This study explored how senior security risk managers experience reflective practice. It looked specifically at the extent to which the practitioners reflected on their own practice, the ways in which they did so, and the usefulness of reflective practice for security risk management managers. Grounded theory methodology was used to collect and analyse relevant data. The outcome of the study is two-fold. From a theoretical perspective, the study provides a substantive theory about how senior security risk management practitioners experience reflective practice. From a professional practice angle, the study offers essential functional information about reflective practice in security risk management.
This doctoral research study explored how senior security risk managers experience reflective practice in relation to managing external threats to organisations. It looked specifically at the extent to which the practitioners in the study reflected on their own practice, the ways in which they did so, and the usefulness of reflective practice for security risk managers. To do so, the study used grounded theory methodology to collect and analyse data, including empirical data that was collected by means of semi-structured interviews with 19 purposefully selected senior security risk managers.
In the absence of research on the use of reflective practice by security risk managers, little was known about how they experience reflective practice. By exploring how senior security risk managers perceive and utilise reflective practice in relation to managing external threats, this study aimed to fill a gap in the body of knowledge on reflective practice and security risk management, and to contribute to professional practice by providing practical information about the application of reflective practice in security risk management. In addressing these aims, the research was oriented around the following three research questions:
To what extent do security risk management practitioners reflect on their own practice?
In what ways do security risk management practitioners reflect on their own practice?
How useful is reflective practice for security risk management practitioners?
SECURITY RISK MANAGEMENT
Comparatively young, but nonetheless rapidly growing, security risk management is an occupational practice that aims to mitigate internal and external threats primarily to organisations. The occupation encompasses a variety of skilled roles and tasks, making it a multifaceted activity. This includes, but is not limited to, facility protection, travel or expatriate security, information security, intellectual property protection, and emergency and crisis management (see BASF, 2016; Fraport, n.d.). In the context of organisations, security risk management is also known and frequently referred to as ‘corporate security’, ‘security management’ or ‘in-house security’. Security risk management is situated within the wider domain of private security (Brooks & Corkill, 2014, p. 232). In the 1950s, at the outset of its re-emergence, private security management activity was mainly a guarding function. Since then the occupation has evolved rapidly. The fact that security risk management is an increasingly recognised feature within organisations was highlighted already a decade ago by Borodzicz and Gibson (2006). The authors stated that security risk management is ‘a key aspect of contemporary organisational management, in both public and private sectors’ (Borodzicz, 2006, p. 181).
As a learning tool reflective practice has received considerable attention, mainly because it is perceived to aid professional practice and learning. For that reason, the second dimension of this study is reflective practice. As a learning method it has its origins in the education discipline and is now, due to its considerable popularity, widely discussed and utilised across disciplines. Ray-Bennett, Masys, Shiroshita, and Jackson (2014, p. 103) comment that ‘Reflection is quintessential to all human beings’. Bruster and Peterson argue that reflective practice ‘facilitates the ability to apply theory to practice and to learn from experience’ (2013, p. 171). Reflective practice perhaps stands in clear contrast to the concept of technical rationality, which assumes ‘that professionals possess specific, scientific, and standardized knowledge’ (Hannigan, 2001, p. 279) that applies to all workplace situations. From the time when John Dewey introduced the concept of learning from experience in the early 20th century, reflective thinking has become ‘increasingly incorporated not only into professional and management development in an organisational context but also in formal education’, states Reynolds (2011, p. 6). It is widely recognised that workplace situations are not always clear-cut, and that they can be ‘confusing messes incapable of technical solution’, which ‘usually involve problems of greatest human concern’ (Schön, 1983, p. 42). From Schön’s perspective, these situations demand distinct responses from practitioners, which are formulated through learning processes such as by reflecting on practice. According to Thompson and Pascal (2012, p. 313), reflective practice offers a more integrated approach to professional practice and learning. Security risk management practitioners may find such an approach fitting to their needs. Despite substantial existing knowledge about reflective practice across numerous occupations, little is known about it in the field of security risk management.
Grounded theory methodology was used to explore how senior security risk management practitioners experience reflective practice in the workplace, with a particular focus on professionals working in the humanitarian aid and development sector. Such practitioners operate in some of the most challenging environments for practising security, e.g. remote or conflict environments. Their perspectives provided rich accounts that illuminated the employment of reflective practice in often-difficult settings, generating findings that will likely be useful to the wider security community. In this study the approach to grounded theory was practical, using methods that depart to some extent from the original ideas of the founders of the method; however, they are not incompatible with grounded theory methodology (e.g. the use of an interview guide and semi-structured interviews). Moreover, due to the authors’ previous experience with reflective practice and security risk management, it was unrealistic to adhere strictly to the classical approaches of grounded theory (e.g. abstain from an engagement with the literature prior to the establishment of an analytical core).
