Corporate Risk Management Report: Development of a Strategic Capability Development Program Across the Organization

by Marc Botes

Executive Summary

It is recommended that a Strategic Capability Development Program be developed and rolled out as a matter of urgency. OPM as an organization must develop from where we are to where we represent a more resilient, high-reliability organization, able to successfully deal with highly complex crises. This will involve changing the mindset, the very ethos, of OPM. This will result in a quantifiable benefit to the organization, both in overall staff well-being and in fiscal terms. It will also positively impact OPM’s image in the relief and development field.

Introduction

The purpose of this report is to highlight the quantifiable benefit to the organization (hereafter referred to as “OPM”), from the enhanced security and risk management capabilities that effective Corporate Risk and Crisis Management could bring, not only in fiscal terms but also in corporate reputation and overall staff wellbeing. This report will take an honest look at OPM’s current risk and crisis management capabilities in terms of strengths, weaknesses and vulnerabilities, and provide a detailed proposal of a strategic capability development program across the organization.

Background

OPM is a relief and development organization, with offices around the world. In the past, each operating country pretty much did what they wanted in terms of security. Only with the appointment of a Chief Security Officer (CSO) has there been a more concerted effort, in partnership with senior management, to establish a security management system (SMS). In the wake of a recent security audit of the organization by the CSO did glaring shortcomings come to light. The most prominent of these was the fact that although the basic policies and procedures were in place, it was not being utilized by all staff. These shortcomings in the SMS were probably not a result of negligence, but rather an ignorance of the basic principles underlying an effective security management system. This is reinforced when considering that each country of operation’s Security Focal Point (SFP) was appointed based on who wants the job, rather than any competence, training, or capacity. As a result, all of the SFPs have at least one other role as well, and in all cases, these other roles take precedence over their security and risk management functions. As the CSO, I have visited most of our countries of operation to build relationships, get a feel for the operating context, and act as a resource to the SFP.

The following systems have been designed and implemented, with varying degrees of success, by the CSO:

  • Risk Register
  • Incident Reporting System
  • Country-specific Security Plans (in conjunction with SFPs)
  • Organizational Security Handbook (to be used as a resource)
  • Safety and Security Policy Document
  • Organizational Crisis Management Handbook (to be used as a resource)
  • Travel Information Form (to be completed by all staff travelling internationally)
  • SFP Job Description
  • Etc.

Having mentioned this, it must be stressed that these are the basics only, something that should have been in place from the very start of OPM’s formation. There is much room for growth (as indicated under the “Introduction” heading.

Current Risk Environment

When we look at the current risk environment of OPM as a whole, it is important to note that each country of operation operates in differing risk environments. Like every other organization, OPM was affected by the worldwide COVID-19 pandemic. In most of our operating countries in the Middle East and Central Asia, we are experiencing elevated risk levels linked to Accidents or Illness, Aid Delivery Activities, Conflict and War, Crime, Operational Space, Road Safety Accidents, and Sexual Violence and Abuse. These different categories of incidents impact OPM in varying degrees, depending on the country of operation being discussed.

Although OPM has policies and procedures for when a crisis hits, the organization will greatly benefit from enhanced security and risk management capabilities that more effective Corporate Risk and Crisis Management could bring. I believe this should start at the C-Suite level, and then filter down to the different countries of operation and ultimately their respective SFPs.

Proposal

The development of a Strategic Capability Development Program across the organization. This will be achieved by training all relevant staff in the following:

  • Risk Register
  • Risk Controls
  • Etc.

This period of training is followed by a period of exercising what has been learnt, using realistic and relevant scenarios that become progressively more complex, and culminating in the testing phase and official validation once the testing is successfully passed.

It is not the purpose of this report to provide a complete curriculum for the training phase. Suffice it to say that it will include strategic/tactical/operational integration, the impact of management styles on crisis management, decision-making under stress, etc.

A quick review of some of the major causes of crises taking place in the 21st Century reveals a similarity that is hard to ignore:

  • “Most man-made disasters and violent conflicts are preceded by incubation periods during which policymakers misinterpret, are ignorant of, or flat-out ignore repeated indications of impending danger” (Boin, 2003)
  • “This disaster was preventable had existing progressive guidelines and practices been followed. These failures (to contain, control, mitigate, plan, and clean up) appear to be deeply rooted in a multi-decade history of organizational malfunction and short-sightedness.” (Group, 2011)

We could refer to these causes of failure as a “Dereliction of Duty.” To prevent something similar from happening to OPM, it is crucial to develop organizational resilience in the face of crises. This refers to OPM’s ability to maintain operational efficiency under the stress of external changes, so typical of crises. Resilience encompasses the following qualities:

  • Robustness – referring to the general toughness of OPM
  • Resourcefulness – OPM’s ability to develop innovative solutions in the chaos of crisis
  • Redundancy – OPM’s ability to maintain operational status despite the loss of significant operational pathways
  • Rapidity – the ability of OPM to adapt to changing circumstances
  • Reliability – the quality of delivering the required service under any circumstances.

More than anything, we want OPM to be a “High-Reliability Organization”. Such an organization is known for the following qualities:

  • Problem Management
  • Deference to Expertise
  • Sensitivity to Failure
  • Sensitivity at The Edge
  • Comfort With Complexity
  • Mindfulness and Culture

In Conclusion

Quite a bit of emphasis has been placed on moving OPM from where it is currently to where we would like to be in terms of Resilience and High-Reliability. There is room for growth, and the implementation of a Strategic Capability Development Program across the organization, especially in the Security and Risk Department, is a big step in the right direction. It must be mentioned, however, that this program will only be successful if there is buy-in across all levels of OPM. Enhanced security and risk management are everybody’s responsibility. With the backing of the Board and senior management, OPM will be that much better prepared to handle complex crises in the future. In the words of David Rubens, “Every day you do not have a crisis, is one day closer to the day you will…” (19/11/2021). OPM will face crises in the future, let’s work towards being as prepared as we possibly can for when it happens.

Recommendations

  • That a budget is made available for the development, implementation, and review of said Strategic Capability Development Program.
  • That time off is made available to all security-related personnel from their normal project-related duties for a limited time once the program is ready to be rolled out.

Works Cited:

  • Boin, A. a. P. H., 2003. Public Leadership in Times of Crisis: Mission Impossible?. [Online] Available at: http://www.jstor.org/stable/3110097 [Accessed September 2022].
  • Group, D. H. S., 2011. Final Report on the Investigation of the Macondo Well Blowout. [Online] Available at: https://www.dco.uscg.mil/Portals/9/OCSNCOE/Casualty-Information/DWH-Macondo/DHSG/DHSG-DWH-Investigation-Report.pdf?ver=I-lV-nwDpczeZsPk6JokoQ%3D%3D [Accessed September 2022].