Home Risk Management Reducing risk within your organisation
Risk Management

Reducing risk within your organisation

By Contributor CSM
By Contributor CSM Organisation Pilgrims Group Online First Published Autumn 2012

Walking the tightrope

What are the key issues for businesses in unstable environments?

Any organisation (from a family start up through to a FTSE 100) is exposed to a scale of risks, across a range of vulnerable areas, on a continuous basis. In the most basic terms this exposure can be reduced to human, financial, operational or reputational vulnerabilities; and the risk to an organisation from those vulnerabilities increases directly in line with external threat factors. It goes without saying that unstable environments often – if not always – pose a higher level of threat, and hence a greater risk, to any organisation operating in that environment.

Although it is tempting to think that an ‘unstable environment’ must refer to the streets of Baghdad or Kabul rather than the suburbs of Surrey, there are nevertheless factors which can render an otherwise stable environment deeply unstable, thereby increasing organisational risk exposure (think the London Riots; Bahraini civil unrest; the collapse of the Icelandic banks; or the LA Race Riots).

Risk factors and and threats

Factors which may predispose an otherwise ‘stable’ environment to instability include:

  • Ethnic, sectarian, racial, or religious tensions
  • Economic inequality and/or widespread poverty
  • Political antagonism
  • Ineffective security forces
  • High rates of criminality
  • Financial or liquidity problems
  • High instance of corruption and bribery
  • Lack of clarity on regulatory and legal issues and many more.

By taking basic steps to mitigate the threat of instability, organisations operating in those environments can significantly reduce their risk exposure – and in many cases the best practice models are those developed in the most severe environments, which have been tested most rigorously.

The threats in an unstable environment where any international organisation has operations, or even intermittent travel, are many and varied. People are at direct risk from threats including road traffic collisions, terrorist or criminal action, or open conflict. Capital is at risk from excessively lax or stringent regulatory environments; collapsing banks that can trap large sums of money indefinitely; or relationships with partners, suppliers, and customers on which adequate due diligence cannot be carried out effectively (among many others). Operations are at risk from all of the above, and from other factors including: austere environments; civil disorder interrupting supply chains; or high levels of corruption inhibiting effective delivery of service. And finally, an organisation’s reputation is at risk from any impact to people, finances or operations: in effect from any of the threats above and many more not listed here!

Reducing risk

What can businesses do to reduce their risk and protect themselves against the prevailing threats in unstable areas where they operate?

The answer is a simple one: Prior Preparation Prevents Poor Performance – “the five Ps”. Any organisation worth its salt recognises this, and engages in prior preparation across its core operational activities. Insurance, resilience, business continuity / disaster recovery, and other measures are examples of prior preparation against foreseeable threats or risks. However, in an unstable environment such as Libya, KSA, Israel, Nigeria, India, Iraq (and most emerging markets, as well as some more developed ones) additional measures are called for.

The first critical factor in mitigating organisational risk in an unstable environment is good intelligence. Information in a vacuum can and does rapidly become cripplingly complex, and organisations are often not sufficiently resourced to exploit the information gathered and produce usable intelligence.

There are many tools available: the UK FCO, US State Department, UN, and other bodies release regular general intelligence reports; or there are numerous private intelligence providers who can produce more specific reporting, bespoke to an organisation’s requirements. But for organisations whose structure does not provide the capacity for in-house intelligence collation and analysis, the best solution is often to identify specific intelligence requirements and to outsource these requirements to a specialist provider in the industry. This has significant benefits in terms of cost-effectiveness, but even more importantly it ensures that information is gathered from effective intelligence source networks and analysed effectively to develop useful intelligence.

The second critical factor is planning – which in unstable environments assumes an even greater importance than in other areas. Although any reasonably mature organisation (in either stable or unstable environments) is highly likely to have well-developed plans for business development and for normal operations, the threats inherent to unstable environments mean that organisational risk is correspondingly higher, and therefore necessitate enhanced mitigation measures.

The real threat of death, injury, illness, arrest, kidnap, or other personal harm must be incorporated into organisational planning as a likely eventuality. Similarly the threat of financial setbacks, cash-flow difficulties, fines, or anti-competitive penalties must be addressed; and the reputational risk to the organisation’s brand (local and global) must be mitigated by effective corporate communications strategies.

Due to the higher levels of threat in unstable environments, planning needs to be correspondingly more robust. While many organisations in ‘stable’ environments have a relatively laissez-faire approach to security in general, this is not viable in more hostile or unstable environments: Risk Registers, Security and Business Continuity policies and plans, Standard Operating Procedures, Emergency Operating Procedures and Evacuation Plans must be developed, tested, maintained and adjusted. As with intelligence support, external specialist providers with detailed local knowledge and a specific focus on delivering these services are likely to represent both a capable and a cost-effective solution to the organisation’s requirements.

The third critical factor for effective risk mitigation in an unstable environment is operational readiness, supported by the two pillars of good intelligence and prior planning. Knowledge and plans are absolutely necessary – but without the ability to act upon these preparatory elements, any organisation will struggle and potentially fail when confronted with a crisis.

