2021: looking ahead with the benefit of hindsight

Whether your business thrived or barely survived 2020 there is, believe it or not, reason to celebrate!  2020 was BIG and you made it through what has been the most universally disruptive year.  Some businesses did not.  As the new year begins, we encourage you to pause to reflect on your achievements and the challenges you faced and plan for how you will build on this to make your business even stronger in 2021.

Check the rear-view mirror before focusing on the road ahead as you continue your journey.

The beginning of 2021 brings sustained pressure for businesses to adapt to the ongoing COVID-19 emergency and the ever-growing impacts of climate change. 

In the first few days of 2021 in Australia, we have seen:

·        continued unemployment and economic uncertainty

·        the emergence of new COVID clusters in NSW and Victoria

·        a more contagious “UK variant” of COVID-19 in returned travellers

·        a cyclone in North Queensland

·        flooding across parts of Queensland and NSW

·        bushfires in Western Australia

·        export market uncertainty for some industries

Any one of these incidents could cause a business to fail.  But NONE of these incidents are occurring in isolation.  Can your business withstand concurrent emergencies?

The advantage that all business has right now is the luxury of hindsight to guide us

Be realistic about the toll that changed work methods have on your people and their outputs. Have you considered the backlog of non-critical or less urgent work you may have created when implementing alternate work strategies? How much longer can you sustain alternate work strategies? Are there any potential crises hidden in that backlog or decisions you’ve made in 2020?

The phrase “we got through COVID; we can get through anything” is wonderfully positive, yet potentially short sighted.  Did you get through 2020 by luck and unsustainable work effort, by careful planning and execution, with skilled staff and effective decision making, or a bit of everything?

Are you controlling for bias?  The Illusion of Control is the tendency to overestimate one's degree of influence over external events.  When we overestimate our control strategies, we are assuming our response will fix the crisis.  Getting through 2019/2020 did not fix the external crisis, nor will changing the number from 2020 to 2021.

A clear-headed, independent review of your organisation’s response will help identify what might be sustained, improved or fixed. We recommend considering:

·        Organisational response to the disruption experienced in 2019 /2020

·        Management structures and how they coped

·        Effectiveness of plans and policy (business continuity, crisis management, COVID-safe)

·        Health and safety with particular emphasis on staff welfare and fatigue management

·        Supply chain resilience

·        Customer satisfaction levels

·        Revenue and cost impact

·        Robustness of your recovery plan

·        Readiness for emerging risks

·        Capacity to clear any backlogs or further transform

Tigertail can help you undertake an independent review, validate recovery strategies, supplement capacity shortages and train your team to maintain capability and preparedness levels.  Take the most effective step toward recovery today by contacting us.

rear view mirror.jpg

2021, are we there yet?

2020…it’s not over yet…

  • Be ready

  • Think about what might happen

  • Practise responding

  • Involve your team

  • Nurture your networks

What if 2020 was just a warm-up?

 2020 taught us:

  • Unprecedented often means unplanned…

    • Expect the unexpected

    • Preparedness is key

  • Fatigue management is crucial

  • To look after others, you must look after yourself

    • ‘Fit your own oxygen mask first’

  • Know your emergency plan

    • ‘Practise your lifeboat drill’

  • Your friends and network are invaluable investments

    • Look after each other

    • There’s plenty of help available if you ask for it. And it’s okay to ask.

    • Connect with your community

  • Flexibility and adaptability are vital

  • Isolation isn’t necessarily a bad thing

  • Other ‘stuff’ will keep biting you on the bum

  • This too will pass…

Tell us what 2020 taught you…

ARE WE THERE YET.jpg

"Good. Now do it again faster"

I wish I had a dollar for every time I heard that during my military service.

We practised…and practised….and practised. When we thought it was over, we’d practise some more. Then we would go into the field and put that practise to good use. We practised in an offensive context and a defensive context. We practised day and night, wet and dry, hot and cold, rested and tired, well-resourced and under-resourced, with good and not so good situational awareness, with and without a clear end in sight.

Why? First, to build muscle memory on critical processes so that you can perform them flawlessly when under extreme pressure. Second, to use those skills in the right context and in as many different situations as possible. Third, to become comfortable with discomfort and ambiguity.

A friend once observed:

The amateurs practise until they get it right.

The professionals practise so that they get it right no matter the situation or how bad or stressful is that situation.

