Continuing on the theme of dealing with emergency or crisis situations I want to talk in this article about risk assessment. I’m not here to give the standard lecture on how to write a risk assessment and the hierarchy of control and so forth. In fact I’m going to argue in the opposite direction. I’m going to argue that the paper based risk assessment template that we all know and love (sarcasm) is possibly the worst thing to happen to risk management in history. Right now I can see Health and Safety consultants printing and burning this article as blasphemy but I stand by those remarks. The way we teach and train risk assessment in the security industry is all based on that static, unmoving and restrictive piece of paper. Risk in itself is none of those things. It’s fluid and dynamic and constantly evolving and that is the way we should approach it, teach it and manage it.
Principles not procedures
The concept of risk assessment is simple and like I said it’s more than just a workplace theory. It’s a life skill and should be practiced in work, at home, driving and even in schools. Yes I did say in schools, primary schools in fact. The younger we can start instilling the principles of risk in children the better. I have used basic risk assessment ‘what if ‘ games with my 6 year to great effect (it’s made him quite good at chess actually). It might look like I’m getting off subject here but I’m not. We have been brought up to believe that as long as there is a policy or procedure to be followed we are safe and this has been passed onto us in the security industry. We feel we can look at a paper based risk assessment and abdicate all of our safety to it because it was done by an “expert” (I’ll get to that in a moment).
My take on it is that we need to strip back risk assessment to its bare bones. Teach security operatives the principles of risk assessment and give them the tools to manage risk not just blindly follow a piece of paper. I’m not saying that there isn’t a place for that piece of paper nor am I suggesting that it isn’t valuable. I’m saying that for a security operative to work effectively they need a deeper understanding of risk.
The Potters Metaphor
You’re probably wondering why the header image for this article is a potter at work. Its not because I’m gone crazy or getting in touch with my artistic side. I like to think of risk assessment as quite similar to pottery and risk situations as the clay. The potter will have an idea of what they want the finished article to look like but we have no way of knowing the exact path it will take to get there. Risk (the clay) will begin spinning and it will be influenced by all sorts of internal and external forces. It’s fluid and dynamic and when it’s truly understood it can be a complex and amazing thing to behold (sorry, I got a bit deep there). The potters job is to mould and prompt and manage and coax the clay into a piece of art. In the end it may have some minor imperfections but that is what makes it art. Now try to imagine if the potter had to write down on a piece of paper how to make the piece. All of the things that might happen and how to sort them. It would be almost impossible and if you tried it would be largely ineffective.
As security operatives this is our role on the ground. We need to be able to look at situations just as the potter views the clay. We need to be able to assess an evolving situation which no longer looks anything like it did when it began and doesn’t resemble the piece of paper that accompanies it. We then need to mould and manage this situation to its safe conclusion.
What I’m talking about here is dynamic risk assessment. The ability to assess an ongoing situation. A difficult and complex skill which has huge merit. However, once again we see the security industry take the principle of dynamic risk assessment and bury it in models and acronyms and pigeon holing the process into steps and stages. Again I’m not bashing models as a learning tool but when they become so complex that we begin manipulating the situation to fit the model and not the risk then we know we have a problem.
The basic principles are quite straightforward when you understand them.
In any evolving situation we are looking at a few simple questions
1. What could injure/harm/damage people in the situation?
2. How could that injury/harm/damage occur?
3. What options/resources/support do I have?
4. What is the best way to make sure it doesn’t happen based on what I have available?
5. If the worst happens what do I do?
These are all simple questions that with practice and repetition become habitual and natural. It’s that level of thinking naturally about risk assessment that we have to aspire to. The paper based risk assessment for sure has a place (depending on quality) in providing a basic structure to begin our thinking but it isn’t the total solution. Let me give you a really good example and a quite poor example of the use of risk assessment.
I was working with a client in a large shopping centre when an off duty security operative walked through the main door to begin work. As he walked in he went straight to the cleaning cupboard inside the door and picked up a wet floor sign and placed it by the entrance. He then walked past his manager and I and said “looks like rain outside”. Now that’s how to use risk assessment. No piece of paper told him to do that but his assessment of the weather on his way to work prompted the idea that somebody might slip at the main door and he managed it.
I witnessed a fire safety training course recently where the instructor lit a fire in the middle of a yard. He then walked back to the extinguishers, put on a hi-visibility vest and put out the fire. I asked him afterwards why he put the vest on before he put out the fire. His reply; “the risk assessment says that we should always wear PPE when practicing with fire extinguishers”. That example for me showed a complete lack of understanding of risk.
I’ve mentioned this above but one of my pet hates is the “expert” who provides a copy/paste generic risk assessment to the organisation which the security operatives are then tasked with implementing. You get what you pay for with risk assessments and it needs to be specific to your site,your tasks and your role to provide any useful guidance. I’m often reminded of ‘The Man in the Arena’quote. The real expert as far as I am concerned is the man/woman on the ground with the experience skills and knowledge to make a judgement under stress. What we as an industry need to do is make sure we have that knowledge and skills before the crisis occurs.
Stop being the bad guy
Last part of my rant I promise.The traditional approach to risk assessment has too often led to the security operative being viewed as the bad guy. We are often the one telling people that they can’t do something because of the risk assessment. This is generally not the fault of the security operative as they are caught within the confines of the piece of paper without the knowledge skill or confidence to make a decision that strays from it so the answer is always no. This negative approach is not what risk assessment is about. Risk assessment is not about preventing people from doing things . It is about allowing people to do things safely. As security operatives our role is not to prevent people carrying out tasks or events due to risk, it is about advising them on how they CAN do it SAFELY. This is where an understanding of real risk assessment can be a value add for the security operative and a security team/company.
Sorry if I went on a bit of a rant on this subject but there is a really important point to be made. In the event of a real emergency there isn’t going to be a piece of paper there to help. You will have to make split second decisions in fluid dynamic and dangerous situations and have to risk assess each move you make. If you haven’t prepared yourself for this you will most likely freeze and/or panic. It’s not even your fault though. We have built an entire industry of “experts” who have desensitised the natural human risk assessment process and left us following a piece of paper. My advice is to take that piece of paper use it as a guide and an information source but begin to think of the ‘what if’. Use the knowledge you have of your venue to be more prepared for that ‘what if’ and then hope that you never have to use it.
Stay Safe out there