A secure environment is fundamentally important for any event to be successful. Developing an effective Risk Management Plan is an important part of any project, but unfortunately, is often viewed as something that can be dealt with later. Issues often do come up though and without a well-developed plan, even small issues can become emergencies. The aims of event security are to :
• Provide a safe and smooth running of the events by assessing any potential risks
• Protect people from violence and intimidation
• Protect official resources and information from unauthorised access, disclosure or compromise
• Prevent unauthorised people from gaining access to official resources that could cause embarrassment to the agency or government, including:
- security classified and other official information and physical assets
• Protect property from damage
• Anticipate any changes in the National Threat Level, or event specific threats, and provide for rapid escalation of security measures
• Ensure the proceedings are conducted without disruption, and minimising any disruptions to the public
As events have specialised organisational requirements, an agency’s normal protective security measures might not provide the full security measures required for the event or venue. As part of the event risk assessment, agencies should determine whether a specific security plan to cover each event or venue is required. A security plan will help to identify which protective security measures are appropriate for each event or venue.
1. Develop a Risk Management Plan: Risk is the effect (positive or negative) of an event or series of events that take place in one or several locations. It is estimated from the probability of the event becoming an issue and the impact it would have on the event. Various factors should be identified in order to analyse risk, including:
- What could happen?
- How likely is it to happen?
- How bad will it be if it happens?
- How can you reduce the risk and by how much?
- How can you reduce the impact of the issue and by how much?
After you identify the above, the result will be the amount of risk you simply can’t avoid. It may also be referred to as Threat, Liability or Severity. It will be used to help determine if the planned activity should take place.
2. Define your project: To develop a risk management plan, the project needs to be defined. This helps in understanding and planning the tasks in a better way. This will also help to define and categorise the risks as the High, Medium and Low.
3. Get input from other: One person cannot identify all the risks on his own. It is advisable and good to get input from others. Brainstorming is a good way to identify all risks. Get several people together who are familiar with the project and ask for their opinion on what could happen, how to help prevent it, and what to do if it does happen. Try to keep an open mind about ideas. “Out of the box” thinking is good, but do keep control of the session. It needs to stay focused and on target. All the points from brainstorming should be noted properly as these would prove helpful in the estimation of risks and the planning of a successful event.
4. Identify the consequences of each risk: From the brainstorming session, you would gather information about what would happen if the risks materialised. Associate each risk with the consequences arrived at during that session. Be as specific as possible with each one. “Project Delay” is not as desirable as “Project will be delayed by 13 days.
5. Eliminate irrelevant issues: There are a lot of risks which cannot be taken care of. There’s nothing you can do to plan for them or to lessen the impact. You might keep them in mind, but don’t put that kind of thing on your risk plan.
6. List all identified risk elements: All the identified risks should be listed one by one in a proper order. These should not be listed in any random order. This will help to plan everything step by step so as to reduce the potential risks to a minimum.
7. Assign probability and impact: Each identified risk element on your list should be categorised as High, Medium or Low based on the likelihood of it actually materialising and the impact that it would make on the event if it materialises. Try to use the numbers to assign the probability and impact. A 10 point scale could also be used to assign the probability and impact to each risk.
Note: If the probability or impact of an event occurring is zero, then it will be removed from consideration. There’s no reason to consider things that simply cannot happen.
8. Develop mitigation strategies: Mitigation is designed to reduce the probability that a risk will materialise. Normally you will only do this for High and Medium elements. You might want to mitigate Low risk items, but certainly address the other ones first. For example, if one of your risk elements is that there could be a delay in delivery of critical parts, you might mitigate the risk by ordering early in the project.
9. Develop contingency plans: Contingency is designed to reduce the impact if a risk does materialise. Again, you will usually only develop contingencies for High and Medium elements. For example, if the critical parts you need do not arrive on time, you might have to use old, existing parts while you’re waiting for the new ones.
10. Analyse the effectiveness of strategies: Try to analyse the effectiveness of the strategies formed to reduce the risks and evaluate by how much the Probability and its impact have been reduced. Evaluate your Contingency and Mitigation strategies and reassign Effective Ratings to your risks.
11. Monitor your risks: Now that all the risks are determined, you need to determine how you’ll know if they materialise so that you’ll know when and if you should put your contingencies in place. Do this for each one of your High and Medium risk elements. Then, as your project progresses, you will be able to determine if a risk element has become an issue. If you don’t know these, it is very possible a risk could silently materialise and affect the project, even if you have good contingencies in place.
• Do not assume that all the risks have been identified. The nature of any risk is that it is unpredictable.
• Do not let politics to interfere with your assessment. People don’t want to believe that the things they control could go wrong and will often fight about risk levels.
• Consider what might happen if two or three things go wrong at the same time. The probability will be very low, but the impact can be extreme. Nearly every major disaster involved multiple failures.
• Do not ignore Low risk items completely, but don’t spend much time with them. Use High, Medium and Low to indicate how much effort you will put into monitoring each risk.
• Do not get too intricate for the project. Risk Management is an important part of the project but it shouldn’t overshadow the actual work to be done. If you’re not careful about this, you can start chasing irrelevant risks and overload your plan with useless information.