Harris Crime Prevention Services has been appointed to provide security (design) consulting services for GPT’s $200 million West Keira (Wollongong) project.  The three level 18,000sqm site will feature fresh, fast and slow food with 80 specialty stores and 600 plus car spaces. This will be an extension of Wollongong Central. Early works will commence by the end of 2011 with major works in the 2012 new year.

Harris Crime Prevention Services is proud to be associated with providing ‘architectural (security) design’ advice for the estimated $220 million The Chris O’Brien Lifehouse at Royal Prince Alfred Hospital (RPA).

The Chris O’Brien Lifehouse at RPA will be a world-class cancer treatment and research facility providing integrated care and support services to public and private patients, located on the Royal Prince Alfred/Sydney University campus at Camperdown, Sydney.

This wonderful facility will integrate clinical care, research, education and integrative therapies, creating opportunities for innovative discoveries, compassionate holistic care and better outcomes for patients, their families and carers will be open for public and private patients in 2013.

Another artist’s impression of the new facility is shown below.

By Leon Harris
Published in INsite June/July 2009

In the October/November 2008 issue, I discussed the importance of applying ‘Crime Prevention Through Environmental Design’ (CPTED). Consistent with the CPTED strategy, is a kindred approach called ‘Crime Prevention Through Environmental Management’ (CPTEM). The two should be applied in partnership with each other.

As with CPTED, CPTEM should be considered at the early stages of design to ensure a continuum of the security management strategy once a facility is operational. It should be adopted, even if CPTED did not get the appropriate attention in the architectural brief. Ensuring CPTEM is indelibly etched on the executive mindset will ensure best crime prevention practice is enshrined as a central management philosophy and entrenched as a sustainable management function.

CPTEM involves managing a post-construction security environment built upon a CPTED foundation. They are mutually supportive. A pre-requisite to an effective CPTEM strategy is a solid working knowledge of CPTED principles and their application to particular contexts, e.g. a mixed use campus, an aged care facility, a rehabilitation hospital, a major teaching hospital, a school, a public space etc.

At the basic level, CPTEM is putting in place management plans for the removal of graffiti, and other signs of vandalism, ensuring lighting is working and landscaping works as a crime deterrent and not a crime magnet (e.g. height of bushes, removal of lower tree branches etc). However, more needs to be done.

CPTEM is the acknowledgement that there is a strong and enduring relationship between the organic nature of any facility (i.e. the on-going changing operational and architectural characteristics), the natural dynamics of security risks, the often ‘unexpected’ security incidents and the challenged and limited security resources.

An example is when a new wall, door, staff car park or pathway is built or the reception area or laundry or kitchen is redesigned. It is most likely that the existing security systems and security practices will not deliver their original objectives under these new environmental conditions. It is simple; change the built or operational environment and the (security) management of that environment is impacted upon, normally negatively. As an illustration, when new car parking areas are built, so often appropriate consideration of key crime and fear-of-crime factors are neglected during the planning stage. These factors include security lighting, landscaping and ‘creepy places’ (e.g. architectural pillars, industrial garbage bins etc that provide potential hiding places for criminals – especially during the dark of night). A further illustration, and as strange as it may seem, even the positioning of new office safes are rarely considered in the full context of the immediate environment, including the capabilities of the current security systems (e.g. electronic access control, CCTV, hold-up alarm locations) or the effectiveness of the CPTED principles originally applied (e.g. natural surveillance for staff) under the new environmental conditions.

Another example is when door and window screens on residents’ units are accepted by management as a defence against intrusion. However should the screens in reality provide no protection against criminals, then the screen ‘system’ has unrealistic crime prevention expectations in that particular environment. So management has a choice – change the ‘protective’ screens or change the environment in other ways to improve the safety of residents. Certain types of fencing and particular lighting methodologies are sometimes considered – again depending on the facility design and the facility operations, which contribute to the environmental context. (There are other contributors to the security environment such as workplace and client culture and compliance obligations).

CPTEM is an important part of Security Risk Management (SRM); however it is the area most likely to be forgotten, at least until the deficiencies in CPTEM are raised during court proceedings relating to intruder-related violence against a resident or staff member.

