Risk, Blame, Security, Crisis, Governance & Management: Thematic Document and Narrative Analysis

Deriving better practices and lessons learnt from any and all public health, safety, security, risk and crisis events requires comprehensive analysis and ethnographic consideration of all representative findings, views, practices and affected parties.

As with most sciences, this process should be public, structured and contributed to by qualified, trained and experience professionals. Otherwise, public slinging matches between power, influence, politics and concealed preferences ensue.

More importantly, the understanding and application of security risk management in public and private settings can be enhanced by analysing and reviewing case studies, research and the informing body of knowledge, by technical and scientific means. 

Therefore, public inquiry and public documentation provide an excellent opportunity to unpack complex health, governance, security sciences, risk management, sociological and ethnographic influences. 

In other words, lessons can be learned, and processes studied to prevent similar instances and maintain high standards / better practices.

The following analyses the recent "Fault Lines" publication using corpus linguistic, hermeneutics and thematic codification and analysis. More on these methods and approaches below.

Context

Document, discourse, and legal exhibit analysis can be a daunting, time-consuming, and an exhausting process. 

Therefore, criminology, criminal justice, security risk management, risk sciences and public safety degrees and advanced studies teach, prepare, and refine professional analysis of documentation, testimony and the 'message behind the complexity'. 

This summary analysis employs several techniques and process but errs on the side of visual explanation and breakdown to aid in speed and clarity of knowledge transfer and analysis. In short, the graphics cut to the essence of the message, thinking and foreseeable outcomes. The accompanying narrative provides professional commentary and analysis to explain, in part, what you are looking at. 

Preliminaries

The above list of words is a concordance , or inventory of all the words, terms, and expressions used across three volumes of reports and 100 pages of findings. The first observation and messaging that stands out is the use of the word health (n=412 ). This can mean many things and remains a very broad classifier for a wide range of issues, actions and corrective actions. In short, it highlights an issue but is likely inconsistently used and referenced. Data (n=220) appears less than half the amount of times, confirming to a degree that health is not always supported by data or data itself drifts across contexts, relevance and specifics. This is in part observable in the use of should (n=217), which provides guidance rather than authority or absolutes. In other words, clear, actionable specifics remain elusive and less prominent.

A string of other expressions and words such as research (n=85), advice (n=78), evidence (n=59) may refine these recommendations but remain buried in the text. However, control (n=18) is mentioned the same amount as learn (n=18 ), and more than science (n=14), prevention (n=10 ) or proof (n= 0). Which would indicate there are numerous anecdotal narratives, personal views and editorial content than empirical methods and evidence.

Consumers and decision-makers should be cautious in relying on this kind of advice or assuming more broadly this is an academic or empirical finding(s).

This taxonomy and nomenclature suggests the outcome and recommendation are largely determined and prioritised in advance. 

Knowingly or subconsciously, the outcome appears predetermined, besides suggesting one or more concealed preferences. 

Triangulation is needed to validate or support such a preliminary hypothesis. That is, use of another means to de-bias presumptive theories. In this instance, a thematic word cloud, scrapping the entire vocabulary used in these reports, displays the prominence of each word or term. Or the corpus linguistics contained in the report, which informs how readers may interpret (hermeneutics) the declared and concealed meaning(s) . This is shown below:

Threat(s)

At the most rudimentary level, risk management, safety and security practices are predicated on knowledge and identification of a specific threat, exposure to said threat, vulnerability, mitigation or prevention measures...which result in a 'risk'. In other words, threats (all-hazards) must be analysed in detail, from which all other actions flow. The fact that threat(s) (n=7) is neither prominent nor considered in full within the discourse attenuates all views and findings, as neither one threat nor an 'all-hazards' threat or vulnerability informs the process, analysis, or findings. 

In short, what exactly is the harm, danger or peril in this instance? 

COVID-19 may seem axiomatic, it is inadequately considered here, along with all other potential and plausible threat(s), including good/bad decision making.

That question remains unfulfilled if not adequately analysed or documented. It also distorts recommendations and understanding.

