AS TERRORIST THREATS GET CLOSER TO HOME, with recent attacks in both Paris and Brussels, risk management is now high on the corporate agenda. It may not have knocked cost savings off the number one slot in the priority list but it is certainly sharing the podium.
However, terrorism is one of the lowest risks a business traveller will have to contend with. Extreme weather conditions, civil unrest, road traffic accidents, lost medication and opportunistic crime are just some of the more likely factors.
In a white paper from Key Travel (Managing Risk – Why, When, How?), Planet Wise managing director Mark Hide points out: “During the [Icelandic] volcanic ash cloud, many people could not get out of their location because their employer did not have a ‘plan B’; they thought traveller tracking was enough.” And the paper warns: “The message is clear: approach apparently high-risk and low-risk destinations with the same care and attention – you and your employees need to be equally prepared for travel to both.”
However, as companies seek to expand the markets for their goods and services, they are entering into increasingly dangerous territory: “Of the eight biggest emerging markets, five are in the worst parts of the world, and that is where companies are going to do business,” says Ian Nunn, head of Aon Worldaware Solutions (now part of iJet). “They are sending people into environments where there are risks and they do not necessarily understand those risks.”
Rather than being a disguised attempt to prevent travel, the objective of risk management is to facilitate safe travel. But the maturity of companies’ travel and risk policies varies. In a recent survey, International SOS (ISOS) interviewed some 200 companies in northern Europe, 93 per cent of whom said they had a degree of concern that travel risks would affect their workforce, but 41 per cent indicated they had difficulty in implementing processes. “And they found communicating effectively about actual versus perceived travel risks with their travellers was a challenge,” says ISOS and Control Risks director Tim Willis.
And there are anomalies. Many corporations do not allow senior executives to fly together. However, Willis says: “They might all arrive on different flights but often they then move around in the same vehicle – and the risk of a road traffic accident is far higher than the risk of an airline crash.”
In fact, road accidents are one of the most common – and overlooked – risks connected with international travel. Preventing tired travellers from driving after a long-haul flight is also worth addressing. Telecoms firm Talk Talk does not allow people to drive while in Africa, India or the Far East, where it has call centres.
This highlights another conundrum: these are all holiday destinations and lend themselves to adding a few days’ R&R to a business trip. However, business travel insurance precludes certain activities and, anyway, may not cover holidays. It is in the interest of all parties to check whether travellers would be covered, and travel policies should state the status quo.
Embedding risk policy into travel policy ensures that travellers do not disassociate the two, a principle that software multinational Citrix “most definitely” adheres to, according to category manager Jef Robinson. And having an option in a self-booking tool that asks travellers to confirm they have read the risk policy is another way of ensuring they are alert to risk.
Preparation and briefing is all, and comes in two parts: conveying the existence and contents of the travel risk policy, which needs to be an ongoing process, particularly where the policy is new; and training to ensure travellers are prepared for the environment they are travelling to, ideally including reference to policies and required procedures, to reinforce that element.
Employees’ awareness of potential risks for medium-risk areas such as Kenya or Sri Lanka may be low. “They are all tourist destinations and it’s easier not to appreciate fully what the risks are,” says ISOS/Control Risks’ Willis. “This is where face-to-face, classroom-based training is useful.”
Management training is also key. HP Risk Management has many news organisation clients whose employees regularly travel in high-risk areas such as war zones and places where there are natural disasters. “We train managers extensively in understanding risk, how to manage deployment in high-risk areas and crisis management. There is no point in training travellers if their manager does not know what to do if something goes wrong,” says director Colin Pereira.
Talk Talk has a dedicated briefing paper for managers. One risk it picks out is new staff, who “in particular, should be briefed on the hazards associated with travel to certain areas well in advance of any proposed journey”. And at Citrix, new staff receive training covering the company’s global travel and events policy.