To varying degrees, CPTEM is something that managers do in the course of their work, perhaps without knowing its name. However, often lacking is the knowledge and the commitment that will deliver all the benefits to the facility in operational risk management terms and to the facility owner in due diligence and financial risk management terms.

CPTEM as with any strategy should not only include the obvious but the not so obvious. Often wonderful CPTEM ideas can come from staff, especially those who work at night. Include in the brief to your security consultant for your next security review, the requirement to ask the necessary questions to your staff that relate to CPTEM. The benefits may surprise you.

Further information on CPTEM or CPTED can be obtained by contacting Harris Crime Prevention Services.

Leon Harris DIP,SEC.STUDS,.CPP, is the principal consultant Harris Crime Prevention Services, a national specialist and independent security risk management consultancy established for the health and aged care sectors.

By Leon Harris
Published in INsite October/November 2008

Crime Prevention Through Environmental Design (‘CPTED’ pronounced ‘Sep-Ted’), although not a new strategic approach to mitigate crime against facilities and to enhance perceptions of safety (e.g. to residents and staff), has only in recent times become a serious design objective at, and from the architectural concept stage. This could partly be because stakeholders in design and construct projects are more affected and frustrated when planning authorities refuse Development Applications because of their professional failure to properly incorporate CPTED principles.

However, when specifically looking at the aged care sector in Australia, although progress in terms of acceptance of, and commitment to CPTED is gaining traction within new designs, CPTED has still not been granted the status it requires or what facility managers, staff and residents at aged care facilities deserve.

For maximum benefit to stakeholders including investors, security design consultants should be invited as panel members to the concept or masterplanning table. If architecture, landscaping, lighting and relevant aspects of engineering can coalesce early enough with security design, then realisation of form function, safety (security) and market edge reputation is more likely. Interestingly, by applying CPTED principles in a determined manner, reliance of (security) technology is often reduced and certain sources of operational costs such as that resulting from insurance claims can be reduced.

This CPTED approach seeks to incorporate security into a project’s ‘form’ from the outset. It ensures a more measured outcome via a truly consultative process. The approach learns from the historical relationship between crime and architectural design and transforms the learning into practical and ‘passive’ crime prevention that works.

Security design is more than the traditional inclusion of barriers, bolts, surveillance systems and alarms. It is a comprehensive environmental crime prevention strategy, applying aspects of architecture, engineering and technology to all development proposals, from concept to completion. Security design has two objectives:

• To promote the legitimate and safe use of built environments by incorporating security design guidelines into development planning approval processes.
• To enhance the reputation of development projects by ensuring that security design criteria are incorporated into relevant architectural, engineering and technology documentation.

In brief, the CPTED principles are:

(a) territorial classification – defines by way of form, the purpose and (legitimate) use, e.g. by staff, residents and contractors, of the space within your property.

(b) natural (passive) surveillance – creating security sight lines through creative form, i.e. providing easy opportunity for legitimate users to observe events.

(c) territorial reinforcement – visual indicators to would-be criminals that this ‘private property’ is actively observed by the staff and residents.This aspect cleverly considers dynamic factors such as access, usage patterns and behavioural expectations.

Another Crime Prevention strategy that should be used in conjunction with CPTED is Crime Prevention Through Environmental Management (CPTEM). This involves managing the environment post construction. The principles and benefits of CPTEM will be discussed in a later article.

Although CPTED and CPTEM principles may not be considered ‘rocket science’, it does require an advanced understanding of how criminals identify prospective targets (human and property), why criminals are deterred from prospective targets and the architectural countermeasures that are effective, which are far easier and more cost-effective to apply during the architectural stages than as part of a retrofit project. CPTED expertise should be sought well before the DA is refused and the crime is committed. Besides the personal life-safety issues, there is a real possibility of failure in OHS..

Leon Harris DIP,SEC.STUDS,.CPP, is the principal consultant Harris Crime Prevention Services, a national specialist and independent security risk management consultancy established for the health and aged care sectors.

