Faced with these challenges, global and local companies are concerned about their duty of care to their employees, protecting asset value for shareholders, and their legal and social obligations to the local community.
There are also significant risks to a company’s reputation and “license to operate.” There is civil and international scrutiny of potential human rights violations or threats to local communities. Companies may not have adequately protected themselves against identifiable risks, all of which could lead to media, industry, or investor scrutiny.
In one example, a Canadian mining company faced allegations that its security personnel in Guatemala had killed an outspoken opponent to the mine and permanently crippled another in 2009. The company denies the allegations and is still fighting the case (even though it no longer owns the mine).
In another, a company with a distribution center outside Mexico City contacted Kroll after it had been the victim of an armed robbery. Two trucks arrived in broad daylight and removed the company’s most valuable inventory. Several of the bandits were tentatively identified as security guards who worked for the company. They knew their way around the facility and knew exactly what to take. After the local state police declined to investigate, it was discovered that they were the owners of the security company.
Given the difficulty of operating in unfamiliar markets, companies often turn to global security consultants for advice on how to manage these “enterprise risks.” They may have experienced a serious and sudden business-critical event and urgently require advice, assistance, and support. Or they might have identified potential risks and threats in new markets or existing operations, but lack the adequate internal resources, experience, knowledge, or capability to address them.
By adopting an enterprise security risk management approach, companies can identify, consider, and treat vulnerabilities in a structured and holistic way. The great strength of this approach is the ability to analyze risk in context, throughout the business. It spans the physical and cyber worlds, which is essential to ensure risk is treated in a balanced and calibrated way, and to avoid false assurance or wasteful expenditure.
Enterprise security risk management in its simplest form is a means of identifying, communicating, and categorizing risks so that resources can be optimally allocated. Some risks, when understood, will be accepted. Others will require a careful deployment of skills, resources, or management supervision. Systems or measures of managing risk across an enterprise need to be embraced and continually maintained.
Ultimately, clients are the experts on their organization’s activities, objectives, and capabilities. External consultants can bring knowledge and experience of how to identify and mitigate vulnerabilities. The combined result is a more effective and nuanced way to allocate resources. Companies that take a holistic approach to enterprise risk management often identify and discontinue wasteful and ineffective activities, thus saving time and money.
Case study – crisis response
Kroll was called in to support a corporate advisory and restructuring firm that was dealing with a bank that eventually went into bankruptcy due to a major fraud. We dynamically assessed the risks to the bank, its employees, and the corporate team of advisors and lawyers. We established a security risk management framework that allocated resources such as crisis managers, surveillance operatives, and executive protection personnel during various stages of the project.
The work involved the assessment of:
Safe movement of personnel
Oversight of the transfer of cash from branches to the central bank and the destruction of credit cards
Operational security of assets
Serving of court orders
Planning and security management for large creditor meetings
As a result, the corporate advisors were able to work effectively with the confidence that they were in a safe environment.