Beyond the Straitjacket of Preparedness
© 2007 FrontLine Security (Vol 2, No 3)

Although it is difficult to actually pinpoint when emergency management emerged as a recognizable and distinct profession, it can safely be said that the idea or concept of practitioners schooled in risk management started to evolve in the 1990’s. By the early 2000’s, emergency management was both the buzzword and the business!

In the private sector, managers, concerned with enterprise risks and threats that might interrupt production, developed their own unique business continuity profession much earlier. In fact, this business continuity doctrine gave birth to the concept of emergency management as a profession for both the private and public sectors.

Though there is almost universal recognition of emergency management as a new profession, many practitioners have not made this intellectual leap to the world of emergency program and remain bound by the straightjacket of preparedness and response. This retards the growth of the profession and often results in emergency management programs unsuited to our rapidly changing environment.

Emergency Management
Traditionally, emergency programs have focused almost solely on preparedness and response. The generic “emergency plan” was all-important. On the other hand, Emergency Management consists of ongoing activities taken by a jurisdiction or entity to quantify and monitor the probability of likely risks and to prevent, mitigate, prepare for, respond to and recover from emergencies of all types. These activities should be integrated into a single coherent program. A comprehensive emergency management program incorporates an all-hazards risk management approach and integrates activities in the five core components of emergency management: prevention, mitigation, preparedness, response and recovery. The purpose of an emergency management program is to protect people, property, the environment and the economy. Of paramount importance is the protection of life. The optimal use of limited resources and the expected efficiency in this complex interrelated all-hazards environment has caused this shift in focus from the generic emergency plan to the more ­pertinent risk-based and comprehensive emergency management programs.

What Caused the Change
Although the concept of hazards and risks has been around for a long time, it has not, until recently, been applied to the realm of the emergency environment. This emergency environment has also changed in a dynamic way and requires professional risk management practitioners to analyze specific hazards and risks in an organized, comprehensive and logical manner. It is generally agreed that climate change, urbanization, critical infrastructure dependencies and interdependencies, terrorism and health risks associated with the increased mobility of people have changed the environment in which we now live. We must now handle emergencies in a different way.

The Importance of the Emergency Management Program
A program approach to deal with emergencies based on the management of risk is now essential. Simply reacting is not good enough. These programs must not only include the traditional focus on preparedness and response, but much more importance and emphasis must be given to prevention, mitigation and recovery. These additional core components of a program must be hazard specific in order to develop meaningful activities for prevention, mitigation and recovery. The starting point for the development of all emergency management programs is the hazard identification and risk assessment (HIRA) process. In business continuity programs, this is called the threat assessment but it is essentially the same, and the words “hazard” or “threat” are interchangeable.

The most important issue is to understand that the key part of the HIRA process is the assessment of the impact for a given risk or threat. It is the impact of a condition, event or situation that must be dealt with by the emergency manager. So, the program must deal with the potential impact of a hazard or threat. In the first instance, the aim must be to prevent the impact of the hazard or threat. If we can’t do that, then we must seek to mitigate the effect of its impact, be prepared to respond to it and recover quickly from any consequences.

The Straightjacket
So, what is the straitjacket? It is in our thinking process when we develop or modify our programs. The first question most ask is “How do I respond to the impact of a particular hazard or threat?” In program design, this is also usually dealt with first, then preparedness and recovery and lastly prevention and mitigation. This approach often leads to faulty conclusions and subsequently unnecessary or unrelated activities in the program.

The program core components are a continuum and activities are interrelated in certain ways. The proper logic sequence should be as follows: “How can I prevent the condition, situation or event from happening?” Then, if I can’t totally prevent it from happening: “How can I mitigate the impact if an event occurs?” Next: “How can I be prepared to respond to the immediate impact of the event?” And, finally: “How can I recover from the impact of the event?”

This approach leads to an integrated list of activities for each discreet component of the program and usually ensures it accounts for and coordinates the inter-related aspects among components. Also, it will definitely ensure the new core components of prevention, mitigation and recovery receive proper emphasis. This appears so self-evident that one should ask why we have been restrained in this straightjacket. The answer is quite simple. As human beings, we like to deal with what is familiar to us first, with what we know!

This new way of developing a program and integrating the activities in each core component is more financially prudent since it also relates the activities in respect of cost effectiveness. Investment in one portion of the program, particularly prevention and mitigation, will lead to reduced or no costs in other parts, particularly when conditions, events and situations are prevented or mitigated.

