Where Organizations See a Need for Support in 2016 – are Priorities in line?
What is your Crisis Strategy for 2016?
Do you know what your organization’s greatest need for support will be this year? Firestorm surveyed more than 300 participating organizations to gather insights regarding what the biggest areas of support concern are for 2016.
Although no single response is dominant, the two categories that respondents highlighted as being of support focus are Training and Testing, and Crisis Management and Communications.
It is not surprising to see Training and Testing and Crisis Management and Communications as support priorities for 2016. In some ways, these are tangible initiatives: we can craft message maps; we can hold face-to-face tabletop exercises; we can test on and measure the results of action taken, and we have resources allocated for these areas. But are we missing preliminary or concurrent priorities?
Seeing Planning and Intelligence and Assessment and Analysis at lower priorities may mean that participants in our survey feel they have already completed the necessary first steps to resiliency – the Predictive and Planning stages. Assessment and Analysis however, should be ongoing at all times in any organization.
We’ll make a similar observation on Violence Prevention being of least concern as indicated by survey responses; it is our hope that after years of educational resources and working with Firestorm, violence prevention programs are complete and in place. What we hope is that this is not a symptom of disaster denial. What we know is that hope is not a plan, and that roughly 2 million workers a year are affected by some form of workplace violence.
We also know that every organization should assess its level of preparedness on a regular basis – not just as a first step or as a step to be completed once, but as an on-going practice. Climate and culture change can bring new risks and threats. Once-a-year, check-box compliance can – and will – put your people and property at risk.
Assessment does not have to be costly or laborious. Assessment can be a tool to assist you in program adoption that is specific to your needs – quickly, cost-effectively and in compliance with best practices and standards.
Some Firestorm Assessments include
- Behavioral Threat Assessment (BeRThA®)
- Business Continuity Self-Assessment
- Business Impact Analysis
- Social Media Risk Assessment
- Workplace Violence Assessment
- Threat Assessments
Each Firestorm Self-Assessment is completed in one sixty-minute interview. Based on your answers to questions spanning multiple dimensions of readiness, a Firestorm Self-Assessment will provide a complete, high-level review and measurement of your program against industry best practices. The resulting numerical ratings generated will represent key pieces of business data in the relationship of one or more dimensions. Firestorm recognizes this as your PREACTION INDEX™.
The PREACTION INDEX™ and related analyses of key measurement points can be focused on numerous areas of overall business preparedness. An organization may then:
- Measure programs against best practices
- Appraise programs against industry standards
- Provide executives with a clear, concise picture of overall program performance
- Determine preparedness
- Evaluate readiness
This is Critical Decision Support – how we assist in every stage and during critical times.
What are your focus areas for 2016? Have you had the conversation?
Remember, the value of a company is a direct function of its ability to sustain revenue generation and profitability. This conclusion may seem obvious. However, most corporations lack compliance programs to assure shareholders, employees and clients that the corporation can continue to perform in the face of known identifiable vulnerabilities.
Everything is foreseeable. Anyone can be found accountable.
If directors and officers neglect to prevent or mitigate foreseeable disasters or prepare for those that are not preventable, the business-judgment rule will not shield them. They are exposed to liability if they fail to act in good faith and exercise due care.
A plan alone does not guarantee that an organization has everything in place. Crisis and consequence management are part and parcel of responsible corporate governance. It is a liability issue, and one that may not seem foreseeable, much less fair. The Port Authority of New York and the landlord of the World Trade Center were found to be twice as liable as the terrorists responsible for the bombing in 1993. The court held that the Port Authority should have foreseen the possibility.
Continuity planning is a strategic governance issue.
Proper crisis and disaster planning requires that an organization Predict the vulnerability, Plan the response and Perform when the event occurs. The Predict phase will classify the critical vulnerabilities, identify key emergency personnel, ascertain critical decisions, analyze gaps, identify infrastructure and supply chain needs and define communications requirements.
The Plan phase will develop the strategy, construct the plan and involve the appropriate personnel to assure their buy-in and commitment.
The Perform phase will establish protocols for implementation, community involvement, communications, test exercises, audits, reviews, updates and compliance. A well-designed and executed plan can transform a crisis. Often, plans are not updated to reflect ongoing changes within organizations, thus creating unforeseen vulnerabilities.
Disaster Due Diligence™ and sound governance demand that organizations develop, maintain and test comprehensive business continuity plans since:
- Organizations are susceptible to a variety of disasters and crises, both natural and man-made;
- Disasters and crises are predictable;
- Organizations with business continuity plans are better prepared to survive a disaster if one occurs;
- Disaster Due Diligence™ is necessary.
If Disaster Due Diligence™ is not performed:
- Investments can be impaired;
- Strategic investors can be brought into the issues more directly than desired;
- Compliance requirements may not be addressed;
- Investments would be based on luck, not strategic plans.
Take this article and the below list, sit down with your teams and discuss these key areas and ascertain: Is everyone on the same page? Is everyone in agreement on priorities? Do you know where to start? Are resources appropriately allocated?
- Training and Testing
- Crisis Management and Communications
- Business Continuity
- Cyber Risk
- Risk Management
- Planning and Intelligence
- Assessment and Analysis
- Critical Decision Support
- Violence Prevention
Whatever you determine to be your greatest need for support, we can help and our teams are ready to assist.