Counterterrorism and risk management frameworks
This section explores practical aspects of risk management and steps your organisation can take to strengthen risk management policies and practices, while maintaining a principled approach. It endeavours to make risk management approaches accessible and understandable to a broad range of staff, including those who are field-based and responsible for programme implementation.
What is risk management?
Risk management is a process to help staff systematically think though what risks may arise in specific contexts and what can be done to mitigate these. It addresses the question of what organisations can do to make sure that as those most in need are assisted as much as possible in a principled manner, despite challenging contexts, by identifying, monitoring and tackling key risk factors.
Definitions:
- Risk: Uncertainty, whether positive or negative, that may affect the outcome of an activity or the achievement of an objective
- Risk management: a cycle of identifying and assessing risks, assigning ownership of them, taking action to anticipate and mitigate them, and monitoring and reporting progress
Why use a risk management framework?
Owing to the nature of the environments they work in, staff of humanitarian organisations constantly manage risk. Where this is done in an ad-hoc manner there may be gaps and inconsistencies in the way risks are identified and managed. In order to prevent this, organisations should consider adopting a framework to establish clear processes for identifying and managing risks. Counterterrorism issues should feature strongly within this framework. The key components of a risk management framework are outlined in this section. Where an organisation does not have a clear risk management approach in place staff and teams can still apply these risk management processes to the contexts they work in to address CT issues.
| Risk | Description | |
|---|---|---|
| Operational | → | Inability to achieve objectives |
| Security | → | Violence or crime |
| Safety | → | Accident or illness |
| Fiduciary | → | Misuse of resources, including fraud, bribery and theft |
| Information | → | Data loss, breaches or misuse |
| Legal/compliance | → | Violation of laws and regulations |
| Reputational | → | Damage to integrity or credibility |
| Operational | → | Inability to achieve objectives |
| Ethical | → | Insufficient application of the humanitarian principles and duty of care, lack of adherence to organisational values and mandate |
Built with Shorthand