Category: Incident Management

How to get started with Incident Management Planning

Incident management planning can certainly seem overwhelming at first. However, at its core it is the practice of planning, training, exercising & continuously improving toward resilience & preparedness in the event of unforeseen harmful events.

At RiskLogic, our team of experts have been delivering world-class incident management services for over 15 years. We’ve worked across multiple industries including education, governments, transportation & more – helping any organisation ensure they are ready when an incident strikes.

If you enjoyed this article and want to learn more, be sure to click the contact button below to speak with one of our team members about your organisation today.

Picture this: you’re in a three-hour training and exercise workshop with your colleagues around Crisis Management preparations and best practice. You’ve been learning everything about what your organisation can do now to be best prepared. During the latter half of the workshop, you begin your scenario exercise.

This exercise involves the whole class where both the CMT and the day-to-day staff go through a makeshift event.

Your course facilitator briefs everyone on the exercise but reminds them that “if the alarms or your phones do go off, it’s not me, it’s a real event”. Everything in your exercise is managed by the facilitator.

But then, Karren’s phone starts ringing. She answers and realizes that it’s a situation eerily like that of the exercise. “I’ve got a call here regarding some protesting down in our lobby, is this your people?”

“No Karren, it’s not”.

Three minutes later, the CMT has left and the room has become somewhat deserted. A real event has occurred during a session.

For most organisations, probably yours’s included, this period of the year is always busy, the “crazy season” which runs from October to December. This year our numbers are exceptionally larger than usual.

70 training and exercise sessions to be exact. However, that’s not the most interesting statistic we would like to share; it’s the number of sessions that have been interrupted due to a real event. Of all those session’s, 10% of them had to be suspended or cancelled due to a real event impacting the organisation.

That’s too much of a coincidence

In Australia alone, we’ve had five recorded events occur during our sessions in the past two months. In New Zealand, it happened only a few week ago during our 16 hours of training.

Thinking that it won’t happen to me or what are the chances implies you’ve not taken the eventuality seriously. It’s not a matter of if but when and it can even happen during the training of it.

Our exercises are designed to be extremely realistic and life-like. It’s not uncommon for the Team Leader to turn around and ask the trainer, “is this you guys?” This is what we would commonly label a ‘No-duff’ situation. A code word we would use to identify a real event that has occurred outside of exercise conditions.

We have seen disruptions to a training session with our clients across several different industries:

• Local Council – Gas leak building evacuation.
• Logistics – Severe weather event.
• Education – Gas leak.
• Local Government – Cyber event & Protests on campus.
• Cyber-attack that stopped production for a manufacturing company.
• Suspected MERS outbreak in a University.
• Social media accusation of abuse against a school during the Royal Commission.

What can happen?

These events re-enforce and drive home the importance of building your resilience capabilities. They are not going away while the type and diversity are increasing every year to organisations.

So, what’s an example of when this occurred? How did we and the organisation react?

A specific event comes to mind recently where an office block was the potential target for a major protest. The team were aware of this as news had arisen days before on the attempted gathering. There was already buzz in the session.

Upon arrival, it was clear something was bubbling up and we all noticed a few aggravated persons making an appearance in the lobby.

A threat was made that they would return with more people, right when our training session was on.

Facts started to immerge that the specific initiator of this protest was known for building and promoting these protests. They were also known to bring (most likely fake) dynamite. So, as you can imagine, we were on edge a little during the exercise.

Luckily in this situation, the main initiator did return with no ‘dynamite’ and to the applause of zero followers.

Another interesting event happened only a few weeks after. The team RiskLogic was training consisted of a very credible amount of crisis management professionals (including emergency procedures, a regional incident management team and a corporate crisis management team).

The situation that unfolded during our session was another serious one. A mentally unstable person was threatening the location occupied by staff with firearms. The area locked down, police called, and the CMP was put into action.

The aspect that makes these so valuable for RiskLogic and our clients, is that we can get involved and help them through the process of managing the event, in real time. Not only do we prove our worth during a real event, we’re able to provide some world-class feedback on how we thought they handled it.

Yes, we’re there to run the training and scenarios, but if a real-life event occurs – you can sure believe we’ll be there helping you get through it too.

