Tag Archives: Reputational Risk

‘Fire risk management systems should be formalised’ urges FIA’s Fire Risk Assessment Council

In the wake of prominent multi-fatality fires, organisations have spent considerable sums of money on fire safety but not necessarily achieved an improved level of fire safety assurance. Having spent a number of years undertaking fire risk assessments on the same portfolio of buildings, Ben Bradford states that it’s noticeable some organisations are beginning to wonder if the current practice is sustainable.

It has been almost nine years since the Regulatory Reform (Fire Safety) Order 2005 prompted many organisations to undertake fire risk assessments within the premises under their control. Several have spent significant financial resources on consultant fire risk assessors (a person who carries out and documents the significant findings of a fire risk assessment) only to discover that, although the advice they received may have been offered with the best of intentions, it was not wholly appropriate. Indeed, it may also have differed from the advice of a ‘competent’ fire risk assessor.

At the same time, the fire industry has itself spent a considerable amount of time in the last few years deciding how to define a ‘suitable and sufficient’ fire risk assessment and also how to tackle the ‘cowboy’ market. It would appear that, at long last, there’s now at least a ‘defined’ competency criterion for fire risk assessors and guidance for those charged with delivering fire risk assessment programmes on how to seek the services of a competent fire risk assessor.

Following a recent enforcement review around the Regulatory Reform (Fire Safety) Order 2005, which was undertaken by the Department of Business Innovation and Skills, the Chief Fire Officers Association (CFOA) is now committed to promoting the use – and acceptance – of recognised professional certification and accreditation for commercial fire risk assessors.

Fire risk management is evolving both as a discipline and a practice

Fire risk management is evolving both as a discipline and a practice

Fire risk assessments are the very cornerstone of the Regulatory Reform (Fire Safety) Order, yet the value of such an assessment – even when conducted by a competent fire risk assessor – is largely dependent on the organisation’s ability to manage the outcomes.

A fire risk assessment is a means to an end but not the end in itself. When reviewing the high profile prosecutions that have hit the headlines over the past few years, one quickly realises that failure to undertake a ‘suitable and sufficient’ fire risk assessment (under Article 9) is not the only compliance obligation imposed by the Regulatory Reform (Fire Safety) Order 2005. There are numerous other duties by which the responsible person is bound.

Cost of fire at an all-time high

Enter the concept of ‘fire risk management’. With very few fire fatalities arising in commercial premises, fire risk management is not just about life safety or the risk of injury or death in the event of fire occurrence. Rather, it encapsulates life safety, property protection, mission continuity and sustainability in the face of fire.

In today’s global and interconnected marketplace, issues such as Corporate Social Responsibility and reputational risk are extremely prominent. News headlines travel fast via both traditional and new media forms. The cost of fire is at an all-time high and, in these tough economic times, organisations need to be frugal with finite financial resources. In essence, they require to build resilience and ensure that fire risk assessment programmes deliver the intended outcomes.

Many organisations have a policy in place setting out an overarching statement of intent (signed by the CEO) and firmly establishing the ‘What’ and ‘Why’. Less common, yet essential, is the Fire Risk Management Strategy – a document which defines an organisation’s fire risk management system and method of implementing the overarching policy, and which firmly establishes the details of ‘How’, ‘When’ and ‘Who’.

These two pieces of documentation form the backbone of an organisation’s fire risk management system (a set of interrelated or interacting elements within an organisation designed to establish policies, objectives and processes to achieve those objectives and manage fire risk) and are generally underpinned by operational procedures.

The practice of fire risk management within our built environment is a much broader discipline than many give it credit for. It’s often delegated to the Health and Safety manager or the security manager within an organisation and, while I’m not suggesting that all companies should have a dedicated fire specialist responsible for fire risk management, they must acknowledge that fire safety is not just a sub-discipline of Health and Safety.

With very few fire fatalities arising in commercial premises, fire risk management is not just about life safety or the risk of injury or death in the event of fire occurrence. It encapsulates life safety, property protection, mission continuity and sustainability in the face of fire

With very few fire fatalities arising in commercial premises, fire risk management is not just about life safety or the risk of injury or death in the event of fire occurrence. It encapsulates life safety, property protection, mission continuity and sustainability in the face of fire

Fire risk management is a discipline in its own right with its own set of competencies. It does not always sit neatly in the Health and Safety Department due to the need for interaction with property, estates or facilities management functions. The old adage about ‘Jack of all trades’ most certainly applies. Too many fire safety manager roles are advertised with the essential qualifications stated as a NEBOSH Diploma, which merely emphasises the confusion often found in organisations regarding the scope of the Health and Safety manager’s role.

When undertaking fire risk management system audits, my experience is that those organisations recognising fire risk management as a discipline in its own right – regardless of which department the function sits – are in a far better position to maintain governance over organisational fire risk than those that do not.

Competency criteria to be considered

The Fire Sector Federation has recognised that, having established the Competency Council and published the competency criteria for fire risk assessors, the next logical step is to consider the competency criteria for those actively engaged in fire risk management.

Following an initial meeting of key stakeholders, organised jointly between the Fire Sector Federation and the Fire Industry Association, there’s now a proposal afoot to reform the Competency Council and really tackle this issue.

