February 25, 2014
Excerpt of the article Ready to respond, which appeared in the Q1 2014 edition of Continuity, the magazine of the Business Continuity Institute
What would you say are the principles which underpin the UN’s approach to business continuity and organisational resilience?
The UN’s approach to business continuity and organisational resilience is centred on continuous learning and improvement, and is based on a series of principles. The first of these principles is risk-based planning and practice. The United Nations duty stations around the world can have different risk profiles, and plans must reflect local risks. There are common fundamentals, but our approach to organisational resilience is not a ‘one size fits all’ approach. Also, under the Organisational Resilience Management System (ORMS), emergency management plans, including business continuity, will be founded on a joint assessment of operational risks. A second principle is that of flexible standardisation. The fundamental roles, responsibilities and practice are tailored to reflect the local context, leveraging existing resources and processes. The third principle I would highlight is harmonised and integrated implementation. Emergency management plans and planning processes, governance and implementation structures – such as crisis management teams – and behavioural change will be implemented in coordination with United Nations Member States, host country authorities and other key partners. The final principle relates to maximised organisational learning. This means that the lessons learned during implementation will be identified, recorded and shared.
How do you ensure that your approach to organisational resilience is aligned with the overall objectives of the UN and that it keeps pace with the changing demands of the organisation?
The ORMS is closely governed by a group of department heads that ensure that the system meets the needs of clients. The Secretariat also reports on the progress of development and implementation to the General Assembly, which provides direction and guidance. You mentioned the Organisational Resilience Management System, which has recently been adopted by the UN. Can you provide me with an overview of this system? The UN Organisational Resilience Management System was approved by the General Assembly in June 2013, under A/RES/67/254, as the emergency management framework for the organisation. The ORMS is a comprehensive emergency management system, linking actors and activities across preparedness, prevention, response and recovery, to enhance the organisation’s resilience in order to improve its ability to ensure the safety and security of our staff and assets, and to deliver our mandates. The core elements of the ORMS are:
- Crisis management decision making and operations coordination architecture
- Crisis communications
- Mass casualty incident response
- IT disaster recovery
- Business continuity
- Support to staff, survivors and their families.
The system processes include:
- Policy and plan development
- Risk assessment and mitigation
- Situational awareness
- Crisis management decision making, operations execution and coordination
- Recovery of people and assets and reconstitution of business processes
- Reviewing actions and identifying lessons to improve processes
- Exercising and training
- Implementing lessons learned.
The ORMS comprises centralised, integrated decision-making and operations coordination bodies linking the core elements in a comprehensive framework and ensuring all processes are undertaken in a timely and coherent manner. Under ORMS, the UN response to any event will be flexible, reflecting prevailing circumstances and focus on a range of priorities. Firstly, the health, safety and security and well-being of United Nations personnel. The focus will also be on maintaining the continuity of United Nations critical functions and activities, and capacities for mandate and programme implementation. In addition, it encompasses protection of United Nations physical assets. Finally, I have provided here a graphical representation of the organisational resilience management system, by emergency management phase and process (see below).
Why was it decided to introduce the new system?
The global operations of the United Nations bring with them exposure to an extensive and varied range of threats. To prevent and manage these threats requires efforts beyond a harmonised and integrated approach to emergency management. The ORMS was introduced to meet these challenges, pursuant to a request of the General Assembly to develop a comprehensive emergency management framework.
How have you gone about implementing the ORMS and what challenges have you had to overcome to achieve this?
We have pursued a dual strategy to implement the system. First, although ORMS is not a project, on one level we approach it like one. We have set clear lines of accountability for deliverables, established formal governance, development and quality control structures, and have a dedicated regime the aim of which is to change the behaviour of staff, consistent with the tenets of ORMS. Second, we are nurturing an ever-expanding global network of emergency managers from the private sector, academia, partner agencies and interested staff to generate serendipitous effects through information and capacity sharing.
How far along the process are you to the full implementation of the system?
The implementation of the ORMS within the United Nations is being led by the Secretariat. It was decided to pursue a phased implementation approach, beginning at the United Nations Headquarters in New York and then extending the framework to the Offices Away from Headquarters in Geneva, Vienna and Nairobi, the Regional Commissions in Addis Ababa, Bangkok, Santiago, Beirut, and Geneva, the United Nations peacekeeping and special political missions, and then finally to the United Nations agencies, funds and programmes. The ORMS has been fully implemented at the United Nations Headquarters, and implementation will now shift to other offices.