Two ‘old soldiers’ reminiscing? Partially correct - we are old soldiers. We were actually talking about the linkages between crisis management and innovation.

I would argue that crisis management is usually reactive, and that innovation is proactive. Both consider disruption to the status quo. Both require a structured approach to assessment, decision making and action. Action also includes risk management and communication.

We have noted that during 2020 many of our clients have managed crises and/or innovated. For some that was concurrent activity. As our clients are emerging from their COVID-19 response we’ve heard variations on three themes:

  1. We’ve survived. We have done an amazing job and are now expert crisis managers. We don’t need to train any more.

  2. We are tired. The team has been working hard and need a break. Call us next year.

  3. We survived. We are leaner. We are putting our budgets together and will call you if we think we can afford training on crisis or risk management.

  4. A combination of statements 1, 2 and 3.

Heading toward 2021, how have you prepared?

Whether preparing for your next crisis, re-evaluating your risks, or preparing to innovate, talk to us. The skills we help you enhance are as useful in day-to-day operations as during a crisis.

Tigertail Australia has the background and experience to equip your organisation with skills to manage risk, crisis, and emergencies confidently and effectively. In addition to considerable business and government management experiences, the Tigertail team are proven crisis and emergency management leaders, business continuity specialists, risk management advisors, planners, and trainers with more than 150 years of combined experience, covering prevention and preparedness to response and recovery.

 Author: Craig Moroz, Senior Associate, Tigertail Australia

W: www.tigertail.com.au  T: +61 (0)408 481 931 E: answers@tigertail.com.au

TIGERTAIL AUSTRALIA: CONFIDENCE / CLARITY / CONTINUITY

Are we ready.jpg

“….we fall to the level of our training”

The full quote, attributed to Greek philosopher Archilochus, is “We don't rise to the level of our expectations; we fall to the level of our training”.

Once upon a time an executive team might have days, possibly weeks, to ponder a problem and develop a response. In the 21st century they have minutes to identify the problem, push out a holding statement and start responding. They need to provide updates to staff, customers, shareholders, markets, and regulators who demand that action is decisive, swift, and precise. Expectations are high.

Being decisive, fast and precise under pressure comes from practice. We fall to the level of our training.

What is the delta between the expectation and the proven level of training in your organisation? Here’s a clue: if you hear people say “In the real crisis our start is always a bit disorganised, but we do scramble well” it is possible that confidence exceeds capability.

A useful model for developing your organisation’s capabilities is Plan/Prepare/Respond/Recover.

Let’s look at planning and preparation.

You’re an experienced risk manager who’s analysed your organisation’s risks. Controls have been established to reduce the likelihood and/or consequence of a realised risk to as low as reasonably practicable – but not zero.

What happens when the risk is realised? Now what?

A response is required. The plan you developed will help.

Or will it?

How do you know it will work? Did the assumptions you made in planning hold true? Will the resources you planned for be available? If you are not there, will anyone know what to do?

The critical bridge between “Plan” and “Respond” is “Prepare”. Preparation is the glue that holds the plan, and the people using it, together.

Deloitte published a useful paper in 2018 titled Stronger, Fitter, Better: Crisis Management for the resilient enterprise.  

Perhaps the most pertinent observation is that while executive teams reported confidence in their ability to respond, the rate of exercising to confirm that preparedness was low. Interestingly, the most obvious risks with the most obvious solutions were the ones people practised.

For example:

1.      IT System failure: 90% of respondents confident in their response and 50% had undertaken simulations

2.      Cyber-attack: 89% of respondents confident and 53% had undertaken simulation

In comparison, 88% of respondents stated they were confident to handle a corporate scandal. But only 17% of respondents had conducted an exercise using such a scenario. Similarly, the results for regulatory/policy change were 89% confidence but only 25% had practised managing such a crisis.

Deloitte posit that confidence outstrips preparedness. We agree.

Is your organisation practising the easy stuff, like problems where there’s an obvious, technical solution? Compare your organisation’s risk profile to its recent crisis exercises. Are your exercises related to the risk register?

The Deloitte study suggests that executives are more comfortable participating in an IT Disaster Recovery-related crisis or a cyber-breach response. Why are they less comfortable to participate in a corporate scandal scenario?

Perhaps they think such a crisis is a Black Swan. Some of our clients have said their executive is uncomfortable or believes it’s too difficult to deliver these scenarios in an exercise.

