1 Introduction

Assessing and managing climate change risks to underpin adaptation planning are becoming more important. Evidence shows that, regardless of efforts to mitigate future emissions, a level of change is locked into the climate system (IPCC 2018). Failure to effectively plan for and manage future climate change risks can result in significant damage to infrastructure, businesses, industry, economy and society in general (Stern 2013). A critical aspect of adaptation planning is addressing climate changes, including single or combined hazards, in the context of other socio-economic changes, and how these impact a particular system of concern (e.g. an asset such as a water supply pump, infrastructure such as a water supply network, a business process, a sector such as health or agriculture etc.). Adaptation should also include action taken to address the existing adaptation deficit.

The approach for assessing climate change impacts originated as a scenario-driven impact assessment guideline from the Intergovernmental Panel on Climate Change (IPCC) (Carter and Kenkyū 1994; Parry and Carter 1998). Over the years, there was a shift in approach, from understanding impact to assessing vulnerability using model-derived future climate scenarios. This shift was partly due to the transfer of policy focus from ‘understanding of climate change impacts’ to ‘planning for adaptation to the impacts of climate change’ (Jones and Preston 2011; IPCC 2014; Burton et al. 2002; IPCC 2018). As policy focus moved further towards mainstreaming adaptation within core organisational activities, and understanding the benefits and risks associated with different adaptation options, a different stream of methodologies focused on risk management approaches for climate change adaptation emerged (Willows and Connell 2003; Heazle et al. 2013; Jones and Preston 2011; Preston et al. 2011). Unlike the previous generation of approaches, these focus on solutions (i.e. how to manage climate change risks by adapting) rather than identifying problems (i.e. understanding potential climate change impacts) and are therefore advocated by the IPCC in its Fifth Assessment Report (Jones 2001; Jones et al. 2014). Further, they have moved away from the linear, ‘top-down’ approach that begins with observed and modelled climate data, evaluates the impacts and considers and selects appropriate adaptation options, towards a ‘bottom-up’ approach that begins with evaluation of exposure and vulnerability, leading to the assessment of risk, and resulting in the identification and implementation of adaptation options. An overview of such approaches is provided by Palutikof et al. (2019a) and Street et al. (2019). In general, they are iterative in nature, facilitating learning and adopting changes as the process progresses. This is a critical element for dealing with the uncertainties of climate change and the flow-on effects to adaptation decision-making.

Examples of similar operational guidelines for adaptation can be drawn from the literature. Snover et al. (2007) developed a guidebook for local, regional and state governments to assist in adaptation planning, starting from risk identification, through to investigating adaptation and implementation options. The International Council for Local Environmental Initiatives (ICLEI) developed an adaptation toolkit highlighting necessary tasks and processes for conducting risk assessments and adaptation planning for local governments in Oceania (ICLEI Oceania 2008). Similar decision support products have been developed by Willows and Connell (2003), CARE (2009) and Ayers et al. (2012), albeit for different sets of decision makers.

Merely adopting a risk management approach is not enough for assisting decision makers in adaptation planning, partly because there remain some practical challenges in implementation. The information requirements and processes that need to be followed to operationalise the risk management framework vary widely depending on the objective of the adaptation decision, its context (social and biophysical) and the nature of the problem in hand (National Research Council 2009; Pidgeon and Fischhoff 2011). Therefore, decision makers, whether in public- or private-sector organisations, require a range of climate services that include data and practical methods, as well as tools and guidelines to implement those methods. CoastAdapt (coastadapt.com.au)—an online decision support platform—seeks to deliver to this broad requirement through guidance, information and data to assist Australian coastal practitioners in managing the risks associated with climate change (Palutikof et al. 2019b).

CoastAdapt is just one of a number of decision support platforms developed to address the information and guidance requirements of adaptation decision makers. These include, for example, the US Climate Resilience Toolkit (Gardiner et al. 2019), the European Climate Adaptation Platform (EEA 2018), the Klimalotse for Germany (Hasse and Kind 2019) and the Adaptation Wizard for the UK (Street et al. 2019).

