Browsing the new QDDR today, I saw one little item that especially piqued my interest. The executive summary says that we will:
Establish a new global standard for risk management that protects our people while allowing them to meet the demands of more dynamic missions.
That sounds good to me. I am all in favor of risk management, even though the term is often used in the Department as a delicate way to say 'watered-down security.'
Looking through the rest of the QDDR, I was disappointed to see how little substance there was to follow up on the promise of the summary. The heart of it is in a single paragraph, which is quoted below in its entirety with my comments interspersed:
Establish a new paradigm for risk management.
If we have any kind of paradigm now for making decisions about risk and security, it is a standards-based one. There is definitely value in having uniform security standards when your organization is spread out over 260-some missions around the world and rotates its personnel every few years, such as ensuring equitable treatment of all the Department's employees, but uniformity for its own sake makes it impossible to seek cost-benefit efficiencies or to align limited resources with your greatest needs. That is why I favor taking (calculated) risks over mindlessly following standards.
By the end of 2010, the Secretary will convene a senior level committee from relevant State and USAID offices, including both management and policy officials, to begin a top-to-bottom review of how we manage risk overseas.
They had better hustle if they intend to meet that deadline. Has that committee already been formed and I haven't heard about it?
This review will lead to a comprehensive and responsible construct for managing risk that allows our personnel the flexibility they need to complete mission objectives within a country and to establish new platforms for outreach beyond the embassy and capital.
The part about “new platforms for outreach” refers to the American Spaces initiatives and other new public diplomacy vehicles, and those are addressed elsewhere in the QDDR.
The review will develop a new conceptual approach to balancing risk acceptability with risk mitigation that will be conveyed by State Department leadership to all Chiefs of Mission;
If I read this right, "risk acceptability" refers to waivers of security standards, and "risk mitigation" refers to compensatory measures taken to reduce risk. At present, when a post requests a waiver, the COM provides a statement of concurrence, the Regional Security Officer provides a separate statement about mitigation, and the decision to waive or not is made in Washington by the DS Assistant Secretary or, in certain cases, by the SecState.
examine standards and mechanisms for determining security restrictions and granting security waivers within a country, particularly those that affect travel and diplomatic platforms outside the embassy; consider the appropriate allocation of security decision making authorities between Washington and the field;
I hope this means that waiver decision-making will be pushed down to the level of Chiefs of Mission. If COMs have to get their fingerprints all over waiver decisions, then perhaps the A/S and SecState will merely need to endorse them afterward?
examine the legislative mandate of Accountability Review Boards to determine whether specific revisions should be requested to meet the new risk management paradigm developed in the review.
Mandates regarding ARBs will need to be tweaked to make that new "appropriate allocation of security decision-making" work. And while they're at it, they should look again at the legislative mandates for minimum setback distances and collocation of offices as well, since those are at the center of most high-profile waiver decisions, especially the ones concerning public diplomacy outreach platforms.
At the end of the process, we will recommend revisions to the President’s authorization letter to Chiefs of Mission that incorporate the new risk mitigation paradigm with mission objectives.
Assuming this isn't just a lot of managerial happy-talk, and if it doesn't die a horrible Death by Committee, a new risk mitigation paradigm would be a most welcome change.