By Leon Harris
Published in INsite December 2007/January 2008

Although we have seen some considerable improvement in Security Risk Management in various aged care facilities, some adverse conditions remain which degrade efforts in crime prevention and as such should be re-visited by management. We know that the following conditions have assisted criminals in the past and will continue into the future, unless serious remedial action occurs. The following are examples:

Landscaping

External grounds of many facilities can assist criminals. Typically, landscape design is not underscored by crime prevention principles and allows criminals to hide without detection. Some trees and other vegetation often interfere with lighting thus reducing another critical aspect of crime prevention.

Lighting

Lighting is important to deter criminals and to re-assure site users. External lighting is often designed without a thorough understanding of the importance of lighting in crime prevention. Incorrect illumination and lighting types are common. Very often lighting does meet Australian Standards. Reporting of non-operational lights is too often not reported by night staff or security patrols. Lighting covering staff car parks, staff entry/exit doors and security patrol walkways as well as lighting failure reporting, should be re-assessed.

Poor and ineffective lighting can assist criminals to perpetrate crime with little risk of detection or apprehension. It can for some staff, create a ‘fear of crime’.

Reception Desks

In many facilities where there is a reception desk, the desks are not positioned to maximise human surveillance of the main entry or visitor toilets. These conditions favour criminals and they know it.

Unattended reception areas also greatly assist criminals. If it is not possible to re-arrange the reception area or position someone at the times the front door is unlocked (including weekends), consider alternative strategies such technical detection and surveillance. Ensure your security procedures for staff address and mitigate the risks.

Clean Utilities or Treatment Rooms

Clean Utility or Treatment Room doors left open with no staff in attendance, sometimes medication trolleys have also been found to be unlocked. This is more evident after administration hours.

This can lead to the risk of a resident or a child of a visitor accessing the room to find unsecured medications or an unlocked medication refrigerator. There are other dangers especially for children, such as an accessible yellow (attractive colour for children) sharps container and particularly if it is the type where a small hand could be placed into it to investigate what it contains.

Kitchens

Some kitchens had windows not capable of locking and/or the refrigerators and freezers were not locked after hours. The risks of food contamination and/or theft are evident and should be better managed. Remedial action that should be considered includes using more appropriate locking hardware and ensuring security procedures are effective and audited. Consider movement activated lighting outside.

Windows

Often windows, including residents’ rooms, are unable to be locked either in the closed position or partially open. Evening/night staff sometimes do not check to ensure windows are secured. Remedial action should once again include locking hardware and procedures.

Key Control

Key control is always an issue for concern. Master keys have been found left on desks in opened and unattended offices, behind doors, in jars, in unlockable desk drawers. In many facilities, key auditing is rarely undertaken.

Some facilities are now taking advantage of technologies providing electronic access and key issue control.

Safes

Safes in many facilities are in full view and in close proximity of the general public (including couriers, technicians, contractors); a particular concern when staff access them. Usually, safes are not bolted to the floor and/or not in a secure location. It is hard to believe but safes have been stolen from facilities.

Policies, procedures and training relating to cash handling are frequently absent.

Wherever cash and valuables are kept, the risk of armed hold-up is present. Armed hold-up ‘survival’ training is rarely provided for staff and post hold-up procedures are not articulated. Besides the personal life-safety issues, there is a real possibility of failure in OHS compliance.

External Doors

Frequently there are too many external doors opened, particularly at night. Usually doors have nil or ineffective access control. Unsupervised doors are usually opened too early in the day and too late at night increasing the risk of intrusion. The alarms on doors are often totally inadequate.

Management should objectively consider the number and location of accessible perimeter doors and the installation of a good standard electronic access control system for doors, improving security procedures (which should be appropriate for evening and weekend periods) and the possibility of movement activated lighting outside the doors.

Security Technology

Universally, (although improving) facilities do not take advantage of modern security technology, in particular closed circuit (CCTV) surveillance, electronic access control and duress alarms.

Staff who attend external residences at night often express concern about personal safety.

Policies and Procedures

Security policies and procedures are rarely comprehensive or relevant. They are often not complied with by staff. Many staff claim that they are not aware of them.

