Tag homeland security

The Force Awakens – A Potential Soft Target?

Tim Riecker, The Contrarian Emergency Manager 5 Comments

“There has been an awakening.  Have you felt it?”  This line from the first trailer of the new Star Wars movie is chilling.  Many of my readers are aware that I am a HUGE Star Wars fan.  As you would expect, I am incredibly excited about the release of Star Wars: The Force Awakens next week.

download

Image courtesy of Disney and Lucasfilm Ltd.

With the recent terror attacks and shootings, though, safety at the theater has certainly been on my mind.  We need to work together as a whole community – theater goers, theater owners/managers and staff, law enforcement, and municipalities.

When I first starting thinking about writing a post on this, I quickly realized that I needed some input from an expert in security.  I reached out to a colleague that not only has the qualifications, but is also a fellow blogger and consultant: Ralph Fisk.  You can find Ralph’s blog here: https://fiskconsultants.wordpress.com/.  He has some great insights on security and risk assessment matters – I strongly suggest you check out his blog, follow, participate, etc.  Ralph agreed to collaborate on a piece related to this global event.  He is also posting this same article on this blog.  Enjoy – and May the Force be With You!

– TR

~

(This article, cross-posted and co-authored by Ralph Fisk and Tim Riecker, draws collectively on our experiences and expertise to provide guidance to municipalities, theaters, and movie goers on awareness, preparedness, and response concerns as we look toward this global event.)

The rapidly approaching release of Star Wars: The Force Awakens stands to be the largest premiere in theater history.  It has already broken a multitude of pre-sale records, with more records certainly to be broken on opening day and opening weekend, both domestically and internationally.  Even if you aren’t a Star Wars fan, you must certainly be at least aware of a new movie being released.  But what does this have to do with emergency management and homeland security?

On July 20, 2012 James Eagan Holmes killed 12 and injured 70 others when opening fire on patrons in an Aurora, CO theater.  This mass murder took place at the midnight premiere of the Batman film The Dark Knight Rises. The recent terrorist attacks in Paris involved a music venue, in which nearly 100 people were killed.  Gathering places like movie theaters are just one more item on the list of potential soft targets for people wishing to do harm, be they terrorists, disgruntled, or disturbed.

IMDB provides a listing of international release dates for The Force Awakens here.  We caution that this list isn’t entirely accurate.  For example, while December 18th is the official release date of The Force Awakens in the US, thousands will be seeing the movie at a select list of theaters participating in a 7pm special premiere time on the 17th.  While you should certainly be aware of the date and time of this premiere at your local theaters, it should be emphasized that theaters will be packed with fans for some time.

While there are no credible threats involving this premiere that we are aware of, municipalities, theaters, and movie goers all need to be aware of the potential for an attack and what each can do.  Surprisingly, despite high visibility active shooter and terrorist events of the past few years, most municipalities still do not have appropriate preparedness measures in order.  While there isn’t time to assemble a solid response plan prior to the premiere of The Force Awakens, there is still plenty of time for beneficial, albeit ad-hoc preparedness efforts.

Our thoughts are below…

With the release of the much anticipated next chapter of the Star Wars Saga, The Force Awakens; theaters and local first responders need to have a heightened level of awareness. There are a number of potential threat indicators associated with this release:

1)            Of course the current terrorism threat situation is first and foremost in our minds

2)            The history of an Active Shooter Attacks on movie theaters goes back to 1989 during the screening of Harlem Nights in Chicago, Sacramento, and Richmond California; on 20 July 2012 during the midnight release, in Aurora, Colorado, of the much anticipated film – Batman: The Dark Knight Rises; another Active Shooter Incident that involved another movie theater in Lafayette, Louisiana on 23 July 2015 during the screening of Train Wreak.

3)            But also other considerations should be given to just the more than “normal” volume of theater goers, and which possible incidents could result from that.

Theaters are known to be soft targets and as such we need to be aware of the threat and how to address it.

We are going to cover the first two indicators listed above as they are not only the largest possible casualty producers, but also pose the greatest immediate impact.

Below are some suggestions and considerations for an ad hoc plan not just for the venues featuring these events; but also for those that maybe in attendance.

Introduction:

Most Active Shooter Incidents, an estimated 90%, are single actor attacks, meaning unless that person has been overt in their planning, little is known about the possibility of an Active Shooter Attack;

Unlike Terrorist Cells; which typically contain up to 4 – 6 members, not just for ease of control and planning, but also for the strict adherence to Operational Security, on the part of the Terrorists.

The difference between the two attacks may appear to be subtle to the uninitiated;

The main goal of an Active Shooter incident is to cause as much destruction as possible in a very short time span; Active Shooter incidents are different from other weapons related crimes in that they intend to commit mass murder.

Terrorist Attacks however have a very distant signature. They are commented for a number of political or ideological reasons; and may result in mass murder or hostage taking. Terrorist attacks may seem very methodical in nature of the execution.

Terrorism:

Terrorism is all around us, whether we chose to look for it or not. Terrorist Groups tend to fall into one of six different categories;

  • Nationalist/Separatist – Sometimes referred to as Freedom Fighters
  • Religious – and we are not just talking about Radical Islamic terrorists here
  • Political – which include; right and left-wing
  • Anarchist – Freedom without the burden of a Central Government
  • ECO/Animal Rights – Motivated by Environmental/Animal Political Policies
  • Single Issue Causes – involves the use of force and violence for the purpose of coercing a government and/or population to modify its behavior with respect to a specific area of concern. Typically, these types of organizations do not have an overall political agenda

Which any number of these groups with related or different causes are already operating in the heart of the Country. Terrorist Attacks could have one or more of these four main objectives;

  • Recognition of the groups’ cause or purpose
  • Coercion toward the populace and/or government to the groups’ ideology
  • Intimidation to cause fear or terror; to cause the populace to lose faith in their governments’ ability to protect them
  • Provocation: attacks are aimed to cause the ruling government to take repressive actions against the population; demonstrate the weakness of the government and the strength of the terror organization

It would be almost impossible to go into the ideology of every single group. Suffice it to say, that they all mean to get their points across, sometimes with protesting, sometimes with criminal destruction of property, and yes, sometimes they will introduce violence.

Violence could be in almost any form imaginable. The most used form of violence directed towards a population tends to lean toward Armed Attacks and/or Bombings (Including suicide bombings); because for the most part these are relatively inexpensive approaches, the logistics to effect these types of attacks are relatively easy to obtain and these tend to produce the most casualties and incite the most fear in the general population. Between 1998 and 2007 out of the estimated 28000 terrorist attacks around the world, almost 21000 involved one of these two types of tactics.

Other terror techniques also used could include; Assassination, Arson, Hijacking, Hostage Taking, Kidnapping, Sabotage, Seizure, Sniper Attacks/Mass Shootings, Threats or Hoaxes, Cyber Terrorism, Agricultural Terrorism, Civil Disturbances and Weapons of Mass Destruction (WMD). WMD is the use of any weapon or device that is intended or has the capability to cause death or serious bodily injury to a significant number of people through the release; dissemination; or impact of one of the following means; Toxic or poisonous chemicals or their precursors; diseases, biological organisms; radiation or radioactivity.

