Skip to main content.

Risk management and strategic planning for a revenue collection agency


This case describes the identification and analysis of the main strategic threats and opportunities for a Government revenue collection agency.

The risk assessment outcomes formed a key input to strategic planning for the agency. The active involvement of all the senior managers in the pre-workshop activity and the workshop itself was an important aspect of generating ownership and acceptance for the workshop outcomes. This meant that one set of critical inputs to the strategic plan were already accepted, prior to the planning conference, allowing that activity to proceed more effectively and efficiently.

We used a ‘standard’ risk management process aligned with ISO 31000, but additional preparation was necessary to overcome severe time limitations.

Several important lessons were learned during this activity:

  • The same risk management process can be used to identify and analyse opportunities and threats.
  • Pre-workshop activity and detailed analysis are critical to achieving objectives in a short time period.
  • A high degree of discipline and strong and demonstrable support from the executive management team is vital, particularly if time is short.
  • Two workshop facilitators working together – one to lead the activity and the other to support and record the proceedings – can improve the efficiency and effectiveness of the workshop significantly.


The Provincial Revenue Collection Agency (PRCA) manages Government revenues from a variety of taxes, fines associated with infringements like parking tickets, and other forms of monies due. It also administers a small range of Government grants. The work described in this case study concerns the identification and assessment of the main strategic threats and opportunities for PRCA, as an important input to the agency's three-day strategic planning conference.

Threats and opportunities were interpreted as deviations from what was expected to occur. Threats involve disadvantageous changes from desired objectives, while opportunities involve benefits or enhancements to objectives.

The identification and analysis workshop focussed on strategic opportunities and threats, those matters that may affect PRCA as a whole and the achievement of its objectives over the longer term, and the next five years in particular. It did not deal with operational or tactical opportunities and threats, which were to be the focus of later risk management activities.

The overall risk management process followed the steps in ISO 31000. The Context stage was completed prior to the workshop and summarised in a detailed briefing note. The workshop focussed on the three steps of risk identification, risk analysis and risk evaluation. Treatment actions were the responsibility of PRCA managers after the workshop, and a particular focus of the strategic planning conference.

Establishing the context

PRCA manages important sources of Government revenues. A key to its continuing success is the management of the business risks inherent in sustaining a high level of revenue collection and compliance.

The agency had undergone major changes recently through the assimilation of new revenue activities. The changes offered both opportunities and threats. Significant efficiency opportunities had been identified, but it was also recognised that pressure for additional efficiencies was to be expected, especially if an economic downturn reduced Government revenues. Not making worthwhile efficiency gains was as much a threat as the efficiency gains themselves were opportunities.

PRCA had the opportunity to use its enviable image and achievement-based culture to expand into new areas of business. However it needed to be careful not to over-stretch itself, as several threats associated with new business integration, systems support, the demographic structure of the business and management’s ability to maintain its culture and image could all be exacerbated by rapid growth.

PRCA's corporate objectives are to:

  • Maximise compliance
  • Maximise effectiveness and efficiency
  • Maximise client satisfaction
  • Maximise organisational and staff capability.

Stakeholders and their objectives in relation to PRCA are listed in Table 1.

Table 1: PRCA stakeholders



Government, Cabinet, The Treasurer

Sound revenue base; predictable revenue stream; sound policy advice; low cost of collection; low public profile


Sound revenue base; predictable revenue stream

PRCA Directors and managers

Good processes; effective and efficient collections; high levels of compliance; capable, happy and productive staff

PRCA staff

Increased skills and capabilities; safe workplace; fair workplace; job satisfaction; job security

Taxpayers (direct and indirect)

Accurate information; accurate assessments; secure payment systems; easy payment processes (simple, flexible); security of private information; safe offices

Professional advisers (accountants, lawyers, brokers)

Accurate information; accurate assessments; secure payment systems; easy payment processes (simple, flexible); security of private information

Payment recipients

Accurate information; accurate, timely payments; security of private information; safe offices

Client service providers (facilitators of electronic links)

Reliable and secure technology; flexible interfaces; secure information

Fine defaulters

Accurate information; accurate assessments; security of private information

Financial institutions

Secure payment processes; security of private information

Issuers of infringement notices

Accurate information; secure collection and payment processes; security of private information

The PRCA objectives and the stakeholder analysis were used to develop a set of criteria for measuring the consequences or potential effects of opportunities and threats (Table 2).