Security incident reporting and defects notification is often inadequate, inefficient and ineffective.

Contract Security

Security companies are often not engaged by a properly constructed contract document thus missing opportunities for performance measures and compliance management.

Security officers that either patrol or respond to incidents are rarely ‘site trained’ which has possible consequences of reduced effectiveness and non-compliance of OHS obligations. Outsourcing security services does not eliminate your duty of care obligation to the security officers. Management should consider the Australian Standard for Guards and Patrols AS4421 as a base requirement.
The above examples are general information only and should not be used as a replacement for a comprehensive professional security review. A holistic approach is required for a sound and cost-effective security risk management.

A comprehensive list of Australian Standards that should be obtained by facility management is available on this website.

Leon Harris DIP,SEC.STUDS,.CPP, is the principal consultant Harris Crime Prevention Services, a national specialist and independent security risk management consultancy established for the health and aged care sectors.

by Geoffrey Harris
Published in INsite October-November 2006

The divide between security risk management and emergency risk management was generally accepted as normal prior to the events of September 11, 2001. This date was the start of a new continuum when the traditional concepts of security management and their capacities to respond to emergencies were being seriously challenged. As terrible events followed ‘9/11’, such as the Madrid and London bombings, the integrity of lifesafety systems, assets protection resources and business continuity planning has become increasingly entrenched as an agenda item for boards and senior management. Some of the momentum was attributed to higher expectations in corporate governance by government regulators, the courts, insurers and the community. The ideal situation of eliminating the risk of events (prevention) that had high consequence but relatively ‘low’ likelihood such as terrorism, deliberate food contamination, arson and violent intrusions has received considerable attention. However, with the realisation that elimination is mostly not possible, systems needed to be in place to mitigate risks (security risk management), respond to events (emergency management) and allow return to ‘normal’ business activity (disaster recovery) as quick as possible has become a priority.

However even today, many boards remain ill-informed about the true picture of their security risk management (SRM), emergency management (EM) and if emergencies are not immediately controlled – their disaster recovery (DR) capabilities. Without an independent and expert assessment, a true picture can never be gained. On the other hand, there are those directors, that are not just asking the right questions about their SRM, EM and DR but are going even further by demanding that the three areas are seamlessly integrated; strategically and operationally.

Standards Australia is doing wonderful work developing a range of standards either directly on, or related to, the areas. Recently, Standards Australia conducted a security forum to expose and display a few of these Standards to an audience of about 190 senior executives. Standards will always be a work-in-progress. As a member of AS 3745 (which deals with emergency procedures), I presented an overview of this important Standard. One of the questions that I asked the audience (of around 200) was ‘How confident do you feel that your SRM and Emergency Management is properly integrated?’. Only five or so people raised their hands. Numerous people informed me afterwards that it was time they assessed their own situation.

Directors and facility management should consider:

• Integrated EM and SRM audits and strategic planning within the AS/NZS 4360 Risk Management framework (how about we change EM to ERM – Emergency
  Risk Management – to capture the real broader, dynamic context of emergencies confronting today’s organisations and the challenge of effectively managing these risks?).
• Gaining realistic on-going assessment of their security and emergency risks within their full risk spectrum.
• Clearly understanding the differential risk nature of their environment e.g. staff working in isolation at 2:00am, or perhaps a pharmacy delivery or emergency with only limited (and often casual or agency) staff.
• Better ERM and DR liaison and planning with other organisations in their neighbourhood/district as well as hospitals and emergency response organisations.
• Integrate ERM and DR with:
  • business continuity planning;
  • compliance and staff training programs;
  • contractor management (especially security contracts);
  • whistleblowing procedures.

A coroner once said that there are two types of emergency plans; those that have failed and those that will. Directors must be in a strong position to prove him wrong.

Geoffrey Harris MAICD, MPS, BCom, DipCrim is a senior associate of Harris Crime Prevention Services, a national specialist and independent security risk management consultancy established for the Health and Aged Care sectors. Geoffrey has over 20 years advising senior management on the strategic and operational levels of SRM and ERM.

