By Tim Hyden
It is likely safe to say that the majority of publicly funded agencies have felt the financial impact of the economic recession that has existed now for more than five years, and with the seemingly ever-expanding scope of responsibility taken on by public safety agencies today, it is little wonder that managing risk (financial risk in the case of the economic downturn) on an organizational level is making more sense now than ever. In addition to a decreased tax base, a more scrutinizing public has, in some cases, necessitated efforts on our part to justify our very existence–a concern certainly never anticipated just a few short years ago.
These challenges have all contributed to a renewed view of how we do business, primarily that we do it right the first time every time (whatever “it” may be) and be ready to stand behind our actions. Along with these challenges, we have come to realize that there are limitations when it comes to conventional administrative direction and financial control. This is where a clear understanding of the meaning and benefits of organizational risk management can make a big difference and how important it is to understand that misconception of the complexity of risk management is often just that–a misconception—when, in reality, some basic understanding of the subject makes it much clearer.
Risk Management vs. Safety
If the thought, “We have a safety committee, why do we need a risk management plan?” comes to mind, consider safety to be the “how” (the tactics) of staying out of trouble and risk management to be the “why” (the strategy). We know that an emergency scene or situation is not handled by tactics alone but rather by a balance of both tactics and strategy. The way we approach and implement organizational risk management is similar in effect and outcome. It has been publicly stated that some agencies–perhaps entire services–are becoming so overwhelmed by the concept of safety that their operational ability is being inhibited. Although this is an understandably controversial issue to some, it may have some conditional merit if viewed from the proper perspective and can, in turn, be of great benefit to the organization.
Safety in the workplace and on the emergency scene is in reality a component of the larger, overall risk management plan – right along with administrative and legal obligations, vehicle maintenance, training, facilities, and incident command – and should therefore be managed as part of a system of identifying and mitigating organizational risk before undesirable events occur.
Can an Organization Be Too Operationally Safe?
Are there really times when we focus too specifically on safety? Aren’t we supposed to do whatever is required to protect our personnel from the harmful effects that lurk in today’s operational environment? To answer those questions, let us start by looking at the function of incident command.
Numerous injury or fatality reports too often speak of a lack of adequate / competent incident command as being a primary cause. Why is that? Does it not make sense that if a competent incident commander (IC) is in charge, overseeing the operation and making decisions in an accurate and timely manner, that the chances of our personnel getting into trouble will be reduced, thus increasing the level of safety? This is ironically where incorrect command decisions can be made–the ones that are thought out too long by an IC who does not want to see personnel get injured. A caring and cautious IC certainly deserves due credit, but it is a fine line between ensuring that no one gets into trouble by overthinking tactical decisions and just getting in and doing what needs to be done to begin deescalation of the event. An overly cautious approach can cause unnecessary delay and, in the end, actually allow conditions to worsen beyond a point deemed safe to send personnel into the hot zone. Granted, again, it is a fine line, but one that is worth considering in the name of risk management.
So what can be done to ensure our command personnel are trained to a level considered competent for an IC? Consider that a competent IC must exhibit traits beyond what we would normally consider leadership. He must exhibit a strong command presence, which must be evidenced by decisiveness, driven by confidence, confirmed by experience, and supported by training and mentoring. Advanced command training is an excellent way of putting in place the cornerstone of a solid risk management plan when it comes to operating on the emergency scene while at the same time helping to increase the safety of response personnel through solid, timely decision making.
An Organizational Approach
As mentioned earlier, there are numerous areas within most organizations that could reside under the risk management “umbrella,” several of which could be considered high-liability areas from an organizational risk perspective. We have talked about the value of a competent IC and deliberate but safe emergency scene operations. Figure 1 provides a list of several of the other high-liability areas that are inherent to the fire service, some of which could easily apply to other public safety agencies as well.
Management of these areas is often assigned to an officer within the particular agency, with all responsibility for periodic inspections, testing, record keeping, and so on belonging to that individual alone. With any one of these areas being potentially high risk (as well as others that are not listed), it makes good sense to ensure that overall review of each is achieved by a team of assigned members. Each area is still ultimately managed by and is the responsibility of the respective member; however, the team approach allows for more expansive periodic review and follow-up where needed, verifying that all required steps are being taken.
