The purpose of this essay is to explore elements of security and risk management at strategic, middle management and operational stages of commercial security and demonstrate whether or not they are compatible concepts. The essay begins by exploring aspects of risk and security management on a broad scale. Definitions and explanations are briefly given, before an analysis of the probabilistic concepts of risk discussed in a study by Giovanni Manunta. The essay argues in favour of security management being a function of risk management, however briefly discusses the critique given to risk management through the work of Giovanni Manunta to gather both sides of the argument before conclusions are drawn. The security survey process is explained in order to demonstrate risk and security management cooperating with each other in order to achieve a better success for organisations. The security survey is a strategic option used regularly by organisations and is used in this essay to introduce the argument. Strategic Risk management is discussed further with reference to physical security, discussing its importance in crime prevention and its ability to decrease the risk of criminology. The essay briefly discusses how the role of a middle manager can benefit effective risk management and shows the relevance of the middle manager in a commercial security situation. To discuss the relationship of security and risk at an operational stage the essay reviews a study by David G. Patterson. This study gives an analysis of how organisations can adapt security operating procedures to different threat levels, and in doing this demonstrates further support for security management being a function of risk management. This essay question is very significant because security and risk management if used effectively can improve the performance of an organisation. The misuse of these two powerful concepts can result in disastrous consequences.
Traditionally the role of security has been viewed as a low skilled guarding function, and it is only in the last decade that the security, through membership of associations such as the British Security Industries Association, and American Security Industries Association and through the provision of degree level training, has begun to drive security management towards the status of a profession (Gill M et al 2002). Gill M (2000) believes that the subject area of security management may include the study of accidents, hazards, risk, disasters and much more, as well as management and criminology. The subject is concerned with the protection of assets from threats: hence the overlap with criminology when the threat is crime.
Before beginning to discuss the relevance of risk management working in conjunction with security management it is important to discover why security management is required at all. Hearnden K et al (1999) state that the levels of crime and the variety of threats to both businesses and the public sector are such that those with responsibility for managing them must be in a position to respond effectively if they are to realise the full potential of the people and the organisations they lead. If the use of security techniques and technology are successful this can possibly result in operational losses being reduced, this in turn will then improve the businesses profits or a more effective use of resources. After discussing and attempting to define the problematic area of security management it is important to discuss the concept of risk management in order to provide a foundation for the essay.
Tchankova L (2002) states that risk covers all aspects of organisational activities and it is included in all levels of management. Risk management has become a main part of an organisations activities and its main aim is to help all other management activities to reach the organisations aims directly and efficiently. This maybe a very broad statement but can, and is, being interpreted for this essay as an early indication that security management can be associated with risk identification. Risk management is a continuous process that is involved in the identification and control of risks in both the internal and external environment of an organisation. Gill M (2000) believes that ‘crime risk management’ is easier to define than crime prevention or security management, because it carries less intellectual baggage, and bridges the gap between criminology and security management. Although security management is not the same as crime prevention it will always incorporate it.
In a study by Manunta G (2002) it states that in the last 30 years, literature and the practice of security have largely been informed by the probabilistic vision of risk. Security measures are now generally thought of in terms of risk reduction. As such, they proceed from a probabilistic risk analysis, and are justified by the calculation of their economic expected utility. The paper suggests that the success of the security manager is consistent with formal simplicity and rational decision-making, and investigates if risk and security are compatible concepts. Manunta G (2002) believes that the probabilistic concept of risk is born of a daring assumption: that it is possible for a decision maker to make an informed choice about future events whose outcomes and likelihood are known, or at least estimable with a reasonable degree of reliability. This is based around theories of probability, the study demonstrates how these theories are calculated using examples such as risk in gambling and insurance, risk in the enterprise, risk in engineering, and risk in safety. Through using these examples probabilistic risk is criticised as not being compatible for every situation. The aim of the study is to question if probabilistic risk methods help security decision makers to address security problems in a simple and rationale way, and the results are indecisive. From a retail security manager’s perspective probabilistic risk assessment can be used for security management in a positive way. Manunta G (2002) states that with reference to the shop floor there are a large number of products whose single protection value is in principle indifferent, and priorities can be addressed according to a probabilistic analysis of a large number of regular enough negative events such as shoplifting. The probability and impact of this can be calculated on the basis of a large amount of significant data collected over the years. However in controversy of this Manunta G (2002) states that a security context is characterised by a conflict against malevolent people who may threaten life, power, reputation as well as financial interests. This adds uncertainty and fear by interfering with identified trends, judgment and indifference. Events do not happen accidentally but intentionally, with a determination to overcome or bypass defences, with the expectation of causing harm. If security professional’s decisions were inspired by identified trends, these decisions would become predictable to the aggressor, making the situation more vulnerable for security. As Manunta G (2002) states this has been proven by terrorists and special forces in abundance.
