Identification of risk when conducting risk management surveys on behalf of a customer is relatively straight-forward if the expert have a sound history of operating inside a security focused organisation and having conducted an array of both planned and dynamic assessments. Experience gained will build up versatility and a knowledge-base to draw on when ‘strange events’ are experienced, as they regularly are. While there are a great many books and courses offering comprehensive resources with regards to risk management, I think that above all, experience has no equal in this area and when supported by relevant guidance and strategies, will result in a credible end-product, adding much value to the organisation’s operations.
The risk management expert must be well read as a minimum about the area in which the task is focused and have a pretty good working idea of the region. Planning for the task must happen some way in advance and should ideally include, as a matter of priority, a detailed statement of requirement from the client. This will negate any confusion concerning expectations. The risk management consultant should ensure that induction and introductory meetings pertaining to the customer organisation is undertaken in order to completely understand the client. As a minimum I would recommend the following as necessary before starting work:
Know the customer and what they do. Understand where they operate, are preparing to operate and the duration. Understand what assets the operation involves – staff, equipment, real-estate. Understand the organization’s expectancies – statement of requirement.
An awareness of the above will furnish the consultant with a very useful’ Know Your Customer Folder’ to plan and make initial preparations but much more should follow. Research on the client organisation should also include any history of issues faced during, or as a result of, previous operations. This is of importance when calculating the risks especially if hostile actions followed. Eg, if the population of an area might have objected to certain aspects of an operation in their region or does the client have a ‘reputation’ which has followed them and is the operation being undertaken by the organisation controversial in any way?
The value of local knowledge is invaluable and having the opportunity to engage with well informed local people frequently supplies information critical to the task which may otherwise be missed. Take the opportunity, should it come up, to discuss matters with influential and prominent local members of the population. It has furnished me many times with an accurate indication regarding future developments of issues. In addition, it leads to with local people and perhaps even local authorities like the Police which is useful.
Be methodical and thorough in your risk management survey. Whereever it is feasible prove the data you are handing over to your customer. Take photographs, drive routes, visit areas and test, test, test! Your client is paying for a service and expects credible and factual results and that obviously includes furnishing him with any ‘bad news’ when it becomes necessary.
To summarise: A well planned, well conducted and well-presented risk management survey is potentially of critical importance to your customer. Failing to plan is planning to fail and your paying customer deserves the best from his consultant’s endeavours.
Craig Jones is the Managing Director of Advanced Training and Security Solutions L.T.D, an independent company established to offer a bespoke security and resilience service. Craig has worked for a number of organisations in a variety of roles. ATSS operate from Cheshire, UK with a presence in London and a global reach. They have experience of working in the Middle East, North Africa and Eastern Europe. Graig is a prolific writer of articles concerning risk assessment, emergency planning, business continuity and security management.