Language selection


Risk Management Essentials: How to Conduct an Environmental Scan (TRN2-J09)


This job aid describes the different steps to effectively conduct an environmental scan when managing risks.

Published: March 24, 2022
Type: Job aid

Download as PDF (354 KB)

Risk Management Essentials: How to Conduct an Environmental Scan

This job aid is part of the Risk Management Essentials Series, practical guidance on risk management that can be applied in the workplace. This job aid helps build context for the purpose of identifying risks. It provides general guidelines on how to conduct an environmental scan.

  1. Context and environmental scan (current step)
  2. Risk identification
  3. Risk measurement and assessment
  4. Response to risk
  5. Risk monitoring and control

What is environmental scanning?

Environmental scanning is about understanding the world and context in which you operate. It is a process for monitoring your internal and external environment for clues to existing circumstances and change that could bring about risk or opportunities. The purpose of environmental scanning is to find and retain information in order to inform decision-making at a certain point in time.

Why is environmental scanning important for Risk Management?

Gaining a well-rounded understanding of the organization's external and internal environment is the first step in the risk management process. Risk refers to the effect of uncertainty on objectives and outcomes at different levels of the organization. A major source of uncertainty is change to the environment in which an organization operates.

The environment is constantly changing; environmental scanning will, to the extent possible, help you identify changes in terms of events, issues, trends, and deviations from the norm. Knowing the environment and the direction of current and future shifts will help you identify and understand possible drivers and sources of risk that could affect the achievement of your objectives. Therefore, your scanning activities should include a wide range of facts, trends, and time horizons.

Factors to scan

Factors in the external environment

External influences could occur at international, national, regional, or local levels. Generally, the external environment consists of the following categories:

  • Political: government stability, change in government policies, priorities, funding levels.
  • Economic: projected economic growth, interest rates, broad orientations in fiscal policies, housing market, commodity prices, regional industries.
  • Socio-cultural: trends in population growth, impact of demographic change on demand for services, change in stakeholder expectations, pressure groups.
  • Technological: technological trends, cost of updating technology, obsolescence of systems and tools.
  • Legal: legislation, regulations, and standards.
  • Environmental: impacts that operations have on the built or natural environment, climate change.

Factors in the internal environment

Generally, the internal environment consists of the following categories:

  • Financial management: budgets and resources.
  • Human resources: capacity, capability and availability of the workforce.
  • Information technology: evolution of technology in the government context.
  • Governance:  structures to ensure correct authorities, approvals, functioning and controls.
  • Business processes: how operations are conducted.
  • Organizational culture: way that things are done in an organization, the unwritten rules that influence individual and group behaviour, attitudes and decisions.

How to conduct environmental scans

  1. Identify the scope & frequency of the environmental scan
    This will help you to narrow down the different categories of information that could affect your objective, from both external (outside of the organization) and internal perspectives. Determining how often the environmental scan will take place helps to keep information up to date. Depending on the purpose of the scan, the frequency can range from once a year (e.g., for a Corporate Risk Profile, a departmental report, or a risk-based audit plan) to once a month (e.g., for a specific programme or project underway).
  2. Identify the people to scan the environment
    Depending on the intended depth and scope of scanning, it may be beneficial to have more than one person involved. Be mindful of blind spots and biases. Having multiple scanners ensures that more than one opinion of what is important is considered, reduces the chance of overlooking relevant information, and reduces workload burden.
  3. Scan for information
    Look for information that could be relevant to your organization's situation. Keep an open mind and try to imagine how the information could contribute to future events, especially those which could affect your organization. Diversify your sources of information, the medium and the language.  Importantly, make sure the information is from a credible source. Reach out to your colleagues or organizational library, if you have one. They can help you identify and access sources of information and set up alerts and notifications.
  4. Analyze and summarize the information
    As you are scanning, analyze and briefly state the potential relevance of the information that you have decided to retain. This can take the form of a paragraph and/or diagram that summarizes the information, along with a link to the source(s). You may come across diverging or opposing views, do not ignore them. Include them in your summary. It is important to retain your sources for credibility in case you need to verify the information or see if there is an update.
  5. Conduct gap analysis
    Review all the information collected to determine whether there are any gaps.
    • Does the information provide a good basis on which to identify risks? (e.g., credible, regularly updated, accurate, objective, relevant to the organization, provides new or novel ideas)
    • Did you miss any important information categories?
    • Did you find enough information related to the most important potential sources of risk?

How to use your e-scanning results

You can use this information in a number of ways, including:

  • Providing context to stakeholders as they consider risks.
  • Input into risk drivers.
  • Contribute to a strengths, weaknesses, opportunities and threats (SWOT) analysis.
  • Other objectives or strategy development.
  • Sharing your scan with another area that might benefit.

This job aid was developed in partnership with the Canada Revenue Agency.


  • Choo, Chun Wei (1999).The Art of Scanning the Environment. Bulletin of the American Society for Information Science 23 (3):13-19.
  • Iden, Jon & Methlie, Leif & Christensen, Gunnar. (2016). The nature of strategic foresight research: A systematic literature review. Technological Forecasting and Social Change. 116.
  • Morrison, J. L., Renfro, W. L., & Boucher, W. I. (1984). Futures research and the strategic planning process: Implications for higher education (ASHE-ERIC Higher Education Research Report No. 9). Washington, DC: Association for the Study of Higher Education. (ERIC Document Reproduction Service No. ED 259 692)
  • Peter, Marc & Jarratt, Denise. (2013). The practice of foresight in long-term planning. Technological Forecasting and Social Change.
  • Zhang, Xue & Majid, Shaheen & Foo, Schubert. (2010). Environmental scanning: An application of information literacy skills at the workplace. J. Information Science. 36. 719-732.

Date modified: