How Often Should You Do a Risk Analysis? More Often Than You Think

2017-11-02T18:50:35+00:00 November 2nd, 2017|Risk|

After more than a decade in security consulting, I’ve come to realize that most companies are doing risk assessments all wrong. Chances are, your clients are hiring you only once every 3-5 years. And chances are, you’re okay with it.

Some regulations, like the NSW Regulations 2001, state that risk assessments should be done every five years. The Health and Safety Executive recommends assessing risk “every time there are new machines, substances and procedures, which could lead to new hazards.” That assumes risk is pretty static. But risk isn’t static, and it doesn’t take new equipment or policies for risk to change—it changes daily.

If your clients are waiting years between risk assessments, they’re taking on risks they don’t know about.

How Often?

When it comes to risk, 3-5 years is a lifetime. The whole world can change in just a couple years. For example:

  • Presidential administrations can come and go every four years.
  • Game-changing technologies can embed themselves into the culture in just a couple years.
  • Hurricanes can destroy an entire region over the course of two or three months.
  • The economy can go from boom to bust in just weeks.
  • A restaurant can burn down due to a greasy vent in one day.

Each of those scenarios could impact a company’s risk. And thousands of scenarios are playing out every day. So it doesn’t take long for your client’s risk profile to change, and change dramatically.

How often do your clients need a risk assessment, then? Every two years? Annually? More often than that? Yes.

At Circadian Risk, we recommend that many companies analyze their risk on a weekly basis. Here’s why.

Aren’t Weekly Risk Assessments Overkill?

Risk isn’t static. It changes daily. A packed concert on Friday night carries higher risk than an empty arena eight hours earlier. Or think of all the dramatic fluctuations that occur over just three days every Thanksgiving—congested highways, empty workplaces, crowded shopping centers, and more.

Risk also changes every time a significant event happens in an organization’s life. A single layoff can boost the chances that you’ll have a violent incident the next day.

Since risk changes daily, a risk analysis can quickly go out of date. But weekly assessments can help your clients make important manageable adjustments as risk changes.

Does every organization need a weekly risk assessment? Probably not. But the closer your clients can get to weekly assessments, the better.

So who needs it weekly, then? Your risk analysis will tell you. That sounds like a paradox (or maybe a copout), but it’s actually a great place to start. If your risk assessment is affected by constantly changing conditions, you should do more assessments, more often. Also, organizations that fit either of these profiles should be doing weekly assessments:

  • Large corporations that frequently have a lot of visitors onsite
  • Organizations with a constant potential for threats because of the work they do

How to Do Weekly Risk Assessments

In an ideal scenario, your client will have a designated staff person monitoring safety full-time. This person is responsible for understanding risk, and they can work with you to continually perform assessments and make corrective actions. Hospitals often have a safety officer who can do inspections every week. In some companies, such as restaurant chains, you might have managers that do weekly inspections.

But even if there isn’t a full-time safety officer, you can make it easier on your clients by recommending some basic process and strategy changes. Start with these:

  • Break it down by department. Spread weekly assessments out across departments, so that each department is doing a risk analysis only twice per year. This makes it easy for departments to correct items within six months, and the organization itself is staying on top of risk weekly.
  • Train security guards to do assessments. There’s no reason they can’t check doors, eyewash stations, and other items while they’re on their daily their rounds.
  • Assign manageable tasks. Bite-size corrective actions make it easy to tackle a long list of issues without getting overwhelmed. Give them specific, defined tasks that are easy to understand. List the problem, the recommendation, who’s responsible for it, and a due date. Prioritize each corrective action. When they see how much they can accomplish, your clients will be more open to regular assessments.
  • Use visualizations. Pictures provide an emotional context for each item or incident. In early 2018, Circadian Risk software will add floor plan visualizations to show all of your client’s problems in a single picture. When your clients see all of the red dots on their floor plans, they’ll say, “Wow, we have a lot more problems than I thought.” It’s a powerful driver to invest into recurring assessments.

Right now, weekly assessments may be expensive for many companies. But as technology continues to change, you’ll be able to easily do things on a weekly basis that you’ve never been able to do before. And at a very low cost to your clients.

Handpicked related content: How (and Why) Old School Security Consultants Are Going High-Tech

That’s where Circadian Risk is taking the risk assessment industry.

The Tool That Makes Weekly Assessments Possible

Circadian Risk is your go-to partner for comprehensive and actionable risk assessments. Our software makes it easy to do weekly risk assessments. The mobile app generates automatic reports from the data you capture during your inspection. There’s virtually no writing to do, and you can cut your report time by 80%.

It’s the only solution that lets you:

  • Create effective, comprehensive reports in record time
  • Tag every vulnerability, risk, and compliance issue on the premises
  • Track and assign improvements with a detailed corrective action plan
  • Analyze risk over time

Circadian Risk can help you keep your clients safe—and more affordably than any other method. Find out more about our solution.

 

Subscribe to the Blog

  • This field is for validation purposes and should be left unchanged.
Daniel Young
Daniel Young is the Founder and CEO at Circadian Risk Inc. He was a Regional Bioterrorism Coordinator, Security Account Manager, and has been a security and risk expert for over 10 years.