Combined attacks of different types have also been used in the recent past. The attacks on the United States on 11 September 2001 included the use of Airplanes as Weapons of Mass Destruction; the Terrorists Hijacked the planes through the use of an armed attack, albeit the arms were box-cutters, and crashed the planes into buildings causing the planes themselves to be used as WMD’s

Terrorists seek to create public fear and anxiety in order to influence government policy. Through the randomness and unpredictability of their acts, terrorists attempt to undermine confidence in government’s ability to protect the public. Terrorists hope the resulting insecurity fuels public demands for government concessions in order to stop the terrorist acts.

Today, as has been evident with recent terror attacks and attempted attacks, terrorist target selection wants to affect the maximum number of innocent people, in order to generate the fear, they desire. As the government has mobilized to protect our infrastructure from attack, our less protected target; schools, universities, shopping malls, et al., become more attractive targets.

As other sites and venues are “hardened” for security, these measures cannot be implemented across all avenues of society. One, it would infringe on our basic constitutional rights, two, the potential cost associated with “hardening” every facility would surely bankrupt the organization or governmental body imposing such restrictions, and three, we would become a “jailed” society.

Planning for terror incidents doesn’t require you have access to CIA, FBI or other intelligence organizational files, it, for the most part, only requires Common Sense, Situational Awareness of your surroundings, and a Communications Plan.

Some things to take into consideration when you’re making your plans to be in these potential soft target environments:

  • Remain Alert
  • Develop an informed vigilance; meaning, know what possible terror threats could be in your area or the area you’re going to
  • Let someone, not going with you, know your plans; where you’re going; when you expect to return
  • Attempt to blend in with your surroundings, Don’t try to stand out
  • Know your surroundings; Know how to exit the area you will be in; what is the shortest way out; have an alternate plan should that not be a viable opinion should there be an issue
  • Communicate that information to your family and others with you
  • Identify a meeting place if you become separated

Report any suspicious activity. Again remember to use your common sense; examples of suspicious actions could include:

  • People loitering in the same general area without a recognizable legitimate reason; people who appear preoccupied with a specific building or area; electronic audio and video devices in unusual places
  • Just because someone seems to belong there, they might not be whom they seem especially if they are exhibiting any of the actions stated above
  • DO NOT TRY TO DEAL WITH ANY INDIVIDUAL YOURSELF contact the venue security or Law Enforcement Personnel
  • Look for things out-of-place; bags left unattended; packages; persons attempting to conceal items either on their person or receptacles

In threatening situations, take steps to reduce your exposure – leave the immediate area

If an incident does occur; follow the instructions of venue staff, emergency personnel and first responders.  If you are close to the incident walk away with your hands visible.  Walk, do not run as secondary injuries can occur to you or others; move toward the walls as people evacuating a building tend to gravitate in the center

Active Shooter:

Although mass killings have been around for some time, Active Shooter incidents have only relatively recently come into the main stream. I’m not going to mention them as most of you reading this post know the infamous locations of these horrific incidents.

 The National Tactical Officers Association defines an Active Shooter as:

  • One or more subjects who participate in a random or systematic shooting spree
  • Demonstrating their intent to continuously cause serious physical injury or death to others
  • Their overriding objective appears to be that of mass murder, rather than some other criminal conduct such as robbery, hostage taking, etc.
  • In most cases some type of firearm is used, however, the Active Shooter may use any weapon that may be available
  • A suspect is considered an active shooter if he or she is still actively shooting, has access to additional potential victims, and has a willingness to harm others until stopped by authorities or his/her own suicide

Most Active Shooter incidents are often over within 10 to 15 minutes, in a 2012 FBI Active Shooter report, 37% of Active Shooter incidents last under five minutes, before law enforcement arrived on the scene, individuals must be prepared both mentally and physically to deal with an active shooter.

We will cover some very basic steps to plan for, react to and recover from an Active Shooter Incident. As with every planning recommendation I give; this is not all inclusive, I would highly recommend you attend an Active Shooter Training Seminar or ask for a visit from your local law enforcement organization that can give you a block of instruction on Active Shooter.

No matter where you find yourself, at work, in a restaurant, or any other venue where people congregate, you could very well be a target for an individual or individuals’ intent on causing great harm.

First rule in any Emergency Situation, Active Shooter included;

YOU ARE THE MOST IMPORTANT PERSON IN THE EQUATION! YOUR SAFETY IS PARAMOUNT!

I have talked numerous times about maintaining your situational awareness. When you arrive at any venue take a few seconds to find the exits; which one is closest to you; how will you evacuate the area should you have too? What is around you that could protect you? I personally like sitting at booth tables in restaurants; with my back against a wall or other solid object: having a complete view of the whole restaurant if possible and facing the door.

Remember there are three basic fundamentals to reacting to an Active Shooter Incident;

RUN – Leave everything behind; find that exit and GET OUT! Encourage others to come with you, but if they don’t want to leave, REMEMBER YOU ARE THE MOST IMPORTANT PERSON IN THE EQUATION!

HIDE – Put as many barriers/walls between you and the shooter as you can, turn off cell phones, radios, any device that could make a noise and give up your position! Lock or block the door; hide under a desk, remain quiet and claim!

FIGHT — AS A LAST RESORT, AND ONLY WHEN YOUR LIFE IS IN IMMINENT DANGER: Act as aggressively as possible against him/her; Throwing items and improvising weapons; Committing to your actions; Attempt to incapacitate the active shooter; (EXERCISE EXTREME PREJUDICE IN YOUR ACTIONS) That last part isn’t a fancy movie catch phrase; remember you are in a fight for your life!

Once police arrive on the scene here are a few do’s and don’ts;

DON’T:

  • Run up to the police; Their first priority will be to eliminate the threat(s) and secure the scene to allow EMS to come in and assess and treat casualties
  • Avoid making quick movements toward officers such as attempting to hold on to them for safety
  • Don’t stop to ask officers for help or direction when evacuating, just proceed in the direction from which officers are entering the premises.

DO:

  • Be VERY AWARE! That once Law Enforcement Personnel arrive on the scene you may very well be considered a suspect. That is normal response protocol
  • DO AS YOUR TOLD, it is BETTER YOU PLACE YOUR HANDS OVER TOP YOUR HEAD
  • YOU may be told to get on the ground…. Just do it…… Better to be treated like a criminal at first and then cleared, than being shot. You made it that far, go home at the end of the day

Active Shooter Preparedness is also becoming a very large part of Workplace Violence Planning and Training.

Although it is good to receive some rudimentary training on Active Shooter; each organization will need to tailor their response plans to fit into their building lay out.

Corporate Climates cannot afford to have a lackadaisical approach to workplace violence, emergency response or security, this is a leadership/management issue. Corporate Leadership must take ownership of safety, emergency response and workplace violence responsibilities for their organizations and require their First-tier leaders to stress the importance of these processes and procedures, one of the first things I learned about leadership was, led by example. You can direct more people into doing what you want if you first do it yourself! If you don’t, what makes you think that the employees will!

Active Shooter Awareness has to be incorporated with emergency response planning and work place violence planning; you are setting yourself and your company up for failure by not planning, training and conducting exercises.

