Security and Risk Management - Literature review Example

Security and Risk Management: an introduction ‘Industrialisation and the development of modern organizations have made the preoccupation with managing security and risk inevitable.’ Industrial revolution in the 18th and 19th centuries has changed the structure of the society greatly and gave rise to concerns with regard to security, safety and health. Security Risk Management is a part of Risk management Process. Mass production, mechanization and complex industrial activities involving, energy, chemicals and mining necessitated management of risks related to accidents, fire and hazardous health conditions. While the standard of living of the people has increased consequent upon industrialization with tremendous impact on social and economic fronts, regulatory frame work for risk management in the industries, transports and mining have been evolving over the period of time in tune with the developments. The developments in technology, telecommunications, international terrorism, kidnapping of executives and industrial espionage in the recent years in the backdrop of liberalization and globalization call for reorienting the risk management perspective in the society. Security in the industrial context could be stated as protection of industrial establishments, personnel, resources, materials and other support services including information from various internal and external risks associated with the industries for ensuring overall security as well as health and safety in the communities through preventive measures by way of precaution and measures to mitigate the damages. Talbot, J. & Jackman, M. (p. 10) states “The term “security” can of course be a much broader term. For example, if we consider security as a “state of being protected from hazards, danger, harm, loss of injury,” it also includes elements of protection from natural disasters and concepts of organizational resilience.” Uncertainty is the main feature of risk and it is further aggravated by the complexities in the consequences of the incidents to security, health and safety of the people related to the industry as well as the community. Assessment of vulnerability of the organizations to security risks is a very comprehensive exercise and is essential for advance planning. Quantitative techniques could be very useful in the estimating the chances of occurrence of the predicted incidents. Each activity or operation in an industrial setup which are prone to various types of risks needs to be classified in terms of their risk potential based on various factors to ensure preparedness in meeting the unforeseen disasters at all times. Crimes and dishonesty in industrial establishments could lead to disasters. According to Sennewald, C. A. & Tsukayama, J. K. (2006, p. 4) the investigative process “seeks answers to the basic questions – What, who, where, when, how and why…“ The security risks in the supply chain caused due to disruption in the supplies can affect manufacturing of the products or rendering services in the business seriously. Analysis of the macro environmental factors relating to the business through PESTLE analysis (Political, Economical, Social, Technological, Legal and Environment) would be useful in firming up the companies’ strategies with regard to security and risk management. Awareness among the people regarding security aspects is very important for the security, health and safety. Right from the Orientation Programs designed at the time of induction of the new recruits, education, guidance and training to the employees, subcontractors, suppliers and consumers is a continuous process and needs to be planned for effective results, and may include installation of new machineries, implementing new processes, storage of materials, proper handling of the machines and materials, use of safety measures such as goggles and gloves, or other safety and security measures which may vary from industry to industry. Other precautions include restriction of access to unauthorized people, proper lighting, space for movement and adhering to the preventive maintenance programs and reporting of problems immediately. Talbot, J. & Jakeman, M. (2009, p. 62) states that the people’s security embodies the concept of duty of care towards staff and visitors but recognizes that these groups can also pose a threat to security. Siljander, R. P. (2007, p. 7) states “many businesses did little to protect themselves from the threat of crime beyond locking their doors…Rather they placed heavy reliance on public law enforcement to prevent a crime…” Security planning starts from the design of building with emergency exit facilities and installation of proper locking mechanisms, detection mechanisms for intrusions, fire fighting facilities, exhaust system for industrial gases and fumes, production processes with inbuilt safety mechanisms, storage facilities with hazardous materials segregated properly, layout of machineries with proper gangways, and so on. Silijander (2007, p. 8-9) stresses the importance of the concepts of loss prevention and loss reduction in the context of loss control; for example, restricting smoking to safe areas, a loss prevention measure and installation of automatic fire suppression sprinkler system, a loss reduction measure. The problem of information security is closely related to computer vulnerability in the businesses and industries which needs to be addressed effectively as it involves the most feared security problems concerning business secrets. The regulations need to be framed for restricting access to computers, keeping the computers under strict vigilance, locking the systems, establishing password protocol, preventing unauthorized or personal use of computers, disconnecting from the network when not in use and servicing under supervision. With booming Internet trends and frauds, connecting to a website via HTTPS, using encryption software and following other security procedures is necessary to avoid malpractices and ensure security. Making a companywide risk control survey is necessary for planning and organizing systems to combat risks. According to Silijander, R. P. (2007, p. 10) there are four risk procedural steps in the risk management process, Hazard Identification and Analysis, Treatment Techniques Selection, Implementation of the Treatment Techniques and Monitor the program results and prevents direct and indirect losses. Talbot, J. & Jakeman, M. (2009, p. 9-11) have classified the risks based on the asset groups and organizational exposures. The possible exposure or vulnerabilities identified in respect of ‘People Assets’, ranges from abduction and assassination, cultural and religious differences, inadequate procedures and training to workplace violence and sexual assaults, ‘Information Assets’ include destruction or corruption, fraud, sabotage and leakage and ‘Physical Assets/Information and Communications Technology (ICT) include various types of vulnerabilities such as break-in, fire/arson, equipment failure, hacking, vandalism, bombing and theft . The assessment of the risk potentials in a survey also identifies the source of risks which makes the planning more focused and for organizing in a meaningful manner for effective risk management. According to Talbot, J. & Jakeman, M., Security Risk Management “involves understanding the threat as part of the objective of determining and applying counter measures to manage (treat) risks”. The risk management plan broadly involves identification of risk, risk assessment, risk mitigation, risk contingency planning, reviewing, monitoring and reporting. The aim of Risk mitigation planning is to eliminate the pitfalls at various levels in the organization for combating the threats. Constant review is essential for improving the efficiency in risk monitoring and control. Efficient implementation of the management strategies involves proper documentation and reporting. Kennedy, J. (2010, p. 160) states “RAM [Risk Assessment and Management] Teams should have the necessary members with the authority and expertise to address the difficult management, legal, mental health, security, public relations, human resources, union, and workplace violence issues.” There are several options in dealing with the security risks. Primarily the security risk management considers risk avoidance. If the risk is unavoidable, the strategy of reducing the likely hood of occurrence and/or reducing its impact is considered. However, reducing risk to zero level is not possible as it involves employment of huge resources which is not compatible with the corporate objectives. The strategy also includes transfer of risk and retaining the risk. Avoidance of risk is based on acceptability of the risk in terms of principles or policies of the management, unpredictability of the consequences, uncertainty in respect of its impacts and the cost. This risk is an important and unavoidable element in a business, and the management is satisfied if the risk-reward ratio is justifiable based on the cost-benefit analysis or the transfer of risk is completely possible say, through insurance. Safety audit and communication aspects related to health, safety and security need to be integrated into the management strategy for sustainable development. The program for contingency planning needs to be evolved with the aim of keeping the organization in full preparedness to deal with the unforeseen events associated with security risks. The proper authorities to be notified in the event of occurrences and the best practices to be adopted for coordination incorporating the escalation procedures need to be specified in unequivocal terms to avoid uncertainties and ambiguities along with an estimated for the resources needed. The team leader should be knowledgeable in the security risk management procedures and practices and in a position to inspire the team to handle the emergency situations for restoring normalcy with confidence and in accordance with the established framework. Communication is an important element in a crisis situation and the contingency planning needs to take this factor into account. Therefore, training is imperative to the personnel at all levels and a training program needs to be designed in line with the responsibilities and authorities of the personnel. The security risks in relation to the various operations of the business could be categorized into extreme, high, medium and low for the purpose of monitoring, review and mitigation. Also categorization based on likely hood or probability of the occurrences, say chance(s) of occurrence is 1/10, 1/100 or 1/1000 based on the past experience in the organization/industry would enable the management to concentrate on the activities based on the level of risk. Quantitative techniques could be useful in categorization for this purpose. Industrial security and peace is important for the development of the economy. Policing and security in a country is largely influenced by the diversity of cultural background, political structure and industrial and economic development. There are several institutional setups like military, paramilitary, federal police, state police and other specialized agencies in the security landscape of a country. Since the UK was the prime force behind the industrial revolution, the security to the industries and security, health and safety of the people in the industry have been addressed through various laws, and the legislative history in this respect is very long. Last, D., (2007, p. 2-3) states, “Police forces in the modern English sense probably date from the Scottish enlightenment, with Queen Ann’s Commissioners of Police in Scotland (1714) beginning an ambivalent heritage – six noblemen representing the monarchy’s interests, and four gentlemen representing the rising community of the Scottish middle class.” The evolution of community policing and private organizations engaged in security services have been influenced over the period of time by the various economic classes in the society in line with the social and industrial development. For example in cross border security issues as in the case of international terrorism, the Office for Security and Counter-Terrorism (OSCT) provides strategic direction to the UK’s work to counter the threat and the corporate companies are the important stakeholders in combat against international terrorism. Mbuba, J. M. (2010, p. 210) states “it is crucial that the major correlates of the community perceptions toward the police be unraveled in order to develop a sound basis of formulating working police–community relations in the age of community-oriented policing and problem solving”. In the UK, the Security Industry Authority regulates the private security as per the guidelines provided in The Private Security Industry Act 2001. British Association of Private Security Company (2011) states “The recent rapid growth in demand for private security services overseas has created an emergent industry. Private security companies now play an essential role in areas of post conflict reconstruction, nation building and security sector reform, in addition to the provision of their traditional services to the private sector”. According to Bearpark, A. & Schulz, S. very few countries like U.S. and South Africa have any framework for regulating the affairs of private security (p. 8). They observed that there are some built-in safeguards in the British regulatory framework which need to be enhanced for the control of the industry, but stressed the need for international codes of conduct and self-regulatory practices in the industry (p. 18). Security risk management in the industrial establishments has been increasingly considered as a part of the risk management strategies in the backdrop of liberalization and globalization of the industries world over. Identification of the security risks, assessment of risk potential relating to an organization, continuous review and monitoring of the situations is essential for the security of the organizational resources and security, health and safety of the people. There is a need for evolving strategies at the organization level and minimize its dependence on community policing, because the objective of the community policing is not fully compatible with the specific needs of the industrial organizations. Moreover, reaction to the developments in technology and telecommunications by the public policing would be slow in view of the procedural issues involved in the government departments, whereas the companies need to reorient its strategies with regard to security, health and safety in relation to its business in tune with the developments taking place in the environment on real time basis. However, the organizations need to integrate the company’s strategies and policies with the public policing, since security issues are governed by the statutes. The companies are under obligation to adhere to the security regulations in line with the laws as they need support from the government departments or agencies in their combat against security risks. References Bearpark, A. & Schulz, S., The Regulation of the Private Security Industry and the Future of the Market, http://www.bapsc.org.uk/downloads/BAPSC%20on%20Regulation.pdf. [Can also be found in] ‘From Mercenaries to Market: The Rise and Regulation of Private Military Companies’, Ed. Chesterman, S. & Lehnardt, C., Oxford University Press. British Association of Private Security Company (2011), The Association’s Website, http://www.bapsc.org.uk/about_us.asp Kennedy, J. (2010), Risk Assessment and Management Teams: A Comprehensive Approach to Early Intervention in Workplace Violence, Journal of Applied Security Research, 5:159–175. Last, D., (2007), Evolution of Policing and Security: Implications for Diverse Security Sectors, Paper prepared for the Conference, Defending Democracy: Accommodating Diversity in the Security Sector, Queen’s University School of Policy Studies, November 1-3, 2007, http://docs.google.com/viewer?a=v&q=cache:zrub_xp8xsoJ:web.mac.com/dmlast/DavidMLast/Presentations_files/evolution%2520of%2520police%2520and%2520security.doc+policing+and+security&hl=en&pid=bl&srcid=ADGEESiJsNUYQI40HQslIM5oNnrrKTh__Z9d80oLfli73ekxsIWKnsy3oD9deo2KrKQkZEcY1vau3T3yqsMZqCVX8yGcs9IrPO2vaoFtYUixg6BHMHNo7sa7JKs8TzbkmYTdCPJ_n_mQ&sig=AHIEtbR8tsaoli80ysOfTYugMRrrC0TtEw Mbuba, J. M. (2010), Attitudes Toward the Police: The Significance of Race and Other Factors Among College Students, Journal of Ethnicity in Criminal Justice, 8:201–215 Sennewald, C. A. & Tsukayama, J. K. (2006) The Process of Investigation:  Concepts and Strategies for Investigators in the Private Sector, 3rd Ed., Butterworth-Heinemann Siljander, R. P. (2007), Introduction to Business and Industrial Security and Loss Control: A Primer for Business, Private Security, and Law Enforcement, 2nd Ed., Charles C Thomas Publisher Ltd. Illinois. Talbot, J. & Jakeman, M. (2009), Security Risk Management: Body of Knowledge, Wiley & Sons. Read More