To the first point: Yes. It is (and should be) uncomfortable. If it is on your organisation’s risk profile it is something of concern. Would your CEO and Executive Team prefer to be uncomfortable in an exercise or under-prepared for reality?

With respect to being difficult to deliver, that is why you use an external provider like Tigertail. Designing plausible and realistic exercises requires special skill and experience. In our collaboration with you we develop:

  • opportunities for your crisis management team to practise using procedures and tools in the context of a complex problem

  • a safe environment to practise using procedures and tools

  • a collaborative environment for your executive and subject matter experts to test assumptions, recognise and manage biases

  • an exercise that is as controlled or dynamic as you choose

  • assessment criteria to inform an exercise report and assure the Risk and Audit Committee

Well-developed and run exercises validate your plans, reinforce good practice, refresh memories and rehearse responses. Your people, and your bottom line, will benefit.

Tigertail Australia has the background and experience to equip your organisation with skills to manage risk, crisis, and emergencies confidently and effectively. The Tigertail team includes crisis and emergency management leaders, business continuity specialists, risk management advisors, planners, and trainers with more than 150 years of combined experience, covering prevention and preparedness to response and recovery.

Author: Craig Moroz

W: www.tigertail.com.au T: +61 2 8907 1900 E: craig.moroz@tigertail.com.au

TIGERTAIL AUSTRALIA: CONFIDENCE / CLARITY / CONTINUITY

SA Water Executive Team Crisis Management Training and Exercise

SA Water Executive Team Crisis Management Training and Exercise

Supply Chain Resilience – how deep do you go?

Even before COVID-19 focused your attention on your supply chain, you considered how disruptions of a supplier may have caused a disruption to you. This is basic risk management.

Of course, you have had robust conversations with your primary suppliers and there is a clause in each contract to assure the continuity of service to you. Perhaps you have even undertaken joint planning and testing to validate those arrangements. After all, that supplier is critical to ensure your customers’ service expectations are met.

Today you may be thinking about adjusting your “Just In Time” approach to increase the volume of inventory you hold. Perhaps you have even considered moving to a “Just In Case” approach to stock. What is the right answer?

There are a number of factors that influence the answer.

Consider this simple case study:

Reach into your pocket or wallet and pull out a credit card. That 85mm long, 53mm wide and 1mm thick piece of plastic we tap, swipe and dip onto various devices to pay for our many and varied purchases.

Let us assume your card provider (I will say ‘bank’ for clarity) offers a digitally-enabled self-service function on its app. You log onto the app, click on ‘Request replacement card’ and receive a ‘Request confirmed – your card should arrive in the mail in 5-7 working days’ message. In 5-7 days the card arrives in your mail box.  Simple.

Have you ever thought about what goes into the ‘magic’ between the digital acknowledgement of your card replacement request and the arrival of your shiny new piece of plastic? Neither had I until I was responsible for delivery of over 1 million cards annually to a major Australian bank’s customers. At that time they had over 300 distinct card designs?

Obviously to get the request from your device through your bank’s app there are several technology interfaces. Then the request goes into the core system and the credit card specific system. Your bank then batches a daily (perhaps even multiple daily) output file to send to their card fulfillment provider.

Already we have a network of suppliers. Let’s ignore the technology hardware and software providers for the moment and focus on the supplier who will emboss the card, activate the EMV chip, attach it to a letter, fold the letter, insert the letter into an envelope and lodge that envelope in the mail. Apologies….I’m getting ahead of myself but please remember that detail.

The card fulfillment provider probably should be a Tier 1 supplier. After all, if that supplier is disrupted, some customers of the bank will soon be affected by a disruption to the card fulfillment provider.

Let us consider the card and its manufacture process. What are the components and from where are they sourced? First let me give you a simplified and basic view of the card manufacturing process.

Think of the card as a plastic and ink sandwich. The card front (obverse) and card back (reverse) of the card are printed on the base plastic stock using, depending on the design, a 4 colour, CMYK offset press for basic colours and/or screen press for metallics. Once printed, the ‘sandwich’, comprising obverse clear laminate, card observe, card reverse, magnetic stripe, and reverse clear laminate, is placed into a laminating machine where heat and pressure create the blank. 40-60 blanks are generally present on a sheet and then punched out of that sheet using a punch and die machine.

Once punched out, the individual cards are fitted with the signature panel and security hologram. After a quality check, the cards are fitted with their smart chip. Each card is milled out and the EMV chip glued in place.

