The security industry is moving in the direction of placing greater importance on risk management, especially where it converges with security management. This reality will eventually affect virtually all security professionals, at all levels of an organization. ERM is not a new concept. But the participation in ERM process by senior security professionals is more recent, and on the rise. Being successful as a security professional in tomorrow's security industry will require buying into the concept of “risk management”, and learning how to apply it in the security field. To be successful we will need to acquire the tools, skills and comfort level to accurately estimate risks - the probabilities that future security events might occur and measuring what consequence events could have on your organization.
Risk managers, senior executives and even Boards often provide oversight to security management programs. This article provides some practical tips on how to improve your assurance function while exercising that oversight. If you don’t know the relative security risks to your people and assets, at all of the US and overseas offices, as well as risks to personnel during travel, then you are flying blind. Knowing your risks is much more than looking at a risk map and saying that “this country is Orange, and therefore a Level 4 risk”.
Improving Security Risk Management
Security Risk Assurance - 5 Tips for Risk Managers, CEO's and Boards
Working with Local Security - DR Congo - Case Study
The Art of Situational Awareness
Is It Safe to Work in Kashmir?
Many global extractive companies have been drawn to the mineral wealth in the Democratic Republic of Congo (DRC). However, one of the first questions they must ask before investing is, “Can we operate there?” Indeed, there are a number of challenges to operating in the DRC; and perhaps no challenge is greater than that of security. In unstable regions such as the DRC, a company should employ three distinct layers of security in order to operate safely – a strategy I supported during my time as security manager in the extractive industry.
If you're a senior executive, risk or security practitioner, then the biggest reason for having situational awareness is to keep your organization proactively aware of those risks to your people and the organization. Like all other operational aspects of your business, if you're not monitoring the road ahead, then “things will pop-up seemingly unexpectedly” in front of you without warning.Too often in my career I was hired by companies in the wake of a major crisis, situations which included mass kidnappings and multi-million dollar terrorist acts against property. In those situations, all the indicators were present for management to detect and act BEFORE those crises occurred.
A client asked us this question, as they considered taking on a large project in Indian Kashmir - part of exploring a business opportunity for their first entry to this growing market. Obviously the client's business development team clearly saw opportunity…the upside potential, which a market entry into India could bring. However, several executives and even employees were understandably “concerned”, given the history of violence and military activity along the border with Pakistan. Let's begin with agreement on the definition of key terms – that “keeping your people safe and secure” = “keeping security risks at acceptable levels”. But, before we could accurately estimate security risks, we first had to know something about the security situation in the Kashmir area. We started our situational awareness efforts well in advance of our client's planned operations.
Click on the Links to view the full articles, or contact us for a clean copy of any of our articles in PDF format.