The three-tier risk assessment framework described in this paper forms part of a wider risk management process, Coastal Climate Adaptation Decision Support (C-CADS), which unifies the guidance and information delivered by CoastAdapt. C-CADS is based on standard risk management principles, but is tailored for climate change adaptation purposes by including appropriate information and guidance (e.g. on barriers to adaptation, stakeholder communication, adaptation planning). Detailed guidelines for operationalising C-CADS are delivered through CoastAdapt. An outline of the six steps in C-CADS is shown in Fig. 1.

Fig. 1
figure 1

Example of a risk-based adaptation framework as used in the CoastAdapt tool

1.1 Risk assessment for climate change adaptation

Application of climate change risk assessment guidelines within organisations is challenged by a number of factors. First, demand for financial and human resources to conduct a climate change risk assessment within an organisation is often in competition with existing business priorities and therefore, it is important to optimise the use of these limited resources (Mukheibir and Ziervogel 2007; Pini et al. 2007). Second, in-house climate expertise is often limited or absent within small- and medium-sized organisations, because understanding climate change risks is not considered part of core business (Dessai et al. 2005; Measham et al. 2011). As a result, organisations often engage external consultants to undertake climate change risk assessments. Third, organisations may fail to consult with appropriate stakeholders in their adaptation planning and implementation, including at the risk assessment stage, leading to an absence of trust in decision-making processes and ‘push back’ during attempts to implement adaptation actions (Jones et al. 2014; Storbjörk 2010).

In this paper, we respond to these practical challenges of conducting a climate change risk assessment within an organisation, and propose a tiered framework that supports the learning journey that is essential for adaptation and enables organisations to optimise their adaptation resources, systematically increase their climate change knowledge base and develop targeted engagement strategies. The framework allows users to start with a low knowledge base and minimal resources (using existing national and regional datasets and resources) and incrementally progress towards complex processes that require a higher knowledge base and resources. The framework broadly follows that introduced by Willows and Connell (2003). It develops specific tasks, relevant to the coastal environment in Australia, to operationalise each tier. It demonstrates how each tier can be embedded inside a standard risk management framework, so that organisations can easily align climate change risks with their existing risk management process. It introduces a suite of related tools to support the implementation of each tier (e.g. risk assessment templates, step-by-step guidelines, communication materials, infographics, climate change data etc.), delivered through the CoastAdapt website.

First, we outline the tiered framework highlighting the characteristics of each tier. Second, we describe how it is implemented in CoastAdapt via development of guidelines, checklists, tools, infographics etc. Third, we discuss the benefits of the approach and its application in adaptation planning.

2 The three-tier climate change risk assessment framework

A three-tiered climate change risk assessment was developed in CoastAdapt. This can be used by the public sector (e.g. coastal local governments) as well as by private organisations (e.g. utility companies and infrastructure operators with coastal assets) to understand and manage the risks from climate change and sea level rise. The three tiers are described below.

A first-pass risk screening is a rapid and qualitative process which can be carried out without detailed local data to develop a preliminary understanding of the climate change risks faced by an organisation. It is ideal for resource-constrained organisations with limited data and information, who seek awareness of the risks they face from climate change. It is an important early step in climate adaptation planning.

A second-pass risk assessment is a standard approach based on risk management standards such as ISO31000 (ISO 2018). This includes conducting a risk workshop with relevant stakeholders to identify and evaluate specific climate change risks, their likelihood and consequences. Through data, available information and expert knowledge, a risk register is then generated to support identification of adaptation options and opportunities. Its alignment with ISO31000 facilitates integration with existing organisational risk management frameworks, helping with internal uptake.

A third-pass risk assessment focuses on further investigation of prioritised, short-listed and site-specific risks (identified at the second-pass assessment stage). It is highly resource intensive and can be helpful, for example, in costly and long-lived engineering projects that require detailed information on climate change-related risks (e.g. estimated rate and extent of change) through detailed modelling or hazard studies before proceeding to design and associated investment decision-making. Except in such circumstances, a third-pass assessment may not be necessary.

Table 1 summarises key characteristics of each tier of risk assessment highlighting their objective, resources, knowledge and engagement requirements and limitations. To assist CoastAdapt users in implementation, step-by-step guidelines have been developed for each tier. These guidelines are aligned with international risk management standard ISO31000 and use the same terminologies. ISO 31000 provides direction on how an organisation can integrate risk-based decision-making into its governance, planning, management, reporting, policies, values and culture (ISO 2018). Taking this approach ensures that users will be faced with familiar terminology, since most government and private organisations manage their organisational and business risks from a basis of ISO31000.

Table 1 Characteristics and requirements of local scale risk assessment approaches

There are four steps within each risk assessment tier.

  1. 1.

    A scoping exercise which establishes the context of the risk analysis.

  2. 2.

    Identification of any existing climate risks to the organisation, by analysing past records and tapping into local experience, thus providing a baseline against which future risks can be determined.

  3. 3.

    Exploration of future risks against specific climate change scenarios for time scales that are relevant to the organisation in terms of maintaining their assets and business operations.

  4. 4.

    Evaluation and prioritisation of identified risks in terms of the need for action.

In practice, not all steps may need to be carried out in each tier, for example, Step 1 might not be necessary in the second and third tiers if the previous tier had recently been worked through. Also, users with climate change knowledge and capacity might be able to combine the first and second tiers, or proceed directly to the second tier. The four steps are described in more detail in the next section.

3 Key technical differences between the three tiers of assessments

The specific activities that need to be carried out and issues that needed to be considered for each tier have different requirements and levels of granularity. Table A-1 (Supplementary Material) provides an overview and highlights some of the issues that need to be resolved for each tier. Detailed step-by-step guidelines can be downloaded from the CoastAdapt website (coastadapt.com.au) and a summary is provided below.

  • Step 1: Establish the context

Step 1 is about laying out the parameters of the assessment. Most importantly, what is the target of the assessment? Is it all assets managed by a local municipality, is it a single strategically critical existing piece of infrastructure, is it a planned investment? The answer to this question in turn helps to define the timeframe of interest, which is likely to be determined by the expected lifespan of the target(s) and the scale (an entire town, a single beach, a single piece of infrastructure). Consideration needs to be given to state policies, laws and regulation, which may impose certain requirements on the assessment (for example, a benchmark for sea level rise or a set-back distance for development in the coastal zone).

Next, it is necessary to determine the level of risk that will form the basis of the assessment, as expressed by the scenario of future climate change. Will the assessment assume a business-as-usual future scenario of greenhouse gas emissions and atmospheric concentrations, for example, that is represented by Representative Concentration Pathway (RCP) 8.5 (van Vuuren et al. 2011). Or will a lower level of risk, as expressed by a future greenhouse gas trajectory that involves a higher level of mitigation, be acceptable? Generally, if resource limitations only allow for one scenario to be explored, a business-as-usual (high risk) scenario will be appropriate.

Once the timeframe and the scale are known, Step 1 will involve establishing and building the climate change scenario. What are the variables of interest? At what time resolution (hourly variables, monthly, annual)? The tier of assessment will determine the level of resources that will be needed (conversely, where few resources are available, it may only be possible to carry out a first-pass or second-pass assessment). If it is the first tier, it is likely that published sources will be sufficient. For the second tier, it may be necessary to purchase some data, and for a third-pass assessment, this is almost certain to be the case—climate variables at high spatial and temporal resolutions will be required to quantitatively estimate the impacts of a particular hazard from future climate change and sea level rise at a particular location.

