Magazine

Read the latest edition of AIR and MEIR as an Interactive e-book

Nov 2024

Managing business threats in a changing world: Looking beyond duty of care

Source: Middle East Insurance Review | May 2016

An enterprise risk management (ERM) programme must understand the threats, mitigate the known and unknown, and be adaptable so as to enable business and assure a company’s duty-of-care obligations, says 
Mr James Morris of AIG
 
 
The question of whether the world is becoming more dangerous or not is one that provokes much debate, and whichever side one falls on, most people would likely agree that the nature of threats that most organisations face are changing. At no time in recent memory have companies had to consider the threat from war and regional conflict, mass migration, political instability, terrorism, crime, pandemics, cyber crime, economic instability and volatile regulatory environments, among the range of threats, occasionally considering the impact of all of these and more within the same region.
 
   While the external challenges facing business can be massive, the pressure to demonstrate profits and return on investment remains high, and companies are forced to balance risk versus opportunities. To this end, the ERM programme must understand the threats, mitigate the known and unknown, and be adaptable so as to enable business and assure the duty-of-care obligations of the company.
 
Moving beyond duty of care
Duty of care is a company’s obligation to assure the security, health, safety and wellbeing of all persons that the company has responsibility for, including employees, contractors, dependents and any others affected by their acts such as customers, neighbours, tenants or local communities. While the exact requirements can vary, essentially this means that a company must act with the due attention and caution that a reasonable person would under the same circumstances.
 
   Duty of care is often driven by health and safety, and industries with higher health and safety risks or with operations in higher-risk locations often have robust duty-of-care programmes. For example, oil & gas and mining companies as well as engineering and construction companies often lead the discussion on best practice in this area. 
 
   However, lower-risk environments or non-traditional threats often receive less attention. While many companies in the Middle East may now consider the risk of terrorism or crime, few consider the threats to their employees from motor vehicle incidents, which is undoubtedly a larger risk to employees. Likewise, companies sending travellers into unknown regions often spend time briefing their employees on the importance of watching their bags, but rarely on cultural sensitivities and practical behavioural tips.
 
Comprehensive risk management solution
Wrapping all employees in cotton wool is neither practical nor desirable; however, as the threat and business environment changes, so must the ERM programme. Organisations need to ensure that they have a comprehensive risk management programme in place that considers all of the threats.
 
   A comprehensive and flexible risk management proposition complements existing insurance programmes by identifying potential gaps in the programme, and ensuring adequate mitigations are in place and communicated to all employees that need the information.
 
   Suggested actions that can be implemented by any organisation can be separated into three categories:
 
1. Monitor
Understanding the organisation’s exposure and identifying the people and assets at risk are essential first steps in the process.
 
   Monitoring events, threat levels, trends and potential flash points is vital to understanding the risk while ensuring appropriate security measures are in place. These can vary from comprehensive travel safety and cultural awareness briefings for all persons, to safe driving techniques, to basic first aid and health awareness, through to security training for higher-risk locations.
 
2. Prevent
Considering security in advance ensures controls are in place and are appropriate to the threat level.
 
   Awareness training helps employees prepare for differing scenarios and for environments outside of their norm, building a mind-set of calmness and diligence in the face of the risk and one of awareness of the situation.
 
3. Respond
Companies and employees must be prepared to respond fully and promptly if the worst case happens. Proper training and understanding can make this second-nature. Likewise, corporate response plans that include clearly defined roles and responsibilities are vital, and it is necessary that staff members are comfortable with these in advance of any events.
 
Planning for the known and the unknown
Global events, the growing business footprint and the inter-connected nature of the world mean that the variety of threats that companies now face is wider than at any other time in history. Companies must ensure that a full ERM programme is in place in all environments.
 
   Preparation begins with information and awareness, while response should be the final option. A well-rounded security management plan ensures duty-of-care requirements are covered even when the exact threat isn’t clear.
 
Mr James Morris is Security Operations Manager, EMEA – AIG Global Security Global Prevention and Response.
 
| Print
CAPTCHA image
Enter the code shown above in the box below.

Note that your comment may be edited or removed in the future, and that your comment may appear alongside the original article on websites other than this one.

 

Recent Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.