What is the importance of travel risk management programs today for businesses?
PRESIDENT, MCINDOE RISK ADVISORY
“Prior to COVID-19, most organizations tasked a patchwork of groups with largely stove-piped activities to meet Duty of Care responsibilities. They have functional names such as risk; security (physical and cyber); human resources; environmental, health and safety (EHS); emergency management; business continuity; and facilities and travel, to name the most common. But the pandemic and the ever-increasing risks globally has put a sharp focus on the entire organization taking care of all its people every hour of every day.
While people risk is often used to refer to human risks such as negligence, fraud, and theft, consider people risk as applying risk management principles to protecting people as a key asset. As such, People Risk Management is the process of taking the necessary steps to identify, assess, and mitigate risks to and by personnel and responding effectively when an incident occurs.
A large body of work has been developed over the past two decades by me and others to define and implement Travel Risk Management (TRM) programs to protect people when they are on business travel—first with the Travel Risk Management Maturity Model (TRM3) in 2006 and now with the recent release of the ISO 31030 Travel Risk Management –Guidance for Organizations publication.
Using this existing TRM program framework, the essential elements of a PRM program would consist of the 10 key process areas (KPAs) applied to all People versus just People on travel. These 10 KPAs are: Policy & Procedures, Education & Training, Risk Assessment, Risk Disclosure, Risk Mitigation, Risk Monitoring, Response & Recovery, Notification, Data Management, and Program Communication.
All 10 process areas must be engaged to have a comprehensive and effective PRM program. The overarching KPAs of policy and procedures and training are essential to the establishment of the program and the on-going realization of its value. The five management KPAs constitute the core risk management process, which is operating continuously both to proactively mitigate threats and rapidly respond to incidents when they occur. The remaining KPAs are critical. These include the ability to rapidly notify and communicate with potentially impacted personnel, management of the data needed to support the program, and ongoing communications of individual and organizational responsibilities as well as how to report issues and get help. Over time, a risk management program focusing on people would expand to address areas such as strategic personnel development, retention, liability reduction, anti-bribery, and social responsibility—all of which effect an organization’s bottom line as much as its most valuable assets.”