We thought it would be a good idea to look at the fundamentals of risk management to remind people what it is they’re trying to so when they talk about security.
Risk management means determining what your unique risks are and coming up with a plan to mitigate those risks. It may involve security guards, active shooter plans, security cameras, access cards / badges, fingerprint scanners, fences, locks, door alarms, mass notification, visitor management policies and procedures, and any number of other gadgets, devices, systems, policies, and procedures you can think of to mitigate risk. It’s overwhelming. It can get expensive. It can be time and resource consuming to put a risk management plan into place.
But it’s important to remember that risk management is built upon a pretty straightforward principle – protection of your people and your property.
We find that a lot of organizations first determine a budget for their security needs and then try to fit solutions into that budget. We think that’s a backwards approach because you wind up with a piecemeal security system where you’ve chosen products and solutions based on price rather than on the true needs of your organization.
At Invictus Consulting we believe the first step is to do a risk assessment to determine exactly what it is you’re protecting and how you can go about protecting it. Then, when it’s time to budget, you can prioritize the most important things first rather than purchase the most inexpensive items first or the items with the flashiest appearance that will give your people and your visitors the appearance of a security system.
By knowing exactly who and what you are trying to protect, as well as knowing what your specific threats and risks are, your organization can have a phased approach to security, budgeting for the most important things first. We understand it may takes a few years worth of budgets to get your ideal security system in place, and that’s why tackling the most critical things first is important. And that’s why identifying the most critical things first is important.
Another note to remember is that much of your organization’s security is about your policies and procedures regarding emergencies, personnel, visitors, etc. Often adjusting your organization’s policies and procedures is free – it just takes some time with the board and executives and some time to train your people. Tackling these types of things while you’re budgeting for a phased implementation of other aspects of your security system is a great way to make improvements without waiting for board approval.
Finally, it’s important to understand that, even if your organization had unlimited funds, you can’t possibly protect against every single threat and risk. Again, this is why a risk assessment is so important – it allows you to determine your biggest threats and risks and create a phased approach to implementation.