Core principles to risk mitigation

Specific readiness measures will vary widely between different organisations. However the core principles of readiness will generally be common to any well-developed risk mitigation strategy:

  • Intelligence is monitored proactively, informing a trigger-based escalation of security response measures.
  • Plans are well-developed and routinely tested and updated.
  • All personnel involved have a clear understanding of their roles.
  • Sufficient human, financial, and material resources are in place to accomplish all planned outcomes.
  • Supply and distribution chains have inbuilt resilience to compensate for any disruption.
  • External support is in place before the crisis point, and has been continually tested and updated.

Once again, as with intelligence and planning, delivery of effective solutions for operational readiness is often best addressed through external support. Just as it is often more cost-effective and practical to outsource facilities management responsibilities, in a very similar sense the deployment of resources to support security management, journey management, guarding, or other services is likely to be most achievable by leveraging the resources of an organisation that specialises in that field.

Whilst these principles will be recognisable to most organisations, and in many cases will be in place to a greater or lesser extent across most of those organisations’ business units or operating countries, it is nonetheless important that the challenges of operations in an unstable environment should not be underestimated. Whether it be the threat of sandstorms closing an airport and disrupting travel for key personnel; a bank’s liquidity crisis causing payroll and other financial failures; or the development of popular hostility due to perceptions of discriminatory or exploitative business practices – under the conditions for instability identified above, the risk posed to an organisation from any one of these threats is exponentially greater than it might be in a ‘stable environment’.

So how can an organisation benefit from acting to reduce its risk in an unstable environment?

Aside from the obvious benefits of improving the safety and security of the organisation’s staff, finances, operations, and reputation, a real competitive advantage can be obtained if mitigation measures are implemented correctly and in a timely manner. Not only can direct costs be reduced (for example by winning reductions in insurance premiums, or identifying more effective guarding or security management strategies) – but in the dog-eat-dog world of 24/7 global business operations the ability to remain safely in a country for a few days longer than the competition, to get back in a few days sooner, or to recover from a crisis faster, may make the difference between being a market leader or a straggler behind the pack.

Whether this competitive edge is achieved using internal or external resources, it still hinges on “the five P’s”: Prior Preparation Prevents Poor Performance. Or another maxim: “failing to prepare is a preparation for failure”.

To conclude, a short case history

A major international organisation with offices across the MENA region had undertaken only limited preparations in Libya, despite the increasing tensions in 2010/11. Basic subscription intelligence services were in place, but not actively monitored and assessed; contingency plans were in place, but limited in nature and scope; and no active steps had been taken to prepare for an emergency by engaging external security or logistical support. When the tensions spilled over into open civil war, this organisation found its people trapped in Libya and at great personal risk. Heavy costs were incurred as the organisation scrambled to respond, calling on Pilgrims Group to evacuate its personnel from Libya; and operations in country ceased completely and indefinitely. The negative effects of these consequences for the organisation’s reputation (both internally and externally) were significant.

Contrast this with the same organisation’s response to unfolding events through later stages of 2011, as the Arab Spring progressed. The organisation approached Pilgrims Group, in the aftermath of events in Libya, with a view to developing a broad and robust range of preparedness measures. Led by a proactive intelligence-based approach, Pilgrims prioritised the business-critical country operations at highest risk from deteriorating stability, and deployed consultants to develop comprehensive emergency relocation / evacuation plans. All the highest risk countries across the MENA region were covered, starting with Bahrain. And when in March 2011 the Saudi Armed Forces rolled across King Fahd Causeway, to suppress the ongoing protests, Pilgrims deployed a team of consultants into country to support the organisation in implementing the plans that had been put in place. Safety of all personnel was ensured; costs were kept down through the use of previously identified subcontractor support functions; business interruption was minimised; and after no more than a week of operational disruption the organisation was able to return to ‘business as normal’ well ahead of the competition.

More than any dry itemisation of pros and cons, the difference in outcomes for this same organisation in Libya and in Bahrain demonstrates unambiguously the risks associated with failure to prepare, and the benefits to be gained from prior preparation.

Pilgrims Group Ltd

www.pilgrimsgroup.com

SHARE   0 comment
0
FacebookTwitterPinterestEmail

City Security magazine is proud to work with contributors from across the security sector and beyond, including police forces, security associations, security providers, consultants and specialists who produce a range of varied and interesting content.

Related Articles

Security guarding sector faces major crossroads over pay...

A guide to procuring the best security services 

Purpose-Driven Leadership: Creating safer and healthier communities for...

NPSA announce new Insider Risk Scenarios

Whistleblowers: a defence to insider risk or a...

Is your ‘placebo security’ solution keeping you awake...

Ensuring your organisation’s Return on Security Investment(ROSI)

EIDA launches handbook on creating a workplace domestic...

The role of crisis communications in your security...

Developing an effective Security Strategy