The Routledge Companion to Risk, Crisis and Security in Business
eBook - ePub

The Routledge Companion to Risk, Crisis and Security in Business

  1. 484 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

The Routledge Companion to Risk, Crisis and Security in Business

Book details
Book preview
Table of contents
Citations

About This Book

Aware that a single crisis event can devastate their business, managers must be prepared for the worst from an expansive array of threats. The Routledge Companion to Risk, Crisis and Security in Business comprises a professional and scholarly collection of work in this critical field. Risks come in many varieties, and there is a growing concern for organizations to respond to the challenge. Businesses can be severely impacted by natural and man-made disasters including: floods, earthquakes, tsunami, environmental threats, terrorism, supply chain risks, pandemics, and white-collar crime. An organization's resilience is dependent not only on their own system security and infrastructure, but also on the wider infrastructure providing health and safety, utilities, transportation, and communication.

Developments in risk security and management knowledge offer a path towards resilience and recovery through effective leadership in crisis situations. The growing body of knowledge in research and methodologies is a basis for decisions to safeguard people and assets, and to ensure the survivability of an organization from a crisis. Not only can businesses become more secure through risk management, but an effective program can also facilitate innovation and afford new opportunities.

With chapters written by an international selection of leading experts, this book fills a crucial gap in our current knowledge of risk, crisis and security in business by exploring a broad spectrum of topics in the field. Edited by a globally-recognized expert on risk, this book is a vital reference for researchers, professionals and students with an interest in current scholarship in this expanding discipline.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access The Routledge Companion to Risk, Crisis and Security in Business by Kurt J. Engemann in PDF and/or ePUB format, as well as other popular books in Business & Gestione dell'informazione. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2018
ISBN
9781317244288
Edition
1
Topic
Business
Subtopic
Gestione dell'informazione
Index
Business