After this case, we were able to debrief the situation which is incredibly valuable for all involved. Our module, only five minutes before, was around whether this organisation knew what worked for them, what doesn’t, what team structures and processes have proved to be effective and what hasn’t. Having a live example was a great opportunity to go through some of these aspects.

Where does the value come in?

If you put business continuity professionals into a real-life situation, you can be confident he or she will find the value out of being there during the event.

You can learn a lot about your organisation when everyone is in action mode…or in some cases panic mode.

The organisation may be strong in the Emergency Management sector, but during the above event, it was the Incident Management and Crisis Management that really needed to flow (which needed a lot of work).

RiskLogic is able to put our solutions and technology to the test, like the dashboards CQCommandhave. We create visual boards and have the facts mapped out while it’s happening.

We were able to identify trigger points and how these can escalate from Emergency Management to Incident and Crisis Management. All of this while the event unfolds.

Value comes in from learning from the experience and practicing what we’ve taught you. When certain elements haven’t worked, we can apply a post-event analysis on this and get straight into how this can be sorted.

Embrace an event

If this happens to you in a training session, you might be lucky and have a Risklogic facilitator on hand to assist and guide you through the real event, just as some of our Senior Managers have been doing lately.

In most scenarios, your choices are to continue the exercise and monitor or, suspend the exercise and deal with the real event. Regardless, if it does occur you should be using this as a great time to really test the team, understand the holes that need filling in and, most importantly, making sure you congratulate them on the right steps the team would have taken.

On the plus side, you already have your team assembled and they should be in the right head space.

Contact Us today to learn more

Resource on this article: http://risklogic.co.nz/auckland-april-10th-2018/

In the retail sector, many larger suppliers will set aside a huge chunk of revenue for the loss of stock. In some cases, this amount is in its millions per year and covers such events as damage on delivery, acts of god, faulty and theft. It also covers internal theft which has been on the rise over the last ten years in New Zealand and Australia.

Joanne Harrison, a senior manager of the Ministry of Transport was convicted of stealing $725,000 from her employer in February 2017. This threat, although serious, is seldom seen in organisations Business Continuity Plan.

In line with our workshop this April, we wanted to give you an example and case study of one of Veritas’ clients which explains the process of identifying and dealing with the findings of the event.

In this example, we’ll call the business Company B. They are a service provider to the education sector. They’ve operated for 5 years and been on a growth strategy throughout that time. It is a family-owned firm that has expanded from the initial 3 employees to now having 17. During this time delegated authorities have devolved outside of the initial investors to employees.

In February 2018 the company accountant alerts the Managing Director (MD) that whilst on paper they are making a good gross profit their overall net profit does not match their efforts and bookwork.

The accountant identifies a number of pro-forma invoices for which payment has been authorised by a senior and trusted employee. It appears that the invoices are for firms that are very similar in name to existing suppliers, however, some of the details including bank accounts do not match.

A discussion is held between the MD and the accountant on how to proceed on a way forward. As a result, the MD rings a friend who is a senior police officer and discusses this matter. The police officer says that it is unlikely that police could investigate this matter in a timely manner (within 6 months) due to other more serious crimes taking priority.

The MD is unsure how to undertake enquires and seeks advice from a Private Investigator (PI).

The PI advises that there are a number of opportunities to investigate the pro-forma invoices which include the following:

• A forensic search on Company B accounts,
• background search on the trusted employee,
• background search on all suspect pro-forma invoices,
• background search on any companies affiliated with pro-forma invoices,
• authorised search on bank accounts used and
• conclusion of enquires including recommendations made by PI.

In addition, the PI gives advice to the company about future prevention opportunities including background and CV checks on prospective employees and using a risk-based approach to future engagement with firms.

From a resilience standpoint, systems and measures can be put in place to ensure a coordinated response is planned out by the relevant teams, activated in a timely manner to allow minimal downtown.

This situation is more popular than you might initially think. Employees who are determined enough to make these criminal decisions are finding other ways to get away with it. We must keep up with the small percentage that may consider it. What would you do right now if:

• You need advice? Who would you turn to?
• Who would you notify?
• What actions would you take initially?
• What actions would you take strategically to ensure this matter was resolved?
• What actions would you take strategically to ensure this did not happen again?