Where to Begin
The function of risk management can be broken into two broad categories–risk assessment and risk control. Figure 2 gives a quick-reference view of the risk management process for a single identified hazard; functions above the dashed line are risk assessment, and those below the line are risk control. Although the method is more in depth than indicated here, virtually any identified risk potential can be processed using the flow indicated by this chart, including by both the risk management team for broader organizational issues and incident command on an emergency scene.
As mentioned, the full process of risk assessment and control from an organizational perspective is much more detailed, beginning with a method of bringing suspected risk potential to the attention of the risk management team. How that is accomplished is up to the individual agency; however, once identified, the process is similar regardless of organizational structure or purpose. The importance of keeping an open mind to problem identification, which is usually the most detailed and time-consuming portion of the entire effort, is very important. Taking the time to properly structure and implement a solid plan provides the ability to document and store all gathered information for retrieval at a later date for program evaluation.
Figure 3 shows how the overall organizational risk management process is broken down into five categories. Each is subdivided into task-oriented functions and contributes to the establishment of a risk management program, with the process becoming more flowing after the initial assessment process is complete.
Step 1: Organizational Risk Assessment
By far the most intense and time-consuming effort in setting up a good risk management program is the initial assessment process, where a thorough, open review of the organization is performed to establish the most susceptible and risk-prone areas. Because data collected during this process will help guide the remainder of the program, it is vitally important to ensure an honest assessment of organizational practices, policies, and procedures.
Other examples of areas that might be considered include territory and jurisdiction, segment of population served, and personnel. Beyond the obvious value of our personnel is the fact that they can also be one of the highest liabilities to an organization. An organization must be vigilant in making sure of its competence and ability through training and communication of the importance of risk recognition and mitigation. The improper use of social media, for instance, is only one of the many current areas of concern when it comes to personnel.
Step 2: Formulating Alternatives
Once a full assessment and prioritization of the risks are completed, alternative methods or actions are discussed among team members. Input is required from various corners of the organization to gain a full understanding of potential operational impacts and effects.
Step 3: Selecting Alternatives
Alternatives that help to alleviate or avoid the risk potentials that have been identified are discussed and chosen. Assurance that the selected courses of action align with organizational goals is an important part of this process.
Step 4: Implementing Alternatives
Planning through a determination of timelines, anticipated problems, and any potential public or political issues is considered during the implementation process. Education and training of all affected personnel will help to avoid internal issues that may otherwise occur, particularly where new equipment or procedures are being introduced. This is also the time to give thought to any consequences for noncompliance by personnel, if applicable.
Step 5: Program Monitoring
Prior to program initiation, a means and timeframe for follow-up must be determined. Periodic record review, feedback from personnel, and a determination of whether or not intended program goals have been met are examples of the monitoring process. Frequency and depth of review would be determined by the individual agency and should keep pace with any developing trends that are an effect of the plan. Ideally, a document stating the structure and overall strategy of the risk management program should be prepared, allowing reference and guidance for the program.
Remember that it is the action taken to get the risk management thought process moving and becoming a part of your organizational culture that is key to making a difference. If properly implemented and monitored, it is almost certain that at least some improvement and gain for the typical public safety organization will be realized. Those effects and benefits could easily be the catalyst for additional programs meant to interact with the public, sharing our expertise with the private sector while using our personnel as risk assessment ambassadors–an almost certain win-win scenario for both the organization and the public we serve.
TIM HYDEN is the training and safety officer for East Manatee (FL) Fire Rescue and has been a member of the Florida fire service since 1992. He has an associate degree in fire science and an advanced technical certificate in fire science administration and is nearing completion of a bachelor’s degree in public safety administration from the State College of Florida. He is a graduate of the Florida Fire Chiefs’ Association Emergency Services Leadership Institute and has several state certifications through the Florida Bureau of Fire Standards and Training. He is a contributing writer to Florida Fire Service and Fire Engineering and speaks on leadership, motivation, officer development, risk management, and marketing.