Central to the ORMS is the Responsive Regulation approach. Can you clarify what this approach is and why it is so important?
Responsive Regulation is a compliance model proposed by Ian Ayres and John Braithwaite in their book, Responsive Regulation: Transcending the deregulation debate. Based on the premise that a population subject to a regulation will vary from voluntary compliance to deliberate non-compliance, the model suggests a portfolio of escalating remedies to encourage voluntary compliance, related to address the source of non-compliance. The model also recognises that those who deliberately do not comply with a specific regulation are a small minority. The governance of the ORMS is based on the responsive regulation approach. The policies and guidance to which the system gives effect will focus on providing United Nations staff with the tools to implement the framework, and not reflect a strong ‘stick’ approach to non-compliance. To date, we have found that the ORMS resonates with staff and management because it solves the problem of how to ensure harmonised and integrated effort between emergency management disciplines. In this way, the system reflects the common need to establish a framework that describes the relationship between the elements that comprise the emergency management landscape. It also serves to enhance the management of operational risk; and furthermore, ORMS supports efforts at the field office level to implement emergency management programmes by adopting a common system that allows offices to leverage each other’s capacity, and to harmonise activities around a common good.
What benefits of the new system have you seen at this early stage?
While it is too early to describe benefits in detail, we have found that working across functional areas encourages working across silos, which has inevitably lead to innovation and improved use of resources. On a related subject, increased awareness of ongoing activities and projects generates serendipitous effects from organic collaboration, supporting the implementation of linked projects and overall change management. Interoperability between organisations has improved, and integral ‘after action’ and lessons learned processes provide a sound basis for continual improvement.
What would you say have been the main learning points from this process?
The implementation of ORMS has been a significant learning experience. The first lesson is the importance of effective change management, characterised by not just establishing the task element and deliverables such as plans; but ensuring that implementation is supported by effective governance structures and a network of practitioners, as well as behavioural change. Second, gaps between emergency management disciplines, such as business continuity and crisis management, are a major source of vulnerability. If there is a gap in overall programme planning and coordination, the effectiveness of preparedness and response will be affected, and not in a good way. Third, a former boss of mine in the army used to tell us that, “Those that can communicate can’t help but be successful.” Strategic communication has been essential to the successful implementation of ORMS, especially in support of change management. One of the main tools that we have used to nurture the network and to share knowledge is social media and internal collaboration platforms. Finally, ORMS is not an overhead, but rather is an effort that creates significant value. The system brings people from across the organisation together around a common objective, which is to effectively manage risk and protect what is the most valuable parts of a business. The process makes the organisation tighter and generates serendipitous effects that lead to new opportunities for collaboration.
Filed in Business Continuity, Change Management, Communication, Crisis Management, ERM, KM, Pandemic Preparedness, Planning, Risk, Risk Management, Social Learning, Social Media, Social Web, Teams
Tags: Black Swan, Business Continuity Institute, Change Management, Continuity, Crisis communication, Crisis Management, Emergency management, ERM, Learning, Operational Risk, Organizational Resilience, ORMS, Responsive Regulation, Security, SMEM, Social Media, United Nations
February 19, 2014
- Content is king
- People want and expect to be engaged
- This engagement must be authentic and transparent
- Provide the tools and content to mobilize key influencers in your network
La plus ça change . . .
Peretti noted that social and sharing is now how the media works, and people share what engages their heart and their head - quizzes are now hot because they allow the user to dream and offer a topic of conversation with friends – so success can be measured in providing content that is of value to the reader, not traffic. He argued, “In social, traffic is the by-produce of good work.”
Peretti also warned the audience that brands are hurt when they reach an audience that does not want their content. While indicating that the default for sharing content online is failure, Peretti observed, “The best thing about social is that your best stuff is seen by the most people.”
To do this, Peretti explained, Buzzfeed has become a learning machine, constantly refining what content proves to be provocative. Peretti remarked, “To be successful in social you have to maximize learning, not maximize traffic,” celebrating mistakes that are part of the process of learning.
