1. No category

Risk Management for the USA-NPN

[Pick the date] [FOR INTERNAL USE ONLY]
Risk Management Report
V1.3 DRAFT – December 17, 2013
Table of Contents
The Risk Management Framework ............................................................................................................... 1
Risk Assessment ........................................................................................................................................ 2
Outcomes .................................................................................................................................................. 2
Risk Management for the USA-NPN ............................................................................................................. 3
Discussion of specific risks ........................................................................................................................ 3
Staff Transition Planning ....................................................................................................................... 3
Challenges related to the USGS-UA Cooperative Agreement .............................................................. 5
Information Infrastructure .................................................................................................................... 6
Liability .................................................................................................................................................. 7
USGS External Programmatic Review ................................................................................................... 7
Government Shutdown......................................................................................................................... 7
Funding-Related Risks ........................................................................................................................... 8
Publicity- and reputation-related risks ................................................................................................. 9
Conclusion ................................................................................................................................................... 10
Additional Resources .................................................................................................................................. 11
The Risk Management Framework
Identifying and evaluating a wide range of risks from loss of key personnel to competition from other
organizations is an important component of the organizational planning process. Once the impact,
likelihood, detectability and preventability of major risks has been assessed, risks can then be
prioritized, delegated to responsible individuals and given one of the following outcomes: accepted,
transferred, avoided or mitigated.
1
[Pick the date] [FOR INTERNAL USE ONLY]
We have previously referred to this effort as “contingency planning,” but have since learned that
contingency planning is just one piece (i.e., the mitigation of high priority risks) of a more
comprehensive process known as “risk management.”
Risk Assessment
The risks and issues identified in a relatively short brainstorming session are likely the most important
ones (according to Schneier, see additional resources section). These risks can then be ranked in the
categories described in Table 1. The exponential ranking scale (given in the row header, where 9 is high,
3 is medium-low and 1 low) forces gross distinctions among risks. Note that risk assessment is a
subjective process, and people typically underestimate the likelihood of risks they have control over
(e.g., driving) and overestimate risk when the locus of control is further from them (e.g., flying).
TABLE 1 – Scoring rubric for assessing risks. The rubric is applied to the risks identified for USA-NPN in
the appended Excel sheet.
Ranking Scale
What is the cost should the risk
be realized? (Impact)
What is the likelihood that the
risk will be realized? (Likelihood)
What is our ability to detect the
risk event before it actually
happens, in time to take actions
that will significantly reduce the
impact? (Detectability)
What is our ability to take
actions that will reduce the
likelihood and/or impact of the
risk materializing? (Mitigateability)
9
Critical damage to
the USA-NPN
mission (up to
close-up shop)
Certain to almost
certain in some
period of time
(e.g., 1 year)
No ability to take
action before the
risk materializes
3
Moderate to
serious damage
1
Annoying to
moderate damage
Somewhat likely to
moderately likely
Unlikely
Some lead time
Lots of lead time to
reduce impact
substantially
Multiple actions
are readily
apparent to reduce
the likelihood
and/or impact
Some actions
possible
Very limited
actions (can also
put 0 for no
actions)
Outcomes
After risks are assessed using the rubric above, the next step is to decide the appropriate action to take