As this essay is aimed to argue a case for security management being a function of risk management it is essential to show how the two subjects theoretically and practically work together to benefit commercial organisations, this can be shown through the explanation of the security survey, which is used in lots of organisations as a form of risk management strategy. As previously suggested risk management is concerned with internal and external aspects of an organisation that may result in loss of earnings or damage to company assets. Hearnden K et al (1999) suggests that there is a clear distinction between business risks and pure risks. They define pure risks as the preservation of the organisation’s assets and earning power from sudden losses. It is this definition of risk that will be used to demonstrate the security survey. It is believed by Hearnden K et al (1999) that the security survey is consistent of three distinct phases, which are described as identification, evaluation, and management. Tchankova L (2002) states that risk identification is the first stage of risk management. It develops the basis for the next steps of analysis and control of risk management. The identification process involves distinguishing which areas of the organisation are exposed to risk. Tchankova L (2002) suggests that these consist of physical assets, human resources such as valuable staff, and financial assets. Hearnden K et al (1999) states that each of these areas needs to be examined critically and thoroughly to produce an accurate and complete picture of possible loss-producing events. Risk evaluation is concerned with assessing the likeliness and impact of uncertain future events. Methods of risk analysis vary from different companies; reliable results might be achieved through quantitative methods for example. Hearnden K et al (1999) states that there are four common and interdependent elements that guide risk management which can be described as risk avoidance, risk transfer, risk retention, and risk reduction. Risk avoidance means not engaging in activities that are of any risk to the organisation, however most things do involve some degree of risk and this would not be an option for every goal or target of a business. Risk transfer can be associated with insurance against potential loss of earnings that can occur whilst engaging in risk. Also elements of sub-contracting are a form of risk transfer. After a full evaluation of risk and potential consequences a company may decide to retain part or all of the risk. Hearnden K et al (1999) states that the decision to retain the risk, either partly or wholly, will normally be determined, on the one hand, by the organisations ability to reduce the probability of the unwanted event happening and, on the other hand, by its ability to reduce the financial and operational impact if it does occur. Hearnden K et al (1999) suggests that risk reduction can be achieved through safety and security measures, procedural improvements or contingency planning. Good security, such as barriers, locks. Safes, surveillance and alarm systems, will deter, delay and detect criminals, thereby reducing the probability of a criminal attack. Good controls and procedures will reinforce this protection by limiting both the likelihood and severity of an event.
Similar to risk management, strategic planning is used by organisations as a variety of solutions that can improve performance and profits, according to Noy E et al (2003) the importance of risk management in business decision making in general, and in strategic decisions in particular, has become apparent largely in the last 15 years. Noy E et al (2003) highlights that researchers of risk management have tackled this subject from various aspects such as managers risk behaviour, non-coherent risk strategy, the economic aspects of risk in strategic management, and the effect of risk on performance, strategy, and organisational processes. It is the final point that will be discussed in relation to commercial security. As previously discussed the security survey represents a risk management strategy, which can be used as a method of security management. Other methods of strategic risk management in commercial security can consist of controls and counter measures such as physical security. Hearnden K et al (1999) suggests that of all the constituent parts of a loss-prevention strategy, good physical security is without doubt the most important. It defines boundaries to property, and then deters, detects, and delays unauthorised entry. Hearnden K et al (1999) states that physical security cannot totally prevent unauthorised entry, but can however play a key role in crime prevention by placing obstacles in the way of the criminal, even if the measures in place cannot guarantee, in the final analysis, inviolability. The physical security should create enough time for a response to be ascended. In criminology terms this can be called a form of crime displacement, where a crime has not been prevented but has been moved on. Aspects of physical security consist of security guards, CCTV, fences, doors, locks, barriers etc. Also aspects of environmental management and design represent strategies of crime prevention and security. The theory that informs the notion of environmental management proposes that the evidence that crime has been committed, if allowed to remain in place will lead to further offences being committed (Burke, R 2005). Concepts of environmental design are considerable in the acts of crime and require operation at the planning stage.