By Leon Harris
Published in INsite, April / May 2006

An operator of a large aged care facility made contact with our firm after there had been reports of theft and observation of intruders by staff and residents.  Although staff had previously raised concerns about security issues, management were of the mind that there was no problem with their security.  There was genuine surprise by some senior management that the state of their security was not what they thought.  The range of consequences for criminal action (security failure) and fear of crime suddenly became a critical management issue for urgent discussion and resolution. Well, at least in the short-term.  It wasn’t too long before the OHS manager raised a further issue concerning ‘duty of care’.

As consultants specialising in aged care we continually hear operators advise that they have security in hand and have no concerns.  When asked how they provide after hours access they often respond with ‘there is a keypad at the main entry and we have procedures in place that all doors are locked at established times’.

The facility referred to earlier had been refurbished and in terms of resident comforts was well thought out.  Unfortunately controlling access to mitigate the risk of intruders was not so well considered.  A receptionist was on duty from 8:00am to 4:30pm Monday to Friday (although she had poor ‘natural’surveillance of the entry door) and typically and generally understandably, there was no human control after-hours.

In addition to poor surveillance of the main entry, a number of the issues identified during the subsequent security review showed numerous unsupervised doors including the main entry (after office hours and week ends) which further diminished control, observation and criminal deterrence.  When morning and night staff arrived the door would be left unlocked (at around 5:00am and again around 10:00pm) to enable them to enter, as well bread and milk deliveries were made through the unlocked ‘AM’door and the goods left in the unattended foyer.

Our consultant was able to enter undetected during surveys which covered week-ends and night (after 11:00pm), walking past resident rooms and other vulnerable locations that contained very attractive prizes for criminals, such as a large Plasma television.  Both evening and night staff advised the reason the door was unlocked was they may be attending to residents and did not want to be continually unlocking and locking the door.

Increasing the risk of intrusion was a side door off a car park which was also unlocked for staff.  These doors were not re-locked until the handover was completed and the earlier shift had left.  The reduced staff numbers during these shifts also created concern for some staff in that they would not be aware if an intruder had gained access prior to handover.

Criminals would be aware many facilities still operate this way.  Although some operators may have installed a keypad at the entry door and management may feel that is all that is required, it is not only inadequate, it may create a sense of ‘false security’.  Some keypads are operational only after office hours for the convenience of staff to enter.  On the issue of keypads, experience has shown many of these systems are stand alone (i.e. not connected to a PC based system with various alarm functions) with a single code provided to all users and rarely if ever changed.  Staff that have left the organisation would still have the code and there is the possibility of them passing it on to others even as some misguided honest act of faith.  The code is often subject to identification by unauthorised persons observing its use by staff.  In reality, management should accept the fact that more people know the code to their facility than the number of people who need to know.

These issues are not uncommon throughout the aged care sector.  Unfortunately risk assessments are rarely if ever undertaken outside office hours therefore management may not be fully aware of the risks.  It is a worse case scenario when staff have voiced their concerns and management has not acted upon those concerns to mitigate the potential risks.  Staff can in turn begin to feel that as management is not serious about security it can generate a continual downward spiralling of security with some staff not wanting to accept individual responsibility resulting in further breaches.

The following are a few general recommendations to assist in the move towards a safe and secure working (and living) environment:

• The design of an aged care facility must take into consideration after-hours access for staff and visitors.  Ideally access and egress should be restricted to a single door.  All other doors should remain locked.  It is advisable to consult an accredited BCA consultant before making any changes to emergency exits.  Architects should gain specialist advice on all aspects of security design including lighting.

• A commercial graded electronic access control system should be considered for the after-hours entry point that includes power back-up (there are still a number of facilities where no power back up has been installed –refer article “Flaws in Doors”on our website, intruder detection, staff duress alarm systems and closed circuit television (CCTV) should be assessed as part of the Security Risk Management process.  When the opportunity arises, these strategies should be assessed (according to risk management principles) when new facilities are being designed and implemented as an integral part of the construction project.