for each risk. Possible actions are listed below. It is also important to assign a lead, or responsible
individual, to ensure that the follow up actions are taken. The risk management spreadsheet lists the
proposed actions and leads for each risk.
a) Accept. Risks with a low score (where especially likelihood and impact, but also detectability and
mitigate-ability are low) can be accepted. Knowingly accepting a risk is a helpful consequence of
prioritization – resources are focused on more serious threats.
2
[Pick the date] [FOR INTERNAL USE ONLY]
b) Transfer. Insurance is the obvious example of risk transference (not a likely outcome for the
primary risks for USA-NPN).
c) Avoid. Avoidance refers to not taking the actions that create the risk. A decision to avoid a risk
evaluates the opportunity costs of not taking a particular action (essentially business risk), and
whether risk avoidance is cost-effective.
d) Mitigate. Risks with a high score are likely best mitigated, by taking actions to reduce the
likelihood and/or impact of the risk (with the assumption that the residual risk is accepted or
transferred). This includes an evaluation of the costs of mitigation and whether the reduction in
likelihood and/or probability is justified given the costs.
Risk Management for the USA-NPN
The USA-NPN Risk Management spreadsheet (appended) uses this framework to assess, delegate and
take action upon the risks that were identified in a brainstorming session by NCO staff. Columns B-E are
the assessment segment, where Column E sums the first three factors, with a higher score indicating a
more serious risk (cells are color-coded where red is high, orange is medium and yellow is low). Column
F indicates how much can be done to mitigate a risk. Serious risks with more mitigation options are
those with a high score in column G (sum of columns E and F), and should be a higher priority for action.
Risk owners (given in rows H-K) are responsible for regularly assessing the cost, probability, and
detectability of the assigned risk (or delegating this responsibility to another party). It is particularly
important to check for any changes to these factors and to communicate those changes to risk
stakeholders, at least including the risk coordinator (currently the Assistant Director). Owners are also
responsible to see that risk mitigation actions are appropriately planned, implemented, tested, and
communicated to stakeholders. AC and NCO owners work together, engaging others as needed, to
effectively understand, monitor, and manage risks. The frequency for reassessments of risks and
mitigation strategies depends on the nature of the risk, but should generally be at least every six
months.
Based on this system, the highest priority risks for the USA-NPN are the abrupt loss of the Executive
Director, loss of information architecture, and damage to our reputation via perceived low data quality.
However, all risks identified on the spreadsheet are worth mitigating to a greater or lesser extent.
Specific risks and mitigating actions are discussed below, and further information is available in the
appended excel spreadsheet.
Discussion of specific risks
Staff Transition Planning
The NCO has lost approximately one regular staff member each year (Mark Losleben, Kathryn Thomas,
Abe Miller-Rushing, Echo Surina and Jherime Kellermann). All cases were planned, and went relatively
smoothly, without disruption of services. The staff has considerable capacity to cover each other’s tasks
in the event of a sudden or planned transition, in part because several staff members have broad skill
sets and deep organizational knowledge. We have not yet been tested with a sudden transition, but
have made some preparations (listed below).
3
[Pick the date] [FOR INTERNAL USE ONLY]
We have not yet faced an executive transition, which, given our structure is likely to have a significant
impact. Without Jake Weltzin, our only USGS employee, the USA-NPN would be vulnerable to budget
cuts, and the loss of the agreement between USGS and the University of Arizona. To mitigate this, Jake
has developed strong relationships and buy-in with his superiors and other managers within USGS.
Jake’s regular visits to Reston and the upcoming external programmatic review are components of a
strategy to root the NPN strongly in Ecosystems at USGS, though the outcome of the programmatic
review is unknown, and the federal government continues to face increasingly constrained budget
resources that may cause shifts in priorities within USGS. We have also considered hiring an additional
staff person, likely in an “associate director” role at USGS, to provide replication for Jake’s role and
perhaps to provide more of a face in Reston.
Actions already taken to mitigate abrupt or planned staff transition (yellow highlight indicates areas
where there are outstanding issues to be resolved):