Increasingly, adaptation practitioners are seeking to stress test their assets at risk, by projecting a future in which the impacts of climate change are at the upper end of model projections for the RCP8.5 scenario (rather than the more commonly used average or median of an ensemble of model projections) or beyond (Abadie et al. 2017; Carter and Janzen 2018). Detailed modelled information for such a high-end scenario may not be available as the basis for a second- and third-pass assessment, but it would certainly be possible to carry out a first-pass assessment, if the assessor judges this to be appropriate.

  • Step 2: Identify existing climate risks

When undertaking a climate change risk assessment, it is important to determine any existing climate-related risks in order to establish a baseline. Broadly speaking, in a first-pass assessment, it is only necessary to establish the presence or absence of a climate hazard in the area of interest, while a second-pass assessment requires a qualitative estimate of the impact of previous hazard events using a predefined scale (insignificant, moderate, etc.). The third-pass assessment moves towards quantitative estimates of previous hazard-related losses of targeted systems. Determining any risks that remain despite the implementation of management actions can help to identify adaptation actions which should be given high priority because of the immediate benefits they provide.

  • Step 3: Identify future climate change risks and opportunities

In the first-pass risk screening, the presence or absence of future risks is identified using information such as local knowledge, published national or state-level climate change and sea-level rise projections and maps, and any other available maps and information from the area. As an example of potentially useful information available at little or no cost, a list of relevant national datasets available through CoastAdapt is provided in Table A-2 of the Supplementary Material.

In the second-pass risk assessment, future risks are identified (mainly for systems that are identified and shortlisted in the first-pass screening) using a standard approach whereby specific future risks are assessed, and their consequences and likelihood are discussed among relevant stakeholders with appropriate expertise, taking into account the adaptive capacity of the system under consideration and its users. Generally, the underlying datasets will be those used in the first-pass assessment (Table 1) augmented by commissioned low-cost information, for example, an expert may be asked to report on erosion potential under sea level rise. Tables A-3 and A-4 (Supplementary Material) show examples of likelihood and consequence scales that can be used at this step. Once consequence and likelihood have been assigned, a risk rating can be determined using a scale such as that shown in Table A-5 (Supplementary Material). In Step 4, consequences, likelihood and risk rating are all evaluated to determine the criticality and prioritisation of risks. The second-pass assessment should also consider a preliminary evaluation of vulnerability based on exposure, sensitivity and adaptive capacity, leading into the formal vulnerability rating of the third-pass assessment. This evaluation should specifically include local knowledge to more clearly identify the impacts and responses taken during historical events (building on outcomes from Step 2, see Table 2).

Table 2 Guidance on when to use the outcomes and the application of the different tiers of risk assessment in adaptation

In the third-pass risk assessment, a similar approach is taken, but is underpinned by more targeted and specific information about the nature of future hazards. This can include targeted information about the environmental and socio-economic conditions (present and projected), in order to better understand and rate the associated vulnerabilities. A major difference of this tier is that it requires a vulnerability rating to be developed in addition to the risk rating. Vulnerability ratings are generated by investigating how sensitive the system is to future climate change exposure, and what the capacities are of the organisation to cope with those changes. Sensitivity and adaptive capacity ratings (i.e. high, medium, low) generated from this process are then used for developing the vulnerability rating of the system (see Table A-6 Supplementary Material for example). Finally, this vulnerability rating is used to prioritise management responses (e.g. systems that are at high risk and highly vulnerable should be prioritised, see Table A-7 Supplementary Material).

‘Risk’ and ‘vulnerability’ are different concepts (Gardiner et al. 2019) and therefore their ratings are generated separately. Together, they can be used as the basis to develop a targeted communications strategy (i.e., targeted at stakeholders with the most vulnerable assets) and as the basis for discussions with those stakeholders. A major benefit of prompting users to think about vulnerability (along with risk) is that it facilitates more complex discussion around sensitivity and adaptive capacity ( Abbas El-Zein and Tonmoy 2015; Tonmoy et al. 2014; Tonmoy and El-Zein 2013; Hinkel 2011). As a part of understanding vulnerability, users are also prompted to think about secondary impacts of climate risks by identifying interdependencies among parts of a business or interdependencies of infrastructures that support business continuity. The more an at-risk system is dependent on other components, the more sensitive it is to future climatic change, and therefore the more vulnerable it is (Tonmoy and El-Zein 2013).

