As more multinationals become headquartered in Asia, risk managers must mitigate growing corporate security issues caused by increasing cyber crime, money laundering and geopolitical risks

Risk managers in Asia are becoming increasingly concerned about corporate security as a growing number of multinationals take up headquarters in the region.

Corporate security aims to protect a business from any kind of security breach that may cause disruption to its usual activities, according to Nanyang Technological University assistant director of enterprise risk management Jeffrey Yeo.

“The role of corporate security is to plan with the anticipation to avoid, or at least minimise, risks, and to implement crisis management before a crisis arises,” he says.

Yeo says corporate security embraces five main activities: securing business continuity, assuring know-how security, protecting technology and computer networks, guaranteeing proprietary rights and material possessions, and assuring physical security.

“Corporate security protects the organisation’s assets, both physical and intangible, and safeguards stakeholders’ interests. Failure to mitigate these risks can result in losses in assets, financial [aspects], operational delays, and reputation,” he says.

Corporate security in Asia

Yeo says corporate security is quickly becoming an big issue in Asia.

“With increasing MNCs [multinational corporations] setting up their headquarters in Asia – within a relatively short period of time due the dynamics and vibrancy of the Asian economies – corporate security is fast becoming a major concern for international business entities,” he says.

“Threats from cyber crimes, money laundering, emergence of terrorists groups in the region and other geopolitical events have now put the effectiveness and robustness of corporate security under the spotlight.”

Role of risk managers

Corporate security involves risks around business processes, physical security, people, technology, and business continuity planning, crisis management and disaster recovery.

“First and foremost the risk manager needs to understand corporate security risks in order to help establish the context for risk management,” Yeo says.

“Then the typical process of risk assessment – identification, analysis, evaluation and treatment – applies. Communication and close consultation with the relevant stakeholders are iterative in the entire process to come up with the best approach.”

Yeo says mitigation actions needs to be tailored to the particular corporate security risks with mitigation covering a combination of the following categories:

• Preventive controls – actions to prevent the occurrence of the risk;

• Detective controls – actions taken to detect the risks in a timely basis; and

• Corrective controls – when the risk does occur, these actions serve to reduce the impact to the organisation.

“In our engagement with risk managers we see that complacency of the organisation is the main problem followed by the lack of understanding from risk managers to address this area,” Yeo says.

“Common pitfalls to avoid are focusing on the wrong areas, managing risk in silos and the failure to acknowledge and learn from near misses. The ‘life goes on’ mentality has to be changed.”

Corporate security seminar

In response to the growing need for risk managers to focus on corporate security in Asia, the Risk and Insurance Management Association of Singapore (RIMAS) will be holding a corporate security and risk management half day seminar on 17 June in Singapore.

“It aims to equip risk managers with [an] understanding of, and insights [in to], corporate security risk management – to apply it effectively in the context of enterprise risk management for their respective organisations,” adds Yeo.

“RIMAS is honoured to have well sought-after trainers, regional experts and practitioners from the security, hospitality and IT industry to share practical insights on key strategies to manage physical and operational security risks with case studies in this seminar.”

Click here for more information about the seminar organised by the RIMAS Events & Conferences Sub Committee (led by Roland Teo with members Samuel Chee, Eric Lee, Andeed Ma and Jeffrey Yeo)

RIMAS is a not for profit organisation whose members are a group of like-minded risk professionals who band together to advance the discipline and awareness of risk management and culture amongst the corporate and public sectors community at a professional level. Through RIMAS, members strive to build up a good network among risk professionals where they can share the latest info, trends and happenings in their respective industries.