It’s time to research how humanitarian non-governmental organisations define risk and how those definitions affect the work of security managers. Will one size fit anyone?
The interesting basis for this query is how, at relatively the same time, numerous organisations have concluded that security risk management (SRM) needs attention. Certainly, current world events, prolonged conflicts in Mozambique, Yemen or the Central African Republic, or the recent changes in Afghanistan, and industry talk have influenced this attention. Headquarter-level forums have gained traction, while country-level coordination is increasingly supported and practised.
What’s changed for SRM?
Risk is a multidisciplinary issue and is difficult to determine accurately. Academic discussion is constantly evolving. Traditionally, financial risks through audit and external auditors have had the limelight. More recently, legal and HR risks are discussed and reported in organisations, and donors have started asking how security is managed.
We all know that risk appetites differ, as do risk management capabilities. There’s change in how professional the sector has become and more and more talk between practitioners and in the public realm. Some aspects are subject to various levels of critique, for example, the ‘militarisation of humanitarian aid’. GISF advocates research and knowledge-sharing, with all of you interested and invested in understanding more. There are practitioners writing books and articles, and some, like me, are taking to academic studies to understand more.
Do risk definitions affect security risk management? How has risk been defined, if at all, in different humanitarian NGOs? The difficulty in assigning meaning to words becomes evident in the most recent Aid Worker Security Report 2022, which highlights that risk is frequently used interchangeably with threat, hazard, and uncertainty to measure the potential impact of adverse events or probability. The same report explains SRM as based on assigning scores to impact and likelihood, thus deciding where to allocate resources. In contrast, in 2010, Van Brabant already drew attention to explicit policies being the basis for SRM. Obviously, there has been change over the years, but is there a common understanding?
Research on the risk definitions of humanitarian NGOs have not been published. Therefore, the potential solutions or problems of standard risk definitions for organisations are unknown. Where an organisation might be happy with a definition of uncertainties x consequence, for some security managers, this might not work, as uncertainties are notoriously difficult to quantify or qualify. For other organisations, the best working option might be probabilities x expected values, for example, when they have reliable data on their historical operations in known contexts. However, this might not work for a smaller organisation coming to a new context. Then again, there might be entirely different definitions of what risk is to a humanitarian NGO. There might be NGOs that have not defined what risk is to them at all.
What does this mean for approaches to SRM?
Implications of risk definitions and following effects lead to several issues. To name a few:
- Security training providers, however flexible they may be, will use different definitions as a basis for training.
- Within partnerships, local or national NGOs may have different understandings of risk to international NGOs.
- Donors will have their own ideas and limits to what risks they are willing to accept.
- Staff will again have their own views, which will affect the operational side of work if organisations do not explain and gain informed consent from staff on accepted risk thresholds.
Different viewpoints on what risk is range from the theoretical, to the organisational, to the very personal. The security manager sits somewhere in the mix, pondering, for example, the difficulty in writing guidelines – write them too general, and they influence nobody; write them too specific, and the volume goes exponentially high and does not transfer between contexts. Gaining buy-in is critical. The staff reading the guidelines range from the ‘we’ve seen it all’ to the relatively new, who ask what to do when a monitoring trip gets interrupted while on the road, each with their own understanding of what risk is. From an academic view, the spread is between the positivist, who thinks they can write pertinent guidelines for all possible situations, to the constructionist, who wants to be able to talk about risk and security to create a shared understanding. Both extremes have their problems, for example, in how risks change over time. These challenges are exacerbated for relatively small organisations that do not have the resources to hire a security manager, let alone a team.
Defining what risk is to an organisation should be a starting point for risk management and ultimately keeping aid workers safe. Researching and defining risk in the industry will enable organisations to further their internal discussions. The longer view would be to gain common understanding within the industry on what risk is and how it can be defined.
For this upcoming research, the help of the GISF membership is solicited. Director Lisa Reilly will be sending an email in the coming weeks to GISF’s members with an invitation to participate. This measure is taken to ensure the anonymity of the responses.
About the Author
Lasse Lampinen has served FELM from 2005 and since 2019 as the Security Manager. The years in between he spent mainly in sub-Saharan Africa as a Regional Director, where in 2011, his professional interest in security issues began. Lampinen is completing his MSc in Risk, Crisis, and Resilience Management at the University of Portsmouth in 2023, with a particular interest in risk definitions and their effect on SRM practice.
Image Credit: Christian Aid/Afsar-DSK
When Security Risk Management and Technology Collide: getting humanitarian notification systems right
At first blush, the notion underlying humanitarian notification systems (HNS)—also sometimes called ‘humanitarian deconfliction’ or ‘humanitarian notification systems for deconfliction’—might appear quite simple. Humanitarians operating in conflict settings seek to cultivate relationships with armed actors to enable humanitarian access, mitigate humanitarian insecurity, and promote civilian protection. When engaging with an armed actor exhibiting no evident intent to harm humanitarian actors, how complex could it be to devise an information-sharing platform (i.e., HNS) that can enhance the armed actor’s situational awareness by transmitting geolocations for static humanitarian sites (e.g., warehouses, offices, or even education and health facilities) and planned aid worker movements (e.g., road movements or flights)?
Haiti is experiencing a unique case of converging and compounding crises. The rising cost of inflation, political instability, cholera, climate disasters, organised crime, and more. This presents an ongoing cross-section of humanitarian needs and unprecedented security challenges. How are some organisations managing the changing dynamics and enabling their programmes?
For over a decade, the International Rescue Committee (IRC) has released its annual Emergency Watchlist, highlighting the top 20 countries at risk of new or worsening humanitarian crises. In this blog, IRC’s Global Director of Safety & Security Araba Cole discusses what the Watchlist’s findings and recommendations mean for humanitarian security risk management, including meeting programmatic needs, crisis management and business continuity, and humanitarian access.