One of the most important parts of physical security is identifying and assessing the risk. Hearnden K et al (1999) states that it is important to know the personality of the premises in which you want to protect. The personality emerges from a study of the premises over a full 24 hours, and then extends to cover a complete 7-day cycle. At this stage it is possible to identify the nature and extent of threats to security and act accordingly, demonstrating acts of risk management and security management producing strategic measures in a commercial environment.
Chicken J (1996) states that the way in which risk management should be organised depends on the type and size of an organisation and the risks involved. The type of management structure should be tailored to match the specific characteristics of an organisation, one of the possibilities should it be required is the position of a middle manager. A middle managers primary role is to monitor activities of subordinates and to generate reports for upper management. Harrington D et al (2004) believes that the middle managers position has become less and less important in today’s organisation, this has occurred because of the introduction and use of e-business. However in controversy to this a study by Floyd S (1997) concluded that middle managers provide a high influence in the performance of an organisation. The findings suggest that middle managers strategic influence arises from their ability to mediate between internal and external selection environments. Floyd S (1997) believes that positive effects on organisational performance depend on whether the overall pattern of upward influence is conducive to shifts in the network centrality of individual managers and whether the pattern of downward influence is consistent with an appropriate balance between the organisations need for control and flexibility. According to Chicken J (1996) in terms of risk management the middle manager is responsible for ensuring in detail, that the acceptability of risks is properly assessed and that procedures are adopted to ensure that risks are kept within the limits of what is generally acceptable. It is also suggested that the form of assessment may be very simple and qualitative, without real analytical justification. Where the risk involved is negligible, it is possible to use a simple assessment, however it is essential that this does not result in a lack of knowledge of the possible risk. In commercial security management terms, the risk assessment of the middle manager can determine if or what security is required dependant on the size, performance of the organisation also the risks involved. If a security manager’s position is present in the organisation, the role of the middle manger can be utilised as a form of communication between upper and lower management, this can advantage the security manager, because the work being completed may be given credit from the audit. The role of a security manager is often overlooked, and is sometimes top of the list when considering cut backs. The organisation can also benefit from this because the report produced by the middle manager will establish if the correct procedures are in place, and highlight any areas which require further attention such as a rise in a threat trend e.g. terrorism. Koskosas I et al (2004) stats that trust, culture and risk communication play a significant role at the level of security goal setting, and trust provides the conditions under which a strong group culture and effective communication of risks are likely to occur.
After demonstrating several strategic and middle management elements of risk and security it is necessary to show how the two concepts work at an operational stage. Tchankova L (2002) states that operational activities of the organisation actually create risk and uncertainty. King J (2001) defines operational risk as a measure of the link between a firms business activities and the variation in its business results. The term operational implies control, and the factors that affect operational risk are often within the firm’s influence or control. With this in mind it is possible to demonstrate how risk and security management can work together to achieve this strong concept of control. In a study by Patterson G (2004) it is stated that a successful security concept for protecting facilities today emphasises a growing awareness of technological developments and emphasises the integration of architectural aspects, security systems and human resources and procedures so that they can be more effective. The study by Patterson G (2004) is aimed at offering security solutions that if implemented correctly can possibly combat various threat levels. The study highlights that risk of threat levels change from time to time and need to be considered when determining security measures for commercial facilities. Operational procedures tailored to each risk must be developed. Failure properly to consider risks, operational procedures and the human element can end in consequences dependant on the significance of the situation. As previously stated crimes are the product of intentions rather than means, whilst technology can help detect intruders only the judgment of the security managers can establish their intentions and take actions to combat them. Patterson G (2004) states that the key word describing risk management in today’s world is integration. In this case Patterson G (2004) refers to connecting several different types of hardware devices; developing software interfaces so the devices can exchange information and be controlled from one location; providing procedures for using the systems to assist in assessing and responding to alarms; and providing trained human resources to operate the systems and carry out the procedures. It is also stressed in this study that the human element of security, which includes procedures, decision-making, common sense and awareness, are all best implemented at the time of the systems design. In order for this to be completed a security risk analysis of the operational elements of an organisation should be completed. Patterson G (2004) lists the operational elements as staffing, policies and procedures, training, visitor control etc. Once the risks have been distinguished the device schedules and security procedures can be developed. Patterson G (2004) describes these schedules and procedures as alarm type schedules, CCTV camera interaction schedule, alarm assessment and dispatching procedures, and incident response procedures. Once these operational procedures are in place it is very important to review and update them regularly. The review of this study suggests to the author that operational risks can be controlled through the use of risk and security management and is well within the organisations influence to do so.