  • Step 4: Analyse and evaluate risk

Risk evaluation in the first-pass screening is a qualitative exercise whereby any systems, geographical areas or business processes identified as at risk from climate change are shortlisted for further investigation. The next step may be to report the results to internal and external stakeholders (e.g. the organisation board) with recommendations for further action, or to commence a second-pass risk assessment.

In the second-pass and third-pass assessments, the risk evaluation process is structured as a standard risk evaluation process (e.g. ISO31000) where identified risks are compared to risk evaluation criteria. Here, selection of these risk evaluation criteria is critical and should be developed in consultation with stakeholders and/or by adopting organisational objectives or existing risk evaluation criteria (for examples of risk criteria, see Table A-8, Supplementary Material). In the third-pass assessment, individual risk ratings are used along with the vulnerability ratings to prioritise risks that need management actions.

3.1 Stakeholder engagement and consultation

Expert judgement is a vital part of the risk assessment approach at all stages. The framing of the assessment is through the collection of appropriate data, and through the definition of objectives, timings and emissions scenarios. However, the identification and prioritisation of risks through evaluation of consequence and likelihood is based on expert judgement. This requires that, as with all stages of the adaptation process, stakeholders are effectively identified, engaged and consulted (Storbjörk 2010). It is likely that the mechanism for achieving stakeholder input will be through workshops. CoastAdapt provides guidance on how to make sure that the ‘right people are in the room’, and how to engage with them to achieve the desired outcomes. Broadly, at the first tier of assessment, it is likely that stakeholders will be drawn principally from within the organisation. At the second tier, effort should be devoted to understanding internal and external interdependencies, and so appropriate external stakeholders will be identified and engaged (see Box 1 for an example). At the third tier, workshops will likely require in addition input from experts able to interpret analytical results (from, for example, impact model experiments) and to evaluate the technical implications of these results.

Box 1 A case study of application

In order to test the applicability of this three-tier risk assessment approach, a ‘test case’ project was carried out in partnership with Northern Queensland Airports (NQA), who own and manage two regional airports in northern Queensland, at Mackay and Townsville (Fisk 2017). Both airports are located in low-lying mangrove ecosystems within a cyclone-prone region. Therefore, sea level rise and climate change have the potential to significantly impact NQA’s assets and business operations. However, NQA has limited climate change expertise and limited resources. NCCARF partnered with NQA to test the extent to which the three-tiered risk assessment process, CoastAdapt data and guidance could help NQA understand their climate change–related risks.

A project facilitator was engaged (Palutikof et al. 2019c) and, to begin the process, helped NQA conduct a first-pass risk screening using existing national and CoastAdapt datasets, guidelines and templates. This identified major potential issues for both airports to 2030 and 2050 under a high-emission scenario (e.g. runway maintenance during hot and dry weather, low-lying assets at risk of inundation, safety of workers exposed to hot weather, increased demand for air conditioning, erosion at certain parts of the airport complex, etc.). This screening also identified relevant stakeholders for NQA, including asset managers and aviation operations managers, who could provide further insights on the identified risks in a second-pass assessment. The findings of the first-pass assessment were communicated to these stakeholders and used as a basis for a second-pass assessment risk workshop.

An expert facilitator ran the second-pass risk assessment workshop with relevant stakeholders. For example, in the past, Mackay’s runway has been affected by overland riverine flooding. Since the local authority manages flood protection, a representative from the local authority was invited to participate in the workshop to provide insights on that particular risk of overland flooding. Specific risks and likely consequences/likelihood were identified for both airports and finally a risk register was developed. During the risk workshops, the outputs were stored in the CoastAdapt risk assessment template, which ultimately delivered a comprehensive risk register categorising the climate risks at the airports as ‘high’, ‘medium’ or ‘low’ across the three timeframes (present day, 2030 and 2050). The risk register will be used by NQA to inform their long-term planning (investigating the necessity for a third-pass assessment), including the company’s environmental management plan.

