by: VMware Senior Manager Physical Security EMEA Gian-Rico Luzzi
In earlier blogs, I covered travel risk management (TRM) as a competitive advantage and how it can be applied to enterprise health and safety (H&S) protocols. But how does a company start to implement TRM without disrupting existing operations?
Solid programs spring from solid foundations
It starts by having an authorized internal stakeholder with access to top management (typically someone involved with corporate security or risk functions) gain an in-depth understanding of the company via five distinct categories:
— operating context
— traveling population
— business objectives and risk appetite
— TRM service delivery.
Undertaking these initiatives is essential to the success and effectiveness of the program. Failure to examine each of these components will likely result in the program not being commensurate with risk exposure, and recommended control measures may be rejected, bypassed, ineffective or simply overlooked.
Diving into the five
Understanding a company in a TRM context is not as daunting a task as it might seem—even for a single individual leading the charge—if approached systematically.
With that in mind, let’s dig deeper into each specific category:
Exploring the operating context requires both external and internal examination. Examples of important external factors to consider include crime, political violence, social unrest, natural disasters and infrastructure (roads, rail, transport, hospitals, policing, etc.). Internal factors would cover business objectives, standards, capabilities and resources. Not surprisingly, the type of risk exposure can be dependent on the company industry or sector. A manufacturing plant in Kaduna, Nigeria, may have different risk types or levels than one in Geneva, Switzerland, and the oil and gas sector will have unique risks the tech industry does not (and vice versa). Objectively examining these factors helps define the business risk profile, which, in turn, informs all aspects of the company’s approach to TRM.
Stakeholder examination and selection ensures all the right personnel are consulted (aware of the initiative and properly used). The internal stakeholder list will be extensive since travel is a critical component of most business operations, and some risk types affect multiple functions. The external stakeholder list can vary widely depending on the company but generally includes insurance, security and medical assistance providers, specialist consultants, local partners, government agencies, clients and employee emergency contacts.
Examining the diverse characteristics of the traveling population is also critical as factors such as nationality, race, age, occupation, gender, position, sexual orientation, disability, and many others can affect the type and level of risk exposure. Some companies even have several categories of full-time employees and contingent workers, each of whom may have different Duty of Care requirements.
Once the factors mentioned above are examined, key stakeholders and top-level management must balance the company’s strategic business objectives and associated opportunities against the measures required to manage the risks and exposure. This involves exploring core program criteria such as compliance requirements, awareness and training requirements, standard or customized risk ratings, minimum standard traveler safety and security protocols, pretrip authorization procedures and risk assessment requirements. In this way, the company can define its risk appetite in context.
Combining all these variables into a workable format enables the company to create a service delivery model, one that explicitly outlines the nature and scale of corporate TRM. Doing this can also answer questions about whether the scale of the travel is of significant volume that a third-party vendor should be involved for tasks like automating processes? Another area is if the nature of the travel requires specialist advice and assistance to mitigate risk? And so on.
Ready, set, implement!
Now that there is a clear understanding of the organization, its TRM context, and the approach to be taken, the program must obtain support and commitment from leadership. Top-level management should demonstrate 1) ownership of business travel risks and 2) full support of the entire TRM process. This involves communicating the mission-critical nature of TRM from the top-down—stressing the importance of adhering to policy and process—as well as ensuring appropriate resources are available to develop, implement and manage the TRM program. Together, these efforts guarantee that all agreed-upon TRM initiatives are effective in the actual operating environment.
Check back for updates on this ever-changing topic and read our other TRM blogs:
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or email@example.com to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.