Completed blank cards are then gathered and ready to be provided as a completed order to the Tier 1 supplier.

Questions:

  1. Does the card fulfillment provider also manufacture the blank stock? If not, then the card manufacturer is a supplier to the card fulfillment provider and, consequently, a Tier 2 supplier to the bank.

  2. What are “Just In Time” stock alert levels agreed between the bank and the card fulfillment provider?

  3. Is the card manufacturer located in the same country as the card fulfillment provider?

Consider the card manufacturer’s suppliers.

Card order table - supply chain.jpg

The items marked with an asterisk (*) are controlled items. Prior to placing an order, the manufacturer must obtain permission from the relevant card scheme. 

So, the suppliers to your Tier 2 supplier are Tier 3. What is not considered here is the plant, equipment, and people the card manufacturer relies upon in their production facility.

What is the most critical component? Dare we suggest that all components are important?  The question for the bank is how deeply and diligently their Tier 1 suppliers collaborate to assess the resilience of the Tier 2 and Tier 3 supplies. Looking at this example, the EMV chip is the component with the greatest lead time from, potentially, a single provider. I would recommend that the bank deliberately considers potential disruptors to that EMV chip provider. In this example a prudent risk manager in the bank might maintain and regularly update their situational awareness regarding chip supply and actively seek early warning of potential disruption.

Earlier in this article I asked you to remember some of the steps involved in making the magic happen. While I concentrated predominantly on the manufacture of blank card stock, the envelope you receive containing your shiny new card is a fulfilment pack. All of the components of that pack including card, letter, mandatory compliance brochures, activation sticker and envelope all had to be sourced from different suppliers. Before Australia Post could deposit your pack in your mailbox, someone had to collect your completed card and transport it to a mail sorting centre for lodgement.

And, again, I have not touched on the various technology employed to move, treat, and manage the data necessary to manage your transaction. The same principles apply to determine which tier of supplier requires diligent examination and assurance.

What you might consider doing is:

  • Examine your supply chain from your customer all the way back to raw material

  • Deliberately assess the components of your product and potential disruptions to suppliers of those components

  • Decide where you will apply enhanced diligence to gain assurance that your supply chain is resistant to disruption

  • Actively test that your supply chain can withstand disruption

Perhaps in reading this you thought “too easy – make the decision have at least one year of stock of blank cards at the Tier 1 card fulfillment provider.”

Of course, you can do that if you have the desire and budget, and your Tier 1 has the storage capacity.

However, what happens if a catastrophic event occurs at that facility and that bulk stock is either destroyed or unsalvageable? What if the Tier 1 ceases operations and you find that your step-in rights and/or right of entry contract clauses are unenforceable?

Sound like something you need to work on?  Tigertail has a team of experts that can work with you to identify and manage sources of disruption.

Protecting your people, operations, assets, and reputation is paramount in a crisis or emergency. With more than 150 years of combined experience we cover everything – from prevention and preparedness to response and recovery. The Tigertail team includes Crisis and Emergency Management Leaders, Business Continuity Specialists, Risk Management Advisors, Planners, and Trainers to equip your organisation with the skills to confidently and effectively manage risk, crisis, and emergencies.

Author: Craig Moroz

W: www.tigertail.com.au   T: +61 2 8097 1900 E: craig.moroz@tigertail.com.au

TIGERTAIL AUSTRALIA: CONFIDENCE / CLARITY / CONTINUITY

Is TOM Hiding in Your Workplace?

When you boil it down, every business is about people. Your staff and customers, board, executive and decision makers are people. The controls you employ in your risk management practices consider the fallibility of many things including people.

TOM is not a person. TOM is an equation:

TEMPTATION + OPPORTUNITY = MALPRACTICE

While you attempt to reduce opportunity, the reality is that you can never completely predict or understand each individual’s motivators. What you can do is ensure that opportunity is reduced to be as low as reasonably practicable. If a person is tempted, the lack of opportunity disrupts the equation.

While the term ‘malpractice’ includes theft, you are encouraged to think more broadly. Malpractice also includes failure to conform with company values or comply with legislation, regulation, and policies.

Please consider the following question:

“In responding to COVID-19, have I assumed that the controls used in a physical workplace will be effective in the virtual workplace?”

Let’s begin with TEMPTATION:

What can you reasonably know about your team? How aware are you of their personal circumstances? What may have changed? How are they feeling?