Risk mitigation is the responsibility of all departments, so input into policy should involve travel, head of operations, security, health and safety, HR and – to ensure it is fit for purpose – travellers, too. In addition, says Pereira: “With all our clients, we ask that the CEO signs it off.”
The message also comes from the top at Citrix. “The travel team, the risk team, security and senior leadership all the way up to SVP [senior vice-president] level play a part in ongoing development of the risk policy,” says Robinson. “Updates occur on an ad hoc basis, with at least an annual review at some level.”
Keeping up to date with events in destinations your travellers are visiting is essential and there is nothing to beat local knowledge. ISOS talks to local security providers, hotels and embassies. “They are a useful source of information because they will know the environment far better than we might, irrespective of how often we go to those countries,” says Willis.
Head of account management at Diversity Travel, Stephen Brook, says: “During the Nepal earthquake, we used the 52 local offices of one of our global clients to push information out on a daily basis. It was useful and effective.”
There is a risk that locals become inured to their environment, especially where changes build up gradually, which could result in a failure to put mitigation measures in place, so a combination of local knowledge and outside expertise is ideal.
However, it is not just about the company’s duty-of-care towards the traveller – the traveller also has responsibilities. “[These] should include an ‘I’m okay’ policy, so that if there is a disaster or incident, there is an obligation on the part of the employee to call HR or a central source and confirm that they are, indeed, okay,” states the Key Travel white paper. And employees need to be self-sufficient in the event of a deteriorating environment. “Immediate action by the traveller will be a key determinant of the outcome of a situation, so making sure travellers are well prepared and know how to respond is a key part of the process,” say Tim Willis.
Health checks – mental and physical, and before, during and after travel – are a thorny but crucial element of risk assessment. Sending people to remote areas on rotational work, when they are spending long periods away from friends and family, can take its toll mentally, but those who are routinely working in war zones and other high-risk areas may return suffering from post-traumatic stress disorder (PTSD) – they and their managers should be apprised of how to recognise and deal with this.
In the world of news gathering this hazard goes with the territory and a culture of support throughout an organisation is crucial. Colin Pereira says there is still stigma attached to mental health issues. “Organisations that recognise it as a normal reaction to seeing traumatic things in the field will have a very robust mental health programme,” he says.
However, travellers are not always forthcoming about their physical condition. “We had someone who was physically ill and was hospitalised while travelling abroad for the company,” says Talk Talk’s director of property and facilities, Paul Owen. “It resulted in their having to be flown back. I then banned them from travel for six months, pending clearance from a consultant.”
He highlights a less obvious spin on health risk: “I would be concerned about sending anyone to India who had a peanut allergy because everything there is cooked in nut oil, and that is not well signposted. We would have to make sure they were properly equipped to deal with it,” he says.
Taking a light touch approach to risk management is not an option: “Risk and reputation management are inextricably combined – it is part of the business continuity process,” says ISOS director Willis. To Diversity Travel’s humanitarian clients, “reputation is vital to the stability of the missions of their organisations” and “organisations that don’t take care of their people are quickly found out, so why would anyone outside view them favourably?” says Pereira. “In a world where everything plays out in the eye of the media, organisations need to respond effectively and humanely.”
T’was ever thus. Consider this: back in the 1990s, academics Rory F Knight and Deborah J Pretty researched the shareholder value of some companies after a crisis. After about a year, the share price of those that had an effective crisis response was 7 per cent above where it had been before the crisis; the share price of those that had an ineffective response was 15 per cent below.
Not so mobile
ONE EVENTUALITY WHICH SHOULD BE MITIGATED is the failure of mobile networks. First, make sure travellers have some emergency numbers written down, so that they can use a landline. Other options include satellite phones and the internet.
If company policy precludes use of VOIP (voice over IP) such as Skype, it is worth reconsidering for those who may need alternative means of communication. According to ISOS/Control Risks’ Tim Willis, during the ongoing civil war in Libya, Skype has been the most effective and reliable form of communication. Another possibility is using a runner to deliver a message, particularly where a company has offices in situ.