Throughout this process, we tested our risk assessment templates and guidelines and collected feedback from participants about their utility. As a result, some changes were made to address concerns raised in the feedback.

Particularly, at the second and third tiers of assessment, the services of an independent workshop facilitator are likely to improve outcomes (see Box 1). The advantages of this are outlined by Palutikof et al. (2019c).

3.2 Supporting risk assessment and associated reporting

Organisations conducting risk assessments should document the rationale for choices that underpin their risk assessments (e.g. timeframes and scenarios), the sources of information used (e.g. websites, reports etc.), assumptions made and stakeholders engaged (including their contributions to the process). This provides a trail of the evidence used to underpin adaptation decisions and establishes the currency of the information used. It informs decisions about when updated risk assessments may be required, such as when better data become available, or when organisational situations change. CoastAdapt provides a number of spreadsheets with incorporated guidance to support the risk assessment process and ensure that information is captured. A list of templates is provided in Table A-9 (Supplementary Material). Each template has a ‘ReadMe’ section which provides a short explanation of tasks and terminologies. Following guidelines and using templates, CoastAdapt users can create risk registers that can be employed for the strategic management of an organisation. Because risk assessment terminologies can often be difficult to grasp by non-technical stakeholders of an organisation (Webb et al. 2019), we provide simple infographics to support understanding of key concepts of risk assessment (Supplementary Material Figs. A-1 and A-2).

In general, understanding and assessment of climate change risk, as described in these risk assessment guidelines, are the starting points of climate change adaptation. Therefore, the success of the overall adaptation process may be compromised by the way the initial risk assessment is scoped and conducted, and by how the outputs are used to form the basis of adaptation planning within the organisation (Tonmoy et al. 2018). In the next section, we describe how a three-tier risk assessment framework can be embedded in a broader adaptation risk management process such as C-CADS, using the example of CoastAdapt.

4 Operationalising the three-tier risk assessment framework in C-CADS

Risk assessment is an integrated component of a broader risk-based adaptation and implementation process. Therefore, we embedded the three-tier risk assessment inside the broader CoastAdapt risk management framework of C-CADS. This integration allows users to move beyond risk assessment towards identifying risk mitigation options and developing an implementation strategy.

The first two steps of C-CADS include a focus on risk identification and assessment. The following four steps focus on the treatment of identified risks (Fig. 1). Thus, the tiered risk assessment is embedded in the first two steps. C-CADS is iterative—if the monitoring and evaluation demonstrated weaknesses or failures in the process, the C-CADS process can be repeated as shown in Fig. 1 and this might involve revisiting the risk assessment.

Table 2 shows how each tier of risk assessment can be used within C-CADS and how the outcomes can be used for risk management and adaptation planning. First-pass risk assessment is a screening process conducted to support the completion of C-CADS Step 1. By understanding the overarching risk faced, it is possible to determine scales of action, identify key stakeholders, and develop communication strategies for internal and external engagement to ensure resources are available. The second-pass assessment is used within C-CADS Step 2, generating a fairly comprehensive risk register that is useful for overarching planning or strategy development purposes. While a second pass is suitable to develop a plan, there can be some areas of high risk necessitating a more detailed third-pass risk assessment, which is also undertaken at C-CADS Step 2. This may follow directly from the second-pass assessment or may be part of a second iteration of C-CADS.

5 User testing

User testing is an essential step in the development of climate adaptation decision support tools (see Palutikof et al. (2019b) for an overview). Although rather few examples of rigorous testing exist, Abrash Walton et al. (2015) carried out an independent evaluation of the US Climate Resilience Toolkit, looking at perception and use of the US Climate Resilience Toolkit by 29 climate data end users along the east coast of the USA.

The risk assessment procedure described here was tested extensively with potential users, in two stages.

First, the developers of CoastAdapt instituted a Tool Development Partnership to work at every stage of development and implementation to ensure that the tool was fit for purpose. This Partnership, drawn mainly from local government officers and small businesses, contributed and reviewed material, and tested the overall tool for ease of navigability and accessibility of language (Leitch et al. submitted). The three-tier risk assessment process was tested extensively with this Partnership. In its early form, it was found to be too complex, such that target users such as employees of local municipalities would find it difficult and would likely not pursue its use. Extensive changes were made to improve accessibility and utility, until such time as the Partnership considered it fit for purpose. Nevertheless, Partnership members were of the opinion that whereas target users in local government and small businesses would be able to make use of the first tier of risk assessment unaided, and possibly the second tier depending on level of expertise and resourcing, it would definitely be necessary to have support (most likely in the form of a consultant) to undertake a third-pass assessment. Overall, they considered that the services of a consultant would be beneficial in terms of the quality of the outcome for all tiers. A range of providers can deliver effective facilitation, ranging from commercial consultants through to higher education institutions (Abrash Walton et al. 2016).

Second, following completion and release of CoastAdapt, a number of test cases were carried out (Palutikof et al. 2019c). These were 6-week projects to explore an adaptation problem, undertaken by local municipalities, infrastructure operators and businesses such as aquaculture companies. Each project was provided with a consultant and received a small amount of money, mainly to legitimise their participation in the eyes of the parent organisation, and to pay for any marginal project costs. Several carried out first- and/or second-pass risk assessments (see Palutikof et al. 2019c for a full description). Box 1 describes one of these test cases. Of note is the role of the consultant as an expert facilitator—although it is possible that the organisation could have carried out the first-pass assessment without support, the process ran more smoothly and the end result was superior because a consultant was available. It is unlikely that the organisation could have carried out the second-pass assessment without the support of the consultant. Nevertheless, feedback received after the project was completed was favourable—the organisation considered that the benefits in terms of awareness raising, capacity building and risk identification far outweighed any costs. The approach has been successfully applied to a range of situations since the release of CoastAdapt including in the agriculture sector, the health sector and in local government.

6 Discussion

The risk assessment framework described in this paper offers five principal advantages to adaptation practitioners—commonly, employees in the private- and public sectors who are time poor and with little or no formal training in climate change and the management of its impacts (Measham et al. 2011; McClure and Baker 2018).

First, because the framework (particularly the second and third tiers) is based around formal national and international standards of risk management such as ISO31000, the vocabulary and procedures will be familiar to most organisations and the outputs should align well with standard business practice, since the processes of risk register creation and scrutiny are generally a regulatory requirement (Howard-Grenville et al. 2014). This has the further advantage that, should the organisation desire, it should be straightforward to mainstream the outcomes from the climate change risk assessment into existing risk management processes and from there into core business.

Second, the framework makes optimal use of an organisation’s limited adaptation resources by taking a tiered approach, so allowing an organisation to start from a low knowledge base using minimal resources and, only if required, then move to more complex and resource-intensive risk assessment processes. Lack of financial resources for adaptation is one of the major barriers to adaptation, e.g. lack of funding from central government, lack of institutions that facilitate financing adaptation, limited access to financial resources, lack of political willingness to mobilise financial resources (Adger et al. 2007; Biesbroek et al. 2013). Where resources are lacking, an organisation can carry out a low-cost first-pass assessment which may demonstrate that the risks are low and adaptation effort can be postponed. Conversely, if the first-pass assessment does suggest that high risks requiring early attention may exist, it will at the same time provide the evidence that can be taken to stakeholders to make the case for additional resources to conduct further in-depth risk assessment.

