by Geoffrey Harris
Published in INsite October-November 2006
The divide between security risk management and emergency risk management was generally accepted as normal prior to the events of September 11, 2001. This date was the start of a new continuum when the traditional concepts of security management and their capacities to respond to emergencies were being seriously challenged. As terrible events followed ‘9/11’, such as the Madrid and London bombings, the integrity of lifesafety systems, assets protection resources and business continuity planning has become increasingly entrenched as an agenda item for boards and senior management. Some of the momentum was attributed to higher expectations in corporate governance by government regulators, the courts, insurers and the community. The ideal situation of eliminating the risk of events (prevention) that had high consequence but relatively ‘low’ likelihood such as terrorism, deliberate food contamination, arson and violent intrusions has received considerable attention. However, with the realisation that elimination is mostly not possible, systems needed to be in place to mitigate risks (security risk management), respond to events (emergency management) and allow return to ‘normal’ business activity (disaster recovery) as quick as possible has become a priority.
However even today, many boards remain ill-informed about the true picture of their security risk management (SRM), emergency management (EM) and if emergencies are not immediately controlled – their disaster recovery (DR) capabilities. Without an independent and expert assessment, a true picture can never be gained. On the other hand, there are those directors, that are not just asking the right questions about their SRM, EM and DR but are going even further by demanding that the three areas are seamlessly integrated; strategically and operationally.
Standards Australia is doing wonderful work developing a range of standards either directly on, or related to, the areas. Recently, Standards Australia conducted a security forum to expose and display a few of these Standards to an audience of about 190 senior executives. Standards will always be a work-in-progress. As a member of AS 3745 (which deals with emergency procedures), I presented an overview of this important Standard. One of the questions that I asked the audience (of around 200) was ‘How confident do you feel that your SRM and Emergency Management is properly integrated?’. Only five or so people raised their hands. Numerous people informed me afterwards that it was time they assessed their own situation.
Directors and facility management should consider:
A coroner once said that there are two types of emergency plans; those that have failed and those that will. Directors must be in a strong position to prove him wrong.
Geoffrey Harris MAICD, MPS, BCom, DipCrim is a senior associate of Harris Crime Prevention Services, a national specialist and independent security risk management consultancy established for the Health and Aged Care sectors. Geoffrey has over 20 years advising senior management on the strategic and operational levels of SRM and ERM.
Harris Crime Prevention Services provides on an occasional basis articles by other Industry experts, such as: How Airports apply designing out crime principles