The Cost of Regret

The Role of Risk Management in Event / Venue Safety Planning

An Australian Perspective
Andrew Tatrai

Licensed Security Consultant

Member Australian Institute Risk Management
assure@aceservices.com.au

It is increasingly evident that Risk Management is a process applicable to effective crowd

management. Although historically considered a corporate insurance and accounting
compliance strategy it is now commonly accepted that risk strategies must be implemented for
human safety (applicable to occupational health and crowd management).

Effectively today an organisation must take responsibility for managing all of their assets.
For anyone involved with management of crowds (venue and event ‘assets’) this responsibility
is of critical significance.

There is always a reluctance to implement things that are not clearly understood. Risk
Management is frequently misconstrued. Risk Management is about common sense,
however the problem is that common sense sometimes isn’t all that common.

Risk assessment has always been an inherent component of effective crowd management,
although it is usually haphazardly applied and implemented without due process. On an
international basis the requirement for risk management application is increasingly being
documented for ‘mass gatherings’. For example, the UK Health & Safety Executive
publications, ‘The Event Safety Guide’ & ‘Managing Crowds Safely’ and the Australian
publication ‘Emergency Management Practice – Safe & Healthy Mass Gatherings’ both detail
a requirement to complete a risk assessment at the crowd management planning stage, and
the Danish ‘Rock Festival Safety Report’ details the importance of a risk evaluation. Although
these guidelines outline a range of risk areas to be evaluated few publications address how to
‘do’ a risk assessment. Australia has the only national standard which assures quality of
process. It in effect removes the ‘risk’ of the risk assessment process being compromised or
inadequately completed by precisely detailing the process requirements.

It is notable that Australia already has a formal competency based education and licensing
system for security consultants and officers, and legislation requiring those involved in crowd
management to be licensed security officers. The qualification includes competencies specific

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 1 of 1
to ‘crowd control’. New licensing requirements for consultants also require completion of
certified risk assessment courses.

The Australian Standards Association developed an Australian standard for identifying,

evaluating and treating risks (AS4360: Risk Assessment) in 1999. This Risk Management
process is an operational tool that can be applied to any risk, whether it is operational,
financial, human resource or industrial relations. It is a clear and simple process, which can
be readily applied to crowd management operations.

A range of international organisations is rapidly adopting it although it is yet to be heralded

within crowd management. Supplementing the standard in Australia are laws requiring every
business with a turnover above AUD$2 million to have a risk management plan in place for
the enterprises they conduct. This is applicable to most venues, record companies,
promoters, sponsors, security companies etc.

This simple system is valuable to methodically assess event and venue risk. I use it
extensively and would like to help spread its positive benefits. As a system it helps overcome
the blasé groupthink of accepting risks that only warrant review after incidents occur. It takes
away the concept of ‘it’ll be alright on the night’.

In Australia the application of AS:4360 is also supported by new Federal government

legislation (effective as of December 15, 2001) which provides criminal penalties for
enterprises that suffer risk management failures. In short should an incident occur that should
have reasonably been identified and treated, and therefore prevented, criminal penalties will
apply to the Directors of that company. If effectively means that anyone associated with
crowd management failures, particularly human injuries and fatalities, which could have been
anticipated, may now potentially face criminal charges. As most crowd management related
incidents can be anticipated this should ‘encourage’ compliance.

The critical point for event safety management planning is to ensure that the Principals don’t
overlook obvious dangers and risks. Machiavelli said ‘people don’t want the truth they just
want comforting’ and we quite often see after a tragedy that many safety processes have
been ignored in a probable act of self-deception, because the people involved have not taken
an independent, methodical approach to identifying and treating risk.

This article attempts to explain the relevance and importance of application of the Risk
Management process specifically to events and venues. It does so by following the process,
step by step.

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 2 of 2
 Often from within an industry (such as the concert and event industry) the apparent risks we
are faced with every day become seemingly inconsequential. Unfortunately attention is not
focused on the types of risks that we have exposed our ‘assets' and stakeholders to until
either an outside assessor places some clarity on the risk or unfortunately a tragedy increases
risk awareness. The Risk Management process is an opportunity for event planners to get an
independent assessment from an outside safety consultant to better analyse the risk at their
events.

The process is identified as:

Establish the context

! The strategic context
! The organizational context
! The risk management context
! Develop criteria
! Decide the structure

Identify risks
! What can happen?
! How can it happen?

Analyse Risks
Determine existing controls
Communicate and consult

Determine Determine
likelihood consequences
Monitor and review

Estimate level of risk

Evaluate Risks
! Compare against criteria
! Set risk priorities

YES
Assess risks Accept risks

NO

Treat risks
! Identify treatment options
! Evaluate treatment options
! Select treatment options
! Prepare treatment plans
! Implement plans

RISK MANAGEMENT PROCESS (AS/NZS 4360:1999)

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants
Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 3 of 3
RISK COMPLIANCE REVIEW: Establish the Context

The first step is completion of a review of any venue/event (or associated stakeholder)
existing policies / strategies for risk currency & compliance. It involves detailed investigation
of any current risk management system (including risk treatment strategies) and its
compliance with all facets of the Australian Standard 4360: Risk Management. It is
fundamentally an audit approach to existing systems to identify requirements and it is reliant
on extensive research and consultation with all key stakeholders, i.e. This is only as good as
the information you are provided.

