Viewpoint: Brian Kelly

Surveys show that security risks are the most pressing concern for businesses operating in PNG. While discussing risk, however, we often imply that it is possible to clearly articulate or measure the concept. However, the accuracy of crime data – usually provided by PNG’s law enforcement agencies or the National Intelligence Organisation – are questionable, as the majority of crime goes unreported. The increased professionalism of criminal gangs, known as raskols, has forced public and private sector companies alike to reassess their approach to security management. The conventional approach which has been used in the past, of establishing a “3G” security plan (consisting of guards, gates and guns), is no longer relevant or cost-effective.

A more proactive approach to security based on insight and forecasting will be required. Businesses operating within PNG must accept responsibility for the elimination of crime within their own “areas of influence”, meaning that they should identify threats where their company can actively participate in leveraging a positive outcome or minimising any negative consequences to the overall performance. For example, the majority of businesses within PNG provide employees with a transport service to and from work, both to ensure consistent attendance and because they are conscious of their social responsibility to their employees’ safety, especially if they are working late hours.

The risk to people within PNG is no different than in any other country with a similar social environment. Levels of high unemployment and ongoing challenges with educational provision have contributed to high crime rates. Carjackings, armed robberies, assaults, rape and domestic violence have all been widely reported, despite the best efforts of the government and police to prevent such incidents from taking place.

Once risks have been identified, businesses can dedicate funds to minimise them, but only to the point that the costs of further risk minimisation outweigh the benefits gained. Deciding how much to spend on security is one of the most difficult decisions for any business in PNG, as resources can be spent on a range of items such as CCTV, alarms, guards, dogs, guns, vehicle tracking, environmental design, external barriers, personnel, lighting and anti-fraud devices.

As you travel throughout PNG you cannot help but notice the way in which businesses have fortified their premises to minimise the risk of external threats. In my experience, however, businesses tend to overlook the importance of implementing internal anti-fraud systems. The general impression is employees are above suspicion, owing to their compliant and friendly nature, and because they tend to remain loyal to a company throughout the term of their employment. Unfortunately, from a security analyst’s perspective, this approach is misguided and not statistically accurate. Indeed, some employees will very quickly rationalise or justify an illegal act if the opportunity presents itself. Due to the Melanesian cultural practice of “wantokism”, pressure can all too often be applied to an employee to assist their wantoks, or close friends, as they commit a crime.

Whichever country a business decides to operate in will always contain risks associated with managing a secure workplace. Most businesses already conduct risk and vulnerability assessments and generally have a clear evaluation of what measures can be taken. However, a more holistic security culture needs to be accepted in PNG, beginning with a system based around enterprises, which should in turn allocate appropriate funds to minimise internal and external threats. The next step should be to apply a multi-layered security plan which incorporates all aspects of the “known knowns” involved. For example, if we identify that a business could be susceptible to an armed robbery, how can we prevent this from occurring? Once the physical aspects of the plan have been developed the focus can shift to determining the “known unknowns”. For instance, one may have installed software to prevent cash fraud but how can you be sure that the system has not been compromised? Finally, we ensure that systems rather than people are the primary crime identifiers for the business.