Worldwide, 373 reported natural disasters killed over 296,800 people in 2010, affecting nearly 208 million others and costing nearly US$110 billion (CRED, 2011).

Australians are constantly reminded of their vulnerability to natural and man-made hazards. Australia’s history is punctuated by events that have caused significant destruction, community disruption, loss of life, injuries and trauma (Abrahams, 2001). 

Recent events across Australia and abroad reinforce the need for incident management teams to be adequately prepared for responding to a range of incidents at short notice. Incident management teams aim to reduce the impact of incidents on an organisation’s customers, infrastructure, the environment and community. 

Incident management varies in scope for different organisations. For large scale organisations, their priority will be to find longer-term accommodation, which could include schools, aged care facilities, motels and care for staff and occupants. They may need to relocate people, ensure their safety and then activate business continuity plans.

For essential services, for example – electricity providers, their priority will be restoring electrical networks to the community as quickly as possible while also ensuring their staff and the community are safe. Most of these organisations will have multiple locations where they can manage an incident from. 

This article aims to explore what’s required to ensure corporate Incident Management Teams function effectively. An organisation may have a combination of emergency response teams, incident management teams, business continuity teams and/or crisis management teams. To understand the relationships within this network, we must distinguish between an incident and a crisis.

Incident:

An incident relates to any event that arises that may adversely affect the organisation, persons or community and requires an immediate response. Typical examples range from bush fires, storms, floods, cyclones, earthquakes. Incident Management teams are used to respond to and manage incidents.

Crisis:

A Crisis is an event that impacts, or is likely to significantly impact an organisation’s commercial prospects and/or reputation. Business Continuity and Crisis Management Teams are used to recover an organisation from a crisis.

An incident may become a crisis if it leads to significant operational disruption, reputation loss, infrastructure damage, environmental damage or personal illness and injury. 

Incident management involves implementing plans and using personnel and equipment to achieve the tactical and task requirements of an incident response (Perry, 2003). Scalable Incident Management Teams are used to ensure it can effectively respond and address potential changes in the immediate incident environment. 

Many issues can arise for organisations during an incident. Having an incident management program will assist with mitigating the negative impacts of such issues: 

• Where there are multiple organisations involved
• Speaking with internal and external stakeholders
• Communicating with large numbers of staff and/or customers
• Injury, death or illness
• Major damage to property, infrastructure or the environment
• Resource requirements over an extended period of time
• Management of stress and trauma
• Media interest

What is needed to effectively manage an incident?

Following an industrial oil drilling incident, Crichton et al (2005) acknowledges that effective incident management requires complimentary interplay between people (social and cognitive skills) and structure (organisational and knowledge). Key elements that enable incident management teams to effectively manage an event include:

• An appropriately structured Incident Management Team
• A well structured, flexible incident management plan
• Effective leadership and team work
• Communication protocols
• Ongoing training and testing 

(i)        Incident Management Team 

To effectively manage an incident, a team should be established to maintain control and coordinate a response. The Incident Management Team should not be a rigid organisation but one that is flexible in size and composition to match the level of demands posed by an event. The Incident Management Team, however, should not become too large as it could over-extend the incident manager’s span of control. 

Should the incident cover a number of separate sites, each being individually managed, a higher-level Incident Management Team structure might be required. 

The advantages of implementing an Incident Management Team include:

• Effectively and efficiently controlling the incident
• Single management structure that brings together all resources
• Consistent application of incident management across an organisation
• Integration of activities and resources from multiple organisations
• Minimise impact on community and environment
• Ensure the welfare of people involved in the incident 

The Australasian Inter-service Incident Management System (AIIMS) outlines a standard structure for incident management including member roles, responsibilities, and operational procedures. This structure is commonly used by emergency services and can be implemented into corporate organisations. 

Key roles in AIIMS include incident controller, planning coordinator, operations coordinator, logistics coordinator and media or information coordinator. These roles must be clearly defined and communicated to all participants.   

• Planning — Gathering, maintaining and reporting of information. Assessing resource requirements, maintaining status on allocated resources and developing the incident plan.
• Operations — Assisting the incident manager in control and coordinating the incident. Assisting in the development of the incident plan and managing field teams.
• Logistics — Identifying and coordinating the provision of support, equipment and supply services for an incident.
• Communications — Establishing and coordinating communications between response teams at the incident site and to the Emergency Operations Centre (if activated).
• Media — Liaising with the media and developing a media plan for the incident (might not be part of the incident management team, but must have direct access to it). This coordinator may also coordinate communications with external stakeholders, for example managing information from the call centre to the public and customers.

Typically, members of the Incident Management Team will consist of general managers, operations managers, planning officers, internal communications staff, area managers and supervisors. Staff will step into their incident management roles to implement the incident management plan when required. 

(ii)       Incident Management Plan 

No two disasters are the same – they occur in different locations, geographies, with widely distinct infrastructure and access and different local capabilities and weather conditions (Patterson, 2006). Incident management programs should be structured to guide the incident management team but also remain flexible enough to react to any incident that may occur. 

A major challenge confronting Incident Management Team members with their separate functions, and the Incident Controller in particular, is ensuring they all share a common operational understanding, structure and consistency. This is difficult when managing extensive incidents where the separate functions (incident controller, planning, operations and logistics) aren’t located in the same room or even at the same location (McLennan et al, 2006). Therefore, incident management plans can assist with efficient information gathering and decision making. 

A suitable incident management plan allows the incident management team to respond to new developments and avoid responding in a sporadic or disorganised manner. The following provides a guide to what may be included in an incident management plan: 

• Impact assessment tools
• Trigger points indicating incident escalation points
• Staff induction checklists
• Incident Management Team roles and responsibilities
• Response procedures
• Emergency contact details
• Supplier agreements
• Incident Actions Plans
• Response checklists
• Roles and responsibilities checklists
• Information collection tools
• Communication protocols and templates
• Briefing, debriefing and post incident review (PIR) templates
• Meeting agendas
• Action logs

(iii)       Effective Leadership and team work 

Leadership principles during an incident are similar to leadership during ‘business as usual’ times. However, during an incident, leadership decisions have a greater impact due to the changing environment and stressful nature and time pressures of an incident. Effective leadership is exhibited by commanding respect, avoiding or minimising potential conflict between teams and defining a clear direction despite being under pressure (Flin, 1996 cited in Crichton et al, 2005). 

Not everyone is a leader. Hayes and Omodei (2011) suggest a combination of personal attributes and interpersonal attributes that are essential for a successful incident leader. Personal attributes should include a tolerance for stress, self awareness and good communication skills. Other skills including problem solving, effective decision making, interpersonal attributes including integrity and perseverance are also desirable. 

In addition to strong leadership, effective team work is essential for incident management success. Effective Incident Management Teams display a high level of monitoring and awareness. This awareness is a combination of self-awareness, where members monitor their own levels of stress and fatigue, and team-awareness, including monitoring other Incident Management Team members and anticipating their needs (McLennan et al, 2006). 

Working well together results in increased efficiency, combining individual unique skills and strengths to benefit the whole team, stronger relationships and therefore team unity. It can also promote a better sense of responsibility as team members are dependant on each other for success, increased creativity and a better feeling of support within the team. 

(iv)      Communication Protocols 

Communicating early can prevent an incident from escalating. To enable this, pre-determined templates should be established to minimise the time wasted developing communications from scratch. 

Pre-determined communications within the incident management strategy will identify all potential stakeholders, various message formats, media, frequency of communications and communications templates, including pre-formatted emails, faxes, media releases and phone messages. 

Effective communication is engaging, solution oriented, consistent, concise, factual and shows empathy. 

(v)       Ongoing Training and Testing 

Established incident management plans and teams significantly improve the efficiency of incident management. If, however, Incident Management Teams are not trained in a controlled environment the incident may not be responded to effectively. 

Regular incident exercises using incident management plans and teams will build a culture of awareness within the organisation, increase familiarity with the plans, identify gaps and deficiencies within the program and enable the organisation to effectively respond to an incident. 

To successfully meet the demands of incident management, personnel holding Incident Management Team leadership roles need a combination of personal attributes and knowledge. The findings of the Hayes and Omodei (2011) research found the key competencies required for Incident Management Team personnel include: interpersonal and communication skills, AIIMS knowledge and processes, management skills, leadership, flexible and adaptable analytical thinking and problem solving and a level head. 