Part I
Developing, implementing and maintaining risk strategies

1
Developments in risk security

Kurt J. Engemann

Understanding risk

Unanticipated crises can lead to immense negative consequences for businesses. Analyzing these risks and making appropriate decisions regarding them is very challenging but necessary to generate requisite security. A framework for risk management suggests that threats can lead to crisis events which can result in significant losses.
An important principle of risk management is that while risks cannot be eliminated, they can be controlled, thus organizations benefit from effective crisis management that should cover their entire enterprise. The most important goal of risk management is to preserve life and to provide safety, and failure to plan properly can not only be detrimental to humans but can also affect the entire system’s operation. Choosing a risk management strategy is, in part, an economic decision, based on losses and costs. Specific risk events arise from threats such as hurricanes, fire, earthquakes, cyber-attacks, floods, power outages, strikes, crime and terrorism.
Risk management encompasses assessing risks, appraising alternatives and applying solutions. Identification of threats requires understanding what events can occur, what their likelihoods of occurrence are, and what the losses that they can generate are. Management must be involved at the outset to provide direction regarding threats, events, controls and the level of risk they are prepared to incur.
Collecting and evaluating information is a central activity during a crisis. The availability of timely, pertinent and accurate information will affect the course of actions as the crisis unfolds. Information analysis necessitates system understanding. If decision makers are unversed with the system they are dealing with, information can be misunderstood and needless time can be spent on bringing the decision makers up to speed regarding the matter being considered. Clearly defined roles with solid leadership is an effective way to reach a timely, correct decision; in addition, many decisions would need to be done in a decentralized mode.
Fundamental values manifest themselves in crisis decisions. Crisis situations do not lend themselves to the time for explicit discussions about values, however, they do illustrate how the core values of organizations and decision makers manifest themselves in decisions made under pressure. Crises lend themselves to systemic solutions. An institution in a crisis will be willing to take a risk, but given the option, only up to a certain level. Whenever possible, it will try to redefine the problem and share the risk among other stakeholders in the system.
Business organizations consider risk as a source of potential crisis events and as a basis of potential reward. The media generally place greater emphasis on negative events and the news overflows with reports of disasters which endanger people and organizations.
While viewpoints regarding risk and its treatment have transformed considerably over the last century, managing risk is a huge challenge that all businesses encounter. This development generally advanced from a narrow emphasis on risk transfer, to expanded organizational expertise to reduce losses, and more recently, to enterprise-wide risk management using a holistic approach. Businesses not only require comprehensive internal risk management processes but also need to manage extra-organizational risks.
There is a substantial body of knowledge regarding managing risk within organizations, from which risk professionals draw guidance. Scholars developed fundamental principles and the theories on the subject. Over time, the sense of risk and risk management has evolved. Traditionally, risk professionals viewed risk from a negative perspective which could be calculated objectively. More recently there is more of an inclusion of the positive aspects that risk may yield, while not neglecting the potential negative consequences. Moreover, while the early viewpoint focused on risk to physical properties, now risk professionals also place emphasis on organizational goals.
Myriad definitions of risk have been proposed: as uncertainty, an event, a probability, a consequence, a probability of loss, and as an effect of uncertainty on objectives. Essentially, risk may be defined as the possibility of experiencing an event characterized by probability and impact (Engemann and Henderson, 2012). Some definitions treat risk in an objective way while others consider it subjectively. Risk can be a quantitative or a qualitative concept. The risk perspective chosen clearly influences the means with which risk is analyzed and thus has important implications for risk management and decision making (Aven, 2012). All approaches add value to our discernment of risk, with a goal of qualitative insight, preferably through quantitative analysis.
Judgment and intuition play a vital role in crisis decision making. Effectiveness depends upon the decision maker’s experience in the domain, the time constraints, and on the decision maker’s task expertise. Relying on intuition in decision making is juxtaposed with the analytical processes that are powered by algorithms and data. Intuitive decision making often is viewed as more natural and may be given more credence than it deserves, and decisions that turn out right often do so more by chance than by intention.
The role of intuition in making decisions for crisis events may be unavoidable, especially when urgent actions are needed and insufficient data are available (Kahneman and Klien, 2009). The necessity for an intuitive decision should not be conflated with the predilection for intuitive decisions over analytical decisions, as the drawbacks of trusting too deeply on intuition, especially when other options are available, are profound.
Intuition, although frequently inexplicable by those using it, is a manifestation of identifying and acting on patterns. This recognition often encompasses the subconscious processes of assembling and evaluating previous information, and subsequently determining future decisions. Intuition is most valuable when data is unavailable and time restrictions necessitate instant action. Nevertheless, the choice of depending on intuitive decision making exclusively is not an assurance that the intuitive decision will be reliable. Intuition may be reasonably successful when a decision maker has both expertise in the task and experience in the domain in which the decision is being made. Progress in business analytics and artificial intelligence promise to modify intuition’s role for crisis managers, and increasingly decision makers will need to refine their skills in using data and algorithms even in immediate decision environments.
Business continuity management has developed in response to the volatility of the business environment. The role of this profession in corporate governance has transformed from a technological role into a holistic business service. Although its value is generally recognized, its role predominantly remains process-driven, focusing on operational issues as to opposed strategic initiatives. Usually business continuity professionals focus on the physical and economic issues such as rapid recovery of critical services, information technology, and supply chain. This mindset is drawn from the early developments in technical advances to ensure reliability in the performance of essential activities. This is particularly the case in industries such as finance, energy and healthcare, which have significant impact on the public and substantial regulatory requirements.
Increasingly, practitioners and managers are endeavoring to pursue broader goals when applying business continuity at the corporate level. One definition of business continuity management is that it is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities (International Organization for Standardization, 2014). Organizations that certify professionals in the field mutually promote the significance of business continuity management to an extensive range of activities across all organizational levels. At its core, the discipline offers a range of perspectives, from anticipative, managing the availability of business activities, to strategic, focusing on strengthening an organization’s market position.
Accidents occur because those who manage complex systems are not sufficiently able to anticipate the problems generated by those systems (Weick, 1993). Safety may be considered as the minimization of risk, and correspondingly, significant breaks in safety may lead to disaster. Safety may also be viewed as a social construct; thus, safety climate is a socially constructed understanding of what is perceived to be valued in terms of safety and safe behavior. Where the environment is dynamic and the potential for loss is great, such as for high reliability organizations, it is imperative to engage knowledge that permits coordinated action. Members of a high reliability organization recognize what is expected and rewarded in terms of supporting knowledge. By facilitating collaboration, a high reliability organization has the capacity to succeed.
Knowledge is critical for the individual and the organization. For the individual, knowledge improves decision making; for the organization, knowledge is a key factor of overall viability. The conceptualization of knowledge has been advanced by many theoretical viewpoints (Engemann, 2017). Whether knowledge creation is encouraged to become a prescribed activity in a high reliability organization or it remains an unarticulated ongoing process, it must be remembered that knowledge can enable coordinated action.
Safety climate may improve understanding of emerging threats and vulnerabilities. Strategies to mitigate the risks are aspects of larger investments and involve technologies that affect systems and other organizations. These investment decisions are complicated by uncertainties involving costs and benefits because of rapid changes in the underlying technologies.
Organizations are reliant on each other and coordinate with partners who can provide critical products and services, even when crisis events occur. Risk management provides an approach to enable that the business functions, both in the short term and long term.

