation on issues of family violence in the UK necessitated careful planning and support to foster the participation of victims, particularly where they were alienated from their partners or remained in an at-risk environment; ^[6]
the integrity of the system – even if the consultative process is not contentious, any networked system is open to attack and vandalism. Standard security procedures will be taken to prevent intrusion (which could lead to the loss of personal data of participants) or prevention of access attacks. ^[7] Where the issue is contentious, extra levels of security (higher security investment, distribution of hosting machines, multiple redundancy) should be applied to prevent disruption to the engagement process. This must be done in consultation with technical managers and security experts (often IT support staff may not have expertise in this area and external advice needs to be considered);
social issues – it is important to recognise that most breaches of online security result either from ‘insider’ attacks (internal staff misuse of the system) or where users are ‘tricked’ into giving away identifying information (‘social engineering’). Careful design of the consultation approach, appropriate management of staff with access to the system, (e.g. preventing access by staff to areas of the software or database not relevant to their work) and training for users (to resist social engineering attacks) can reduce these risks significantly. ^[8]

Exhibit 27: Open Source for Security

In the development of the eVACS electronic voting system, the ACT Electoral Commission released the source code of the software as open source. This release allowed third party organisations and individuals to identify and report problems with the code. See: http://www.elections.act.gov.au/EVACS.html

Moderation

Moderation (monitoring and exercising editorial control over message content) is necessary in some areas of eEngagement and has generated a number of practical reference guides and formal training (the Hansard Society in the United Kingdom runs an online course for moderators). Moderation can be necessary where:

the issue is contentious and emotions can run high;
the target audience is new to online communications (and may be naive about the implications of contributing to online conversations and their ability to be widely read);
the contents of discussion is intended to be published (in whole or part);
there are political or cultural sensitivities associated with online discussion or debate; and
participants are young.

While these issues are not relevant to simple interactive approaches (such as one-off data collection, or the use of polling and surveys), the most commonly cited risks or concerns of public sector managers are:

the presentation of material from participants (online or off) opens the agency to the risk of defamation (e.g. they are acting in the role of a publisher ); and
aggressive, lurid or rude postings to a discussion list can lower the tone of conversation – either reducing the tenor of conversation (generating little of value) or intimidating potential participants (silencing).

Both are real risks, with the latter more serious than the former.^[9] The role of public officials (or third party moderators) in maintaining a correct tone of discussion is important – even if this is simply to keep debate and discussion ‘on topic’ and focused towards the consultative objectives.

The difficulty in determining an appropriate approach is often:

failure to consider this issue before the project is initiated (thereby lacking rules and technical processes for moderation if problems emerge);
lack of experience in many public sector organisations in moderation – the nature of online communications – its lack of paralinguistic cues and other ‘social’ indicators makes online moderation a specific skill set that needs to be developed and cultivated over time; and
inappropriate setting of the level or extent, of moderation. Overly light moderation is as bad as having no moderation at all, while excessively draconian control of discussion (allowing no off-topic conversation at all, which undermines the ‘forming and norming’ social bonding process, for example) can prevent the appropriate ‘flow’ of conversation that can make these processes largely self-directing (thereby reducing staff time in ‘prompting’ and ‘guiding’).

Comprehensive moderation can be expensive, requiring considerable allocation of staff to the task (depending on the number of participants). This is particularly true where moderation requires all communications to be read in real time (such as may be required in a chat room for young people, for example). However, a number of options exist to maintain a robust approach to moderation at lower cost. Which options the organisation employs will depend on the nature of the issue and participants, but can include:

using a mix of paid staff and volunteer moderators;
using keyword searching to identify suspect posts for human review;
ensuring participants are not anonymous; and
using a ranking system to allow readers to ‘vote down’ offensive or irrelevant posts.

The advantages and limitations of different approaches are outlined in Figure 11.

Figure 11: Advantages and Limitations of Moderation Approaches

Approach	Advantages	Limitations
Gate Keeping (pre-posting review and approval)	Strong control over content, limits risk of hijacking or defamation Focused discussion reduces ‘off topic’ conversation Clear rules of engagement and participation, useful for inexperienced participants	Overly controlling, can limit valuable tangential discussion Can alienate participants Limits ‘discovery’ function – data collection can be railroaded toward expected conclusions Significantly slows conversation
Post-hoc Moderation	Manages risks without excessive control Guiding role of moderation can stimulate participation from shy participants ‘Referee’ function can build community and reduce tension in complex and contested issues	Time consuming, especially where high degrees of negotiation are required Can still attract criticisms of control or censorship Slows free-flow of discussion
Unmoderated (open forum)	No risk of accusation of censorship Low cost Free flowing discussion Can allow discussion to flow to unexpected areas (discovery)	Risks of hijacking or defamation (modest) Can lead to domination by small number of vocal contributors Discussion can drift towards irrelevancy

Exhibit 28: Handling Defamation in a Discussion Forum

The City of Brisbane (Queensland) maintains a clear policy for managing issues of defamation on its citizen discussion lists (http://ycys.brisbane.qld.gov.au/). This policy consists of:

a formal policy statement that is provided to participants when they subscribe to the service;

a moderation process that sees a member of the city council staff review all messages before they are posted to the list; and

a complaints handling process with avenues for appeal and review.

The aim of this process is to protect the City from publishing material which may result in an action for defamation, or lead to general incivility on the discussion list. Items that are deemed to violate the policy are:

in the first instance referred back to the original author pointing out the areas of difficulty and with suggestions as to how the message may be modified to comply with the policy; and

subject to review (upon request) by a more senior manager for final determination.

e-democracy.org, on the other hand, maintains a ‘take down’ approach, where messages that violate the rules of the discussion (http://www.e-democracy.org/rules/) are removed if they are deemed to violate the rules.

Prev	Up	Next
Promotion and Recruitment	Home	Chapter 5. Concluding the Process