These skills can be learned using a combination of structured internal external and training and role playing under controlled conditions. Exercises could include a realistic table-top exercise, a series of component testing on different aspects of the program or a full-scale exercise where all elements of the program and team are tested in as live an environment as possible. 

Do you need an Incident Management Team?  

Organisations in high risk industries as well as companies that provide essential services to the community, or organisations with a large geographical area need Incident Management Teams to provide a coordinated approach to organise the people, equipment and resources necessary to ensure an adequate response. 

For a corporate organisation to effectively respond to an incident, it needs a combination of a well-structured incident management team, a flexible incident management plan, effective leadership and team work, pre-established communications protocols and ongoing training and testing.

Contact RiskLogic or further information on how you can establish an effective incident management team.

References:

AFAC, (2005), “The Australasian Inter-Service Incident Management System´3^rd ed, Melbourne, Australia, Australasian Fire Authorities Council.

Abrahams, J. (2001) “Disaster management in Australia: The national emergency management system” Emergency Medicine 13, pp 165-173.

Centre for Research on the Epidemiology of Disasters (CRED), 2011, “2010 disasters in numbers”, http://www.preventionweb.net/files/17615_confpress2010.pdf

Crichton, M.T, Lauche, K., Flin, R (2005), “Incident command skills in the management of an oil industry drilling incident: A case study”, Journal of Contingencies and Crisis Management, 13(3), pp 116-128.

Hayes, P.A.J., Omodei, M.M. (2011), “Managing Emergencies: Key Competencies for Incident Management Teams”, The Australian and New Zealand Journal of Organisational Psychology, 4, pp 1-10.

McLennan, J., Holgate, A.M., Omodei, M.M., Wearing, A.J., (2006), “Decision Making Effectiveness in Wildfire Incident Management Teams” Journal of contingencies and crisis management, 14(1), pp 27-37.

Patterson, B. (2006) “Thailand’s tsunami: disaster management lessons for Australia”, The Australian Journal of Emergency Management, 21(4), pp 3-7.

Perry, R.W., (2003) “Incident Management systems in disaster management”, Disaster Prevention and Management, 12(5), pp 405-412.

Introduction:

Risk Management is a progressive and developing discipline. There are always new lessons to be learned. In this edition of ‘One-on-one with’ we speak with Ron Barnes, a 30-year Safety and Risk Management veteran. Hopefully we can learn from Ron’s experiences and gain a greater understanding of risk and the application of good risk management.

Briefly describe your current role and responsibilities.

I am the General Manager of Echelon Australia. Echelon is a specialised, international consulting firm providing services in Risk Management, OHS, health and wellbeing, workers compensation and claims management.
As General Manager I have overall responsibility for the business and take a leading role in a number of large projects. While not as ‘hands on’ as I used to be, it is still an aspect of my role. I also hold Board positions with the Statewide Mutual Board and Royal Life Saving NSW.

Describe your initial involvement in Risk Management and your progression through the ranks.

My career began after I completed a Science Degree and took a job as a Safety Officer with Eastern Nitrogen (now Incitec) in Newcastle, north of Sydney. My role focussed on managing the fire, safety and security of the chemical manufacturing plant. In 1984, I had a role with the Electrical Commission Coal Mines, which owned and operated underground coal mines in the Hunter Valley and Western Lake Macquarie. There, I provided safety assistance to the Mangers of the mines and introduced risk assessment methodologies throughout the mines.
While introducing these concepts, which are now standard practice, we initially met with significant resistance. The mentality was safety and risk management was the responsibility of the Mine Manager and since I did not have mining qualifications, I was getting in the way of people doing their job.
That led to a short stint with Alexander Stenhouse (AON), before joining Jardine Lloyd Thompson (as it is now known), of which Echelon is a 100% subsidiary. Overall I have been involved in safety and risk management since about 1980, and General Manager of Echelon since 2006.

Has the profile of Risk changed over the years?

Yes! Years ago safety was the only aspect of risk management we focussed on and risk management tended to place emphasis on insurance. When people thought or heard ‘risk management’ they immediately thought of insurance.
Risk management is now more broadly accepted and acknowledged as standard practice. The level of sophistication in the way risk is reported and managed has improved significantly. We have come a long way since the old days where safety and risk management were less of a priority. But there is still room for further improvement. There’s a tendency to focus on the negative aspects of risk (ie – the negative consequences and threats) but I believe there is a lot to be gained by highlighting and promoting the opportunities that can achieved through good risk management. A lot of organisations are now well versed at Board level and do a good job in filtering a risk management culture down through all levels of the organisation. A number of organisations we work with are now a lot savvier in the ‘consequence and control’ side of risk. Where improvements are still to be achieved is through the knowledge and understanding of the potential for ‘greater organisational resilience’ and ‘opportunity’ in good risk management.

Have Australian organisations adapted to the increased requirements for Boards and Directors to better manage risk?

There are always exceptions, but predominantly yes. Naturally with increased regulation comes a greater level of emphasis and focus. Most organisations now have processes in place to identify, assess and control risk. But like anything, some organisations do a better job than others.
In my opinion there is a typical scale that exists. At the top end, about 20 percent of organisations ‘eat and breathe’ risk. They are sophisticated and knowledgeable in their approach, resourceful and are now incredibly experienced risk practitioners. Then there are the 60 – 80 percent of organisations who ‘participate’ in risk management but rely on expertise of others, and around 10 per cent who are not familiar with the need or have not embedded risk management into the standard operations of their business.
But I believe there’s a new generation of managers with a far greater knowledge of risk management principles who are well educated and have been exposed to the concepts for many years. In some instances, risk management decision making has now been given to the ‘internal audit’ areas of organisations. This has allowed senior managers and Directors to better quantify risk and focus their practices using financial models. This can be very valuable but it can also present challenges. There is a risk that methodologies will be too financially focussed and not enough emphasis will be placed on the ‘human’ or operational aspects that are imperative to good risk management.
I have also witnessed a better ‘spread’ of risk management knowledge and information across organisations. There’s now a lot less reliance on individuals having the knowledge and experience. Retaining significant knowledge and know-how in any one individual is a risk in itself. Risk management is most effective when the knowledge and information is shared and exists as ‘standard practice’ at all levels of the organisation. A ‘good’ organisation has risk related experience and knowledge across all levels of the business.

Do some industries manage risk better than others?

Without being specific, in my experience some industries better understand their risks than others, which naturally puts them in a better position to manage them. In saying that, there is no one industry that does a better job of managing risk than others. Within any industry there are good and bad examples. In my opinion, some ‘Industry Groups’ do a great job of promoting risk management across their membership. In my experience working with Local Government, they are very proactive and have a solid grasp of risk management. Their knowledge and application is both complex and diverse.

What are the biggest ‘risks’ or ‘threats’ that Australian organisations face today?

The biggest ‘risk’ to businesses is the lack of certainty in decision making. Uncertainty is difficult to manage and in a globalised world, where decision making is often required instantly, knowing what information to listen to is crucial to any business. Outside influences place huge pressure and risk on the outcomes of those decisions. The risk is that critical decisions will be rushed or based on incorrect or un-validated information. With so much information now available to decision makers, knowing which to follow is a challenge. So, uncertainty is the big issue. An obvious example is climate change. This is a relatively new concept that is beginning to register in the thoughts of risk-based decision makers. There is a lot of information available, but deciding which information is valid and should be acted on is the challenge. Significant decisions, especially those involving long-term strategy, must accommodate the ‘uncertainty’ of the impact climate change might have on the environment and therefore ‘markets’ in the future.

What are the benefits of dedicating more time and expense to better risk management?

Dedicating more resources to risk management hopefully develops a greater understanding of your risks. Knowing your risk appetite and the environment you operate in is priceless. Knowledge allows an organisation to maximise the potential of good risk management as opposed to just focussing on the potentially negative consequences.
But there is a risk that dedicating more resources to risk management will result in an over-complication or over-engineering of risk management practices to the point where frameworks and information become complex and over-bearing. My experience is over-engineering risk management does not lead to better outcomes. Good outcomes occur through good decision making and that process occurs with high-quality information.
Organisations should focus their efforts on collecting and verifying relevant information and data. This will give greater certainty to the decision making process and allow for the objectives of an organisation to be maintained and achieved.

What makes a good risk manager? Who is your ‘champion’ of risk?