The best model to accomplish this? According to Peretti:
- Employ, “Really smart humans guided by data”
- Create value for the reader by continually improving your platform and the content that you share: “Exploits and tricks that are not good for the user are short lived”
- “Don’t optimize for platforms, but for people”
Peretti noted the trend of Dark Social - content without an obvious referring application – as the source of a growing amount of shared content, from peer-to-peer apps like WhatsApp. He also reinforced that you must ensure your platform and content is mobile friendly, mentioning that Buzzfeed readers consume much content on their mobile devices. “Prime time for mobile is 10 p.m.,” he observed.
The interview ended with a shift to technology, which allows people to connect with more people like themselves and share ideas. It’s a brave new world.
February 18, 2014
You can participate and contribute, even if you are not attending in person. Here’s how:
- Download the Social Media Week mobile app, to connect to content and Live Feeds
- Tune in to the Social Media Week Live feed
- Follow the #SMW14 #tagboard, that compiles Twitter, Vine and Instagram posts
- Check Social Media Week In Images
- Social Networks for SMW 2014:
- Global: #SMW14
- New York City: #SMWNYC
For more information, check out, Your Ultimate Guide to SMW14: How To Follow & Share.
Watch! Attend! Participate!
- Social Media Week 2014 NYC
- Social Media Week 2014 Kicks Off, Over 30,000 People Expected
- Social Media Week 2014 Promotes Discussion About Tech’s Role In Business And Society
- What to Expect at New York City’s Social Media Week
- Think, Listen, Respond, Repeat: 7 Social Media Week Strategies You Shouldn’t Miss #SMW14
November 18, 2013
Again this year, I made the pilgrimage to London to attend the BCM World Conference and Exhibition; a link to the background paper for my presentation is here.
As always, there were some nuggets. Here is one:
Risk and Business Continuity (Mike Power – LSE)
Professor Power cogently described how Business Continuity Management can contribute to effective enterprise risk management. He began by detailing the challenges to manage enterprise risks:
- The Illusion of Control, characterized by the assumption that we have more of an understanding of cause and effect than we really do. As I have written elsewhere, in complex and anarchic events, cause and effect can only be understood after the fact
- Fragmentation of capability to manage specific risks
- Entity v System Focus, resulting in organizational stove pipes
- (Unrecognized) Interconnectedness, concomitant with today’s complex systems
Power then turned to the challenges for Business Continuity Management in the enterprise:
- BCM has historically been disempowered, considered overhead and not a value-generating part of the business
- The slow emergence of operational risk
- Weak institutionalization, stemming from the perception that BCM has only an operational or technology focus
- Weak accountability within the enterprise for low probability-high impact events, which are the bread and butter for BCM
To respond to these challenges, Professor Power proposed a number of solutions:
- Establish and formalize the Three Lines of Defence: Business, Corporate Risk Management, and Internal and External Audit. These lines are graphically depicted at Figure 1.
Figure 1 – Three Lines of Defence
- Identify the scenarios under which your organization will fail . . . completely, and then decide what will be your strategies to recover from catastrophic loss
- Establish a risk culture – the ability to think of alternate futures and build action plans around them – where:
- The authority for risk and control functions are clear
- There is a respect for controls
- There is close attention to incentives risk
- Accept that you can do your best, but there is still a chance for failure
- Recruit charismatic BCM leaders
- Build the narrative of BCM’s value generating capacity:
- Embed resilience as a core organizational value and ‘BAU’
- Circulate stories of success
- Create the discourse, incorporating the performance nature of language: if you talk in a certain way, it will happen
- Incentivize collaboration: when the world is moving against you, to succeed, collaboration must increase.
Professor Power’s presentation resonated with me because the content was consistent with my experience. First, there is a common bias toward a programme, or entity, approach over a system approach. This in turn complicates the management of operational risk, which can only be done effectively by an enterprise approach. Second, it is ironic that fragmentation features in a field – emergency management – in which consolidation is almost always a good idea.
Third, there is a critical message implicit in the Three Lines of Defence: corporate BCM can support businesses prevent, prepare, respond and recover, but each business is responsible for their continuity and resilience.
Finally, BCM is a value generator. The focus of BCM is to find and preserve value within the organization. Executing this responsibility, connects BCM with all parts of the enterprise, inevitably generating serendipitous effects that are typically of significant value. Any time you have a conversation around risk, good things happen.
