Risk Management in the Construction Industry
There was a time when a construction company’s assets could all be loaded into the back of a pickup truck. Jobs were “simpler” and plentiful. As the industry has expanded and matured, this has changed dramatically. From small specialty contractors to large general builders, the variety of assets and the cost of these assets have grown exponentially. Nowadays, contractors spend tens and hundreds of thousands of dollars on field equipment and office technology. It is simple to take a piece of field equipment and chain it, lock it, or hoist it 100 feet in the air. What about the “invisible” assets?
Some of the most valuable items companies own are their client lists, contact names, past projects, and the software that manages all of this intellectual property on the business’ behalf. These are out of sight and often out of mind when it comes to assessing risk and taking steps to protect a contractor against loss, but they are crucial because they set the company apart. Failure to adequately safeguard these assets could compromise a contractor’s chance of survival, especially in an adverse economic climate.
The Internet compounds the risks as information is shared and accessed from locations outside the office or the network. While the digital world promotes connectivity with clients and suppliers by allowing firms to share documents and communicate between themselves, it also increases the possibility of breaches and theft. This vulnerability requires construction firms to implement policies and processes that extend security across the work site and the office to ensure protection of both physical and intellectual assets.
The risk management process for construction firms begins by identifying the steps involved: assessment, mitigation, and monitoring and reporting. Assessment is the first step for companies. It allows them to identify and evaluate vulnerabilities and potential areas of exposure to the business, whether the risk is physical, intellectual or technological. Areas for assessment include business processes such as, auditing the existing administrative policies, adequately training employees and reviewing security oversight processes. Often, contractors know to implement some level of computer access security, such as procedures for passwords, backup and recovery, and network virus/malware protection. This focus is centered on the external theft or attack, but what if the unthinkable happens and a theft or attack occurs from the inside?
Following an assessment of business practices and technologies, which includes working with current employees to identify process opportunities, businesses move to the mitigation stage. This refers to developing risk management procedures that will proactively reduce and eliminate vulnerabilities on an ongoing basis. Assessment and mitigation need to be supported and sustained by monitoring and reporting policies that are conducted on a regular, scheduled basis and are under constant review. Having safeguards in place will ensure companies are alerted to any potential discrepancies, breaches or dangers. Are passwords changed when employees leave? Does the contractor know who is accessing the applications that house their contacts and their projects? If people walk out the door with copies of the software, can they still use it even after they are no longer employed by the company?
Contractors face a series of challenges implementing risk management procedures and are able to learn from the experiences of other industries, such as manufacturing and the energy sector. One strategy that provides increasing benefit to construction contractors is office automation technology, which locks down tools, information and assets while helping to drive up productivity and profitability. One challenge is a multi-locational business structure. Contractors must balance their in-office tasks with their on-site projects and the need to share information in real time between locations. This includes being able to transfer time and labor documents, as well as recognize changes to plans and accommodate client demands. The documents must be transferred between laptops, PCs, tablets and even smart phones in a secure fashion.
Intellectual property theft has become a concern among businesses as a result of an increasing dependence on the ever-widening variety of devices available. Sadly, much of this theft is coming from inside the business. An on-the-go workforce makes it easier to access and share sensitive documents anywhere, at any time and with anyone. In fact, the 2011 CyberSecurity Watch Survey estimates that 21% of cyber crimes committed against organizations and business are perpetrated by employees or other insiders. This poses a further challenge to contractors when it comes to management strategies. How can information, processes and property be secured without micromanaging and creating an unsatisfying work environment for employees?
Companies can navigate this tricky balance by deploying both manual procedures and automated solutions that provide ways to access and track information about data usage in real time. This ensures accountability and oversight, whether employees and data are within the office or at a remote site. The key to control is knowing—not guessing—who is using what information, with which applications, and on what device. Contractors who turn to construction automation solutions protect their assets and are able to drive up productivity while mitigating frustration and risk.
More advanced steps to protect the physical office and the jobsite are required. On-site equipment has long been protected with physical locks and site barriers during off-hours. Now, many firms are implementing security measures during on-hours for the on-the-go workforce that includes secure badges and swipe cards for entry purposes.
A risk management strategy leverages intelligent construction automation software to answer the questions: who is doing what, what information is being used and which devices are leveraged during the process? This information is partnered with a contextual understanding of protection procedures benefiting all participants—owners, employees and clients. Risk management safeguards companies by protecting their physical and intellectual property, including sensitive business information and plans for new products and/or services. Requests for proposals are contractors’ bread and butter, and companies that have experienced breaches—digital or physical—may be less likely to be contracted, no matter their experience level. By implementing controls, construction firms can safeguard and boost their own reputations among clients and the industry.
Construction companies are not the only entities at risk when a breach occurs. Client information is also vulnerable. Risk management will protect clients’ data and influence their future business decisions, including the people they contract with in the future. As technology advances and competition increases, risk management will only become more necessary for construction firms. Selecting the right construction automation solutions that assist the contractor in quickly and easily monitoring who are accessing plans, bids and projects are critical for a safe and secure growth plan.