UN security risk management model analysis
an analysis report by
Dr. ZHOU Zhanggui & Dr. ZHOU Ran
The sustainable operation of all operations of the United Nations system depends on the comprehensive promotion of security safeguards. After general assembly resolution 59/276 of December 2004, the United Nations security management system (UNSMS), which is fully covered by the system, was gradually established. With the establishment of the United Nations department of security and security (UNDSS) in January 2005, the establishment of a unified executive department for security assurance of the United Nations system played a positive role in effectively eliminating security threats and dangerous events. As the largest international organization, the security guarantee practice of the United Nations in high-risk areas of the world has provided an important demonstration for the security capacity building of organizations. With the implementation of One Belt And One Road's going global strategy, the United Nations security experience has provided a benchmark for Chinese enterprises to carry out security prevention and early warning work in the process of going out, and also provided an important reference for relevant government departments to establish a unified overseas security standard system.
The efficient operation of security management decision-making of the United Nations is based on three pillars: policy framework to assist decision-making, accountability framework to support decision-making, and security designated officials to make decisions. It can be seen that in the security system of a comprehensive system, detailed rules, clear responsibilities and authorization are indispensable. (1) the primary responsibility of the host country; 2. Safety risk management; 3. Decentralized decision-making supported by global experience; 4. Balance of risks and benefits; 5. Safety risk management plays an important role in risk management. This paper will analyze the main measures, methods and experiences of the UN security risk management in detail.
Define key terms of security risk management
The UN security management system applies the security risk management model to analyze and evaluate the potential security threats to personnel and assets of the UN system. Security Risk Management (SRM) and Security Risk Assessment (SRA) are closely linked. Safety risk assessment (SRA) is an integral part of safety risk management (SRM). All safety decisions, safety planning and safety management must be implemented on the basis of sound safety risk assessment. Therefore, the relevant terms of security risk management must be clear, clearly defined and easy to understand to avoid ambiguity. The United Nations has clearly defined security risk management, security risk assessment, threats and risks.
1. Definition of security risk management
Security risk management is a set of analytical procedures used to assess the risk levels affecting personnel, assets and operations in United Nations operations, propose cost-benefit analysis-based solutions, implement specific prevention and mitigation strategies and measures, and minimize the impact of security risk levels.
2. Definition of safety risk assessment
Security risk assessment is the process of identifying threats and vulnerabilities that may affect United Nations personnel, assets or operations, assessing the likelihood and impact of risks, and proposing risk prioritization, preventive measures and mitigation measures.
3. Definitions of threats and risks
A threat is any factor (action, situation or event) that is likely to cause damage to the United Nations system, including its personnel, assets and operations, loss of potential danger.
Risk is a combination of impact and possibility, and is the possibility and impact of the exposure of personnel, assets and actions of the United Nations system to threats leading to loss or damage. The risk level ranges from "very low" to "very high" in order of five.
2. Establish the safety risk management model
The UN security risk management model is divided into two stages: the first is the preparation stage; Second, the implementation phase.
1. Security risk preparation stage (safety risk assessment)
The preparation phase, also known as the security risk assessment (SRA), consists of five steps: programme assessment, threat assessment, vulnerability assessment, risk analysis, prevention and emergency response.
Step 1: programme assessment is a review of the objectives and objectives of the plan and programme of action of the United Nations agencies of the host country, the reasonableness of the programme (programme key), and the security safeguards elements to be supported.
Step 2 and 3: threat and vulnerability assessment is to use the collection and processing of relevant information to analyze and determine the level of exposure of the United Nations system to threats and the resulting risks, in which the host government needs to be fully consulted.
The sum of the three assessments will provide a clear "UN security situation" description of United Nations action in the country/region.
Step 4: risk analysis is based on the above assessment to determine the current risk level of each specific threat, which is determined by the impact and possibility of the event.
Step 5: risk management measures are alternatives to preventive and emergency measures provided to decision makers on the basis of information analysis and processing. All measures proposed must be logical, feasible and relevant. Creativity, experience and judgment are key to this step.
