As a risk management professional and trainer in a region of Africa unfortunately destabilized by growing insecurity (SAHEL) after the fall of Gaddafi (Libya) in late 2011.
I've often found that people confuse the difference between the concepts of threat, risk, vulnerability, safety and security when it comes to risk management. It's important to know exactly what these concepts mean if you want to do the work of risk management, which is becoming increasingly important all over the world.
RISK:
The way in which a threat affects the organization's personnel, assets, reputation or programs. Examples of risks: flooding of the organization's facilities, collapse of buildings, contamination by cholera or other diseases, etc.
THREAT:
Any event that jeopardizes the organization's own safety, the safety of its personnel, or the safety of assets in the context in which it occurs. Types of threat: violence, conflict, natural disasters, terrorism, health problems, political interference, crime and corruption, etc. Examples of threats: crime; events of physical origin (floods, earthquakes, contaminated water); institutional negligence (lack of rules, organization charts, training, etc.).
VULNERABILITY:
Expresses both exposure to risk and the extent of response capacity in the face of such events. Examples of vulnerability: untrained personnel, offices located near clay soil, precarious building conditions, lack of emergency plans, etc.
Security is an intrinsic human need. It's an emotional situation that may or may not enable us to develop our private, social and professional activities in an environment of normality and serenity. Security is the sum of two concepts: protection and resistance. It's the certainty of knowing that something has happened, the possibility of immediately discovering what's going on, and the peace of mind of being able to take immediate action in the event of an intrusion. It involves protecting staff, volunteers or organizational resources against acts of violence, theft or damage.
To mitigate all these risks, humanitarian and development organizations recruit specialists in the field, people with extensive experience of security management in humanitarian or development organizations. By recruiting these specialists, the organization is already promoting the profession, which is thus enhanced and a department in its own right is created.
A little further down, the main security strategies used to manage NGO security in a hostile environment.
Safety has two main components:
Mitigation measures:
Once threats have been identified and ranked, it is recommended that mitigation measures be taken to reduce exposure to risk. Preventive measures designed to reduce the probability of an incident occurring (with the aim of preventing the incident from happening in the first place).
Example: vehicle maintenance. Reactive measures aimed at reducing the impact when an incident occurs (with the objective of reducing the negative effects assuming the incident does occur).
Example: ensuring seatbelt use. Be aware that if the probability is high and only reactive measures are taken, the effect of these actions will be limited.
Development of safety strategies: (Acceptance, Protection and Deterrence)
Once the context and risks have been analyzed, what are the next steps?
What strategies can be followed to reduce risk?
This section describes the main strategies adopted prior to the deployment of safety plans, which are more in the nature of "organizational culture" than protocol.
ACCEPTANCE:
A relationship of trust based on acceptance of your presence, your working methods and the purpose of your activities.
To build acceptance, you'll need:
Example: if you are a religious organization, communicate clearly how its definition does or does not affect its work.
Example: explain where the funds come from and what the program's priorities are (mission and vision).
PROTECTION:
The aim of protection is to reduce the risk (not the threat) by reducing the organization's vulnerability.
Example: protective measures (fences, alarms, guards, etc.). Try to prevent the antenna from becoming a bunker.
Example: protective measures to ensure safety on the move (radios, telephones, regular contact policies, etc.).
DISSUASION:
Measures that directly affect the person posing the threat and are used to counter threats and armed actions such as legal, political or economic sanctions.
Strategy of last resort, when the previous two have been inconclusive. In developing these deterrent strategies (if any), you'll need to analyze:
What are the limits to your ability to threaten or effectively withdraw your services?
Need for armed personnel such as security guards when traveling.
Be aware that these measures may jeopardize your acceptance.
Example: the use of armed personnel when traveling is generally not without consequences when working with communities.
Example: if a withdrawal or suspension of activities is possible, anticipate the consequences for the beneficiary populations and for your staff, and mitigate the repercussions (payment of salaries, remote monitoring, etc.).
Safety culture is a process and a spontaneous behavior within teams. It ensures that safety procedures are understood and respected in the implementation of activities. This respect for procedures then becomes a reflex and a spontaneous reaction on the part of every member of staff. A sense of individual and collective responsibility is nurtured and developed within the teams.