Link this to what is happening in your organisation. What do your employees/team members perceive is happening or may happen? Are you adding to or subtracting from their fears and uncertainty?

Now consider OPPORTUNITY:

Think about how you stayed aware of how your employees/team behaved and operated before COVID-19 changed the work environment. In addition to spot checks and audits you could be aware of the ‘vibe’ in your workplace. What you may have taken in subliminally might have indicated something could be awry. Indicators may have included:

- Changes in employee behaviours

- Change in the workplace’s ‘vibe’

- Increased complaints/missed service levels

- A change in the tone and topic of office gossip

Any of these may have indicated that your controls were not operating effectively.

One or more people may have found opportunities to bypass controls. A person deliberately taking an opportunity to bypass a control rarely does so overtly. If we accept that such behaviour existed pre-COVID, then it is plausible that the remote work environment has enabled deviation from correct, conforming, and compliant practice - to be more covert.

Some deviation may be explained by the employee/team member – for example:

“My kids were home from day care and school and driving me nuts. We are all under pressure to get [X] done and I didn’t want to let anyone down. So, I made shortcuts that I thought would be OK. I know I should have asked but I was embarrassed.”

Some deviations have consequences for the employee – for example:

“Last year I stated in the Work from Home workstation set-up that I had an ergonomic desk and chair – that was false.  I thought it was just an administrative form and I never expected to be working from home five days a week rather than one day per fortnight. I never expected that I would have experienced a soft tissue injury because of this set up.”

Then there are situations which have always required detailed investigation:

Despite supervision, checking and segregation of duties in the workplace there are many examples of the trusted employee failing to do the right thing pre-COVID. In some cases, those trusted employees have faced criminal charges.

Any of the above may contribute to a problem that derails your current forward momentum.

Back to our initial question:

“In responding to COVID-19, have I assumed that the controls used in a physical workplace will be effective in the virtual workplace?”

A different way to frame that question is:

“In testing my organisation’s controls in the virtual workplace, how have I maintained or reduced ‘opportunity’ to be as low as reasonably practicable?”

To survive, your organisation has compressed years of change into a few months. Consider how your people – staff, leaders, decision makers, customers, and shareholders – have also needed to adapt.

By being aware of TOM - you can better identify how to sustain, improve, or fix your controls for the current environment.

Protecting your people, operations, assets, and reputation is paramount in a crisis or emergency. Tigertail Australia has the background and experience to equip your organisation with the skills to confidently and effectively manage risk, crisis, and emergencies. The Tigertail team has more than 150 years of combined experience. We cover everything, from prevention and preparedness to response and recovery. The team includes Crisis and Emergency Management Leaders, Business Continuity Specialists, Risk Management Advisors, Planners, and Trainers.

Author: Craig Moroz, Senior Associate, Tigertail Australia

W: www.tigertail.com.au   T: +61 (0)408 481 931 E: answers@tigertail.com.au

TOM.jpg.png

Pandemic Preparedness: Black and Grey Swans

The COVID-19 pandemic is unprecedented. This global crisis was completely unforeseen. It is a true Black Swan event. We could not have prepared for this crisis.”

While we put quotation marks around the remarks above - they are not attributable to a single person. Rather, they are a collection of sentiments heard in the media, online and in the streets.

We will firstly debunk the remarks, secondly provide an example of how a company with imagination and foresight actually, considered such a crisis in October 2019, and finally - ask you to consider an important question.

Unprecedented:

Although the impact of Covid-19 is unprecedented in our time, the fact that this pandemic has occurred should not be an unexpected shock unless we ignore hundreds of years of records of diseases such as the  Bubonic Plague, Polio, Smallpox, HIV/AIDS, and Influenza. Ironically, some commentators refer to the occurrence of this most recent pandemic (COVID-19/SARS-nCoV-2/HCoV-19) as ‘unprecedented’ while at the same time comparing it to the 1918 influenza pandemic. Pandemics have occurred before, so as such, are not unprecedented.

Unforeseen:

Even with respect only to epidemiology; we can consider the point above and recall quite recent responses to Bovine spongiform encephalopathy (aka ‘Mad Cow Disease), the 2002-2004 SARS-nCoV-1 (or SARS) epidemic and 2009-2010 Pandemic H1N1/09 Influenza (aka “Swine Flu”), and the ongoing concerns of H5N1 Avian Influenza, MERS-CoV.