2. Security risk implementation stage
The implementation stage includes three steps: decision-making, implementation, review and adjustment.
Step 1: decision-making is the process by which the United Nations security designated officials (DO) and the security management team (SMT) of the host country select and approve the appropriate measures from the alternative preventive and emergency measures, including the formulation and approval of a security risk implementation plan.
Step 2: implementation is the implementation of selected risk management measures. This step is the key to safety risk management and is often ignored. DO, the designated security officer, and SMT members of the security management team must ensure that the budget and measures for risk management are implemented as planned. Security responsibility is not limited to safety risk analysis, but to the full implementation of safety management measures.
Step 3: review and update is a review and update of security risk assessment. It is mandatory to monitor and update security risk continuously. Through new information reception and analysis, risk levels may change continuously (high or low) and the impact on specific threats requires updated risk management measures.
Procedures and methods of safety risk assessment
1. Programme evaluation
Programme assessment is an essential component of the security risk assessment (SRA), which is independent and an essential component of the United Nations operational planning process in that country/region. Programme assessments must be conducted in collaboration with security officials, security consultants and project implementers to ensure that security considerations are taken into account as "mainstream" early in the country/region project planning process. Early consultation with security personnel is essential in all programme plans to ensure that safety factors and risk prevention contingency measures are taken into account in the implementation of the programme.
Programme assessments should identify specific United Nations agencies, funds and operations that may be threatened. Identify why and how these threats have an impact, and why other threats have no impact, perhaps even unrelated to United Nations action. A program activity blueprint incorporating security information should be developed.
Programme evaluations should also include "critical" evaluations of the project programme. The definition of "programme key" includes the following three aspects: 1. 2. The consequences (including political, humanitarian, development, security and other effects) of not implementing or cancelling the programme; 3. To what extent other United Nations activities/programmes depend on the implementation of the programme.
2. Safety risk assessment
Security risk assessment of the relationship between the modules
First, a credible security risk assessment is a prerequisite for effective risk management. Through identification and assessment, mitigation measures are taken to effectively manage the risks of United Nations operations. The main risk management measures are prevention (reducing the likelihood) and mitigation (reducing the impact). Risk management strategies can be divided into the following categories:
A. accept it. Direct acceptance of risk does not require further mitigation measures.
B. control. Implement preventive and/or mitigation measures to reduce the risk to an acceptable level.
C. to avoid. Temporarily isolate potential risk targets (such as UN staff, vehicles, etc.).
D. transfer. Insurance, or subcontracting of tasks to other parties that can safely perform them.
Secondly, it is particularly important to update the frequency of security risk assessment. As an application tool, security risk assessment does not provide a continuous layer of documents, but requires timely review and update. Each security management group meeting should update the conclusions of the United Nations security situation on the basis of changing factors, including:
Changes in the political situation or impending political events; Activities or events that may affect the security of the United Nations (e.g. elections); Changes in the role and functions of the United Nations in the international or regional context; New functions and roles of the United Nations; Or new plans (such as the deployment of new tasks, the establishment of new offices or facilities, the extension of tasks to new areas, the restart and recovery of tasks after suspension or evacuation; A special event or meeting.
The timeliness of reassessing security risks is a permanent item on the technical meeting agenda of the security management group. According to the new information report, the safety risk assessment conclusion should be changed timely, recorded in the minutes of the safety management group meeting, and adjusted the assessment conclusion, risk level and relevant Suggestions according to the safety risk assessment matrix table.
3. Safety risk matrix analysis
The security risk analysis for the United Nations security management system is shown above. In the process of security analysis, it is necessary to determine the risk level of each threat. For the classification of medium, high or very high risk levels, "acceptable risk" is a relative term that requires empirical judgment, not just the application of rules. In the United Nations security management system, the identification of "acceptable risks" is an important responsibility of senior managers. The relationship between programme "critical" and security risks for United Nations personnel must be considered. Managers must constantly strive to balance these two key elements and make responsible decisions within their mandates.
First, in order to determine acceptable risks, the following issues can be discussed in the security risk management process.
