Informing humanitarians worldwide 24/7 — a service provided by UN OCHA

World

Risk Thresholds in Humanitarian Assistance

Attachments

This study is concerned with risk management within humanitarian programmes. We look at how agencies define and express their attitude to risk, and consider how organisational and operational priorities might be better integrated. The study is therefore addressed to senior management as well as security specialists. We suggest that an integrated approach to risk management can maximise programme resilience and thus achieve greater humanitarian impact. Throughout, the study draws on the experience of EISF members, who are security practitioners working for humanitarian organisations, as well as risk management knowledge from other sectors.

Section 1 reviews the risk management process, considering roles and responsibilities at both the organisational and operational levels. These two levels are further divided into the strategic (senior management), systematic (country, regional or technical department heads) and dynamic (field staff). Staff at each level identify a different range of challenges and threats when analysing risk. Security specialists should provide advice and support at every level. We describe a spectrum of institutional attitudes to risk and argue that an organisation's 'risk attitude' must be harmonised across all its levels in order to manage risk consistently and achieve sustained programme impact.

Section 2 discusses how organisations establish 'risk thresholds', and distinguishes two central concepts: 'proportional risk' and 'security thresholds' (or 'trigger' events). We suggest that organisations use elements of both approaches, according to their size, capabilities and experience. We argue that it is essential for an organisation to make its 'risk attitude' explicit, and to demonstrate to staff members and other stakeholders how that position has been reached. Whether an organisation states that it will accept or reject a certain residual risk level, problems arise when policy statements do not reflect actual practice. We identify some of the factors that lead to apparent contradictions between policy and practice, such as 'risk creep' and differing priorities at various levels.

Section 3 goes on to look at how an organisation's attitude to risk can be put into practice and managed at all levels. We develop the notion of a spectrum of attitudes to residual risk, but show that this picture is complicated by changing contextual realities, institutional pressures and evolving risk assessment and treatment. We propose that the linear risk assessment steps described by security practitioners should be thought of more as a process of continuous assessment, informed by the organisational risk attitude but responsive to changing situations, protection and humanitarian needs, the success of mitigation measures, etc. While flexibility is valuable, we recommend consistent systems for internal communication and consultation, decision-making, and identifying 'risk owners' - those who have responsibility for risk. We suggest that a systematised, welldocumented and transparent approach to risk management gives programme and security managers the capacity to act as risk managers, maximising the potential for achieving objectives.

Section 4 concludes with recommendations for examining and improving the risk management process within humanitarian organisations, looking at three areas: a consistent process based on a shared understanding of risk; a coherent risk attitude framework, which includes statements of risk attitude and details of risk owners and responsibility; and methodologies to facilitate integrated risk management.