Emergency Risk ManagementAuthor(s): Alan HodgesReviewed work(s):Source: Risk Management, Vol. 2, No. 4 (2000), pp. 7-18Published by: Palgrave Macmillan JournalsStable URL: http://www.jstor.org/stable/3867920 .Accessed: 30/01/2012 00:47

Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at .http://www.jstor.org/page/info/about/policies/terms.jsp

JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range ofcontent in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new formsof scholarship. For more information about JSTOR, please contact support@jstor.org.

Palgrave Macmillan Journals is collaborating with JSTOR to digitize, preserve and extend access to RiskManagement.

http://www.jstor.org

Risk Management: An International Journal

Emergency Risk Management

by Alan Hodges1 The publication in 1995 of an Australian -New Zealand Standard on Risk Management provided a logical and systematic processfor examining risk and determining treatment options. After national consultation, the approach taken by the standard has been adapted to make it appropriate to the needs of the Australian emergency management community. The resultant policy of emergency risk management is now underpinning management-level emergency management training and is to be applied at a practical level in community settings.

Key Words: Risk; risk management; emergency management; disaster management

Introduction

The protection of life, property and the environment from the effects of disasters is a responsibility of State governments in Australia. The Federal government has no constitutional role, but it has an obvious interest in such matters. In addition, disasters are inevitably political and media events, and are the focus of widespread attention.

Twenty-five years ago the Federal Government established Emergency Management Australia2 (EMA) to coordinate physical assistance to the States during disasters. While this coordination is an important and continuing role, EMA is also heavily involved in working with the States to raise emergency management capabilities across the nation. It does this through development and delivery of education and training at middle-to upper-management levels, and by providing leadership in promoting policies, practices and arrangements through cooperative Federal-State committee arrangements. It is in this environment that EMA, over the last five years, has been

promoting emergency risk management as the fundamental basis for determining how to minimize threats to life and property from both natural and technological disasters.

In this paper the approach taken in the Australian - New Zealand Risk Management Standard is examined. Various catalysts of change for the integration of risk management into emergency management are then identified. Finally, the implications for emergency risk management are examined. For this paper, the following definitions apply:

* 'risk': the chance of something happening that will have an impact upon objectives. It is measured in terms of consequences and likelihood;3

* 'risk management': the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects;4

* 'emergency risk management': a systematic process producing a range of measures which contribute to the well-being of communities and the environment.5

Copyright © 2000 Perpetuity Press Ltd Page 7

Risk Management: An International Journal

The risk management standard

In 1992, Standards Australia raised by circular letter the need for a standard on risk management. The following year, Jean Cross, Professor of Safety Engineering at the University of New South Wales, chaired a widely-representative Joint Technical Committee which worked during the next two years to develop an Australian - New Zealand Standard on Risk Management (ANS/NZS 4360: 1995). Before publication of the standard, Professor Cross wrote that:

The implications are as yet uncertain since its impact will depend on the extent to which government and major industry decide to take up the standard ...6

Although the standard might receive little attention, she considered that, in view of the significant interest at the public comment stage of its development, this was unlikely.

Her confidence was well placed. The standard has had a significant impact in Australia and New Zealand and has attracted worldwide attention. It was revised and republished in April 1999,7 and it is this later publication which will be used here in describing the approach to risk

management.

Figure 1 below provides an outline of the main steps in the process. In essence, risk management is the systematic application of management policies, procedures and practices to the tasks of establishing the context, and to those of identifying, analyzing, evaluating and treating risks.

Monitoring and review, and communication and consultation, are also key elements of the process.

Figure I. Risk management overview

A more detailed explanation of the risk management process is shown in Figure 2 below. The standard provides quite detailed guidance for each aspect of that process.

Alan Hodges Page 8

Risk Management: An International Journal

Figure 2. Risk management process

i Establish the context

* The strategic context * The organizational context * The risk management context * Develop criteria * Decide the structure

v

Identify risks * What can happen? * How can it happen?

