People Risk Management and Agile Organizational Resilience

As COVID-19 changed the landscape of global business travel, organizations must respond with agile, comprehensive plans that can account for continually evolving risk environments and regulatory requirements. It has become necessary for many organizations to revise old outlines and plans to match the realities.

Fulfilling Duty of Care & Integrating Travel Risk Management Practices

As COVID-19 changed the landscape of global business travel, organizations must respond with agile, comprehensive plans that can account for continually evolving risk environments and regulatory requirements. Employees now expect a higher degree of safety measures from their employers and the need for organizations to

 set duty of care standards is at an all-time high. In addition to the changes and travel disruptions brought on by the pandemic—such as cancelled flights and closed borders, as well as vaccination, testing, and quarantining requirements— the global threat environment continues to include other critical events like severe weather and civil unrest. 

It has become necessary for many organizations to revisit old travel risk management (TRM) plans and revise old outlines and plans to match the realities the world now faces. For the safety of your employees, and the protection of your organization from a legal standpoint, your TRM solution should provide real-time, early warning, and predictive intelligence of risks, and it should be as reliable as the world is unpredictable.

Additionally, it is highly beneficial for organizations to think of TRM as part of a whole when it comes to risk management. Yes, TRM plans keep your traveling employees safe, but how can organizations demonstrate a commitment toward fulfilling Duty of Care standards for employees at all times – whether or not they are on the road. Further, how can your risk management account for an organization’s assets and facilities as well.

Bruce McIndoe, a leader in risk management, travel, and intelligence industries, states that,

“Duty of Care spells out responsibilities an organization has for its people. This includes making the workplace safe, preventing risks to health, and ensuring safe working practices are set up and followed. There is a lot to deal with between these areas and the onus is on a variety of managers to ensure nothing falls between those cracks.”

The ability for an organization to achieve a high set of duty of care standards relies on adopting a more integrated approach to risk management. Many organizations have already had to develop cross-functional teams to deal with the pandemic, so the natural progression of this team would be to deliver operational resiliency moving forward. Shifting from a COVID-19 task force to a People Risk Management department, or PRM, is a holistic continuation of this group’s efforts and would ensure a proactive stance against all kinds of future crisis situations.

McIndoe states, “While people risk is often used to refer to human risks such as negligence, fraud, and theft, consider people risk as applying risk management principles to protecting people as a key asset. As such, PRM is the process of taking the necessary steps to identify, assess, and mitigate risks to and by personnel and responding effectively when an incident occurs.”

The essential elements of a PRM program would consist of 10 key process areas (KPAs):

1. Policy and Procedures: The infrastructure supporting policy and procedure development, implementation, and continuous improvement. Individual procedures such as SOPs are addressed in each KPA.
2. Training: Ensuring personnel have the necessary skills to comply and conform to program policy and procedure. Individual training items are assessed in their relevant KPAs.
3. Risk Assessment: A consistent, documented methodology for evaluating risk provided as input for the overall risk-based decision process.
4. Risk Disclosure: Information derived from the risk assessment analysis to ensure all those potentially affected understand the risk.
5. Risk Mitigation: Strategies and solutions that will result in a level of risk that is acceptable to all stakeholders.
6. Risk Monitoring: Continuous monitoring of potential threats or incidents affecting personnel and providing them with an easy-to-use process for reporting problems and accessing assistance.
7. Response & Recovery: Respond proactively to avoid or mitigate loss and return to business as usual (BAU) within the desired timeframe. This will typically involve location awareness of personnel, proactive threat monitoring, wellness checks, engaging protective measures and life safety procedures.
8. Notification: Ensures the appropriate people are informed of any relevant personnel risk information and addresses internal/external communications such as stakeholder notifications, escalations, and information requests.
9. Data Management: Establishes and maintains the data required to monitor and manage a robust PRM program adhering to privacy and security requirements. This data will include personnel profiles, contact information, location awareness, and other related information on facilities, operating locations, travel, resources, and processes. Program data to support oversight, incident reporting, and threat information is also included both internally and with third-party applications.
10. Program Communication: Strategic communication throughout the organization ensures understanding of both the organizational and individual responsibilities. Furthermore, travel managers should customize travel parameters within their system to align with their corporate travel policies such as destination risk ratings. Should an itinerary fall outside the specified parameters, the system should generate an automatic alert notification of the violation. The system should be configured to send the alert to the traveler, travel manager and/or regional managers responsible for the safety of the travelers. 

Following these steps can help companies fulfill Duty of Care standards, alleviate business travel anxieties, and keep employees safe. 

Thinking of Travel Risk Management More Holistically

The goal of any successful TRM plan should be to enhance an organization’s overall resilience. When companies prioritize resilience, they begin tackling risks from a proactive stance versus a reactive one. Being proactive and mitigating potential impact requires more than just proper travel risk management planning – it is about protecting all your people and assets no matter what type of critical event may threaten them or where they may be.

Organizations that are rethinking TRM plans should consider approaching critical event management (CEM) in a more holistic way. Companies that embrace travel risk management as part of a larger CEM strategy can enhance their ability to protect all employees – whether on the road, working from home, or stationed at satellite locations. Additionally, adopting holistic CEM strategies can enable organizations to consistently fulfill duty of care standards – even as the target for best practices is constantly in motion.

If you’d like to learn more about upgrading your Travel Risk Management programs, watch on-demand: People Risk Management and the Journey to Agile Operational Resiliency. Bruck McIndoe, leader in the risk management, travel, and intelligence industries, will discuss:

• Agile operational resiliency and gaining a holistic view of vulnerabilities.
• How to achieve a holistic and strategic risk framework that captures cost savings, drives competitive advances, and protects reputations.
• Best practices to gain a 360-degree view of risks related to your people through cross-functional oversight and coordination.