Some organisations have formalised their fire safety policy, strategy and procedures and are now in the process of gaining fire risk management system certification via a third party certification body. Those organisations that already hold certification of their Health and Safety management system to OHSAS 18001 or business continuity management system to ISO 22301 are well placed to integrate their management systems and streamline the internal or external audit process.

Fire risk management system certification via a UKAS-accredited third party certification body will provide a means to reduce the burden on enforcing authorities and significantly support the Primary Authority (or Fire Authority) partnership schemes.

Fire risk management is evolving (both as a discipline and a practice) as an integrated or holistic approach to understanding and managing the risks posed by the threat of fire which enables an organisation to optimise its underlying processes and achieve more efficient results.

Those responsible for fire safety in organisations would do well to consider formalising their fire risk management system, and not focus solely on the process of documenting fire risk assessments.

Ben Bradford BSc MSc MBA CEng FCIBSE FRICS FIFireE is a member of the FIA’s Fire Risk Assessment Council and the founder/managing director of BB7

Leave a comment

Filed under Risk UK News

PwC Global Economic Crime Survey 2014: ‘Staff frauds on the rise’

PwC’s Global Economic Crime Survey 2014 states that the number of frauds committed by staff as opposed to those outside of an organisation has risen from 34% in 2011 to 41% in 2013.

The survey also shows that the profile of the typical fraudster is changing. Previous surveys found that middle management were often behind economic crimes. Now, the findings reveal that most economic crimes carried out by someone inside an organisation are by junior members of staff.

According to the survey of over 5,000 businesses (including nearly 400 from the UK), internal fraudsters are most likely to have been with a company less than five years.

Ian Elliott, PwC’s forensic services partner and author of the new report, commented: “Our survey shows the changing face of white collar crime in Britain today. More and more companies are feeling the pain as economic crime continues, despite ongoing attempts to tackle it. Organisations need to be ever-vigilant for suspicious transactions.”

UK businesses continue to suffer financially from fraud

UK businesses continue to suffer financially from fraud

Elliott added: “People may be feeling the effects of increases in the cost of living, giving them more incentives to turn to crime. As such, employers need to make it difficult for their staff to commit crimes. They cannot afford to be complacent.”

Watch a video of PwC’s Ian Elliott outlining key points uncovered by the survey

Type of fraud is changing

The survey findings record a fall in the number of UK organisations reporting economic crime, from 51% in 2011 down to 44% in 2013. However, fraud in Britain is still higher than the global average of 37%.

The type of fraud is also changing, with less accounting fraud as fraudsters turn to high-tech ways of committing economic crime. At the same time, companies have improved their internal controls and, as such, have made life more difficult for potential fraudsters.

Infographic showing key findings of the latest PwC research

There has been a small drop in the reported level of cyber crime which, at 24%, is down from 26% in 2011. Cyber crime was also responsible for 24% of all reported frauds.

UK businesses are more aware of the risks than ever – and more aware than their global counterparts (63% compared to 48% globally).

“Many people may not be reporting cyber crime simply because they don’t know it has happened, or because they want to keep it contained,” explained Elliott. “They are concerned about what effect it has on their reputation. It’s also important to remember that it’s not a technology problem. It’s a human problem, and the internal threat needs to be taken as seriously as the threat from outside an organisation.”

Less than a third of Board members (32%) reported fraud in their organisations, but below Board level this climbed to 63%.

For the purposes of the PwC survey, economic crime is described as: “The intentional use of deceit to deprive another of money, property or legal right”

For the purposes of the PwC survey, economic crime is described as: “The intentional use of deceit to deprive another of money, property or legal right”

“Increasingly,” continued Elliott, “we’re seeing fraud on the Board’s agenda but there is still a gap between what is being reported by the Board and the reality of what is taking place in British business today.”

Changes to policies and procedures

UK businesses continue to suffer financially from fraud. 52% felt the financial impact had increased in the last two years compared to 42% globally, but high value financial losses in the UK were lower than on the global stage (at 15% compared with 20% suffering losses in excess of $1 million).

As a result of the Bribery Act, which came into force in 2011, 87% of British organisations have made changes to policies and procedures and 37% have had a major overhaul of their anti-bribery policies.

“With little or no growth in the UK in the last few years, many British companies have looked overseas to some high risk markets,” outlined Elliott, “but they need to be on the alert for the potential bribery risks they may face when operating in these markets.”

UK businesses take a dim view of fraud and, in 88% of cases, it leads to dismissal compared to 79% globally. The police were called in to companies in 63% of cases compared to just 49% of frauds around the world.

In conclusion, Elliott explained: “When employees just receive a warning, or are transferred to another department, it sends out a message: the business tolerates fraud. However, UK bosses have taken a stand. They will not let employees get away with defrauding them, even if it means negative publicity for them as a result.”

About the survey

For the purposes of the survey, economic crime is described as follows: “The intentional use of deceit to deprive another of money, property or legal right”

In the UK, 372 people responded to the online survey. Respondents are from a mix of different sectors and represent listed, private and public sector organisations

60% of respondents to the PwC survey were senior executives

For the full UK and global report visit: http://www.pwc.co.uk/crimesurvey

To watch the live webcast at 11.00 am on Wednesday 19 February go to: http://www.pwcplayer.com/webcasts/2014_02_global_economic_crime_survey

Leave a comment

Filed under IFSECGlobal.com News