Risk assessments carried out by the Manchester Arena operators prior to the Ariane Grande concert in 2017 were nothing more than “box ticking", an inquiry into the ensuing terrorism attack that killed 22 people has heard.
Miriam Stone, SMG's Head of Events, who was one of the duty managers on the night of the attack, told the inquiry there was no specific assessment done for the Ariana Grande concert or consideration given to terrorism risk, and that the assessments that were carried out were just to ensure boxes were ticked.
SMG had put the arena’s terrorism risk level at low, despite the national threat being “severe” and although suspicions had been raised about bomber Salman Abedi, these were not passed to the control room.
It was discovered after the event that Abedi had hidden in the mezzanine area of the arena, which was a CCTV blindspot and an area that security provider Showsec said it wasn’t expected to check. But, Ms Stone argued, "It's all one room. I would expect all of it to be checked."
The inquiry heard Ms Stone was concerned about terrorism and helped devise a training exercise in December 2014 which rehearsed for an attack inside the arena's City Room, where the attack took place.
On the management of the risk of terrorism, government guidance states that robust risk management processes will anticipate and assess risks to the organisation. The risks should be mitigated through preventative measures such as ‘target hardening’, the training of personnel and an effective use of information security systems. Having worked on preventing the risk materialising, the organisation must still be ready to respond and recover from a business interruption, regardless of its cause.
With regard to protective security and resilience, the best way to manage the hazards and risks to your business is to start by understanding and identifying the threats, vulnerabilities and the resulting business impact.
This will help you to decide:
- what protective security and resilience improvements you need to make; and
- what type of security and contingency plans you need to develop.
Your business may not be under direct risk of terrorist attack; however, serious risks should always be addressed and eliminated or controlled so far as is reasonably practicable. Risk assessment can help to prioritise risks and deal with them in an effective and targeted way. It will help you determine how and where to deploy resources so that investment in health and safety is efficient.
If risks are identified correctly and everyone works safely, the organisation will be more efficient – workers should be happier at work and enjoy their work knowing that they are safe. Money will not be wasted on dealing with incidents at work and it will hopefully ensure the organisation does not get prosecuted.
Risk assessments can seem daunting at the outset. To make them easier, it is best to be systematic. They should be suitable for the purpose, and go into a sufficient amount of detail. The level of detail will depend very much on the level of risk. The greater the risk, the more detail that you are likely to need to record.