This next point has greatly concerned me, I have seen some reports lately that companies are being sued for conducting Active Shooter Awareness Training and most, if not all claimants say they were traumatized by the training. Well I’ll simply put it this way, would you rather have some knowledge and a sense of what to expect should you ever have to act in an Active Shooter Situation; or would you rather be a victim. A 2012 FBI Active Shooter report indicated that over 50% of Active Shooter Incidents occurred at a business.

I’d also recommend that you receive some treatment for Post-Traumatic Stress (PTSD) after the incident, as you would have seen and experienced things that no person should every have too.

Recommendations both for Active Shooter and Terror Attacks for those that may not have a developed response plan

Municipalities;

  • Consider activating, even with minimum staffing, the local Emergency Operations Center
  • Consider “up-staffing” Law Enforcement, Fire and EMS Personnel, not only the first night but a number of consecutive nights as well
  • Consider a review of local mutual aid plans (Police, Fire, EMS)
  • Consider having a Public Safety Organizational meeting prior to release

Law Enforcement Organizations;

  • Consider high visibility patrols in theater areas, not only the first night, but a number of consecutive nights as well
  • Meet with theater owners/management to discuss awareness, protocols, and expectations
  • Consider reviewing your Active Shooter and Terrorism Response Plans
  • Act immediately on any reported perceived threats
  • Consider “Up-staffing” patrol personnel
  • Consider a review of local mutual aid plans
  • Check with local FBI Field office, Joint Terrorism Task Force, or if so supported, Fusion Center; prior to release night for any updates of possible threats

Fire/EMS

  • Consider having one medical and one fire unit “staged” close to the venue
  • Consider reviewing your Active Shooter and Terrorism Response Plans
  • Consider “up-staffing” the closet Engine/Ladder/EMS Companies
  • If possible, predesignate locations for Medical and Fire Staging Locations
  • Consider Review Local Mutual Aid Plans

Theater Company

  • Consider coordinating with local law enforcement for security
  • Brief Theater Staff that will be working those nights, on Emergency Response and Active Shooter Plans
  • Maintain a Passive Security Posture the entire night; Some Passive Security measure suggestions can be found above
  • Know the limitations of the theater rooms and know when they are close to capacity
  • Assign personnel with no other responsibility but to observe theater patrons; Only in an observe and report capacity
  • Consider review of local mutual aid plans
  • All theater staff must know where all the exits are and how to lead patrons to them; remind the staff the closest exit maybe behind them

Conclusion

As a sociality we have become increasingly dangerous, in that we have to worry about the seemingly random act of an Active Shooter; although most are not random at all, but go through as many as five phases before the shooter executes his/her actions. I fear that we will continue on this path of wanton violence and the better educated you are, not to these types of incidents, but any type, the better you will be to handle the situation.

As with any planning you do, whether you’re planning for a natural disaster or human initiated events/incidents, you need to take into account your own special considerations, also keep in mind that these planning and situational mindset ideas will not always be all inclusive. Your primary focus should be on personal safety, continued situational awareness and exercise your common sense.

The world has changed over the last few decades, more than anyone of us could have ever imagined. Thirty years ago, the only emergency-related thing we had to worry about at school was the surprise annual fire drill. The escalating violence in our world and attacks on soft targets like schools, churches, and hospitals has taught us that we are no longer safe in those places we once considered as morally protected sanctuaries. We must strive to provide a safe environment for all of us.

Wanna be a Facilitator? Toughen up!

Tim Riecker, The Contrarian Emergency Manager Leave a comment

I just read a great post by Robert Burton on LinkedIn titled 5 Common Tabletop Exercise Mistakes.  Robert gives a good review of the common issues that can doom a TTX from the beginning.  Go check it out!

My addition to his post reflected on the need for good and strong facilitation.  I figured it would be worthwhile to develop a separate post and expand on that a bit.  Facilitation itself is certainly an art – be it for a meeting, a workshop, or a tabletop exercise.  I would offer that while there are similar skills, abilities, and traits that will lend to success for all these applications, there are also some differences.  Facilitation for all applications requires that one speak up, follow an agenda, clearly communicate, and give everyone a chance to participate.  Charisma helps carry things along.  In some instances, you also need to be tough.  In a meeting, you have to be tough to enforce sticking to the agenda.  In a table top exercise, you need to be a little tough with the participants.

We’ve certainly all witnessed poor exercise facilitation.  They facilitator doesn’t follow the MSEL, tells their own stories, leads participants to answers, and puts up with softball answers that don’t tell much of anything.  Remember, the ultimate purpose of an exercise is to test plans.  Plans are executed by people.  We are testing the plans through these people.  If we aren’t getting good answers, we aren’t meeting our goal of testing the plans.

In one of the best table top exercises I ever witnessed, the facilitator provided injects, as expected, to a group of agency department heads.  The facilitator had a very distinct position in the agency, though… he was their new director.  He requested that we put together a TTX focusing on agency response plans.  When we asked who he wanted to facilitate, he said he would do it.  Now there are certainly pros and cons to this, but he was the boss, and the results were quite eye opening.

As follow ups to the injects, participants were asked questions such as ‘What is your role?’ ‘How would you respond to this?’ and ‘What would you do next?’.  This is how participants should be drawn out to obtain good information.  Additionally, facilitators should consider asking ‘Why’ when participants give certain responses.  (Check out my post Ask Why 5 Times – I explore the power of this question a bit more).  Do they think their response was a good idea or is it actually called for in a plan?  ‘Who’ is another good question.  It’s easy for participants to throw out generalities in response to questions (i.e. We would do x.).  Well WHO specifically would do it?  And WHY? And what if they weren’t around?  What does the plan say?

After getting a few answers he wasn’t very comfortable with, the new director then lobbed in a heck of a hand grenade – Show me.  This threw participants for a loop.  Now, I will grant you that this is rather unorthodox in a TTX, although not completely unheard of.  Given his position, no one was going to challenge him, though.  Out scampered one person.  A few more questions, then the phrase again – Show me.  Out scampered another person in search of another binder.  In the end, some had supported their claims, others did not.  These were great lessons learned.  We found holes in plans, necessary connections between plans, and a need to update plans and train people on those plans.

After this exercise, I learned lessons myself and approached facilitation of future exercises very differently.  I began asking more questions as follow ups to participants’ responses.  We dug deeper and found out more – so did the participants.  Sometimes they don’t like it, and sometimes you feel like you are being antagonistic.  Obviously you don’t want to create an unpleasant experience for anyone, but if they aren’t able to handle a few tough questions from an exercise facilitator, they certainly won’t like handling them from their boss, their bosses boss, or the media.

Bottom line, if you are going to facilitate an exercise, toughen up.  Ask follow up questions.  Get clarity on the answers and don’t let participants get away with easy answers.  If participants squirm a bit, that’s OK.

What are your exercise facilitation experiences?  Any best practices to add?

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Course Review: MGT-342 Strategic Overview of Disaster Management for Water and Wastewater Utilities

Tim Riecker, The Contrarian Emergency Manager 1 Comment

I took the opportunity yesterday to attend the aforementioned class held at the New York State Preparedness Training Center in Oriskany, New York.  This half day (0800-1200) course was well attended by water and wastewater personnel from around central New York, a couple of emergency management types, and even a representative from a local brewery (no samples, sadly).  This DHS approved course is designed and instructed by personnel from the Texas A&M Engineering Extension Service (TEEX) National Emergency Response and Rescue Training Center (NERRTC).

