This report discusses security risk management (SRM) processes and procedures in the humanitarian sector. It focuses on the institutionalization of such processes in international and local humanitarian NGOs as well as examining their relation to risk-taking/aversion.
Furthermore, it identifies how SRM compares to the wider management of risks in the humanitarian sector. Although SRM in the humanitarian sector has increasingly gained the attention of professionals, policymakers, and academia, an assessment of how SRM is included in decision-making processes and how it affects risk-taking/aversion remains largely missing. The objective of this report is to close this gap by providing an overview of current practices within humanitarian organizations as well as offering critical donors’ perspectives.
Additionally, the results are intended to inform policy making on SRM and help to effectively address security risks at an organizational level. The findings are based on in-depth, semistructured interviews with specifically identified security managers of local and international humanitarian NGOs, key experts with experience in SRM in the humanitarian sector, as well as donor representatives, and are complemented by results of an online survey.
The report finds that:
1.) The institutionalization of SRM within humanitarian NGOs varies considerably, from integration in policies and entire project cycle management to ad hoc decisions on security risks. A one-size-fits-all approach to the institutionalization of SRM does not exist. Instead, SRM processes depend on an organization’s structure and the environment it operates in.
2.) This report finds no relation between the institutionalization of SRM and a humanitarian NGO’s risk-taking/aversion. Understandably, based on a humanitarian organization’s mandate, mission and operational objectives, in conjunction with individual risk perception, an organization is more or less willing to take risks. However, risktaking/aversion was not necessarily influenced by SRM processes within an organization. For instance, organizations accepted high levels of risk regardless of how institutionalized SRM processes were within. Furthermore, questions of program criticality influence humanitarian NGOs’ willingness to accept risks. The more situations are interpreted as life-threating for people in need, the more willing they are to take higher levels of security risks.
3.) Compared to other risks, security risks still tend to get less attention within humanitarian organizations. However, instead of seeing security risks as separate, many organizations are deciding to opt for an integrative risk management approach which embraces security and other risks such as fiduciary, legal, and reputational.