- Organizational resilience at the United Nations Secretariat (buridansblog.com)
- Reflections on BCM World 2013 (crisisthinking.co.uk)
Filed in Business Continuity, Change Management, Crisis Management, ERM, Pandemic Preparedness, Planning, Risk, Risk Management
Tags: BCM, Business Continuity, Business Continuity Management, Enterprise risk management, Illusion of Control, Operational Risk, Risk management
October 31, 2013
Notes for my presentation at the BCM World Conference and Exhibition in London, on 6 November 2013
The evolution of emergency management in the United Nations has tracked to the risks faced by the Organization. Before 2005, the emergency landscape was primarily comprised of security and humanitarian contingency planning. The emergence of the pandemic influenza risk brought the establishment of business continuity as a discipline in the United Nations, with strong links to disaster recovery, but it was the tragic earthquake in Haiti in January 2010, that spawned a major change in the way in which the United Nations approached emergency management.
While considering establishing a dedicated unit to support staff and their families injured by malicious acts or natural hazard events as part of the internal response to the Haiti earthquake in 2010, the United Nations General Assembly requested the Secretariat to develop a framework that would describe the relationship between the various emergency management actors and how they work together. At that time, the practice was to pursue a programme approach to preparedness, characterized by responsibility for emergency management functions spread among different units.
Although the Organization managed to set up significant capacity for crisis response this way, the programme approach has the potential to compromise the overall effectiveness and response and recovery through process duplication and incoherence. It may also lead to increased cost to implement and support different initiatives, and an increased burden on offices to develop and carry out different preparedness plans.
The General Assembly approved the Organizational Resilience Management System (ORMS) in June of 2013 under resolution A/RES/67/254. This marks a transformational change in the way in which the United Nations Secretariat approaches emergency management – including prevention, preparedness, response and recovery – and manages operational risk.
Why does the United Nations need ORMS?
In addition to meeting the request of the General Assembly to do so, adopting a systems approach, inherent to ORMS, satisfied another need: to reduce the burden on offices to implement emergency management. As one would expect, the United Nations has offices around the world, and these offices vary in size. In contrast to major United Nations offices, like those in Geneva and Nairobi, with the exception of Security, United Nations satellite offices do not have dedicated emergency management experts. A systems approach, with harmonized emergency management plans, structures, and exercises and testing are easier to implement in offices with limited resources and capacity.
Emergency management lends itself to harmonization and integration because its constituent parts are linked by a shared understanding of risk, and they share a common goal to enhance management of specific operational risks.
Finance and Hazard risks, which are measurable, are typically well-managed in organizations that have dedicated experts to identify and treat these risks. Strategic risks – risks related to the relevance, alignment and quality of the programme – and Operational risks – those related to people, processes and systems – however, are difficult or impossible to quantify, and responsibility to control them sits in different departments, requiring collaboration across organizational lines to manage them effectively. If this did not complicate things enough, Strategic and Operational Risks pose the greatest threat for significant disruption.
Figure 1 – A Taxonomy of Risk
ORMS makes a major contribution to managing Operational Risk by:
- Encouraging a shared assessment of risk;
- Providing a mechanism to jointly identify and control Operational Risk; and
- Harmonization and integration of plans and structures minimizes the unintentional transfer of risk within the organization.
What is ORMS?
ORMS is a risk-based emergency management framework, bringing together integral actors across prevention, preparedness, response and recovery. The aim of ORMS is to enhance the Organization’s ability to deal with crises to protect staff and assets, and allow the United Nations to continue to deliver its critical mandates. A description of the elements comprising the ORMS framework, and the ORMS Processes by Phase, are detailed at Figure 2 and Figure 3, respectively, below.
Figure 2 – ORMS Elements
Figure 3 – ORMS Processes by Phase
To be effective, ORMS must be applicable in all United Nations duty stations, regardless of size, organizational structure and culture, and risk exposure. At its essence, ORMS involves:
- Harmonization of emergency management planning and plans
- Common governance and implementation structures for emergency management
- Jointly conducted emergency management awareness, training and exercises
This will be achieved by develop guidance that describes fundamental roles and responsibilities, and principles, which can then be applied to meet local conditions.
Development of ORMS was done primarily at the United Nations Headquarters in New York City. For this reason, the framework was piloted at Headquarters, beginning in 2011. It was later decided to phase ORMS implementation, first to the other United Nations Secretariat offices – the United Nations Office at Geneva, the United Nations Office at Nairobi, the United Nations Office at Vienna, the Regional Commissions in Addis Ababa, Beirut, Santiago and Bangkok, and the field missions of the Departments of Peacekeeping Operation and Political Affairs – then to the agencies, funds and programmes, such as UNICEF and the World Food Programme.
