Cost benefit analysis within organization security management

The present time is constantly evolving, advancing and bringing new challenges and threats that may have an adverse impact on individuals and organizations. Each organization must adapt its activities to the current situation. It must also take care of its security, which it needs to ensure its existence, successful functioning and continuous improvement of its position within the global environment. Security must therefore be part of the organization's main strategies. Therefore, appropriate attention should be paid to security and the organization should regularly allocate sufficient resources to ensure its security. The aim of this article is to point out the possibilities of using the CBA method in the framework of security management in the concept of socially responsible business. The CBA method provides scope to develop and incorporate its methodological framework into standard risk management practices within a company by assessing the costs and benefits of the proposed preventive measures related to ensuring the required level of security within the organization.


Introduction
The continuation, development, maintenance and capability of any organization is associated primarily with the problem of its security. By ensuring and maintaining a certain level of security, organizations gain the ability to protect their core assets as well as core and support activities [1][2][3][4]. This not only increases its competitiveness in the global environment, but also minimizes its losses. This not only increases its competitiveness in the global environment, but also minimizes its losses. Individual security sectors, such as occupational health, fire safety, environmental protection, information security, are just the basic sectors that an organization must manage and set up effective and efficient systems. Security sectors within organizations are also directly related to the concept of responsible business [5], and a deeper analysis can identify their penetration.
As stated by Hofreiter [6], an organization is considered secured if: • it is not a source of danger, it does not endanger itself or its surroundings (other systems, phenomena, processes and objects), • is in a state that allows its constant and progressive development, resp. fulfil the required functions, • is in a condition that allows its constant and progressive development, or the fulfilment of the functions required by it, • it has sufficient potential to eliminate or minimize external or internal threats of all kinds, • is able to react immediately to changes in its condition and its environmental condition, • can respond to a change in the balance between threats and intrinsic protection potential (security system or protection system). In view of this, it is essential that the organization develops effective security systems that should ensure their development and stability in a turbulent global market environment [7][8][9]. One of the tools that can be used to create such systems in organizations is the method of cost-benefit analysis CBA.

Cost-benefit analysis as a tool for optimal choice of security measures
CBA is an analytical tool to be used to appriase an investment decision in order to assess the welfare change attributable to it. The purpose of CBA is to facilitate a more efficient allocation of resources, demonstrating the convenience for an intervention rather than possible alternatives [10].
The CBA analysis is a methodological approach that gradually responds to the basic question: What does the implementation of the project bring to whom and what does it take from?
The effects of the action thus defined are gradually aggregated, translated into cash flows and included in the calculation of the critical indicators.
These indicators indicate whether a project is beneficial for organization and society. In addition, in the case of several projects, these indicators may be used for ranking the project according to their benefit to the organization [10]. In general, cost-benefit analyses, are made up of two basic parts, namely: • financial analysis • economic analysis. Financial analysis works with financial costs and revenues [11]. No opportunities or externalities are considered in this type of analysis. Its main objective is to evaluate the project in terms of financial efficiency for the investor. Economic analysis, unlike financial analysis, takes into account all direct and indirect benefits of all entities involved in the project [12]. The key factor is not the profit but the socio-economic impact of the economic recovery [13]. As part of the organization's security issues, the CBA method can be implemented in the structure of the risk assessment and risk management process. CBA in these processes is presented in Figure 1. The risk assessment process is a prerequisite for the use of a cost-benefit analysis in the security management of an organization. Within the step Likelihood of incident ( Fig. 1), the variants of possible incidents in the selected security sector of the organization, are identified, analysed and evaluated in detail. Based on the evaluated probability scenarios of the analysed incidents, it is then possible to propose preventive measures for a specific incident scenario. Incident scenarios assessed in this way provide a framework for defining and selecting preventive measures [14].
In the second step of Measures assessment (Fig. 1), it is necessary to evaluate the effectiveness of the selected preventive measures for a particular selected incident scenario. A partial result of this step is to evaluate the effectiveness of the proposed option of preventive measures for a particular selected incident scenario. This means assessing the level of risk of the incident occurring before and after taking preventive measures [12]. Based on the evaluation of this rate, it is possible to calculate the costs and especially the benefits of implementing the option of preventive measures for the considered incident scenario.
The process Costs is aimed at assessing the costs of each risk reduction measure within concrete variant. These costs include, for example, the direct costs of implementing the preventive option and the indirect costs associated with its use [15].
The process of assessing the benefits of implementing the selected option of preventive measures defines the costs that are derived from the selected incident scenario. Losses related to the execution of the incident may include deaths, environmental damage and loss of property [16]. Within the CBA, the losses thus defined are transferred to cash flows. These cash flows represent the benefits we get when we implement the measures. The final step of the CBA method is to calculate the net benefit or net state of play for each relevant scenario and the specific preventive measures proposed.

