Observer View: Lisa Reilly, Executive Director of the European Interagency Security Forum

Lisa Reilly is the Executive Director of the European Interagency Security Forum (EISF), an Observer of ICoCA. We wanted to know more about how risk is managed by humanitarian organisations, and what role ICoCA can play in helping them manage their risk exposure when contracting private security companies.

Can you tell us about EISF?

EISF is an NGO peer support network for the global security focal points of NGOs working in multiple countries overseas and is a centre of excellence for humanitarian security risk management. Currently EISF has 106 member organisations based across Europe and the US and working in more than 130 countries, including countries such as Afghanistan, DRC, Libya, South Sudan and Yemen,

How do humanitarian organisations manage risk?

Humanitarian organisations come in a variety of shapes and sizes, with different missions, acceptable risk thresholds, and capabilities to manage incidents. It is a common error to think that their risk management needs and practices are the same, both within the sector and amongst external providers.

Saying that, most NGOs do recognise the ISO 31000 definition that identifies a risk as anything that can prevent the achievement of objectives. While approaches may be different (enterprise risk management, 3 lines of defence model, imbedded in programmes), this consensus shows that security risk management is primarily approached as a tool to enable action and access.

There is also a growing recognition within the sector of the need to move away from traditional, system-heavy security processes, and develop a more person-centred approach to security risk management. EISF actively supports its members to take an approach that addresses the specific security needs of individual aid workers.

What risks and opportunities does contracting private security companies provide for humanitarian organisations, and how are these managed?

NGOs often contract out guarding services for their overseas offices, for cost effectiveness. Indeed, most organisations cannot afford to maintain 24 hours guarding of offices, accommodation and warehouses. These services however, come with challenges. Most NGOs primarily use an ‘acceptance’ security strategy, i.e. they aim to change the nature of the threat through buy-in from local actors. Given their visibility, guards have a strong impact on local perceptions, and if they are not sufficiently brought into the ‘organisation family’, the image they project can significantly damage the organisation’s ‘acceptance’.

Another challenge with contracting guarding services, is if there is the inclusion of an ‘armed response’ component in case of an attack, which may carry heavy consequences and duty of care liabilities.

PSPs are also utilised for risk assessments and analytics, either on a regular or ad-hoc basis, trainings and incident response (e.g. evacuation, abduction). One concern here is that some PSPs tend to change the problem to suit the solution they are selling, rather than amend the services to suit the needs of the organisation. This is particularly damaging when NGOs are just beginning to understand their gaps but are not yet clear on what different solutions are available. Through facilitating conversations, EISF helps NGOs to be more aware and make informed decisions on these options.

EISF recently led a campaign called ‘At what cost’ to raise awareness about outdated funding processes for safety and security in the aid sector. Why do you think organisations, whether humanitarian or otherwise, are reluctant to properly resource security and what are the risks associated with this? 

The first problem is that many security managers do not know how to do a budget. They cannot calculate what security risk management costs and so are unable to advocate within their organisation for adequate resourcing.

Secondly, because actual costs are not itemised they are not easily justified, which leads security to be included within the overhead. While many donors say they will cover security costs if applicants request them, they do not insist that NGOs demonstrate that appropriate security risk management costs are included. Proposal writers know that donors do not like to see high overheads, so security often gets cut.

Risks of not resourcing security appropriately can be considerable, from death and abduction, to failure to deliver programmes. Any of these can lead to loss of credibility with donors, reputational damage and difficulties recruiting and retaining competent staff. Unfortunately, when things don’t go wrong, it is difficult to prove it is because of effective security risk management!

How is ICoCA perceived within the humanitarian sector, and how can IcoCA be working more closely with humanitarian organisations to ensure they contract responsible security companies who respect human rights and national and international law.

The engagement between EISF and ICoCA since the Montreux document, is a good example of increasing awareness amongst NGOs and prioritisation of the use of responsible PSPs. ICoCA certification helps EISF to inform its members on how to identify ethical PSPs. While membership is generally affordable for smaller NGOs and demonstrates a commitment to the ICoCA principles, on the downside, many of the national PSPs used by NGOs currently find the processes required for achieving the industry standards currently required for ICoCA certification are too costly. But this isn’t an insurmountable obstacle and EISF is happy to work with ICoCA as they work to make ICoCA more accessible to smaller, Southern based PSPs.

ICoCA is also working with EISF to develop a module for the Security to Go Guide to ensure NGOs can follow good practice in the contracting of appropriate PSPs.