IMG_1263

Through my career in emergency management I have regularly worked, albeit tangentially, with water and wastewater professionals, which are generally regarded as a niche of public works.  In many small towns across the nation, water and wastewater systems are among the only critical infrastructure these small towns have.  In larger municipalities, water and wastewater systems are extensive and necessary for not only their residents, but for business and industry as well.  We often see impacts to water and wastewater systems from disasters ranging from earthquakes, to utility outages, floods, and other disasters, including criminal acts.  I’m always interested in an opportunity to learn more and this course was convenient in location and schedule.

This course is a condensed half-day version of a two-day course also taught by TEEX.  When instructors reviewed the morning’s agenda, I was skeptical, and rightfully so.  The participant manual, like most products developed by TEEX, is excellently done, with an abundance of reference material.  Even if the material was to be just reviewed, I knew that addressing most, if not all of it, would be a significant task for the instructors.  The lead instructor was very knowledgeable and experienced in the subject matter and very well spoken.  While he had a lot of value to provide to participants, he may have provided a bit too much relative to getting through the three units of the course as intended.

The course units are largely broken into three main topic areas: Threats, Preparedness, and Response; all obviously relative to water and wastewater systems.  The first unit, Threats, was covered thoroughly, taking nearly the full class time.  The information provided was excellent and realistic in scope.  Examples of actual impacts to water and wastewater systems around the world from a variety of threats and hazards were used to drive the point home about the vulnerability of these systems.  I was dismayed, though, that the second unit, Preparedness, was not covered at all.  Fortunately, there is a great amount of materials in the participant guide for after class reference.

The third unit, Response, also contains a great deal of information, especially for those who are not used to complex and multi-agency responses.  Unfortunately, we only had time to review a case study which was in the unit.  While the case study (the Charleston, WV spill from January 2014) was excellent and certainly time well spent, it would have been great to dig into the other response related materials in the course.  Again, at least we have these for post-course review.

This content of this course is quite valuable, relevant, and up to date.  It was expertly instructed, discounting some time management issues.  I do think, though, that the instructional design in more to blame, as the quantity of content contained in the course is simply too much to be adequately covered in a half day.  It certainly had me wanting to take the two day course, and definitely from the same instructor.  I provided similar comments on the course evaluation sheet, and I hope they do make some necessary changes to this class to maximize the amount of information provided.  Would I still recommend this course – yes, but just know going into it (at least in its present form) that you may not experience delivery of all the material.  If the quality of material and instruction is any indication of what to expect in the two day course, though, I would absolutely recommend it.

If you have any questions on the course, or experiences of your own, I’d love to hear them.

  • TR

So Your AAR Says Bad Things… Now What?

Tim Riecker, The Contrarian Emergency Manager Leave a comment

There it is.  Your recently delivered after action report (AAR).  Uncomfortably sitting across the room from you.  You eye it like Tom Hanks looking at Wilson for the first time.

Wilson

Wilson!!!

You know what’s in it.  It says bad things.  Things you don’t like.  Things your boss really doesn’t like.  But what will you do?

First, let’s assume that, despite you being unhappy with the areas for improvement identified in the AAR, they are fair representations.  What will you do with the dreaded information now that you have it?  Your AAR may have come with a corrective action plan (CAP), but this is only guidance that still needs to be reviewed and acted upon.

First, each identified area for improvement should be prioritized.  After all, if everything is important, then nothing is important.  Even if the areas for improvement and/or corrective actions are already identified in the AAR (particularly if done by a third party or if the AAR is representative of a multi-agency exercise) you should review this prioritization with your own organization’s stakeholders.  This means pulling together a committee (sorry for cursing!) comprised of key areas within your organization.  This may even mean people from areas that may not have participated, such as information technology, as I’m betting there was something in the exercise about computer systems, programs, internet connection, data access, data continuity, etc.  Don’t forget the finance people, either… some fixes aren’t cheap!

Once everyone has had an opportunity to review the AAR, each identified area for improvement should prioritized, at least to the degrees of high, medium, and low; with a secondary filtering of short-term vs long-term projects.  While some may be relatively quick fixes, others can take months, if not years, to accomplish.  Activities should also be identified that are dependent upon others which may need to be completed first (i.e. a procedure needs to be written before it can be trained on).

That’s probably enough for one meeting.  But the people you gathered aren’t cut loose yet… in fact they are pretty much locked in, so you need to be sure that the people you bring together for this corrective action group have the knowledge, ability, and authority to commit resources within their respective areas of responsibility.  Now that activities have been prioritized, it’s time to assign them… this is why involvement of your boss (if you aren’t the boss) is so important.

Some individuals within your organization will be able to act on their own to make the corrective actions that are needed – while others will need to work together to make these happen.  Consider that there may be more activities than just those identified in the AAR.  For example, the AAR may identify a need for a resource management plan.  That’s good, but we all know you can’t just build a plan and expect it to be ready for action.

For those who are regular readers of my blog, you know I’m a big fan of the POETE elements.  (More on POETE here).  What is POETE?  POETE is an acronym that stands for:

  • Planning
  • Organizing
  • Equipping
  • Training
  • Exercising

What is the value of POETE and what does it all mean?  POETE is a great reminder of the key activities we need to do to enhance our preparedness.  Given that, when we look at an identified need for improvement, we need to consider how to properly address it.  So start at the top:

  • What plans, policies, and procedures are needed to implement and support this corrective action?
  • What organizational impact will occur? Do we need to change our organization in any way?  Do we need to form any special teams or committees to best implement this corrective action?
  • What equipment or systems are needed to support the corrective action?
  • What do people need to be trained in to support the corrective action? Do we need to train them in the plan, about a new policy or procedure?  Do they need training on organizational changes?  How about training in the use of equipment or systems?
  • Lastly, once you’ve made a corrective action, it’s a good idea to test it. Exercises are the best way to accomplish this.

There are obviously other considerations depending on the specific corrective actions and the circumstances of your organization.  Funding is often times one of the most significant.  If you need to obtain funding to make corrective actions, the AAR is one of the best documented investment justifications you can get.

From a project management perspective, the committee should regularly reconvene as a matter of checking in to see how the corrective actions are going.  On a continuing basis, the progress of corrections should be tracked (spreadsheets are great for this), along with who has been tasked with addressing it, timelines for completion, related finances, progress notes, etc.  Otherwise, in our otherwise busy days, these things get lost in the shuffle.

From a program management perspective, this is a process that should be engrained culturally into your organization.  Ideally, one person should be responsible in your organization for coordinating and tracking this corrective action process.  As additional exercises are conducted and actual incidents and events occur, corrective actions from these will be brought into the mix.  It is all too often that organizations complain of seeing the same remarks on every AAR or from experiencing the same issues for every response.  BREAK THE CYCLE!  Establishing a corrective action program for your organization will go a long way toward making these chronic issues go away.

By the way, the same concept can be applied to multi-organizational/agency efforts at any level – local, county, state, federal, regional, etc.  Since we respond jointly, there are great benefits to joint preparedness efforts.  We will likely find that even that we have our own house in order, working with someone else is a very different experience and will require a whole new list of corrective actions as we identify areas for improvement.  This process works great with multi-agency committees.

