CHAPTER 7 Risk Assessment, Security Surveys, and Planning
After completing this chapter, the reader should be able to
· ■ define risk and risk assessment.
· ■ list and describe five distinct types of risk that threaten individuals and organizations.
· ■ discuss management techniques associated with risk elimination, reduction, and mitigation.
· ■ evaluate risks to determine vulnerability, probability, and criticality of loss.
· ■ conduct a risk assessment utilizing subjective as well as objective measurements.
· ■ conduct a security survey.
· ■ analyze needs identified through a risk assessment.
· ■ develop appropriate courses of action to eliminate, reduce, or mitigate risks identified in a risk assessment.
· ■ discuss the importance of the budget process.
· ■ demonstrate knowledge of crime prevention through environmental design.
· ■ demonstrate knowledge of emergency planning.
A major focus for security management is the concept of risk. Subjective information as well as objective measurement instruments (such as a security survey) are used in an essential first step of a planning process designed to identify and assess the threat posed by each risk source. As the planning process proceeds, security personnel make recommendations and determine the financial impact of any potential risk mitigation strategy. Planning activities also involve preparation for emergency situations and consideration of anticrime measures available through environmental manipulation.
THE CONCEPT OF RISK
Risk may be defined as the possibility of suffering harm or loss, exposure to the probability of loss or damage, an element of uncertainty, or the possibility that results of an action may not be consistent with the planned or expected outcomes. A decision maker evaluates risk conditions to predict or estimate the likelihood of certain outcomes. From a security perspective, risk management is defined as the process involved in the anticipation, recognition, and appraisal of a risk and the initiation of action to eliminate the risk entirely or reduce the threat of harm to an acceptable level. A risk involves a known or foreseeable threat to an organization’s assets: people, property, information, or reputation. Risk cannot be totally eliminated. However, effective loss prevention programs can reduce risk and its impact to the lowest possible level. An effective risk management program can maximize asset protection while minimizing protection costs (Fay, 2000 ; Fischer & Janoski, 2000 ; Kovacich & Halibozek, 2003 ; Robbins & Coulter, 2009 ; Simonsen, 1998 ; Sweet, 2006 ).
Types of Risk
Generally, risk is associated with natural phenomena or threats created by human agents. Natural risks arise from earthquakes, volcanic eruptions, floods, and storms. Risks created by human beings include acts or failures to act that lead to crime, accidents, or environmental disaster. As many as five distinct types of risk threaten individuals and organizations:
· • Pure risk exists when there is a potential for injury, damage, or loss with no possible benefit. Potential medical claims resulting from accidents may be classified as pure risks. The threat of criminal attack and natural disaster are also examples of pure risk. These events increase operating costs, a form of loss.