Ill-conceived and ad hoc security is usually not a deterrent to criminals, often incurs costs with little sustainable benefit and sometimes leads to an erosion of trust by staff in the decisions about life-safety and asset protection made by management.

The above examples are general information only and should not be used as a replacement for a comprehensive professional security review.  A holistic approach is required for a sound and cost-effective security risk management.

Leon Harris CPP, is the principal consultant for Harris Crime Prevention Services.

By Leon Harris
Published in ACQ-Wire, April, 2006

It would be hard to believe that any person working in aged care would not support regular emergency evacuation and fire training for all staff, even putting aside the compliance requirement. However, security awareness training for staff, which is another area of Critical Incident Management, does not have the same universal support.  Unless staff receive and benefit from appropriate training in crime prevention awareness and the facility’s security procedures, then residents, staff and the facility will be more vulnerable from acts of violence from intruders. Furthermore, security awareness training and comprehensive procedures to mitigate and manage the spectrum of possible security risks is a key component of management’s duty of care compliance.   It should also be consistently scrutinised as part of each facility’s Business Continuity Planning.

The days of relying on inadequate documentation as the main means of training in this area of life-safety and asset protection are well and truly over.  Many insurance companies and the courts have established higher standards in this area.  The absence of crime (security incidents) is not an excuse for a lack of clear focus and appropriate resource allocation in ensuring that security standards, which include staff training, are at the aged care industry’s best practice in Security Risk Management.  Similar crime at other aged care facilities and similar crime in the local vicinity may be enough to prove to the court that a criminal incident which resulted in personal harm was reasonably foreseeable.

Reviews undertaken of facilities by our consultants identified that security related documentation is often glossed over by staff. Sometimes this reflects the quality of the documentation and sometimes it reflects the level of interest by staff; a situation not unusual with agency staff who are not ‘connected’to the facility. When asked specific security questions on security procedures, they are frequently unable to answer in a manner that reassures us of their understanding, let alone their capacity to deal with a security incident in an effective and risk-controlled action.  This concern is heightened should they be the most senior person on duty.

Although in most cases staff receive some security related information during their induction, too often the educative process stops there.  It is not unusual for staff not to receive any refresher training.

Training should be based on realistic security-risk scenarios.  It should include information about the capability and use of security technology employed in the facility and the associated security response arrangements that are in place.  The training (supported by appropriate policy and procedure documentation) should reflect the contemporary nature of the facility (rather than generic for multiple sites or historical) i.e. information must be absolutely relevant with practical procedures and guidelines.  Should the facility have contractors on site such as catering, cleaning and security, they should also be incorporated in the security awareness program (and the associated emergency management plans and training).

Staff, especially those working evening and on weekends, should be given every opportunity to contribute to a safe work environment.  Their security concerns should be sought and respectfully considered.  They should receive prompt responses from senior management and kept informed about the treatment of their issues.  Entrenched good communication practices are essential in Security Risk Management and workplace learning agendas.

There are several important aspects to good training practice; one is ‘consistency of the message’that is across all shifts, across all departments and across all physical localities.  Another is that information has to be in a format and language style that the recipients can understand and within the time pressures of their shifts.  Training development and delivery needs to be sensitive to the diverse nature of the workplace.  For the desired training outcomes to be achieved, it is important that trainers have specialised and comprehensive knowledge not only in security, but security in the aged care facility context and adult education.

Consistent rewarding feedback from clients for whom we have completed Security Awareness Workshops is that staff become more motivated in contributing to the overall safety of their workplace.  We believe that one of the reasons for this is that when staff are involved in Security Awareness Workshops, they feel valued by management.

For further information on the benefits of Security Awareness Workshops or arranging for workshops to be undertaken at your facility (consider inviting other local operators to participate) contact Leon Harris of Harris Crime Prevention Services, or Deborah Gwynne of Australian Institute for Care Development (AICD).

Leon Harris CPP, is the principal consultant for Harris Crime Prevention Services.

By Leon Harris
Published in INsite, February/March 2005

Standards Australia has released a new version of AS/NZS 4360:2004 Risk Management that will assist aged care service operators and planners manage safety compliance, security, crime prevention and emergency planning issues.

