This note is derived from a presentation to the FinPro Conference 2012, Creswick Novotel, Victoria, Australia. A copy of the complete paper is available here as a pdf.
By John Salter, Director Emergency Preparedness Capacity Builders
A fundamental issue - Plans vs. Planning
Standards and Guidelines for disaster and business continuity management focus on two things:
- To plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system; and
- To protect against, reduce the likelihood of occurrence, prepare for, respond to and recover from disruptive incidents when they arise.
If our emphasis is on the documentation of yet another “plan, do, check, act” system, then standards will be a burden rather than an enabler – a significant risk in a marketplace already crowded with standards, systems and guidelines.
If standards and guidelines are used to support planning – active collaboration to achieve sound outcomes – with only the minimum necessary documentation – then it is more likely to deliver traction.
If we are mindful and use a strategic approach, we should address the key due diligence issue – or “coroner’s test”: i.e. “what you ought to know and do – about risks and their management”. The set of crucial decision points that should be addressed in every disaster management and business continuity management situation, are about:
(1) what is the risk (detection),
(2) what does the risk mean (recognition and interpretation),
(3) who has an interest (communication to multiple stakeholders), and
(4) who should do what (organization of a collaborative system).
Specific objectives will emerge according to the nature and scope of the particular disaster or crisis.
Key Terms - and their meanings
Words and their meanings – or their different meanings – are important when developing context and establishing shared understandings. This enables communication and avoids the “Tower of Babel” syndrome whereby many languages contribute to project failure.
So in checking some terms, let us start with “disaster”. First, while focused on pain thresholds and capacity to cope, the term disaster is contextual – "your thresholds and capacity to cope may not be the same as mine".
Second, it is important to recognize that "hazard events are not necessarily disasters". Yes, hazards contribute to risk, but an extreme event only becomes a disaster when it impacts something we attribute value to (our “care-abouts”).
Incorporating a focus on vulnerability opens up a rich vein of considerations - about what might be the most appropriate thing(s) to do to “protect against, reduce the likelihood of occurrence, prepare for, respond to and recover from disruptive incidents when they arise” (ISO 22313).
For the same natural phenomenon - sink holes - different consequences. |
A risk based approach focuses on the likelihood of consequences – not the likelihood of hazard events.
While a risk based approach sits comfortable with an “all hazards” approach, it should be recognized that an “all hazards” approach is a civil defence construct – applying largely to response, relief and recovery arrangements which can benefit from such efficiencies. In a more comprehensive risk based approach there needs to be a recognition that “fire is not water” – and that prevention strategies for each need to be tailored.
The framework within which the risk based approach is applied is often referred to as PPRR – or Prevention, Preparedness, Response and Recovery. This P2R2 heuristic device was introduced in the 1980’s as an instrument of American foreign policy to encourage third world nations away from reliance upon a post disaster “hand up for hand out” approach. It is not a simple linear construct – though it has constrained thinking by being used in that simple, indeed simplistic manner. A more useful display of the relationship between the four words is displayed here.
What does this mean for communities at risk and the businesses upon which they rely?
There is a need to develop - by planning before a disaster - strategies which reduce vulnerability. Line one in the diagram below which reflects the purpose – or business case – of business continuity planning. To mitigate impact before and after a disruption event.
There is a need to develop - by planning before a disaster - strategies which reduce vulnerability. Line one in the diagram below which reflects the purpose – or business case – of business continuity planning. To mitigate impact before and after a disruption event.