INVESTIGATORS & SECURITY CONSULTANTS

How to Mitigate Risk with Pre-Audit Company Checks and Actions

How to Mitigate Risk with Pre-Audit Company Checks and Actions

Security Checks Companies can make for themselvesHow to assess the safety and security of your company

In this article we will examine how your organisation can mitigate risks by regularly carrying out essential security and safety checks.

We will consider:

  • Why is it important to review the security and safety of your organisation?

  • How to carry out a security check.

  • What are the common risks and threats that you should check and consider?

  • What are the specific threats and risks for your organisation?

  • How you can control and manage risks.

  • How often should you review your facilities, procedures and policies?

  • What are the benefits of employing a security consultant to carry out an external audit?


Why should you carry out a security and safety survey?

The ultimate purpose of undertaking a security survey is to determine the most cost-effective and practical ways to protect your assets: your people, property and information.

Imagine an onion. At the core of the onion is your business or organisation– containing all of your assets (property, people and information). All of the things that are essential to your operation are in the centre of this onion, beneath many protective layers. If you think of your organisation as being like an onion, then the more layers of security protection around your core business, then the more secure and safe you are likely to be.

Of course, the threats and opportunities for criminals or competitors to cause damage to your organisation have always existed. However, in the technological world of the twenty-first century, crime happens both in the real world as well as online, in the virtual world of the Internet. By taking these steps to review and check security, you are reducing the risk of becoming a victim of crime.

How do I carry out a security check?

You can perform many of the simple checks yourself: This article contains useful information and key questions to help you review your company’s security practice and procedures. In order to carry out an effective survey, we recommend that you:

Do not pre-announce or publicise when or where you will be carrying out a security or safety check. If your staff know when it is, then they are likely to deviate from their ‘normal bad habits’ – whereas an unannounced inspection will instantly identify any processes or policies that expose weaknesses or risks to your business. Remember, their safety and security is one of the reasons why you are carrying out this review.

  • Have floor plans and site diagrams labelled with control systems to help you identify current and potential security and safety risks. By using the plan you will be able to identify the profile of each building, number each door and be able to carry out regular checks.

  • Work systematically and thoroughly, using the guide below to help you. You have to ‘think like a criminal’ and spot existing and potential risks and weaknesses in your organisation.

  • It is recommended that you record your findings and create an action plan. This plan will state the issue and the safety and security measures and procedures you have installed to mitigate risk.

What are the common risks and threats that you should check and consider?

When you review the security of your organisational assets (property, people and information), you need to consider how you control and manage risks:

  • Fixed assets – property, physical assets (e.g. office equipment & specialist products/machines – depending on the nature of your business).

  • Technological assets – computer systems and servers, storage of information and data (both physical systems and data backup/cloud based storage).

  • Staff assets – What appropriate action do you take to safeguard your assets, when employees leave your company?

  • As you perform your security and safety checks, review your organisation’s provision, processes and policies.

Below, we have listed the simple things you can check for potential weaknesses, opportunities and threats.

Premises

  • Are fences, walls, security and locks on windows and doors secure?

  • Can perimeters be scaled or breached?

  • Are the CCTV cameras in good working order?

  • Who is responsible for the maintenance of security systems in your organisation?

  • Are the alarm systems working?

  • Are CCTV cameras and alarm systems serviced and tested regularly?

  • Where is this information recorded?

  • How easy is it for visitors to access your premises?

  • Are staff vigilant? Do they know how to report risks?

  • Are visitors challenged by staff and asked to sign visitor book and show ID?

Policies and Procedures

  • Do you have an effective passcode / key policy in place (for locks)?

  • Do you change electronic door entry codes regularly?

  • If using locks with physical keys, how effectively does your key usage policy work in action?

  • Are physical (and virtual) keys stored securely?

  • What controls are in place and fully working with respect to access to restricted access areas (e.g. mail rooms and server rooms)?

  • How effective is staff induction and training?

  • Are staff aware of their security responsibilities (e.g. they have to wear IDs at all times)?


Staff

  • Are staff following security policies?

  • Do staff pose security risks such as holding doors open to strangers and lending their passes to others?

  • Do staff know how to report security issues?

  • Are security staff trained?

  • How do you monitor their job performance?

  • Is CCTV monitored at all times?

  • What happens when they spot a potential risk?

  • How do you vet staff and ensure you are employing the right people?


Technology

  • How do you back up electronic data?

  • Is it on site?

  • Are back ups stored separately from main data? Where? How?

  • How effective are the security arrangements to protect servers?

  • Who is responsible?

  • How often you make adequate backups (so you can recover critical data or information, if it is damaged or stolen.

  • How well are you protected against Viruses, Malware or Ransomware?

What are the specific threats and risks for your organisation?

It is impossible to list all of the risks for every organisation: that is why employing an independent security consultant to review your organisation’s security and safety is a worthwhile investment. But there are some simple things you can control and manage to mitigate your risk, and reduce the chance of becoming a victim of crime.

How can you control and manage safety and security risks?

Any response to minimising risk should be both consistent and appropriate. Companies, who excel in mitigating risk, plan a sufficient budget to allocate to risk prevention. They review their policies and practices regularly:

  • A senior member of staff is appointed as ‘Security Liaison Manager’, and is responsible for resolving any security issue as soon as is practically possible. All staff are responsible for spotting and reporting security lapses or issues to this manager.

  • A strict policy is in place for Key holders and access arrangements.

  • The company belongs to a Business Watch scheme.

  • You should create a security register, where you can record:

    • Your assessment findings;

    • Details of any security systems already in place;

    • Alarm systems;

    • List of the key holders;

    • A plan of the premises, labelled with building and door numbers;

    • Your security action plan, detailing what needs to be addressed, when, who is responsible, the allocated budget and the timeframe.

How often should you review your facilities, procedures and policies?

These simple checks can be completed once a month. In practice, most companies perform these checks four times a year, but it all depends on the particular risks associated with your organisation such as your physical location and surroundings and the nature of your business. A security consultant will be able to advise you on the best course of action.

What are the benefits of employing a security consultant to carry out an external audit?

Whilst this article focused on the simple checks you can make yourself, we recommend that you appoint one of our trusted security consultants to independently assess and check security in your organization. They will expertly advise you on how to mitigate risk, based on your organisation’s unique circumstances and the specific risks you face. However, as we have explained, there are many simple checks that you can do yourself to keep your company safe and secure.