Risk Assessment

A risk assessment can take many forms, from a simple “walk-around” to a comprehensive full blown assessment with multi-page report.  Additionally, the performance of the assessment itself is a deterrent to criminal  activity; when performed, it sends a clear message to employees, management and shareholders that your organization cares about its protection and is willing to expend resources to protect its assets.

A risk assessment:

  • Provides a road map to align your security objectives with a well thought out plan
  • Reduces your vulnerabilities to numerous criminal activities
  • Increases awareness of security by all staff members, and allows them to become part of the solution, not a roadblock
  • Assures that the dollars you spend on security needs is in line with your new security plan, and not a haphazard expenditure
  • Determines if your current security program (if one exists) addresses your needs
  • Allows you to state in a court of law that you took responsibility to protect your employees, visitors, products and other assets should a liability issue arise

A risk assessment should not be a single, one-time only event. 

Criminals and terrorists perform many of the same activities that established companies perform: they determine resources to be used, inspect their target, test and evaluate their procedures, conduct dry runs, learn from their mistakes and plan for contingencies. But they do these things in order to steal your valuables or cause harm. Most importantly, though, criminals and terrorists get smarter in order to foil countermeasures that are put in place.  

To thwart them, organizations must constantly improve their methods and stay one step ahead of the criminal's thought process. An annual security survey helps take advantage of the latest in hardware and software technology, and allow the organization to keep current with the newest techniques to foil the bad guys and protect your assets.

Why perform a risk assessment?

We live in a world of elevated stress, anxiety about our personal and organizational safety, and a heightened apprehension of terrorism. A risk assessment will address these concerns and identify those areas that need attention.

Additionally, there may be changes to your business that require a "fresh look" at policies, procedures and structures. These changes could include:

  • New building construction
  • Modifications to an existing structure
  • A change in your labor force
  • An impending layoff or strike
  • A merger or acquisition

Another reason for an assessment is that there may be a government or industry-specific requirement (such as the chemical industry or water treatment plant industry) that states a survey is compulsory.

A risk assessment may also uncover that your employees are unknowingly performing unsafe practices and increasing the risk to your facility, such as propping doors open for a cigarette break or allowing unauthorized visitors into a secure area. 

And lastly, you may need a risk assessment because an incident has already occurred, and you wish to prevent another occurrence.

Who should perform your risk assessment?

There are two schools of thought on this topic: the survey can be performed by in-house security personnel, or by external consultants. In general, the vast majority of security professionals agree that to receive the most effective and comprehensive risk assessment, an external party should conduct it. See below for the rationale:


Who should perform your Security Survey?

Internal Resources

Internal Resources

Internal Resources



  • Always available and onsite
  • The most knowledgeable about the facility
  • Are more aware of the available funds that can be dedicated to security 
  • Costs less than an outside consultant

External Resources

Internal Resources

Internal Resources



  • Have extensive experience conducting risk assessments
  • Bring an objective perspective to the assessment, one that has not been desensitized to the security vulnerabilities of the facility 
  • The survey report is usually accepted at a higher level of the corporate structure
  • The report is more likely to generate additional funding for security expenditures