Cross-training, job readiness by other staff members is available in many cases:
o Director, primary: Jake; backed up by Alyssa, Carrie and the Chair of the Advisory
Committee, though ultimate responsibility sits with Matthew Andersen, USGS
(supervisor to Jake)
o Assistant director, primary: Alyssa; backed up by Carrie and Theresa
o IT Coordinator, primary: Alyssa; backed up by Lee
o Science coordinator, primary: Carrie; backed up by Kathy and Jake
o Education coordinator, primary: LoriAnne; backed up by Alyssa and Theresa
o Partnerships coordinator, primary: Theresa; backed up by Alyssa, Carrie and Jake
o Monitoring design coordinator, primary: Ellen; backed up by Kathy and Lee (while some
critical info on protocols is only known by Ellen; ongoing documentation and cross
training in 2014 should alleviate this issue).
o Botanist: Patty; backed up by Ellen and Kathy
o CPP Liason & Analyst, primary: Kathy; backed up by Alyssa, Carrie and Theresa
o Web & Admin support, primary: Sara; backed up by Sharon and Erin
o FWS Liason, Wildlife Specialist & Outreach Assistant, primary Erin; backed up by
Carrie/LA and Theresa
o Administrative associate, primary: Sharon; backed up by Sara and Alyssa
o Server administrator, primary: Dean; backed up by Lee and Bruce
o Programmer, primary: Lee; no technical back up in place (Alyssa has broad
understanding of set up and tools, Dean understands the server and SVN architecture.
At this point Lee’s job documentation and efforts to simplify the IT infrastructure are
probably the best routes).
All NCO staff files are backed up using an office Carbonite account, and staff have been
instructed to back up additionally to a hard drive, and store this hard drive at home, following
James Brunt’s here, near and there philosophy. These actions support both staff transitions and
desktop data loss issues.
4
[Pick the date] [FOR INTERNAL USE ONLY]



Staff consistently uses online software (Highrise) to document interactions with all partners,
allowing anyone to pick up where another staff member left off.
Documentation of key policies and procedures is ongoing, reducing the threat of disruption in
case of multiple staff member transition.
We recruit talented and dedicated staff, and create a healthy, supportive work environment,
where staff can excel and grow, which leads to high staff retention. The insecurity of future
funding may be the greatest challenge to staff retention.
Actions planned to mitigate abrupt or planned staff transition:


Each staff person will document critical elements of their job, enabling a new person to fill in on
critical tasks. Critical elements will be updated annually. Staff will work closely with their backup people to ensure communication and continuity around responsibilities.
Further discussion and planning should go into executive transition planning, relying on the
resources listed below, led by the AC and NCO owners of this risk.
Challenges related to the USGS-UA Cooperative Agreement
The current 5-year USGS-UA agreement that supports the majority of NCO activities has been quite
successful, and concludes in July of 2014. USGS Ecosystems Mission Area (EMA) and the University of
Arizona’s (UA) School of Natural Resources and the Environment (SNRE) are currently amenable to a
new 4 or 5 year agreement. Overhead rate could be an issue for both organizations in renewing the
agreement. The current overhead rate of 15% is negotiated by USGS with the UA across many projects
and agreements, and there is likely little that NCO staff can do about it (except contribute a letter stating
the value of the effort to the UA, when called upon to do so). We have been told by our department’s
business officer that an increase to 17.5%, but not more than that, is likely.
Space may also be an issue, within and beyond the scope of the new agreement. The current agreement
stipulates UA provides space without charge for the USA-NPN. On July 1, 2014, the University of Arizona
is moving to “responsibility centered management model”, in which departments like SNRE will receive
a greater proportion of indirect costs from groups like ours, and have to pay more expenses (e.g., per
square foot charges for teaching and research space). It is unclear whether the cost for our space will
come out of the SNRE budget or the UA VP for Research’s budget. Our current space is in a leased UA
building that as of the summer of 2015 will house only our group. It is likely that we will have to move
before this date – and we are exploring several options in UA-owned, and one USGS-owned building on
campus. Regardless, it is quite possible that rent may be required as a budget component in the next
agreement.
By communicating regularly with USGS and UA decision-makers on the agreement, we will be able to
detect and ameliorate issues with renewing the agreement on both sides. A draft agreement will be
submitted to the University of Arizona for processing in December 2013. The biggest issue is that there
will not be FY14 money available to move from USGS to the UA until May or June of 2014, at which point
it may be too late to establish a new agreement. We will prepare for this by being as ready as we can on
5
[Pick the date] [FOR INTERNAL USE ONLY]
both sides, with solid budget numbers and a strong agreement, through some levels of approval, in
place.
Information Infrastructure
We are vulnerable to a variety of threats to our IT infrastructure, from natural disasters to hacking.
Currently our off-site back up system is in another building from our main infrastructure, but still
contained within the University of Arizona campus in Tucson. We face a series of related risks to our IT
systems.
Disaster recovery is best handled by generating a daily, latent copy of our infrastructure on Amazon
Cloud, to provide (truly) off-site back up of files and the database itself. This system will also enable us
to stand up a copy of our infrastructure rapidly, so that our web presence is maintained during a
hardware or software fail on the UA campus. Temporary traffic spikes (e.g., due to a media event) could
also be handled by the cloud. Setting up the cloud infrastructure is a current high priority for the IT
team.
Loss of Service or Denial of Service
In this scenario, the University IT Department (where our servers our housed), or our individual servers
get hit with a Denial of Service attack (bots hitting website to slow it to a halt, for example), or we have
a loss of service due to a spike in visitation (a repeat of Science Friday in March 2009). This scenario is
currently mitigated by load balancing with a proxy server and two replicates of the infrastructure. In the
future, a new server architecture that has native support for load balancing, together with cloud
virtualization (allowing us to rapidly stand up a copy of our infrastructure, so that our web presence is
maintained) will mitigate potential interruptions of service due to loss of service.
Physical Loss of Servers
In this scenario, our server hardware fails, or a natural disaster (e.g., a buffelgrass-sparked fire) destroys
our hardware in both the server rooms and our office. These risks are mitigated again with cloud
virtualization (making the back-ups and replicates truly off-site). The loss of just the main servers is
mitigated by a tower back up with a daily copy of the infrastructure in our offices. We are also
preventing a hardware failure by purchasing new servers.
Virtual Loss of Data/Infrastructure
Virtual loss refers to the defacing of our website, accidental or intentional deletion or manipulation of
data, and the injection of malicious code. To mitigate the risk of this we limit user access to the code and
databases (e.g., must be within UA network to connect to servers, and VPN access is given only to
trusted users, we also limit the overall number of users with access to the servers, and use strong
passwords). Database access is limited to read-only for all users other than database manager. Nonadministrative users of the Drupal website are highly constrained in the content they can add
(formatted and filtered before entered in database to prevent SQL injection. The in-office back up is
quite difficult to access, providing an extra layer of security and data protection. We are now using a
combination of modules to prevent malicious users from joining the website and to scan the database
6
[Pick the date] [FOR INTERNAL USE ONLY]
and delete bad accounts. Throughout our infrastructure we use the latest versions of software, and test
all changes and upgrades in a development environment. Again, cloud virtualization will protect us
against this threat, by providing a protected off-site copy of the infrastructure. We also plan to
implement more pro-active and meaningful logging of activity (including use of a log compiler), in order
to get ahead of malicious efforts. As a DataONE member node we are also buffered against virtual loss
to some extent, in that a copy of the full phenology dataset is stored by the DataONE coordinating node
(updated at the close of each calendar year).
Liability
We may be vulnerable to a lawsuit (frivolous or otherwise). For example, if data we provide led to a bad
outcome for an individual or corporation, or if an observer were injured while participating. Our Terms
of Use, as well as our employees’ coverage by their respective institutions’ risk management and legal
teams, protects us from lawsuits to some extent. However, further research and consideration of this
issue is likely warranted.
USGS External Programmatic Review
In winter/spring 2014, the USGS is conducting an external programmatic review of the USA-NPN,
focused primarily on science and secondarily on operations. This review seeks (1) assess the science
utility of having a national phenology network; (2) consider USGS strategic directions and science
missions served by the USA-NPN; and (3) consider the utility of the USA-NPN to other Federal Agency
science missions (including NSF and academia). USA-NPN science accomplishments to date will be
considered and evaluated, but the review’s primary purpose is to look forward at USA-NPN science
directions within the context of the USGS and the Federal science landscape, and to provide appropriate
recommendations to senior leadership in USGS and the Ecosystems Mission Area. The results of the
review have the potential to impact the structure and funding of the USA-NPN. Jake is working with his
superiors and the coordinator of the review to maximize both short and longer-term value of the review
to USA-NPN operations.
Government Shutdown
As a federally-funded program, with one federal staff member, the USA-NPN is vulnerable when the
federal government closes (e.g., because of congressional budget impasses). During the 16-day
shutdown in October, 2013, the USA-NPN was impacted in the following ways:




Executive Director, Jake Weltzin did not work, or travel for work. Projects and partnerships he is
directly involved in were stalled.
Other NCO staff, employed by The Wildlife Society and the University of Arizona, were able to
continue to work as their efforts are funded by FY13 monies on deliverables already agreed
upon.
NCO travel planning was stalled/uncertain with increased flight costs (e.g., the US Fish and
Wildlife Services pilot project and the Urban Forestry meeting).
Fall phenology monitoring was interrupted (e.g., Great Smokies National Park, Palomarin Field
Station).
7
[Pick the date] [FOR INTERNAL USE ONLY]






Feedback from federal partners delayed (e.g., mobile app development for AT project, CPP
reports).
Government websites we use in our daily activities were inaccessible (e.g., ITIS and FWS).
Federal grants were delayed,; it was unclear how much effort to put into the National Parks
Monitoring Project proposal or the Council on Data Integration proposal until the government
reopened.
Approval to purchase of new servers through USGS was delayed.
The USA-NPN website, as it is hosted at the University of Arizona was not affected.
Inability of federal members of the Advisory Committee to meet or communicate, resulting in
slowed progress on collaborative projects.
Although government shutdowns are uncommon and undesirable to most of US society, they are a risk
that pose significant potential impact, and should be considered as part of this plan. To mitigate the
impact of future shutdowns, a pre-shutdown meeting among Jake and the senior staff could help tie
down loose ends and ensure continuity of communication with non-federal partners. It may also be
possible for staff to store key reference information from federal websites locally.
Funding-Related Risks
National Climate Change and Wildlife Science Center (NCCWSC)
If faced with budget reductions, the NCCWSC may reduce funding marginally or substantively, but not
cut it altogether. The two most likely scenarios for us in FY14 are either a 10% or a 50% cut in NCCWSC
funding. To mitigate these scenarios, we document our planned and accomplished deliverables for each
year, demonstrating the value to the program’s leadership of the partnership. We give credit to them as
a sponsor. Jake also cultivates relationships with Doug Beard, Shawn Carter and Robin O’Malley, to
ensure that communication lines are open, and any issues they may have are quickly resolved.
USGS Ecosystems Mission Area (EMA)
The EMA at USGS continues to face constraints on its overall budget, with small annual reductions likely.
To decrease the amount/likelihood of cuts to the USA-NPN base, Jake has developed a strong message
to the leaders of the USGS Ecosystem Mission Area, as to how the USA-NPN is an important activity in
the protection of DOI trust lands and species (the primary goal of the EMA). Through relationships and
regular communication Jake has developed a strong reputation for the USA-NPN, as well as built
interpersonal trust with Bill Lellis and Matthew Andersen. The external programmatic review that the
USA-NPN will undergo this year holds potential to further demonstrate the relevance and strength of
the program to EMA leaders.
US Fish and Wildlife Service (FWS)
Carrie has led the development of this partnership, which is now in its second year, funded at $140K
total. The FWS lead, Jana Newman is consistently pleased with the deliverables agreed upon (website,
establishment of pilot project), and is enthusiastic about the future of phenology monitoring throughout
8
[Pick the date] [FOR INTERNAL USE ONLY]
the Refuge system supported by the USA-NPN. Through a strong relationship and communication, any
issues with the project would be communicated early on, allowing for contingencies to be developed.
While creating and maintaining value for each of our federal partners is critical to success, we always
face the risk that budget cuts will be too severe, whereupon our partners will be faced with tough
choices, and the projects will be discontinued. To mitigate this risk, we explore, and if appropriate, seek
to secure alternative funding sources (NPS, USFS, private foundations).
Publicity- and reputation-related risks
Strong science, robust data, sustained funding and a secure infrastructure do not ensure success
without a favorable reputation in the stakeholder community (be it well-informed or not). The two main
areas where we feel the USA-NPN may be called into question are the data themselves and the
perception of the term “citizen science.”
NCO staff has worked closely with the first researchers using the data, to ensure that they are
interpreting the data correctly, and accounting for quality control issues arising from multi-source data.
In addition, quality assurance and quality control measures have been documented (in a technical
information sheet and in publications on our protocols and infrastructure). Further quality control
measures (flagging out of order phenophases) will be put into place in the coming months.
In the science and management communities “citizen science” can connote data collected haphazardly,
with little rigor or training. For this reason, among others, we do not want to be known as only a citizen
science program. Indeed, many professionals at federal agencies and universities contribute to Nature’s
Notebook (roughly half the data are generated by professionals or trained volunteers). We use
consistent messaging to make this clear (describing Nature’s Notebook as a program appropriate for
“professional and citizen scientists alike”). In some cases, it is advantageous to position ourselves as a
citizen science program, particularly for marketing and fundraising; however, we do this thoughtfully
and cautiously.
We do not know the size of our potential observer demographic, but we can assume it is finite, and that
we face competitive risks from similar programs. We have sought to define our target audience, and
communicate with potentially competitive programs, outlining our niches to avoid direct competition.
In FY13, seven publications that use contemporary or historical data from the USA-NPN database, or
that use USA-NPN data products, were published in peer-reviewed journals. This tends to ameliorate
concerns about the quality and usefulness of the data. By extension, because about half of the data in
the database were contributed by independent or ‘backyard’ volunteers, this demonstrates the value of
and approach that uses “citizen science” as a tool to collect data beyond what could otherwise be
collected by professionals. The NCO staff will continue to support the use of the data for both research
and application as a technique to further minimize concerns about data quality.
Maintaining Competitive Advantage
As strategists, organizational leaders must constantly ask the following questions:
9
[Pick the date] [FOR INTERNAL USE ONLY]
1.
2.
3.
4.
What does my organization bring to the world?
Does that difference matter?
Is something about it scarce and difficult to imitate?
Are we doing today what we need to do in order to matter tomorrow?
Questions 3 and 4 are relevant to finding and maintaining a competitive advantage (see Cynthia
Montgomery resources for more information).
The USA-NPN is unique among similar programs in truly connecting and delivering value for scientific
and non-scientific audiences. No other group is providing multi-taxa, national scale data explicitly on
phenology in the United States, arguably because it is difficult to imitate. To stay relevant in the future,
we must continue to:



Build a strong, supported and loyal observer base;
Develop and deliver value-added data products that only we can deliver;
Project confident, clear, consistent messaging about our unique value to observers and
researchers.
Maintaining a unique set of relevant services helps us compete successfully for both participants and
dollars. These services include:





Visualization and download of national-scale phenology data
Nature’s Notebook programmatic and information infrastructure (e.g., campaigns, workshop
materials, shared sites, mobile apps)
Content-rich newsletters and web pages for partners and educators
Curricular resources for middle school through adult audiences
Legacy data registry tool
Conclusion
While the USA-NPN faces a wide range of risks, a number of mitigation factors are in place, and further
strategies are under development. The framework established here supports further identification of
missed or emergent risks, as well as the identification of further actions that may be taken to mitigate
identified risks. We are optimistic that it will engender informed and productive efforts among Advisory
Committee Members and NCO Staff to jointly ensure the success of the USA-NPN.
In the future, we should also consider the compounded effects of high priority risks – for example, what
are the impacts of simultaneous funding cuts and executive transition?
10
[Pick the date] [FOR INTERNAL USE ONLY]
Additional Resources
Resources on Risk Management


Bruce Schneier (neglects in risk mgmt and approaches to risk mgmt)
Fischhoff, B., Slovic, P. & Lichtenstein, S. Am. Stat. 36, 240–255 (1982).
Resources on Executive Transition:




http://www.aecf.org/KnowledgeCenter/PublicationsSeries/ExecutiveTransitionMonographs.asp
x
http://www.blueavocado.org/content/succession-planning-nonprofits-all-sizes
http://www.councilofnonprofits.org/resources/leadership-development-and-succession
http://grantspace.org/Tools/Knowledge-Base/Nonprofit-Management/EmploymentVolunteering/Executive-transitions
Resources on Strategic Positioning (Cynthia Montgomery)

http://hbswk.hbs.edu/item/7022.html
11

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz