Tag HSEEP

Don’t Just Take It From Me – There are Issues with ICS Training

Tim Riecker, The Contrarian Emergency Manager Leave a comment

The February 2016 edition of the Domestic Preparedness Journal highlighted, among other things, some concerns with ICS training in the United States.  First off, if you aren’t subscribed to the DPJ, you should be.  It’s free and they offer good content, with few extraneous emails beyond the journals.  Check them out at www.domesticpreparedness.com.

The specific article in this issue I’m referencing is Incident Command System: Perishable if Not Practiced, by Stephen Grainer. Mr. Grainer is the Chief of Incident Management Systems for the Virginia Department of Fire Programs.  Steve has a significant depth in ICS and understands all the nuances of preparedness and application.  I first met him when serving on the national NIMS steering committee with him several years back.

The title of the article is a bit deceptive – it’s not just focused on the issue of the training being perishable.  Right up front, Mr. Grainer, who is a longtime supporter and advocate of ICS, outlines a few shortcomings and constraints related to the application of ICS and ICS training.  He states that “little attention has been given to developing the students’ ability to recognize an evolving situation in which more formalized implementation of the ICS should be undertaken”.  This underscores one of my main points on the failings of the ICS curriculum.  We teach people all about what ICS is, but very little of how to use it.

After giving a few case studies that reflect on the shortcomings he highlighted, Mr. Grainer expresses his support for continued training, refresher training (something not currently required), and opportunities to apply ICS in ways that public safety and emergency management don’t do on a regular basis.  He summarizes by stating that not only does training need to continue to address succession and bench depth, but also the need to address how to maintain competencies and address misunderstandings in NIMS/ICS.

Yes, training does need to continue, but it must be the RIGHT training!  We continue doing a disservice by promoting the current ICS courses which fall well short of what needs to be accomplished.  Mr. Grainer’s mention of the need for our training to address better implementation of ICS, particularly beyond the routine, is perhaps a bit understated, but nonetheless present.  Refresher training also needs to be incorporated into a new curriculum, as these skills are absolutely perishable – particularly the aspects of ICS typically reserved for more complex incidents.

In the event you aren’t familiar with my earlier posts on ICS and my crusade for a better curriculum, check out these posts.  As I’ve said before, this isn’t a pick-up kickball game… this is public safety.  We can do better.

Shameless plug:  Assessments, Planning, Training, Exercises.  Emergency Preparedness Solutions does it all.  Contact us to find out how our experience can benefit your jurisdiction’s or organization’s emergency and disaster preparedness.  We are your partner in preparedness.  www.epsllc.biz.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

ICS: Who doesn’t need it?

Tim Riecker, The Contrarian Emergency Manager 16 Comments

In a recent discussion thread, someone shared some material for a new program that promotes resiliency for disaster housing.  While the intent of the program is good, there was one thing that struck me – it stated that it was based on the incident command system (ICS).  My question – why?

ICS is a great system.  It’s proven to be effective WHEN APPLIED PROPERLY.  That’s the catch, though, isn’t it?  A great many after action reports (AARs) identify areas for improvement relative to various facets of ICS after incidents, events, and exercises.  The organizations that the AARs are usually focused on are professional response organizations – fire, police, EMS, public works, public health, emergency management, etc.  These are organizations that generally get LOTS OF PRACTICE in applying ICS.  So what’s the problem?

The problem is that most organizations that do use ICS don’t get enough practice in applying ICS beyond smaller incidents.  So if responders, who are using ICS, have difficulty with expanded application despite some practice and more advanced training, how are organizations who don’t use it all expected to be able to remember it much less apply it properly on even the most basic of incidents?  (More on my issues with ICS training here, in case you’ve missed posts over the last year or so.)

So back to the main topic of this post – who doesn’t need ICS training?  I would suggest that those persons and organizations that don’t fit the broad definition of responders DON’T NEED IT.  While this may be blasphemous to some, consider the time and effort wasted on getting people trained to understand ICS who will NEVER USE IT.  “But what if they do need it?” you ask?

I’m challenged to really find that need.  Why does the management of an apartment complex need to know or understand ICS?  I find the thought of that foolish and wasteful.  Sure, they can be a partner in disaster preparedness, response, and recovery.  Does that make them a responder?  No. Will they become part of the ICS organization?  NO!  Is there any reason why they would need to use ICS to manage their own organization?  NO!!! They manage their organization every day through what should be a very effective model for them.  Why the hell do we want to change that?  We need to stop pushing our complex shit on other people who don’t need it.

I’m of two thoughts on this… One, there are people who are so gung-ho over including everyone under the sun into emergency management that they feel compelled to bring them into the profession.  News flash people – if they wanted to be emergency managers, they would.  There is no practical reason for them to be trained in the vast complexities of emergency management.  Two, there are people who don’t really understand the applications of emergency management themselves, and therefore try to make adaptations of the system for every variety of stakeholder out there.  This is something I’ve struggled with very often as people try to adapt ICS to their organization and, in doing so, change the foundational principles of ICS (span of control, terminology, organizational structure, etc.).  Further, every organization thinks they have an INCIDENT COMMANDER.  STOP!!!

ICS is not for everyone.  I’m not being elitist or exclusionary, I’m being practical.  That’s not to say that certain stakeholders shouldn’t at least be familiar with what it is, but still not every stakeholder or partner, and they certainly don’t need to know how to actually apply it.  For many, simply having a point of contact with certain departments or through the 911 center is enough.  Certainly if some have an interest in it they can ask, or take a class either in person or online.  (I would never withhold a training opportunity from anyone.)  This should certainly give them enough to satisfy their curiosity.

Along with my crusade to make better ICS training for responders (even non-traditional ones), I would suggest that we need to do a better job of advising other organizations about how they interact with the system.  Simply throwing ICS training at them DOESN’T WORK.  It creates false expectations and generates more confusion.

So please, fire away with your thoughts.  Who do you think shouldn’t have ICS training?  What would you change about the current ICS training model/requirements? 

Shameless plug time: Need ICS training or training in other areas of emergency management?  How about meaningful and practical emergency plans you can actually implement?  Exercises to test those plans and give staff an opportunity to practice implementing plans?  Emergency Preparedness Solutions can help!  Link to info below!

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Failed Attempts to Measure NIMS Compliance – How can we get it right?

Tim Riecker, The Contrarian Emergency Manager 3 Comments

Yesterday the US Government Accountability Office (GAO) released a report titled Federal Emergency Management Agency: Strengthening Regional Coordination Could Enhance Preparedness Efforts.  I’ve been waiting for a while for the release of this report as I am proud to have been interviewed for it as a subject matter expert.  It’s the second GAO report on emergency management I’ve been involved in through my career.

The end game of this report shows an emphasis for a stronger role of the FEMA regional offices.  The GAO came to this conclusion through two primary discussions, one on grants management, the other on assessing NIMS implementation efforts.  The discussion on how NIMS implementation has thus far been historically measured shows the failures of that system.

When the National Incident Management System (NIMS) was first created as a nation-wide standard in the US via President Bush’s Homeland Security Presidential Directive (HSPD) 5 in 2003, the NIMS Integration Center (NIC) was established to make this happen.  This was a daunting, but not impossible task, involving development of a standard (lucky much of this already existed through similar systems), the creation of a training plan and curricula (again, much of this already existed), and encouraging something called ‘NIMS implementation’ by every level of government and other stakeholders across the nation.  This last part was the really difficult one.

As identified in the GAO report: “HSPD-5 calls for FEMA to (1) establish a mechanism for ensuring ongoing management and maintenance of the NIMS, including regular consultation with other federal departments and agencies and with state and local governments, and (2) develop standards and guidelines for determining whether a state or local entity has adopted NIMS.”

While there was generally no funding directly allocated to NIMS compliance activities for state and local governments, FEMA/DHS associated NIMS compliance as a required activity to be eligible for many of its grant programs.  (So let’s get this straight… If my jurisdiction is struggling to be compliant with NIMS, you will take away the funds which would help me to do so????)  (the actual act of denying funds is something I heard few rumors about, but none actually confirmed).

NIMS compliance was (and continues to be) a self-certification, with little to no effort at the federal level to actually assess compliance.  Annually, each jurisdiction would complete an online assessment tool called NIMSCAST (the NIMS Compliance Assistant Support Tool).  NIMSCAST ran until 2013.

NIMSCAST was a mix of survey type questions… some yes/no, some with qualified answers, and most simply looking for numbers – usually numbers of people trained in each of the ICS courses.  From FEMA’s NIMS website: “The purpose of the NIMS is to provide a common approach for managing incidents.”  How effective do you think the NIMSCAST survey was at gauging progress toward this?  The answer: not very well.  People are good at being busy but not actually accomplishing anything.  It’s not to say that many jurisdictions didn’t make good faith efforts in complying with the NIMS requirements (and thus were dedicated to accomplishing better incident management), but many were pressured and intimidated, ‘pencil whipping’ certain answers, fearing a loss of federal funding.   Even for those will good faith efforts, churning a bunch of people through training courses does not necessarily mean they will implement the system they are trained in.  Implementation of such a system required INTEGRATION through all realms of preparedness and response.  While NIMSCAST certainly provided some measurable results, particularly in terms of the number of people completing ICS courses, that really doesn’t tell us anything about IMPLEMENTATION.  Are jurisdictions actually using NIMS and, if so, how well?  NIMSCAST was a much a show of being busy while not accomplishing anything as some of the activities it measured.  It’s unfortunate that numbers game lasted almost ten years.

In 2014, the NIC (which now stands for the National Integration Center) incorporated NIMS compliance questions into the Unified Reporting Tool (URT), including about a dozen questions into every state’s THIRA and State Preparedness Report submission.  Jurisdictions below states (unless they are Urban Area Security Initiative grant recipients) no longer need to provide any type of certification about their NIMS compliance (unless required by the state).  The questions asked in the URT, which simply check for a NIMS pulse, are even less effective at measuring any type of compliance than NIMSCAST was.

