A HEAT Risk Assessment (RA) is essential for working in hostile enviroments and is a potent tool for ensuring your safety, however the term risk assessment automatically make peoples eyes glaze over. Thoughts of death by power point from instructors eager to show their knowledge by burdening simple topics into complexity a heavy chore. I’m not here for that. Security and its various stems – HEAT being one – in my opinion is best served cold. After all you can’t flick through you course notes when the bullets are dancing at your feet. I’m going to use the KISS (keep it simple, stupid) for this and all my future presentations, giving real life examples to emphasise how it fits into a situational context in a logical fashion.

When you’ve been offered an assingment in a hostile enviroment the thing at the top of your ‘to do’ list should be to carry out a preliminary evaluation of the dangers within the country/area that you’re going to visit. This is your initial risk assessment. You can check the news and search the Internet to get a feel for what is happening – its good idea to make some notes. Ask yourself the question: am I prepared to put up with what is happening there? (Remember ‘volenti’ from lesson #1?)

The answer is of course as unique as you are, however the main thing that will influence your decision is your level of experience. Those of us that have more exposure to hostile environments might well have a higher tolerance for danger and visa versa. (Tolerance however can become a negative attribute and can lead to complacency, something we will cover in a later lesson covering personal security). An excellent paradigm that’s used to describe acceptance of risk is the anecdote of the boiling frog. The metaphor being used to annotate ones acceptance of danger, or to put it in a situational context; would you book a holiday to Tunisia right now? If your answer is yes then your acceptance is high; no means low.

So lets say that you accept the assignment. Following on logicaly you’d move to the next stages of pre-deployment and arrival. However we’re not going to do that today, (but don’t worry they will be covered in future lessons). Instead we’re going to stick with risk assessments, because I can assure you that RA is the best way to keep you safe.

I’ve seen 250 pound ‘operators’ dripping with weapons and all kinds on munitions, with muscles that cant fit into their 5.11’s, quake in their boots when asked to put pen to paper and do a risk assessment. Security guys think that the more weapons they have the safer they are but their wrong, to use the old adage; the pen is far mightier than the sword.

If you’re in a situation when either you or your security have to start shooting your way out then you’ve done something wrong. I acknowledge that there is always the possibility of being in the wrong place at the wrong time – or collateral damage as it is called. But if you’d done a thorough risk assessment in the first place then you would never have put yourself in that position.

I’m not going to give you a technical lesson on how to do a risk assessment – although if you want more in depth information just go to www.richardcpendry.com drop me a line and I’m more than happy to talk on or off line to answer your questions. What I am going to give you though is a brief outline. Okay, here we go…

Simplistically, a risk assessment involves the collection of information that allows an informed decision to be made on how best to carry out a course of action in the safest possible manner. You do this by:

  • Identifying the threat. What dangers are there? IEDs (road side bombs), kidnap, insurgent attack, road traffic accidents, criminal activity, natural disasters, civil unrest, mob violence, disease, etc., etc.,
  • Assessing how exposed are you to the them.  Do you travel on the roads? Are your locations protected? Are there earthquake aftershocks? Am I vaccinated?

Identify the THREAT and assess the

With the information on threat and exposure identified you can then calculate the risk or the likelihood of the danger occurring. Remember the threat levels from lesson #1 the introduction? Lets also use them as the metric for quantifying the risk: Low, Medium, High & Extreme.

For example; the risk of K&R for aid professionals working in ISIS held territory would be calculated as EXTREME. The risk of street robbery in parts of Nairobi might be calculated as HIGH. The risk of catching Ebola in Sierra Leone might be calculated as MEDIUM, in Nigeria Ebola it might be LOW.

If your satisfied at the level of the risk – if its acceptable – then crack on, knock your-self out. But remember there is a duty of care attached when people’s safety is involved. So you might want to look at how the risk can be reduced or mitigated so that you don’t get into trouble for authorising something where people can potentialy get hurt.

Examples on above: don’t work in ISIS territory; do not go on the streets of Nairobi at night; ensure proper procedures are followed to avoid spread of infectious disease.

After mitigation is applied the risk level normally reduces, whats left is called residual risk.  Its then up to you then to decide if the risk is worth taking or not.  This decision is normally made for you as it should be covered in your companies standing operational procedures or SOPs.  A good set of SOPs will clearly define what your companies acceptance of risk level is, its called ‘risk appetite’.  This varies; some companies are totally risk adverse while others are more relaxed and will accept a higher status in order to reach their objectives.

If your company wants to take advantage of emerging markets in East Africa, South America or just wants to ensure that your existing policies and procedures are robust enough to counter your organisational threats, you need to start thinking risk assessment. But risk assessments are not just for hostile environments they can be utilised everywhere, and if conducted properly are an excellent way of ensuring that you or your company does not end up on the receiving end of highly expensive law suits from employees that you accuse you of neglecting their safety.

Finally; I just want to draw your attention to the cover picture.  Its of a Taliban suicide attack on a US military convoy on Behsood bridge, Jalalabad, Afghanistan 2010. There is only one bridge in J’bad.  It crosses the Kabul river and heads north to Kunar. If you want to go north you either use air assets or the bridge. What goes up must come down. The bridge is the only way. The convoy commander wasn’t spoiled for choice with mitigation devices. He could have changed the time of crossing or the configuration of the vehicles, maybe secure the end of the bridge with a vehicle from the south before he committed himself to cross. Who knows? It’s easy with hindsight. But in the end it was inevitable. The convoy had to cross the bridge. The suicide attacker was on a motorbike. He came from the south impacting into the MRAP. There were 2 KIA and several WIA.

What would you have done if you where the convoy commander? Have I got you thinking? I hope so…


  • Excellent article. I found him very useful. Are you planning to write something about radical Islamic threats in European countries ? France, UK, Kosovo, Bosnia & Herzegovina ??

    • Andrija, Thats an excellent question and very well presented. Its a fact that many Muslim men from the region went on to fight in support of Islamic causes in Afghanistan and Iraq after the regional conflict in the 90’s. But as of late there has been little or no indication that there are militant agencies working within the area. This of course cannot be set in stone as we have seen that the current form of Islamic extremism is virulent and fast moving. I would say that the countries most at risk would be Bosnia, Romania and Albania. Tighter border restrictions such as the wall/fence mentioned recently by the Serbian government might therefore be a positive attribute.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.