Analyze risks

Determine existing risks

Determine Determine likelihood consequences

l I Estimate level of risk

Evaluate risks * Compare against criteria * Set risk priorities

t

Treat risks * Identify treatment options * Evaluate treatment options * Select treatment options * Prepare treatment plans * Implement plans

Alan Hodges

4 4 t

cj-~

0 ct

E: E C

u

a0

0 .- 0 tt

;..

r: .1

0

T-

v

v

I

I

Page 9

Risk Management: An International Journal

The first step is to examine the strategic, organizational and risk management context within which the analysis will take place. In this step it is appropriate to examine the criteria against which risks will be evaluated and to determine the structure, or set of elements, for subsequent analysis. It is important that examination of the context is undertaken at the outset, to provide the framework for the following risk analysis. This requires a thorough examination of the operating environment and a full understanding of organizational policies and goals, so as to decide whether a risk is acceptable or not.

The second step involves identification of all the risks which need to be managed, together with possible causes and effects. If risks are not recognized in this step, it is unlikely that they will be controlled. In an organizational setting, it is also necessary to consider risks which are outside the entity's control.

Analysis of risk, the third step, has two key elements: likelihood and consequences. By combining analyses of these elements, an estimate of the level of risk can be derived in the context of existing control measures. During the analysis stage, minor, acceptable risks can be identified and put to one side. Depending on the degree of risk and the availability of accurate data and resources available, analysis may be qualitative, semi-quantitative or quantitative. When a qualitative approach is used, the level of risk can be estimated as extreme, high, moderate or low. A possible allocation of these estimates for different combinations of likelihood and consequences is shown in Table 1 below.

Table I. Qualitative level of risk

Consequences Likelihood

Insignificant Minor Moderate Major Catastrophic

Almost H H E E E certain

Likely M H H E E

Moderate L M H E E

Unlikely L L M H E

Rare L L M H H

Legend: E = extreme, H = high, M = moderate, L = low.

After the analysis process, the risks can be evaluated. This involves a comparison between the level of risk identified and the previously-established risk criteria. From this can be derived a list of risks in priority order. Some of these might be at such a level that the risk can be accepted and treatment may not be required. Nevertheless, they should be documented, monitored and periodically reviewed to ensure that they remain acceptable. The other risks will require further consideration.

For those risks which are unacceptable, four options (which are not necessarily all appropriate or mutually exclusive in all circumstances) are available:

Alan Hodges Page 10

Risk Management: An International Journal

* Avoiding the risk. Very careful consideration needs to be given to such a course, as the level of other risks might potentially be increased.

* Reducing the likelihood. Modifying the hazard can be undertaken by a range of measures, depending on the circumstances. For instance, it might require revision of organizational arrangements, implementation of preventative measures, application of technical controls, or initiation of research and development.

* Reducing the consequences. The impact can be reduced by such means as contingency planning, recovery plans, engineering and structural barriers, and design features.

* Transferring the risk. By use of contracts, insurance arrangements and organizational structures (such as partnerships), the risk can be transferred or shared. However, such arrangements may not reduce the level of risk to society. Additionally, there is the added danger that the organization which has the new responsibility may not manage that risk.

Despite these actions, there may be residual risk which is retained. Planning will therefore be required to manage the consequences of this.

Following the identification of options for risk treatment, there will be a need for an assessment process. The process should take account of the extent of risk reduction and the likely benefits which can be achieved. Obviously, high reduction in risk for low cost should be implemented. As the costs rise and the benefits diminish, careful judgement will be required, and there

may come a point where it is clearly uneconomic to increase expenditure to lower the risk further. Again, in such cases judgement is required so as to reduce the risk impact to as low a level as is reasonably practicable.

Plans must then be prepared, for implementing the selected options, to enable management to control the risks. Such plans should identify responsibilities, the actions required, performance measures, and the expected outcomes of treatments, and should provide a basis for assessing effectiveness. While responsibility for risk treatment is best placed with those able to control the risk, a management system is also required which ensures that the plan is

effectively implemented. As shown in Figures 1 and 2 above, the need to monitor and review is part of a closed loop sequence. There is a constant need to be alert to changing circumstances, as risks will change over time, in respect of either the likelihood of occurrences, or their consequences, or both. Identification of a regular review process would be a very sensible inclusion in the plan.