A good risk manager is someone who is not afraid to ask ‘stupid’ questions. They can challenge and won’t take offence. They have a thick skin. Someone who can be sure of the questions they’re asking and drive thought – What if? What about this? Have you thought about that?
A good risk manager is the ‘conscience’ of an organisation. They are the ones who should be prepared to question decisions. They must be prepared to work with the business but at the same time be able to step back from it and almost independently assess the decisions being made (hence the decision for a lot of risk managers to now be housed within ‘Internal Audit’).
Thirty years ago when I was involved in the chemical manufacturing industry, I had a fantastic mentor by the name of Jimmy Watson. He taught me that as a ‘risk manager’ “you can never assist the business you’re in by stepping over risk”. You have to be the one to stop and assess the situation while others around you steam roll ahead in their quest to achieve the objectives of the business.
Setting a good example is vital for a quality risk manager. It will help to embed risk management into the thinking and culture of all staff across an organisation. A good risk manager is someone who can influence, educate and effectively juggle the relationship between the objectives and consequences.
Ultimately, a risk manager should ensure organisational objectives can be achieved but also work towards embedding the principals of good risk management into standard operations and practices of an organisation and its staff.

Article appeared in the July/ August 2011 BCI Journal.

Introduction

Jodie Wentworth emphasises the importance of building ‘people-focused’ continuity plans to the overall ability of an organisation to recover from a crisis

When managing a crisis, the focus will often be placed on the reinstatement of infrastructure and the recommencement of critical processes, with the assumption that staff will automatically adapt as required. However, experience tells us that organisations must plan to build and support individual resilience. Failure to do so may result in the inability of staff to perform at such a critical time, and may also result in increased absenteeism or resignation post the crisis itself.

We are all different and react to crises in different ways. Emotional reactions to a crisis can be varied: a sense of loss, anger, frustration, isolation or empowerment and achievement. Therefore creating ‘people-focussed’ continuity plans can be challenging, as prescriptive responses won’t be adequate. Not only will plans need to be scalable to respond to the nature and extent of the crisis, they also need to consider the individual.

The emotional resilience of staff to cope with the stresses of the rapid and uncertain change that is a crisis will significantly contribute to an organisation’s ability to respond, adapt and recover from such an event.

Build familiarity

For those who have experienced disruptions or crises, the experience often provides a heightened awareness of the realities of the impacts of a crisis on the self and that of the organisation. In most cases, this learning creates an increased understanding of what they can expect of themselves and the others around them, and can therefore prompt individuals to implement their own strategies for ensuring future resilience, including the creation of personal contingency plans.

So it is important to provide opportunities for experience by including staff in events such as crisis management exercises and tests. Rehearsing the plan helps build familiarity so that when there is a crisis, an individual’s stress levels are less likely to impact their ability to respond because they won’t feel like they are responding for the very first time. By negating that ‘unknown’ factor some of the stress that is inevitable might be reduced.

Gather feedback to identify the challenges (emotional and practical) and subsequent improvements and changes required for both the organisation and individuals. Exercise debriefs can also provide an opportunity to set expectations and encourage people to take responsibility for implementing techniques and plans to build their own emotional resistance to stress.

Raising awareness and managing stress

Implement an awareness programme to ensure staff understand the organisation’s plans for managing a crisis including the constraints that the organisation might experience at the time. It is important that staff understand what to expect and understand their own responsibilities. This will enable them to better prepare – emotionally and practically.

Remember, also, to provide assurance that there is a plan in place and the organisation has thought through the process for retaining control and minimising the impacts.

It is important to educate staff on ways of managing stress in a positive way. This knowledge can be incredibly valuable in the day-to-day operations of any organisation, let alone during a crisis. Training should include information about:

• The physiological and emotional signs of stress and understanding individual responses.
• Tips for managing stress such as relaxation techniques, physical exercise, healthy eating.
• Tools for managing tasks and prioritising activities.

If you aren’t able to conduct training for all staff, then consider making this information available on the intranet, in booklets or as part of team meetings. Providing information to staff will help to identify stress in themselves and those around them, and trigger any support activities that may be required.

Create robust people policies

Consider the people-related policies and procedures that are in place – will they provide adequate guidance during a crisis?  Has the organisation considered policies for issues such as the ongoing payment of staff who have been sent home, the provision of over-time or time off in lieu arrangements for staff working abnormal work hours, as well as how the organisation will respond to death in service requirements? Consider how these policies will be perceived by staff and pre-plan the appropriate communications.

Insufficient policies (and hence responses) may have a detrimental impact on an individual’s emotional state and also in their sense of value to the organisation. Ultimately this may result in industrial relations issues, loss of key staff through resignation or absenteeism, and reduced capacity.

During the disruption

Ensure open lines of communications with staff – When the organisation is in recovery mode, it is important to provide opportunities for challenges, lessons and successes to be shared and captured along the way, rather than waiting for a post incident review. Not only will this provide an important mechanism for retaining a positive focus, but will also enable the organisation to respond to important issues in a timely way. Listening to, and acting upon, staff feedback in this way may also provide a sense of empowerment to staff, which can promote a sense of control and help to reduce stress. 

Monitor stress levels – During and after the crisis, provide guidance to staff about being alert to their emotional response and seeking assistance if required. Harness existing structures to monitor and understand how staff are coping. Social structures are vital to supporting our need to belong. By ensuring staff are part of a supportive community, they will retain a feeling of being part of the organisation and be strengthened by the support of their colleagues.

Provide staff with access to other support mechanisms if they require it. Most companies have access to organisations that provide specialist counselling as part of the overall staff support plan. However, it is important that the provision of external support does not replace internal support mechanisms – remembering that every individual is different.

Also, provide a range of options for people to discuss their issues such as: one-to-one meetings; discrete access to external resources as suggested above; or questionnaires that enable individuals to remain anonymous, but help the organisation to implement appropriate actions.

It is important not to underestimate the impact of an incident, however ‘small,’ on any one individual.

Establish routines – Work is also an important part of our daily routine and can define who we are. Take the individual away from that structure and purpose, and the sense of isolation and disconnection they can feel may be harmful, both emotionally to the individual and to how they perceive the organisation. By quickly establishing daily and weekly routines, the perceived threat of change can diminish. Routines that can be introduced include: 

• Regular planned briefings regarding recovery efforts via face-to-face, email, social media forums or teleconference.
• Re-establish operational activities as soon as is practicable. The sense of getting on with the job can provide a sense of comfort and focus to staff.
• Regularly get teams together including those staff who are not working. It will provide an opportunity for everyone to catch up, share their stories, and feel a part of the social structure that is work.
• Remember, too, the social structure that exists outside of work, particularly for those who are working longer hours. Consider introducing shift work (if practicable) so you can have more people working albeit at different times, allowing individuals to have the time to engage in the vital support that friends and family, and personal routines provide.

Value the contribution and experience of all staff – Feeling valued by the organisation can increase an individual’s sense of loyalty and can be a key motivator when performing under difficult circumstances. Regularly communicate to all staff and thank them for being involved in the recovery effort, or for being patient and understanding for those staff who are at home.

Returning to normal operations

Take the time to learn from the experience – Engage staff in the post incident review process and ensure the outcomes are communicated beyond the board or the crisis team. Learning is hugely important for individuals to be able to put their experience into perspective. Advertise improvements and changes as they are implemented so that there is a sense that the organisation, and hence the individuals, have grown from the experience.

Return to work – Emphasising the importance of having appropriate people policies in place, it is important that the organisation undertakes return to work activities, particularly as some staff may not have been at work for a considerable time.

Implement an ongoing process to monitor how people are coping. Encourage the sharing of stories and experiences so that individuals don’t feel isolated in their feelings. And keep an eye out for any longer-term stress-related problems.

Whilst some of the above ideas may seem time consuming, and to some unnecessary, the failure of an organisation to prepare and support their staff throughout a crisis will have detrimental impacts on how the organisation recovers, and how it is perceived by staff in the longer term. Taking the time to build the emotional resilience of individuals will ultimately serve to strengthen the resilience of the entire organisation.

Pull quotes

For those who have experienced disruptions or crises, the experience often provides a heightened awareness of the realities of the impacts of a crisis on the self and that of the organisation

Ultimately this may result in industrial relations issues, loss of key staff through resignation or absenteeism, and reduced capacity

Feeling valued by the organisation can increase an individual’s sense of loyalty and can be a key motivator when performing under difficult circumstances 

 Contact us to discuss how you can build emotional resilience in your workplace.