This stage effectively defines the scope of work.

Eg. For an entertainment event stakeholders include:

Venue Manager
Promoter
Sponsors
Contractors / Suppliers / Staff
Authorities / Regulatory Local Government / Police / Fire / Ambulance
Patrons
Performers, Support & Production Staff
Banks / Financiers / Insurers

Eg. For an entertainment event assets include:

Physical Staff & Patron Resources (Life Safety & Injury)
Building and Equipment / Infrastructure
Financial Resources
Intangible Reputation / Goodwill
Publicity
Contractual Contract Obligations

IDENTIFICATION OF RISK

Identification of risk is the comprehensive investigation and recognition of all potential risks
associated with venue / event operations and facilities after extensive research and
consultation with all key stakeholders. The ‘everything that can go wrong will go wrong (at
some stage)’ concept.

All aspects of event safety planning must be methodically reviewed for possible risk. It is
widely respected that the UK Health & Safety Executive ‘Event Safety Guide’ covers most
aspects of event safety planning. It however does not adequately address crowd
management, emergency management and operations which support these to be sufficient for

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 4 of 4
a thorough risk evaluation.

Risk identification requires thorough investigation of historical or similar identified risk.

Focusing on events/venues this stage reviews all aspects of event operations from a safe
crowd management perspective, i.e. if it impacts on any factor related to crowd density, crowd
movement, crowd behaviour and has potential to contribute toward crowd degeneration it
must be carefully considered.

At this stage of the process all risks within the scope should be detailed, not just those
considered likely. For crowd management operations experts in crowd management and
safety should be involved in the risk evaluation process. For events all previous crowd
management problems and infrastructure failures at similar profile events/venues must be
regarded as potential risk. The US Rock Safety Database provide an excellent resource.
Similarity of profile must be broadly considered i.e. ‘err on the safe side’.

ANALYSE RISK

The next stage is evaluation and categorisation of all Identified Risk pertaining to event/venue
operations and facilities. For each risk the likelihood and consequence is estimated and
plotted on a risk matrix. Likelihood is ranked from rare (may occur only in exceptional
circumstances) to almost certain (will occur in most circumstances). Consequence is graded
as minor (able to be dealt with by routine operations) to extreme (threaten the survival of not
only assets, but also the event and the organisations involved).

The Risk Matrix is represented as:

Consequence # A B C D E
Likelihood $ (Minor) (Medium) (Major) (Critical) (Extreme)

1 Legend
Almost certain
2 LOW
Likely
MEDIUM
3
Possible SERIOUS

4
Unlikely HIGH

5
Rare

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 5 of 5
The same expertise and investigation process involved in risk identification is then applied to
analysing the likelihood and consequence pertaining to the risk. As risk analysis is to some
extent a ‘judgement call’ and as everyone will have a different perception of the likelihood of a
risk occurring and the degree of consequence if it happens (and frequently a vested interest in
this perception) it is critical that the risk analysis involves all stakeholders. All stakeholders
should consider and analyse all risks (preferably in a workshop based environment). This
process helps to focus responsibility for risk.

Eg. For outdoor music events the serious and extreme risks could be:
% Financial failure – not enough patrons.
% Crowd crush / crowd control problems.
% Ingress or egress difficulties.
% Depending on acts / programming / venue and security.
% Stage collapse or structural collapse.
% Severe weather conditions forcing cancellation.

EVALUATION OF RISK

The analysed risks are evaluated and risk priorities established based on individual
stakeholder analysis balanced by specialist expertise where relevant. Risk is graded into a
checklist of low / medium / serious and high risks (the grading is based on combinations of
likelihood and consequence detailed within the risk matrix diagram). The ‘as low as
reasonably possible ‘ rule must be applied to all serious and high risk.

Eg: To focus on crowd crush risk, with parameters of: an outdoor festival; GA (general
admission) ticketing; 30,000 plus patrons; all headline acts on main stage; a flat area in front
of stage; single barricade system in place. Evaluation will conclude that the majority of the
crowd will push toward stage front during headline performances.

Obviously there are many other factors which may contribute toward a possible crowd surge
forwards to stage front, including; crowd expectations; historical behavioural patterns; stage
sightlines; height of stage; type of performance; artist contribution to crowd energy, activities
and hysteria; level of common interest of crowd; tendency of crowd to develop group
behaviour etc etc. However whatever the contributing causes are, the desired outcome is to
prevent a life threatening crush. The evaluation of the risk for a crowd crush is a ‘possible’
likelihood with ‘critical’ consequences, or a 3D rating. On the matrix we see that ‘crowd crush’
is a ‘high’ or ‘serious’ grade risk.

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 6 of 6
In order to assist decisions regarding treatment options ‘insurability’ is investigated and a cost-
benefit analysis undertaken to rate risks as insurable and non-insurable.