While I am certainly being critical of these efforts, I have and continue to acknowledge how difficult this particular task is.  But there must be a more effective way.  Falling back to my roots in curriculum development, we must identify how we will evaluate learning early in the design process.  The same principal applies here.  If the goal of NIMS is to “provide a common approach to managing incidents”, then how do we measure that?  The only acceptable methodology toward measuring NIMS compliance is one that actually identifies if NIMS has been integrated and implemented.  How do we do that?

The GAO report recommends the evaluation of after action reports (AARs) from incidents, events, and exercises as the ideal methodology for assessing NIMS compliance.  It’s a good idea.  Really, it is.  Did I mention that they interviewed me?

AARs (at least those well written) provide the kinds of information we are looking for.  Does it easily correlate into numbers and metrics?  No.  That’s one of the biggest challenges with using AARs, which are full of narrative.  Another barrier to consider is how AARs are written.  The HSEEP standard for AARs is to focus on core capabilities.  The issue: there is no NIMS core capability.  Reason being that NIMS/ICS encompasses a number of key activities that we accomplish during an incident.  The GAO identified the core capabilities of operational coordination, operational communication, and public information and warning to be the three that have the most association to NIMS activities.

The GAO recommends the assessment of NIMS compliance is best situated with FEMA’s regional offices.  This same recommendation comes from John Fass Morton who authored Next-Generation Homeland Security (follow the link for my review of this book).  Given the depth of analysis these assessments would take to review AAR narratives, the people who are doing these assessments absolutely must have some public safety and/or emergency management experience.  To better enable this measurement (which will help states and local jurisdictions, by the way), there may need to be some modification to the core capabilities and how we write AARs to help us better draw out some of the specific NIMS-related activities.  This, of course, would require several areas within FEMA/DHS to work together… which is something they are becoming better at, so I have faith.

There is plenty of additional discussion to be had regarding the details of all this, but its best we not get ahead of ourselves.  Let’s actually see what will be done to improve how NIMS implementation is assessed.  And don’t forget the crusade to improve ICS training!

What are your thoughts on how best to measure NIMS implementation?  Do you think the evaluation of AARs can assist in this?  At what level do you think this should be done – State, FEMA Regional, or FEMA HQ?

As always, thanks for reading!

© 2016 – Timothy Riecker

Emergency Management: Coordinating a System of Systems

Tim Riecker, The Contrarian Emergency Manager 1 Comment

Emergency management, by nature, is at the nexus of a number of other practices and professions, focusing them on solving the problems of emergencies and disasters.  It’s like a Venn diagram, with many entities, including emergency management, having some overlapping interests and responsibilities, but each of them having an overlap in the center of the diagram, the place where coordination of emergency management resides. That’s what makes the profession of emergency management fairly complex – we are not only addressing needs inherent in our own profession, we are often times doing it through the application of the capabilities of others.  It’s like being the conductor of an orchestra or a show runner for a television show. It doesn’t necessarily put emergency management ‘in charge’, but they do become the coordination point for the capabilities needed.

Presentation1

 

This high degree of coordination depends on the functioning and often integration of a variety of systems.  What is a ‘system’?  Merriam-Webster offers that a system is a “regularly interacting or interdependent group of items forming a unified whole.”  Each agency and organization that participates in emergency management has its own systems.  I’d suggest that these broadly include policies, plans, procedures, and the people and technologies that facilitate them – and not just in response, but across all phases or mission areas.  Like the Venn diagram, many of these systems interact to (hopefully) facilitate emergency management.

There are systems we have in many nations that are used to facilitate components of emergency management, such as the National Incident Management System (NIMS), the Incident Command System (ICS) (or other incident management systems), and Multi-Agency Coordination Systems (MACS).  These systems have broad reach, working to provide some standardization and common ground through which we can manage incidents by coordinating multiple organizations and each of their systems.  As you can find indicated in the NIMS doctrine, though, NIMS (and the other systems mentioned) is not a plan.  While NIMS provides us with an operational model and some guidance, we need plans.

Emergency Operations Plans (EOPs) help us accomplish a coordination of systems for response, particularly when written to encompass all agencies and organizations, all hazards, and all capabilities.  Likewise, Hazard Mitigation Plans do the same for mitigation activities and priorities.  Many jurisdictions have smartly written disaster recovery plans to address matters post-response.  We also have training and exercise plans which help address some preparedness measures (although generally not well enough).  While each of these plans helps to coordinate a number of systems, themselves becoming systems of systems, we are still left with several plans which also need to be coordinated as we know from experience that the lines between these activities are, at best, grey and fuzzy (and not in the cuddly kitten kind of way).

The best approach to coordinating each of these plans is to create a higher level plan.  This would be a comprehensive emergency management plan (CEMP).  Those of you from New York State (and other areas) are familiar with this concept as it is required by law.  However, I’ve come to realize that how the law is often implemented simply doesn’t work. Most CEMPs I’ve seen try to create an operational plan (i.e. an EOP) within the CEMP, and do very little to actually address or coordinate other planning areas, such as the hazard mitigation plan, recovery plans, or preparedness plans.

To be successful, we MUST have each of those component plans in place to address the needs they set out to do so.  Otherwise, we simply don’t have plans that are implementation-ready at an operational level.  Still, there is a synchronicity that must be accomplished between these plans (for those of you who have experienced the awkward transition between response and recovery, you know why).  The CEMP should serve as an umbrella plan, identifying and coordinating the goals, capabilities, and resources of each of the component plans.  While a CEMP is generally not operational, it does help identify, mostly from a policy perspective, what planning components must come into play and when and how they interrelate to each other.  A CEMP should be the plan that all others are built from.

Presentation2

I’m curious about how many follow this model and the success (or difficulty) you have found with it.

As always, if you are looking for an experienced consulting firm to assist in preparing plans or any other preparedness activities, Emergency Preparedness Solutions is here to help!

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Emergency Management – Who Knows About Your Plans?

Tim Riecker, The Contrarian Emergency Manager 1 Comment

In emergency management and homeland security we put a lot of emphasis on planning.  Plans are important, afterall.  We need to take the time to identify what our likely hazards are and how we will address them.  But what happens when the plan is complete?  We congratulate members of the planning team and send them final copies.  Those copies get filed electronically or end up on a shelf, a trophy of our accomplishment and hard work.  Congratulations!

So… that’s it?  Is that all?

NO!  Of course not!  People need to be trained to the plan.  “Trained?” you ask.  Yes – trained.  Not just sent a copy and told to review it.  Let’s be honest, here.  Even assuming the highest degree of dedication and professionalism, many people simply won’t give it the time and attention it needs.  Very quickly the plan will get buried on their desks or the email will become one of dozens or hundreds in the inbox.  Even if they do give it a look through, most will only give a quick pass through the pages between meetings (or during a meeting!), not giving much attention to the details in the plan.

How effective do you expect people to be?

Sports analogy – when a coach creates new plays, do they simply give them to the players to become familiar with and expect proficiency?  No.  Of course not.  We’re all familiar with the classic, if not cliché, setting of the coach reviewing plays on a chalk board with the players in a locker room.  That’s training.  Then after that training, they go out in the field and practice the plays.

Back to our reality… The first real step of making people familiar with the plan is to review it with them.  This usually doesn’t need to be a sleep inducing line-for-line review of the plan (unless it is a detailed procedure), but a review of the concepts and key roles and responsibilities.  In fact, that’s who you invite to the training – those who are identified in the plan.  This is likely to include people in your own agency as well as people in other agencies (emergency management, after all, is a collaborative effort).  In states with strong county governments, we often see county-level emergency management offices creating plans that dictate or describe the activities of local governments and departments.  Most often, the local departments have no awareness of these plans, much less receive any training on them.  I’m guessing that plan won’t work.

Once you’ve trained these key stakeholders, be sure to conduct exercises on various aspects of the plan.  Exercises serve not only to validate plans, but to also help further familiarize stakeholders with the plan, their roles, and expectations of others.  When we plan, we tend to make many assumptions which exercises help to work through.  Through exercising we also identify other needs we may have.

Need help with planning? Training? Exercises?  EPS can do it!  Link below.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC 

 

People should not die in exercises!

Tim Riecker, The Contrarian Emergency Manager 1 Comment

The article by the Guardian describes a death and multiple injuries incurred by students at a Kenyan university by JUMPING FROM THE BUILDING when they thought they heard an active shooter.  That’s exactly what they heard – but it was an exercise.  And no one told them.  This flat out pisses me off.

CVDs36PXAAEnJr4

Photo from Twitter account of @jamessmart

Let me emphasize a bit here… THIS IS COMPLETELY UNACCEPTABLE.

When doing any kind of exercise in or near a public area you MUST have a media and public notification on your to-do list.  In fact, have it on your list multiple times.  Why?  Because people don’t always pay attention or remember.  Tell them a month before, then a week before, then two days before, the day before, and all day during the exercise.

Some people may think this is overkill, but people get scared when they hear gunshots, helicopters, and yelling; and even more so when they see people in hazmat suites and tactical gear.  When people get scared, they do things we may not expect – including endangering their own lives.  Be sure to detail in the media releases what people may see and hear, where it will be, and when it will be.  Give a phone number where they can call with questions.  Consider all your audiences and ensure they are being reached – don’t just rely on the media to do this for you.  Ensure that signage is out before and during the exercise identifying the area as an active exercise.  After the exercise, take advantage of the exposure to tell the public what you have learned.  Give them confidence in your capabilities and professionalism.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Wanna be a Facilitator? Toughen up!

Tim Riecker, The Contrarian Emergency Manager Leave a comment

I just read a great post by Robert Burton on LinkedIn titled 5 Common Tabletop Exercise Mistakes.  Robert gives a good review of the common issues that can doom a TTX from the beginning.  Go check it out!

