Mitigating Risks With the All-Hazards Approach To Emergency Preparedness
Is Your Organization Adequately Prepared for the Unexpected?
Many forward-thinking businesses and public sector organizations have some sort of an emergency plan ready to deploy when disaster strikes. However, having a plan in place is only one component of a successful emergency preparedness strategy. Will your plan work in a variety of emergency situations? That is the real question to consider.
The concept of an emergency preparedness plan may seem quite simple. But organizations must realize the potential hazards for different types of emergencies, and the level of risk involved with each one. This brings in the all-hazards approach.
IS YOUR ORGANIZATION PREPARED FOR AN EMERGENCY?
5 Questions to Ask:
1. Does your organization have all-hazard risk assessment and business continuity plans?
2. Do your plans update with changes to personnel, clients, and soft ware?
3. Do your plans undergo regular testing with measurable goals and outcomes?
4. Do your plans allow for multi-jurisdictional interoperability, such as following the National Incident Management System (MIMS) including Incident Command System (ICS)?
5. Do results from testing or real-life incidents lead to revisions in risk assessments or business continuity plans?
The All-Hazards Approach
When discussing emergency preparedness on their website, ready.gov, the Department of Homeland Security notes that, “The planning process should take an all-hazards approach. There are many different threats or hazards. The probability that a specific hazard will impact your business is hard to determine. That’s why it’s important to consider many different threats and hazards and the likelihood they will occur.” An all-hazards approach to emergency preparedness is designed to address a full range of threats, risks, and the overarching impact it may have on an organization.
It also is important to recognize that one disaster can simultaneously cause different negative events, creating a cascading effect. For example, a hurricane brings in a surge that causes flooding. That’s bad, but the flood may trigger an organization’s evacuation and relocation of staff. Now that your building is flooded, and has no electrical power or onsite staff, how do you maintain connectivity to your customers or clients? The all-hazards approach covers components of preparedness that often go overlooked.
For example, cybersecurity sometimes fails to make the final contingency plan. Thus, vulnerabilities can occur during a disastrous event which may cause the cybersecurity wall to crumble. Without a plan to mitigate cyber-risk, organizations risk losing a lot more than emails. They can risk losing valuable information that can jeopardize their reputation and bottom line.
All-hazards planning is a sound and proven concept, but it doesn’t mean that organizations must plan for every possible hazard. What it does mean is that organizations must plan for every possible hazard. What it does mean is that organizations should consider all possible hazards as part of a risk analysis. Using a risk-based approach to planning, coupled with functional and prioritized contingency planning, makes the best possible use of limited resources during an emergency.
RISKS TO CONSIDER WHEN CREATING YOUR ORGANIZATION’S ALL-HAZARDS EMERGENCY PREPAREDNESS PLAN
- IT System Failure
- Cybersecurity Threats
- Supply Chain Interruption
- Payroll Interruption
- Power Outages
- Restricted Access to Premises
- Natural Disasters (Hurricanes, Flooding, Tornados, etc.)
- Man-made Disasters (Chemical Spills, Transportation Accidents, etc.)
Risk Assessment: The Primary Component to an All-Hazards Plan
Risk assessment is a process for identifying potential hazards, risk exposures, and the probability of occurrence. However, most organizations have not conducted a comprehensive risk assessment, in part because of a lack of resources and time devoted to this important function. By doing a Threat, Hazard, Identification and Risk Assessment (THIRA), you can identify the range of hazard and risk exposures that have impacted, or may impact, the area and the organization itself.
The THIRA process allows individual business, faith-based organizations, not-for-groups, schools and academia, and all levels of government, to understand risks and determine the capabilities needed to achieve preparedness. Specifically, the THIRA process includes:
- Identification of threats and hazards of concern.
- Description of threats and hazards, showing how they may affect the organization.
- Establishment of preparedness goals to define success.
- Estimation of resources required to achieve the preparedness goals using community assets and shared resources.
Additionally, the THIRA process ultimately helps organizations answer the following questions:
- What do we need to plan for?
- What shareable resources are required to be prepared?
- What actions could be employed to avoid, divert, lessen, or eliminate a threat or hazard?
Planning for Future Emergencies and Disasters
With today’s complex and tech-driven world, the interdependencies of our infrastructure and systems create vulnerabilities that differ from the past. Therefore, it is imperative for businesses and public sector organizations to assess inherent risks while taking a comprehensive approach to preparing for emergencies and disasters. Implementing an All-Hazards planning approach to assess potential risks is a necessity to mitigate impacts to business operations and to ensure the safety of your workforce.
For more information, please contact:
CohnReznick, Government Advisory Practice
This has been prepared for information purposes and general guidance only and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its members, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.