Risk Management

Over recent years many businesses have been concerned only with Loss Prevention and not Crime Prevention; as long as insurance covered the loss then only basic preventive measures were taken. To their cost, these organisations discovered that it was impossible to mitigate all the losses from crime with insurance.

Managers have to determine and assess the risk of crime to their organisation and then consider, if necessary, strategies to either prevent the potential loss or reduce it to a controllable, manageable level.

The actual “loss” that has to be managed, from a manager’s perspective, is anything that may erode the profit or core functions of the organisation.

What are your risks?

There are many security infringements that could have sufficient impact on an organisation to upset a potential financial gain.

Although a major disaster such as a fire is often perceived as the only catastrophe that would seriously threaten the business, even minor “insignificant” issues in isolation or cumulatively, can have far reaching implications.

Risks have to be continually assessed. A change of location, change of employee, or even the purchase of new computer equipment can be just a few of the considerations that could effect your risk assessment.

The actuality of crime is not the only consideration. The fear of crime can effect both public and employees, creating a hostile environment.

All employees have to identify the risks that a business may suffer – anything from financial loss to core functions of that individual organisation, in the present or future. After all, it is everyone’s responsibility to ensure the success of your business.

How often do they happen?

Many organisations are unaware if they suffer from crime because employees are not encouraged to identify security infringements (actual and potential) and management systems do not always exist to measure the effect of crime.

A security register / diary should always be maintained. If details of incidents are recorded, including every associated cost, then these can always be analysed at a later date to discover trends and identify the most effective preventive action.

Although commercial burglaries may be rife in a particular area, most businesses only become aware of a high crime risk when it happens to them. Regrettably, it is only then when most organisations consider crime prevention.

The likelihood of a second or subsequent attack on the same premises within a short time is very high.

The criminals’ motivation for the attack will probably remain (eg new computers will be quickly installed) and the offenders know there is a low risk of getting caught because they have already succeeded once. In addition, many organisations do not respond quickly to an attack – often the security will only be improved long after the stock has been replaced.

How serious is the event?

Even relatively minor crime incidents can have a major impact on a business.

An example could be a computer stolen in a burglary. In most cases, it is not the actual computer that is of concern (the Primary Costs), nor the repair costs to the building or the lack of work achieved whilst a replacement is sought (the Secondary Costs). It is the suspicion that others now have possession of confidential business information and also the fear that clients may discover that confidential information has been removed. It would be exceedingly difficult to mitigate any losses against these “Repercussion Costs” by insurance, as the effects cannot be quantified.

Repercussion Costs are often the most damaging to a business. Financial loss and employee satisfaction are all destroyed through crime.

If the chance of a particular crime occurring is very low, and the cost of security measures is very high, then it would be more cost effective to mitigate the loss by insurance rather than meet the high preventive costs. That having been said, the subsequent high premiums, secondary losses and associated inconveniences still have to be considered, as improved security costs may not then be as significant.

Managers therefore need constantly to assess, monitor and evaluate their results (both achieved and proposed).

Finding solutions

It should be stressed, however, that no one individual measure will prevent crime. Each security measure is part of a system to have an impact by either deterring, preventing or minimising the loss.

This is achieved by creating a balanced prevention strategy in which the thief is delayed trying to overcome physical devices whilst in immediate danger of being caught.

This can be illustrated in the example where one business is protected only by barred windows, locked doors and computers secured to the floor. A burglar could enter the building and spend several hours negotiating the security devices undisturbed.

In other business premises the computers are protected by CCTV cameras, extensive alarm systems and the natural surveillance afforded by passing traffic. A burglar may simply force his way into the building in a “smash & grab” style, and escape before any person could react to the incident.

The solution is to incorporate physical security devices that delay a burglar from committing a “smash & grab” offence, but also to install security devices which notify everybody that the building is under attack.

This balance prevention strategy means that they will either give up or be caught (most thieves will not remain longer than 3 minutes after the alarm has activated).

This article is from ‘A Guide To Business Security‘ produced by Greater Manchester Police.