Case study of the using Cost-Benefit Analysis in organizational security management
Currently, public safety issue in production and manipulation of dangerous chemicals deserves more attention, because various major accidents, such as fires, explosions and toxic gas releases take place frequently. The issue of prevention of emergency events has become more and more often discussed [17]. On above-mentioned reason, we point out the possibilities of using the cost-benefit analysis in the preventive activity of a particular company. The findings are presented in a case study that demonstrates how to use CBA in the field of organization security management.
The concept of preventive action resonates very intensively in every organization. In principle, it is clear that its essential purpose is to make a significant contribution to security. There is no problem to prepare and implement a "preventive action plan". The question, however, is whether the effect achieved is one that is expected, or something more can be achieved and perhaps even less money [18,19]. This is particularly important in a filling station environment, as the sale of petroleum products is in continuous mode. In addition to economic effects, it also brings security and environmental risks [20,21].
Preventive activity in the service station contributes to the protection of human lives, property and the environment, and increases preparedness for dealing with emergencies. Preventive activity is a set of organizational, management, personal, educational, technical, technological and material measures [22].
Based on the analysis carried out in the filling station facility in order to improve the prevention system and to minimize the negative impacts, we suggest preventive measures (Table 1). Based on the described case study, the various existing models can evaluate the costs and benefits associated with implementing the proposed measures at the filling station that are directly related to the selected emergency scenario at the filling station. In the following tables, the opportunity to use the CBA analysis method presents the costs associated with the implementation of the proposed measures for a period of 5 years after their introduction. The benefits linked to the implementation of the proposed measures can be summarized in the following table. Within this table, the shadow estimated costs associated with the implementation of the selected emergency event scenario. The cost of human life being calculated based on a study carried out at the 1 st Faculty of Medicine of the Charles University in Prague [23]. The cost of the number of injured people is based on the expected length of treatment and the associated treatment costs. The cost of the property was calculated based on an estimate of the damage to the service station and the surrounding buildings, based on the simulation of the consequences of the emergency scenario Leakage of fuel during bottling [12,20]. 1 500 000 € Based on the quantified financial flows related to the cost of implementing the proposed measures and the benefits of the non-realization of the foreseen facts, it is possible to confirm that the investment in the proposed measures is effective, as evidenced by the analysis of CBA. It should be emphasized that there is a reduction in the risk associated with the scenario in the implementation of the measures, which means that the reduced risks should be acceptable in terms both of a community-wide but also of an operator's point of view.

Conclusion
The need for the security of the organization, whether from a legal, corporate or global framework, raises demands in society to improve existing and propose new effective measures. A comprehensive solution these queries requires the implementation of a system of protection for individual security sectors. One of the partial problems encountered in practice in the field of safety management or risk management is the choice from several options for implementing preventive measures. In this article, we pointed out how CBA is involved in risk assessment and risk management processes in order to selection optimization of preventive measures. The findings were presented in a case study that demonstrates how to use CBA in the field of organizational security management.
It should be emphasized that the cost of risk assessment may return, because it is better to prevent a major accident as a crash liquidity and restore the original state. This is more advantageous not only in terms of safety but also in economic terms. This can be expressed by a qualified estimate that the funds spent on prevention compared to those spent on liquidation are approximately seven times lower. This paper is an output of the science project Vega 1/0628/18 1/0628/18 Minimizing the level of experts' estimations subjectivity in safety practice using quantitative and qualitative methods.