The bottom line – the biggest reason why we exercise is to test our capabilities.  When we test them, we find faults.  Those faults need to be corrected.  Capitalize on the investment you made in your exercise effort to address those identified deficiencies and improve your capabilities.

What ideas do you have for addressing corrective actions?

Need help with preparedness activities?  Be Proactive and Be Prepared™ – Reach out to Emergency Preparedness Solutions!  We’re always happy to help.

Thanks for reading!

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Gauging Return on Investment in Preparedness: Exercises

Tim Riecker, The Contrarian Emergency Manager 1 Comment

In this last article of the Return on Investment series, I’ll be discussing the investments and benefits of preparedness exercises to help organizations determine their return on investment – or ROI.  The series has followed the model of the five POETE elements (Planning, Organizing, Equipping, Training, Exercising).  The inspiration for the series was a piece I wrote called Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports.  If you haven’t had the opportunity to review the earlier articles in the series, they are linked below:

Planning

Organizing

Equipping

Training

We conduct preparedness exercises for two main reasons: 1) to test plans and procedures, and 2) to provide people with an opportunity to practice their roles and responsibilities.  Exercises can be stand-alone activities or integrated into training and education through scenario-based learning. In the US we use the Homeland Security Exercise and Evaluation Program (HSEEP) as our model for both the macro and micro levels of exercise management.  If you are interested in an in-depth look on HSEEP and its components, you can check out an earlier series I did called Managing an Exercise Program.

As with most major activities we do, exercise-related tasks can be divided out into program management (the macro level) and project management (the micro level).  Since we usually examine ROI for individual activities, we will focus on the micro level of exercises, that is the project management piece, or individual exercises, to identify specific costs (investments) and benefits.

Conducting an exercise takes a fair amount of preparation.  The more complex the exercise, the greater period of time it should take to prepare.  Complexity of an exercise is measured by a few different factors – the number of participants involved, the span of time for the exercise, the complexity of the tasks/plans being exercised, and the number of locations being exercised.  Most of us who have been involved in emergency management and homeland security for a while have seen the full gamut of exercises – from discussion-based exercises like table top exercises, workshops, and seminars; to operations-based exercises like drills, functional, and full-scale exercises.  Often we view functional and full scale exercises as being the most complex, however I’ve been involved in table top exercises and workshops which have involved significant efforts.

Up front, the most significant investment any organization can make in an exercise is personnel time.  All exercise efforts will have a lead planner, and most will be supported by a planning team.  If the exercise involves only one organization, that planning team will typically involve only internal people, while multi-organizational exercises should involve some measure of representation from every organization, either directly or indirectly.  Planning an exercise requires a great attention to detail, drafting and editing of documents, and arranging of logistical matters.  Experience helps, so those who do this less often will typically require more time to do it.  This is why many organizations hire consultants (like me!) to help them with exercises.

During the planning phase for the exercise, you may have some associated costs, such as meeting space, food, and travel for planning meetings.  You may also have these costs for the exercise itself which should be identified during the planning phase.  It is also important to identify any costs associated with audio-visual equipment, communications equipment (including internet connectivity), and even things as simple as name badges and signage.

For the exercise itself, personnel costs are still significant.  You must not only consider the time of all participants (as well as potential travel costs), but also the time of your exercise management staff – an exercise director, controllers, evaluators, and possibly staff for a simulation cell.  Again, experience helps to support a successful exercise, so if you don’t have the depth of experience in your organization, consider hiring consultants for the conduct and evaluation of the exercise as well.  Either way, exercises can be significant investments.

Once the exercise is complete, the activity isn’t over – and neither are the costs.  The evaluation team needs to draft the after action report (AAR), and conduct an AAR meeting with the planning team and principal participants to ensure that everything was captured accurately.  Once the AAR is finalized, action items identified in the AAR are assigned to responsible parties to address improvements.  These improvements are generally not considered part of the cost of the exercise itself, but rather part of your general preparedness costs (these will all fall within the POETE elements).

While exercises come at no insignificant cost, the benefits are tremendous – if the exercise is done properly.  A well designed, conducted, and evaluated exercise provides better outcomes and benefits.  The AAR should reflect not only best practices that should be continued, but also areas for improvement which should be addressed to enhance preparedness.  Any of these, as mentioned in the last paragraph, can fall within the five POETE elements – Planning, Organizing, Equipping, Training, and Exercising.  While each of these certainly have costs associated with them, the benefit from the exercise was identification and documentation of need.  Perhaps you are exercising a new active shooter response plan and through the exercise realize that a certain procedure was based on poor assumptions – if this plan was put in place without being exercised, the outcomes in a real life event could have been catastrophic.  It’s better to identify these issues through an exercise so they can be addressed with much less cost.

As I mentioned earlier, another reason to exercise is to provide participants with an opportunity to practice plans, procedures, or skills in a safe and structured environment.  While there is a great deal of routine to what we do in emergency management, homeland security, and public safety, there are certainly activities that we don’t do very often, resulting in degradation of skill over time.  Many of these activities, though, are absolutely critical when needed, which means that we must give practitioners ample opportunity to practice and apply what they have learned through training.  The benefits of this, depending on the activity, can include increased efficiency (time), reductions in injury and loss of life, and proper use of equipment and protocols.  Additionally, there are benefits to getting people to work together in these activities, especially for those who don’t usually work together.  Emergency management, after all, is about collaboration.

Because of the wide range of things we exercise, it’s up to you to examine what your investments and benefits might be.  At EPS, we can help you with designing, conducting, and evaluating exercises; identifying potential costs and benefits of an exercise; and other preparedness activities.  We’re happy to help!

Feedback from this return on investment series of posts has been very positive, which I greatly appreciate.  We also got some good dialogue across all mediums including the blog home page (www.triecker.wordpress.com) and various LinkedIn discussion groups – some of which provided some excellent additional ideas on how to better capture information on investments and benefits.  The challenge remains to not only identify these, but to convert them into meaningful information for decision makers, which usually involves currency values.  Thank you, as always, for your time and attention.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Gauging Return on Investment in Preparedness: Training

Tim Riecker, The Contrarian Emergency Manager 2 Comments

This is my fourth article in a series examining how organizations can gauge their return on investment for various emergency management and homeland security preparedness projects.  These were inspired by an original article I wrote called Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports.  The POETE model (Planning, Organizing, Equipping, Training, Exercising) helps us to identify all activities related to preparedness.  Thus far, we have covered:

Planning

Organizing

Equipping

If you haven’t already reviewed these articles, check them out for additional context and information.  Within each, I outline the general activities within the preparedness element, and identify the potential costs and benefits of these activities to the organization.  While some costs and benefits are direct (meaning we can readily identify them in terms of currency), most are not, and require some measure of analysis.

We put a lot of money (and faith) into training as a central preparedness activity.  And why shouldn’t we?  Training, by definition, is a transfer of learning.  We have a lot of information to communicate to our staff and other stakeholders, with the goal of that information collectively becoming a body of knowledge, and a vision of these people applying what they have learned to future circumstances.

