Building a solid foundation

SMART Estate Security 2024 Security Services & Risk Management, Asset Management, Residential Estate (Industry)

Imagine you are building a house. You need a solid foundation to ensure the house stands tall and strong. In the security world, understanding the roles of a Risk Assessor and a Risk Manager is like building a foundation. Let us break it down to make it easy to understand.


André Mundell

The Risk Assessor: The investigator

The Risk Assessor’s job is like that of a detective. He investigates to find security risks that might lead to crime. This investigation is called a risk assessment. Think of it as the first stone in building our foundation. A risk assessment is always first.

The Risk Assessor’s independence is not just a feature; it is a necessity. By not being tied to the company or property they are assessing, they can provide an objective view. This is crucial as it ensures that every potential risk is thoroughly examined without bias or influence. If the assessor were an internal employee, they might inadvertently overlook certain risks due to their proximity to the situation.

The Risk Manager: The overseer

The Risk Manager’s job is to manage risks. Unlike the Risk Assessor, the Risk Manager usually works for the company. They deal with all kinds of risks, not just security risks. For example, they handle safety, building, and even environmental risks.

The Risk Manager’s job is more complex because they oversee various managers. Directly below them, you might find the Security Manager, the Safety Manager, the Building Manager, and even a Fleet Manager. Each of these managers focuses on different types of risks within the company.

It is always said that the risk needs to be identified before you can manage it effectively.

Another issue is that only about 0,2% of residential estates have a dedicated Risk Manager. Without one, the responsibility often falls on a security person on the board of directors. This person is not entirely devoted to security and has other duties as a director, which is not ideal.

Why independence matters

The Risk Assessor stands outside the company and looks in. He provides a fresh perspective. He can see things that people inside the company might miss. This is because he views the company from the outside, just like a criminal might. The assessor’s job is to find all possible security risks and report them.

The Risk Manager, on the other hand, looks at risks from within the company. They manage the risks that have been identified, including those found by the assessor. Their focus is on ensuring that the company runs smoothly and safely.

The deep dive: Risk assessment

When the assessor embarks on a risk assessment, they delve deep. They stand outside and scrutinise everything with a critical eye. They adopt the mindset of a criminal: ‘How can I breach this security? Where are the vulnerabilities?’ The assessor invests significant time and effort in investigating these risks, leaving no stone unturned. This thorough approach instils confidence in the process and the results it yields.

For example, the assessor might examine how a criminal could get through the main gate and check whether the security cameras are working correctly. The assessor looks at everything from the criminal’s viewpoint. This thorough investigation helps uncover hidden risks that need to be addressed.

The day-to-day: Risk management

The Risk Manager’s job is different. They rely on reports and information from various managers and might not have the time to spend as much time onsite as the assessor does. The Risk Manager is often busy with paperwork and meetings. Their job is to take the information from the risk assessment and manage it effectively.

The Risk Manager has to ensure that everything runs smoothly. This includes fixing potholes, ensuring traffic lights work, and managing health and safety risks. Sometimes, they miss some security risks because they have many other responsibilities.

Working together: The perfect balance

The true strength of a secure company lies in the harmonious interplay between the assessor’s and the Risk Manager’s roles. The assessor’s meticulous risk assessment comprehensively represents all potential security risks. The Risk Manager then takes this information and, in collaboration with other managers, effectively manages and mitigates these risks, ensuring the safety of the company and its assets.

However, in some companies, the roles are not well balanced. The Risk Manager might occasionally rely too heavily on the data the security provider provides without questioning it. This can lead to gaps in security.

A Risk Assessor does not work with a matrix system and does not have acceptable risk; on the other hand, a Risk Manager does work with a matrix system and accepts 20% acceptable risk (for example) on a scale from one out of five.

Understanding the difference

In summary, the Risk Assessor is like an external detective investigating and finding all possible security risks. The Risk Manager is the internal overseer who manages all types of risks within the company. Both roles are essential, but they serve different purposes.

The key for the Security Assessor is independence. The Risk Manager usually works for a residential estate and cannot do a security risk assessment because he cannot assess his own management team or himself.

Understanding the difference between a Risk Assessor and a Risk Manager is crucial for building a solid security foundation. Each role brings a unique perspective and set of skills, ensuring that all risks are identified and managed effectively. By working together, the assessor and the Risk Manager help create a safe and secure environment for everyone.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Identity recovery matters most
Security Services & Risk Management
As cyberattacks grow more targeted, more destructive, and increasingly aimed at the very fabric of trust within the enterprise, the ability to restore identities has become just as critical as restoring data.

Read more...
ISO 27701 helps demonstrate privacy compliance beyond POPIA
Security Services & Risk Management
ISO 27701 include privacy-specific controls and provides a structured way to manage Personally Identifiable Information (PII) throughout its lifecycle, giving organisations a way to demonstrate how privacy is managed.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
The risk at the edge of South Africa’s agriculture supply chain
Security Services & Risk Management Agriculture (Industry) Logistics (Industry)
Research from ESET has found that a significant number of South African agritech operators and farmers continue to believe their companies are not attractive targets for cybercriminals. Unfortunately, that belief is precisely what makes them one.

Read more...
Free POPIA Action List for gated access
ATG Digital News & Events Residential Estate (Industry) Training & Education Commercial (Industry)
ATG Digital, in partnership with CIVITAS, released the POPIA Responsible Party Action List. It is a free, practical guide for HOAs, body corporates, managing agents, landlords, employers and institutions. It helps them move from assuming compliance with the Protection of Personal Information Act (POPIA) to proving it.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
Break the silence on fraud
Security Services & Risk Management
We are entering a new era of fraud, one defined by groups that operate across borders, using advanced digital tools and impersonation tactics to deceive victims and wear down communities' trust and financial security.

Read more...
Africa’s white-collar crime landscape
Security Services & Risk Management
White-collar crime in Africa is no longer a predominantly domestic concern; it has expanded onto the international stage, and so too has the corporate exposure that accompanies it.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.