Risk management begins with understanding risk as calculated in our recommended formula. By understanding risk and the elements that contribute to it, we are able to make recommendations to manage and mitigate risk where necessary.
To understand risk management, you need to know the four core principles. (1) risk acceptance is a willingness to accept a loss; (2) risk reduction is the practice of reducing the exposure of an asset; (3) risk transfer means transferring risk by purchasing insurance to cover or partially cover a loss; and, (4) risk avoidance is the practice of placing an asset outside the effective reach of the threat element.
The risk management formula considers the following:
- Threat (T) to an asset
- Multiplied by the vulnerability (V) of the asset
- Multiplied by the consequence (C) of an attack on that asset
As a result, the risk management formula is R = T x V x C. As we develop our countermeasures to ensure expected risk mitigation results, we continuously assess risk to identify new threats, vulnerabilities, or other changes that could increase the risk level beyond an acceptable threshold. Threats can have moderate, significant, catastrophic, or severe consequences and can be divided into two major categories: natural and human.
Examples of natural threats are mainly weather-related, such as floods, tornadoes, hurricanes, snow storms, wild fires, and earthquakes. Human threats can be separated into accidental and intentional. An accidental threat could be a hazardous material spill or power failure. Intentional threats are primarily criminal in nature and can range in severity from theft and diversion to more serious active shooter incidents or acts of terrorism. Our risk management is designed to identify these threats, determine their probability, look at the possible consequences of these events, and create processes to manage this risk.
Our risk management includes a written analysis that is both qualitative, based on research and institutional knowledge, and quantitative, partially derived from statistical review, such as crime stats and historical data.
As part of our deliverable, an easy-to-follow, color-coded chart breaks down the different threats, ranks their risk, and assigns a numerical score based on our formula.
The written narrative explains the reasoning for the individual risk scoring and applicable countermeasures tailored to that specific threat.
Client feedback has been overwhelmingly positive with these risk management tools as we have conducted similar projects for government facilities, corporate properties, entertainment venues, and professional sports complexes around the world.