Risk and Security Management
Risk and Security Management
It is estimated that the risk management and security market could be valued at over $300 billion by 2010, fueled by rapid business intelligence needs and the growth of physical security service requirements that enable government and commercial activities to occur, especially in remote, volatile, and commercially challenging environments. Despite the significant market for these services, industry expertise is often developed within government organizations and then applied to the commercial sector with very little in the way of transitional awareness or appreciation of the unique principles of commercial application. Even the largest and most well established international risk management and security services companies often lack detailed policies, procedures, and information capture structures. The same is also frequently true for commercial entities with organic risk management and security departments working under pressure to manage multiple business and project activities, with limited resources and budgets. Few organizations provide adequate instructional programs, resulting in inefficient uses of time, effort, and resources, while concurrently risking business continuity and company resources and assets through inadequate project and management controls.
When entering the risk consulting and security management sector after 14 years as an officer within the British Royal Marine Commandos, I quickly realized that often both industry standards and internal company policies and procedures were limited or, at times, absent throughout the industry. The management teams across the leading security companies (and the contracting client companies) I worked with, for, or alongside were often populated with impressive leadership that brought dynamic, pragmatic, committed, and innovative solutions to support government and commercial projects under challenging and fluid conditions. I and many others gained commercial exposure and training while on the job, situations that at times in retrospect exposed the companies to avoidable risk when managing a wide spectrum of crisis events such as mass evacuations, complex attacks, and industrial accidents within critical infrastructures. It was also evident that support structures and the sharing of well-established materials, concepts, and information occurred mainly in a disjointed manner, and often through networking and relationships rather than through organized channels, policies, or information custodians. Many reasons exist for a lack of commercial risk and security structures: these include transient consultants flowing through dynamic and uncertain contracts; the fact that policy and procedure development frequently is viewed as a cost center rather than a business enabler; and the fact that the time and resources required to establish and maintain such systems can be considerable, often exacerbated by fastmoving, underresourced, and fluctuating commercial environments.
While in the Royal Marines, I led the development of some relatively complex and unique risk management policies and security plans for the protection of strategic facilities and large geographic regions with multinational and multiethnic security groups. These exercises provided me with a solid framework for running large and complex commercial operations at the point of delivery as well as managing the corporate requirements as the client interface. Like many ex-government employees entering into the risk management and security industry, the learning curve moving straight into volatile program management functions was steep, and many lessons came about through watching experienced and competent leadership and then developing new or adapted solutions to suit fluid, business requirements. Throughout my career I have been fortunate to work with professionals with a wealth of experience and knowledge, and much of my professional development has been gained throu