The thematic association and relationship of the word 'threat' is just as important as the use (or lack of) the expression in general. While there appear to be attempts to discuss or review threat by association with vulnerabilities, attacks, prevent, and so forth; it appears as though it was never completed or undertaken in full.

As a result, 'controls', advice and solutions will not be either threat-based or adequately risk-informed.

Intelligence

Intelligence (n=1) appears to suffer the same lack of consideration and representation. A lack of intelligence practices, investment or specified discipline leaves health, safety, security, risk and resilience practices ill informed or blind. Moreover, where intelligence has been provided, but not acted upon or buried, greater harm, risk and loss becomes almost axiomatic or inevitable. That is, management becomes more akin to 'theatre' as opposed to evidence or science orientated.

The associate usage and representation of 'intelligence' is also informative and instructive. That is, the narratives leading into and out of 'intelligence' highlights the nexus effect. 

In other words, intelligence may be used as an authoritative, representative, dismissive or flippant statement.

Vulnerable

Assertions of vulnerable require context, proof and exposure to a specific threat or risk(s). As vulnerable (n=20) is used sparingly, and as a broad statement of pre-determined susceptibility (lack of risk calculus or reason for using the expression) it is unreliable and inconsistent as a term of reference here or across other, comparable findings and analysis. In other words, it is used to draw attention or tell a story, as opposed to an evidenced, empirical finding in this context.

The thematic relationship and context below confirms the vague, inconsistent use of the word across contexts, meaning and issues. Ironically, as demonstrated below data deficiency constituted a threat and potential risk. Yet it is not expressed nor communicated as succinctly here. An important observation and finding for researchers, analysts and academics moving forward.

Security

Security without intelligence or understanding results in wastage and is unlikely to serve any meaningful protection or preventative role. 

It may 'look' effective, be celebrated or represented, but without guidance, specificity and detailed analysis... it becomes just another general management task. Typically directing equally misguide vendors, services and technology. That is, without knowing what is the value, threat, exposure and vulnerability...what exactly are you expecting to 'secure' or 'make safe' from harm, loss, delay, destruction or sub-optimal utilisation? 

More importantly, what specific security issue(s), regulations and legislation is informing your practice and application of 'security'. 

As security (n=34) is neither emphasised nor considered in full here, it is likely it was inadequately considered throughout the report, analysis and advice. Assets (people, information, processes, property, reputation, etc) all remain 'at-risk' or contested until considered in full or adequately in this issue/context.

Security is not policing. 

Policing is not security. 

Delineation, complementation and integration appear absent in these narratives and analysis.

The manner in which security is expressed, represented and linked also informs and instructs. 

Security appears to be tethered to 'other' things, places, contexts, actions and technology. Not a prescribed outcome nor management process. 

This is most prominent where security is not linked nor associated with specific threats, vulnerabilities or responsible actors, entities and departments/corporates.

Fault

This report is predicated on advanced, determinative blame by the use of the word fault (n=27). That is, fault is not the product of rigorous analysis and systematic assessment, but more an editorial opinion of one or more authors.

Considered within the context of the narrative provided, fault appears to be a more editorial, anecdotal and sensationalistic term used by the authors. Fault is not the product of objective analysis or academic rigour, in this instance.

Therefore, generalised blame seems one of the primary purposes of the document and analysis.

Evidence

Evidence (n=59) should remain the basic tenant of science and advice to public or government. However, evidence presents as a demand of the report, as opposed to that which was used to inform the findings, recommendations or analysis.

Evidence as a commentary placeholder is visible in the entry/exit thematic word tree below. As a result, evidence remains a dichotomy of this particular report, as it seeks evidence where evidence was not used in construction. This may present as somewhat of a tautology, but consumers and lay people (decision-makers) are likely to confuse and not make the distinction between the need for evidence and the omission in evidence in terms of opinion formulation.

Safety

Safety, security, risk, harm, etc are routinely interchangeable within public discourse and corporate settings. 

Safety can mean the same thing, different things and many things. 

Safety (n=9) presents as equally inadequately considered and drifts in context from that of security and risk. 