In emergency management and homeland security we train quite a bit, with some training being required by organizational, local, state, national, international, or federal standards; while other training will help develop and advance staff.  We include HR-required training; soft skills like communication, leadership, decision making, and the like; as well as technical skills such as emergency planning, exercise design, and incident management.  Emergency management and homeland security are broad fields of practice, which intersect public safety, public health, and other essential government and social functions.  Most emergency management and homeland security practitioners have roots in one or more of these fields and typically continue receiving training relative to those as well.

Training comes from a variety of sources including our home organizations, local and county governments, state government, private and not for profit entities, and the federal government.  Particularly for training that is sponsored by a government entity, most training is ‘free’.  In the US, federal training entities, such as FEMA’s Emergency Management Institute, also reimburse travel expenses and provide lodging for all levels of government employees.  On the surface, the cost of most emergency management and homeland security training is fairly low.

Of course depending on perspective, the cost of training can vary.  As a former state training officer who managed all emergency management related training delivered across my state, I could identify our agency’s cost of training.  This would include our staff admin time for course prep and record keeping, the cost of duplicating participant manuals, any costs associated with the hosting facility (although we usually utilized no cost facilities), the cost of paying our instructors for their time and travel, and, if applicable, any lodging and/or meal costs for participants who may have traveled a distance.  These costs, however, are only part of the picture.

What about the cost to the organization that is sending people to be trained?  Directly, this is salary time in which little to no work is actually being accomplished for the organization.  The organization may also be footing the bill for travel costs for their participants.  Depending on who is sponsoring the training, there may be a fee for the course.  Indirectly, what is the cost of that employee being away?  Who is doing their work?  This often depends on the organization and the position the individual holds in that organization.  Firefighters, police officers, health care professionals, and others may be covering shifts that will still need to be filled, especially if policies or union contracts require certain staffing levels.  Sometimes this backfilling isn’t as simple as changing schedules, as most employees are already scheduled at full time status.  Therefore, someone may need to be paid overtime to fill this position for the duration of the training.  Perhaps the learner themselves is being paid overtime to tend to priority tasks outside of training hours.  Maybe others can simply absorb some extra tasks while this person is gone, or the learner will be swamped for some period of time once they return from training.  Each of these mechanisms, all dealing with productivity, has a cost associated to it.

Training can get expensive, which is why it’s often one of the first activities cut when an organization’s budget gets tight.  We try to minimize the cost of training through a variety of practices such as shorter training days, online training, and local training.  These, however, have various impacts on the organization’s ability to obtain the training as well as the overall effectiveness of the training.  Sometimes we simply defer the training, but the organization may have little choice, particularly with mandated training.

So what benefits can training provide?  As mentioned, I have quite a bit of background as a trainer and training manager.  I’d love to tell you that training has the greatest of all benefits, but that would be a complete lie. Just like any other preparedness activity, it has to be properly applied.  Training won’t fix everything.  I’ve written a lot of pieces on training in my blog… just search for ‘training’ and you will find plenty of articles about how training should/shouldn’t be applied.  With that caveat, training can have great benefit.  Not only can it make people more effective and efficient in their jobs and related tasks, it can also help defer liability from the organization.  Training also has benefits which more directly apply to the learner vs the organization, such as providing background for advancement and/or promotion (which can be internal or external to the organization).  There are many practices in emergency management and homeland security for which training aids in health and safety, not only of the staff member who took the training, but also of others.  In training, the impacts can go pretty far… you just have to follow the bouncing ball.  As an example: Jane gets trained in how to write emergency plans.  The emergency plans she writes will help the organization respond more effectively in the event of a disaster.  When the organization responds more effectively, lives and property are protected.  While this is a great ideal outcome, it makes for some difficulty in determining the benefits in terms of currency.

Often, the most direct benefits from training are rooted in compliance and proficiency.  Organizations have a variety of compliance matters they have to meet.  These obligations may be HR driven, required by an executive, a higher level of government, an accreditation body, or a funding source.  Safety matters are also usually linked with a compliance matter.  I often try to associate training activities to these requirements.  Sometimes we can directly link a financial benefit to these compliance matters, while other times compliance is simply factually stated.  Second is proficiency.  People need to stay current in essential skills.  This might require regularly recurring training for staff, well as training for new staff.  Staff need to be proficient in new procedures, software, and equipment operation.  Certain staff may need to be trained to more advanced levels.  Gauging the benefit in financial terms for proficiency is generally more difficult, although the need for the training is apparent.  The benefit simply needs to be extrapolated.  For instance, if the training is in a new process, what is the time and/or quality difference between the old process and the new?

As mentioned earlier, it is often times not easy to determine the financial return on investment for many of our activities.  We need to dig deep and identify quantifiable metrics which can be examined before and after we apply our preparedness activity.  We must assign reasonable currency figures to those metrics to help us and other decision makers better understand our investment and the benefits it will potentially bring.

Soon I’ll be wrapping up this series with the last key preparedness activity – exercises.  As always I’m happy to hear your thoughts on how we can better identify the returns on our investments in preparedness activities.  As a resource, I’d encourage you to search Training Magazine (trainingmag.com), which often has articles on analyzing the return on investment in training.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Gauging Return on Investment in Preparedness: Equipping

Tim Riecker, The Contrarian Emergency Manager 3 Comments

I’ve written previous posts on our preparedness investments and how we can gauge our return on those investments.  Following the POETE model (planning, organizing, equipping, training, and exercises), I’ve so far covered some considerations for Planning and Organizing.  This piece will focus on identifying our return on investment for Equipping.  Equipment can be anything from a new fire engine, to a generator, a UAV/drone, a radiological detection device, or incident management software.

Equipping is generally a preparedness activity in which we can more easily identify what our actual investment is.  Unlike Planning, which requires varying amounts of time from a number of people, or Organizational efforts which sometimes have rather esoteric costs, when we purchase or maintain equipment, we usually have a receipt in hand.

Functioning in the bureaucracies we do, however, we tend to add complexities.  We form committees to find the best equipment we can, we leverage our own staff time to keep it maintained, and we often have other associated costs, which reflect back on the other POETE elements… at least we should.  In addition to the cost of the equipment itself, let’s look at what the associated costs could be.

Every significant equipment purchase, first of all, should stem from an identified need.  Maybe it’s a critical element of a process, it’s called for in a plan, or the need was identified in an after action report.  Perhaps you are upgrading or expanding application of a certain piece of equipment?  Regardless, your organization must invest some time to ensure the equipment will meet your needs and how it will impact your operations.  This activity, generally referred to as Assessment, if often rolled into the Planning element.  Once we do obtain the equipment, we also need to plan.  We need to ensure the use of the equipment is accounted for in our plans.  Perhaps it’s as simple as adding it to a resource inventory, or as complex as creating processes or procedures that address its use.

Organizationally, you may need to task an individual or even assemble a team which will be responsible for the care and operation of the equipment.  This, logically, leads to Training.  People need to be properly trained in not only the use of the standard use of the equipment, but also the circumstances which it will be used as well as any processes or procedures for use which are unique to your organization.  Consider what degree of proficiency these individuals may need in the operation of the equipment.  Is it just basic operation, or is there a need for something more advanced?  Will recurring training be needed to maintain proficiency or to train additional people in the future?  Will anyone be trained in higher level maintenance of the equipment?

