Risk & Security Management - Essay Example

SECURITY AND RISK MANAGEMENT By Security and Risk Management Assessing the meaning of emergency, disaster, and crisis That theconcepts of emergency, disaster, and crisis in security and risk management are confusing and are often used interchangeably is a well-known fact. Organizations and security & risk managers tend to hold their own opinions and beliefs about what constitutes emergency, and what crisis and disaster are. The current state of literature provides different explanations, which, nevertheless, do not clarify the existing controversies. As a result, it is necessary to understand how to distinguish between these three concepts and how they must be used in the context of security & risk management. Today, researchers are plagued by the difficulty to define emergency, disaster, and crisis and, more importantly, by the difficulty in distinguishing these definitions and concepts from one another. Modern literature generally defines emergency as “actual or threatened accidental or uncontrollable events that are concentrated in time and space, in which a society, or a relatively self-sufficient subdivision of a society undergoes severe danger, and incurs such losses to its members and physical appurtenances that the social structure is disrupted and the fulfillment of all or some of the essential functions of the society, or its subdivision is prevented” (Fischer 1998). In other words, an emergency situation is always about accidental or the risk of accidental events that are both uncontrollable and are concentrated in time in space. Emergency is anything that involves or causes the inevitable disruption of the critical social or organizational functions: for example, the breach of the computer system is naturally followed by the organization’s inability to process its customer information effectively (Moore & Lakha 2006). Objectively, the discussed definition of emergency implies that before security and risk managers can call the situation “a disaster”, the major social and organizational functions must be severely disrupted (Culp 2002, Roper 1999). In this sense, it would be correct to assume that emergency is the starting point and is the first stage of crisis development which, if not prevented and addressed, will readily transform into what managers call ‘a disaster’. Security and risk management literature today defines disaster as “an event leading to the creation of a serious disruption of general safety, through which the lives and health of many persons, and/ or large material interests are threatened to a serious degree, and which demands the coordinated deployment of services and organizations of various disciplines (Post &Grimes 2003). Similar and almost identical with the definition of emergency at first glance, the definition of disaster, nevertheless, reveals several essential differences which risk & security managers must be able to understand and apply. Based on the premise that disasters are associated with the risks to lives and health of many persons and large material interests, it would be correct to assume that the severity of losses, risks, threats, and damage is what distinguishes emergency from a disaster. In many aspects, a conventional emergency situation can be viewed as an effective means to warn security & risk managers of the coming dangers and existing risks without incurring significant losses or deaths (Quarantelli 1998; Rodriguez, Quarantelli & Dynes 2007). Emergency is the starting point of security and risk analysis, when otherwise is not possible. Emergency for security and risk managers is an effective signal to act, and it is due to their timely and effective/ professional responses that the development and transformation of emergency into disaster and, later, crisis can be successfully halted. However, the mere understanding of what emergency and what disasters are cannot suffice whenever security and risk managers seek to improve the overall efficiency of their performance. To make their knowledge and training complete, they should realize what a crisis is and what should be done to reduce its negative impacts on organizational performance. Numerous authors agree that for organizations to operate effectively, they must be able to establish a clear definition of a crisis (Boin 2005; Kirschenbaum 2004; Talbot & Jakeman 2009). As such, a crisis is defined as “a low-probability, high-impact event that threatens the viability of the organization and is characterized by ambiguity of cause, effect, and means of resolution, as well as by a belief that decisions must be made swiftly” (Crandall, Parnell & Spillan 2009). In the context of security and risk management, professionals must understand several important implications of this definition. To begin with, a crisis is a low-probability event (Crandall, Parnell & Spillan 2009). As a result, and Davies (2007) is correct, planning for a crisis is much difficult and troublesome than for an emergency or a disaster, given that crises, because of their low probability, are not easy to identify, predict, and prevent. Furthermore, a crisis, in distinction from emergencies and disasters, is always associated with dramatic losses and severely damaging impacts. The scope of such damage is difficult to describe in general terms, and each particular organization must be able to define the basic crisis criteria. Those who work in the field of security and risk management must be aware of the fact that any crisis in any form has a potential to devastate the organization (Boin 2005; Crandall, Parnell & Spillan 2009). Finally, that the definition of a crisis refers to and mentions the word “ambiguity” implies that security and risk managers may fail to identify the potential causes of a crisis, even if the latter has already occurred. One of the major mistakes which security and risk professionals make is in trying to attribute crisis to only one significant cause. In reality, however, crises, as well as emergencies and disasters, are caused by a whole variety of interdependent factors which should be timely addressed and understood (Boin 2005). Does that mean that emergency and disaster always precede to a crisis? Certainly, it does not. Emergency, disaster, and crisis are just the three different forms of risk and security failures in organizations, and the quality of security and risk operations largely depends on the managers’ ability to properly assess and categorize each particular situation. The level of risk and the severity of the issue and the losses are the two basic variables which organizations use to distinguish between disaster, emergency, and crisis (Crandall, Parnell & Spillan 2009). The quality of communication and the effectiveness of decision-making will facilitate the process of identifying, assessing, and reducing the scope of organizational hazard. Security and risk management: The hidden benefits of group decision making Group decision-making in risk assessment and security & risk management is always associated with multiple perspectives and multiple decision-making players (Doherty 2000). This multiplicity of views and perspectives often poses a major problem to security and risk managers and slows down the process of taking the most correct and anticipated security decision. For this reason, managers often consciously avoid group decision-making and seek to develop the most effective security solutions without any external support. Objectively, group decision making in security and risk management does have its benefits and drawbacks. However, it is at least incorrect to blame group decision making for the potential security and risk management failures. Generally, group decision making is a “form of participatory process, where multiple individuals act collectively, analyze problems, consider and evaluate alternatives, and select the best decision” (Fischer & Green 1998). The number of people in such decision making group may range between three and ten people but may exceed this number. In security management, group decision-making provides unlimited opportunities for taking the most relevant and objective decision. To be more detailed, the benefits of group decision-making in security and risk management are virtually limitless. First, the overall complexity of disaster and emergency issues requires discussing and evaluating multiple perspectives – managers alone cannot grasp and identify all minor factors and underlying causes of each particular security drama (Hearnden & Moore 1999). This is why in any emergency situation, group decision-making is likely to result in a multiplicity of alternatives, which a single manager can hardly produce and evaluate. This is also why group decision-making provides security and risk managers with a unique opportunity to “reach a superior problem solution than the individual” (Sadarm & Shull 2000). Second, the diversity of issues facilitates the process of developing a common and the most acceptable solution. In other words, it is a better collective understanding of the problem which is considered as one of the major advantages of group decision-making in security and risk management (Crouchy, Galai & Mark 2006). Unfortunately, decision making in groups is not without its problems. In security and risk management and other decision-making domains, group decision-making imposes additional pressures and limitations on managers. First, groups find it more difficult to arrive to a single concerted agreement – the multiplicity of worldviews and opinions is equally beneficial and detrimental to the quality of the security and risk group performance. This is what is usually called the far-reaching negative consequences of groupthink, which individuals, instead of expressing alternative views on the emergency situation, are being pressured by the desire and the need to conform and thus fear of dissenting with the majority (Cox 2006). In this case, group decision-making is likely to become detrimental to the quality of emergency and disaster management performance in organizations, and risk and security managers may fail to find and adopt the most appropriate decision. In emergency situations, several important factors may be responsible for the failure to use the benefits of group decision-making. The knowledge of these factors is important in the sense that it can provide managers with a better understanding of what can be done to align the opinions and decisions of group members with the goals and objectives of the group. First, in any emergency situation, all processes, procedures, and criteria for developing risk and security decisions must be developed, communicated, and applied (Farazmand 2001). Second, the power of the group leader (or the risk manager) should not exceed reasonable boundaries and should leave enough room for group members’ expression and autonomy. Otherwise, members of the security and risk management group will seek to conform to the manager’s dominant view (Farazmand 2001). Third, as the group leader, the security and risk manager should control and avoid group polarization, which occurs whenever group members apply to radical solutions and tend to defend extreme approaches to the emergency problem (Farazmand 2001). All these problems, however, do not change the truth that group decision making in risk and security management is positive and even desirable. Cox (2006) is correct in that all formal methods for risk management decision-making include decision analysis, optimization, and group decision-making. As such, group-decision making is widely regarded as an essential component of disaster and risk management in organizations. Group decision-making is necessary to clarify value trade-offs among competing solutions and to select risk management approaches and options that fir into the preferred set of probability consequences (Cox 2006). This is only possible when security and risk managers can assign different relative preference weights to different risk management decisions (Liu, Dai & Ma 2005). Only a group of professional disaster decision-makers can successfully accomplish this task. Each decision proposed by group members will lead to the development and consideration of different sets of probabilities, which will enhance significantly the overall quality of decision-making performance and will contribute to the effectiveness of the basic risk assessment procedures in organizations. Needless to say, the perceived benefits of group-decision making in emergency situations can decrease dramatically, unless combined and managed with the help of negotiation and compromise (Cox 2006). Because security and risk managers find it troublesome and burdensome to negotiate with group members in emergency situations, they prefer taking individual decisions. Even if security and risk managers do not apply to group decision-making in its pure form, consideration of alternatives and external parties involvement could become a viable method of resolving and reducing the consequences of emergencies. Group decision-making is not negative in itself, and its effectiveness largely depends on the quality and knowledge of the group leader, who can successfully balance and reconcile the opposing views and use proposed alternatives in the process of developing effective emergency solutions. References Boin, A 2005, The politics of crisis management: Public leadership under pressure, New York, Cambridge University Press,. Cox, LA 2006, Quantitative risk analysis methods, Birkhauser. New York Crandall, W, Parnell, J & Spillan, JE 2009, Crisis management in the new strategy landscape, SAGE, School of Business, University of North Carolina, Pembroke. Crouchy, M, Galai, D & Mark, R 2006, The essentials of risk management, McGraw-Hill Professional, New York Culp, C.L. (2002). The ART of risk management: alternative risk transfer, capital structure, and the convergence of insurance and capital markets. John Wiley & Sons,  New York Davies, SJ 2007, Security supervision and management: The theory and practice of asset protection, Butterworth-Heinemann, London Doherty, NA 2000, Integrated risk management: Techniques and strategies for managing corporate risk. McGraw-Hill Professional, New York Farazmand, A 2001, ‘Handbook of crisis and emergency management’, CRC Press, London. Fischer, RJ & Green, G 1998, Introduction to security, Elsevier, Boston Fischer, HW 1998, Response to disaster: Fact versus fiction & its perpetuation, Landam University Press of America Hearnden, K & Moore, A 1999, The handbook of business security: A practical guide to managing the security risk, Kogan Page Publishers, London. Kirschenbaum, A 2004, Chaos organization and disaster management, CRC Press, London Liu, F, Dai, K & Ma, J 2005, ‘Research on fuzzy group decision making in risk assessment’, Lecture Notes on Computer Science, vol. 3421, pp. 110-118. Moore, T & Lakha, R 2006, Tolley’s handbook of disaster and emergency management, Butterworth-Heinemann, London. Post, P & Grimes, RL 2003, Disaster ritual: Explorations of an emerging ritual repertoire, Peeters Publishers, London Quarantelli, EL 1998, What is a disaster? Perspectives on the question, Routledge, New York Rodriguez, H., Quarantelli, EL & Dynes, R 2007, Handbook of disaster research, Springer, New York. Roper, CA 1999, Risk management for security professionals, Butterworth-Heinemann, London. Sadarm AJ & Shull, MD 2000, Environmental risk communication: Principles and practices for industry. CRC Press, London. Talbot, J & Jakeman, M 2009, Security risk management body of knowledge, John Wiley & Sons, New York. Read More