Risk Management versus Staff Safety
It is still common practice within the Humanitarian and Development sectors to misunderstand ‘Staff Safety and Security’ with ‘Risk Management’. This is understandable for a number of reasons. The field of Risk Management is still evolving. Also, the relatively high exposure to safety and security challenges faced by many organisations in the sector, combined with institutional inertia, mean that Staff Safety understandably has a higher profile and urgency than the adoption of modern Risk Management practice.
The main reason however is the evolution of organisations’ perception of the problem. Formerly, humanitarian operations conducted in areas of conflict could reasonably be understood to be impartial and neutral, demanding and achieving humanitarian space within which to serve the victims of the conflict. Having an ex-military Security Officer made perfect sense, as they could quite readily establish a rapport with armed groups in the area and assist in managing access. They could yell at people in emergencies and ‘get stuff done’. The ‘Security bloke’ profile was a good solution to that problem.
However, since the weaponization of development and humanitarian assistance from 2002 INGOs have been challenged mightily to create and maintain humanitarian space. Often they were working in the same village as the militaries of their donors who were conducting activities similar to those of NGOs for counter-insurgency reasons. There was a need to create and maintain space from all things militaristic. Hence we noticed over the years a move away from ‘Security Officers’ to ‘Safety Officers’, and from there to ‘Risk Manager’. However, it was usually the same guy; lots of pockets in his hard-wearing pants, dark sunglasses, a never-say-die demeanour, an ill-kept beard and tonnes of gadgets. He may indeed have been an excellent Risk Manager, if asked to perform in that role; but it hardly ever happened because all parties misunderstood the term.
After all, what everyone wanted was a MacGyver who was calm in an emergency, could communicate security concepts easily and did not fall asleep in long meetings. “But now we will call him a ‘Risk Manager’ and thus get our much needed security support while not alienating people inside and outside the organisation with a Security Officer”. Meanwhile, genuine risk management challenges remain unaddressed.
Safety, Security and Risk Management Officers are not the same person, and here is why.
Safety Officers – Assists management in the identification and remediation of non-man made hazards in the workplace. Sometimes also known as Occupational Health and Safety Officers, such a focal point will usually have under taken basic training in first aid and fire extinguishers, the need to place signs in hazardous areas, reporting of incidents, the conduct of evacuation drills, and the management of any other sector specific hazard. They are often dual hatted, with their safety role a secondary task.
Security Officers – Assists management in the identification and remediation of man-made threats to operations, from either outside or inside the organisation. Usually focussing on threats associated with, ‘men with guns and bombs’, ‘crime’, ‘KFR’ and ‘mobs’. They will usually bring their qualifications and experience with them from the military or police, ideally in the same context within which the country is operating. They will often assume the ‘Safety’ role described above.
Risk Managers – Assists management in the identification and remediation of ALL obstacles to project success, as well as identifying and exploiting any opportunities. A Risk Manager needs to be across all the organisational objectives and be able to think at least ‘one level up’. That is, if they are a Country Risk Management Officer they need to know and understand the operational and strategic imperatives at the Global or Regional level. The Risk Manager usually has come from within the organisation, and is sufficiently experienced to know and understand those parts of the organisation not his/her specialty. It is this experience that allows the Risk Manager to advise the Senior Management Team on the relative risk presenting itself to different parts of the organisation.
A Not Unprecedented Hypothetical Scenario
In the Office of the Country Director: The Safety Officer recommends that what remains of the budget should be spent on improved lighting for certain areas, a first aid course, and upgraded fire extinguishers. The need, he says, is urgent. Meanwhile the Security Officer (both of whom report to the Head of Admin who has a different barrow to push) argues the money should be spent on enhanced screening of visitors in the office, implementation of a CCTV network, and an extra staff member to watch the screen. The Finance manager intervenes with a plea for a proper safe, as the lockable cabinet is clearly insufficient (and he has not been able to maintain the attention and support of the Security or the Safety Officer). Meanwhile the Programme Manager insists that if she cannot get an extra staff member in to write new proposals there will be no new work in the pipeline and we can all get ready to pack up and go home. And so it goes. We’ve all been there before.
So how does our Country Director reconcile these competing demands? How does she compare apples with oranges in order to allocate scarce resources where they can have the greatest impact? She turns to her Risk Management Officer, asks for a copy of the [recently reviewed] Risk Assessment, passes her eye over the Risk Treatment Plan and allocates the remaining resources to the highest ranked risk mediation measures; instead of to the loudest and most persuasive voice in the room at that time.
This plan was not conjured out of thin air. The Risk Manager has spent his or her time consulting across, and up and down the organisation, conducting information gathering sessions (internally), and benchmarked across similar organisations doing similar things and facing similar challenges in the same place. All to produce a holistic risk assessment particular to that organisation, with those objectives in that place at that time. There is consensus across all units (Programme, Logistics, Admin, Finance, Security etc), everyone accepts their role in the plan and the Risk Manager follows up on behalf of the Country Director.
The profile of such a person? Young or old. Male or female. Probably university educated but not necessarily with sectoral experience (although it helps). Sufficient soft skills to manage emotionally charged meetings attended by stressed managers and practitioners. Process focussed yet with an eye for outcomes. Discretion and a sense of humour. It is possible to find all three roles in the same person, but not necessarily. And merely changing the title of your Security Officer does not make him/her a Risk Manager. And vice versa.
If there are any questions arising from this, please do not hesitate to do so in the comments section below. You are also invited to sign up for email notifications of future posts on this site.