Introduction

The Australian Government has identified work health and safety as a priority area for reform. One of the key elements of the reform agenda is harmonisation – moving towards one set of work health and safety laws across Australia.

Currently all states, territories and the Commonwealth are responsible for making and enforcing their own OHS laws. Although these draw on a similar approach for regulating workplaces, there are some differences in the application and details of the law.  This issue has been addressed through an intergovernmental agreement where, for the first time, governments from each state and territory and the Commonwealth have formally committed to the harmonisation of the OHS legislation. 

After a long and extensive consultation process, the Model Work Health and Safety Act (Model Bill) was finalised in November 2010.  The Model Bill (to be endorsed by each State, Territory and Commonwealth) is intended to ensure the main principles, obligations and procedures in OHS are consistent across all jurisdictions. On January 1, 2012, the new OHS Act, Regulation and Codes of Practice will commence in each State, Territory and the Commonwealth. Although the national OHS legislation does not ‘go live’ until this date, it is important for organisations to keep track of key developments and to consider preparing for the transition to the new legislation.

Recap on key changes in the Model Work Health and Safety Act

In most cases, the model Act draws on existing state OHS requirements.  However, it also introduces some new additions or clarifications.  Some of the main changes included in the model legislation are outlined below:

Broader definition of “worker” 

• The new Act recognises the changing choice of work options and provides a broader definition of ‘worker’ and work environments.

Due diligence 

• The model Act clarifies that the officers of corporations have an obligation to exercise due diligence to ensure the company’s duty of care. 

Union rights 

• Unions will lose the power to prosecute for an OHS offence, which is currently allowed in NSW.
• Unions will have the right to enter any workplace to:
  • Investigate suspected breaches of the OHS Act or regulations.
  • Consult with and provide advice to workers on OHS issues.
  • Consult with the person in control of a workplace on OHS issues.
  • Health and safety representatives will have the power to direct work to cease where they feel the work will pose an immediate threat to any person. They can also issue provisional improvement notices. These powers would be new to New South Wales and Tasmania.

OHS consultation 

• Health and safety representatives will have the power to direct work to cease where they feel the work will pose an immediate threat to any person. They can also issue provisional improvement notices. These powers would be new to New South Wales and Tasmania.
• Clearer guidelines will be provided on employee consultation requirements. This includes the need to consult when:
  • Identifying hazards and assessing the risks of work performed.
  • Making decisions about ways to eliminate or control those risks.
  • Proposing changes that may directly affect the health and safety of workers.
  • Making decisions regarding OHS procedures.

Incident notification 

• Incident notification requirements will be uniform across all states with the employer having responsibility to notify the regulator immediately when there is a fatality, serious injury, serious illness or a dangerous incident.  

Role of inspectors and regulators 

The role of inspectors and regulators will be nationally consistent and will include: 

• Inspectors will be able to:
  • Investigate suspected breaches of OHS legislation.
  • Issue infringement notices, improvement notices and prohibition notices.
  • Provide advice and assist in the resolution of issues at workplaces.
• A regulator will be able to:
  • Seek an injunction when there is an ongoing breach of a prohibition notice
  • Compel compliance with an improvement notice after the time period has expired.
• Codes of Practice will be used to help courts decide what is reasonably practicable in certain circumstances. However, employers will also be able to demonstrate compliance through other ways than those prescribed in relevant Codes of Practice.  

Model Work Health and Safety Regulations and Codes of Practice 

Safe Work Australia has developed draft model Codes of Practice to provide further clarification on a number of priority areas within the Regulations.  A new Issues Paper provides an overview of the proposed Regulations and Codes. 

In addition, a Consultation Regulatory Impact Statement (RIS) has been released which discusses the changes involved for each state to comply with the proposed model WHS Regulations and Codes as well the potential cost impacts of these changes to business. 

Model Regulations 

The model Regulations include detailed requirements for the elimination or minimisation of risks from various hazards, and administrative matters such as licensing and registration. 

Matters covered by the regulations include:

• Representation and participation of workers (including issue resolution and union right of entry)
• General workplace management (including facilities, first aid, emergency plans)
• Hazardous work
  • Noise
  • Hazardous manual tasks
  • Confined spaces
  • Falls
  • High risk work
  • Abrasive blasting
  • Electrical work
  • Diving
• Plant and structures
• Construction work (including high risk work and principal contractor obligations)
• Hazardous chemicals (including inorganic lead and asbestos)
• Major hazard facilities
• Mines
• Registration and licensing (including plant, major hazard facilities and persons) 

Priority codes of practice 

The priority Codes of Practice are those which are considered to be the most significant, or are necessary to aid a proper understanding of specific regulations.  The priority Codes are:

• How to manage work health and safety risks
• How to consult on work health and safety
• Managing the work environment and facilities
• Managing noise and preventing hearing loss at work
• Hazardous manual tasks
• Confined spaces
• How to prevent falls at the workplace
• Labelling of workplace hazardous chemicals
• Preparation of safety data sheets for hazardous chemicals
• How to manage and control asbestos in the workplace
• How to safely remove asbestos
• Facilities for construction sites 

Penalties under the new legislation 

It is proposed that there will be four levels of penalties for breaches of the regulations, commensurate with the significance of the breach.  These levels are: 

• Offences that are ‘linked’ to the model WHS Act, specifically to either the general duties or the authorisations provisions, with penalties up to:
• $3 million for reckless endangerment by a corporation, and
• $1.5 million for breaches giving rise to a risk of death or serious injury.
• Stand-alone offences that are specified in the model WHS Regulations as shown below: 

Provision will also be made for infringement notices to be issued with penalties set at between $1,200 and $3,600 for a corporation. 

Compliance with codes of practice will not be mandatory, but they may be used in proceedings to demonstrate what was known about hazards, risks and risk controls.

Anticipated changes by state 

A survey was conducted for the Consultation Regulatory Impact Statement that identified the degree of change required within individual states to enable compliance with the model regulations.  The following table indicates key areas where “considerable change” was anticipated by states to enable compliance: 

Cost impact 

It is anticipated that there will be some initial costs for all businesses to adapt to the new regulations.  However, for companies operating in multiple states, these costs are likely to be offset or even reduced by the implementation of harmonised regulations and Codes of Practice rather than having multiple state–specific requirements.  Moreover, these benefits will be ongoing with any future changes being conducted on a single, nationally coordinated basis.  

Preparing for the transition 

In order to prepare for the transition to the new OHS legislation, employers should begin to address the following key considerations: 

• Current policies and procedures – Consider the impact the new OHS legislation may have on your current policies and procedures (e.g. consultation arrangements, election of health and safety representatives, training etc) 
• Transitional preparations – Consider the possibility of your existing projects continuing past the implementation date of January 1, 2012. The transitional arrangements (which are expected to maintain some of the current obligations for a certain period) may be relevant to you. 
• Senior managers and directors – Consider who in your organisation is an ‘officer’ (an ‘officer’ not only includes company directors, but also includes partners and the most senior operational staff, or the key persons responsible for ensuring positive health and safety practice within the organisation) 
• Monitor key developments – Keep track of what is happening in jurisdictions in which you organisation operates. Both Queensland and New South Wales have made minor amendments to the Model Bill, with other States, Territories and Commonwealth expected to follow. 

Organisations can begin the process by assessing their current OHS management system/program, evaluate the level of change required, and strategise methods of implementation. This will help to ensure a smoother integration to the new OHS legislation and minimise potential gaps in your OHS management system/program after January 1, 2012. 

Click here to view copies of the draft model regulations, codes of practice or supporting documents can be obtained from: 

For information on the Work Health and Safety Act in your state/territory, visit: 

• SafeWork Australia – Model Work Health and Safety Act revised June 23, 2011
• WorkCover NSW – Overview of the Model Work Health and Safety Act (NSW)
• SafeWork SA – Model Work Health and Safety Act introduced into parliament
• WHS QLD – Harmonisation of WHS Laws
• WorkSafe ACT – Work Health and Safety Bill 2011 tabled
• WorkSafe VIC – National Work Health and Safety reform
• WorkSafe NT – Model OHS Laws 

 For Further information about how these changes effect your organisation please contact us

In a time where society demands instant access to information, the traditional means for organisations to communicate with clients and stakeholders via email or snail mail is no longer sufficient. It’s not enough to communicate urgent information via a media release, which you hope will be picked up on radio or in print media. Gone are the days when it was acceptable for organisations to inform clients of an incident via tomorrow’s papers. Society now requires permanent, continual access to information. We need to be informed in ‘real time’. We don’t like being ‘out of the loop’. A daily flick through the Sydney Morning Herald, to read yesterday’s news is way behind the eight-ball. 

