Security risk management measures will inevitably entail costs. These costs must be considered from the earliest stages of programme design and built into proposal budgets. Ensuring that adequate funding is available to enable organisations to operate securely is vital, and a subject on which organisations and their donors should be prepared to have frank discussions. This chapter shares good practice around budgeting for security-related expenses and highlights some of the key issues and developments in donor funding and coordination initiatives.
Security risk management costs can refer to any expense related to reducing the potential harm or loss to the organisation, its staff and partners, or responding to and compensating for actual harm or loss, while maximising the potential for successful operations. While donors vary in what they will fund, common areas of expenditure include security personnel salaries, communications equipment, physical security items and upgrades, security training, safety equipment, first aid/emergency kits and contingency funds (for critical incident or crisis response).
Organisations and donors vary in how they budget for security-related costs. Some include security funding in overhead costs or support services, others include it as a separate line item or as a fixed percentage of programme costs, or fully integrate security costs within their programme costs. It is now generally recognised that effective security risk management is essential for sustainable programme implementation so should ideally not be considered an overhead cost. Like many other facets of security risk management, security costing and budgeting derive primarily from the risk assessment, which can guide the allocation of attention and resources.
Budgeting for security at the operational level must usually follow donor requirements, but organisations will often also need a general policy on security budgeting that is organisation-wide and not dependent on individual project budgets that have end dates. This can allow for sustainable security risk management functions, structures and staff positions that cut across projects and years. Unfortunately, this can be particularly difficult to achieve for local organisations, which have far more limited access to core funding than international organisations. Donors and organisations that subgrant projects should ensure that their operational partners have the necessary funding to meet security challenges in the short and long term.
It is a mistake to design an aid programme and determine how to ‘make it secure’ after the fact. To truly enable humanitarian action, security risk management must be integrated into programming at all stages. This requires close collaboration between programming, finance and grant management, security, logistics and other relevant staff from the initial stages of design and proposal development, as well as at any change points, such as budget modifications and no-cost extensions. Partner staff should ideally also be involved in key planning and budgeting meetings, to ensure that the security risk management needs of all partners are considered in the budgeting process from the earliest stages.
Generally speaking, the major governmental humanitarian donors are prepared to fund appropriate and justified safety- and security-related expenditures. Explicit references to security risk management and related expenditures are contained in the proposal guidelines of a few official donor agencies, and a small number of donors have specific security risk management and coordination units or focal points, which can provide useful guidance, particularly during programme planning and the initial budgeting stages. That said, some donors do not explicitly ask for security budgets, and security professionals have come across donors that state they will not fund security. In cases where there is no explicit security budget line, security-related costs can be covered through other budget lines.
Open and direct communication with donors and relevant organisational teams throughout the programme lifecycle is beneficial. Documenting the costs incurred for managing security risks can help with donor engagement on these expenses, as well as helping demonstrate value for money.
Civil Protection and Humanitarian Aid Operations (ECHO) (2023) Humanitarian implementation plans (HIPs). Thematic policy annex 2024. General considerations: safe and secure provision of aid.
EISF (2013) The Cost of Security Risk Management for NGOs.
EISF (2013) Risk Management Expense Portfolio (RMEP) Tool.
GISF and Humanitarian Outcomes (2024) State of practice: The evolution of security risk management in the humanitarian space.
