Security and Risk Management the Next Evolution


CaptureIn the ever evolving worlds of safety, security, health and emergency management (SSHE) the regulatory and best practice approaches continue to get more onerous and complex. The evolution of specialist areas within this spectrum has been inevitable. We have also seen a process whereby the areas of the SSHE spectrum, sometimes referred to as ‘Hard Risks’ (as opposed to soft risks such as currency risk) have become classed as grudge spend areas. This is especially true for the field of security risk management which historically has not had the driver of legislative consequence that the safety sector has had.

As organisations or companies grow we have also seen the evolution of a diverse range of organic organisational and corporate structures. These structures have become so diverse and range from no direct allocation of SSHE activities to mass duplication. There is the ongoing reality that no one model can be applied across different sized organisations that are in different sectors, operating in vastly differing risk environments. However, in many cases organisations are suffering from wastage due to duplication and inefficiency or intolerably high risk exposure due to lack of resource allocation to ‘hard risk’ management. In many cases organisations are exposed to both of these realities simultaneously, specifically if they have become silo’d based on size, specialisation, management control or geographic complexity.

The evolution of organisational silo’ing whereby Hard Risk management activities are broken up into various categories as organisations have grown and expanded is now the common reality not the exception. Whilst in principle, silos for large organisations are a necessity, when it comes to managing hard risk the reality of issues such as duplication of activities, denial of incidents and risk exposure, transfer of blame and lack of authority all become potential issues. These issues are highlighted in the various versions of Workplace Health and Safety legislation which in most cases does not differentiate between the employees and subcontractors and places the responsibility at all levels of an organisation (low level worker right up senior executive). The need to move away from the decades old checklist type Hard Risk management approaches utilised by most organisations has reached epidemic proportions.

The harsh consequences of security incidents resulting from crime, (internal and/or external), fraud and terrorism  including death, business disruption, reputational damage, fines and jail time are ever-present realities for modern business. The ability to subrogate and de-risk via insurances is no longer as robust as it once was based on the evolution of non-payment clauses for regulatory non-compliance and other complexities. The ability to de-risk via subcontracting has now been legislatively closed off and it is now well established legal precedent that all parties (top to bottom) involved in the supply chain are responsible for the identification, mitigation and management of foreseeable risk in a reasonably practicable manner… Click HERE to find out more about this article