Since travel risk management is so multifaceted, comprised of so many moving parts, it’s often difficult to develop a game plan for a TRM program. This is particularly true for mature organizations that may already have a varied set of tools in place to manage travel risk, yet these components may not be properly aligned with one another. Certain tools may reside within siloed business units, others may be poorly adapted to the needs of particular groups; policies may be out of date or ignored, corporate culture may complicate engagement efforts, and information-sharing mechanisms may be in need of repair.
For organizations just starting out, the obstacles can appear even more complex: without significant past experience carrying out this specific work for this specific organization in the field, how do you even begin to adequately assess where the risks lie? Is it best to just buy whatever Cadillac “TRM system” you can find and delegate everything, or should you start developing in-house expertise? What do you actually need?
No matter the size or state of your TRM program, the best way to overcome these challenges is by benchmarking against a travel risk management framework, one offering a 360-degree view of the components you should strive to integrate. This is a worthwhile exercise for all organizations, especially those tempted to downgrade TRM activities in priority because they’ve “never had an incident” (thus far!).
Below is a condensed version of the framework we use in program design and enhancement projects, based on the ISO 31030 Travel Risk Management Guidance for Organizations and supplemented by elements we’ve found particularly helpful over the years. Bolded are the categories of components and tools you’ll need; italicized are the key activities and mechanisms that comprise them.
Deploying something like this in practice is quite simple – with ISO 31030 as your guide, you can define a set of yes-no questions for each category, compile them all into a single spreadsheet, and use it to organically build out your TRM program, tracking its evolution as you go (more on a great way to do this in our next installment!).
A sample travel risk management framework is provided below:
Category 1. Business Integration
1.1. Defining context & objectives
- Have the objectives of the TRM program been clearly defined & aligned with those of other business units / the organization overall?
- Has the context of business travel for the organization been properly analyzed, beyond merely its cost?
1.2. Developing policies & protocols
- Does a formal TRM policy exist? Has it been properly communicated company-wide?
- Does the TRM policy address all applicable risks as under ISO 31030?
1.3. Ensuring engagement & buy-in
- Have other business units (HR, IT, Legal, etc) been engaged in the development & promotion of the TRM program, including their senior stakeholders?
- Have appropriate TRM outreach, training & preparedness activities been conducted?
Category 2. Risk ID & Assessment
2.1. Collecting risk intelligence & threat / hazard data
- Have intelligence collection workflows been developed addressing the unique TRM needs of the organization?
- Have all relevant types of threats & hazards been considered?
2.2. Identifying & analyzing risks
- Is there a rigorous methodology in place to assess travel-related risks? Have all prospective destinations & work locations been evaluated?
- Are early warnings identified in a timely manner?
- Are the results of risk analyses easily accessible to those who need them (travelers, managers, stakeholders)?
- Have escalation mechanisms & KPIs been clearly defined?
- Have destination-based travel restrictions & protocols been developed / enacted?
- Is compliance with these restrictions routinely monitored?
- Has the organization purchased suitable insurance coverage for travelers, including evacuation & medical extraction coverage?
- Does the organization have kidnap, ransom & extortion coverage where needed?
- Have all destinations, not just high-risk ones, been assessed for procedural risk reduction needs?
- Have appropriate policies & procedures been enacted for selecting secure routes, accommodation, means of transport, etc?
- Are all itineraries captured within a single itinerary management platform?
- Are updates to itineraries reflected immediately?
- Does the organization know where its travelers are at any given moment?
- Have monitoring solutions been deployed for travel to remote areas?
- Can the organization quickly contact its travelers whenever needed?
- Do travelers know how to quickly contact their organization?
- Have appropriate incident response procedures been enacted?
- Have those responsible for managing travel-related incidents been trained in these procedures?
- Does the organization have 24/7 incident response capacity?
- Are travelers duly accompanied throughout the incident resolution process?
- Does the organization maintain up-to-date, well exercized crisis management plans covering, inter alia, travel risk-related matters?
- Does the organization maintain up-to-date, well exercized evacuation plans?
- Are there clearly defined mechanisms for sharing / obtaining traveler feedback?
- Are traveler complaints, concerns & suggestions duly acted upon?
- Is the TRM program regularly audited & benchmarked?
- Is traveler feedback routinely solicited & applied to the program?
- Are TRM program enhancements tracked & implemented in a timely fashion?
- Are improvements to the program clearly communicated to all parties?
- Does the organization maintain liaison contact with peers & subject matter experts to support the TRM program?
- Does the organization have vetted providers of supplemental travel risk-related services (close protection, logistics, medical transport, etc)?
As indicated, this is just a sample list of questions to consider; an actual in-depth TRM assessment would likely be at least three times as long. We would likewise note that for most organizations, the answers to these questions will be more nuanced than simply “yes” or “no”, so we’d add other status options, such as “in progress” or “to improve”, for a more accurate understanding of where things actually stand.
As you can see, this framework aims to cover the full travel cycle, from before a trip is even booked to the traveler’s debrief upon their return. It also places significant emphasis on the proper integration of TRM into the business for stronger buy-in, greater compliance, and ultimately better overall performance across all other program components. We hope this is useful for anyone who may be interested in evaluating and managing travel risk, and it can also generate some pretty neat visuals for TRM program assessment (to be presented in detail in the next installment).