A key part of close protection is being aware of potential dangers, with the intention of avoiding any problems that may arise. Risk management is the process of doing this, where every danger is analysed and effective measures are coordinated to minimise the likelihood of any harm coming to the principal (VIP).

What are the objectives of risk management?

Threats continue to evolve and take on new forms, making the world a dangerous place for many different people. As this is always going to be a problem, operatives need to adapt to match the current climate. To perform their roles effectively, close protection officers (CPOs) must carry out a threat assessment to identify any and all potential risks that could arise. During this process, each threat and risk will be prioritised according to how serious the level of danger is to determine which risks can be avoided, reduced or acknowledged as an accepted risk. When working in the close protection security industry, a CPO is responsible for assessing how severe the risk is alongside the chances of it happening. An underlying duty and objective of a CPO is to ideally avoid risk completely, but as this isn’t always possible, weighing up the balance between the likelihood and impact of the risk helps in mitigating each possible threat. Different sectors quantify this as ‘Risk = Likelihood x Impact’ with the objective to plan out what risks could occur and determine how to avoid as many of these risks as possible if they can’t be entirely eliminated.

What are the different types of risk management?

When in charge of a principal’s protection, a CPO will need to take many factors into consideration in order to promote their safety. For example, if an American artist was on tour in the UK, risk management would play a key role in ensuring their safety and wellbeing during events as well as during transit. Alternatively, a business person may have received a threat which requires professional security measures at home. In this case, processes such as penetration testing will be carried out on the premises to check that the building is secure as part of a residential security procedure. Extensive training, expert planning and an eye for immense detail are essential for CPOs to ensure they are capable of doing their jobs effectively. It is their primary aim to protect the wellbeing of the principal, but it’s also important that they’re skilled in operational procedures such as offensive and defensive driving, anti-ambush drills, embus and debus drills and foot formations. In many cases, a risk assessment will split off into three different categories, each with individual considerations and concerns. These are:

General risk assessment – As a starting point, a general risk assessment is based around the principal and how potential threats could arise in their day-to-day life. Due to the nature of this type of assessment, it could be used to continue the work of a previous CPO that looked after the principal, or it could possibly even help with providing guidance over how the principal can stay safe in the future.

Risk assessment of pre-planned events – Similar to a general risk assessment, this would put an in-depth focus on the principal’s schedule, but with the crucial difference that it would be aimed at a specific event. For example, if the principal was set to attend a charity event, film premiere or public appearance, every possible threat would be calculated by the CPO, with the intention of reducing the chances of harm coming to them. Often with public figures such as celebrity protection, this could also mean protection of brand image.

Dynamic risk assessment – Unlike the other two forms of risk assessment in close protection, dynamic risk assessment isn’t planned out in advance. This element of risk assessment is constantly undertaken by the operative ‘on the ground’ alongside their principal. It’s about spotting the potential for danger and being proactive to assess and take action if or when it may be necessary.

Why must risk management procedures be followed?

When it comes to managing risks for principals, failure to conduct a proper risk assessment – or failure to follow such an assessment – can result in serious harm being caused to this person. Risks and threats can extend beyond the principal to the security team and other members of the principal’s party. In some cases, the difference between following and not following standard operating procedures could be life and death.