Unfortunately, however, many schools and universities in the U.S. have not conducted a risk assessment. While many colleges and universities now require all those entering campus buildings to present an ID card or are hiring campus security guards, these steps often do not go far enough. For instance, doors and windows of a campus building may be locked… but an intruder can find a way to open them, gaining access and the opportunity to do harm. Making matters worse, in some buildings, tampering with these locked doors and windows may not be detected by security systems.
A thorough, professional risk assessment typically can detect these weaknesses and many other hazards so that administrators can more effectively protect students and staff. But before we go much further, it probably would be best to define exactly what a risk assessment is, especially as it pertains to a school or university.
A solid working definition is as follows: A risk assessment is a detailed examination of a facility, looking for vulnerabilities that could allow people or property to be harmed. A thorough and professional risk assessment helps identify these vulnerabilities and then suggests actions to take in order to minimize or eliminate them in a systematic and prioritized way.
We should point out that there can be a wide variety of risks. They could include such hazards as fires, floods, or extreme weather conditions in addition to individuals intent on damage or harm. Any one of these events could potentially harm students and staff, so they must also be considered when conducting a risk assessment.
The process. A school or campus risk assessment can be very involved. To make the process easier and faster, administrators working with a risk assessment firm should first decide on the following:
Goals and objectives. Does the risk assessment involve just one building, a group of buildings, or the entire campus? What are the strategic objectives? Preventing a cyber-attack? A shooting? Domestic terrorism on the campus? Property theft?
Known risks. An effective risk assessment is designed to uncover unknown risks to people or property. In some cases, administrators are already aware of potential risks or hazards. When there are known risks, the goals of the risk assessment are to determine the seriousness of these risks and what can be done to minimize/eliminate them.
Likelihood. The likelihood of certain types of risks or hazards developing is ever evolving. For instance, fires may be a significant concern for some California university campus administrators due to the current dry climate. For other schools, cybersecurity or campus violence may be a crucial concern.
Priorities and response. At this stage, we should have a fairly good idea of what the risk assessment is focused on; we have identified the unknown and known risks, as well as the likelihood of an incident or multiple incidents occurring. The job now is to prioritize these risks—determine which must be addressed first because it could cause the most damage.
As far as which issues to address first, sometimes in educational settings administrators have no choice but to analyze the results of the risk assessment and place these potential hazards and vulnerabilities into three categories: Those that are not costly to implement and can be put into place now; those that are more costly and should be implemented within the next 6 to 12 months, and those risks and hazards that are bigger budget items but may take a year or more to address.
These final steps can be difficult, but virtually all organizations find themselves in this situation. The most important step is to act, start doing what is necessary as soon as you can in order to make your campus safer for students and staff.