TECHNOLOGY CAN DRIVE RISK MANAGEMENT AS MARITIME PROFESSIONALS OPTIMIZE SECURITY
The job responsibilities of Maritime Professionals inevitably include the requirement to understand risks, analyze options for risk mitigation, and make strategic and tactical decisions to ensure the viability of the enterprise. Business leaders must also do this while balancing goals and objectives related to profitability, and return on investment. But how do you get that done? Today, promising decision support tools that enable executives to simplify the process of risk management – and reduce the time and cost associated with those tasks – are now on the market.
A Decision Support System (DSS) can be defined as “a computer-based information system that supports business or organizational decision-making activities.” These so-called decision support systems, or decision support tools, are designed to support various planning functions within the management and operations layers of a business enterprise. A DSS is typically most useful when an operational environment is dynamic, and metrics used to drive business decisions are rapidly changing and not easily specified in advance. The maritime domain clearly fits this description.
Every senior executive in the maritime industry, with strategic risk management responsibility, should have access to these kind of tools that facilitate the decision making process.
What Constitutes Business Risk?
Vulnerability is a physical feature or operational attribute that renders an entity, asset, system, network, or geographic area open to exploitation, or susceptible to a given hazard. Marine managers must continually evaluate natural and man-made risks that have the potential to disrupt operations, or threaten employees, fixed assets, assets in transit, proprietary data, or even the environment. Maritime assets that are typically considered to be “critical,” are those transportation networks or systems that support core business functions, and if lost, could result in catastrophic damage to an enterprise.
We also know that risk exposure has two primary elements that must be considered when pursuing risk mitigation strategies: Likelihood and Consequence. Likelihood is simply an estimate of the potential that a disruptive event will occur. Consequence of a disruptive event takes into consideration the impact that the event has on business operations.
These metrics are often easy to define, but can be much more difficult to actually calculate.
The amount of risk exposure that an organization is willing to accept, as a normal course of business, is referred to by the insurance industry as “risk appetite.” Tolerance for risk exposure can vary greatly from one company to another within the maritime industry. When executive decision makers focus on risk management, it is not uncommon to find that a company’s exposure to risk is not aligned with the actual policies, plans and procedures in place for risk mitigation. This is where decision support tools can play an important role.
When executives have access to intuitive, easy to use software tools that manage and manipulate data, they can expose gaps, establish focus points for minimizing their firm’s exposure, and pursue risk management strategy options that emphasize security optimization.
“When executive decision makers focus on risk management, it is not uncommon to find that a company’s exposure to risk is not aligned with the actual policies, plans and procedures in place for risk mitigation. This is where decision support tools can play an important role. When executives have access to intuitive, easy to use software tools that manage and manipulate data, they can expose gaps, establish focus points for minimizing their firm’s exposure, and pursue risk management strategy options that emphasize security optimization.”
Optimization is the Key
The Quality Management movement ultimately boiled down a complex methodology for continual incremental improvement into a simple, four-word chain that is easy to recall:
PLAN / DO / CHECK / ACT
Although the steps required to implement these organizational management initiatives are complex, the underlying process is simple. The most effective decision support tools for security and risk management use this same basic model. ARES Security Corporation, for example, has a decision support tool on the market called AVERT. This solution has been validated by the U.S. Government, has been granted a Safety Act designation by the U.S. Department of Homeland Security, and is currently being employed to protect some of the most sensitive critical infrastructure assets in the United States. The AVERT tool uses a similar, fundamental process to produce results that optimize security posture:
CHARACTERIZE / SYNTHESIZE / ANALYZE / OPTIMIZE
‘Characterize’ is a starting point that establishes a baseline, for an existing security posture, by modeling a firm’s current risk environment. The AVERT tool creates a detailed, 3D model of an asset that need to be protected. Interview “wizards” are used in this solution to guide users through the process of inputting facility diagrams, terrain details, critical areas, and existing security and risk management features. Drag and drop functions allow decision makers to select features from a certified library of more than 50,000 security resources. This tool also helps users establish a ‘Concept of Operations’, for risk mitigation, that can be tested and validated in follow-on steps. Without the help of a decision support tool like this, experts typically have to build a baseline profile manually. These tools save time, and money, and allow for non-expert users to participate directly in the risk management process, from the start.