Further conflating understanding and remediation. Moreover, safety (public, personnel, community and health) safety is not a theme or key consideration in this report)

Thematic placement and utilisation of 'safety' demonstrates this lack of focus or consideration

Risk Management

In the absence of awareness, analysis and representation of threat(s), security and intelligence...what specific risk(s) are present and therefore being 'managed'? 

The below declaration and expression of risk management is a unique, manufactured narrative specific to this document. 

It is the subjective perspective of an undisclosed author(s), resulting in an anecdotal narrative presented an authoritative statement, likely to influence and taint naive researchers, analysts, practitioners and academics. 

In short, you won't find these 'risk' statement anywhere else. It is not science, it is not academia, nor is it even the language of 'standards', of which there are a few. "Risk management" (n=46) is therefore, in this context, a seemingly heroic saviour to the problem as another repurposed form of 'control', which is equally lacking in evidence, ill conceived and lacking specific input on threats, safety, security, intelligence and the like. 

This narrative summation appears more the language of auditors, accountants, management consultants and those vying for solutions and controls, frameworks and management salvation post inquiry.

The means and preference of the use of the word 'risk' is subject to considerable, undefined and inconsistent 'drift'. That is, it means many things, never the same. As a result, risk is unreliable and more alarmist and classifier than risk science or academic rigour.

Control

The seemingly presumptive and deterministic intent of this report. 

That is, greater, better, different, new or big brand 'control' (n=18) will save the day. Prevent repeat or potential and general bad behaviour. 

Historically, scientifically, academically, practically and realistically...control has rarely been the saviour or solution. 

Time will tell.

Given that 'manage' is as a word evolved from "handle, train or direct" horses, it is perhaps no wonder 'control' features so prominently in the discourse, remediation or suggestive narrative, in this instance. 

However, the absence of understanding, analysis and focus would seemingly undermine even the most efficient of 'control' uplifts, transformations, tactics, initiatives or strategy. 

Particularly where the author(s) appear to seek to supplant or prefer one form of 'control' over that of another. Without supporting research, evidence or analysis.

Framework

Frameworks (n=16), like 'control' promise a better outcome, process and assurance to consumers. They rarely work and are routinely obligatory published documents that are in practice are undermined and circumvented by behaviour, culture, decision making, trade-offs and day-to-day decision/pressures. With that said, frameworks remain essential for public governance, governance and public safety/security.

It would appear the adherence to public governance frameworks are contested, noncompliant and the real discovery or concern of this report.

Remembering, frameworks are another 'saviour' expression of consultants, auditors and committees. Ironically, called to review and analyse systems and structures that had frameworks in place prior to crisis, disaster or harm. Framework superiority and substitution is a criminological, risk/security science field of enquiry, which routinely finds the practice of supplanting frameworks fail to address deep seated issues and cultures.

Summary

In nearly all settings and contexts, harm, loss, risk, security, resilience or mitigation can not be pursued efficiently or effectively without first seeking to understand the issues, threat, exposure, vulnerability, management influences and prevailing 'risk'. 

Be it knowledge, analysis, education or intelligence, a systematic and scalable process needs to be consistently applied. This informs not only corrective action, remediation, compliance and 'risk', but also governance, prioritisation and resource allocation. 

The absence or lack of representation of these features and functions are not only consistent with most failures, shortfalls and catastrophic disruptions but also comprises the essential factors for correction moving forward. 

In this instance, the issue, context, threat, intelligence, risk and therefore harm have not been adequately considered in full or with any degree of depth. 

Time will tell if the pursuit of greater 'control', frameworks or 'alternate' approaches will solve these complex, networked and deeply entrenched factors. 

However, in the meantime, researchers, analyst, practitioners, and professionals should re-evaluated or explore in more detail before citing and accepting the findings contained herein.

Ironically, despite asserting that:

"200+ Consultations with health experts, public servants, epidemiologists, community groups, businesses, economists and many more "

Safety, security, risk and crisis practitioners, professionals and scientists appear under represented or excluded from these 'consultations' (no detailed evidence provided or included in this report). Perhaps that may be an additional, corrective action in the future or parallel pursuits on this matter.

Tony Ridley, MSc CSyP FSyI SRMCP

Risk, Security, Safety, Resilience & Management Sciences