Perhaps those quoted as referring to this pandemic as being unprecedented refer to the economic and societal effects of this pandemic, its’ global reach as well as to the tragic death figures

In anticipation of a future pandemic, Australia and New Zealand’s governments had a pandemic plan which included a whole of government response. New Zealand’s plan also considered industry participation and described work streams including health, economics, food, and transport. No doubt the government will review and update their plan as they consider the effectiveness of it in response to the current situation.

Black Swan:

By definition, a so-called ‘Black Swan’ event is one that is completely unexpected and unforeseen.

Some in emergency, crisis and business continuity management fields have started using the term ‘Grey Swan’. The motivations and expected benefits behind the creation of such a descriptor are not known. Given human history and the prevalence of disease, a global pandemic is likely to occur relatively frequently.

How can this COVID-19 pandemic be correctly considered to be a true ‘Black Swan’ event when many Governments, including Australia’s, have been undertaking some planning and creating regulations at least since the SARS pandemic?  Some business continuity practitioners, now using the term ‘Grey Swan’, have been discussing pandemics since before Swine Flu.

 A more correct statement:

COVID-19 is the latest pandemic which was reasonably foreseeable and amenable to pre-planning. Many governments and corporations, nevertheless, appear to have been caught unprepared or underprepared. They are now responding in real time to that which they previously avoided examining theoretically - either deliberately or through lack of knowledge.

The example:

Our company - Tigertail Australia created an exercise for the Executive Team of a financial services organisation of around 4000 staff across Australia and New Zealand. When other organisations were focused on data security and cyber breach related crisis exercises, this organisation decided to evaluate and test its pandemic plan. When we queried the theme we were informed that the CEO thought it appropriate.

Tigertail’s exercise was conducted in Australia during October 2019 and in New Zealand during November 2019. Corrective actions agreed with the CEO and Executive Team were timed for completion in January 2020. By early February 2020, that organisation had addressed areas to sustain, improve or fix issues identified through the exercise. Importantly, in response, the organisation enhanced its technology to enable all 4000 staff to work from home.

The initial scenario phase of the exercise considered:

  • Staff who had visited workplaces, customers’ businesses and trade shows while infected, but still asymptomatic, with a highly infectious disease acquired during a recent overseas study tour.

  • Involvement of various State (NSW and VIC) and National (NZ) health authorities

The assembled crisis management team (CMT) focused on these primary elements:

  • Immediate staff safety

  • Immediate customer safety

  • Reputation

  • Continuity of business

In the first phase a group of ‘Primary’ CMT members participated, and an ‘Alternate’ group observed.

The exercise was halted and the CMT was split into two teams. Each team had a mix of Primary and Alternate members. The exercise scenario was ‘fast forwarded’ by six months – the infectious disease had now become a pandemic. Despite their best efforts, the impact of the pandemic on their staff aligned to the wider community experience.

In the subsequent second phase, the two CMTs operated concurrently. Neither was permitted to speak with the other. That constraint was explained as “Either they are sick or have succumbed to the pandemic”.

The scenario had been developed to reflect:

  • A pandemic with a significant infection rate, disease reproduction rate and case fatality rate

  • Significant stock market index falls and loss of value

  • A double-notch decrease in the country’s credit rating

  • Potential of a decrease of the organisation’s credit rating

  • Significant stress on customer’s borrowings and increasing applications for relief under hardship rules

  • Significant stress on customers’ primary industries

  • A class action from the customers whose businesses had been disrupted at the outset of the exercise by the organisation’s infected staff

  • Staff entitlements to leave dwindling rapidly and some exhausted

In the debrief we facilitated the whole CMT identified that they had:

  • Learned that health and well-being of their staff is one stream of many in response to a pandemic

  • Noted that using data from their Business Continuity Management System assisted decision making regarding the prioritisation of resources

  • Seen the benefit of creating work streams to develop and manage short, medium, and long-term responses for staff, customers, community, regulators, and reputation

  • Noted that creating work streams offered time for the Executive Team to consider the strategic issues rather than becoming immersed in the operational response

  • Identified that while a pandemic response should become an important item on the agenda care should be taken to ensure that is not the entire agenda

That debrief was robust and the Chief Executive Officer and Chief Operating Officer overtly sponsored the agreed actions. When Tigertail met with the organisation again in February 2020 it was clear that the knowledge gained in October and November 2019 was driving informed questions focusing on what they may have missed.