A major difference between the 1995 and 1999 standards is inclusion in the latter of the need for communication and consultation. Experience has shown that these actions, for both internal and external stakeholders, are required for every stage of the process. Communication has to be two-

way to enable effective consultation to occur.

Each stage also requires documentation to be completed so as to satisfy an independent audit. The inclusion of assumptions, methods, data sources and results will produce an audit trail which will demonstrate the process. Such documentation will also make subsequent monitoring and review much simpler.

While the standard has not introduced significantly new concepts to the analysis and management of risk, its development and subsequent endorsement has definitely been of immense benefit. The thorough process of consultation, implementation and eventual revision has resulted in a risk-management approach which has gained wide acceptance in Australia and New Zealand.

Alan Hodges Page 11

Risk Management: An International Journal

There is an agreed methodology which is well understood and accepted and, as a result, use of the standard's approach is now being increasingly demanded in risk analysis, by both government and private enterprise.

A major benefit of the standard is the strong emphasis it gives to identifying risk as an integral part of the management process, as well as to the need for a multi-disciplinary team to undertake risk analysis. On the other hand, undertaking a thorough risk analysis should not be taken on

lightly. The step-by-step process in the standard can demand a major commitment of staff to

carry it out thoroughly, and certainly requires full support at management level.

There has been interest by other countries in the approach, but none has so far gone to the next

step of developing an agreed standard. This is surprising, given the international interest in this topic and the benefits which would flow from the formal endorsement of a standard by national or multi-national standards organizations. Such a development task need not appear daunting; in fact, it is likely to result in wide interest and involvement. It requires, however, a small group of 'champions' who are prepared to take charge of the project and drive it through to fruition.

Catalysts of change in emergency management

Guidelines for managing risk in the Australian Public Service The mere publication of a standard which provides a generic guide on risk management is, in itself, insufficient to ensure that it is adopted by an industry sector. Although the standard can contribute to change, other 'drivers' are required; several of those relating to the emergency management sector are described in the following paragraphs.

In 1995 the Management Advisory Committee and Management Improvement Advisory Committee of the Australian Public Service issued an 'exposure draft' on Guidelinesfor Managing Risk in the Australian Public Service. The final document8 was published the following year. Although it was directed primarily at goverment agencies, the approach was widely applicable in the community. In essence, the Guidelines provided an easily-readable explanation of the use of the risk management standard in government, and also included a number of case studies illustrating persuasive success stories.

The Guidelines note that the alternative to risk management is risky management. They highlight that managing risk requires rigorous, responsible, balanced and forward thinking. They promote the standard's formal step-by-step process for significant decisions, such as:

* policy changes;

* project management;

* the management of sensitive issues;

* expenditure involving significant sums of money; and

* the introduction of new procedures and strategies.

Moreover, the Guidelines also encourage use of the approach, even if only in an informal manner, in all decision-making, as risk is inherent in all we do.

Alan Hodges Page 12

Risk Management: An International Journal

The Guidelines were significant in raising awareness of the standard's approach within government agencies, and certainly assisted in preparing the ground for change in the field of emergency management.

National emergency risk management workshop The publication of the standard in 1995 excited interest among a number of staff members of EMA and other emergency management practitioners. As a result of their influence, in March 1996 EMA conducted a national workshop at its Australian Emergency Management Institute to consider the application of the risk management concept to emergency management in Australia. There was an awareness, however, that this workshop had potential to create division, as there was strong national acceptance of the existing approach to emergency management in Australia. This approach involved concepts of:

* 'all hazards' (a single set of management arrangements capable of encompassing all hazards);

* 'all agencies' (the establishment of arrangements involving all agencies);

* 'a comprehensive approach' (planning which involves all four elements of a 'PPRR' process, ie prevention, preparedness, response and recovery); and

* the 'prepared community' (recognizing the community as a primary focus of emergency management).

Although the PPRR areas are not mutually exclusive, there had been a tendency for each to be seen to some extent as separate functions, thereby leading to differing levels of interest and

support, regardless of community benefits.