Exercising the equipment, its effectiveness, and the ability of your resources to use the equipment is essential.  Lastly, we often don’t consider the costs of maintaining and storing the equipment.  It may need replacement parts or regular servicing, which even done in-house, has an associated cost.  It may have certain storage requirements to ensure the safety and readiness of the equipment.

Now that we’ve outlined potential costs or investments, how do we know those investments have made a difference for your organization?  To determine this, we must first look at the original need.  What actually defined the need for the equipment?  Was it to replace something older and less reliable?  Was it to enhance response time?  Was it because of safety?  Did the need identify inefficiencies in previous practices and systems?  Did the new equipment meet that need?

To dig further, what was the value of that need?  To identify this, we should look at the metrics associated with that need.  If the new equipment replaced something aging, we can look at the maintenance costs and down time over a certain period of time for the older equipment.  If it was to shorten response time to get a certain capability on-scene, we should be able to identify the time metrics as well as the difference that equipment makes once it is on scene (eg. a fire department which previously had to call mutual aid to get jaws of life on scene, vs purchasing a set of jaws and having them on scene much faster).  We can associate a dollar-value cost to many of these metrics.

Was there any additional value which the equipment brought your organization?  Perhaps the added capability decreased your insurance rates or made you eligible for a particular industry certification?  Are there any indirect cost savings because of the new equipment?  Does the new equipment somehow aid in generating income?

There are many considerations when it comes to any of our investments to ensure that they are sound, responsible, and reasonable.  Often we need to identify the value of an investment before it is made, but we should certainly keep track of that value after the investment as well.

Need help with planning?  Gap analysis?  Resource inventories?  Maybe with the training or exercising associated with new equipment or other preparedness needs? Contact EPS!

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC 

LLIS is Back!

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Great news from FEMA early this morning – the Lessons Learned Information Sharing (LLIS) resource is back.  Quite a while ago they pulled down the LLIS site and have (very slowly) worked to transition the data and management responsibilities to the Naval Postgraduate School’s Homeland Security Digital Library.  Information from the FEMA release below.

-TR

~

We are pleased to announce that Federal Emergency Management Agency’s Lessons Learned Information Sharing (LLIS) program has completed the consolidation of content previously available on LLIS.gov with the Naval Postgraduate School’s Homeland Security Digital Library (HSDL). As part of the consolidation effort, nearly 23,000 documents were transferred to the HSDL document library. We believe this consolidation will improve the whole community’s access to valuable information. Some of our most recent LLIS products, including Threat/Hazard and Core Capability Trend Analyses, Grant Case Studies, and Lessons Learned and Innovative Practices can be found on FEMA.gov or by visiting HSDL.org.

The content transferred to HSDL will maintain a similar level of accessibility as LLIS.gov. Documents that required a username and password to view on LLIS.gov will also require a username and password on HSDL.org. While your LLIS.gov log-in credentials do not transfer, you can easily create a new HSDL account by visiting the HSDL login page. Please note that some content is available without a password. To search for publicly available documents visit HSDL.org and use the search bar function on the homepage.

If you have additional questions, we encourage you to review our Frequently Asked Questions document. You can also email us at FEMA-lessonslearned@fema.dhs.gov.

Thank you for your patience during this transition. Stay updated on all LLIS program news by signing up for the LLIS newsletter.

Gauging Return on Investment in Preparedness: Planning

Tim Riecker, The Contrarian Emergency Manager 5 Comments

Inspired a bit by my previous post Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports, I’ve decided upon writing a series of posts picking apart our primary activities in emergency management and homeland security preparedness to identify ways to gauge our Return on Investment (ROI).  To encapsulate our primary activities, I’m using the five POETE capability elements:

  • Planning
  • Organizing
  • Equipping
  • Training
  • Exercises

Most preparedness activities within emergency management and homeland security fall within one or more of the POETE capability elements.  The capability element of Planning is the foundational activity on which all preparedness is built and will be the topic of this post.  Here’s what I’m covering:

  • What is Return on Investment?
  • What planning efforts are involved in preparedness?
  • What organizational investments are involved in Planning?
  • Does the planning effort comply with applicable standards?
  • Can the plan be implemented?
  • What will exercises tell you?
  • Is there a need to maintain plans?

Return on Investment, or ROI, is a business term used to identify the profitability of certain investments or actions.  While preparedness is certainly done to protect against losses, for public and private sector alike, we generally don’t see preparedness activities as generating revenue.  However, when most entities INVEST time, money, and other resources into preparedness activities, they often want a reasonable assurance that their investment has paid off.  How do we gauge ROI for planning efforts?

First off, what planning efforts might we see in public or private organizations?  Obviously emergency and disaster plans are the big ones.  These plans are designed to identify key processes, such as alert and notification, response organization and incident management, and others which are intended to save lives and protect property.  These plans are likely to have annexes and appendices which address uniqueness of certain hazards, response circumstances, and support activities.  Continuity plans – usually business continuity or government continuity – identify how the organization will survive as an entity in the face of disaster.  Planning activities also involve the creation, review, and maintenance of policies and procedures.  We also create plans for hazard mitigation, long term recovery, specific events, and other needs.

What investments are involved in planning activities?  Organizations can and should allocate staff time and physical space and infrastructure to planning efforts.  The dedication of staff (full or part time) and/or consultants is often required, especially when planning efforts are viewed as a continual process and a critical part of preparedness.  The organization itself must make a commitment to the planning effort.  This commitment isn’t just in concept, but also practical involvement of staff throughout the organization, access to information, and even an involvement of third parties.

Certainly a first step in assessing return on investment of planning is to evaluate compliance with applicable rules, regulations, and guidelines.  These requirements can be hard (legally binding) or soft (general guidance) and can differ from industry to industry, nation to nation, and state to state.  Here in the US, FEMA provides guidance on emergency planning through Comprehensive Preparedness Guide (CPG) 101.  Some states may have requirements for emergency planning, such as New York State’s Executive Law Article 2-bNFPA 1600: The Standard on Disaster/Emergency Management and Business Continuity Programs is often referenced by public and private entities alike, while the International Standards Organization (ISO), has many industry-specific requirements for emergency planning.  If grant funding is being used for the planning effort, the grant may also have specific requirements.  Regardless of what the requirements are, planning efforts, plans, and associated documents should be audited to ensure that requirements are met.

Compliance, however, isn’t necessarily indicative of a good planning effort.  I’ve seen many plans which may meet requirements but the content itself was severely lacking.  Far too often planners get caught up in the world of checking boxes and fail to consider implementation.  If a plan cannot be implemented, it is useless to the organization.  Many plans exist now that meet applicable requirements but are still yet vacant of any meaningful direction or guidance in the event of an emergency.  These types of ‘plans’ are really better seen as policy documents.  A plan should identify what will be done, when, how, and by who.  If your ‘plan’ simply contains a statement on the requirement to use NIMS/ICS, but doesn’t provide detail on who will be in charge of what, when, and how; it is a policy document, not a plan.  Plans and their associated documents (i.e. procedures, guidelines, and job aids) need to chase down the lifespan of each critical step, especially early in a response.  They must identify who is responsible to make key decisions, who will be notified (how and by who), and who will take what actions.  A logical review of planning documents by the planning committee or perhaps even a third party is another good means of assessing your return on investment.

