An Introduction to the NSG Approach to Risk Assessment
The protection of company and organisational assets from loss, howsoever caused, is critical to maintaining and increasing business capability and profitability. The key to the successful protection of an organisation’s assets lies in a radical, pragmatic and balanced approach to company security. It is also the case that what works for one organisation may not necessarily work for another, even if those organisations operate in the same sector.
NSG Security Consultants apply a lateral problem solving approach, involving understanding the organisation’s business model to ensure the effective introduction of measures not only to improve security and reduce loss, but also to enhance and support business operations. This process is applicable to all organisations including those in retail, finance, manufacturing, service, leisure, Government (including local government) and construction sectors, and takes place in four phases.
What we do
Phase One – The Identification of Areas at Risk
It seems obvious to state that the first stage in the process is the identification of areas at risk. But the risks to an organisation’s operations can be diverse and include for example, reputation, product contamination, and supply chain disruption, as well as the more obvious, IT equipment, buildings and people.
Working at both strategic and operational level throughout the organisation, NSG Security Consultants will identify all areas of an organisation’s operations that may be at ‘risk’.
Phase Two – Risk Assessment
Quantitative and qualitative assessment of risk is complex and as a result most risk assessments are threat assessments and not an assessment of actual risk. Threat assessments apply a mathematical formula taking into account the probability of loss or an event occurring and the magnitude of the potential loss. The problem with this approach is that even if the magnitude of loss is potentially catastrophic but the probability of loss or the event occurring is remote the ‘risk’ will be rated as low.
NSG Security Consultants take a different approach and assess ‘pure risk’ and rate the risk according to the potential impact on the organisation, irrespective of the likelihood. In broad terms, the risk assessment process can be broken down into three areas:
Phase Three – Security Survey
The security survey is essentially a physical examination of the client’s premises and the immediate environs, including a thorough inspection of all operational systems and procedures. Following completion of the first two phases, consultants produce bespoke security survey checklists to be used during the security survey.
The security survey has as its overall objective, the analysis of the client’s facility to determine the existing state of its security, to locate weaknesses in its defences, to determine the degree of protection required, and to lead to recommendations for establishing the Risk Management Plan.
Phase Four – Risk Management
Risk management is the application of the same broad principles that apply to solving all management problems. The primary objective is to save money by minimising in a cost-effective way, the drain on resources brought about as the result of loss.
In this phase the results of the previous three phases are reported and form the basis of the Risk Management Plan.
It is widely accepted that the techniques to manage the risks identified fall into one or more of the following categories:
The Risk Management Plan will propose applicable, proportionate and effective controls or countermeasures for managing the risks identified, taking into account the technique categories. And importantly the NSG Security Consultants prepared Risk Management Plan will include an Action Plan for client ‘sign-off’ and implementation. The Action Plan will out outline the sequence in which the consultant recommendations (countermeasures) should be introduced taking into account:
The Risk Management Plan includes a cost benefit analysis to justify the introduction of the countermeasures proposed by consultants. Where recommendations indicate a range of countermeasure options, the comparative advantages and disadvantages of each option are assessed to enable the client to decide which option to implement.