Over 30 participants from emergency service organizations, local government, State government agencies, the insurance industry and industrial organizations attended the workshop. Following presentations, discussions and breakout sessions over three days, the participants agreed9 that the risk

management standard would be of value to Australian emergency management arrangements because:

* governments and corporations are increasingly using risk management processes;

* the risk management process provides a common language and process across all

organizations;

* it is a formalized, systematic process of analysis and decision-making;

* emergency management can be promoted more effectively through risk management; and

* emergency management should dovetail into the broader risk management process.

Workshop participants also agreed that specific guidelines were necessary for the implementation of the standard within the emergency management industry. It was also proposed that the term

'emergency risk management' be adopted to reflect the multi-agency aspect of the industry. Two key recommendations from the workshop were that:

* Australian emergency management should embody risk management principles; and

* guidelines (based on the standard) should be developed appropriate to the Australian

emergency management industry.

Alan Hodges Page 13

Risk Management: An International Journal

In September 1996 these recommendations were put to Australia's peak emergency management policy body, the National Emergency Management Committee,l° which agreed:

* 'to commend risk management principles as a tool for use in the emergency management community';

* 'that emergency risk management documentation based on the risk management standard should be developed appropriate to the Australian emergency management industry's needs'; and

* 'to incorporate the risk management approach into relevant education and training and into principles and practice publications."'

Subsequent action was by no means immediate. There was a lack of understanding of the implications in many areas and a fear that existing concepts and principles, which have stood the emergency management community in good stead, would be abandoned. What followed was an extensive period of communication and consultation, an experience which was to be influential in including these approaches in the 1999 revision of the standard.

Supporting publications

In mid-1996 Patrick Helm, of the Department of the Prime Minister and Cabinet in New Zealand, published a paper12 in a Ministry of Civil Defence joural. This was important in raising awareness of the application of the risk management process in the disaster context.

The general risk management approach was not new to New Zealand, which since 1987 had adopted a policy of sharing risk management between central government and local authorities. The policy required local authorities to identify hazards in their areas of responsibility and to introduce strategies to reduce the consequences of disasters. This required a comprehensive approach to loss prevention and risk management. A somewhat similar scheme has more recently been adopted in Australia, whereby the Federal government's financial contribution to States to assist recovery from recurrent disasters is contingent on appropriate mitigation measures being taken at State and local government levels. The concept has not been universally welcomed by local governments, as they already have many competing pressures for expenditures. Nor have the New Zealand principles been adopted universally by local authorities in that country.'3 Nevertheless there is a clear message in both countries that disaster mitigation is an important component in a total risk management approach to protecting communities from the effects of disasters.

Helm also noted that risk management '... offers a structured, systematic and consistent approach that forces the analyst into understanding the total risk picture'. Importantly, he saw that it forms an overlay on the emergency/disaster process, and here he was challenging the status quo. While Australia and New Zealand subscribe to the comprehensive approach to emergency management via the PPRR process, it would be fair to say that the major emphasis in both countries has been on the capability to respond to disasters. Risk management, however, requires a more thorough analysis of solutions. For instance, the marginal benefit from the application of resources to both prevention and response should be equal. Helm emphasized that each step in disaster management required support '... commensurate with its importance or potential for improving the outcome'.'4 In concluding, he stated that:

Risk management strategies of themselves cannot guarantee better performance because of both the role that chance and uncertainly play, and the vagaries associated with human

Alan Hodges Page 14

Risk Management: An International Journal

intervention. But the methodologies used for assessing risk can contribute to understanding where the most serious components lie. They can point to the more promising control options, assist policy development, and inform the allocation of resources.15

In mid-1996 an article by Smith et a116 foresaw the possibility of the concept of risk management providing both a foundation for a cultural shift and a stimulus for integrating services. The authors saw the move towards the risk management approach as leading to a shift towards prevention and increased service diversity, to community empowerment and responsibility, and to increased

inter-agency cooperation. They also considered that the major focus in Australia has been on event management, and so significant capabilities have been developed, using both permanent staff and trained volunteers, to combat hazardous events. This has inevitably led to further investment of resources in response capabilities, rather than recognizing a more holistic approach.

This article raised important issues questioning the priorities given to the various PPRR elements, and recognized the need both for close involvement of the community in risk management processes and decisions, and for a much greater understanding of the vulnerability of communities or elements of communities. Hence, in the emergency management context, risk management can be very much concerned with people, with the impact of a hazard on them and with their

response to a situation.