In an era where internet-ready devices appear permanently attached to ones palm, social media sites like Facebook and Twitter are now the go-to places for information and conversation. Few people, especially among generation X and Y, do not have a Facebook account. In fact, over half a billion people around the world now admit to accessing Facebook almost daily. The 150 million Twitter uses around the world are also growing at a rate of more than 370,000 per day! And the number of organisations and businesses now actively participating in social media is rapidly increasing. 

Numerous organisations around the world are now using social media sites like Facebook and Twitter for marketing and advertising purposes. Some organisations are even dedicating entire teams to it. Now it’s almost hard to NOT find and follow your favourite brand on Facebook or Twitter. In fact, my latest friend on Facebook also happens to be the same retail outlet I bought my last pair of jeans! But companies advertising on social media, or proactively participating in social media for marketing purposes is not new. What is new, however, is the apparent advantages (or disadvantages) of organisations by participating or not participating in social media. If managed properly, social media can be a very quick and effective tool for organisations to communicate very important information and messages. Instant communication to your network of stakeholders is only a Tweet away! 

Recent events from around the world have shown how sites like Facebook and Twitter are widely used in times of crisis. Think of the first thing you heard about the Christchurch earthquake or the first images of the Japanese tsunami. Chances are that information or visuals were sourced directly from Twitter users who ‘posted’ their experiences within minutes of it happening. 

Following the recent Christchurch earthquake, some Twitter users posted information about the event and pictures of the devastation within four minutes of the tremors. Eight minutes later, media outlets published their first stories. Such is the pace and accessibility to real-time information. 

So how do organisations best utilise this pace and accessibility? Many organisations around the world are using social media during crisis events to great effect. When incidents like an earthquake or tsunami occur, more often than not telecommunications and power is cut. Traditional communication via landline or email may not be possible. Most people, however, seem to retain the use of their mobile phones, and even though some networks may be down, ‘Tweeting’ your experiences or ‘updating’ your status always seems possible. 

It might be a little early to comment on how different organisations used social media during recent natural disasters, however looking a little further back, most would remember the Icelandic volcano early last year, which caused an massive ash cloud and led to the biggest European air travel disruption since World War II. 

Huge quantities of ash and rock spewed into the skies above most of Europe. It was even reported to have reached as far away as the Middle East. This forced the closure of almost all the airspace and airports across Europe. 

Two similar organisations whose customers and operations were directly affected by the crisis were airlines KLM and Air France. These organisations perfectly represent the example of how TO and how NOT TO use social media in times of crisis. 

Case A)

KLM

In the lead up to and during the European ‘Ash Cloud Crisis’, KLM worked tirelessly to ensure their social media monitoring and management activities were up to date. In fact, KLM dedicated an entire PR and communications team to work a 24/7 roster to constantly maintain their official Facebook and Twitter sites. They provided regular updates on travel activities and restrictions and spoke with concerned customers using social media. KLM actively participated in blogs created by others and didn’t delete any negative comments. They were dedicated to providing a constant stream of information.

During and following the ‘Ash Cloud Crisis’ the net effect to KLM from all this activity was obvious. Almost no negative press or damaging social media activity regarding KLM was recorded, customers were relatively happy and informed and there was little to no brand or reputational damage. KLM came out of the crisis with a glossy, professional appearance that set the organisation up to retain loyal customers and increase their market share.   

On the other hand…….. 

Case B)

Air France

Air France took a very different social media approach during the ‘Ash Cloud Crisis’. The official Facebook and Twitter accounts of Air France across Europe were barely updated during the crisis. Both platforms registered almost no activity in the six months leading up to the crisis. In fact, during the crisis the only official activity from Air France on their sites were from individuals within the organisation without direct responsibility for managing the sites who were tasked with deleting any negative comments posted by users – the biggest no-no in social media management. Today if customers cannot communicate with organisations via the phone or their website, they will typically head online and investigate social media sites like Twitter and Facebook for an update of what’s going on. If these ‘official’ sites have had no updates or communication offered to their ‘friends/followers’ people begin to feel they are not being given the information they require, especially when it comes to things like travel arrangements. In Air France’s case, no updates were posted on any of their official sites, leaving customers with no information. 

Obviously this did not bode well for Air France. Uninformed customers are not happy customers, especially during uncertain times.  Needless to say, Air France received some very negative and damaging publicity – the exact thing executives were obviously trying to avoid by not posting comments or updates on social media sites. Hundreds of social media users reported changing their flight plans with Air France, many of which moved to the very accommodating KLM! “Never flying Air France again” was not an uncommon status update following the disruption. Air France has now reported a decrease in market share and revenue following the crisis, while other similar organisations (KLM for example) have reported no significant losses or changes to revenue predictions. 

Given the amount of attention paid to social media, not just day-to-day, but during a crisis, it makes sense for organisations to actively participate. But organisations must have clear parameters and policies in place. 

Clearly there are risks that the ‘publically displayed’ information on these sites can be damaging. One well-worded negative Tweet can have huge reputational impacts. Whether it’s a negative comment posted by a disgruntled customer, or a misguided/unendorsed posting by an oblivious employee, there are reputation risks. However, it is much better to be in a position to participate and respond to negativity posted on the web, rather than have it blindly snowballing behind your back. Organisations who decide to proactively participate in the use of social media for marketing or crisis communication purposes should first ensure boundaries.

That is:

• A policy should be developed that is endorsed by the Board and educated to staff to highlight the organisation-wide ‘Do’s and Don’ts’ of social media participation.
• Involvement should be restricted to a dedicated person or team.
• Those involved should be given the appropriate training in media communications and public relations.
• Any statements, Tweets, status updates, blogs etc should be approved at the appropriate level before release.
• Organisations should respond to, and most importantly, not delete any negative comments posted by users.
• Organisations should increase/expand their participation in social media monitoring and communication during times of crisis.
• Organisations that do decide to utilise social media should do so with the same amount of precaution they would dedicate to any external communication. Consideration should be given to incorporating social media participation and communication into the organisations operational risk management activities.
• Organisations should consider social media when developing and reviewing plans for crisis communication. Business Continuity plans should provide clear instructions and strategies for the use of sites like Facebook and Twitter. Although they may not be the primary means of communication, they can be a very effective secondary source of communication to an organisations networks and stakeholders. 

Many organisations around the world have made the strategic decision to endorse social media primarily for marketing and promotional opportunities, and increasingly as an additional means to communicate to their networks. Given a recent report that suggested the current number one fear of C level executives is brand and reputational damage from negative social media publicity, it is imperative that its use is supported by a set of clear and internally promoted policies – all of which have been endorsed at Board level. 

Like any business activity, if effectively managed, social media can be a huge opportunity for any organisation. Tread carefully and the rewards can be great.

The January 2011 issue of Risk eNewsletter included an article on the key changes to the Australian Standard 3745, “Planning for Emergencies in Facilities”, and the impact this might have on your organisation. Greater emphasis is placed on emergency management training as a result of these changes. During an emergency, the smooth operation of the emergency guidelines outlined in AS 3745-2010 is only achieved if all wardens and other occupants know what is expected of them. Therefore it is necessary to educate, train and develop periodic exercises to test the organisation on the procedures and evaluate staff responses. 

The new standard details the training requirements for all persons involved in the emergency management program, as well as facility occupants. According to the new Standard, training is required: 

• For at least one member of the Emergency Planning Committee (EPC), to enable the EPC to competently execute their obligations
• For the Emergency Control Organisation (ECO)
• For facility occupants 

Emergency planning committee (EPC) 

The EPC usually consists of members from the OHS Committee, which are responsible for overseeing on an on-going basis: 

• The effectiveness and accuracy of the Emergency Management Plan
• The procedures and relevant emergency documentation
• The appointment of any available personnel to coordinate an emergency response in the first instance
• Staff training in emergency preparedness 

Members of the EPC are required to undergo training to ensure they can competently execute their obligations. Specialised EPC training includes the following: 

• Developing, managing and maintaining an emergency plan
• The duties of the EPC and ECO
• The duties of the Emergency Response Team (if applicable)
• The conduct of site-specific emergency identification and analysis
• Establishing and managing an ECO
• The management of appropriate documentation
• The management and development of assessment activities
• The development and implementation of training activities including emergency exercise management
• Emergency mitigation, emergency preparedness and emergency prevention
• The installed fire safety systems (e.g. sprinkler systems, fire doors, emergency communications)
• Liaison with Emergency Services 

Emergency control organisation (ECO) 

The ECO must give top priority to the safety of all occupants and visitors of the facility during an emergency. ECO members require specialised training to develop the skills and knowledge necessary to undertake the duties set out in the emergency response procedures.