1) determine programme/project objectives. At higher risk, there will be a priority. More important goals may determine that the organization accepts a higher level of risk to achieve results.
2) identify and assess threats. These threats are obstacles to achieving programme objectives.
3) identify risks by looking for the potential and impact of threats on United Nations personnel and agencies. Impact assessment is very important. We can accept that a bad outcome is important for determining acceptable risk. In other words, what is the worst case scenario we can accept?
4) determine how to manage identified risks. In other words, this is a measure in place to reduce risk through prevention and emergency measures.
Secondly, the need to answer some of the "critical" questions of the programme is a measure of the need and importance of the operation.
1) "how important is the activity?"
2) "will the expected return prove to be higher than the acceptable risk loss?"
3) has enough work been done to reduce the risk level and to accept the risk that personnel may face?
4) are the identified risks manageable?
If the above answer is "yes", then the implementation plan should be considered. If the answer is no, alternatives should be considered to achieve the program goals.
Third, approval and finalization of safety risk assessment (including dispute resolution procedures) are necessary. Specific procedures for approval and finalization of safety risk assessment can be referred to the safety operations manual (SOM). Key steps include:
The security advisor (CSA/SA) submits a draft safety risk assessment to the designated security officer and the security management team, which approves the safety risk assessment report. In the event of a dispute, the department will consult relevant UN agencies, funds and organizations.
Finally, training and publicity are important ways to implement the analysis results.
With the agreement of the secretary-general of the United Nations, the administrative directorate coordination council (CEB) of the United Nations system and the inter-agency safety management network, training in safety risk management methodology is mandatory for designated security officials, members of the security management team and security experts. All United Nations officials with specific security responsibilities should have a clear understanding of the security risk management model and the SRA process as required by the accountability system.
4. Determination and decision-making of acceptable risks
1. From zero risk to acceptable risk
Security risk management is an integral part of all United Nations activities. All United Nations bodies, funds and organizations need to decide which activities are necessary and which are priority based on the mandates, programmes and responsibilities of their organizational bodies. National representatives reflect the priorities and interests of their respective organizations by attending security management group meetings. The security risk management framework in place should identify and manage the possible risks of the necessary activities. In most environments, activities are implemented through potentially effective risk management. In emergencies alone, decisive action must be taken to save lives. As responsible persons for security decision-making at the national level, it is the responsibility of designated security officials to declare that the risks identified are not controllable and to stop all United Nations operational personnel from appearing in hazardous areas.
In January 2009, the UN inter-agency safety management network meeting proposed a revised safety risk management model as an important tool for analyzing risk levels and adopting risk reduction and mitigation. The key process is to determine acceptable risks, mainly considering four aspects and analyzing around key problems.
Specifically, it includes: 1) identifying the program objectives; 2) identifying and assessing threats; 3) identify risks; 4) determine how to manage identified risks. Key questions include: 1) how important is the activity? 2) will the expected return prove to be higher than the risk loss? 3) has enough work been done to reduce the risk level and to accept the risk that personnel may face? 4) have you determined that the identified risks are manageable?
2. Acceptable risk decision-making: program priority, risk level determination and decision makers
Programme priority, determination of risk levels and decision makers are important elements of acceptable risk decision-making. According to the newly revised United Nations security risk analysis matrix table, the top right corner has been adjusted to "unacceptable".
First, any residual risk in the black grid is determined to be an unacceptable risk, in which case the only measure of security risk management is to avoid (evacuate) or transfer the task performed to another agency that can safely complete the task. UN agencies should manage risk well to reduce risk levels below "severe" levels.
Secondly, to determine the level of risk, the acceptability of risk depends on the "critical" of the project when the risk level does not reach the "unacceptable" level. That is, activities with priority programme objectives can take higher risks, and the acceptability of risks is related to the "critical/important" nature of project activities.
Finally, combined with the risk matrix table (see the corresponding risk color block), the importance and risk of the scheme correspond to the corresponding decision makers, so as to clearly understand who makes the "acceptable risk" decision.