Risk Management: Risk Awareness in an Information Age

Risk Management

by Ed Schirick

1993, I was asked to write a column for Camping Magazine that looked
into the future, into the twenty-first century. The theme of the article
was how technological advances might affect and improve risk management
at camp.

In retrospect, from the edge of the twenty-first century, my "crystal
ball" was very cloudy and, as a result, I have decided not to quit my
day job to become a futurist. I remember one of my suggestions was that
a new hand-held, computerized device, a personal digital assistant (PDA),
named Newton, developed by Apple, (yes, that's right Newton by Apple,
not Fig), could help directors capture risk management information and
make camp safer.

For some reason, Newton never did catch on. Neither did my suggestion.
Perhaps they were just ahead of their time. By the way, a later version
of the PDA, named Palm Pilot, did catch on. The latest version of Palm
Pilot features wireless Internet service; well, maybe not from camp,
but who knows?

The Influence of Technology

Technology has impacted camp, but maybe not in the way previously thought.
If you have any doubt about how the Internet and new technologies have
changed camp, check out the Web sites, e-mail addresses, and cell phone
numbers that now appear on director's business cards. Reflect on how
many camps now offer their newsletters online. Think about the information,
links, and services available to you online from the American Camping
Association and other organizations. This reflection will give you just
an idea of how technology has changed camp as a business, not to mention
society as a whole. The Internet, new technologies, and the information
age present camps with new challenges and risks.

The Risk Environment

For the most part, camps are just beginning to explore the possibilities
of the Internet and how to conduct e-business. Some camp directors are
harnessing the new technology. Others are embracing it albeit unevenly.
Some are choosing to maintain a traditional program with limited technology
programming. All of these are personal choices and have merit. Regardless
of the path you chose, you and your camp will be impacted by this newly
connected, wired world.

The reasons for this impact are simple. Campers and their families are
immersed in technology. Nearly 40 percent of Americans carry a mobile
phone, almost 50 percent of the population own a personal computer, and
about 100 million Americans go online every day. It seems like we live
in a fast-forward time. Everything is facilitated in large measure by
the ease of communication and the speed and quantity of information available
to us. These changes will create new risks to your businesses and new
challenges for serving your clients. To borrow a phrase from television
advertising, are you ready?

The Risk Issues

The biggest concern at camp is privacy, an old issue. But in this new
electronic world, you will have to manage privacy in a new and different
way. The more interactive your Web site becomes, the greater the risk
of intrusion and violation of privacy. These intrusions can be from employees,
ex-employees, hackers, campers, and competitors.

Second to privacy are the risks of defamation and infringement of copyright,
particularly for slogan, trademark, or other electronic publications.
These offenses can be innocent just because of the ease with which information
is shared on the Internet. They can also be a hornet's nest if violations
are committed without proper controls and policies in place and are intended
to do damage. These issues resemble old ones but present new challenges.
Actually, the entire issue of intellectual property in the law is in
its infancy. This will definitely be a hot topic as we go forward. Susceptibility
of your computer system to hackers, to viruses, and to vandalism represents
other key issues to be managed.

The fourth annual Computer Crime and Security Survey completed by the
Computer Security Institute (www.gocsi.com) and the FBI in 1999 stated
that 55 percent of the participants reported unauthorized access by insiders.
Of companies suffering a financial loss (51 percent of participants),
98 percent said their losses came from vandalism, 93 percent from denial
of service, 27 percent from financial fraud, and 25 percent from theft
of transaction information. Insider abuse of Internet access privileges
(downloading pirated software or inappropriately using e-mail systems)
was reported by 97 percent of the companies in the survey; the companies
could not quantify their financial loss.

Awareness Is Key

The key to managing these new risks and challenges at camp is awareness.
If you haven't taken the time to assess your computer system risks, including
the use of the Internet as both a business and programming aspect to
camp, take the time to do so immediately.

Although some of the risks may be new, a tried-and-proven process to
manage these new issues exists: the risk management process. Here is
a quick review of the steps to take to manage risk and some thoughts
to get you started on evaluating your camp's electronic risks.

Step 1: Risk identification

Review your camp's policies, practices, and uses of computers and the Internet.
For example, are you in compliance with all software licenses? What risks
and responsibilities do you assume in the contracts you have with your software
vendors? What type of security controls do your vendors provide for your
system to prevent unauthorized access and vandalism? What controls do you
have on the content of your Web site? How do you prevent campers and employees
from accessing inappropriate Web sites or information when using your computer

Step 2: Risk analysis

Evaluate each risk identified in the first step. Focus on determining the impact
from each one of the perils or events that could affect your computer system
and electronic business transactions. This phase also involves trying to
quantify the financial loss to your business, which may be hard to do since
there isn't a lot of historical data and experience with this yet. Enlist
advisors, accountants, and vendors as needed.

Step 3: Risk control

Decide how you are going to handle each risk of loss. This is also an area
where you will most likely need help. You may want to think about establishing
controls for insiders and outsiders. Some examples of risk-control actions
may be establishing written policies for employee and camper use of your
computer systems. You might decide that one violation of your technology
policies will be justification for dismissal from camp. Other actions could
include development of access controls and installation of anti-virus software
and system firewalls to combat unauthorized entry from outsiders.

Step 4: Risk financing

Decide if you want to transfer some of your risk contractually. For example,
do you want to buy insurance or retain the risk yourself. Because there is
so much uncertainty, most will want to buy insurance. Realize the insurance
coverage for most Internet businesses is still evolving, that your needs
are different from e-businesses, and that comprehensive coverage may not
be uniformly available. Be prepared to finance risk in other ways if you
can't buy insurance to satisfy your needs.

Step 5: Feedback/monitor

Start the whole process over again. How did your risk management plan work?
Do you need to fine-tune parts of it? Were there surprises? Could they have
been avoided? As you evaluate the process, it begins to renew itself.

Stepping into the Future

In summary, the Internet and new technologies are impacting camping
in many ways. These changes create new opportunities, challenges, and
responsibilities. The first step toward managing these is awareness followed
by the tried and proven methods of risk management.

Originally published in the 2000 November/December
issue of Camping