Risk Assess for the Safety of Shoppers, Staff and Stock

Author: Charlie Swanson, Principal Trainer at Perpetuity Training

Retailers are having a tough time of late, with Toys R Us, Maplin and Mothercare amongst others all hitting the headlines. The British Retail Consortium (BRC) did little to lighten the mood when it published the findings of its annual Retail Crime Survey. It shone a light on the increasing levels of violence being experienced by shop workers, and how the industry is shouldering a burden of £700 million, as a direct cost of retail crime.

Whilst theft represents three-quarters of the total cost of retail crime, the most worrying revelation is the rate of reported violence against staff which has doubled in a year, to six attacks per thousand members of staff. This suggests that thirteen shop workers (and that includes security officers) become victims each day.

The retail sector isn’t resting on its laurels, as the Chief Executive of the BRC, Helen Dickinson says in her Foreword in the 2017 report: “Our members are fully playing their part in tackling retail crime, spending in 12 weeks on crime prevention is what they did for the whole of the previous year. But that level of spending may not be viable in the longer-term.”  However, I would argue that there is a world of difference between doing things right and doing the right things. Spending huge sums of money makes a strong headline and investing in the latest systems may seem like the right thing to do (And in some instances it may be).

But how much of the investment in combatting retail crime is spent wisely?  Statistics show retail crime continues to rise.

Criminals will always be on the front foot until we risk assess

If we are going to tackle the rise in retail crime we need to start at the beginning. That means making sure we are doing the basics and doing them well. This begins with the uncomfortable acknowledgment that the criminal is always on the front foot. They are all too often successful because they are adept at spotting and exploiting vulnerabilities. Put simply they do something many retailers are failing to do adequately or altogether – they risk assess.

It sounds obvious, but if you can pinpoint areas of exposure and close them, the risk to the organisation is greatly reduced. This holds true whether talking about the physical security of a store in a shopping centre, or an online store combatting the growing threat of cyber-crime.

Implementing the wrong systems or using the right systems in the wrong way

A lot of the money spent securing retail establishments is dedicated to systems (both physical and an increasingly large percentage on cyber). Organisations are always being told that there is a new solution to their woes, and there are many excellent examples where technology in many different guises is being used to great effect. Similarly, there are many instances where what has been specified was not fit for purpose, installed poorly, or used inefficiently.

Many buyers are not clear on what they want, what they need their security systems to do, and don’t understand its limitations (which for obvious reasons are rarely explained during the procurement process). This is just one area where a risk assessment, conducted by a qualified security professional, would help to ensure the right questions are being asked, so that any investment that does not directly address an identified vulnerability would be ineffective.

Security systems putting untrained staff at risk

Of course, the large retailers such as supermarkets have dedicated security teams who tend to understand security systems and the need for regular risk assessments (albeit to a certain degree). For small independent store owners, it can be a challenge, because they want to spend as little as possible on security such an investment can have an even greater impact on the bottom line. However, even if the store with one CCTV camera and monitor has not undertaken a thorough risk assessment and trained the operator, the system is not being used to its full potential.

What’s more, some security systems which are commonplace for larger retail stores, have been installed without adequate training or processes, and are potentially actually putting people in danger. A good example is the electronic tagging of products. When the alarm sounds as someone exits the store, it is likely that members of staff may not have a full appreciation of the situation. It could be an innocent mistake, and perhaps the cashier didn’t remove the tag from an item of clothing, or it may be an attempted theft. All too often it is the nearest member of staff that reacts based on instinct rather than best practice and potentially places themselves in harm’s way.

To give one example of poor procedural understanding and communication. I spoke with two young shop employees who chased a thief running out of a store with some electrical goods. When they caught up with him he produced a syringe seemingly filled with blood, and exclaimed he was HIV positive. When asked why they ran after him, they explained that the manager had told them to do so, or else face disciplinary proceedings This could be an anecdote from yesterday, given the BRC report highlights syringes as the second most significant weapon used, however, this incident took place way back in 1994! This may still be happening today and if so, it is wrong on so many levels.

Awareness and education from CEO to Saturday staff

You can conduct a risk assessment, have the right systems installed in the right way, but it must be accompanied by awareness and critically training, in order for the assessment to be truly effective. In the previous example, the Manager clearly acted irresponsibly. However, the two members of staff on the shop floor should have been trained to know what response is required of them, which most certainly would not be to give chase.

Lack of training and adherence to best practice is currently a massive problem area. Often members of staff at all levels of the business are ill prepared regarding how to mitigate the risk presented to themselves, customers and merchandise.  Every Store Manager needs to be aware of their duty-of-care to the safety and security of staff, customers and merchandise; but the CEO, Saturday staff and all in-between also need to be mindful of the risks to the business and the checks and balances in place to mitigate against them. An organisation is only ever as strong as its weakest link, and you can be sure a criminal, whether physically entering a store, or via cyber-attack, will look to exploit this.

Improving successful prosecutions

Another important factor, is ensuring those who commit crime are prosecuted, and this means being able to furnish the Police with sufficient evidence that is admissible in a court of law. With Police resources stretched they need all the help they can get when investigating an incident.

Basic steps such as ensuring camera systems are installed correctly can make a huge difference (this can be a particular challenge for smaller retailers).  One shining light is Card Factory which has been complimented by the Police for the phenomenal quality of CCTV that it is able to share with them from its estate of more than 900 stores.

I have been teaching risk for more than 30 years and in many respects my mantra has not changed when it comes to extolling the virtues of a thorough risk assessment, and subsequently communicating that risk right across the organisation in some form of training and awareness. So, before another penny is invested my advice is to start assessing, planning and preparing today. Whether it is completed in-house or with the aid of a specialist consultant, good security is about getting the right blend of people, process and technology.

At the moment, in many instances it isn’t happening, maybe falling between the cracks somewhere between the CEO and the shop floor.  The bottom-line is without effective risk mitigation measures retailers will continue to render their business to unnecessary risks and suffer increasing violence against staff, and shrinkage, which includes the loss of stock attributed to factors ranging from staff theft, shoplifting and vendor fraud.


Charlie Swanson MSc, PG Dip, FSyI, CSyP, SIRM

Charlie is the principal trainer with Perpetuity Training, part of the Linx International Group.  During a career in the Royal Military Police, Charlie had extensive operational experience in hostile environments within Europe, the Middle East and the USA, developing key specialist security skills. Charlie has since enhanced these skills within a commercial environment in the manned guarding sector and as a security consultant and trainer.

Charlie is a Chartered Security Professional, who’s specialist skills include electronic security systems, quality management systems ISO 9000 auditing, risk, crisis, and disaster management, anticipated risk based management, counter terrorist risk surveying and physical security surveys.

Please enter your email address below in order to be added to our newsletter mailing list.