Employer’s legal duty of care and security risk management in high-risk environments: a theory-based case study of the gross negligence of Norwegian Refugee Council in 2015
Laaksonen, Johannes (2018)
Laaksonen, Johannes
Laurea-ammattikorkeakoulu
2018
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2018060813230
https://urn.fi/URN:NBN:fi:amk-2018060813230
Tiivistelmä
This thesis is a study of the Oslo District Court 2015 ruling of gross negligence on the part of the Norwegian Refugee Council (NRC) towards its staff consultant Patrick Dennis. Mr. Dennis was on an assignment in Kenya in 2012, when his convoy was attacked. He was shot in the leg, kidnapped and held for a period of time before rescue. He later sued NRC for damages sustained, and won in court.
The court case was a first for the industry, a landmark case of a humanitarian organization found guilty of a serious breach of duty of care. It has prompted humanitarian organizations to paying increasingly careful attention to their practices of managing security in their challenging high-risk operational environments.
This thesis is a case study of the failures by the NRC to properly establish reasonable security risk management practices. Commissioned by A Finnish NGO, it also attempted to draw lessons learned for the industry in managing their security in a more effective manner. The study is a theory-based content analysis that compares the theoretical and knowledge framework of the ISO31000:2009 risk management model to the official Oslo District Court ruling of 2015. The Oslo District Court ruling does not refer to risk management directly. In analysing the ruling, the study used the methodologies of theory-based content analysis in finding implicit parallels and meanings in the ruling that can be compared with the different steps of the risk management model. It attempted to find meanings in the text of the ruling that referred to failures in establishing the risk management context, in risk identification, in risk assessment and in risk treatment.
They key finding was that the Oslo District Court ruling can be interpreted to have implicitly referred to failures for NRC during all steps of the risk management model used as the theoretical base. Failures were many and are listed in detail in the findings. Furthermore, for the security management model proposed in this thesis to be effective, the NRC ruling showed that absolute care must be placed to conduct the risk management process properly from the beginning. NRC’s failures were, to a large extent, failures made when the risk management process was begun.
Furthermore, all the findings are summarized in a table that is used by the commissioning organization and other interested parties as a reference on how, if applying the ISO31000:2009 model, similar incidents can be avoided in the risk management practices in the future.
The court case was a first for the industry, a landmark case of a humanitarian organization found guilty of a serious breach of duty of care. It has prompted humanitarian organizations to paying increasingly careful attention to their practices of managing security in their challenging high-risk operational environments.
This thesis is a case study of the failures by the NRC to properly establish reasonable security risk management practices. Commissioned by A Finnish NGO, it also attempted to draw lessons learned for the industry in managing their security in a more effective manner. The study is a theory-based content analysis that compares the theoretical and knowledge framework of the ISO31000:2009 risk management model to the official Oslo District Court ruling of 2015. The Oslo District Court ruling does not refer to risk management directly. In analysing the ruling, the study used the methodologies of theory-based content analysis in finding implicit parallels and meanings in the ruling that can be compared with the different steps of the risk management model. It attempted to find meanings in the text of the ruling that referred to failures in establishing the risk management context, in risk identification, in risk assessment and in risk treatment.
They key finding was that the Oslo District Court ruling can be interpreted to have implicitly referred to failures for NRC during all steps of the risk management model used as the theoretical base. Failures were many and are listed in detail in the findings. Furthermore, for the security management model proposed in this thesis to be effective, the NRC ruling showed that absolute care must be placed to conduct the risk management process properly from the beginning. NRC’s failures were, to a large extent, failures made when the risk management process was begun.
Furthermore, all the findings are summarized in a table that is used by the commissioning organization and other interested parties as a reference on how, if applying the ISO31000:2009 model, similar incidents can be avoided in the risk management practices in the future.