BASIC SOCIAL PROCESS AND SUBSTANTIAL THEORY
Three grounded theory main categories were emergent from the data in this study, which are entitled: ‘reflect to improve’, ‘trying when pressing’, and ‘facilitating practice’. While analysing the data, it was found that these three main categories relate and interact with each other and form a basic social problem. This problem represents a common professional challenge that was evidently, in one way or another, experienced by nearly all the security risk management practitioners interviewed in this study. The basic social problem is entitled ‘keeping up’. It relates to the ongoing challenge for senior security risk managers to keep up with workplace demands and complexities. The basic social problem is not the core category, but it represents the underlying issue that motivates and directs the actions of senior security risk managers when it comes to managing external threats. Consequently, it appears to be the main trigger for the reflective engagement of senior security risk managers.
Time and again, senior security risk managers find themselves dealing with demanding and complex issues at work. The need to address such issues in the workplace is not limited to senior security risk managers, as identified in this study. Practitioners in other occupations experience similar problems. Like others, senior security risk managers appear keen to competently manage such situations. Schön (1983) called these situations the ‘swampy lowlands’. Technical rational approaches often offer no adequate solutions in these situations. Therefore, flexible and progressive responses seem to be required from the senior security risk manager when it comes to managing external threats in the workplace.
Senior security risk managers were found to respond to this challenge through a process of ‘improving’, which represents the basic social process discovered in this study. Jones and Alony (2011, p. 109) describe a basic social process as follows:
The final result of research using Grounded Theory as a method of qualitative analysis is a model depicting the basic social process. A basic social process is a core category that has been developed through densification and is found to substantially represent a major social process of the phenomenon under study. It is through the articulation and explanation of this basic social process that the explanatory theory emerges. (Jones & Alony, 2011, p. 109)
As a category ‘improving’ is central to all other categories emergent in this study, and in consequence represents the core category. The category appears frequently in the data and seems to provide an explanation of what is happening.
Although senior security risk managers encounter various complex and demanding professional issues in their daily work life, they habitually make a conscious effort to effectively tackle these issues rather than to ignore them or to give in. Therefore, it can be argued that they are, in one way or another, committed to their professional practice. Senior security risk managers deliberate reflection on professional practice, notwithstanding their lack of adequate information and guidance about reflective practice, gives emphasis to their motivation and resourcefulness.
In view of this, the emergent substantive theory holds that senior security risk management practitioners are deliberately thoughtful about their professional practice, and are not simply executors solely of technical solutions. They have integrated reflective practice into their practice, which signifies a strong commitment to improve professional security risk management practice. This substantive theory presents a premise about the relationship between, and commitment to, reflective practice and security risk management.
This study’s specific practice-related findings speak directly to the research questions of this study. These findings are:
The extent to which reflective practice is applied in security risk management
Senior security risk management practitioners regularly use reflective practice in the workplace, for the most part to improve their professional practice. They appear to employ reflection in a rather competent manner, despite generally little understanding of formal reflective practice or its theory.
The ways in which reflective practice is applied in security risk management
Senior security risk managers were found to employ two approaches to reflective practice – organisational reflection and individual reflection on practice. While their organisational reflection appears to be rather structured and partly linked to known learning methods such as after-action-reviews and lessons learned, their individual reflection appears rather unstructured and less guided by formal approaches.
Reflection on professional practice is often prompted by critical or unusual situations such as security incidents or other emergency situations. Ordinary or routine practice situations do not receive the same reflective attention.
Usefulness of reflective practice in security risk management
Security risk management practice has been found to be more often than not demanding and complex. In the main, senior security risk managers were found to perceive reflective practice as beneficial.
As indicated earlier, security risk management is a young and rapidly developing, multifaceted occupation. Practitioners’ current professional challenges and the approaches to practice differ notably from those in the past; this highlights the process of evolution the occupation has gone through, from mainly a guarding function to a multifaceted risk management activity. A relevant example embodies security risk management in humanitarian aid and international development. Current approaches in this field are summarised by Egeland, Harmer, & Stoddard (2011, p. 2), who stated that organisations are now leaning more towards managing risks rather than avoiding them to ensure business can continue in nearly all circumstances or environments.
In today’s complex and challenging global and local environments barely any organisation can avoid taking risks. The risks an organisation takes should be in one way or another proportionate to the benefits an organisation expects. Hence, effective and efficient risk management is critically important. In this sense, contemporary security risk management is an enabler of business activity, an approach which is very different from that in the past when security management was all too often focused on avoiding risks, even when this meant blocking very important business activity. However, today’s situations also often lead to more complex and demanding practice conditions for security risk management practitioners. Addressing security-related issues by putting a foot down and blocking all those activities that are deemed too risky is not an option today. Current professional challenges and issues demand constructive and applicable approaches and solutions. This necessitates that security risk management practitioners obtain access to and utilise appropriate tools which help them to address practice-related concerns. This study has found that reflective practice is such a tool.
