Risk Management in a Dynamic Environment
Research Problem The Department of Defense (DoD) is increasingly challenged to assess and manage risk in an exceedingly dynamic threat environment. Risk Management includes multiple steps of which risk identification is the foundation of the process. A flawed identification of threats is shaky ground from which to build the remaining risk management steps. Mitigating a threat is this actually not a threat is a poor use of resources and potentially indicates that another threat is not being mitigated or managed. To further constrain the process, mitigation strategies are limited by a finite amount of resources, including personnel, money, time and political acceptance. Therefore, it is extremely important that the risk identification process is as accurate as possible. Preliminary work has revealed three focus areas for further research as they pertain to DoD’s risk assessment process. First, is a need for high-priority defense-relevant interests or objectives for the United States, second is a characterization of the risk environment, and third is the identification of the threats or the Principal Risk Portfolio. These have been understood to be part of the research team’s proposed risk identification process.
Interests. The national interests generally have endured over time and are usually updated and documented periodically in the National Security Strategy. The research team has tailored these to make them more
As we move into a new era were a more robust and urgent homeland security program is needed, it is important to talk about how officials are managing all of the risk. There are a multitude of threats; from terrorism, where tactics are all the more unconventional an unpredictable, to climate change, with extreme weather conditions causing severe droughts or other catastrophic storms. The risk accepted by federal officials must be weighed and prioritized in a manner that is conducive to the longevity of the nation but also eliminates political or other personal agenda. To ensure a standardized approach the Department of Homeland Security adopted a risk management. The following will look at defining what risk management is as well as an example of how it is being incorporated within the homeland security enterprise and how doing so is of benefit.
Intelligence analysts in the IC, DHS, and FBI are tasked with the primary responsibility of developing threat assessments against the United States and national critical infrastructure. The
Tactical threat analysis is timely and thorough analysis and dissemination of information regarding terrorist and their current and potential activities. It allows for immediate and near-term action and provides useful warning systems. The strategic analysis of the enemy places emphasis of the organizations that may conduct terrorist attacks against the United States (Force n.d.). Being able to knowingly identify financial and political sources of support, motivation, goals, current and future capabilities, and vulnerabilities of those organizations will assist in preventing and preempting future attacks and in taking long-term actions that will weaken support for organizations that seek to bring harm to any United States
Senior management at DLiS decided that the existing risk management plan for the organization is out of
The ability of the Department of Homeland Security to effectively manage risk is vital to national security. Risk in general, is something that is permanent but because this is known, strategies can be used to mitigate situations as they present themselves. Government managers must manage risk in a complex environment taking into consideration the diverse missions and multiple objectives of public agencies (Hardy, 2014). The role of risk management within the homeland security enterprise was managed by best and worst case scenario planning. This is something that is inevitable as we are faced within a definite variety of threats. One way to grade or rank threats is through worst-case analysis. As this analysis can be used for worst-case scenarios the federal government cannot leave out lower ranking situations (Roberts, 2007). Since the Department of Homeland Security is charged with managing risk within the enterprise, a basic equation is used to help figure out different variables and how they would be affected.
Identification of critical information is the process of identifying what information is needed by the enemy, not so much protecting everything that is classified or sensitive unclassified, but protecting what is more vital and would be more useful to the enemy. Analysis of threats is the research and analysis of intelligence, counterintelligence and open source information on the likely enemies of a planned operation. Analysis of vulnerabilities is to examine each and every aspect of the planned operation and try to identify certain OPSEC indicators that could reveal critical information and then compare those indicators with the enemy intelligence collection capabilities used in the previous actions that they have taken in the past. Assessment of risk is where they first analyze the vulnerabilities identified in the previous action and see what OPSEC measures can be taken to prevent the opportunity of the enemy getting information, and then those measures are selected for execution based upon a risk assessment done by the commander and staff. Application of appropriate OPSEC measures is when the command implements the OPSEC measures selected in the assessment of risk, action, or in the case of planned future operations and activities, which includes the measures in specific OPSEC plans. Assessment of Insider Knowledge is assessing and ensuring employees, contractors, and key personnel having access to critical or sensitive information practice and maintain proper
Before Risk Assessment can be addressed we must first briefly discuss Risk Management (RM), the framework of which is where risk assessment resides for the United States Army. The Army uses RM to ensure mission accomplishment in current as well as future operations and applies to operations and non-operational activities (Department of the Army [ATP 5-19], 2014, p. 1-1). The Army process of RM utilizes five steps as part of its holistic approach to mitigate risks, but because this paper’s focus in on the Risk Assessment of the management solutions identified last week, it will only focus on the first two steps of RM, Identify the hazard and Assess the hazard.
Each flowchart step is placed in the “Lane” for the group responsible for completing the task (Marketing, Sales, HR, etc.).
After the 9/11 terrorist attacks against the United States, a series of risk management evaluations were created by the US Federal Government to assess the future risks the homeland was going to face. When the Department of Homeland Security (DHS) was officially created in 2002, more effective risk management assessments were re-designed to evaluate the past and present dangers, prevent them and respond successfully to more terrorist attacks. Since 2001 until 2007, a development of risk assessment has been divided in phases to be able to reach a better formula that would analyze the risk within the homeland security and provide the appropriate fund to homeland security enterprise.
Vital to this are on-going threat assessments. Effective threat assessment is the need for abundant, timely and useable intelligence, about potential terrorist sponsors, perpetrators, activities and targets, as well as intelligence to guide our prevention and preparation activities and programs. Despite the transnational nature of many terrorist groups, challenges to integrating foreign intelligence with domestic law enforcement information remains.
The United States National Security Strategy (2010) outlines four enduring interests, the fourth being “An international order advanced by U.S. leadership that promotes peace, security, and
develop a methodology for quantifying risks, or should each situation be addressed individually? Can we have both a quantitative and qualitative risk evaluation system in place at the same time?
Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize opportunities. (Lecture notes)Risk Management is also described as 'all the things you need to do to make the future sufficiently certain'. (The NZ Society for Risk Management, 2001)
“First, it neglects the fact that those who benefit may not be the same as those who pay the costs.
One well accepted description of risk management is the following: risk management is a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues. In order to apply risk management effectively, it is vital that a risk management culture be developed. The risk management culture supports the overall vision, mission and objectives of an organization. Limits and boundaries are established and communicated concerning what are acceptable risk practices and outcomes. Since risk management is directed at uncertainty related to future events and outcomes, it is