Emerging crises

Events such as hurricanes, tornadoes, winter storms, earthquakes, tsunamis and power outages have underscored business organizations’ vulnerability to natural disasters. Add to this list accidents, man-made disasters, terroristic activities, cyber-attacks, failing infrastructure, financial crises, crime, energy shortages and so on, and it is obvious that organizations need to identify threats and employ mitigating strategies. Furthermore, due to the inter-connectedness of business enterprises, even minor crisis events, if occurring in an exposed link, can be systemically devastating. In response, organizations are implementing risk management programs, utilizing structured management processes.
Given the increasing vulnerability, risk managers are confronted with the challenges of preventing and preparing for disasters, protecting life and safety, protecting the environment, minimizing asset destruction and providing continuous service to customers. Organizations need to have a have a plan to recover from disaster and resume operations in what may be a degraded operating environment. Risk assessment involves estimating the likelihood of crisis events, nevertheless, determining event probabilities is difficult because of the relatively small probabilities of event occurrences, and estimating potential losses is also challenging given the hypothetical nature of the task.
To be effective, the risk management must be business driven; business managers must frame priorities and provide overall guidance and support. Once the business priorities have been determined and risks assessed, structured methodologies can be used to develop the overall risk management plan.
Business continuity planning improves the likelihood of continuous business operations, as well as more broadly, emergency management in the region. Catastrophic events as well as localized events such as power outages and fires affect business operations. There is an increasing mindfulness of the need for systematic enterprise risk management, with organizations implementing prescribed risk management procedures necessitating a top-down risk assessment and enhanced internal risk controls. Enterprise risk management is becoming more standardized through the efforts of professional groups and international standards organizations. This has led to an increased awareness in protecting the environment, indisputably seen as a crucial resource for the economy. However, there is limited attention given to the connection between ecological degradation and the increased risk of disasters. Various levels of resources are available to governments, and those that are part of larger areas usually have access to more resources. Regulations regarding resource utilization as well as infrastructure development set the framework for promoting resiliency and sustainability.
Enterprise risk management mainly concentrates on risks to the organization’s resources, including compliance, environmental, financial, governance, safety and security risks. Risks encountered by business include overall business risks that can disturb supply chains, such as product recalls or supplier bankruptcy, or the risks intrinsic in the operation of the supply chain due to financial, operational or strategic exposures
As businesses strive for increased market share, reduced costs and improved economies of scale, their dependence on more complex supply chains have created unintended risk consequences. Dependency on raw materials from distant suppliers creates risks of supply disruption. Businesses address supply disruption risks with familiar strategies, such as alternate suppliers and surplus inventories. However, modern global supply chains create new categories of risks that are outside the perimeter of the organization and its direct business partners (Sheffi, 2007). Consolidation and the growth of dominant suppliers, which then provide large proportions of global demand for numerous commodities, pose a risk of demand interruption outside the influence of the organization, and exceeding the capacities of enterprise risk management of separate organizations.
Globalization has created supply chains that are more efficient but are also now further disposed to serious disruption from distant events. Worldwide competition drives businesses to outsource more operations, thus increasing complexity and risk. Centralization of production capacity creates vulnerabilities as single points of failure arise outside a company’s controlling capability. Thus, distant disruptions can now spread further along supply chains and can disrupt organizations in related industries. Risk exposures are linked to suppliers, customers and competitors, and supply chain risks ensue at a deeper industry level because of organizations’ increasing interdependence. Thus, businesses expand risk management practices through their supply chains to manage risk linked to the global supply chains upon which they depend. Because risks lie outside the business, organizations are pushing enterprise risk management deep into the supply chain and are collaborating to create industry-wide risk management strategies.
Miller and Engemann (2008) present a model that simulates the effects of natural disaster risks for a hypothetical three-tier supply chain. Drawing on concepts from reliability theory and capacity analysis, the model is structured such that diminutions of service capacity at nodes lower in the supply chain can affect higher tier nodes. The...

Table of contents

  1. Cover
  2. Title
  3. Copyright
  4. Contents
  5. List of figures
  6. List of tables
  7. List of contributors
  8. Part I Developing, implementing and maintaining risk strategies
  9. Part II Natural and man-made disasters
  10. Part III Infrastructure risks
  11. Part IV Systems security for business resiliency
  12. Part V Risk in business sectors
  13. Part VI Qualitative and quantitative risk modeling
  14. Index 469