My addition to his post reflected on the need for good and strong facilitation.  I figured it would be worthwhile to develop a separate post and expand on that a bit.  Facilitation itself is certainly an art – be it for a meeting, a workshop, or a tabletop exercise.  I would offer that while there are similar skills, abilities, and traits that will lend to success for all these applications, there are also some differences.  Facilitation for all applications requires that one speak up, follow an agenda, clearly communicate, and give everyone a chance to participate.  Charisma helps carry things along.  In some instances, you also need to be tough.  In a meeting, you have to be tough to enforce sticking to the agenda.  In a table top exercise, you need to be a little tough with the participants.

We’ve certainly all witnessed poor exercise facilitation.  They facilitator doesn’t follow the MSEL, tells their own stories, leads participants to answers, and puts up with softball answers that don’t tell much of anything.  Remember, the ultimate purpose of an exercise is to test plans.  Plans are executed by people.  We are testing the plans through these people.  If we aren’t getting good answers, we aren’t meeting our goal of testing the plans.

In one of the best table top exercises I ever witnessed, the facilitator provided injects, as expected, to a group of agency department heads.  The facilitator had a very distinct position in the agency, though… he was their new director.  He requested that we put together a TTX focusing on agency response plans.  When we asked who he wanted to facilitate, he said he would do it.  Now there are certainly pros and cons to this, but he was the boss, and the results were quite eye opening.

As follow ups to the injects, participants were asked questions such as ‘What is your role?’ ‘How would you respond to this?’ and ‘What would you do next?’.  This is how participants should be drawn out to obtain good information.  Additionally, facilitators should consider asking ‘Why’ when participants give certain responses.  (Check out my post Ask Why 5 Times – I explore the power of this question a bit more).  Do they think their response was a good idea or is it actually called for in a plan?  ‘Who’ is another good question.  It’s easy for participants to throw out generalities in response to questions (i.e. We would do x.).  Well WHO specifically would do it?  And WHY? And what if they weren’t around?  What does the plan say?

After getting a few answers he wasn’t very comfortable with, the new director then lobbed in a heck of a hand grenade – Show me.  This threw participants for a loop.  Now, I will grant you that this is rather unorthodox in a TTX, although not completely unheard of.  Given his position, no one was going to challenge him, though.  Out scampered one person.  A few more questions, then the phrase again – Show me.  Out scampered another person in search of another binder.  In the end, some had supported their claims, others did not.  These were great lessons learned.  We found holes in plans, necessary connections between plans, and a need to update plans and train people on those plans.

After this exercise, I learned lessons myself and approached facilitation of future exercises very differently.  I began asking more questions as follow ups to participants’ responses.  We dug deeper and found out more – so did the participants.  Sometimes they don’t like it, and sometimes you feel like you are being antagonistic.  Obviously you don’t want to create an unpleasant experience for anyone, but if they aren’t able to handle a few tough questions from an exercise facilitator, they certainly won’t like handling them from their boss, their bosses boss, or the media.

Bottom line, if you are going to facilitate an exercise, toughen up.  Ask follow up questions.  Get clarity on the answers and don’t let participants get away with easy answers.  If participants squirm a bit, that’s OK.

What are your exercise facilitation experiences?  Any best practices to add?

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

So Your AAR Says Bad Things… Now What?

Tim Riecker, The Contrarian Emergency Manager Leave a comment

There it is.  Your recently delivered after action report (AAR).  Uncomfortably sitting across the room from you.  You eye it like Tom Hanks looking at Wilson for the first time.

Wilson

Wilson!!!

You know what’s in it.  It says bad things.  Things you don’t like.  Things your boss really doesn’t like.  But what will you do?

First, let’s assume that, despite you being unhappy with the areas for improvement identified in the AAR, they are fair representations.  What will you do with the dreaded information now that you have it?  Your AAR may have come with a corrective action plan (CAP), but this is only guidance that still needs to be reviewed and acted upon.

First, each identified area for improvement should be prioritized.  After all, if everything is important, then nothing is important.  Even if the areas for improvement and/or corrective actions are already identified in the AAR (particularly if done by a third party or if the AAR is representative of a multi-agency exercise) you should review this prioritization with your own organization’s stakeholders.  This means pulling together a committee (sorry for cursing!) comprised of key areas within your organization.  This may even mean people from areas that may not have participated, such as information technology, as I’m betting there was something in the exercise about computer systems, programs, internet connection, data access, data continuity, etc.  Don’t forget the finance people, either… some fixes aren’t cheap!

Once everyone has had an opportunity to review the AAR, each identified area for improvement should prioritized, at least to the degrees of high, medium, and low; with a secondary filtering of short-term vs long-term projects.  While some may be relatively quick fixes, others can take months, if not years, to accomplish.  Activities should also be identified that are dependent upon others which may need to be completed first (i.e. a procedure needs to be written before it can be trained on).

