With events related to terrorism, global health scares, extreme weather, localized violence and other disruptions increasing "in both frequency and severity over the past several decades," a new white paper from iJet Intelligent Risk Systems and the National Business Travel Association advises companies to advance their risk-management programs.
Defense contractor Lockheed Martin and U.S. space agency NASA--two organizations keenly interested in traveler whereabouts--are doing just that using a new tool from iJet that helped them benchmark their travel safety and security efforts and identify areas needing improvement.
The Travel Risk Management Maturity Model (TRM3) "is loosely based on similar models found in the information technology and program management fields," according to the white paper. The paper spells out 10 key process areas (KPAs) covered by the benchmarking tool: policy/procedures, training, risk assessment, risk disclosure, risk mitigation, risk monitoring, notification, data management, communication and response. Based on these components, corporations can evaluate the maturity of their risk management programs, ranging from level one, or "reactive," to level five, "optimized." For a program to achieve a certain maturity level, all 10 KPAs must be rated at or above that level.
The white paper warned that companies at the "reactive level" are "at substantial risk and could incur significant liability for not meeting the basic duty of care for your travelers." Those companies should solicit support from general counsel to obtain the necessary resources for implementing or enhancing their risk management programs. At the "optimized level," companies have achieved a "world-class" fully integrated program that enjoys "cross-organization support;" collects metrics and feedback from travelers; uses automated compliance monitoring; runs "exercises and drills;" and relies on continuous process improvement.
During an NBTA conference here last week, iJet presented aggregate data from 50 organizations that had rated themselves, showing average KPA scores ranging from about 1.5 to 2.5. As more companies use the tool, participants will be able to benchmark themselves against peer organizations--by size, geography and industry sector--according to iJet COO Martin Pfinsgraff.
"We conducted the TRM3 assessment and rated ourselves as 'proactive,' a level 3 plus 5 rating," meaning that five KPAs rated at 3 and five above 3, said Lockheed director of corporate travel services Richard Wooten.
Corporate security and corporate travel lead the company's travel security program, but Wooten noted that such groups as medical, risk and legal need to be more closely involved. "One area we really need to focus on is a cross-functional approach and increasing communication and awareness with our travelers and also senior management, to help them understand the need for risk management," he explained. "We came out of there with a good roadmap of things we have to focus on."
One area already addressed is traveler tracking. Six years ago, Lockheed built its own system but "unfortunately, that did not work as well as we hoped," Wooten said. "One of the most difficult parts is accepting all the changes from the travel agency and keeping that information fresh. That is a pretty complex endeavor. We actually outsourced that to an automation company, implemented it in September of last year and deployed it across the enterprise."
At the NASA Johnson Space Center, Sept. 11 served as a wake-up call. "We realized that we did not know where in the world our employees are, which, for an agency charged with space exploration, was a little bit embarrassing," said travel manager Helen Harris, also speaking during the NBTA event. "We knew where our [International Space Station] crew was, but everyone else had to figure out how to get home. We realized then that we did not have an adequate tracking tool."
Like Lockheed, NASA Johnson Space Center has since outsourced development of a traveler tracking system for its 1,500 travelers, who often carry sensitive information to and from high-risk locations. The organization also now has a foreign travel policy; mandatory traveler training; higher-level pre-trip reviews for trips comprised of large delegations, high-profile travelers and/or trips to high-risk areas; and post-trip briefings with intelligence personnel.
"We determined that we were initially in the high-2s [in terms of the TRM3 assessment] but recently we were able to re-evaluate and determine we are probably a low level three, because we have the policy, the training and a continuous communication back and forth with our travelers," Harris explained.
Hilton Hotels Corp. also performed a TRM3 review, resulting in a level-two score, according to Craig Banikowski, the company's global travel manager and chairman of the NBTA global risk committee. Banikowski said priorities include integrating risk management into Hilton's culture, building a "multi-modal" communications plan, leveraging automation and developing coordination between human resources, risk management, and safety and security personnel.
Companies interested in conducting a TRM3 review can opt for quick or in-depth assessments. For the former, "You can very quickly interview and/or survey the key people involved in your travel and TRM programs," the iJet/NBTA white paper suggested. "By using the KPA rating matrix information [listed in the white paper], each survey participant can select the level that best describes his or her assessment of the organization's TRM program for each KPA. The quick internal assessment would simply look for consensus assessments for each KPA."
A more in-depth review could include an assessment process that "identifies and documents actual evidence that the KPA is being performed at a given level," the paper continued, suggesting that companies can use internal teams or external consultants. "This more formal assessment would collect input from all stakeholders including senior and line management, functional department management (travel, HR, security, risk, etc.), support vendors, employees and travelers."
Other developments:
- The NBTA global risk management committee is developing lists of suppliers providing risk management services and checklists for companies of all sizes. "We are giving you the ability to find your own specific areas of concern," Banikowski said, noting that the committee next will examine risks related to kidnap/ransom, ground transportation and private aviation. NBTA also included risk management assessments in its Managed Travel Index & Benchmarking Tool.
- Forty-nine percent of 219 BCD Travel Clients "include specific language related to traveler security procedures" in travel policies, according to a recent benchmarking survey. Meanwhile, 48 percent of respondents do not use a crisis management tool, 21 percent use one globally, 16 percent for domestic travel only and 15 percent for multinational travel only.
- Eighty percent of business travelers polled in another recent survey think their companies have legal obligations to ensure their safety while traveling abroad on business, 52 percent would consider legal action if they were not supported properly and 36 percent have "little confidence" in their companies' abilities to provide "the correct advice" during an overseas emergency. Conducted by consulting firm Control Risks, the survey of more than 1,000 U.S. and U.K. business travelers also found that 54 percent of respondents "carry no specific contact phone number" for use in a crisis abroad, 46 percent "have no clear travel security policy at their firm," and 22 percent "have no idea who to alert in case of an emergency."
- Sabre Travel Network announced its Traveler Security and Data Suite, a Web-based application designed for corporate travel managers to track their travelers worldwide, view historical and advance booking-reports, access traveler itineraries and receive notification "when the number of travelers booked on one flight exceeds the corporation's travel policy." IJet CEO Bruce McIndoe said the Sabre announcement indicates the "down-market" movement of risk management to include small- and mid-size companies.
- Travel security and assistance firm International SOS added custom risk ratings to its product suite, allowing clients to tailor risk profiles for the areas in which they operate by adding their own local knowledge and eliminating "information they already have." The company also is looking to complement its global distribution system-based online Traveler Locator Serviceby "looking at other technology outside the GDS that we think will allow us to get a more ubiquitous coverage in terms of being able to identify and track travelers in the future," according to general manager of International SOS online services David Marks. He said the company also is testing with some corporate clients an "incident management center" to handle bombings, pandemics and other disruptive events. International SOS also launched an online training course for travelers and expatriates "traveling in areas of the world where malaria is prevalent," and a global text message service, "since sending e-mail messages to mobile phones is not always reliable."
- IJet also announced a partnership for messaging services. Working with Send Word Now enables iJet clients to communicate with traveling employees "in any part of the world using multiple devices, at a moment's notice." IJet last month also said it received from the U.S. Patent and Trademark Office a "continuation" that expands an existing patent to "include the method by which the company acquires, analyzes and utilizes travel information." Additionally, the company launched a new service that notifies travel managers when trips are booked "on airline carriers that do not meet minimum standards of operational safety." The Worldcue Airline Monitor provides risk ratings "on more than 300 airlines, including large commercial scheduled passenger airlines and a number of smaller and charter passenger carriers."
Related resource:
iJet/National Business Travel Association white paper on iJet's Travel Risk Management Maturity Model