Table 2: Criteria for strategic threats and opportunities


Linked to objectives

That cover

Revenue and fines


Revenue losses, failures to collect, over-payments

PRCA budget

Effectiveness & efficiency

Additional operating expenses

Core capabilities

Effectiveness & efficiency; capability; client satisfaction

All aspects of our activities, including processes, systems, information security, personnel and organisational capabilities

Reputation and image

Client satisfaction

Reputation and image in its widest sense, including Government or community support



Our aim of being a good employer with skilled and talented people


Effectiveness & efficiency; capability

Both acute (short-term) and chronic (long-term) impacts on staff, contractors and the public


Effectiveness & efficiency; client satisfaction

Schedule impacts of project delays

The key elements in Table 3 provided the basic structure for the brainstorming activities to identify opportunities and threats in the workshop. They were intended as a guide for brainstorming only, not a formal classification of strategic topics.

Table 3: Key elements


Key element

Includes but is not limited to …



Information, analysis, notices


Information, funds, accounting


Strategy, collections, enforcement, audit

Debt recovery

Infringements, fine enforcement, tax debt


Efficiency, robustness, security


Business and management processes of the organisation



Policy, legislation, advice to Government


Corporate strategy, business planning, finance policy


Clients, Government, web site, education


Grants administration


People & skills

HR policy, training, retention

Support services

Finance, services


Site services, transition to new locations


IT, client projects, internal projects

Preparation for the workshop

Lack of time was a major constraint for the risk assessment workshop – the senior managers of PRCA could only spend a maximum of three hours. Unfortunately, this is a common feature of strategic workshops. However, the main Division managers were available for interviews prior to the workshop.

The limited time was exacerbated by the desire for the participants to include the Chief Executive, all the Division managers and all their direct reports, a total of over thirty people. Workshops with these numbers are always difficult to manage and to keep focussed and on schedule, even with plenty of time available.

These features made exhaustive preparation critical for the workshop, to maximise its value in the limited time provided. Several approaches were adopted:

  • Detailed interviews were held with key Division managers, to introduce them to the workshop process, develop a structure for it and ensure their commitment.
  • A detailed briefing note was issued to all participants, explaining the purpose of the workshop, the intended outcomes and the processes that would be used to achieve them.
  • The ‘Top 5’ opportunities and threats were collected from all participants and analysed prior to the workshop, to form a pre-seeded opportunity and threat register.

Participants were encouraged to think about and document the main opportunities and threats for PRCA. In particular, they were asked to prepare a list of the top 5 strategic threats and the top 5 strategic opportunities they perceived for PRCA as a whole, and the top 5 threats and opportunities in their areas of work. To help them do this, instructions and a template for their responses were provided in the briefing note.

Most participants, including the Chief Executive and all the Division managers, responded to the request for lists of opportunities and threats, and they generated a large amount of valuable information. This was analysed before the workshop.

  • Opportunities and threats that were operational or tactical in nature were not relevant to the objectives of the workshop. They were recorded separately for subsequent action by the Divisions.
  • Duplicated opportunities and threats were combined.
  • Some specific opportunities and threats that arose in particular parts of the organisation were generalised, where appropriate, to extract the associated strategic opportunities and threats for the agency as a whole in the form of headline risks.

The consolidated responses formed the starting point for the risk identification activities in the workshop.

