If your business is to demonstrate risk management,
As specified by the law and international standards,
You must firstly demonstrate communication and consultation.
Communication and consultation with external and internal stakeholders should take place during all stages of the risk management process.
Therefore, plans for communication and consultation should be developed at an early stage.
These should address issues relating to the risk itself, its causes, its consequences (if known), and the measures being taken to treat it, inclusive of business travel.
Effective external and internal communication and consultation should take place,
to ensure that those accountable for implementing the risk management process and stakeholders understand the basis on which decisions are made, and the reasons why particular actions are required.
Communication and consultation should facilitate truthful, relevant, accurate and understandable exchanges of information, taking into account confidential and personal integrity aspects, inclusive of business travel.
The objectives, strategies, scope and parameters of the activities of the organization, or those parts of the organization where the risk management process is being applied, should be established, inclusive of business travel.
The management of risk should be undertaken with full consideration of the need, to justify the resources used in carrying out risk management, inclusive of business travel.
The resources required, responsibilities and authorities, and the records to be kept should also be specified.
By establishing the context, the organization articulates its objectives, defines the external and internal parameters to be taken into account when managing risk, and sets the scope and risk criteria for the remaining process.
Understanding the external context is important in order to ensure that the objectives and concerns of external stakeholders are considered when developing risk criteria.
It is based on the organization-wide context, but with specific details of legal and regulatory requirements, stakeholder perceptions and other aspects of risks specific to the scope of the risk management process, inclusive of business travel.
The external context can include, but is not limited to:
the social and cultural, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local
Internal context is anything within the organization that can influence the way in which an organization will manage risk.
The organization should define criteria to be used to evaluate the significance of risk.
The criteria should reflect the organization’s values, objectives and resources, including business travel.
To test this within your business, select 1 traveller and 1 trip.
Now demonstrate all the above, as it applies to that specific traveller and that specific journey.
Now apply it to 10 travellers and 10 business trips.
Is the communications and context, evident, documented, unique and specific to each traveller and trip?
If not, you don’t have adequate evidence to demonstrate travel risk management, in addition to having inadequate communication and consultation.
To learn more about business travel risk management and your obligations,
Visit www.isitsafe.travel .
Next, in this series on travel risk management, we examine establishing context, step 2 of 7 required for travel risk management.
Safe work systems and enterprise risk management, inclusive of business mobility and travel.