The Big Interview: Genetec VP Andrew Elvish


In this exclusive interview, Andrew Elvish, Vice President for the physical security software manufacturer Genetec, details the importance of good risk management and diligent procurement, and explains how those in procurement need to be mindful not just of the quality of the things they’re buying but where they are coming from.

Firstly, for those who might not know, or not work in this area, what is risk management?

AE: “At Genetec, we know that risk can manifest in many different forms, some of which we can control and some of which we can only react to. Therefore, for me risk management is simply about planning ahead and taking the right long-term decisions for the business. That means taking the necessary steps to reduce, mitigate or to transfer risk as appropriate.

“It can only happen if those at the top of the organisation set the right tone. That’s why when thinking about risk management, I like to remind people of a quote by former Anglo American chairman Sir John Parker: “Controlled risk-taking lies at the heart of all commercial activity. The board has the potential to be both a source of risk to the organisation as well as an effective means of risk mitigation.”

What are the current risks in procurement?

AE: “In the physical security industry, one of the biggest risks is the widespread adoption of insecure cameras and other IoT devices, that are manufactured by state-owned companies that have a strategic interest in exfiltrating data, intelligence or intellectual property from rival governments, private businesses, and individuals.

“This is especially true when the country and the company in question have a widely demonstrated and well-documented set of cyber risks associated with them. These devices introduce increased risk (based on third-party reporting and tests), which could grant unwanted access to their networks and equipment.

“In the UK, we’re currently faced with a situation whereby devices manufactured by Chinese state-controlled companies are effectively banned in Central Government on national security grounds, and yet continue to be deployed at scale in local government and the public sector. That isn’t sustainable or wise.

“As was the case with asbestos, procurement professionals shouldn’t be blamed for the purchasing decisions taken before these risks became widely known. However, now that the risks are known and documented, these professionals have a duty to stop adding to the problem and to take steps to mitigate the risk.  As with asbestos, the first step once the dangers were clear, was to no longer add to the problem – thus, with untrustworthy camera and IoT devices we must take similar precautions now that the risks and dangers are evident.”

Why is effective risk management important?

AE: “Risk can never be reduced to zero, so it must constantly be reassessed based on the organisation’s activities, sensitivities, and risk tolerance. Without appropriate risk management, an organisation exposes the lives and livelihoods of its people – and often the wider public – to an unacceptable level of jeopardy.

“The reality is that not everything is in our direct control. In a large organisation, things can and will go wrong on a regular basis. A key KPI for risk management professionals isn’t always how many times things went wrong but how resilient they were in the face of adversity.”

How can organisations ensure that their procurement risk management is strategic and driving value?

AE: “Procurement professionals can ensure that their risk management strategy adds value by re-evaluating tender rules and scoring to ensure they take account of all the necessary criteria. That’s especially true when procuring IoT or ‘smart’ devices and solutions where an evaluation of each prospective supplier’s trustworthiness and track record on cybersecurity-related matters is paramount.

“In the physical security industry, some of the biggest procurement mistakes happen when tenders are based solely on a tick box exercise of price and build quality, without considering the associated manufacturer or suppliers. That ignores the wider technical, ethical, reputational, and long-term financial risks that the organisation should at least be considering whether it is comfortable exposing itself to.”

What value can effective risk management bring to procurement?

AE: “Effective risk management can help risk procurement to see the bigger picture, avoiding the trap of taking short-term decisions that are not in the best long-term interests of the business. Price is of course an important factor, but the true goal should be to achieve value.

“Nobody wants to be the person who ignores the warning signs and forces the organisation into “buying cheap, buying twice”. Or even worse, exposes the organisation to damage from which it is unable to recover.”

What technology is available to support this strategy?

AE: “It’s less about technology and more about the culture, people, and processes put in place throughout the organisation. For procurement professionals and those sat around the boardroom table, it all comes down to understanding the risks, accepting responsibility and having the determination to invest accordingly.”

For more Genetec news, click here


Related posts

Scroll to Top