TREAT RISKS

All stakeholders must assess the risks identified and their evaluation and decide whether to
accept and treat the risks or review operations and remove risk. The applicable treatment
options must be identified and evaluated and a treatment selected.

Treatment options (and examples for concert events) are:

% Avoiding the risk:
o Stop conducting the activity e.g. or used reserved seating instead of GA. Do
not use performers with a ‘dangerous’ profile.
% Mitigating the risk.
o E.g. purchasing insurance to cover and working with insurers; Use additional
treatments such as supplementary barricades or crowd segregation strategies;.
Increase medical and security staff.
% Transferring the risk.
o Contracting a provider to produce, provide and manage a certain service.
% Accepting the Risk:
o Setting aside resources to cover possible risk cost.

At this stage event and venue stakeholders commence planning strategies to minimise
exposure to likely risk. Low and medium risk can usually be dealt with operationally and can
be accepted or transferred. High and extreme risks must either be mitigated or avoided.
For crowd management related activities treatment must ensure the safety of ‘human assets’.
All risks that propose potential harm to ‘human’ assets must have detailed plans to preserve
the asset. I.e. all potential threats are avoided.

Eg. Returning to our focus example, the treatment requires a prevention method to stop the
crowd crush (ie avoiding the risk), remembering that a crowd of 30,000 patrons has high
potential threatening forces. In simple terms the crowd density must be controlled to ensure
‘dynamic human forces’ do not place life threatening crush pressure on patrons if the crowd
moves, collapses or tramples a patron. The recommended density is 0.46 people per square
meter. As the only way to control density and reduce the potential forces of a large crowd (for
the example parameters) is by crowd segmentation using barricades to compartmentalise the
crowd into smaller portions of 3,000 to 5,000 pax, the treatment schedule must specify this
requirement.

The treatment also requires that the crowd segmentation is maintained under all possible risk
scenarios. It therefore must be a double Mojo style self anchoring system, requiring 1 security

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 7 of 7
officer/guard every 1.5 metres to ensure barrier integrity.

The treatment will also be noted for all potential crowd injuries as it also allows security and
medical to be much closer to the crowd, throughout the crowd.

Treatment methods for entertainment events are generally insurable due to specialized
entertainment insurance. Contracting specialist or risk areas out to contractors with the legal
liability may also mitigate most risk.

It is at this stage the contractual limitations of risk behaviour by contracted parties involved in
crowd safety management (security/crowd management consultants, traffic management
consultants, security providers, infrastructure suppliers etc) or contributing to crowd
degeneration (FOH staff and service suppliers, bands or performers, alcohol licensees etc) or
unsafe crowd environments (staging, technical and infrastructure suppliers, venues), becomes
significant.

Removal or transfer of liability however is not appropriate for risk to human/public safety. No
contractor should be prepared to accept plans from promoters (or other stakeholders) that do
not adequately mitigate damage or loss to human resources. Far too frequently those
contractually charged with public safety accept liability hand in hand with profitability. For this
reason entertainment crowd management failures continue to propose a threat to human life.

Crowd Safety Risk Application

For crowd management the application of Risk Management involving crowd management
security contractors during the event/venue planning process should be:
1. Risk Assessment by Qualified Assessor submitted to security consultant.
2. Security Consultant – prepares treatment schedule and plan.
3. Security / licensed consultant implements treatment solutions.
4. Risk treatment operational solutions are closely monitored for compliance with plans.
5. A post event Risk Review is undertaken and strategies for treatment of emerging risk
documented.

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 8 of 8
In Closing : What is the Cost of Regret?

In a period of integrated international economies and global telecommunication systems

crowd cultural profiles are increasingly analogous. I see no reason why ‘crowd safety
requirements’ should not be globally standardized and believe that the early adoption of a
global risk management standard is the first step in ensuring minimisation of crowd safety risk.

The Australian Standard (AS4360:Risk Assessment) is already internationally implemented

within other risk areas (medical health and safety, occupational health and safety) and should
quickly become the benchmark for event/venue risk evaluation. Similarly the qualification
requirements for crowd safety risk consultancy should also be internationally standardized,
reflecting both extensive expertise and formal qualifications in both crowd safety management
and risk management.

The risk process is a simple system to focus on the possibility and impact of possible risks.
The process is best done by an independent outside assessor to avoid a blasé attitude or
acceptance of risk considered as part of the industry.

The role of risk management will increase as the rationalization of the insurance industry
continues in the wake of recent Australian and International occurrences. Risk Management
will be become a tool for insurance brokers to ensure a viable relationship between insurance
companies and clients and their stakeholders.

Insurable or not, those charged with public safety should pro-actively implement risk
management in everything they do. As life safety has not proven to be sufficient incentive to
remove crowd safety risk, the rapidly approaching December 15 criminal penalty legislation
within Australia should.

Document prepared by Andrew Tatrai © ASSURE Event Safety Consultants

Courtesy of Crowdsafe.com Crowd Library 10/10/2001 Page 9 of 9