Everywhere we look today we encounter risk, and we get it in many forms, uses, and contexts. As homeland security professionals and as members of the concerned public trying to keep up with current events, you cannot assume you fully understand a topic as serious as this one without something more than a dictionary definition of the word. Floods, fires, storms, tornadoes, and other forms of natural mischief all create huge risks for us. And then we have the other forms of risk, those created by mankind and the horrific conflicts we witness each day that permeate Planet Earth. Just the temporary loss of power alone can create serious issues for all of us.
I have written a brief essay for you to read, hoping you might better understand the topic of risk after reading and discussing it. This essay also appears in the CAAG weekly readings as an attachment. Please address this discussion the same way you have with the others. Select any part of the subject that interests you and begin a conversation. Or, take on the essay in a more deliberate chronological fashion. However you are most comfortable confronting the issue will be fine. The sources I used in the essay are all UMUC textbooks that have been around for several years; some of you may have read them, but in the end I am responsible for the essay in it’s entirety.
Sadly, Planet Earth continues to experience crises of truly global proportion. Political, financial, economic, and environmental conditions threaten almost every aspect of human life, and it is unclear that anyone understands the scope of the problems and the inherent danger they pose to the human condition. If one were to select a single word that is most closely associated with this situation, “risk” would surely be one of the top candidates. Interestingly, one could argue that few people in the general population have ever thought very much about risk, in spite of the fact we encounter it everyday in almost everything we do. The purpose of this essay is to examine risk and explain how and why it is such a major force in the life of all of us, of all organizations, and political entities everywhere.
Risk may be defined as the possibility of loss, injury, or peril, or a dangerous element or factor. Thus, a working definition of risk might be the susceptibility to death, injury, damage, destruction, loss, disruption, and so on, of people and things. The term has crept into our daily lexicon, and trying to figure out what it means within the myriad of contexts is troublesome. Doctors speak of risk factors, executives do risk assessments, insurers offer risk management, accountants compare upside and downside risks, and sociologists examine risk taking. As a society, we aren’t certain if risk taking is a good thing or a bad thing, but we are quite certain that it happens all of the time. The essence of genuine risk taking requires us to judge what we will gain from taking risk, and then to confront the fear associated with the risk. The problem this creates is that because our fears are constantly changing, our sense of risk is also constantly changing. To take risk, we must know at all times what is actually risky to us at any given moment, and this requires us to constantly be assessing our need to understand the risk around us and our willingness to take that risk. And don’t forget, what may be a risk for one may not be a risk for another.
Risk comes in many forms: cultural, social, technological, physical, organizational, political, psychological, financial, and so on. For example, different social principles that guide behavior may have a significant affect on the judgment of what dangers should be feared most, what risks are worth taking, and who should be allowed to take them. A cultural approach can make us see how community consensus relates some natural dangers to moral defects. The connection between perceived risk and moral blame is always present when one examines social and cultural risk. It cannot be avoided, and must be part of the decision one makes prior to taking the risk, whatever it might be.
Science and technology are both obsessed with risk. Risk is not simply theoretical, it is practical and it is real. There are four broad categories of risk. The first is probably most familiar and is high risk, the risk that exacts a large toll and about which we have a lot of information, such as driving an automobile. The second category is risk of low probability, yet the consequences of which are catastrophic, such as an earthquake. The third category is an event whose probability is extremely low, so low as to not have been experienced by a living human, yet the consequences of which are so severe as to be beyond calculation. One such example would be the impact of a large meteor on our planet. The fourth category is a collection of risks that are hard to evaluate because they show up in naturally occurring hazards, such as any form of cancer associated with an environmental contaminant. This last category is often the most frustrating since it covers a huge number of threats that are very familiar on the one hand, while the perceived risks are judged to be relatively small and demographically acceptable. Examples might include health and financial risks.
Within the business sector, risk management is fundamental to almost every aspect of the profession. Risk management is the process or methodology used to decide risk related issues. Although these methods can be qualitative or quantitative, they are completely dependent on the accuracy of the data. The process of risk management includes the identification of the threat, risk, or hazard, the evaluation of the frequency and consequences of the risk, estimates, measures of direct and indirect costs, and the identification of risk reduction measures.
Most activities related to developing and implementing risk protection measures are derived from risk management techniques. Priorities are established for risk reduction by adopting measures to prevent, recover from, or mitigate the effects of damage and loss. Effective strategies rely on exhaustive research, the collection of applicable data, and careful cost-benefit analysis. Although there is no single commonly accepted risk management methodology, a generic one, however, has five steps. The first step is risk identification, which is the identification of those assets that are most valuable and whose loss would have the worst consequences.
The second step is threat assessment, which is to determine what conditions, forces, people, or organizations have the means to bring harm or loss. This step also includes determining if the risk comes from social, cultural, economic, financial, or other sources that would benefit from the loss or destruction of the assets. The analysis of potential threats also includes as complete an understanding as possible of those organizations and conditions associated with the threat.
The third step is vulnerability assessment. This requires a careful examination of the security of the assets, their protection from compromise and harm, and the extent to which the marketplace or organization is structured to safeguard the asset constituencies.
The fourth step is risk assessment. This step combines and measures the asset, threat, and vulnerability assessments to produce a risk assessment. Any asset that has high value, is threatened, and is vulnerable merits protection.
The fifth and last step is countermeasures. Countermeasures are all efforts taken to reduce risk. They must be evaluated for cost-effectiveness and ideally are preemptive. In any case, they are all initiatives taken to reduce the danger, minimize loss or disruption of services, and recover.
Most professionals would argue that the most important of the five steps is risk assessment. This is the most vital task for establishing business continuity, and should define the possible scenarios that a business might encounter that would have a harmful effect on its assets and best practices. These threats can include fraud, sabotage, industrial accidents, the loss of key suppliers or personnel, and natural hazards. Today, risk managers must also contemplate economic and financial risks, as well as terrorism and criminal activity.
After implementing the various activities and associated plans described above, it follows that if one is to successfully manage risk then the issue of warning must also be addressed. Individuals are highly responsive when they perceive a threat to be real and imminent. Warning is an art, and it has been studied and practiced for thousands of years. Within the past half century, the concept and process of warning has been elevated to a special status within both the public and private sectors. When a threat to critical assets is identified and perceived to be of sufficient risk to cause harm, the clarity, speed, and accuracy of the warning to key personnel is crucial. Properly executed and acted upon, the warning of the threat should allow preemption at best, and reduced harm at the least.
The issues raised in this essay barely touch the surface. The amount of material and information extant in literature and practice is exhaustive. For a greater understanding of the subject, one could spend a lifetime reading and researching. But this overview is designed to give the informed reader of current events, business practices, financial and economic issues, and homeland security a working understanding of the topic of risk and risk management. Associated topics include the study of probability, accounting, cost-benefit analysis, and a myriad of technical tools, processes and procedures to collect, analyze, and present relevant information, all far beyond the scope of this brief review.