Role of risk management in justice and security organizations

Risk management helps the justice and security organizations mitigate the chances of any outward event by providing information on process failures or circumstances that can lead to high risk scenarios. It is a proactive measure for these organizations. Risk management helps quantify the impact of any risk materialization. It helps the justice and security organizations to strengthen the control points and provide early indications of risk materialization.

            It does this by helping identify intervention/s that reduces the effect of risk materialization. As in every situation vulnerability and threat exist for justice and security organizations. The interventions could be related to reducing risks associated with human intervention. Processes can be re-engineered to ensure that human intervention is minimized. Technological reasons could also lead to threats. Information security risk assessment could be carried out to mitigate these threats.

These organizations are better able to appreciate the value of managing their data and information bank. This is crucial in mitigating risk eventualities. Risk management helps these organizations identify the acceptable level of risk. Standard operating procedures could be established to mitigate risk. One way in which risk management helps justice and security organizations is by helping prepare a check list of do’s and don’ts that help standardize risk management measures.

            Financial risk management helps these organizations protect their financial assets. Risk management helps simulate disaster management scenarios and thereby identify gaps in responding to potential disasters. It helps the justice and security organizations to hire and retain employees in accordance with the qualifications and competencies required to carry out their job responsibilities. Justice and security organizations are exposed to insurance claims. The level to which the organizations are protected can be assessed by risk management. Claims and litigation can also be avoided to a large extent by following a risk management policy.

            Risk management can help these organizations in preparing an approach to assess their potential risks and the preparedness to meet challenges. The risk management at a high level helps in the following three areas:

• Threat assessment
• Risk exposure probability
• The extent of the problem

            Threat assessment helps identify the risk that the justice and security organizations are exposed to. It helps establish if the threat is likely to materialize. The risk exposure probability helps identify process or policies that might have loop holes and may lead to threat materialization. The extent of the problem is established. This is necessary to prioritize the need for mitigating risk.

            Risk management helps these organizations to continue to serve the public and private stakeholders in the usual manner. It helps these organizations assess the impact on related public/private stakeholders. These organizations can take an informed and economically viable decision to mitigate risks. This also reduces the chance of any potential liabilities that might arise due to risk materialization. It helps these organizations conduct a

• before incident assessment
• during incident and
• post incident assessment

            The organizations can follow a series of steps during the incident to ensure that the response is based on a serious of well thought through and simulated measures. These steps can be communicated to various stakeholders within and outside these organizations. The stakeholders can be educated about the risk points and the effect of risk materialization. This is necessary as some of the risks that these organizations could be exposed to may come from third party sources.

Business Continuity Management (BCP) as a concept can be applied after carrying out before incident assessment. The post incident assessment is easier to conduct if the risk management has been done as the probable causes of incident are easily identified and the measures to deal with it can be strengthened. A collaborative environment can be sought between these organizations and other stakeholders to come together and close ranks to mitigate risk. Risk management would help this cause by making organizations better appreciate the reasons and the effects of risk materialization.

References:

Stoneburner, Gary, Goguen, Alice, and Feringa, Alexis, Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, Publication 800-30,
http://www.csrc.nist.gov/publications/nistpubs/index.html

Karygiannis, Tom, and Owens, Les, Wireless Network Security: 802.11, Bluetooth, and Handheld Devices, National Institute of Standards and Technology, Publication 800-48,
http://csrc.nist.gov/publications/nistpubs/index.html

Statistical analysis center, Office of Financial Management, State of Washington

http://www.ofm.wa.gov/criminaljustice/