Risk assessment underpins everything we do in this industry…so it’s worrying that many people, be they training providers, security companies or individuals on the ground have very little knowledge of this critical process.
It is impossible to quote, advise or plan for a task without first carrying out the Risk assessment process, which is why it is the second lesson on any course CP course I teach and is hammered home everyday of the course.
The process itself is fairly straightforward and logical, and armed with the knowledge providing security becomes a far more structured exercise. I will go into it briefly here, however there is no substitute for actual training and experience.
First of all we need to understand the terms…
What is a threat?
A threat can be defined as any incident or event that could harm or disrupt our principal. Often people jump straight to the sexy stuff like assassination and kidnapping without considering the threats that are far more prevalent such as road traffic accidents and medical emergencies. Most of us will meet our maker via a heart attack or unplanned trauma and the same rules apply to our principals (unless your boss is Geert Wilders or Hamid Karzai)
What is a risk?
Risk is the probability or likelihood of the threat occurring coupled with the impact if it does happen.
For example, someone who works in an office everyday filing papers has a chance of receiving a paper cut. That becomes the threat. The likelihood is HIGH however the impact on that person receiving a paper cut is NEGLIGIBLE potentially making filing a LOW risk activity
As another example lets look again at an RTI. In the UK on our safe roads the probability of an RTI is UNLIKELY, however the potential impact of a high speed collision is SEVERE (death or critical injury) potentially making travelling by car a MEDIUM risk activity.
The Risk Assessment method I teach is a 5-stage process:
1. Identify the threats
In order to identify threats for a CP task you must look at the Principal and any threat particular to them, for example are they wealthy? Do they have enemies? Have there been historical attacks? What is their medical history? etc. etc. From this you then need to identify specific threats, for example being wealthy isn’t a threat, however from that we get the actual threat of Kidnap for ransom
Then you need to look at the activities they will be undertaking, for example modes of transport, sporting or leisure activity etc. etc.
Then you need to look at the locations they will be frequenting starting with the country, for example is there a threat from natural disaster? Is there a specific crime threat? Has there been recent civil unrest?
The ground in general is followed by the ground in detail. The city, town, district and individual venues on the itinerary must all be looked at and any threat extrapolated. For example if they are staying in a hotel we need to put hotel fire on the threat list.
At this stage no threat should be considered to far fetched or silly….if you are worried about a meteor crashing to earth and dropping the boss then put it on the list!
2. Work out the Likelihood of the event occurring
Using historical data, statistics, local knowledge and your own experience you must now look at every threat on your list and decide realistically how likely it is to happen, for example we have said that an RTI is UNLIKELY in the UK, however if we were driving across India we may put the up to POSSIBLE or even PROBABLE.
Our meteor strike will no doubt become HIGHLY UNLIKELY at this stage!
3. Work out the Impact if the event does occur
By working out the impact on the principal and whether the event is life threatening or merely going to cause disruption and then combining it with the likelihood we can now offer a level of RISK for each threat and put them in a descending order of severity and suddenly the job starts to take shape.
4. Identify measures to mitigate the risk
Taking each threat in turn look at measures which will first of all reduce the likelihood of the event occurring (prevention is always better than cure) for example if RTI was the threat and we assessed it to be a medium risk then to lower the likelihood we may identify the following control measures:
Road moves kept to a minimum
Vehicles well maintained and checked daily
Drivers trained to advanced level and check tested prior to employment
Good route selection to avoid known black spots if possible
Drivers briefed to obey speed limits at all times
This list isn’t exhaustive however by putting those measures in place we would hopefully minimise the chances of an RTI occurring. However short of never travelling by car we can never guarantee that an RTI won’t happen, so we also need to look at ways of reducing the impact:
Good vehicle selection (large vehicles with 5 star safety ratings)
Ensure all passengers wear seatbelts whilst travelling
Team have medical training to provide first line cover
Med pack supplied in every vehicle
Medical facilities identified on route
This list not only lowers the impact but already starts helping us with the planning process and giving an idea of assets that need to be requested.
I am always staggered by the companies that are given a CP task and go straight back to client asking for a 3 man team and B6 armoured vehicles without any kind of risk assessment taking place. Requests for assets must be justifiable and the risk assessment is the way to do it.
By putting all of these measures in place we should hopefully have bought the level of risk down and made our principal safer before the job even starts…the whole point of quality CP, being proactive rather than reactive.
I hope this article has been helpful. If any of you are now feeling that your knowledge is lacking or you want to move up to the next level on the ladder, be that as a TL or manager then I would implore you to look at further training in this area.
Galahad Associates offer a range of short courses designed for those already working in the industry to update of refresh their knowledge. Please contact us on 01202 788555 in order to find out more.