Controlling Risk with Trip Assessment & Approval

With nearly $13.5 billion in annual revenue and more than 260,000 employees worldwide, Cognizant during the past two decades has grown into one of the largest companies in the world. Dozens of acquisitions have fueled its expansion but also revealed its requirement for a comprehensive travel risk management program.

Since joining Cognizant in 2014, associate director of corporate security Kevin Sluka has helped build a program that educates travelers about risks, particularly in unfamiliar foreign destinations. "The big thing about duty of care is making sure that the associates are aware of the risk before they go," Sluka told BTN. "What we don't want is an associate saying, 'I don't know. My manager told me to go to Mexico.' The next thing you know, they don't know anything about the risk in Mexico and they're doing things that they shouldn't be doing."

Cognizant operates in 32 countries, and while very little of its business travel is to the most dangerous areas, 32 percent is international, Sluka said. A significant majority of its business travel, 87 percent, includes North America or Asia as a destination, regardless of the departure point. Still, some high-risk travel does occur, and Sluka helped develop the backbone of Cognizant's travel risk management program: a classification system that rates every country, based on the risk to its travelers, as extreme, high, medium or low risk. The program similarly ranks each of the world's airlines.

Cognizant's Concur online booking system removes the riskiest countries, preventing travelers from booking such trips online. "If you want to book a trip to Afghanistan … you can't even do that through our system," Sluka said. "That's helped mitigate a lot of risk because we are a small team on the travel risk management side. That gives us the peace of mind to know that we don't ever have to worry about someone showing up in a country that we don't want them to go to."

For countries designated as high-risk but not extreme, the system notifies Sluka's department of the booking, and the department engages the traveler but does not necessarily forbid the trip. "I get a list every day of everybody that's traveling [in the] future or is within a high-risk location," Sluka said. "We'll reach out to them, make sure that they have their car service set up, make sure that they have their hotel booked. In some cases, if it's a new country we don't have much travel to, we'll engage with them directly to make sure that they have all the information that they need before they go."

Sluka's team categorizes each country's risk from the company's perspective: "What do we do in that country? How often do we go there? Do we have a local presence?" It also uses public information from government agencies, as well as proprietary data from intelligence vendors. "We're looking at the physical risk, crime, terrorism concerns, and in some countries, there are kidnapping concerns," Sluka said. "There may be countries where there's a low security risk but a high corruption risk. We don't want our people put in a position where they're going to be faced with difficult situations. We look at the healthcare within the location."

The classification system isn't the extent of Cognizant's pre-trip travel risk management endeavors. Upon international bookings, the security department automatically sends city-level security reports, which include links to an intranet site with further information and instructions for disasters and emergencies.

Citing the March 22 car-and-knife attack in London as an example, Sluka said Cognizant's traveler tracking system immediately alerted his team of seven employees who had traveled to the city. "When we're getting that alert we're quickly determining proximity to any Cognizant offices" or customer locations, said Sluka. He added that Cognizant has a portfolio of different vendors for intelligence, traveler tracking, medical and security support and evacuation.

In the London incident, in which no Cognizant employee was injured, Sluka's team sent notifications to 4,500 potentially affected employees but determined no other action was required. "We have had incidents in the past where we will issue an alert but we'll require a validation with associates that they're OK," Sluka said. "We've done that for incidents where we've made contact with 400 associates and those with 60,000 associates. It all depends on the severity of the incident and how close it is to our offices and our travelers."