Third, and leading on from this, the tiered approach to risk assessment aligns well with emerging adaptive planning approaches to adaptation, commonly known as adaptation pathways (Haasnoot et al. 2013; Walker et al. 2013). Adaptation pathways overcome many of the uncertainties associated with climate change impacts, especially timing and rate of change, by defining threshold events as trigger points for decision-making and action (Bosomworth et al. 2017; Lin et al. 2017). In fact, there are few examples of adaptation pathways being used within adaptation planning to develop a staged approach to actions—more commonly, they have been used as a vehicle to enable community engagement and consultation (Barnett et al. 2014). However, nesting adaptation pathways within formal risk management approaches should provide a flexible yet robust approach to adaptation, allowing threshold events to trigger action rather than taking a rigid time-dependent approach, as demonstrated by Gilroy and Jeuken (2018). The tiered approach adopted here allows this to happen, especially through the vulnerability rating process developed at the third tier of assessment. This is based on evaluation of sensitivity and adaptive capacity which can lead to the identification of threshold events, which in turn can be used to define trigger points in the construction of adaptation pathways.

Fourth, the risk assessment approach described here encourages the user to take account of interdependencies that can exacerbate impacts but be overlooked in a sector-based impacts evaluation. These include interdependencies along business supply chains (Surminski et al. 2018) and between infrastructure systems (Dawson et al. 2018). By taking a whole-of-business approach, as described here (and see Box 1 for an example application), the three-tier risk assessment process encourages exploration of interdependencies within the organisation. It can be used to explore interdependencies which extend beyond the organisation, but it will depend upon the user to ensure that risk assessment workshops include appropriate stakeholders (again as described in Box 1).

Finally, the approach is designed to be flexible to support the needs of stakeholders, ensuring that the outcomes from the risk assessment can be integrated into the organisation risk register, and that they are meaningful. This flexibility enables inclusion of non-climate change–related risks such as water quality or implications of growing populations. In the second-pass and third-pass assessments, users can determine their own likelihood and consequence scales, including taking existing organisations material. This has been demonstrated to increase the likely success of the risk assessment approach (Tonmoy et al. 2018).

7 Conclusions

In this paper, we have presented a three-tier climate change risk assessment framework that addresses some of the practical challenges of conducting climate change risk assessment on the ground at a local scale. Risk assessments are often identified as the most resource intensive tasks within the initial adaptation planning process. As a result, many assessments are done without appropriate guidance, making it difficult to use the output effectively (Tonmoy et al. 2018). Our tiered risk assessment framework and associated supporting materials (guidelines, checklists, tools, infographics, etc.) support practitioners to undertake risk assessments and leverage existing resources in a systematic way. It also facilitates capacity building in organisations whereby working through the first-pass assessment can help to demystify concepts and familiarise users with climate change science, risk and adaptation, and put them in a better position to drive more detailed risk assessment and associated management responses through their organisations.

There are factors that can limit the applicability of this framework. First, good-quality national and/or state-level climate change data are required for successful operation of a first-pass assessment. Therefore, countries that lack such data might not be able to conduct the first-pass screening effectively. However, this can be overcome, at least partially, by using global or regional climate change projections in combination with local and expert knowledge. Second, terminology and risk culture play an important role in adaptation planning and implementation. Therefore, organisations that have already conducted some work on understanding climate change vulnerability as a form of ‘vulnerability’ assessment, may find terminologies adopted in this ‘risk’ framework slightly different. However, the Fifth Assessment of the IPCC (Jones et al. 2014) advocates for risk-based approaches, as used in this framework, because they direct focus towards solving the problem (i.e. managing climate risk) rather than simply identifying the problem (i.e. identifying vulnerable systems). Finally, it is widely recognised that management of risks associated with climate change can lead to inequitable outcomes (Blackburn and Pelling 2018; Chen et al. 2018). The risk assessment approach described here does not seek to address equity issues around adaptation.

The procedures and terminology embedded in the framework are likely to be familiar to users, which increases the chances that it will be used and used effectively. It is well aligned with current thinking around how to stage adaptation through adaptive planning. Overall, the framework represents a robust yet flexible approach to assessing the risks associated with climate change, as the basis for adaptation planning.