The Question:

What are you going to do to ensure that you, your CEO, and your organisation are match-fit and crisis-ready?

Imagine being the CEO above; prepared and able, in February 2020, to brief your Board, industry peers, customers, staff, and regulators on pandemic preparations that had commenced in October 2019 – rather than telling them that “the crisis was completely unforeseen - a true Black Swan event – for which we are unprepared.”

Working with Tigertail would better enable your CEO to be able to state that:

“Yes [X Crisis] is unprecedented. However, through our ongoing diligence we have foreseen something like this happening and what was reasonably foreseeable was amenable to deliberate planning and preparedness. Of course, some of our plans will need to change. We are, however, ready to respond.”

Protecting your people, operations, assets, and reputation is paramount in a crisis or emergency. Tigertail Australia has the background and experience to equip your organisation with the skills to confidently and effectively manage risk, crisis, and emergencies. The Tigertail team has more than 150 years of combined experience. We cover everything, from prevention and preparedness to response and recovery. The team includes Crisis and Emergency Management Leaders, Business Continuity Specialists, Risk Management Advisors, Planners, and Trainers.

Author: Craig Moroz, Senior Associate, Tigertail Australia

W: www.tigertail.com.au   T: +61 (0)408 481 931 E: answers@tigertail.com.au

 TIGERTAIL AUSTRALIA: CONFIDENCE / CLARITY / CONTINUITY

Swan.jpg

COVID Planning Guidance

COVID is simply the most serious organisational threat in living memory. We are all adjusting to a rapidly changing world.

To give your organisation the best chance, we recommend:

1) Establish a COVID-19 Taskforce within your organisation, led by an executive team member

2) Support the Taskforce with a structure based on your crisis management team (CMT)

3) Establish work streams reporting to the Taskforce, with members from across the organisation. Consider:

a) Customer and stakeholder engagement

b) Workforce protection and support

c) Supply chain stabilisation

d) Service delivery – what can we deliver, when and to what quality?

e) Financial (particularly modelling future scenarios to consider the societal impacts over time)

4) Consider an Opportunity work stream to:

a) explore how you can change service delivery, streamline processes, work differently

b) note what laws and regulations are relaxed or implemented during the pandemic period that may become a focus for you to lobby governments and/or regulators as recovery begins

c) note changes to policy/process/procedures during the pandemic that may offer efficiencies when (eventually) we are back to BAU or operating in the so-called “new normal”

Each workstream should seek, in a structured way, to discover, assess and address or accept points of failure (people, process, premises, technology) that put the company at risk.

Encourage staff at all levels to highlight possible points of failure and foster innovative, flexible thinking to address them.

Remember that while the pandemic is front of mind, other incidents should be expected that may compound the problem – don’t take your eye off the normal continuity challenges.

Now is the time to:

  • establish delegated authorities for CEO, Executive Team and roles that are vital to your overall governance

  • ensure that those tasked with building the response have the authority and resources to focus on that mission – the entity’s survival depends upon it

  • be deliberate in setting a sustainable tempo – this isn’t going away any time soon

  • actively manage fatigue – cross-train at least two people for each role in the strategic response

  • keep your people informed – and be kind

  • expect that the entity emerging from the crisis will be different from the one that entered

Keep washing your hands, stay at home wherever possible and look after each other.

Don’t know where to start? Tigertail can help you navigate the complexities and weather the storm.
Contact us at answers@tigertail.com.au

COVID.jpg

Pandemic planning - what, when, how?

The world is watching as a tiny particle sweeps around the planet. Markets are worried. Governments are activating plans and preparing health systems. Smart businesses are taking steps to prepare for significant disruption.

What do businesses need to do?

Dust off the pandemic plan! And the business continuity plan. Think about vulnerabilities - people, supply chains, customers. Consider the measures you've got in your pandemic plan and your business continuity plan and how they are linked.

When should you start?

Now.

How do you prepare?

Be informed. Check out these resources. Talk to your staff, key suppliers and customers. Think about the impact that a really bad flu season has had on your business - then do some "what-if" thinking to help you prepare.

  • Ask for help if you need it - get an independent review of your plan.

  • Wash your hands properly and regularly.

  • Cough and sneeze into a tissue that you throw away, or if you don’t have any, into your elbow.

  • Stay in touch with authoritative sources, such as the State and Australian health departments.

