Travel risk management sits in a broader organisational remit that needs buy-in and budget approval. It involves several stakeholders, with the approach to discussions varying with the relevant parties. So should the responsibility for risk management really lay at the door of the travel manager?
It's a company-wide concern
Travel risk is a fundamental component of the overall resilience framework and is extremely important as it's one of the areas where the organisation is most exposed. With travellers finding themselves out of their comfort zones and away from their more familiar surroundings, the risk potential for both the traveller and their organisation is greatly exacerbated. It's difficult enough to provide the necessary safeguards in the typical workplace but when that workplace suddenly becomes anywhere in the world, the situation becomes far more complex.
Although the primary consideration must always be that of the traveller's safety and wellbeing, the potential impact on the wider organisation can often be significant.
To better understand this, it helps to consider what is often referred to as an organisation's 'pillars of protection'. For any organisation there are five key areas that it needs to protect — namely its people, assets, finance, reputation and environment. Each of these is inextricably linked so what could at first glance be seen as a fairly minor incident affecting a business traveller, could have a residual impact on one, if not all, of the others.
Stakeholder involvement
For any travel risk management programme to be effective, it therefore needs to involve a number of stakeholders across the organisation. Although their individual priorities will be different, they all play a part in the travel risk management remit. If we consider just some of the responsibilities of the additional stakeholder areas - for example:
- Global mobility managers will be focused on all aspects of long-term overseas assignments and expatriate placements
- HR will be responsible for the general wellbeing and welfare of all staff, regardless of location
- Insurance will be procuring the relevant policies to offset certain risks of the business
- Legal and compliance will be ultimately overseeing the organisation's duties to comply with requirements such as duty of care, cross boarder immigration, visa and work permit issues and GDPR
- Risk/security will be responsible for a number of different risk areas from people security through to corporate risk and cyber security etc
- Business continuity/facilities management will have responsibility for physical locations that employees may be travelling to
But it also goes much further. From PR and communications through to finance and IT, other departments will also have a role to play. Depending on the size of the organisation, not all will have dedicated departments responsible for each of the above, but the responsibility will ultimately lay somewhere, so find out where and make sure that the relevant party is brought into the conversation as early as possible.
Facilitating the travel risk management discussions
Having identified and approached the relevant parties, securing their buy-in is key. With departments having their own sets of priorities, breaking down the silos can sometimes be challenging - but gaining an understanding of stakeholder roles, responsibilities and accountabilities will really help with this.
To some extent you need to take on the role of the diplomat, showing that you're not just asking them to become involved with something that falls outside their own area (because it doesn't…a crisis will impact all of them) but that their involvement will actually help them to meet some of their own objectives. It should be a win-win situation.
Questions are a good place to start
One way of starting the conversation with stakeholders is to ask for their advice. For example, ask colleagues in HR and finance to examine the cost of cutting business trips or long-term assignments short or having to rearrange them due to sickness or injury. Ask stakeholders in legal about the potential impact on the organisation should it be found negligent in complying with duty of care requirements.
Inadequate travel risk management provision can also impact areas that it's more difficult to put a specific price tag on, such as talent retention, reputation and customer trust. Although definitive answers may be difficult to come by, opening up two-way conversations and asking questions will certainly help stakeholders to contextualise the wider ramifications and help them better comprehend their own part in the programme.
Scenario planning can help
If it's proving difficult to fully understand the scope of the risks or the potential consequences on their own area, scenario planning can often help by allowing stakeholders to engage directly and to consider the impact of particular events whilst reflecting and learning in a safe environment.
Although it's obviously important to consider 'worst case scenarios', scenario planning can start by looking at more commonplace events. The likelihood of an employee being caught up in a terrorist attack is thankfully slim — it's far more likely that they'll be taken ill whilst travelling. So the scenario could look at how you'd get them the necessary assistance; the potential cost of getting them help; who would pick up the business that they're not doing; what the impact of any lost business may have on the organisation and so on. Each department walking through the scenario should be able to relate the various steps and implications to their own area, helping them to see the part that they would each need to play.
Scenario planning can also help with those less tangible but very important human implications. Consider the scenario from the traveller's perspective. How could this event impact them both short and long term? How could your actions in dealing with it be perceived by others internally and externally?
There's a famous quote by business magnate, Warren Buffett - "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently."
What impact could different actions have on the confidence of your employees or on the reputation of your organisation? In a world of instant news and social media, a single action can become global chatter within minutes and the potential impact on the organisation can be significant.
Securing board level approval
Once you have the necessary input from the relevant stakeholders, you can then set about securing budget. Armed with the required information around the potential threats and vulnerabilities to your organisation and people, and the impacts of disruption on your finances, the environment you operate in and your reputation, you should be able to build a very strong business case.
How you present this case to the board is then key. Use the correct language, eg demonstrating losses, claims against insurance, loss of opportunity, assignments that have failed…all of which have a cost to the organisation. Understanding the board's priorities is just as important as understanding the priorities of the departmental stakeholders, so do your homework. Being able to match your arguments and findings against your organisation's core business strategies will significantly strengthen your case.
A solid business case that has both the buy-in of stakeholders across the organisation and includes key strategic considerations focused on minimising financial liability, ensuring business continuity and defending organisational reputation should prove persuasive.
Further substantiate this by outlining the amount of business travel that takes place, the typical destinations visited and the likelihood of certain events happening in those destinations. Combine this with real-life incident examples (potentially using the results of your scenario planning) and you have a great opening gambit and a powerful argument.
So where does the buck stop?
When it comes to travel risk management there's an obvious need for travel managers to take a front and centre role in ensuring that the right policies and procedures are in place and are being adhered to. But they can't do it alone nor should they be expected to. From legal and compliance to security, HR and finance (and even through to the travellers themselves) it's vital that all stakeholders step up to the plate and play their part.
Although the ultimate responsibility for duty of care may fall at the door of the company directorship, travel risk management is fundamentally about doing the right thing by protecting a company's most valuable assets - its people - and that's something everyone needs to take responsibility for.