That’s probably enough for one meeting.  But the people you gathered aren’t cut loose yet… in fact they are pretty much locked in, so you need to be sure that the people you bring together for this corrective action group have the knowledge, ability, and authority to commit resources within their respective areas of responsibility.  Now that activities have been prioritized, it’s time to assign them… this is why involvement of your boss (if you aren’t the boss) is so important.

Some individuals within your organization will be able to act on their own to make the corrective actions that are needed – while others will need to work together to make these happen.  Consider that there may be more activities than just those identified in the AAR.  For example, the AAR may identify a need for a resource management plan.  That’s good, but we all know you can’t just build a plan and expect it to be ready for action.

For those who are regular readers of my blog, you know I’m a big fan of the POETE elements.  (More on POETE here).  What is POETE?  POETE is an acronym that stands for:

  • Planning
  • Organizing
  • Equipping
  • Training
  • Exercising

What is the value of POETE and what does it all mean?  POETE is a great reminder of the key activities we need to do to enhance our preparedness.  Given that, when we look at an identified need for improvement, we need to consider how to properly address it.  So start at the top:

  • What plans, policies, and procedures are needed to implement and support this corrective action?
  • What organizational impact will occur? Do we need to change our organization in any way?  Do we need to form any special teams or committees to best implement this corrective action?
  • What equipment or systems are needed to support the corrective action?
  • What do people need to be trained in to support the corrective action? Do we need to train them in the plan, about a new policy or procedure?  Do they need training on organizational changes?  How about training in the use of equipment or systems?
  • Lastly, once you’ve made a corrective action, it’s a good idea to test it. Exercises are the best way to accomplish this.

There are obviously other considerations depending on the specific corrective actions and the circumstances of your organization.  Funding is often times one of the most significant.  If you need to obtain funding to make corrective actions, the AAR is one of the best documented investment justifications you can get.

From a project management perspective, the committee should regularly reconvene as a matter of checking in to see how the corrective actions are going.  On a continuing basis, the progress of corrections should be tracked (spreadsheets are great for this), along with who has been tasked with addressing it, timelines for completion, related finances, progress notes, etc.  Otherwise, in our otherwise busy days, these things get lost in the shuffle.

From a program management perspective, this is a process that should be engrained culturally into your organization.  Ideally, one person should be responsible in your organization for coordinating and tracking this corrective action process.  As additional exercises are conducted and actual incidents and events occur, corrective actions from these will be brought into the mix.  It is all too often that organizations complain of seeing the same remarks on every AAR or from experiencing the same issues for every response.  BREAK THE CYCLE!  Establishing a corrective action program for your organization will go a long way toward making these chronic issues go away.

By the way, the same concept can be applied to multi-organizational/agency efforts at any level – local, county, state, federal, regional, etc.  Since we respond jointly, there are great benefits to joint preparedness efforts.  We will likely find that even that we have our own house in order, working with someone else is a very different experience and will require a whole new list of corrective actions as we identify areas for improvement.  This process works great with multi-agency committees.

The bottom line – the biggest reason why we exercise is to test our capabilities.  When we test them, we find faults.  Those faults need to be corrected.  Capitalize on the investment you made in your exercise effort to address those identified deficiencies and improve your capabilities.

What ideas do you have for addressing corrective actions?

Need help with preparedness activities?  Be Proactive and Be Prepared™ – Reach out to Emergency Preparedness Solutions!  We’re always happy to help.

Thanks for reading!

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Gauging Return on Investment in Preparedness: Exercises

Tim Riecker, The Contrarian Emergency Manager 1 Comment

In this last article of the Return on Investment series, I’ll be discussing the investments and benefits of preparedness exercises to help organizations determine their return on investment – or ROI.  The series has followed the model of the five POETE elements (Planning, Organizing, Equipping, Training, Exercising).  The inspiration for the series was a piece I wrote called Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports.  If you haven’t had the opportunity to review the earlier articles in the series, they are linked below:

Planning

Organizing

Equipping

Training

We conduct preparedness exercises for two main reasons: 1) to test plans and procedures, and 2) to provide people with an opportunity to practice their roles and responsibilities.  Exercises can be stand-alone activities or integrated into training and education through scenario-based learning. In the US we use the Homeland Security Exercise and Evaluation Program (HSEEP) as our model for both the macro and micro levels of exercise management.  If you are interested in an in-depth look on HSEEP and its components, you can check out an earlier series I did called Managing an Exercise Program.

As with most major activities we do, exercise-related tasks can be divided out into program management (the macro level) and project management (the micro level).  Since we usually examine ROI for individual activities, we will focus on the micro level of exercises, that is the project management piece, or individual exercises, to identify specific costs (investments) and benefits.

Conducting an exercise takes a fair amount of preparation.  The more complex the exercise, the greater period of time it should take to prepare.  Complexity of an exercise is measured by a few different factors – the number of participants involved, the span of time for the exercise, the complexity of the tasks/plans being exercised, and the number of locations being exercised.  Most of us who have been involved in emergency management and homeland security for a while have seen the full gamut of exercises – from discussion-based exercises like table top exercises, workshops, and seminars; to operations-based exercises like drills, functional, and full-scale exercises.  Often we view functional and full scale exercises as being the most complex, however I’ve been involved in table top exercises and workshops which have involved significant efforts.