It was best said by Adams J (1995) that in the dance of the risk thermostats, the music never stops. This being the case the correct implementation of security management is essential in today’s world of business.
In conclusion concepts of risk and security are as proven in the main body of this argument increasingly important. The results of the Giovanni Manunta study on security and risk being compatible concepts are mixed, however this study is concentrated on probabilistic risk assessment. This is conman method that does have flaws, and is not compatible for every situation. However it does support the argument of this essay to a certain extent with respect to probabilistic risk assessment in conjunction with security management being compatible in the success of commercial security. After reading the scope of this essay it may be suggestive that risk management is a function of security management as apposed to vice-versa, especially when scrutinising the security survey, however when defining risk management as a main part of an organisations activities and its main aim is to help all other management activities to reach the organisations aims directly and efficiently, it is clear that the argument has no foundation at all. Physical security defines boundaries to property, and then deters, detects, and delays unauthorised entry. These physical security measures can only be established by identifying and assessing the potential risk of criminal activity. Through the use of physical security, this essay demonstrates acts of risk management and security management producing strategic measures in a commercial environment. This highlights further evidence for the main argument of this essay. The research shows that the role of a middle manager can help organisations to identify and evaluate risk and define appropriate security measures that can be put in place. The study by Patterson G (2004) demonstrates technological and human procedures that can be used as a form of operational risk management, the study concludes that operational risk can be controlled by organisations if the right security systems are in place and are implemented correctly. This in correlation with the previous arguments put forward by this essay demonstrates that security management is a function of risk management and if used correctly can both improve the performance and profits of the organisation as well a protect the organisations assets.
References:
Adams J (1995) Risk, London, UCL Press
Burke, R (2005) An Introduction to Criminological Theory Second Edition, USA Willan Publishing,
Chicken J (1996) Risk Handbook, UK, International Thomson Publishing Inc
Floyd S, Wooldridge B (1997) ‘Journal of Management Studies’ Middle Management's Strategic Influence and Organizational Performance, Volume 34, Issue 3, pp 465 - 485
Gill M (2000) Commercial Robbery, Great Britain, Blackstone Press Limited
Gill M, Moon C, Seaman P, Turbin V (2002) ‘International Journal of Contemporary Hospitality Management’ Security Management and Crime in Hotels, Volume 14, No. 2, pp 58 – 64
Harrington D, Williams B (2004) ‘Managing Service Quality’ Moving the Quality Effort Forward – The emerging role of the Middle Manage, Volume 14, No. 4, pp 297 – 306
Hearnden K, Moore A (1999) The Handbook of Business Security Second Edition, London, Kogan Page Limited
King J (2001) Operational Risk Measurement and Modelling, England, John Wiley & Sons Ltd
Koskosas I, Paul R (2004) ‘Risk Management: An International Journal’ Information Security Management in the context of goal setting, Volume 6, No. 1, pp 19 - 29
Manunta G (2002) ‘Security Journal’ Risk and Security: Are they Compatible Concepts? Volume 15, No. 2, pp 43 – 56
Noy E, Ellis S (2003) ‘Journal of Managerial Psychology’ Risk: A Neglected Component of Strategy Formulation, Volume 18, No. 7, pp 691 – 707
Patterson D (2004) ‘Journal of Facilities Management’ Adapting Security Operating Procedures to Threat Levels, Volume 3, No. 1, pp 53 – 64
Tchankova L (2002) ‘Environmental Management and Health’ Risk Identification – basic stage in risk management, Volume 13, No. 3, pp 290 - 297
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment