As I was reading the McKinsey Quarterly "Risk: Seeing around the corners" article this week, I kept thinking about a recent New York Times article on the cholera epidemic in Haiti (http://www.nytimes.com/2012/04/01/world/americas/haitis-cholera-outraced-the-experts-and-tainted-the-un.html?scp=1&sq=haiti%20cholera&st=cse). The article describes both the current situation and how the risk of cholera was grossly underestimated following the 2010 earthquake. While the McKinsey article focuses on assessing risk in a business environment, I think the main themes are applicable to the public sector, especially the main point that "risk assessment processes typically expose only the most direct threats facing a company and neglect indirect ones that can have an equal or greater impact."
According to the NYT article, the international aid community, in their haste to address the most direct threats following the 2010 earthquake, failed to recognize the more indirect risk of cholera. A C.D.C. brief that was published after the earthquake described the cholera risk in Haiti as low (their exact words were "extremely unlikely"), despite the fact that the lack of public sanitation infrastructure created an environment conducive to the spread of cholera and other water-borne illnesses. Scientists have studied the strain of cholera found in Haiti and discovered it is nearly identical to a cholera strain found in Nepal. Researchers are now suggesting that cholera was brought to Haiti by UN peacekeepers who arrived in Haiti shortly after the earthquake. It appears public health officials and disaster relief workers failed to anticipate risks associated with bringing in peacekeepers from different regions of the world.
The McKinsey and NYT articles made me think about the applicability of more business-oriented risk assessment tools to the public sector, and how risk assessments vary between public and private sectors. Where is the overlap and where are the differences?