Danie Adendorff MSc. Sec Man, ND Pol Admin
MiM Risk Manager Course Director & Accredited Examiner
Commented by professionals such as
Dr Jon Hodson,
Errol Peace FIS (SA), MSyl (UK), CFE (USA), AISM (India), IIPS (Nigeria) . Read below
It is the ‘What’ you know, that gives you the edge!
The ‘Missing Link’ addressed in Risk Management
Based on a plethora of different definitions and descriptions Risk Management may involve divergent methodologies as methods vary from organization to organization. There is no known universal methodology for the process. These divergent methodologies of analysis cause subjective outcomes which is organizational problematic.
The concept of risk management has been in existence for centuries and in fact probably among the oldest recorded human activities. It has not gained much popularity until the latter part of the previous century as a science or academic topic. There are core strategies that underpin the modern concept of risk management and control and risk management should be appreciated, as an art, and a science. It is therefore, an organizational management function that is, all about sound general management of organizational activities. There are steps or stages widely followed by risk professionals in the process which includes, risk identification, assessment or evaluation, planning and monitoring. So why does it fail time after time, with miserable consequences?
For any risk management strategy to be appropriately selected and adopted within an organisational environment, the management process should first and foremost begin with the identification of the risks to be managed. The risk identification will then be followed with the subsequent evaluation or assessment of the risks to determine their extent in terms of impact on the organization and the probability of their occurrence. It, then, can be planned or managed using the core strategies to be succeeded with constant monitoring.
Content analysis of contemporary cases studies which includes, VW(2015), Tesco(2015), Hitachi (2015), Banking crises(2008) indicates a single failure point namely risk identification. The information that the risk identification was based upon was not validated or tested for ‘the truth’, or, the risk not being identified. How futile is the whole exercise when, the risk management process begins on inadequate, or, plainly wrong risk identification?
Case study Example
Health and safety risk plan.
A site manager intentionally withheld information regarding the micro climate on a railway depot to save cost. Should he have declared this information; the risk mitigation plan should have suggested that the patrol routes be covered with salt and a change in the footwear for the staff. This recommendation would have come at a financial cost to the company.
Working on a bonus system, directly link to financial gains, this risk mitigation would have an adverse effect on the site manager’s bonus. To save cost, he, withheld crucial information. Withholding this information caused a ‘slip and trip incident’ on the black ice where an employee broke his leg and ended up with a life altering injury.
To put it in a simple and in a layman’s perspective, risk refers to the degree of uncertainty in the consequences of an action. Consequently, the more accurate the information. the more successful will be the risk management plan.
Risk Identification is based on skillful investigation, interviewing and evaluating of people and surrounding circumstances that could pose an adverse hazard. Risk Professionals have to be investigative minded. Identifying risk is based on information, however, people lie, hide information or volunteer information for their own agendas. The first objective of risk management should be to, ‘Extract Reliable and Usable Information’ using” Lie & Deception Detection Skills
The second objective is to determine whether the identified risk is acceptable or not with respect to a predetermined scale. In this case management had to make the decision based on their strategic objectives. They are not able to make the correct decisions if the plan is based on flawed information.
Master in Mind’s ‘ Human Investigation Manager ‘ Lie & Deception Detection Skills addresses this specific point in the Risk management process.
International Standards that exist on Risk Management – for example regarding risk management in Australia we adopt the ISO31000:2009 as principles and guidelines, however like any Standard it really can only provide generic guidelines as it cannot be detailed sufficiently to cover all the different sectors and industries/ company culture etc for example that exist therefore you can conclude with some certainty that they are not intended to promote uniformity of risk management across all organization rather localized risk management practices will need to design and implement company specific risk management plans and frameworks. Naturally generic steps such as ‘establishing the context / risk identification / risk analysis / risk evaluation / risk treatment with the necessary ongoing communication / consultation and monitoring / reviewing to be effective within any company, there needs to be reliable and usable information gathered from employees and staff in the formation of in-house risk management plans and this is certainly where human investigation management techniques need to be considered to ensure an as accurate as possible determination of any assessment of the likelihood and consequence of the risk and/or threat By Dr Jon Hodson
When managing risk, one needs to identify the risk and then, using the VIP formula – determine the Vulnerability, Impact and Probability – the accuracy of these outcomes are determined by the information received.
In order to be able to make good and cost-effective decisions, it is imperative that the information obtained that is used to analyze the risk, is reliable and accurate. The accuracy and reliability of this information received will have a profound impact on the decision and ultimately have a major impact on the implementation of any procedure to eliminate or reduce the identified risk.
By Errol Peace FIS (SA), MSyl (UK), CFE (USA), AISM (India), IIPS (Nigeria)
Danie has been involved in the international security industry for the past 30 years. Danie graduated in 2009 at Loughborough University with an MSc in Security Management with distinction. Danie’s research won the inaugural Sir Wilf Knight 2009 award and he also won the ASC Lord Imbert 2010 prize for the best university dissertation. After graduation Danie joined the Business school at Loughborough University as Director of the Postgraduate Security Management Program and served in this position till March 2015
Danie is an effective communicator and accomplished security professional, with strong interpersonal leadership skills. Danie has delivered professional speeches on security and risk all around the world, and traveled to numerous countries. Danie enjoys the challenges of the academia and his businesses. You can describe Danie in two words enthusiastic and passionate. Danie is the Owner of Study-Security 24/7 International Training Academy.