IMPLICATIONS OF FINDINGS
The study’s findings have implications for security risk management practice. The main reason for this is that purposively reflecting on professional practice adds value to security risk management practice. A testament to the added value that reflective practice can bring is that it is already utilised and, on examination, perceived positively by senior security risk management practitioners. This underscores the professional relevance of the learning tool; it presents a potentially useful starting point for a far-reaching introduction of reflective practice into security risk management practice, security risk management training and education to enable a much broader range of security risk managers to enjoy its benefits. More specifically, the findings imply the following:
A need to address vulnerabilities in theoretical understanding
The discovery that senior security risk management practitioners purposefully and regularly reflect on their professional practice is encouraging, as it suggest that they are committed to improving professional practice. However, the observatioin that their theoretical understanding of reflective practice is rather limited presents a vulnerability that should be addressed.
It is encouraging that senior security risk managers employ different types of reflection on professional practice, organisational reflection and individual reflection on practice. While methods such as after-action-reviews and lessons learned seem to guide organisational reflection on practice, senior security risk management practitioners appear to have limited tools available that guide their individual reflection, and this presents a disadvantage. Therefore, a better theoretical understanding of reflective practice would likely enhance security risk managers’ institutional reflection on practice as well as their individual reflective practice.
A potentially missed opportunity by not using reflective practice in non-emergency situations
The observation that senior security risk managers’ reflective practice is often prompted by atypical situations and less so by routine practice situations, is not new. Similar observations were made with regard to reflective practice in other occupations. However, it would likely be beneficial for senior security risk management practitioners to incorporate reflective practice into routine practice situations to improve on the latter by taking advantage of the benefits that this provides.
Increase the number of beneficiaries by incorporating reflective practice much wider in security risk management practice and training
The observation that senior security risk management practitioners perceive reflective practice as supportive of professional practice appears to be an advantage from at least two perspectives. First, having the support of senior security risk managers would likely facilitate the introduction of reflective practice in security risk management training and education. Cooperation between the industry and educational institutions appears essential to build reflective practice (theory) into training curricula. Secondly, senior security risk management practitioners’ supportive position of reflective practice would most likely also assist the introduction of reflective practice to the workplace. Introducing the tool from the top down rather than from the bottom up would likely create greater impact as well as momentum in the introduction and application of the tool in the workplace.
Reflective practice offers an added value for professional security risk management practice as it allows practitioners to reflect on their professional activities to engage in a professional learning process. In turn, professional learning processes enable practitioners as well as practices in general to develop. To ensure that security risk management practitioners are able to harvest the benefits that reflective practice offers, a few key recommendations are made:
Formally introduce reflective practice into security risk management
To improve senior security risk management practitioners’ currently limited knowledge of reflective practice theory, which would certainly enhance security risk managers’ application of reflective practice in the workplace, it would be beneficial to introduce the theory properly through education and training programmes. For example, reflective practice already forms an effective element of the professional doctorate courses at the University of Portsmouth’s Institute of Criminal Justice, and could be extended more fully into undergraduate and postgraduate university courses or professional trainings.
Use reflective practice also in routine workplace situations
Reflection on professional practice is mostly employed in non-routine workplace situations, whereas routine workplace activities do not receive the same reflective treatment. An attempt should be made to introduce reflective practice also into routine security risk management practice; this would ensure that routine practice, which occupies the majority of the security risk managers’ time and effort in the workplace, also benefits from the advantages of reflective practice.
Conduct further research
Although this study offers both a substantive theory about how senior security risk managers experience reflective practice as well as practical information about reflective practice in security risk management, it is suggested more research is required to test the substantive theory and explore the topic in greater detail. The output of this study is important as it fills a gap in our theoretical understanding about the relationship between security risk management and reflective practice, and it offers recommendations that can assist in enhancing security risk management practice. However, security risk management is a rapidly-growing and multifaceted practice; more research into the two dimensions of this study is suggested toward investigating the utilisation of reflective practice within the occupation in greater detail. A better understanding of how reflective practice is employed across the broad spectrum of the occupation will likely further enhance its application within security risk management.
I would like to thank all research participants for their partaking in this study as well as my doctoral supervisors and the administrative team of the Institute of Criminal Justice Studies of the University of Portsmouth for their support and encouragement. In addition I would like to thank the United Nations Department of Safety and Security, especially Under-Secretary General for Safety and Security Mr. Peter Drennan, for permission to interview a small number of UNDSS security risk management practitioners as part of this study.
by Alexander Nikolaus Hasenstab