Risk Assessment and Management

How to assess and manage risk

Also available in: Français, Español

Rights organisations often send staff members abroad to investigate human rights abuses, monitor trials or collaborate with a partner organisation on the ground. In some cases, investigations or campaigns in the organisation's home country will pose new threats to its operations and staff members, which will require new security practices and policies. It is important that all staff involved know what the potential hazards are and how to avoid them.

A risk assessment allows an organisation to ensure staff are well aware of the risks as well as the strategies to prevent or avoid such risks. A risk management policy also outlines the roles and responsibilities of both the organisation and the individual staff member in responding to real and potential danger. It also is important for organisations to develop strategies to protect vulnerable individuals they may contact for information or advice. This guide, and the attached step-by-step article for performing risk assessments, will help organisations ensure security measures are adequate and effective on the ground.

Performing a risk assessment

A risk assessment is the process whereby an organisation identifies threats, assesses the risk level associated with those threats and determines ways to avoid high-risk hazards. A risk assessment should be performed before a risk management policy is developed and before a project commences. As the nature of an organisation's work evolves, and as political situations change, organisations will need to reassess risks, adapt mitigation strategies and make decisions accordingly.

Establishing a risk management policy

A risk management policy should be clearly communicated to senior level staff as well as all staff who are involved in a foreign mission or high-risk operation at home. This policy should include:
This security policy should be provided in written form to all staff members involved in the operations. An organisation should also verbally go through the policies in a safety training orientation, where staff members can ask any questions about the security measures put in place.

Appointing security officers

Many organisations find it helpful to delegate one or two individuals within an organisation to oversee security management. In the case of a foreign mission, it is often ideal to have a go-to person on the ground in the foreign country as well as a security officer at headquarters who can support the field coordinator. A security officer oversees risk assessments and risk management policies, in addition to creating exit and contingency plans. The person assigned to this role should also assist staff members in implementing personal safety measures and respond appropriately to threats as they arise. It is important that the security officer(s) be available on-call to respond to emergencies. Contact information for all staff members, including their relatives, health requirements, address in the field and other important personal information should be securely kept by the security officer and be accessible for other members of the organisation in case of emergency. The security officer should communicate to all staff when an incident has occurred that signifies a threat to safety or when a new danger has arisen; such communications should detail prevention strategies. Finally, in high-risk situations, it may be important for all staff members to notify the security officer in regards to location and time of interviews and other activities that could pose risk.

Minimising risk to vulnerable persons

The risks to people an organisation interviews, seeks advice from, stays with or otherwise comes in contact with are often not as easy to predict as the risks to staff. In some cases, local guides, translators and interview sources face higher threats than on-staff members because they are easier targets. Mitigating against the risks to vulnerable people requires individuals to on one hand, respond to the threats as perceived by the individual, and on the other hand, recognise threats that the individual themselves may not be aware of. In the first instance, in the interest of trust, respect and safety, an organisation should always address the vulnerable person's concerns, including fears of social stigma, and follow the person's cue on where/when/how to meet, etcetera. At the same time, individuals may not always be aware of the threats they face and rights advocates should be sure to consider threats not identified by the individual. A best practice is to interview individuals in private, away from potential informants; however, in cases involving children, it may be important for a trustworthy adult known to the child be present. In almost all cases, staff members should not interview detainees unless the interview is guaranteed to be unsupervised by guards or security officials. When meeting individuals in person, always ensure that they have safe access to and from the chosen locale.

At the same time, it is important for NGO staff to communicate the limits to the security they are able to provide, as well as the limits to the help they can offer regarding asylum seeking applications and other professional and legal aid. Individuals may place false hopes in international NGOs in terms of what the NGO can provide them. Since these false assumptions increase the likelihood that individuals will prioritise providing information over their own safety, staff members should be trained in clearly communicating the benefits and potential costs of participating in the NGO's work.

Creating emergency response plans

Every organisation should have emergency response plans in the event of political violence or other possible major calamities. Staff members should know what they should personally do in an emergency scenario, even if they are not versed on the full details of the plan at an organisational level. At the security orientation stage, a NGO should clearly communicate to all staff members where they should go in case of emergency, and provide several alternate destinations if that location becomes unsafe. In foreign missions, emergency plans often focus first on gathering staff in a secure location within the country and then, if necessary, on ensuring the secure exit of staff. When developing emergency response strategies, the following points need be considered:
Emergency plans should ideally be created by security officers, with input from the organisation's staff, partner organisations, on-the-ground NGOs and possibly UN or embassy officials. Emergency plans should account for various contingencies, including alternative exit points, alternative road routes, meeting places and so on. In other words, in addition to a Plan A, it is often important to have a Plan B, C and D in mind. While emergency response plans should be overseen and implemented by the security officers, other members of the organisation should be well versed on the plan and should be on hand to implement it if required.

Click below to view a campaigns-related sample risk assessment template:

RiskAssessmentSampleTemplate.pdf (482 KB)

Editor’s Note

An organisation with a large staff deployment that is engaging in sensitive investigations or political activity in insecure areas may require more comprehensive and detailed risk assessments, security policies and security oversight staff than are included in this document. When developing a risk assessment and security policy ahead of a new mission, organisations may wish to consult experts in the field as well as additional online resources. Some useful links to guide NGOs in their security policies are provided to guide organisations in this degree.

Useful Links

Note that some of these sources use different approaches and terminology than has been employed in this guide for assessing and responding to risks.

Training Manual on Human Rights Monitoring (OHCHR): (go to no. 7 under 'Human Rights: A basic handbook for UN staff' and read chapter 24 on security)

Security Risk Analysis: NGO Approach (InterAction Security Unit and USAID):

Using the Likert scale to assess risks (NGO Security Blog):

Putting free expression issues in perspective.

Sign up to receive IFEX In Context.

Risk Assessment and Management

How to assess and manage risk

Latest Tweet:

[Video] Start building your successful campaign with the IFEX Campaign Toolkit! #advocacy #campaigntoolkit