Integrated People, Risk, and Security Management
Recognizing that there is a broad range of interconnected people, risk, and security issues that an organization may face, I believe expanded use of the enterprise risk management concept is now the best practice practical approach. Traditionally, ERM attempts to imagine and identify all the risks an organization may collectively face. Some of the risks that are interconnected are primary, secondary, or tertiary. Understanding the run-on and often unforeseen consequences of a risk is often the biggest challenge facing management. This requires coordination and making sure that a risk or security issue is not addressed in a proprietary way function by function. As previously stated, risk management with a financial bent has dominated the business landscape for some time. In my opinion, a true ERM can only take place when it takes into account all of the issues associated with people, risk, and security.
In their book Managing Strategic Surprise, authors Paul Bracken, Ian Bremmer, and David Gordon state that the genesis of risk management, whether in finance, engineering, or environmental protection, seems to have the same intellectual root. In their view, modern risk management can be traced back to ‘the application of statistical methods in mass production in the 1920s and 1930s’. World War II helped further develop the process when mathematical concepts were applied in support of the war effort under the rubric of ‘operations research’. During the postwar industrial boom of the 1950s, decision sciences further developed, resulting in what we know today as risk management. I would argue that in a very broad sense, risk management actually has roots earlier than the 1920s or 1930s. The work of Frederick Taylor had a risk management aspect associated with it, though he is best known for his theory of management based on an analysis of workflows. My case is that Taylor, through the process management approach, was essentially attempting to manage the risk associated with low or inefficient production because of human factors. (I am well aware that in many circles his work fell out of fashion by the 1930s. However, modern management theory still incorporates key elements of Taylor’s work to some degree.) I believe Taylor’s greatest contribution to organizational efficiency was his recognition that industrial engineering, regardless of how genius it may be in the abstract, has little chance of success without a focus on the human element in the process. In my opinion, the same is true for any attempt at a truly effective integrated people, risk, and security management process.
-  P. Bracken, I. Bremmer, D. Gordon (2008) Managing Strategic Surprise—Lessons from RiskManagement and Risk Assessment (Cambridge University Press: New York).