This training addresses the: 

• Duties of the ECO
• Procedures for the specific emergencies
• Responding to alarms and reports of emergencies
• Reporting emergencies and initiating the installed emergency warning equipment
• Communication during emergencies
• Pre-emergency, emergency and post-emergency activities
• Occupants and visitors with disabilities
• Human behaviour during emergencies
• The use of installed emergency response equipment (e.g. WIP phones)
• The performance of the building and its installations during a fire or other emergency (e.g. fire doors, emergency lights)
• Chief wardens, deputy chief wardens & communications officers 

In addition to the general training for all ECO members, those appointed Chief Warden, Deputy Chief Warden and Communications Officer must undergo additional training due to the inherent nature and responsibilities of these roles. This training focuses on: 

• Their roles and responsibilities
• Duties of the EPC
• Decision-making, command and control
• Record keeping
• Actions for the specific emergencies
• Coordination of communication(s) during emergencies, including use of any installed specialised communications equipment
• Liaison with Emergency Services
• Coordination of evacuation activities
• Implementation of post-emergency activities 

First-attack firefighting 

First-attack Firefighting is designed to train personnel to control small, uncomplicated fires using a fire extinguisher, hose-reel or a fire blanket. Where first-attack firefighting by specific occupants is included in the emergency procedures, these occupants shall be trained to enable them to competently execute their duties.

The training for first-attack firefighting shall address the following: 

• The duties of the ECO, and ERT, where it exists
• Preparing for site-specific fires
• Reporting fires
• Evacuating from endangered areas
• Identifying, reporting and correcting unsafe conditions
• Responding to fire emergencies
• Identifying the classes of fire
• Selecting the correct first-attack equipment
• Safe operating procedures for first-attack equipment
• Determining if it is safe and appropriate to use first-attack equipment
• Procedures to be followed after first-attack equipment has been used
• Post evacuation activities 

Skill retention training should be conducted no more than 6 months apart to ensure the ECO can competently execute their duties. While the concept and frequency is not new, the training content and adequacy requirements are greatly expanded. In addition to the delivery of training for the ECO, it is important to incorporate exercises and assessments to allow participants to apply their knowledge and skills in practice. 

Emergency response exercises 

Section 7 of AS 3745-2010 expands on Clause 3.5 of AS 3745-2002, including new wording that permits exercises to be conducted that are relevant to emergencies on the site. The clause also details the roles of observers and the need to keep a record the actions taken.

The concept of an emergency happening during an emergency response exercise is mentioned within the revised standard. The tragic situation where a real emergency is not treated properly when it occurs during an exercise can be avoided by using a code word. The standard suggests ‘No duff’ as the code word. 

Occupants and visitors 

All occupants working at a facility must be trained to ensure they act in accordance with the emergency response procedures, including: 

• Occupant responsibilities within the facility emergency response procedures.
• The types of emergencies contained in the emergency plan.
• How to report emergencies including activation of alarm systems, if installed.
• Recognising and reporting unsafe conditions, and correcting unsafe conditions when appropriate.
• The authorities, roles, responsibilities and identification of ECO members.
• Reacting safely to emergencies and alarms.
• Evacuation procedures.
• The location of internal and external staging and assembly areas, as contained in the emergency plan.
• The location of egress routes.
• Post-emergency protocols.
• Procedures for specific emergencies. 

Visitors at the facility should be provided with appropriate information on the emergency response procedures, as determined by the EPC. 

What does this mean for organisations?

These changes mean that to comply with the latest best practice guidelines, building owners / managers /employers will need to: 

• Establish the EPC & ECO
• Develop an Emergency Response Plan (ERP), or update their ERP with all the new requirements
• Train the EPC and have them agree to details recommended for the Emergency Plan such as schedules of training, emergency response procedures, scope and validity period of the document, recruitment and maintenance of the ECO
• Ensure the ECO training content is aligned with the requirement of the new standard.
• Ensure the program of emergency response exercises is appropriate.

Once enacted, building owners, managers, employers, employees and visitors will have a better understanding of what to do if an emergency situation occurs.

In today’s globalised world, the supply chain of national and international companies is more complex than ever. Ultimately the goal of an efficient supply chain network is to reduce inventory and receive the best inputs at the lowest costs. While companies have a wide selection of suppliers from all over the world to choose from, organisations have never been more dependent on products, information and finances provided from external parties. This dependency exposes the company’s bottom line to an extra layer of risk. 

The financial impact of the global financial crisis and the multitude of recent natural disasters highlight just how unpredictable the availability of supplies can be. Experts in the field of Risk Management will have heard of the so called ‘Black Swan’ * events which are rare but can have a devastating impact on your business. 

Few would have predicted that a major earthquake and a tsunami would hit Japan within a few hours in March this year – a prevalent example of a ‘Black Swan’ event. Japan’s 8.9 magnitude quake and tsunami caused widespread damage and closed down key ports across the country. While some airports shut in the immediate aftermath have reopened, transport and manufacturing infrastructure has been significantly damaged, affecting the production and distribution of many of the world’s products. Supply chain issues continue to worsen as companies are forced to reduce operations within, and outside of, Japan, with factories and manufacturing plants either closed for business or operating at significantly reduced capacity. As reported in the media, the impacts on production and distribution outlets outside of Japan, for companies such as Fuji, Honda and Toyota have been significant. With electronic goods and motor vehicle production outputs reduced by up to 60% from Japan, distributors around the world are experiencing major shortages of supplies and products as a result. This has a major flow on effect to the viability of distribution outlets around the world, with organisations experiencing loss of customers, loss of market share and significant financial and reputational challenges. 

Planning for supply chain disruptions 

Generally, a supply chain is a network of organisations, people, technology, information and resources that contribute to the creation of a particular product or service from a supplier to a customer.  If this network is disrupted, a company can face a variety of strategic, reputational and operational impacts, which threaten the long-term viability of the organisation. This is where Risk Management and particularly Business Continuity Management are crucial. 

Supply Chain Risk Management involves, according to David Honour, editor of Continuity Central, ‘mapping the entire supply chain and its dependencies, identifying, assessing and understanding the various threats and risks, identifying single points of failure’ and subsequently, developing and implementing strategies to mitigate these issues. The aim is to limit the impact to a business if a disruption to the supply chain occurs. It is a continual process where awareness and oversight controls, including the incorporation of Risk Management standards in the supplier contract, are of fundamental importance. 

Accordingly, when drafting supply chain business continuity strategies, considering all internal and external links in the supply chain is of fundamental importance. As is assessing those products (and hence supplies) that are critical to retaining market share as well as revenue. Understanding both supply vulnerabilities and production priorities will enable the development of appropriate continuity strategies. Planning for continuity ultimately involves working collaboratively with suppliers and other key business partners. Below are just a few considerations when developing supply chain business continuity strategies; 

