Project Assessment

Written by Nagott
April 11, 2024

Introduction

The Conceptual Overview of the SRM process highlights that SRM is a way to support project delivery for the organization by reducing risks to an acceptable level.

To facilitate organizational goals, it is necessary to understand those goals and the projects it intends to implement. This is an ongoing process and should be formally identified in common planning documents, mission concept statements, etc. The process in the SRM by which the results and activities that the organization needs to achieve to meet business objectives should be formally identified is the Project Assessment. For SRM to “enable” the organization to deliver project activities at an acceptable level of risk, there must be clarity about the activities that are to be delivered.

As SRM depends on understanding and dealing with vulnerability to threats, part of that understanding involves how the organization operates and how those operations may create exposure to threats.

Therefore, assessing projects is an ongoing activity of all staff with security responsibility, led by the Security Professionals. It is not a one-off activity of collecting information.

In this stage in SRM, the “Project Assessment” is a process by which the security professionals formally illustrate their comprehension of the project requirements of the organization and highlights those activities that may be exposed to different threats or similar threats to a different degree. This is done by collecting and collating strategic information provided by the various entities and departments within the organization about their activities and analysis to understand common and exceptional exposure to threats. This should be completed in close collaboration with organizational staff at all levels.

The output of the project assessment will be the recording of strategic goals and priorities of the organization as general information and recording activities that have specific exposures to threats as specific information.

Two Parts of Project Assessment

There are two parts to the project assessment; the “General” and the “Specific.” When there are commonalities of exposure to threat, either through the type, acceptance, or location of activities, they have a common threat, and their risk can then be assessed together. These commonalities are understood and represented through the understanding and recording of General information on organizational projects. However, where there is a project or set of projects that are relevant outliers or relevant exceptions from the General information, then they potentially have different or additional threats and/or their risk, when assessed, may also be different. Therefore, they need to be highlighted and identified with specific program information.

The key information requirements in the project assessment that must be made available to the security professional and used in the SRM process are therefore divided into two main sections:

General Information

General Information on the goals and outcomes of the organization and the specific roles in conducting the activities to achieve those goals should be contained within the planning documents or Mission Concept. However, reading and understanding these documents do not replace the depth of knowledge gained through attendance at Country Team meetings and planning meetings.

Through an understanding of these strategic planning documents, the General information will be used to identify the exposure implications to staff, facilities, and assets from the intent of the operations. Activities associated with the same goals and intents will generally assume similar profiles. For example, if there are only retail activities running in the SRM area, then it is likely that most locations have a similar exposure in terms of the profile. However, if projects support the government or infrastructure construction projects, these different types of projects likely have different exposures to similar threats.

At this stage of the SRM process, it is only necessary to physically record the overview and key priorities of the general information on strategic planning documents. First, however, security advisers need to consider how the organization’s strategies and common goals will influence the determination of threats once they get to the specific threat assessment.

Specific Information

Specific Information is required for activities and projects that, through their delivery, profile, or geographical location, are exposed to different threats or exposed to similar threats to a different degree. Put another way, Specific information will be used to provide increased granularity to the analysis of the exposure of individual projects, and examples best illustrate this:

  • Exposure through Activity – In a given country, the majority of activities may be manufacturing that is perceived to be neutral and impartial. However, there may also be an operations/compliance office that, while being equally neutral and impartial, is required to highlight labor abuse failures, which may be perceived differently. This is a different exposure.
  • Exposure through Delivery Methods – The projects in an area may be conducting activities through partners with monitoring carried out by national staff. One department, due to the capacities available, may need to deploy international staff in multiple locations. These have different exposures.
  • Exposure through Delivery Time – Using the above example, the majority of projects may require travel to an area to carry out monitoring irregularly, but at least once a quarter. Another department may need to travel to the area daily. These have different exposures.
  • Exposure through Delivery Locations – There may be a single project with the office(s) geographically separate from or more numerous than others. This is a different exposure. Mapping of the organization’s offices and operations is the best way to visualize this analysis.

The responsibility for identifying which activities have different exposures to threats does not lie with one individual or role; rather, it is an ongoing consultative process between the Senior Organizational Representatives and Security Advisers to determine which activities and projects need to be considered individually. Once projects have been identified as requiring specific consideration, they need to be recorded with a minimum of the following information for each project:

  • What – A list of the actions that involve staff and how they will be implemented.
  • Who – Which category of staff is involved (e.g., International? Locally recruited?) and in what way (e.g., resident in the area or temporarily relocated?).
  • When – The frequency (daily, weekly or monthly) at which the activities will be conducted. If the SRM is being conducted for a single, one-off activity, the exact date and times should be used.
  • Where – Where within the SRM Area specifically are the activities focused?

Conclusion

There is no restriction on how many projects can be listed, and a Security Adviser may choose to list every project being delivered in an SRM area. However, it should be noted that the only requirement for an effective SRM process is that the projects identified as potentially having different exposures to threats are recorded.

Related Articles

  

  

Subscribe to i2Bureau Insights

Our goal is to help people in the best way possible. This is a basic principle in every case and cause for success. Subscribe today to stay up to date.

Practice Areas

Newsletter

Sign up to our newsletter

WordPress Appliance - Powered by TurnKey Linux