Author/s: Combined Threat Assessment Group (CTAG)
Published in National Security Journal, 27 November 2020
Risk: assessing likelihood and consequence of an event
Within the risk management process, threat assessment is distinct from risk assessment. To adequately assess risk, risk assessors require an understanding of the likelihood of an event occurring, and the range of consequences if the event were to manifest. These ‘likelihood’ and ‘consequence’ assessments provide a clear understanding of the exposure to that risk, and assist with identifying any mitigation or management efforts required to reduce the likelihood of that risk causing harm.
Figure 1: Contributing factors in threat and risk assessments
The primary purpose of the threat assessment process is to inform risk appreciation, mitigation and management (refer Figure 1 above). Threat assessment is not an end in itself, nor should it be confused with a conclusive statement of the vulnerability of New Zealand or New Zealand interests to harm. State sector agencies are responsible for their own risk management, which is informed by a range of government policies, including health and safety obligations and the Protective Security Requirements (PSR) framework.
Threat: assessing the intent and capability of an actor
Threat assessment is the analytical process focused on assessing the likelihood of a threat, or human-driven event, manifesting. The primary purpose of threat assessment is to inform the ‘likelihood’ component of a risk assessment framework. When assessing the likelihood of a threat manifesting, two core elements are considered: the actors’ intent (i.e. the desire to inflict harm, coupled with the confidence to do so), and whether they possess the capability (i.e. the access to knowledge and resources required to conduct harm) to do so.