There is one more interesting intellectual challenge in dealing with the additional components of prevention and mitigation. Many practitioners do not think you can prevent the impact of natural emergencies. This again is caused by the straightjacket of our thinking. They would like to exclude prevention as only being suitable as a component for technological or human-caused emergencies. Permit me one example to disprove this. One cannot prevent the rains, but one can sometimes prevent the impact. If there is no infrastructure or people in the flood zone, then there is no impact from the flood! What is the prevention measure? Land use planning and zoning!

Continuity Programs
Continuity programs are simply emergency management programs that focus specifically on the internal hazards and threats and critical external linkages of a specific jurisdiction or entity. Continuity programs are required for all entities, public or private, business and industry, government and non-government organizations (NGOs).

October 2007 - Biloxi, Mississippi - Workers remove debris left from Hurricane Katrina along the Tchoutacabouffa River. FEMA funds wet debris removal which the Coast Guard oversees. (Photo: Jennifer Smits/FEMA)

Governments, albeit only lately, are beginning to understand the importance to them of continuity programs. Thus the terms “business continuity” for business and industry and “continuity of operations” for government continuity programs have evolved. The reality is that all these programs should simply be called “continuity programs”, as separate and artificial distinctions are no longer required. Common criteria are used for all types of continuity programs.

To be truly effective, private and ­public sector continuity programs must consider the external hazards identified in the community HIRA process, for if these potential hazards occur, there will be an impact on all sectors of the particular jurisdiction. Hurricane Katrina was a good example. Many of the industries located in New Orleans had continuity programs, but had they considered the cumulative impact of the natural hazards that could affect all sectors of New Orleans at once? I suspect not!

Lastly, continuity emergency management programs can stand alone for a jurisdiction or entity or, preferably, be included as a part of a full comprehensive emergency management program at regional or higher levels.

Other Straightjackets
In some jurisdictions, the word “preparedness” defines the sum total of all activities used to deal with emergencies, and thus is often broadly applied to all activities in an entire program. This thinking causes much confusion in the profession. The overall business program should be called “emergency management,” not preparedness!! Preparedness is simply one component of an emergency management program.

Other terminology traps exist. Some emergency programs have been arbitrarily divided into “crisis management” and “consequence management”. This artificial division was required when the focus was only on preparedness and response. Law enforcement and security agencies usually fall into this trap. For example, think of the hazard of terrorism. Law enforcement and security officials are usually responsible for the prevention (detection, intelligence, apprehension, etc.) and mitigation activities concerned with terrorism, but seldom feel responsible for the impact of terrorist activity. Someone else is usually responsible for the “consequences”. From a program development perspective, the complete program would be more coordinated, integrated and effective if one entity was responsible for overseeing all relevant activities. Once a comprehensive risk-based all hazards program is developed, all of the activities taken before the emergency fall under the core components of prevention, mitigation and preparedness. Activities taken during and following an emergency are included in the core components of response and recovery. Crisis and consequence management are thus irrelevant as terms in an integrated emergency management program.

Finally, if we do not use the term “crisis” to describe the program, then we certainly should not use it to describe communications activities during an event. I have never liked the term “crisis communications” and am always amazed that professional communicators stick with it. The term itself subliminally indicates confusion, disorganization and uncertainty. The term “emergency information” is much preferred in my mind.

A proactive approach to deal with emergencies based on the management of risk, not simply reacting, is the standard for modern emergency management. The development, implementation and maintenance of comprehensive programs that deal with all identified hazards are expected. Such programs must not only include the traditional focus on preparedness, response and public safety, but must also be integrated with security and law enforcement programs (public security) to be truly effective. All public and private sector programs must examine external hazards and threats as well as internal threats and be completely integrated throughout. This is the challenge of the new profession of emergency management!

The implementation of comprehensive risk based all hazards emergency management programs will ultimately save lives, protect property and the environment and ensure a secure, flourishing and productive economy. This will prevent some emergencies before they occur, lessen the frequency and impact of others, permit timely and effective response to the worst ones and speed up the recovery process following an event. Jurisdictions and entities will become safer, more secure and sustainable at this enhanced level of disaster resilience.

Doug Harrison was a member of Emergency Management Ontario for 15 years and retired as the Deputy Chief (Acting Chief) in 2005. He is now President of Georgian Emergency Management & Associates.
© FrontLine Security 2007