Excerpt of the article Ready to respond, which appeared in the Q1 2014 edition of Continuity, the magazine of the Business Continuity Institute
What would you say are the principles which underpin the UN’s approach to business continuity and organisational resilience?
The UN’s approach to business continuity and organisational resilience is centred on continuous learning and improvement, and is based on a series of principles. The first of these principles is risk-based planning and practice. The United Nations duty stations around the world can have different risk profiles, and plans must reflect local risks. There are common fundamentals, but our approach to organisational resilience is not a ‘one size fits all’ approach. Also, under the Organisational Resilience Management System (ORMS), emergency management plans, including business continuity, will be founded on a joint assessment of operational risks. A second principle is that of flexible standardisation. The fundamental roles, responsibilities and practice are tailored to reflect the local context, leveraging existing resources and processes. The third principle I would highlight is harmonised and integrated implementation. Emergency management plans and planning processes, governance and implementation structures – such as crisis management teams – and behavioural change will be implemented in coordination with United Nations Member States, host country authorities and other key partners. The final principle relates to maximised organisational learning. This means that the lessons learned during implementation will be identified, recorded and shared.
How do you ensure that your approach to organisational resilience is aligned with the overall objectives of the UN and that it keeps pace with the changing demands of the organisation?
The ORMS is closely governed by a group of department heads that ensure that the system meets the needs of clients. The Secretariat also reports on the progress of development and implementation to the General Assembly, which provides direction and guidance. You mentioned the Organisational Resilience Management System, which has recently been adopted by the UN. Can you provide me with an overview of this system? The UN Organisational Resilience Management System was approved by the General Assembly in June 2013, under A/RES/67/254, as the emergency management framework for the organisation. The ORMS is a comprehensive emergency management system, linking actors and activities across preparedness, prevention, response and recovery, to enhance the organisation’s resilience in order to improve its ability to ensure the safety and security of our staff and assets, and to deliver our mandates. The core elements of the ORMS are:
- Crisis management decision making and operations coordination architecture
- Crisis communications
- Mass casualty incident response
- IT disaster recovery
- Business continuity
- Support to staff, survivors and their families.
The system processes include:
- Policy and plan development
- Risk assessment and mitigation
- Situational awareness
- Crisis management decision making, operations execution and coordination
- Recovery of people and assets and reconstitution of business processes
- Reviewing actions and identifying lessons to improve processes
- Exercising and training
- Implementing lessons learned.
The ORMS comprises centralised, integrated decision-making and operations coordination bodies linking the core elements in a comprehensive framework and ensuring all processes are undertaken in a timely and coherent manner. Under ORMS, the UN response to any event will be flexible, reflecting prevailing circumstances and focus on a range of priorities. Firstly, the health, safety and security and well-being of United Nations personnel. The focus will also be on maintaining the continuity of United Nations critical functions and activities, and capacities for mandate and programme implementation. In addition, it encompasses protection of United Nations physical assets. Finally, I have provided here a graphical representation of the organisational resilience management system, by emergency management phase and process (see below).
Why was it decided to introduce the new system?
The global operations of the United Nations bring with them exposure to an extensive and varied range of threats. To prevent and manage these threats requires efforts beyond a harmonised and integrated approach to emergency management. The ORMS was introduced to meet these challenges, pursuant to a request of the General Assembly to develop a comprehensive emergency management framework.
How have you gone about implementing the ORMS and what challenges have you had to overcome to achieve this?
We have pursued a dual strategy to implement the system. First, although ORMS is not a project, on one level we approach it like one. We have set clear lines of accountability for deliverables, established formal governance, development and quality control structures, and have a dedicated regime the aim of which is to change the behaviour of staff, consistent with the tenets of ORMS. Second, we are nurturing an ever-expanding global network of emergency managers from the private sector, academia, partner agencies and interested staff to generate serendipitous effects through information and capacity sharing.
How far along the process are you to the full implementation of the system?
The implementation of the ORMS within the United Nations is being led by the Secretariat. It was decided to pursue a phased implementation approach, beginning at the United Nations Headquarters in New York and then extending the framework to the Offices Away from Headquarters in Geneva, Vienna and Nairobi, the Regional Commissions in Addis Ababa, Bangkok, Santiago, Beirut, and Geneva, the United Nations peacekeeping and special political missions, and then finally to the United Nations agencies, funds and programmes. The ORMS has been fully implemented at the United Nations Headquarters, and implementation will now shift to other offices.
Central to the ORMS is the Responsive Regulation approach. Can you clarify what this approach is and why it is so important?
Responsive Regulation is a compliance model proposed by Ian Ayres and John Braithwaite in their book, Responsive Regulation: Transcending the deregulation debate. Based on the premise that a population subject to a regulation will vary from voluntary compliance to deliberate non-compliance, the model suggests a portfolio of escalating remedies to encourage voluntary compliance, related to address the source of non-compliance. The model also recognises that those who deliberately do not comply with a specific regulation are a small minority. The governance of the ORMS is based on the responsive regulation approach. The policies and guidance to which the system gives effect will focus on providing United Nations staff with the tools to implement the framework, and not reflect a strong ‘stick’ approach to non-compliance. To date, we have found that the ORMS resonates with staff and management because it solves the problem of how to ensure harmonised and integrated effort between emergency management disciplines. In this way, the system reflects the common need to establish a framework that describes the relationship between the elements that comprise the emergency management landscape. It also serves to enhance the management of operational risk; and furthermore, ORMS supports efforts at the field office level to implement emergency management programmes by adopting a common system that allows offices to leverage each other’s capacity, and to harmonise activities around a common good.
What benefits of the new system have you seen at this early stage?
While it is too early to describe benefits in detail, we have found that working across functional areas encourages working across silos, which has inevitably lead to innovation and improved use of resources. On a related subject, increased awareness of ongoing activities and projects generates serendipitous effects from organic collaboration, supporting the implementation of linked projects and overall change management. Interoperability between organisations has improved, and integral ‘after action’ and lessons learned processes provide a sound basis for continual improvement.
What would you say have been the main learning points from this process?
The implementation of ORMS has been a significant learning experience. The first lesson is the importance of effective change management, characterised by not just establishing the task element and deliverables such as plans; but ensuring that implementation is supported by effective governance structures and a network of practitioners, as well as behavioural change. Second, gaps between emergency management disciplines, such as business continuity and crisis management, are a major source of vulnerability. If there is a gap in overall programme planning and coordination, the effectiveness of preparedness and response will be affected, and not in a good way. Third, a former boss of mine in the army used to tell us that, “Those that can communicate can’t help but be successful.” Strategic communication has been essential to the successful implementation of ORMS, especially in support of change management. One of the main tools that we have used to nurture the network and to share knowledge is social media and internal collaboration platforms. Finally, ORMS is not an overhead, but rather is an effort that creates significant value. The system brings people from across the organisation together around a common objective, which is to effectively manage risk and protect what is the most valuable parts of a business. The process makes the organisation tighter and generates serendipitous effects that lead to new opportunities for collaboration.
Filed under: Business Continuity, Change Management, Communication, Crisis Management, ERM, KM, Pandemic Preparedness, Planning, Risk, Risk Management, Social Learning, Social Media, Social Web, Teams | Tagged: Black Swan, Business Continuity Institute, Change Management, Continuity, Crisis communication, Crisis Management, Emergency management, ERM, Learning, Operational Risk, Organizational Resilience, ORMS, Responsive Regulation, Security, SMEM, Social Media, United Nations | Leave a comment »