ORMS will be implemented through a combination of a formal, project management approach and an informal, emergent strategy. Under the formal approach:
- A Steering Committee, Project Owner, and Project Team have been assigned; and
- Key deliverables that scaffold the theoretical and practical elements required for implementation – such as the policy, implementation standards and self-assessment tools – have been programmed for presentation to the Steering Committee.
Although the emergent strategy is informal, this is a misnomer as its application requires a putting in place fundamentals that generates opportunities for collaboration, and the ability to exploit them. This process is not accidental, but the result of careful strategic communications planning. The key components of the emergent strategy are as follows:
- Establish and nurture an ever-expanding network;
- Provide a mechanism to give everyone affected by ORMS a voice and the ability to share and capture knowledge;
- Partnerships with academia, the private sector, civil society and governments at all levels; and
- Nimble decision-making.
In developing the ORMS governance model, we wanted to find the balance between being vapid and overly prescriptive. A Responsive Regulation approach is being adopted, whereby policy, governance and implementation support is guided by the premise that staff and management want to do the right thing, and improve emergency management. Under this dynamic approach, ORMS will be embedded in the Organization’s culture, and solutions to issues will be derived and communicated through the network. The network is also a source to discuss deficits in capacity in a given place
ORMS is a resource multiplier as it facilitates leveraging and sharing existing capacity, knowledge, experience and skills of United Nations staff working in the emergency management field. Experience to date indicates that the extension of ORMS across the Secretariat and the UN System is expected to yield significant economies, as follows:
- Harmonization of deliverables will make them more effective and reduce the time and resources required to produce them;
- Clear roles, responsibilities and integrated workflows will speed agreement between organizations when establishing operations in new environments;
- Providing a common language and common definition of concepts will reduce the need for meetings, speed implementation and unleash innovation;
- Working across departments encourages silo-busting, which inevitably leads to innovation and improved use of resources;
- Increased awareness of ongoing activities and projects across organizations yields serendipitous effects from organic collaboration, supporting the implementation of linked projects and overall change management;
- Overlaps between initiatives will be eliminated whenever possible;
- Interoperability between organizations will be improved; and
- Integral after action and lessons learned provides a sound basis to continually adapt and improve risk prevention and emergency preparedness and response.
Want to know more?
Filed in Business Continuity, Change Management, Crisis Management, ERM, Pandemic Preparedness, Planning, Presentations, Risk, Risk Management, Social Learning, Social Media, Social Web, Teams
Tags: Emergency management, London, Nairobi, Operational Risk, United Nations, United Nations General Assembly
The American Red Cross is taking advantage of the Sharknado premiere – a deliciously bad SyFy movie in which sharks, sucked up in Pacific tornadoes, drop on the unsuspecting public - to promote disaster preparedness. The premise behind this initiative is that the measures one should take to prepare for sharks randomly dropping from the sky are the same as those of a hurricane or pandemic.
To change their behaviour, human beings must be placed in the context of a significant emotional event in which their current beliefs and practices are untenable. This occurs during actual events – like Superstorm Sandy – but can also be generated through exercises and awareness campaigns. Like the Center of Disease Control‘s Zombie Apocalypse campaign in 2012, pop culture offers opportunities to engage the public on disaster preparedness because, paradoxically, the public understands and are moved by the scenarios, however ridiculous. The rub is that this type of effort can only be successfully implemented by the nimble, creative and organized.
As I have noted elsewhere, “To capture attention content must authentic and disrupt the conversation.” To do this, and create material that elicits a visceral experience to drive engagement, social media content, indeed campaigns, must satisfy 5 criteria:
- Is it unique?
- Is it authentic?
- Is it unexpected?
- Does it do good?
- Does it have a compelling narrative?
The American Red Cross Sharknado campaign does just that.
- We asked the writer of Sharknado some very serious questions (io9.com)
- Sharknado Takes Twitter by Storm (mashable.com)
- The Director of ‘Sharknado’ Explains the Joy of ‘Sharknado’ (theatlanticwire.com)
- The ‘Sharknado’ Trailer Is The Most Ridiculous Thing We’ve Ever Seen (businessinsider.com)