Workshop process

The workshop involved brainstorming, with two passes. In the first pass, for each key element, the participants:

  • Briefly reviewed the area covered by the element and the opportunities and threats that had been identified already
  • Edited the descriptions of some items to reflect the underlying opportunities or threats and to improve their clarity
  • Removed some items that were considered to be operational
  • Identified additional opportunities and threats
  • Noted the agency’s existing controls
  • Assigned consequences and likelihoods, given the controls
  • Established initial priorities.

The initial priorities were reviewed during a second pass later in the workshop, to provide a ‘sanity check’ on the first-pass brainstorming outcomes. Agreed priorities were assigned to each threat and opportunity.

Assessment scales

In the assessment part of the workshop, consequence and likelihood scales were used to rate the opportunities and threats.

The consequence scale was linked to the criteria in Table 2. Where an opportunity or threat impacted on several criteria, as was usually the case, the outcome with the highest rating was selected. The likelihood scale referred to the potential for opportunities or threats to occur and lead to the assessed level of consequences. In all cases, the current controls were taken into account when developing the consequence and likelihood ratings.

A simple table was used to convert the consequence and likelihood ratings to initial priorities. As a guide, the priority for a threat had the following interpretation, with a similar interpretation for exploiting opportunities:

E Extreme threat; an intolerable threat that might threaten the survival or effectiveness of an important program and possibly the agency, where immediate action is required at a senior level.

H High threat; an intolerable threat that would have a significant adverse effect on a program or the agency and where senior management attention is needed.

M Medium threat; a barely tolerable threat where management responsibility must be allocated.

L Low threat; a tolerable threat that can be managed by routine procedures.

Workshop outcomes and analysis

A total of 24 opportunities and 43 threats were identified and assessed in the three-hour period available for the workshop (Table 4). Note that these are 'raw scores' and contain some overlapping items – tables like this can be misleading if not analysed and interpreted carefully. Overall, though, the proportions of opportunities and threats are similar to those we have obtained in similar strategic assessments, with about one-third opportunities and two-thirds threats. Even with careful facilitation, participants in risk workshops tend to focus more on what can go wrong than on potentially beneficial outcomes.

Table 4: Opportunity and threat profile















The major areas of opportunity and threat for PRCA were:

  • Immediate efficiency gains
  • Future development opportunities and associated threats
  • Systems support threats
  • Loss of corporate knowledge
  • Revenue collection, compliance and policy advisory threats inherent in the agency’s functions.

Lessons learned

The same risk management process can be used successfully to identify and assess opportunities and threats. This is important for many assessments, and critical for strategic ones.

If senior managers cannot spend time in a workshop activity, other means must be used to ensure their engagement. In this case, collecting and analysing information about opportunities and threats prior to the workshop was an important feature, and a key means of ensuring that good outcomes were obtained in a very short workshop period. It also ensured the engagement of participants, who saw their words reflected in the initial register.

Broadleaf used two facilitators in the workshop – one to lead the activity and the other to support and record the proceedings. When time is short, it is not feasible to facilitate and record simultaneously (and it can be very difficult even when time is plentiful!). The second facilitator also helped to manage time, and to capture important information that was provided out of sequence.

Even with a pre-seeded register and excellent facilitation, everyone involved needed to have a high degree of discipline to achieve the workshop objectives. The participants focussed on the workshop process and the outcomes they needed for their strategic planning, and they exercised great restraint in limiting their discussion to salient points necessary to modify the specific opportunity, threat and control descriptions and generate defensible assessments of consequences and likelihoods. The example set by the Chief Executive and the Division managers was very important here. As with most strategic risk management activities, strong and demonstrable support from the executive management team is critical.

The risk management outcomes formed a key input to strategic planning for the agency. The active involvement of all the main managers in the pre-workshop activity and the workshop itself was an important aspect of generating ownership and acceptance for the workshop outcomes. This meant that one set of critical inputs to the strategic plan were already accepted, prior to the planning conference, allowing that activity to proceed more effectively and efficiently.

Government revenue collection agency
Public sector and government business
Services included:
Risk assessment and risk treatment
Risk assessment