1. Diversification of transportation systems. Businesses should consider the utilisation of multiple carriers and forms of supply and distribution. Transport infrastructure is often the first to be impacted in a major disruption.
2. Development of reciprocal agreements for storage space. Warehousing of inventory can be a logistical nightmare for organisations when facilities are inaccessible. Shared agreements, established prior to a disruption, with suppliers, transport providers, customers or competitors can assist.
3. Relocation of production. Organisations with multiple facilities may be able to relocate production to other sites to ensure continued supply. However, capacity levels must be carefully considered and other product lines may need to be scaled down to accommodate the increase at the alternate facility. Additional production costs, transport costs and lead times will also need to be considered.
4. Sourcing alternate or substitute products or components. This is not always feasible if specialised components are required or limited suppliers exist, but in many cases a review of critical products/components and alternative supplier options will make a significant difference in your ability to continue production should your main source of supply be unavailable. Lead times are often critical, so establishing pre-existing relationships are recommended prior to a disruption.
5. Building redundancy for your ERP/inventory management systems. Ensuring access to critical software tools is essential no matter how small or large the disruption. Availability of redundant IT infrastructure, on and offsite data backup and access to databases within business critical timeframes is essential. When the appropriate level of IT redundancy is not available, organisations must consider alternative or manual process workarounds to ensure business continues.
6. Interruption Insurance. Ensuring the organisation is covered for loss of revenue in the event of a disruption provides a high level of comfort to internal stakeholders. Whilst this does not directly manage the other damaging consequences of a disruption, it does enable an organisation to focus on the strategic response to the disruption without significant short term financial concerns.
7. Staff management and succession plans. Despite the use of technology, businesses heavily rely on suitably qualified staff to manage all aspects of operations. A significantly traumatic event or disruption can render critical staff unavailable for long periods of time. Ensuring critical roles have been identified and suitable back-up personnel or resources are available is imperative to ensure continued operations. This could include multi-skilling existing staff, use of offsite resources in another location and outsourcing roles, to name a few. On the other hand, not all roles may be critical in the first few days of a significant disruption. It is just as important to know who to send home and who to keep on.
8. Review of supplier business continuity preparations. Asking to review or receive evidence of a supplier’s business continuity plan will provide a higher degree of confidence that supply will or won’t continue in a disruption. Often as not this will also act as a strong motivator for suppliers to further enhance their preparations. Many large organisations are now insisting on a minimum level of business continuity planning before they will enter into a commercial relationship with potential suppliers. 

On the whole, business continuity requires planning for alternatives in every aspect of the supply chain including backups for key staff, IT disaster recovery and critical suppliers. Business continuity demands innovative problem solving and a thorough analysis of all the components of a supply chain. A silo approach should be avoided at all cost. 

When a disruption occurs an effective Business Continuity Plan will protect an organisation and its stakeholders, minimising downtime and preventing significant reputational, operational, legal and financial costs. While the plan should cover a wide range of contingencies, the problem lies in unforeseen disruptions – plans are often based on past experiences. Few predicted the ‘Black Swan’ events of the terrorist attacks in 2001 and the 2004 Boxing Day Tsunami. Therefore, it is important to collaborate with industry experts, internal stakeholders and supply partners to share knowledge and experiences so you can create a robust Supply Chain Business Continuity Program. 

How resilient is your Supply Chain? Inevitably, the risk grows as our world constantly changes and becomes more complex. While businesses become more interconnected the risk of supply chain failure rises. ‘Black Swans’ occur more frequent than we think. Therefore, an active and successful Supply Chain Risk Management and Business Continuity program is no longer a nice to have, but a commercial necessity. 

*The ‘Black Swan’ Theory was developed by Nassin Nicholas Taleb and refers to unexpected events of large magnitude and consequence 

The ancient Mayan calendar has been incorrectly interpreted as foreshadowing the end of the world sometime next year. Hollywood has capitalised on this theory but it has largely been dismissed. 

But before it’s dismissed entirely, there is a small element of truth to the theory.  The earth could be hit with a catastrophic event sometime in the future and the culprit is our sun and its solar flares. 

Solar flares occur when a burst of magnetic energy is released from the surface of the sun.  Coronal mass ejections or CME’s, on the other hand, are large-scale eruptions of plasma and magnetic energy from the sun. 

The occurrence and behaviour of CME’s is less understood than solar flares. For a CME to have the greatest affect on Earth, it has to occur near the centre of the sun on a trajectory towards Earth, be fast and massive with a large amount of kinetic energy and have a strong magnetic field whose polarity is opposite to that of Earth’s. That’s a lot of factors. 

Solar flares, CME’s and plasma might sound like something from a science fiction film but these galactic events can have a major impact on the Earth’s weather and directly affect technology, such as the internet and mobile phones, which every business relies on. 

Both solar flares and CME’s fall into the category of “space weather”. The Earth’s proximity to the sun means its space weather is dominated by the sun. 

Like the Earth, the sun’s currents crisscross its surface, only rather than consisting of water of different temperatures, these currents consist of varying magnetic energy caused by superheated and super charged gases. 

Over the course of 40 to 50 years these currents have accelerated and magnetic activity is predicted to increase. 

The largest solar flares/CME’s from our sun are estimated to have the energy of 100 million atomic blasts but, given our distance from the sun and the natural dispersal outwards of energy, life on earth is quite safe. At least for the next few billion years or so. 

Additionally, scientists tell us that there is no evidence that any of the mass extinction events that have occurred on Earth were due to solar activity.  

While we might be safe, millions of atomic blasts going off at the same time and then heading our way can still cause us some problems mainly through magnetic storms.  

Magnetic storms affect the Earth in a number of ways. The most spectacular is when the magnetic energy form the sun collides with our defence shield, Earths’ own magnetosphere.  This causes intense activity, especially in our polar regions and creates the Aurora Borealis and Aurora Australis, otherwise known as the Northern and Southern Lights respectively.  During the Carrington Event – the largest CME event ever recorded, named after the witnessing astronomer – the auroras where seen all the way to the tropics.  

Abnormal electrical currents, caused by the activity of the magnetic fields, can also affect the Earth. The Carrington Event caused numerous nonsensical messages arrived at telegraph stations around the globe. It was also reported that not only were some wireless operators able to operate their equipment with out having to generate their own power, some were even electrocuted by the strength of the magnetically induced currents. 

How badly can these magnetic storms impact your business? The answer to this depends on a number of things.  

Firstly, there is no model available to predict the volume of solar flares and CME’s with any accuracy other than to say there are going to be more of them with greater energy in the next two to three years than there has been in recent history.  

With that in mind, it’s important to understand what the effects are. Magnetic storms can cause a spike in radio noise (or activity), which can interrupt communication on those wavelengths. 

This can result in a complete radio blackout of various wavelengths.  In 2005, numerous flights had to be diverted from polar flight paths due to the interference caused by a solar flare, which resulted in increased fuel consumption and delayed arrivals. 

As briefly mentioned above, the other significant effect is the production of magnetically induced electrical currents. The first to feel these effects are satellites in space, which can have their functionality disrupted. 

It’s hard to define how much functionality would be lost and the duration of this loss but common consensus suggests there would be substantial functionality loss (if not total) across the majority of exposed satellites. This could last for the duration of the event and would interrupt services such as mobile phones, GPS, television etc.  

Two telecommunication satellites were affected by a solar storm in 1994.  One recovered in a matter of hours while the other took over six months and more than $50 million to be rehabilitated.  In 2003, a GPS system used by the US’ Federal Aviation Authority was disabled for 30 hours, resulting in a major disruption to air traffic. 

Closer to home, magnetically induced currents are going to affect all our electronics at home or in the office, unless they are fully switched off (and not just in hibernation mode).  This means your computer, your mobile, your landline, your TV, your fridge etc could all be disabled temporarily or even permanently.  

On a slightly larger scale, the power grids that criss-cross the globe are highly susceptible to these currents. The longer the power line – the greater the risk.  These power lines are likely to conduct the magnetically induced current to their transformers where the current can melt a crucial component made of copper, bringing the grid down and causing wide spread blackouts.  

This occurred in Quebec’s hydro-electric grid in 1989 where it shut down completely in a matter of minutes of the event occurring and took 9 hours to be brought back on line.  Obviously there are severe implications if the power grid was to shut down completely, not just in terms of business functionality, but from a society point of view. Without power; petrol pumps can’t function, trains can’t run and traffic lights won’t work.  

Imagine potentially dealing with a scenario with no landlines or mobile phones working!  If you track the power supply far enough down the line you can get to a point where your toilet won’t work due to a loss of pressure as the pumping stations lose power at one end and water is incrementally used at the other end. 

The worst case scenario is the impact of a large solar flare/CME could disable our electrical systems and their power supply with obviously severe implications.  So what can we do? 

The first thing to do is to monitor this website, http://www.swpc.noaa.gov/.  This is the website of the US National Weather Service’s Space Weather Prediction Centre.  This website continually feeds information from satellites monitoring the sun and is likely to be the source of the earliest warning available.  It is already used by many airlines to divert their airplanes away from affected areas should a solar flare occur. 

Once you have advance warning, the most current advice for those of us in the “impact zone” is to initiate a pre-emptive and preventative electrical shutdown.  By ensuring servers, computers and phones are powered down during the event it protects them so that they can be used as soon as the power supply is restored.  This might seem a little over the top but a five hour shut down compared to the total loss of your computers and servers, along with all your data back-ups appears to be a price most would pay.  