Does the plan work?  This is, perhaps, the ultimate factor in determining return on investment.  Usually our best means for identifying if a plan works is to exercise it.  Exercises provide a controlled and focused environment for testing plans or components of plans.  They will also help us in identifying if the plan can truly be implemented.  I’ve written a lot on exercises: articles can be found here.  (I also anticipate writing about assessing ROI for exercises as part of this series).  Generally, an incremental exercise program is usually recommended, beginning with discussion-based exercises – such as table tops and workshops – and progressing to operations-based (hands on) exercises.  A well written and honestly evaluated exercise will go a long way toward identifying the return on investment of your planning efforts.

Are we there yet?  Nope.  Planning, like all other preparedness efforts, requires maintenance.  If you create a plan then walk away, even if it’s a good plan, your plan’s value will diminish over time – and we’re talking months, not decades.  Think about how often something changes in your organization.  Staffing.  Equipment.  Technology.  Procedures.  Insurance policies.  All of these things, and more, influence your plans in some way.  Over time these changes not only occur, but also compound and move the present reality of your organization further from the assumptions of your planning efforts.  This is why plans must be maintained and updated on a regular basis.

Is there some mathematical formula for identifying the return on investment of preparedness efforts?  Given all the factors involved and their fluidity, I don’t think so.  It’s not cut and dry like a traditional business investment.  As you can see, though, there are a number of steps we can take to assess the utility of our investment.  I’ve seen organizations pay a lot for bad plans, and others pay much less for great plans.  Not only do organizations need to ensure that their planners know what they are doing, but the organization itself needs to have a commitment to success.  Without it, the planning effort is doomed to fail.

As always, feedback is appreciated.  What are your thoughts on assessing the return on investment of planning efforts?  What do you think is a good measure?

Does your organization need a new plan or need to update a plan?  Do you need help with the planning process or evaluating your organization’s preparedness?  How about exercises?  Emergency Preparedness Solutions can help!  Email to consultants@epsllc.biz or visit www.epsllc.biz.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

WWW.EPSLLC.BIZ

Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports

Tim Riecker, The Contrarian Emergency Manager 3 Comments

A lot of money is spent within the emergency management and homeland security enterprise.  Looking just at the last couple of years of annual Homeland Security Grant Program (HSGP) (this is the annual grant provided by the US Federal government to states and urban areas), $1.044 billion was allocated in FFY 2015 and $1.043 billion allocated in FFY 2014.  These billions of dollars only account for a portion of spending within EM/HS.  There are other federal initiatives as well as state, tribal, territorial, and locally funded efforts.  Businesses and NGOs also invest significantly in emergency management, homeland security, and business continuity activities.  But where does it all get us?

Through the past decade or so there have been a few efforts by DHS/FEMA to try to measure preparedness, ideally to identify improvements in our preparedness as the result of the billions of dollars invested.  None of these efforts have really provided obvious and tangible results.  The current measure is through annual State Preparedness Reports (SPRs), which utilize the THIRA process (Threat and Hazard Identification and Risk Assessment) outlined in Comprehensive Preparedness Guide (CPG) 201 as a foundation, but with the POETE analysis (Planning, Organizing, Equipping, Training, and Exercising) for each of the 31 Core Capabilities.  (You can find articles I’ve written on the utility and application of POETE here.) The SPR is a good methodology for identifying the current condition of preparedness for each state as viewed through the 31 Core Capabilities.  The POETE analysis helps to identify the strengths and weaknesses within each Core Capability.

The SPR, however, still falls short.  How can we improve it?

1. Include historical data for trend analysis. The SPR largely provides only a snapshot of current conditions.  The format of the SPR does not provide for any analysis of historical data to identify trends (i.e. improvements or otherwise) in the state’s assessed condition of its 31 Core Capabilities.  FEMA regional offices, upon receipt of an SPR, do provide a brief feedback report of the current SPR with a passing mention of the previous year’s submission, but the report provides so little information it could hardly be called an analysis.

A rudimentary table identifying trends for a selected Core Capability is below.  For those not familiar, higher scores rate a higher measure of capability.  In this table, I’ve identified POETE elements which have trended lower from year to year with a RED highlight, and those which have trended higher with a GREEN highlight.  A simple analysis such as this give an at-a-glance comparison.  To make this analysis more comprehensive, I would suggest the addition of narrative for each trend (higher or lower) which explains what has changed to warrant the new ranking.

Historical Comparison of a Core Capability

2. Include a financial analysis for the current year to identify return on investment. An identification and summary of key program area investments for the year will lay the groundwork for a return on investment (ROI) analysis.  ROI will help identify how much bang for the buck you are getting in certain areas.  It’s easy to lose sight through the year from a program management perspective on how much money was spent on certain programs and activities – especially for larger agencies with a layered bureaucracy.  Incorporating this analysis into an SPR is not only good financial and program management, but provides an opportunity to identify where money was spent and to measure, at least on a broader scale, what the results were.  Certainly we have to fund continued operations to simply sustain our capabilities, but we should also be funding, where possible, programs to enhance our high priority capabilities and those needing the most improvement.

Again, as a rudimentary example, we can build on the table provided earlier to identify where funds were spent to see if they made a difference in our level of preparedness.  As with the earlier example, a narrative should be provided for each investment to identify what it was and assess the impact.  This also provides an excellent opportunity to review the investment justification written for grants to determine if the investment met the intended objectives (which should have been to maintain or enhance some aspect of the capability).  Historic investment data can also be included for each year.  This all leads directly to identifying the return on investment – did the investment make a difference and to what extent?

Historical Analysis of a Core Capability with Identified Investments

Ultimately this added data and analysis requires more work, potentially the involvement of more people, and likely more time to complete the SPR.  However, this new process will also result in a positive return on investment itself by helping to identify trends and outcomes.  Financial information is regularly reported to DHS (for those grants that originate with them) in the form of progress reports, but that information is stovepiped and usually not associated with a more comprehensive assessment such as the THIRA/SPR.  Bringing this data together paints a much more accurate picture.

The concept of preparedness is difficult to put in a box.  It’s amorphic and challenging to identify, yet people often ask the question ‘Are we prepared?’  States, locals, DHS, and Congress often have difficulties measuring preparedness and advances in preparedness, especially relative to the dollars spent on it.  The GAO has regularly recommended efforts to better identify return on investment, yet we haven’t gotten there.  The recommendations identified here can bring us much closer to nailing down where we are and where we need to be.  Armed with this knowledge, we can make better decisions for future investments and activities.

Moving forward, I expect to write a bit on each POETE element, with my thoughts on how we can identify return on investment for each.  As always, I’m very much interested in your thoughts on the approach I identified above and how we can better identify return on investment in the realm of emergency management and homeland security.

If you are interested in utilizing this approach to better identify your return on investment for local, state, tribal, territorial, or organizational preparedness efforts (whether or not you do a State Preparedness Report), Emergency Preparedness Solutions is here to help!  Check out our website at www.epsllc.biz or contact me directly to discuss what we can do for you.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

WWW.EPSLLC.BIZ