Up front, the most significant investment any organization can make in an exercise is personnel time.  All exercise efforts will have a lead planner, and most will be supported by a planning team.  If the exercise involves only one organization, that planning team will typically involve only internal people, while multi-organizational exercises should involve some measure of representation from every organization, either directly or indirectly.  Planning an exercise requires a great attention to detail, drafting and editing of documents, and arranging of logistical matters.  Experience helps, so those who do this less often will typically require more time to do it.  This is why many organizations hire consultants (like me!) to help them with exercises.

During the planning phase for the exercise, you may have some associated costs, such as meeting space, food, and travel for planning meetings.  You may also have these costs for the exercise itself which should be identified during the planning phase.  It is also important to identify any costs associated with audio-visual equipment, communications equipment (including internet connectivity), and even things as simple as name badges and signage.

For the exercise itself, personnel costs are still significant.  You must not only consider the time of all participants (as well as potential travel costs), but also the time of your exercise management staff – an exercise director, controllers, evaluators, and possibly staff for a simulation cell.  Again, experience helps to support a successful exercise, so if you don’t have the depth of experience in your organization, consider hiring consultants for the conduct and evaluation of the exercise as well.  Either way, exercises can be significant investments.

Once the exercise is complete, the activity isn’t over – and neither are the costs.  The evaluation team needs to draft the after action report (AAR), and conduct an AAR meeting with the planning team and principal participants to ensure that everything was captured accurately.  Once the AAR is finalized, action items identified in the AAR are assigned to responsible parties to address improvements.  These improvements are generally not considered part of the cost of the exercise itself, but rather part of your general preparedness costs (these will all fall within the POETE elements).

While exercises come at no insignificant cost, the benefits are tremendous – if the exercise is done properly.  A well designed, conducted, and evaluated exercise provides better outcomes and benefits.  The AAR should reflect not only best practices that should be continued, but also areas for improvement which should be addressed to enhance preparedness.  Any of these, as mentioned in the last paragraph, can fall within the five POETE elements – Planning, Organizing, Equipping, Training, and Exercising.  While each of these certainly have costs associated with them, the benefit from the exercise was identification and documentation of need.  Perhaps you are exercising a new active shooter response plan and through the exercise realize that a certain procedure was based on poor assumptions – if this plan was put in place without being exercised, the outcomes in a real life event could have been catastrophic.  It’s better to identify these issues through an exercise so they can be addressed with much less cost.

As I mentioned earlier, another reason to exercise is to provide participants with an opportunity to practice plans, procedures, or skills in a safe and structured environment.  While there is a great deal of routine to what we do in emergency management, homeland security, and public safety, there are certainly activities that we don’t do very often, resulting in degradation of skill over time.  Many of these activities, though, are absolutely critical when needed, which means that we must give practitioners ample opportunity to practice and apply what they have learned through training.  The benefits of this, depending on the activity, can include increased efficiency (time), reductions in injury and loss of life, and proper use of equipment and protocols.  Additionally, there are benefits to getting people to work together in these activities, especially for those who don’t usually work together.  Emergency management, after all, is about collaboration.

Because of the wide range of things we exercise, it’s up to you to examine what your investments and benefits might be.  At EPS, we can help you with designing, conducting, and evaluating exercises; identifying potential costs and benefits of an exercise; and other preparedness activities.  We’re happy to help!

Feedback from this return on investment series of posts has been very positive, which I greatly appreciate.  We also got some good dialogue across all mediums including the blog home page (www.triecker.wordpress.com) and various LinkedIn discussion groups – some of which provided some excellent additional ideas on how to better capture information on investments and benefits.  The challenge remains to not only identify these, but to convert them into meaningful information for decision makers, which usually involves currency values.  Thank you, as always, for your time and attention.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Gauging Return on Investment in Preparedness: Planning

Tim Riecker, The Contrarian Emergency Manager 5 Comments

Inspired a bit by my previous post Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports, I’ve decided upon writing a series of posts picking apart our primary activities in emergency management and homeland security preparedness to identify ways to gauge our Return on Investment (ROI).  To encapsulate our primary activities, I’m using the five POETE capability elements:

  • Planning
  • Organizing
  • Equipping
  • Training
  • Exercises

Most preparedness activities within emergency management and homeland security fall within one or more of the POETE capability elements.  The capability element of Planning is the foundational activity on which all preparedness is built and will be the topic of this post.  Here’s what I’m covering:

  • What is Return on Investment?
  • What planning efforts are involved in preparedness?
  • What organizational investments are involved in Planning?
  • Does the planning effort comply with applicable standards?
  • Can the plan be implemented?
  • What will exercises tell you?
  • Is there a need to maintain plans?