An updated companion handbook, HB 436:2004 Risk Management Guidelines, has also been released, which provides commentary, guidance and examples on how to implement the standard.

The standard and handbook are also relevant to members of aged care facility boards (including not-for-profit organisations), facility managers, OHS managers, food services managers and architects designing new facilities.

Because risk management is fundamental to our accountability obligations, it needs to be a ‘natural’part of our corporate culture, ie it should underscore and influence all decisions, as well as be formalised.  We know this is really happening when we see big savings in dollar terms –eg less personal or property damage, less lost work days, less redoing sub-standard or inappropriate work (such as a response to a WorkCover order) and so on.

However, to make savings a realistic benefit of risk management, many organisations need to have a management refocus, an organisational realignment and a cultural shift.  This can be assisted by having three residing questions for business activities:  Have the risks been fully identified?  Have the risks been treated properly?  And have the identified risks and treatment been documented?  These questions are a good starting point.

The risk management concept also needs to be translated into a risk management framework suitable for each organisation.  This requires objectivity, transparency, consultation and the ‘translation exercise’to be managed as a project.  Owners/managers of more than one facility should consider this an advantage, as the situation lends itself to more experiences, benchmarking and possible economies of scale.

Leon Harris CPP, is the principal consultant for Harris Crime Prevention Services.

By Leon Harris
Published in INsite, December 2004-January 2005

Aged care operators are increasingly becoming aware that ignoring or delaying credible security risk assessments sometimes results in costly and unfortunate experiences. The range of experiences arising from a criminal incident may include injury to staff, residents and visitors; financial losses (e.g. civil [legal] remedy for personal injury, fines from [WorkCover] prosecutions, insurance premiums); management time loss and distraction (including time needed for legal defence); staff morale, prestige; and diminished management credibility.

We still hear statements like “we have all bases covered, or, “we have no concerns”, or “we have security patrols”, albeit less than what we heard say five years ago. We still hear statements after a serious criminal incident like “we thought that we had all the bases covered”, “we thought that we had no concerns” and “this should not have happened; we had security patrols”. However, on a brighter note, we are increasingly hearing statements like, “we need to know more about our security risks and our strategic options to manage them”.

This proactive focus is both a sign of good risk management and a reflection of good corporate governance. It is a realisation that occupational health and safety, security risk management (including staff safety measures and insurance) and corporate governance are interwoven and more obviously a part of core business for the modern business, including not-for-profit organisations. All three aspects have social and legal responsibility and obligations in terms of duty of care compliance. Facility owners and managers should discuss these issues with their professional legal advisers. Better sooner than later.

This proactive focus by an increasing number of owners and managers is an acknowledgement that the cost of appropriate protection from crime needs to be resourced. Good security standards are central to core business. Like any business requirement, there is a need to seek opportunities in genuine cost-savings, however, without compromising the integrity of security. This can be done with modern approaches in risk identification, effective staff training and new technologies. Opportunities to reduce the operating cost of security are available, in particular with the right selection and appropriate application of technologies. Opportunities for both single and multi-site operations are, unfortunately, missed by some operators because of a number of reasons; a common one being relying on poor advice. This is regrettable, unnecessary and in some legal cases, may be deemed negligent. Managerial action to identify the most cost-effective security risk management is absolutely the right approach.

One of the problems for those owners and managers of facilities who have yet to realise the need to realign and appropriately resource their security risk management is that court cases are exposing their (alleged) lack of duty of care compliance by comparison with similar organisations which are considered to have a ‘best practice’ in security risk management approach. Courts often consider the security (and safety) best practice standards of an industry at the time of the incident before them in assisting the directions of judgments and associated penalties (criminal matters) and damages (civil matters). The absence of criminal incidents prior to a criminal attack of a facility involved in litigation is losing credibility as a defence, because Courts are looking at the broader crime trends of an industry group.

All owners and managers need to be current in their understanding of what security best practice means in the aged care industry and (at least) work towards it.

Leon Harris CPP, is the principal consultant for Harris Crime Prevention Services.