search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
the risk process


MANAGEMENT 5 KEY STEPS T


his article outlines the well- documented stages of risk management with examples of application within the security remit.


This risk management approach follows five key steps. Different names can be applied to them depending on the source being read; essentially, they are the same.


The steps are as follows: 1. Identify the risk 2. Analyse the risk 3. Evaluate the risk 4. Treat the risk


5. Monitor and review the risk


As a security professional, before you dive into these steps it is important that the risks being faced are put into context for the activities you are providing protection for. I like to consider these under the following criteria:


• Day-to-day (Normal risks) • Event Specific (Bespoke requirements) • Reactionary (Risks faced in returning operations to normal)


This is set from understanding your baseline factors and what needs to be considered from your established risk assessments or threat and vulnerability reviews.


To establish the context, it is necessary to understand your security’s objectives and operating environment. This will then influence the five steps and how you apply these to mitigate the risks in front of you. Remember though, there will always be the potential unknown or sudden impact situation that changes your risks and subsequent


7 © CITY SECURITY MAGAZINE – SPRING 2023


response plan. These can be difficult to deal with; however, the five steps applied and reviewed as necessary will always be the building blocks from which to respond.


Apply this in line with the National Decision- Making Model (NDM) throughout the incident to review and amend the responses; it works well in partnership with these five steps.


Objectives to risk management can be either explicit – well defined, and clearly outlined; for example, we will reduce theft by (x)% through increased security engagement – or they are implicit – for example we must follow legislation or legal requirements. I mentioned your baseline factors; these include stakeholders, assets, environment, occupiers, profile of targets etc. – anything that poses risks to our protective responsibilities. These will be a consideration of your objectives.


National Decision-Making Model Gather


information and intelligence


Take action and review what


happened Identify


options and contingencies


CODE OF


ETHICS Assess threat & risk.


Develop a working strategy


Consider powers and policy


Step 1: Risk Identification


The list you develop of identified risks within your risk and threat matrix needs to be flexible and to have considered the day-to- day, bespoke and reactionary criteria. These identify considerations that will have an impact on successful delivery of the security objectives: these are the risks. It is also important to consider the risk appetite of these: are some risks acceptable? Are some out of your control entirely? As security providers we can identify risks but have very little influence in rectifying them.


For example, the need for physical security at an entry point, or a faulty security tool that has been well documented, but ignored. Identifying these risks also needs to include a good understanding of their causes or sources. Good intelligence is essential in developing this identification of risk(s).


Step 2: Risk Analysis


Risk analysis establishes the potential impact of each risk and its likelihood of occurrence. You would have all seen these scores in various guises. What is important to remember is that these are subjective to the applied area of risk, mitigation methods in place and key understanding of the baseline factors.


When analysing the risk, it is important to review previous incidents, how these were these dealt with and whether learnings from historical events can be applied to give better mitigation to the current risk being faced. There are many ways in which the analysis can be depicted; heat maps, severity matrices, etc. In analysing risks, understanding is vital and to ask “why” when responding to incidents, especially when we consider who will be the front-line responders to these risks when they manifest.


www.citysecuritymagazine.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36