Return on Investment, or ROI, is a business term used to identify the profitability of certain investments or actions.  While preparedness is certainly done to protect against losses, for public and private sector alike, we generally don’t see preparedness activities as generating revenue.  However, when most entities INVEST time, money, and other resources into preparedness activities, they often want a reasonable assurance that their investment has paid off.  How do we gauge ROI for planning efforts?

First off, what planning efforts might we see in public or private organizations?  Obviously emergency and disaster plans are the big ones.  These plans are designed to identify key processes, such as alert and notification, response organization and incident management, and others which are intended to save lives and protect property.  These plans are likely to have annexes and appendices which address uniqueness of certain hazards, response circumstances, and support activities.  Continuity plans – usually business continuity or government continuity – identify how the organization will survive as an entity in the face of disaster.  Planning activities also involve the creation, review, and maintenance of policies and procedures.  We also create plans for hazard mitigation, long term recovery, specific events, and other needs.

What investments are involved in planning activities?  Organizations can and should allocate staff time and physical space and infrastructure to planning efforts.  The dedication of staff (full or part time) and/or consultants is often required, especially when planning efforts are viewed as a continual process and a critical part of preparedness.  The organization itself must make a commitment to the planning effort.  This commitment isn’t just in concept, but also practical involvement of staff throughout the organization, access to information, and even an involvement of third parties.

Certainly a first step in assessing return on investment of planning is to evaluate compliance with applicable rules, regulations, and guidelines.  These requirements can be hard (legally binding) or soft (general guidance) and can differ from industry to industry, nation to nation, and state to state.  Here in the US, FEMA provides guidance on emergency planning through Comprehensive Preparedness Guide (CPG) 101.  Some states may have requirements for emergency planning, such as New York State’s Executive Law Article 2-bNFPA 1600: The Standard on Disaster/Emergency Management and Business Continuity Programs is often referenced by public and private entities alike, while the International Standards Organization (ISO), has many industry-specific requirements for emergency planning.  If grant funding is being used for the planning effort, the grant may also have specific requirements.  Regardless of what the requirements are, planning efforts, plans, and associated documents should be audited to ensure that requirements are met.

Compliance, however, isn’t necessarily indicative of a good planning effort.  I’ve seen many plans which may meet requirements but the content itself was severely lacking.  Far too often planners get caught up in the world of checking boxes and fail to consider implementation.  If a plan cannot be implemented, it is useless to the organization.  Many plans exist now that meet applicable requirements but are still yet vacant of any meaningful direction or guidance in the event of an emergency.  These types of ‘plans’ are really better seen as policy documents.  A plan should identify what will be done, when, how, and by who.  If your ‘plan’ simply contains a statement on the requirement to use NIMS/ICS, but doesn’t provide detail on who will be in charge of what, when, and how; it is a policy document, not a plan.  Plans and their associated documents (i.e. procedures, guidelines, and job aids) need to chase down the lifespan of each critical step, especially early in a response.  They must identify who is responsible to make key decisions, who will be notified (how and by who), and who will take what actions.  A logical review of planning documents by the planning committee or perhaps even a third party is another good means of assessing your return on investment.

Does the plan work?  This is, perhaps, the ultimate factor in determining return on investment.  Usually our best means for identifying if a plan works is to exercise it.  Exercises provide a controlled and focused environment for testing plans or components of plans.  They will also help us in identifying if the plan can truly be implemented.  I’ve written a lot on exercises: articles can be found here.  (I also anticipate writing about assessing ROI for exercises as part of this series).  Generally, an incremental exercise program is usually recommended, beginning with discussion-based exercises – such as table tops and workshops – and progressing to operations-based (hands on) exercises.  A well written and honestly evaluated exercise will go a long way toward identifying the return on investment of your planning efforts.

Are we there yet?  Nope.  Planning, like all other preparedness efforts, requires maintenance.  If you create a plan then walk away, even if it’s a good plan, your plan’s value will diminish over time – and we’re talking months, not decades.  Think about how often something changes in your organization.  Staffing.  Equipment.  Technology.  Procedures.  Insurance policies.  All of these things, and more, influence your plans in some way.  Over time these changes not only occur, but also compound and move the present reality of your organization further from the assumptions of your planning efforts.  This is why plans must be maintained and updated on a regular basis.

Is there some mathematical formula for identifying the return on investment of preparedness efforts?  Given all the factors involved and their fluidity, I don’t think so.  It’s not cut and dry like a traditional business investment.  As you can see, though, there are a number of steps we can take to assess the utility of our investment.  I’ve seen organizations pay a lot for bad plans, and others pay much less for great plans.  Not only do organizations need to ensure that their planners know what they are doing, but the organization itself needs to have a commitment to success.  Without it, the planning effort is doomed to fail.

As always, feedback is appreciated.  What are your thoughts on assessing the return on investment of planning efforts?  What do you think is a good measure?

Does your organization need a new plan or need to update a plan?  Do you need help with the planning process or evaluating your organization’s preparedness?  How about exercises?  Emergency Preparedness Solutions can help!  Email to consultants@epsllc.biz or visit www.epsllc.biz.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

WWW.EPSLLC.BIZ