With Veritas Investigations, we’ll explore this in more detail on April the 10that our Internal Investigations workshop. Here, our scenario exercise will be the main feature of this event allowing you to be right in the midst of a crisis.

Identical to what we offer our clients on a larger scale across New Zealand & Australia, you will be part of a professionally run training session on how to handle these situations, correctly and effectively.

Contact Us today to learn more

Written by Senior Manager Joanne Costa.

The Australian Open was one of the most closely watched ‘will it–won’t it?’ events of the last 12 months. When considering the ongoing concurrent incidents the world was seeing, there were major concerns, and rightfully so.

It was one of the first major international sporting tournaments to be held in Australia since our borders were closed and the organisers had to respond to a series of high profile incidents and challenges before the first serve had even been taken.

Concurrent incidents are real and will happen

This year the focus for the Open was how to run a major event during a pandemic, but other concurrent incidents and risks were just as present as in previous years.

The organisers still needed to be able to respond to ongoing safety and security issues, extreme weather events, facility and infrastructure outages or even cyber-related risks that arose.

But this year, the Open had the added pressure of responding to these concurrent incidents while maintaining the controls and arrangements in place for COVID-19.

Despite this seeming like an impossible challenge to many onlookers, organisers of events like the Australian Open are primed, ready and very experienced at responding to concurrent incidents.

They do this through rigorous awareness, planning, training and testing to ensure that they can respond to any incident, or multiple incidents, in a quick, consistent and controlled manner.

While not all organisations have the same risk profile as the Australian Open, it is still paramount to be ready and prepared to respond to two or more incidents occurring simultaneously.

This is now more relevant than ever as we manage the ongoing impacts and challenges of COVID-19 through 2021.

For you, this could be a power outage affecting your staff who are working from home, or a lockdown and bushfire occurring at the same time as we saw earlier this year in WA.

The last year has proven that we cannot fall back on the “oh, that’ll never happen” mindset because unfortunately it can, and for some, it will.

So what are the key questions to be challenging ourselves with?

Key questions and considerations:

• Do you have a clear understanding of your current risk profile and the types of incidents most likely to impact your location, industry, organisation or event?
  • Have they changed over the last 12 months?
• Are you proactively monitoring your risks and vulnerabilities?
  • Who is keeping watch on weather conditions?
  • Who is on the lookout for irregular online activity?
  • How quickly will you find out if something does occur?
• If you do need to respond to another incident, who will lead the response?
  • If you have a team currently activated for COVID-19, does it have the capacity to manage a second incident, or will you need to stand up a separate team or additional team members?
• How resilient is your capacity to manage and resolve concurrent incidents and do you test and validate your resilience through regular exercising?

At RiskLogic we work with our clients to help answer these questions by applying our proven planning, training, and exercising approach to enhance and validate your resilience. It is a system used by hundreds of our clients of all sizes and is well-tested for the current threat environment.

It is important not to just think about how you would respond but to proactively review your plans, update your risk profiles, train your response teams, and give a credible scenario a dry run. Identify and address gaps now, not once you are faced with the impacts of a second or even third concurrent incident.

I encourage you to challenge yourselves. Are you ready? And can you prove it?

This webinar breaks down key three areas of concern, logistics and considerations for those in the education sector.

People welfare & human considerations

Ensure that your staff and students are unseen, and unheard. Consider a method of activating people very quickly without causing stress and minimising disruption. Think about predetermined requirements like medication and/or toiletry needs and who will oversee this for which students. Be prepared for social media to play a part in an event and use it to your advantage. Educate all personnel on expectations in an event.

The Logistics of a Lockdown

Identify where you get key facts from to help to determine where and how you make your next decision. Predetermine where you get that source of information. Identify where and what the threat is. ‘Lockdown’; unseen or unheard. ‘Shelter in place’; not an immediate threat, but containment is required. Distinguish the definitions and make the different processes obvious to all involved.

Immediate Actions & Procedures

Look at what you already have in place and identify where to make improvements. Identify gaps in your capability and build up experience in these areas by validating decisions made by staff during training. Instil a culture of resilience through staff, students and parents. Trust your training and review through a scenario and after an event.