Papers by Salter, Koob and Tarrant17 were also important in promoting emergency risk

management.

Implications of emergency risk management

Notwithstanding the influence of the National Emergency Management Committee and its views on the usefulness of the risk management approach, there was a need to have wide industry involvement in building a consensus for adopting the risk management approach and in taking the next step of producing guidelines for emergency risk management. A national steering committee was formed to develop guidelines which blended traditional emergency management approaches with emergency risk management.

The Emergency Risk Management Guidelines which resulted follow the various steps in Figure 2, but with some variations. Whereas the standard is directed primarily towards the analysis of organizational risk, its application to emergency management requires a strong emphasis on community consultation and involvement. This is in distinct contrast to earlier emergency management approaches, whose prime focus was on hazard analysis. Such analysis is now part of a much more comprehensive approach.

Community consultation raises the complex issue of involving residents in identification of the types of risks affecting them and the probabilities of those risks occurring. The outcome could, for instance, reveal unperceived flooding risks, with a consequential downward effect on real estate values, or highlight a small, but nevertheless real, risk of catastrophic dam failure. Such matters have the potential to attract media attention and to escalate very rapidly to the political level.

The Guidelines are tailored to the emergency management environment in relation to:

* natural, technological, civil/political (terrorism, sabotage) and biological hazards;

* recognition of various community groupings (geographically-based, shared-experience, sector-based, functionally-based); and

Alan Hodges Page 15

Risk Management: An International Journal

* inclusion of concepts of resilience and susceptibility, to assist in determining community vulnerability.

A key to the acceptance of the emergency risk management approach has been to incorporate PPRR as options in the treatment of risks - importantly, this is the last step in the sequential process (see Figure 1). Prevention, preparation, response and recovery each need to be examined, and the benefits assessed as options, in the light of the judgements made in the risk management analysis up to that point. The analysis may well lead to the need for greater response capabilities, but such a decision will be made after comparing the benefits of, for instance, enhanced preventative measures.

The Guidelines have been incorporated into a comprehensive Applications Guide18 and have been endorsed by Standards Australia as an appropriate derivation of AS/NZS 4360: 1999.

Concurrently with this development, the Public Safety Industry Training Advisory Body19 has

incorporated risk management concepts and processes in the identification of common and sector-

specific training competency standards for national adoption.

As an example, in the competency standards 'management stream', which is common to all

emergency services, four training units have been developed, covering the five main steps in the risk management process. Each of the units has then been broken down into contributing elements, with associated performance criteria. For instance, the unit 'Establish context and develop risk evaluation criteria' has 'Clarify stakeholders' roles and requirements' as one of its five elements. One of the performance criteria for this element is: 'Stakeholders are informed of aims, objectives and the risk management context and structure within which they must operate.'

At the Australian Emergency Management Institute, three new courses ('Introduction to

Emergency Risk Management', 'Understanding Emergency Risk Management' and

'Implementing Emergency Risk Management') are being conducted or are in development, as the foundation of the Institute's curriculum. Publications to support the Applications Guide are also being developed, in the form of 'Implementation Guides' and an annotated bibliography. The courses are critical components of the implementation strategy as, over time, there will be a common national approach to implementing emergency risk management while the philosophy and the language are disseminated Australia-wide. Moreover, they will be an important means of

providing well-trained facilitators who are skilled in implementing the Guidelines in conjunction with community groups.

The next step is to apply the approach in a practical way. EMA staff will work with State emergency management staff to undertake comprehensive risk assessments at community level. Initial

community areas selected for these studies are the outer Melbourne suburb of Cardinia in Victoria, the North-West Tasmania region, a rural town in South Australia and the Jarrahdale-Serpentine Shire, south of Perth in Western Australia. Furthermore, the National Emergency Management Committee recently approved a strategic plan which includes an intention to undertake case studies in each of the eight Australian States and Territories.

If the enthusiasm of participants on the new courses is any guide, the development of an emergency risk management approach has been worthwhile. However, it is still at an early stage of

implementation and it will be some time before enough people have been through courses for the

concept to be applied in a business-as-usual way. A major challenge still ahead of us will be to ensure that the approach is accepted at the executive level.

