By Geoffrey Harris
Published in INsite October-November 2006

The divide between security risk management and emergency risk management was generally accepted as normal prior to the events of September 11, 2001. This date was the start of a new continuum when the traditional concepts of security management and
their capacities to respond to emergencies were being seriously challenged. As terrible events followed ‘9/11’, such as the Madrid and London bombings, the integrity of lifesafety systems, assets protection resources and business continuity planning has become increasingly entrenched as an agenda item for boards and senior management. Some of the momentum was attributed to higher expectations in corporate governance by
government regulators, the courts, insurers and the community. The ideal situation of eliminating the risk of events (prevention) that had high consequence but relatively ‘low’ likelihood such as terrorism, deliberate food contamination, arson and violent intrusions has received considerable attention. However, with the realisation that elimination is mostly not possible, systems needed to be in place to mitigate risks (security risk management), respond to events (emergency management) and allow return to ‘normal’ business activity (disaster recovery) as quick as possible has become a priority.

However even today, many boards remain ill-informed about the true picture of their security risk management (SRM), emergency management (EM) and if emergencies are not immediately controlled - their disaster recovery (DR) capabilities. Without an independent and expert assessment, a true picture can never be gained. On the other hand, there are those directors, that are not just asking the right questions about their SRM, EM and DR but are going even further by demanding that the three areas are seamlessly integrated; strategically and operationally.

Standards Australia is doing wonderful work developing a range of standards either directly on, or related to, the areas. Recently, Standards Australia conducted a security forum to expose and display a few of these Standards to an audience of about 190 senior executives. Standards will always be a work-in-progress. As a member of AS 3745 (which deals with emergency procedures), I presented an overview of this important Standard. One of the questions that I asked the audience (of around 200) was ‘How confident do you feel that your SRM and Emergency Management is properly integrated?’. Only five or so people raised their hands. Numerous people informed me afterwards that it was time they assessed their own situation.

Directors and facility management should consider:

• Integrated EM and SRM audits and strategic planning within the AS/NZS 4360 Risk Management framework (how about we change EM to ERM - Emergency
  Risk Management - to capture the real broader, dynamic context of emergencies confronting today’s organisations and the challenge of effectively managing these risks?).
• Gaining realistic on-going assessment of their security and emergency risks within their full risk spectrum.
• Clearly understanding the differential risk nature of their environment e.g. staff working in isolation at 2:00am, or perhaps a pharmacy delivery or emergency with only limited (and often casual or agency) staff.
• Better ERM and DR liaison and planning with other organisations in their neighbourhood/district as well as hospitals and emergency response organisations.
• Integrate ERM and DR with:
  • business continuity planning;
  • compliance and staff training programs;
  • contractor management (especially security contracts);
  • whistleblowing procedures.

A coroner once said that there are two types of emergency plans; those that have failed and those that will. Directors must be in a strong position to prove him wrong.

Phone: 1300 888 878
Email: gharris@harris.com.au
Website: www.harriscrimeprevention.com.au

Back to Articles Overview Page