  • Misinformation is spreading faster than the virus - help keep your staff safe by rejecting rumour promoting thoughtful planning.

corona-4881364_1280.jpg

COVID-19

Fireys are fantastic!! But how good is recovery??

I am full of admiration for the bushfire response. But there are communities that are well into recovery and the systems are wanting. The brilliant, life-saving work of ABC News has helped save lives, now I encourage reporters to look at how communities are rebuilding and how millions of dollars of donations are being disbursed. I argue that emergency preparedness for recovery is under-done, under-resourced and inequitable. As climate change increases the likelihood of more emergencies we need to get better at planning post-disaster community renewal.

Rick Stone, Managing Director, Tigertail Australia

I've been working in emergency management for decades, including ten years as the training manager for the NSW State Emergency Service and five years as principal emergency planning officer for NSW. I am never surprised at the selfless competence and sheer effort put in by emergency responders dealing with bushfires, floods storms and other emergencies. They do an amazing job, largely because of good emergency preparedness. Preparedness includes recruiting, equipping and training career and volunteer staff; understanding and mitigating risk where possible; and planning to manage residual risks. Response agencies are pretty good at this. They know about risk management. They spend lots of time training for when they might be needed. They test their procedures and practise how they will respond. They develop plans with clear priorities for using their inevitably scarce resources. Response actions are equitable and prioritised on the consequences of losing an asset. You don't see the RFS doing a means test or cost:benefit analysis on which houses they will protect. Everyone has access to the same service and nobody really counts the cost until afterwards.

Recovery, I'm afraid - not so much.

My best friend Lorna (who worked as a senior manager for NSW SES for 30+ years) and her husband retired to the NSW South Coast three years ago. On NYE they lost their home and small alpaca herd. Not long after midnight this morning I spent an hour on the phone with my friend crying. She and Hunter are self-funded retirees, asset rich but income poor. They're resilient and smart. Even though they now have no assets, they've found rental accommodation. They had to stump up ten weeks' rent (four for bond and six because they have not previously rented). After an hour on the phone at Centrelink to prove her identity (having never needed that agency's service before) the $1000 disaster relief payment was arranged. At the Recovery Centre no further assistance was available. "You've already done everything and you don't meet the eligibility criteria. But here's a can of dog food for you pet." She's stopped looking at Facebook because her feed is full of calls for donations - but how are these donations being disbursed? What are the eligibility criteria? How does she find out? How does she apply? Red Cross make it clear, as do the banks and many insurance companies, all of whom are to be commended for their response and communication. But more broadly, how does a traumatised survivor benefit from people's generosity? Where's the relief grants portal? It seems the (well-meaning) staff on the ground don't have the information.

Planning for emergency response is based on understanding the foreseeable impact and working out how to manage it. Planning for emergency recovery should be exactly the same. Recovery needs are totally foreseeable. There's world-leading doctrine in the Australian Community Recovery Handbook. But there is no commitment from governments to establish and properly resource a standing organisation to manage foreseeable post-disaster needs. Recovery seems to rely on a temporary leaders (usually a serving or ex-police officer, sometimes a senior military officer because... they are skilled in community development and renewal?). Government has no (or very few) people skilled in coordinating recovery work - even though the need for recovery is absolutely predictable - and likely to increase. Most recovery work is out-sourced to dedicated organisations like Red Cross and to local government. While local management and leadership in recovery is totally appropriate - it's high-level support (effectively money) that's wanting. There was plenty of (in my view unwarranted) criticism of poor coordination and slow response while fires were burning, but if you really want to see piecemeal - look at community support after the fire has passed.

Recovery planning is grossly under-rated and under-done.

Is recovery managed equitably? If I don't need to pass a means test for my home to be protected during an emergency response, why should I be means-tested for recovery assistance? Why can the taxpayer spend a $1M every hour on aerial fire-fighting without batting an eyelid, but start penny-pinching when it comes to supporting individuals and small businesses once the fire is out? Why are recovery arrangements so reactive, when the need is so predictable?

The focus on active fire-fighting (flood or storm-damage response) is important and makes for good TV news. But the fire goes out, the flood recedes and the storm passes. The response agencies withdraw. The community, however, will need support for years or decades to renew itself. This is the real post-disaster work. We need to get better at planning for it and doing it because it's peoples' lives and long-term well-being.

 
Renewal.jpg