No Convenient Answer | When is there too much risk?

In security risk management a central issue is often: ‘How much risk is too much risk’? This remains a conversation humanitarian Security Directors grapple with on a near daily basis, and one without a convenient answer. 

Risk Acceptance

Fabrice Weissman (Researcher at the Centre de Réflexion sur l’Action et les Savoirs Humanitaires – CRASH) published a thought provoking article, in November 2020, ‘Dying to help : A drift towards humanitarian martyrdom’ on the website of The New Humanitarian. While the key point around risk acceptance is not new, the article highlighted the many difficulties of using security risk management in the humanitarian sector.  There is a constant tension in the aid sector that revolves around organisational mandates and imperatives that compel us to respond, stay and deliver while conventional security risk management approaches advise us to suspend, or withdraw. This is a key rub point amongst programming stakeholders as well as a constant financial tension for organisations. 

Fabrice’s article also brings through the importance of setting and understanding organisational risk acceptance, which is a significant but often overlooked issue.  Not all organisations approach this in the same way. Médecins Sans Frontières (MSF) maintains that risk is a part of their operational culture and that “any mission can be inherently dangerous”. It appears that the final decision on when ‘it is too risky’ for them falls with the field office or staff member and is based it seems on their personal tolerance to risk.  However, many other humanitarian organisations as part of their security risk management have adopted a more centralized approach in order to influence such critical and wide-reaching decisions and ensure that they are connected to an organisational risk appetite position.  This is important for me, as it enables a balance check to be applied and for different stakeholders to be heard as key decisions are made around risk. The balance question is never easy: Stay and manage the risk and accept what could be terrible consequences or leave and avoid the risk but not deliver the mission which may also have terrible consequences for the communities we seek to serve. 

Sean Denson, a senior global security director with World Vision International, contributed an insightful blog post on the rise and relevance of risk management in the humanitarian sector for Not a Think Tank. The piece questioned whether risk management as an approach is valid, given the complex nature of the risks and level of exposure we and our colleagues face in the pursuit of our humanitarian objectives. The appeal of security risk management approaches is that they provide a systematic way to consider and communicate around risk acceptance, hopefully before an organization is confronted with a tragedy. However, opinions on risk management are divided in the aid sector, and there remains debate over where the best focus of risk management efforts should be.  On the one hand, supporting communities and building acceptance and program tolerance, building a deeper understanding of the context, therefore being closer and open to the beneficiaries that we seek to support. On the other hand, investing in protection and physical barriers which moves us away from the communities we work with.

Increasing Access to Risk Appetite Decisions

The “Dying to help” article, focuses on MSF’s risk management model of “golden rules”, which establishes a set of principles for risk decision making and MSF’s risk acceptance.  The redline for MSF is when there is no authority to negotiate safety with or when it is impossible to protect themselves.  This is common for many humanitarian organisations and is usually articulated as when there are direct threats to staff and operations.  Though the article suggests that this line often slides and is blurred, also that there is a sense amongst some MSF staff on MSF that, ”it has to “stay and deliver”. The risk of targeted killings by radical groups should be considered a “new normal” we have to adapt to.” This is a sentiment that is mirrored in many frontline or last-mile humanitarian agencies; I often hear “It is our job to take risks” and this is the nexus of the tension that I mentioned earlier, that becomes a conundrum when going about deciding, how much risk is too much.

However, while this is a critical concern, there are broader issues for humanitarian security risk managers to consider as we grapple with risk acceptance. Key to this question is how we as humanitarian security professionals influence and access higher leadership levels of our organisations to be both alert to and sensitive of the level of risk we face as individuals and as organisations.  This will be a central challenge that many of us will recognise and a concern going forward that we will need resolve as humanitarian security risk management models mature. Humanitarian security managers have long been champions of developing risk approaches, certainly at an operational level.  We have a comprehensive toolbox and usually within organisations are seen to hold a very high level of technical expertise. Though often this expertise is challenged to break out and be recognised at a strategic level, either as a result of reporting lines and access to senior decision making and oversight committees or as a result of organisational culture and the maturity of the inherent risk model being followed.

The future challenges then are not how to implement what are now broadly accepted systems or to produce more assessments and mitigation plans. Rather, to focus on how we as individual security leaders and as a community of humanitarian security professionals influence and support organizational leaders and Boards in addressing these questions at a strategic level. We need to change the conversation and the place that we have it.

We need to change the conversation and the place that we have it.

We must work with organizational leadership to grow their familiarity with the advantages of mainstreaming risk management, in order to build a broader and deeper level of strategic understanding of the risks we face, the tools we use to mitigate and control them and the how to view the balance or residual level of risk that we are left with after we have done all we can.  This will support and join up future conversations around risk appetite and empower leadership to address these issues of nuance and balance and provide a level of comfort with supporting conversations that seek to provide an answer to ‘when is there too much risk?’.

Not an Occupational Hazard

I do agree with Fabrice’s sentiment that we should not treat the risks that aid workers face as an “occupational hazard”. There must always be a clear recognition that there is a human being, a colleague, at the centre of the risk decisions we make and that the impact of our decisions will have consequences, both individually and organisationally. 

The answer to the question ‘When is there too much risk?’ will never be a convenient one; by the virtue of what we are asking it cannot be so.  

The answer to the question ‘When is there too much risk?’ will never be a convenient one; by the virtue of what we are asking it cannot be so. Regardless, we must ensure that we have the space, the right stakeholders and the right tools to answer when asked.