Alan Hodges Page 16

Risk Management: An International Journal

Conclusion

The publication of the risk management standard in 1995 has provided an extremely useful and

systematic basis for examining risk. In its application to emergency management, the standard has resulted in widespread critical re-examination of the traditional Australian approach to

protection of life, property and the environment. The development, through extensive consultation, of emergency risk management guidelines is now providing a completely new basis for examining risks to communities and for determining treatment options as part of the process. The options still require consideration of traditional concepts of prevention, preparation, response and recovery, and so the old and the new have been successfully blended together to create an approach which is now being introduced nationally though publications, training and case studies.

Notes

1 Alan Hodges was until recently Director General of Emergency Management Australia, which is the Federal government agency responsible for reducing the impact of natural and man-made disasters on the Australian community.

2 Formerly known as the Natural Disasters Organisation.

3 Standards Australia, Standards New Zealand (1999) Risk Management, AS/NZS 4360: 1999. Strathfield, NSW: Standards Association of Australia, p 3.

4 Ibid, p 4.

5 Emergency Mangement Australia (1998) Australian Emergency Management Glossary. Canberra: EMA, p 41.

6 Cross, J. (1995) The Risk Management Standard. The Australian Journal of Emergency Management. Vol. 10, No. 4, pp 4-7.

7 Standards Australia, Standards New Zealand, op cit.

8 Management Advisory Committee and Management Improvement Advisory Committee, Australian Public Service (1995) Report No 22: Guidelines for Managing Risk in the Australian Public Service. Canberra: Australian Government Publishing Service.

9 Emergency Management Australia (1996) Emergency Risk Management Workshop. Mount Macedon

Paper No. 5. Canberra: Australian Government Publishing Service.

10 The National Emergency Management Committee comprises the Director General of Emergency Management Australia, as chair, and the chairs and executive officers of each State and Territory peak emergency management committee or other nominated officers

11 Minutes of the National Emergency Management Committee, Emergency Management Australia, September 1996.

12 Helm, P. (1996) Integrated Risk Management for Natural and Technological Disasters. Tephra. Vol. 15, No. 1,pp 5-13.

13 Ibid, p 5.

14 Ibid, p 11.

15 Ibid, p 13.

16 Smith, P., Nicholson, J. and Collett, L. (1996) Risk Management in the Fire and Emergency Services. In NDR 96. Proceedings of the National Disaster Reduction conference. Canberra: Institution of Engineers Australia, pp 377- 87.

Alan Hodges Page 17

Risk Management: An International Journal

17 Salter, J. (1995a) Disasters as Manifestations of Vulnerability. Australian Journal of Emergency Management. Vol. 10, No. 1, pp 9- 10; Salter, J. (1995b) Towards a Better Disaster Management Methodology. Australian Journal of Emergency Management. Vol. 10, No. 4, pp 8 - 16; Salter, J. (1997) Risk Management in a Disaster Management Context. Journal of Contingencies and Crisis Management. Vol. 5, No. 1, pp 60 - 5; Salter, J. (1999a) Public Safety Risk Management: Assessing the Latest National Guidelines. Australian Journal of Emergency Management. Vol. 13, No. 4, pp 50 - 3; Salter, J. (1999b) A Risk Management Approach to Disaster Management. In Ingleton, J. (ed.) Natural Disaster Management. Leicester: Tudor Rose, pp 111-13; Koob, B. (1996) The Context of Emergency Management. Australian Journal of Emergency Management. Vol. 11, No. 2, pp 1-4; Tarrant, M. (1997) Risk Communication in the Context of Emergency Management: Planning 'With' Rather Than 'For' Communities. Australian Journal of Emergency Management. Vol. 12,No.4,pp20-8.

18 Emergency Management Australia (2000) Emergency Risk Management Applications Guide: Australian Emergency Manual. Part II, Vol. 1. Melbourne: EMA.

19 A company established under Federal government arrangements for the furtherance of education and training in the public safety industry. Its board comprises employer and employee representatives from the fire, police, emergency services, defence and emergency management sectors.

Alan Hodges Page 18