Sponsored by CAP Index
Advice for addressing just about any security challenge—from preventing a lawsuit to keeping staff safe—is typically the same: First, conduct a risk assessment. But how do you know if your risk assessments are up to snuff? Here are five things loss prevention departments should evaluate about their risk assessment processes.
1. Consider the source. Whether it is an article you read online, the words of an over-chatty neighbor, or the lofty promises of a television commercial, one piece of advice holds true: consider the source. This common-sense counsel is critical when it is applied to your risk assessment data.
The source and quality of your risk assessment data are critical. It is important to consider the following:
- Are you gathering all the necessary information?
- Is the person entering the event into the database doing so skillfully and consistently?
- Are you categorizing event data appropriately?
- Is your internal and external information reliable, accurate, and complete?
- Does your risk assessment equation add it all up effectively?
Failing to follow these steps can lead to faulty decision making, which in turn can affect your bottom line. Resources could be over- or under-allocated, and you could choose less-than-ideal locations or set unreasonable goals. Also, these faulty decisions could lead to significant litigation exposure.
2. Risk assessment frequency and consistency. We check the smoke detectors in our homes every year at daylight savings time. We get our vehicles inspected annually. And we even make it to the dentist twice a year—like it or not. These safety precautions happen in patterns, making them second nature to us.
That kind of consistency and frequency should also apply to your organization’s risk assessment strategy. Many organizations fail to factor frequency and consistent assessments into their risk assessment strategy.
Take some time to meet with your team and analyze when, why, and how often you conduct your risk assessments. Many companies assess annually, while others assess only after a serious incident. Some do a partial assessment based on special circumstances that need to be addressed. If you need assistance, a risk assessment services company, such as CAP Index, can help you determine the pattern of crime risk assessment frequency that is right for your organization.
3. Employee feedback—perception vs. reality. Perception is reality, right? Not always. Employee feedback is an important component in our risk assessment and prevention arsenal. But to make the most of this information, you must ensure that you understand and account for the gap between perception and reality. Here are some things to consider:
- Was the feedback solicited or unsolicited, and how does that influence their responses?
- How do people’s own experiences affect their perceptions? For example, a suburban employee may consider vehicle break-in a highly dangerous situation, while an urban employee may view the same incident as a nuisance.
- Employees can see and intuit things that just might trump the data that you are gathering. It is important to collect these supplementary observations and impressions.
4. Articulating your risk assessment methodology. Being able to articulate your risk assessment strategy is vital. You should document your strategy and be able to explain the methodology used to draw conclusions.
5. Understanding the distinction between threats and vulnerability. Which came first, the threat or the vulnerability? Turns out, there is no chicken and egg question here. Unless you have a reasonably anticipated threat, you do not have vulnerability. You are only vulnerable to threats that exist. You cannot know your vulnerabilities until you accurately identify and assess your actual and inherent threats. So while the terms may seem interchangeable or confusing, it is important to remember that vulnerability is really a result of a credible and reasonably foreseeable threat.