‘Synthesize’ has to do with testing various risk mitigation options using simulated incidents and threat profiles. Once a baseline profile has been established, a decision support tool can simulate both natural and man-made hazards, as well as other operational disruptions that have the potential to result in losses. One size does not fit all when it comes to risk mitigation strategies. Decision support tools can become a “force multiplier” for decision makers by enabling users to virtually configure and test hundreds of different options. The AVERT tool, for example, uses probabilistic algorithms and Monte Carlo analysis to identify and quantify a wide variety of security vulnerabilities and mitigation choices. Maritime security decision makers need to know where and how vulnerabilities are most likely to occur. It is essential to understand how existing security systems will respond to different threats, and where the best opportunities may exist to enhance security. Decision support tools use the power of modern computing to sort through the myriad of variables and options, and then present the results in a way that facilitates decision making.
‘Analyze’ is the area where the best decision support tools really shine. Simply presenting reams of analytical data is not necessarily useful. And data does not become “intelligence” until it is analyzed and disseminated. AVERT combines quantitative analysis with comprehensive visualization tools and intuitive output such as graphs, heat maps, pie charts, and cost-benefit tables to present decision makers with actionable intelligence. Using this tool, reports can be produced that provide executives with specific information related to things like critical detection points, probability of interdiction success, total cost of ownership, and overall system effectiveness.
‘Optimize’ is the phase of the process where decision support tools can truly provide a real return on investment. Since the best decision support tools are designed to present executives with meaningful decision points, the emphasis should be on quality and validity of the output, not necessarily quantity. AVERT, for example, generates extremely accurate metrics, reports, and visualizations that are derived from a security library that has been accredited by the U.S. Department of Defense for assessment of nuclear storage facilities. In order to ensure that decisions are made that support security optimization, executives must have access to accurate information. Expected results of specific risk mitigation initiatives, as well as the associated cost of those upgrades, are both important metrics to be considered. Maritime professionals that have the ability to accurately and efficiently prioritize risk mitigation options, using expected performance and cost data, have a true advantage in the market place.
Show me the Money
Business leaders with risk management responsibility need a tool that can help validate the effectiveness of a proposed security solution, before you actually invest in that solution. That tool should provide a way to rapidly conduct “what if” analysis related to the various threat profiles that your business is exposed to. That same tool should facilitate the clear communication of the value proposition associated with a specific planned maritime risk management initiative. If you and your team are not so equipped, then it may be time to investigate decision support tools. The AVERT tool, used as an effective decision support system, has paid for itself many times over in some recent implementations. A U.S. Government agency used this tool to evaluate a planned security upgrade that was budgeted for, but not yet procured. The analysis showed that this planned investment would not actually have resulted in any substantive increase in overall security effectiveness at the facility. The investment was cancelled, and AVERT was credited with total cost avoidance of $5 million. Similarly, a major U.S. port recently used AVERT to validate the design basis of a planned security upgrade, eventually resulting in a successful maritime security grant award of $5.5 million. Separately, a private power generation firm recently used the AVERT tool to reduce their annual security assessment budget by as much as 30 percent.
Marathon, Not a Sprint
Threats to businesses in the maritime domain are increasing, and at an alarming rate. Consequently, the costs associated with security and risk management also continue to increase. It has become more difficult than ever for maritime professionals to optimize security posture, and ensure business continuity. Every successful company employs practical management systems as the foundation for managing critical business functions – risk management should not be an exception. Decision support tools have been used to support financial management functions in business for decades. Once they are incorporated into a firm’s standard management approach, decision support systems can become a trusted and reliable asset. Where risk management is concerned, this is definitely the case. As operating conditions and threat profiles change, these tools can be used, over and over, or even on a continual basis, to compare variables, evaluate options, and work through to a “best-fit” answer, leaving nothing to chance. Decision support tools provide a proven method to continually assess risk, analyze mitigation strategies, manage security budgets, and optimize security posture based on predicted effectiveness. In today’s global maritime domain, where all-hazards risks are persistent and pervasive, and can cause immediate and devastating impacts if improperly addressed, effective risk management must be designated as a core business function. By using decision support tools to systematically invest in risk mitigation initiatives, maritime professionals have an opportunity to pursue return on investment, and create value for their firms.