National standards, such as NFPA 1600, provide the criteria for developing, implementing, and evaluating an emergency management and business continuity program—a preparedness program. One of the most important elements—the foundation of the program—is management support. Without management commitment, direction, and support, the program is apt to collapse over time because the foundation cannot support the structure.
Management will ask “what is the business case for preparedness?” as they assess how much must to invest in the program. The answer to the question is a blend of good governance, effective risk management, and building resiliency into the organization to ensure the organization can grow and compete over time.
There are many reasons for investing in preparedness:
- Regulatory compliance
- Legal liability
- Insurance program requirements
- Rating agency criteria
- Customer requirements
- Competitive advantage
- Business “resilience”
There are many regulations that require preparedness. Occupational Safety and Health Administration (OSHA) standards require emergency action plans and fire prevention plans. Standards for medical treatment, firefighting, rescue, and hazardous materials response may apply depending upon facility location, hazards on-site, and other factors.
Besides OSHA standards, there are many other regulatory requirements that dictate elements of the preparedness program. These include:
- Building codes
- Fire prevention codes
- Life safety codes
- Americans with Disabilities Act and Executive Order #13347
- Environmental regulations
- Information security and privacy regulations
- Industry-specific business continuity requirements
- Homeland security requirements
Beyond regulations, there are many industry “best” practices that should influence or may be the basis for parts of your program.
When an incident results in casualties, third party losses, or customer impact, litigation often follows. The legal perspective continues to be written, but it takes into account foreseeability of hazards, the magnitude of potential impacts, and the standard of care exercised by those who could have prevented or mitigated the incident. The evolving “standard of care” is continually redefined by civil litigation and the national standards that the courts have used to render judgments.
If you’re looking for incentives to make the case for preparedness, insurance cost savings may be one. Well protected businesses with large insurable values are often able to qualify for the competitive rates and favorable policy terms of “highly protected risk” insurance underwriters. Smaller facilities that are rated on a grading schedule may also benefit from enhanced protection.
Standard & Poors announced in 2008 that their rating surveys would look at the ability of a company to recover following an emergency. It remains to see whether this will be meaningful as the 9/11 Commission had intended when it endorsed a national standard for preparedness.
The quest for maximum efficiency has eliminated redundancy and excess capacity. Single suppliers are commonplace as businesses attempt to minimize costs and streamline the supply chain. Unfortunately, these efforts have increased the potential for business interruption. Large and medium sized businesses recognize the vulnerability of their supply chains and the need for their suppliers to implement business continuity plans. Preparedness is now a customer requirement and subject to audit.
Business leaders are motivated by their vision for growth and development of their organization’s potential. They must also be concerned about the expectations of stakeholders. Business “resilience” is an increasingly common term used to describe the ability of an organization to continue to meet its customers’ needs even in the face of interruptions or disruptions. The Council on Competitiveness reported[1] “Leading organizations do not manage specific scenarios, rather they create the agility and flexibility to cope with turbulent situations. The investments and contingency plans these leading companies make to manage a spectrum of risk create a capability to respond to high-impact disasters as well.”
Making the Business Case for Preparedness
There are many factors that should be considered when selling management on the need for preparedness. Connect the need for preparedness with your organization’s mission and vision and management’s goals and objectives.
If a company has experienced a significant event in the recent past, that experience often influences management thinking. If a major incident occurred in the past and the current management team is unaware of it, then a carefully crafted review of the impacts of the incident may help them to understand why preparedness is so important.
If your organization has not experienced a major incident, but one has occurred within a peer in your industry, a review of that incident may resonate with your management. Research “lessons learned” to find case studies.
How much should be invested?
How much to invest in the preparedness program is difficult to define. At the very least, minimum regulatory and customer requirements must be met. If you want to be “best in class,” your program must be dynamic and integrated into day to day operations and management decision making.
A careful assessment of the broad spectrum of risks, vulnerabilities, and impacts; prevention and mitigation strategies; and the scope and implementation of your emergency response and business continuity program will provide you the information needed to decide.
[1] The Resilient Economy: Integrating Competitiveness and Security, Council on Competitiveness, 2007
Posts