However, even if we do a pre-emptive shutdown and protect our systems, you can still be affected by those devices that were unable to achieve either a full or even partial shutdown.  This might result in your supply chain, income stream or our delivery mechanisms being disrupted among many other possibilities with obvious threats to the sustainability of your business. 

We need to minimise the impact on your business for the potential outcomes of a large solar flare/CME event ranging from the short term effects of a widespread planned shutdown to the longer term effects from an incomplete or ineffective shut down.  To minimise these impacts, you should consider business continuity strategies.  

This should involve the development of a Business Impact Analysis (BIA). A BIA looks at all the critical elements that make up a business and looks at the dependencies those criticalities have.  Once this has been done, a Threat Assessment is conducted against these critical functions to see how susceptible to disruption or failure they are and what the effect of their collapse would be on the business.  

Once our critical business elements have been identified and analysed, the next step is to develop contingency plans to enhance the recovery of the functionalities should they fail.  

These may include alternate processes or workarounds to lessen the dependency on IT and communications infrastructure should they fail, and alternative communication strategies to ensure appropriate management of stakeholder expectations. Suffice to say, this will be no easy task given today’s reliance on technology. 

There are two time frames that should be considered when developing contingency plans.  

The first time frame is the Recovery Time Objective (RTO).  An RTO is a measure of time for how long you would take to recover that particular functionality in ideal circumstances and this is the time frame that should be aimed at when developing contingency plans.  

The second time frame is the Maximum Tolerable Outage (MTO). An MTO is the maximum time your business can survive with the loss of functionality without severe consequences and is the measure of when that functionality has to be back on-line.  While all this may seem like an onerous task, you can imagine how successful trying to develop contingency plans could be after the power has been cut off when the computers and server don’t work and your mobile phone is for decorative purposes only. 

At some time in the future a powerful solar flare/CME event is likely to happen, which could envelope the earth in a powerful magnetic storm.  This storm would have a considerable effect on our electrical systems and transmission technologies, only we don’t know where, or even when, this will happen.  

The best case scenario is we will have 18 hours warning, at worst we will have virtually none.  To minimise the effects of a solar flare/CME event on your business, it’s important to prepare for a temporary shut down while the magnetic storm occurs and develop contingency plans for the damage it might cause to your business.

The increase in 24 hour operations and longer work shifts has highlighted the need for effective fatigue management strategies.   Research has shown that fatigue can have significant impacts on a business including:

• Reduced productivity (through impaired performance, errors, etc.)
• Increased accidents (15–20% of accidents in transport operations are related to fatigue, surpassing that of alcohol or drug-related incidents)
• Increased personnel costs (e.g. lost time, absenteeism)

In addition, fatigue has significant personal costs to employees including contributing to health problems such as gastrointestinal and cardiovascular disorders as well as the disruption of family and social life.

The importance of fatigue management is reflected in the increasing number of legislated requirements and industry guidelines that have appeared both locally and internationally.  Within Australia, regulations governing work and break schedules have been in place for many years within the trucking industry.  Similar regulations or guidelines exist for other industries including rail, oil and gas and mining. 

What is Fatigue?

Fatigue is an acute or ongoing state of tiredness that affects employee performance, safety and health.  Fatigue is cumulative -it builds up, leading to a progressive loss of alertness that ultimately causes the person to fall asleep.

The effects of fatigue include: 

• Loss of alertness – Loss of alertness is an early sign of fatigue and may include minor memory lapses or difficulty in operating equipment safety.
• Poor judgment – Fatigue affects the ability to think clearly and to make safety-related decisions.  The problem is compounded by the fact that someone who is very fatigued may underestimate how fatigued they are.
• Mood change – Fatigued can cause irritability, agitation and the tendency to overreact to issues that arise.
• Drowsiness – When drowsy, a person may experience “microsleeps’ of   3 to 5 seconds.  This can be critical if operating heavy machinery or travelling at high speeds. Eventually, this drowsiness can lead to the person falling asleep.

Causes of Fatigue

There are several factors that contribute to fatigue.  These include:

Disruption of circadian rhythms

The body has natural or “circadian” rhythms that are repeated approximately every 24 hours.  These rhythms regulate sleeping patterns, body temperature, hormone levels, digestion and many other functions.  When these rhythms become “out of synch’ due to factors such as different sleeping or eating times or even changes in the exposure to light, fatigue can result.  A common example of this is jet lag.

Sleep factors

The amount and quality of sleep is critical to preventing fatigue.   People who do not have enough sleep will incur a ‘sleep debt”.  This sleep debt is cumulative and will continue to build up if there is insufficient sleep.

The quality of the sleep is also important. Poor sleep quality is a common problem for those on shiftwork since it is often difficult to attain restful sleep during the day when it is light outside or if there is considerable noise. 

Health factors

Many health factors and lifestyle choices contribute to fatigue.  For instance, individuals with sleep apenoa (a breathing obstruction during sleep that causes oxygen starvation) do not get enough sleep because they wake frequently during the night.  Other health conditions such as diabetes and obesity can also contribute to fatigue as can alcohol, a poor diet, poor physical fitness and the side effects of some medications.

Work factors

Work factors can be a major contributor to fatigue.  Two common examples are long or excessive hours and inflexible deadlines.

Developing a Fatigue Management Program

When developing a fatigue management program, a risk management approach should be taken that involves the following key steps:

• Identifying the hazard
• Assessing the risk
• Controlling the risks
• Monitoring the effectiveness of the program

 The application of this approach to fatigue management is shown below: 

Controlling fatigue

Controlling fatigue in the workplace ideally involves a number of different approaches that provide several protective ”barriers”.  This includes:

1.    Ensure adequate staffing levels

As a first step, it is important to ensure that adequate staffing levels have been set in order to enable control over other factors such shift length, amount of overtime and the average time off duty.

2. Shift scheduling

In addition to mandatory limits that may exist for shift lengths and rest periods, optimal shift schedules require consideration of issues such as shift structure (eg. permanent or rotating shifts), shift patterns (eg. fast versus slow rotation of shifts) and rest breaks during and between shifts.  Shift schedules should also account for factors such as the employee’s commuting time to and from work, employees swapping shifts or overtime assignments.  This is best addressed by using fatigue risk models to assess actual (rather than planned) work-rest patterns and to place limits on the number of consecutive working hours or the number of days worked in a row.

3. Employee fatigue training & sleep disorder management

It is also important to educate employees on the causes of fatigue and the ways that they can manage their personal fatigue risk.  This includes coping with shiftwork lifestyle issues and understanding health conditions that may affect the quality of sleep.

4. Workplace environment design

Changes in the workplace can also assist in overcoming reduced alertness caused by out of synch circadian rhythms or inadequate sleep.   Changes in environmental factors such as the lighting intensity, sound levels, temperature and humidity can be helpful in this regard.

5. Alertness monitoring & fitness for duty

A final line of defence is to put measures in place that identify employees who are not suitable for work.  Technologies such as alertness monitors and fitness for duty tests are options that can be considered for this purpose.

By taking a systematic approach to fatigue management, companies can minimise fatigue-related incidents while improving employee well being and ensuring compliance with OHS regulations and best practices.

As of 1 December 2010, the department of Health and Ageing has officially moved its Pandemic Phase from PROTECT to ALERT, signifying the end of the swine flu pandemic in Australia. This development followed the World Health Organisation’s announcement in August 2010 that the H1N1 influenza virus is now in the post-pandemic stage with localised outbreaks of various magnitude likely to continue throughout the world. At the time, the Australian government considered it appropriate to remain in the Protect period, which proved to be reasonable, as the country went on to experience one of its highest peaks of confirmed swine flu cases in the second half of 2010.

As part of Australia’s response to alleviate H1N1 and curb a pandemic outbreak, the government rolled out a free vaccine program in 2009. While the free vaccine is no longer available since 31 December 2010, the virus H1N1 has now been incorporated into the seasonal influenza vaccine for 2011. While the future impact of the virus is impossible to predict, it is expected that H1N1 will continue to circulate as a seasonal influenza strain for years to come. This means that more people will develop immunity to the virus. Nevertheless, actions to generally reduce the risks of influenza infections including hygiene practices and vaccines, should be reinforced and applied throughout work places and at home in order to prevent or at least mitigate the impacts of another influenza pandemic. It is important that businesses continue to prepare and maintain a sound and well-tested Pandemic Management Plan. This plan will provide the organisation with a roadmap of the appropriate response efforts to support employees and minimise operational disruption to the business.