Counterterrorism and risk management frameworks

This section explores practical aspects of risk management and steps your organisation can take to strengthen risk management policies and practices, while maintaining a principled approach. It endeavours to make risk management approaches accessible and understandable to a broad range of staff, including those who are field-based and responsible for programme implementation.

What is risk management?

Risk management is a process to help staff systematically think though what risks may arise in specific contexts and what can be done to mitigate these. It addresses the question of what organisations can do to make sure that as those most in need are assisted as much as possible in a principled manner, despite challenging contexts, by identifying, monitoring and tackling key risk factors.


  • Risk: Uncertainty, whether positive or negative, that may affect the outcome of an activity or the achievement of an objective
  • Risk management: a cycle of identifying and assessing risks, assigning ownership of them, taking action to anticipate and mitigate them, and monitoring and reporting progress

Why use a risk management framework?

Owing to the nature of the environments they work in, staff of humanitarian organisations constantly manage risk. Where this is done in an ad-hoc manner there may be gaps and inconsistencies in the way risks are identified and managed. In order to prevent this, organisations should consider adopting a framework to establish clear processes for identifying and managing risks. Counterterrorism issues should feature strongly within this framework. The key components of a risk management framework are outlined in this section. Where an organisation does not have a clear risk management approach in place staff and teams can still apply these risk management processes to the contexts they work in to address CT issues.

Risk Description
Operational Inability to achieve objectives
Security Violence or crime
Safety Accident or illness
Fiduciary Misuse of resources, including fraud, bribery and theft
Information Data loss, breaches or misuse
Legal/compliance Violation of laws and regulations
Reputational Damage to integrity or credibility
Operational Inability to achieve objectives
Ethical Insufficient application of the humanitarian principles and duty of care, lack of adherence to organisational values and mandate