Identifying of risk when conducting risk management surveys for a client is relatively straight-forward should the advisor have a sound history of operating in a security focussed organisation and having conducted a range of both planned and dynamic assessments. Experience gained will build up versatility and a knowledge-base to draw on when 'the out of the ordinary' are faced, as they regularly are. Whilst there are numerous books and courses offering all-encompassing resources with regards to risk management, I believe that first and foremost, experience has no equal in this special field and when supported by contemporary guidance and strategies, will result in a credible end-product, adding value to the organisation's operations.
The risk management advisor must be well read as a minimum regarding the area in which the task is focused and have a pretty good working understanding of the region. Planning for the task must happen well in advance and should ideally include, as a matter of priority, a thorough statement of requirement from the customer. This ought to negate any confusion concerning client expectancies. The risk management specialist should ensure that induction and introductory briefings pertaining to the client organisation is undertaken in order to understand the customer. As a minimum I would suggest the following as necessary before starting work:
Know the organisation and what they do. Know where they operate, are aiming to operate and the duration. Understand what assets the operation involves - employees, equipment, real-estate. Understand the customer's expectancies - statement of requirement.
An understanding of the above will give the risk management advisor with a useful' Know Your Client Folder' in order to plan and make initial preparations but much more should follow. Research regarding the customer organisation should also include any history of issues encountered during, or as a result of, previous operations and ventures. This is of significance when working out the risks especially if hostile actions followed. As an example, if the population of a region could have objected to certain aspects of an operation inside their region or does the organisation have a 'reputation' that has followed them and is the operation being undertaken by the organisation controversial in any way?
The value of local information is invaluable and having the opportunity to engage with informed locals frequently provides information critical to the task that might otherwise be missed. Take the opportunity, should it arise, to talk about matters with influential and well placed local members of the population. It has furnished me many times with a precise indication concerning future development of issues. In addition, it results in with local people and possibly even local authorities like the Police which is invaluable.
Be systematic and thorough in your risk management survey. Whereever it is feasible prove the information you are handing over to your client. Take images, drive routes, visit locations and test, test, test! Your client is paying for a service and expects credible and factual results and that of course includes furnishing him with any 'bad news' when necessary.
To summarise: A well-planned, well conducted and well-presented risk management survey is potentially of critical importance to your customer. Failing to plan is planning to fail and your paying customer deserves the best from his consultant's endeavours.
Craig Jones is the MD of Advanced Training and Security Solutions Ltd, an independent company established to supply a bespoke security and resilience service. Craig has worked for a considerable number of organizations in a variety of roles. ATSS have a base in Cheshire, England with a presence in London and a worldwide reach. They have experience with working in the Middle East, North Africa and Eastern Europe. Graig is a keen author of articles concerning risk assessment, emergency planning, business continuity and security management.
Risk Identification
0 commenti:
Post a Comment