Notes for my presentation delivered at the G31000 Conference in Paris on 21 May 2012

Background

Risk management is fundamental to business continuity management at the United Nations.  While in principle we base our business continuity plans on the anticipation of a Black Swan event, we assess risks to identify substantive preventative and mitigation actions to manage local risks.

Risk management writ large is widely practiced at the United Nations, however with varying formality.  Like many organizations, the most advanced risk management tends to be concentrated in finance and hazard risks that are easily quantifiable and for which we have in-house experts.

Increasing the sophistication and expanding the scope of risk management has been challenging.  Varying terminology and methodology complicate and inhibit communication, and the practice of risk management to the detriment of organizational performance.  Adopting an international risk management standard would certainly contribute to resolving this.

A brief history of business continuity management

Simply put, business continuity management is a process by which an organization identifies its most important activities and develops a plan to continue them no matter what.  Business continuity management can trace its origins to IT disaster recovery, the maintenance of core IT and information systems.  As a result, the business continuity risks were initially IT-focused.

Y2K was the first major even that gave visibility to business continuity, but it was the 9/11 attacks that was the game changer given the level of destruction centered in the financial district of New York City.  The significant disruption posed by the SARS outbreak in 2002-2003, and then the threat of pandemic influenza in the mid-aughts further reinforced the need for organizations to have formal business continuity management programmes.  It was the latter that spurred the establishment of the Business Continuity Management at the United Nations Secretariat and other United Nations agencies.

As the threat of a global influenza pandemic waned, it was recognized that the scope of business continuity risks needed to be expanded to include all hazards: terrorism, natural hazard events, disease et al.  The evolution of business continuity at the United Nations has tracked this same path.  What keeps us up at night are Black Swan events.

The context has changed

Risk management is fundamental to effective business continuity management, now even more so with the increased scope of threats that we face.  Further, the systems on which we our critical processes depend are linked and interdependent, not necessarily in ways we understand.  Our operations may therefore be vulnerable to disruptions about which we do not even know.

We are also being pressed on another front: resources.  The global financial crisis has placed pressure on the resources provided by donor governments. Shrinking resources also mean that organizations must prioritize.  Organizations are responding by consolidating and integrating to leverage resources.

Risk forms a common ground

It is not uncommon for organizations to pursue a programme approach to preparedness, characterized by different units being responsible for different elements. Although organizations can establish a considerable capacity for crisis response this way, the programme approach to preparedness followed runs a risk of compromising the overall effectiveness and response through process duplication and incoherence. It may also lead to increased cost to implement and maintain different initiatives, and an increased burden on offices to develop and implement different preparedness plans, particularly in the field.  To address these shortcomings, there is a trend toward an integrated systems approach.  Risk management facilitates this shift by providing a common denominator across disciplines.

Under a systems approach risk management provides a convening function, providing catalyst to interact across organizational lines and a common basis of understanding for all those involved.  Risk management also provides a basis to collaborate around shared risks, and to prioritize resources.

Anytime you have a conversation around risk, good things happen.  In our experience implementing business continuity, and this holds around the world, that this conversation results in serendipitous effects where individuals who never would have connected – either because they are separated geographically or by the organigram – interact and identify ways in which they can collaborate to capture economies of scale and scope, and enhance their projects by integrating fresh perspectives.  Because business continuity touches all parts of an organization, we have found that one of the manifestations of the serendipitous effects is tighter operations all round.  In this way, effective risk management enhances organizational performance.

 Conclusion

Our experience clearly points to risk management value of its convening function, providing a common reference for communication and framework to prioritize resources.  Equally important, the process of coming together around risk leads to serendipitous effects, with significant potential value.

Implementing the fundamentals of ISO 31000, for business continuity or otherwise, will make your organization stronger.

In the scene of the iconic Seinfeld episode depicted above, which came to define the series, George and Jerry pitch their idea of producing a show about nothing.  The confused NBC executives, however, are a cautious and uncomfortable audience because they naturally want to avoid the risk of loss associated with a show that deviates from the standard formula.  The ensuing farcical exchange is less communication than collective monologue, and it is funny because it is familiar.

It is familiar because promoting the integration of the social web into the work environment one finds oneself in a situation similar to Jerry and George:

To the advocate (you), value of the social web to produce knowledge through networks, and promote social learning is self-evident; while from the perspective of the ‘pitchee’ – decision-maker like Mr. Dalrymple, the fictional President of NBC  in the Seinfeld episode – the benefits seem intangible at best and the downside risks seem potentially lethal.

Convincing skeptical management to engage the social web requires you to value the intangibles, particularly the benefits.

Pitching the social web can’t be about nothing

Applying social web tools is not an end in itself, but must support achievement of an objective, usually a specific behavioural change (caveat: although achievement of objectives is the focus, this ‘macro’ result can only be realized through ‘micro’ – read: individual – activity.  People’s goals and incentives must also be considered when implementing social web tools).  How does one then measure the return on the investment or impact of social web tools?

Toward measurement

Developing metrics to value social web tools is not for the faint at heart, offering significant challenges.  In my experience these metrics tend toward activity measures – such as retweets, followers, Likes and page views – because they have intuitive appeal and are efficient to collect.  However, applying only activity measures can be akin to the cliché of looking for your keys under a lamppost at night: you’ll be able to see, but won’t necessarily find what you are looking for.

What is needed is a framework that includes both activity measures, to confirm that you are reaching your target audience and to add an element of gamification, as an incentive for individuals to engage, and to measure the contribution of social web tools to the achievement of the overarching goal(s), integrating quantitative and qualitative data.  Fortunately one exists.

A conceptual framework to promote and assess value creation in communities and networks

In a report published in 2011 entitled Promoting and assessing value creation in communities and networks: a conceptual framework, Etienne Wenger, Beverly Trayner and Maarten de Laat describe a framework to promote and assess “the value of the learning enabled by community involvement and networking.”  (p. 7)  The framework, graphically depicted in Figure 1 below, describes five ‘cycles’ through which communities and networks create value, which are described in more detail in Figure 2.

Figure 1: “In summary, accumulating evidence of the value created by a community or network can be represented as a matrix of indicators and stories. The squares represent indicators at each cycle. The colored lines represent stories that weave among the elements of each cycle. Dotted lines represent use of proxies and assumptions. The red backward arrow represents a reconsideration of an outcome indicator due to the reflection from stories.” Wenger et al, p. 39.

Figure 2: Summary of Cycle Value

The framework also provides a list of typical indicators and data sources, by cycle, and a toolkit on how to tell compelling stories.

Other applications

When I was first considering this post, my intention was to concentrate on how to pitch the adoption of the social web, but it transmogrified into something I think is more useful: a way to measure the value of engagement.  I say more valuable because demonstrating value is essential to aid decision makers to make an informed judgement on whether to integrate social web tools into work processes, and, if the decision is made to go ahead, to act as a guide to develop a social media strategy in the first place, or communications in general.

Thinking about it in a broader context, I believe that this framework can be extended to measure not just the value of communities and networks, but any correspondence, such as a report, the aim of which is to influence and change behaviour.  The cycles of value creation make it clear that while the intrinsic and potential value of engagement are useful, there is a loftier objective – to change practice to improve personal and organizational performance – the achievement of which can be transformational.

Credits:

1. Seinfeld image: http://www.tvfanatic.com/quotes/shows/seinfeld/episodes/the-pitch/
2. “I’m looking for social media impact.” image: http://answers.oreilly.com/topic/1233-how-to-make-use-of-your-apophenia/
3. Wenger, Etienne et al. (2011) Promoting and assessing value creation in communities and networks: a conceptual analysis. Retrieved from http://wenger-trayner.com/documents/Wenger_Trayner_DeLaat_Value_creation.pdf

In his commencement address to Williams College on 3 June 2012, Atul Gawande explained that higher numbers of deaths during surgery – now called failure to rescue – is explained not because of better risk management, but different levels of recovery from disastrous complications; “preventing failures from becoming a catastrophe.”

While exhorting graduates that the risk of failure is inevitable given the complexity of modern systems, Gawande noted, “Risk is necessary.  Things can and will go wrong.”  He then details three conditions to avoid to limit the potential for failure to rescue:

1. Choosing the wrong plan;
2. Implementing an inadequate plan; or, worst of all,
3. Having no plan.

In his address, Gawande’s described the role of each of these in the Deepwater Horizon oil spill disaster in April of 2010.  We can all think of examples of these conditions, hopefully less catastrophic, from our own experience.

While we recognize the value of planning, there is often resistance or apathy towards it, if for no other reason than the recognition that plans take time and resources to complete and they have limitations.  You can’t plan for every scenario, and ones for which you plan but do not occur, time spent on planning can be considered wasted.

In my former life as an infantry officer one of our mantras was, “Plans never survive the first shot.”  So why do it?  In two blog posts I am going to offer simple, compelling reasons (I hope) for planning, in emergency management conditions in particular.  The first, requires some set-up.

After an event, responders will face a series of problems, depicted in Figure 1:

• Simple: known and easily addressed;
• Complicated: knowable and their solution is applied in the same way every time (ie. making an atom bomb);
• Complex: relationship between cause and effect is not fully understood nor knowable, but principles can be applied to meet goals within a given context (ie. raising a child); and
• Anarchy: unknown unknowns in a complex, unpredictable system.

Figure 1: A taxonomy of problems

Adapted from http://www.lostgarden.com/2006/04/managing-game-design-risk-part-i.html

In a crisis there is a finite amount of cerebral activity and time to solve these problems.  It therefore makes sense to take action to maximize the application of these limited resources.  The corollary being that the solutions to Simple and Complicated problems can, and should, be systematized (or preferably automated) because they are fully knowable, the outcome of actions taken is certain, and there is a high degree of confidence in the understanding of the fundamental systems involved.

It follows that the solutions to Simple and Complicated problems should be the focus of planning and plans.  This will allow responders to dedicate their time and energy to addressing Complex and Anarchic problems that are ever-present when managing an event, crisis or otherwise, as depicted in Figure 2.

Figure 2: The focus of planning – Simple and Complicated problems

Adapted from http://www.noop.nl/2008/08/simple-vs-complicated-vs-complex-vs-chaotic.html

As Gawande alludes, there will always be people who excel and thrive in complex and anarchic environments.  People who “have a better capacity to prepare for the possibility, to limit the damage, and to sometimes even retrieve success from failure.”  These people pride themselves on their ability to quickly assess situations and take decisive action based on their experience and instinct.  Does planning have any value for them?  (Aside: Gawande identifies three critical skills they share: 1. Judgment; 2. Mastery of teamwork; and, 3. Willingness to accept responsibility for the consequences of their choices.  He goes on to highlight that these skills are applicable not just for surgeons, but to all fields)

The short answer is yes because systematizing solutions to Simple and Complicated problems allows a focus on where the action is: the boundary between complexity and anarchy.  However, there is a second reason, the subject of post two in this series: planning provides a framework and structure to find and address vulnerability.

This is a summary of my presentation on social media risk, delivered at the Global Risk Network Forum in New York on 12 June 2012.

‘Here be dragons‘

Comparing the agenda of this event to that of the Florence meeting in 2007, it is clear that the world is very different. Five years ago we discussed models to identify building vulnerability, and now we are dedicating a significant amount of time to discuss a subject, social media, that has only really existed for the past two years.

Five or six hundred years ago the edges of maps were marked “Here be dragons”. There lived monsters conjured in the minds of mariners. Returning to a theme from a previous blog post, the social web, by which I mean the combined external social networks – Facebook and Twitter – and internal collaborative platforms – like Yammer and Connections, is often viewed in a similar way: an unexplored area where lethal dangers await.

There are huge advantages to be gained by engaging on the social web. But this engagement comes with risk. In general I see three sources of social media risk:

1. The ‘Avatar Effect’ – “The merging of the fantasy world and real world.” – such as staff send personal messages from official accounts, which can damage an organization’s reputation.  Although the impact of posting inappropriate content can be significant, nimble organizations can turn an adverse event into a coup.  Read about the positive Red Cross example here;
2. Some people are crazy: you can connect with people on social networks that are malicious, disturbed and who have no sense of scale. For example, beginning in December 2011, the Government of Sweden has given a citizen control of the @Sweden twitter account, to promote tourism.  All was well until one of the account owners began to post controversial material; and
3. People doing stupid things: this is the source of almost all social media disasters.  BBC Editors provide sound advice on how to combat this in paragraph 1.a of the BBC News social media guidance: “Don’t do anything stupid.”; This advice is so elegant, it can be recast it as Social Web Rule #1.

What is interesting is that all three risks involve people, which means that the ways of controlling them will be people-centered.

How can one control the risks?

Implement a social media policy

Social media policies tend to take two forms:

1. The Ten Commandments approach, characterized by a series of “Thou shall not’s”; and
2. The opposite.

Ideally a social media policy (214 examples here) should provide staff with the guidance, tools and support to identify and manage risks; here are some additional must-haves. You should also give some thought about how to deal with the co-mingling of private and official data. For example, how would your firm treat a departing staff member’s LinkedIn contacts? Who owns them?

Staff training

Do not just train staff on social media risk management in a formal setting, but offer fora for staff to share experience to encourage informal learning. An essential element of both formal and informal learning approaches will be to sensitize staff with how to write on social networks and how to tell compelling stories, as the lack of staff familiarity with these skills is a major inhibitor to effective staff engagement. To be successful, executive and senior staff must set the example.

Don’t fear the dragons . . . 

As I wrote before,

Casting a social media shadow by exposing your thoughts and ideas to scrutiny is anxiety producing, both for the organization and staff members.  However, the potential benefits far outweigh the risks.  We cannot be sure what we will encounter during our journey to integrate the social web into the work environment, but like the explorers of old, we can be sure that the monsters we imagined are far worse than the ones we actually face.

. . . serendipity awaits!

Recently I delivered a presentation on business continuity and risk management at a conference in Paris.  While preparing my presentation, inspired by a blog post by John Stepper, I abandoned the standard PowerPoint approach in favour of the one described in the book presentation zen by Garr Reynolds.  This jump came easy.

In presentation zen Reynolds advocates that, “An effective presentation allows us to amplify the meaning of our words.”  My sentiments exactly.  I have always believed that it is hard to inspire with bullets.

What I decided to do

With me, Reynolds’ material found fertile ground, and yet applying it came with some anxiety.  I was unsure how the conference organizers and audience would react.  Undaunted, I decided to apply Reynolds’ methodology, and specifically the four simple ideas for immediate improvement offered in the book by Seth Godin:

1. “Make slides that reinforce your words, not repeat them.  No more than six words on a slide EVER;
2. Don’t use cheesy images.  Use professional stock images;
3. No dissolves, spins, or other transitions.  Keep it simple; and
4. Create a written document.  A leave-behind.”

How I did it

I began by identifying the three key points on which I wanted to convince the audience, and I conceived a (hopefully compelling) narrative to logically lead the audience to them; each slide depicted part of the narrative in sequence.  Next, I plotted the elements for each slide and identified a unifying theme for each, which served as the basis to select the slide image (see photo of my office whiteboard below).

Picture of my office whiteboard, outlining the content of each presentation slide.  The unifying theme for each slide is circled.

Remembering ghosts of presentations past where images I downloaded after a Google search pixellated and blurred when enlarged on a screen, I invested in an iStockphoto account and found professional images that best matched the unifying theme for each slide (the results justified the cost).  There were no fancy transitions between the slides.

This process simplified the preparation of the written handout.  The handout, which was included in the conference package for participants and posted on my blog, incorporated both the slides and the fleshed-out details of my talk.

The Aftermath

The thinking behind the presentation zen approach is seductive:

“You put up a slide.  It triggers an emotional reaction in the audience.  They sit up and want to know what you’re going to say that fits in with that image.  Then, if you do it right, every time they think of what you said, they’ll see the image (and vice versa).”

Against this standard, I think I have some way to go, but the feedback I received was overwhelmingly positive.  I won’t deliver a standard bullet-ridden presentation again if I can help it.  In future I will give more thought to the ‘six words’ on each slide, which I did not always include.

The other key lesson that I learned was the importance of constraints, self-imposed or otherwise, to drive innovation and a creativity.  In this case, the presentation zen approach itself enforced discipline.  As Reynolds notes, “Constraints and limitations are a powerful ally, not an enemy.”

When preparing a presentation in future, I will apply Reynolds’ principles:

“Restraint in preparation.  Simplicity in design.  Naturalness in delivery.”

Please let me know if I am successful or not.

Preamble – The United States Army Social Media Handbook

While researching social media policy and guidance, I came across the latest edition of the United States Army Social Media Handbook, published in June 2012 (hereafter referred to as ‘the Handbook’).  It is an impressive document because its content, presented with an encouraging tone, includes a review of the applications of social media in the context of the United States Army (soldiers and dependents), and the risks involved with social media engagement and how to address them.  The Handbook also provides specific guidance on how soldiers can use social media to be more effective.  One such topic is the use of social media for crisis communications.

The use of social media for crisis communications remains a controversial topic.  Detractors focus on risks of social web engagement, most often the potential for reputational damage from missteps, and, especially in the context of crisis communications, the possible confusion and chaos stemming from the dissemination of misinformation.

Despite resistance, there is growing acceptance that, as noted in the Handbook,

“Using social media to communicate with stakeholders during a crisis has proven to be effective due to its speed, reach and direct access.”

This practical view reflects an agnostic approach to technology:

“It can be used for good or bad.  It can improve things or it can make them worse.”

Practical Guidance

In a sense then, arguing whether social media good or bad misses the point because social media is a reality and is being effectively employed to support crisis communications; the risks involved can be controlled.  The Handbook addresses both, even offering a case study of how the United States Army used social media to provide updates during the 11 March 2011 earthquake off the coast of Japan.

The Handbook describes the following practical guidance on how to use social media for crisis communications and protect organizational credibility:

1. Build a community early: establishing a trusted social media presence and networked relationships take time , and must be done before a crisis;
2. Promote the organization’s social media presence: publicize links to social media sites and profiles on email signatures and in correspondence to increase awareness;
3. Post content often and as soon as practical: people visit websites to perform tasks or to be informed.  Frustrated visitors who cannot achieve these objectives, a process that can happen quickly, will likely never visit the site again.  To be seen as a credible source of information in the fast changing circumstances of a crisis, it follows then that websites must be dynamic and meet visitor needs.  Further, social media provides the means to quickly pass information, but it simultaneously creates an insatiable demand for information.  This means that information should be posted as soon as possible.  Organizations can also extend their reach by sharing information with trusted partners, who can then broadcast on their networks.  The risk of inaction is the potential loss of organizational credibility;
4. Monitor content and conversations, and engage: social media has transformed emergency management and crisis communications because those affected by, and witnesses to, an event now feel they are part of the response.  The ubiquity of smartphones, combined with video and photo sharing applications, generates a constant flow of potentially valuable information, from which organizations can identify the needs of those affected.  At the same time, social media monitoring and engagement allows organizations to influence the conversation and find trends, so that communications can be adjusted to correct misinformation and squash rumors before they can take hold;
5. Leverage mobile devices and platforms: encourage staff to use mobile tools to connect and share information in innovative ways so that they can send on-site information from their mobile devices during a crisis; and
6. Analyze results and adjust: one of the benefits of social media is that there are a host of (often free) metrics to analyze the impact of tools, and to get and collate feedback.  This information can then be used to adjust the crisis communications social media strategy to prepare for future events.

Social Media Risk Management

Debating the merits of social media is beginning to take on an anachronistic feel.  I do not think we are at the point where discussing the impact of social media is synonymous with considering whether the automobile is good for society, but we are close.

Like that automobile, taking advantage of the capabilities of social media is beneficial if applied in the right context in the right way, while acknowledging and controlling the risks involved.  Achieving requires simple, practical guidance, which will be the subject of a future blog post.

The annual Social Media and Response Management Interface Event (SMARMIE) was held at the Metropolitan College of New York, (MCNY) on 28 February 2013, bringing together thought leaders, practitioners and academics, to discuss emerging topics related to the use of social media in emergency response.  The central topic of this year’s event was leveraging the ‘crowd’ to enhance emergency situational awareness and response.

Throughout the day, a number of themes emerged.

Crisis Data is becoming more available and valuable

Ignoring the more cliché elements of Big Data, the ubiquity of smartphones with cameras and GPS technology to produce data, combined with social networks to share it, represent what Patrick Meier characterized as a, “Tsunami of change in emergency management.”  Emergency managers now have access to crisis information, often in real-time from those witnessing the event, that to be exploited to:

• Precisely target emergency response
• Match needs with available resources
• Identify and deal with problems before they spiral out of control
• Meet the public’s expectations to not just be serviced, but engaged throughout emergency preparedness and response

Meier also noted that, “There will be more information produced in 2013 than in any time in history.”  The corollary being that while emergency managers will have access to more information, analyzing it will pose a significant challenge.  The solution proposed by Meier: a combination of crowdsourcing and artificial intelligence.

The rise of Digital Humanitarian Networks and Digital Philanthropy

Patrick Meier’s keynote address focused on the power of Digital Humanitarian Networks to create information, leveraging local knowledge to fill gaps in the data set, and to make sense of it.  The key to analyzing social media crisis information for situational awareness, he argued, is to connect Digital Samaritans.  In this context, the approach he proposed is a combination of human computing and artificial intelligence:

Automated Data Collection + Processing + Crowdsourcing

Meier characterizes digital humanitarian volunteers as, “The Jedis of crisis management,” highlighting that there is a need for an interface between professional humanitarian workers and volunteer crisis mappers.   The former will uncover the gaps in their crisis information, and the latter will provide it, supported by ever more powerful data aggregation tools.

Increasingly powerful crisis data analysis tools

Social media and networks provide potentially geo-referenced, eye-witness accounts of events, but in such volume, and with such velocity and variety that managing it can overwhelm emergency managers.  That said, enabled by the ubiquitous use of social media on smartphones with GPS and cameras, there are a number of tools to help emergency managers to automatically collect and process data.  Among them:

• Geofeedia: a service to search social media in real-time, by location.  Geofeedia allows emergency managers to set a ‘geo-fence’ an area and then monitor, filter and analyze social media feeds, and then share and publish information with your networks.  From the presentation, it seems that Geofeedia will soon provide enhanced analysis metrics, such as location-specific, social network trends.

Geofeedia screenshot of Manhattan during Hurricane Sandy.

• Photosynth: a set of Microsoft tools to weave photos, taken from different locations, into 3D images that can then be shared on Facebook and Twitter, integrated into the Bing search engine, or published to web pages and blogs.  In contrast to a panorama that gives one perspective from one location, ‘photosynths’ allows the viewer to ‘fly’ through the image.  Limitation: although there is a Photosynth iOS app, the PC tools are only available for Windows.

Photosynth of Piazza S.Marco in Venice

While these platforms stylishly provide powerful analysis tools, traditional social networks have established their value for crisis communications, situational awareness and customer support.  For example, Facebook has emerged as THE source of hyper-local crisis information.  Instagram could well be the next big contributor to the crisis data set.

Another related area of interest is how organizations are integrating and situating the application of these tools within dedicated operations centers, to engage the public in emergency response.  Wendy Harman, Director of Social Strategy for the American Red Cross, explained that all Red Cross staff have social engagement responsibilities, which are:

• To execute the mission online
• Grow the network
• Give the public a voice in operational decision-making

Jeff Phillips argued that an engagement culture has replaced the official, scheduled, single-source formula for crisis communications, characterized by a ‘push system’ under which an organization is the sole generator of content.  The implications of this change is that organizations must:

• Identify the power users within their network through Social Network Analysis (see the Related Articles below)
• Monitor social media for actionable information
• Provide the tools and content to enlist networks to catalyze collaboration and cooperation to improve preparedness and response

In cases of limited resources, organizations can establishe a Virtual Operations Support Team (VOST) to monitor, triage and document social media messages to improve situational awareness, respond to requests for help, and mobilize trusted agents as a crisis communications force multiplier.

Concern about social media risks

Following the extensive use of social media to engage and inform the public before, during and after Hurricane Sandy, the application of social media tools to support emergency management has changed from being a trend to an expectation.  Nevertheless, there remains significant concern about our ability to manage the associated risks; a concern that arose at the conference.  Anxiety from using social media for official purposes is particularly acute in the financial industry, due to regulatory requirements and industry characteristics.*  My take on social media risks, and how to control them, is described here.

Another participant concern, which is a common one, is the accuracy of social media posts (some of the hoaxes around Hurricane Sandy can be found here).  Meier notes that with expanding communication on social networks in emergency management and other fields, demand for innovation in social media content verification will increase.  Meier reminded participants of two examples:

• The Queensland Police use of the #mythbusters hashtag to report rumours and incorrect information on Twitter
• The BBC has verified social media information since 2005.

Twitter has a self-correcting mechanism, but we still need to monitor the accuracy of posted information, especially if it can be ‘actionable’ in a crisis.  Meier suggests the following approach to social media information quality control: Trust and Verify.  A variation to this theme, at a panel during a recent Social Media Week event in New York, David Carr, a media and culture columnist at the New York Times, reiterated, “If you report information for a living, you really need to hover over the retweet button.”

Conclusion

In a story on the 60 Minutes television program that aired on 17 March 2013, Jack Dorsey, the founder of Twitter, remarked that the inspiration for Twitter came from listening to the way first responders communicated over the radio in his native St. Louis.  These tools are tailor-made to support emergency managers prepare for, and respond to, crisis events.

However, social networks also benefit the public during emergencies.  During the same program, Dorsey remarked that his creation allows us to share, “Where we are, what we are doing, where we are going and how we are feeling.”  This sentiment was reinforced by one of the presenters at the conference, who made the insightful observation that on an average day, people post about ‘Likes’ and ‘Loves’, but in a crisis they actively engage in discussions on preparedness, disaster impact and response.  Social media democratizes response and enhances accountability by giving all stakeholders a seat at the table.

From the length of this epistle, you have hopefully gained a perspective on the breadth and density of the material covered at the SMARMIE conference (which will keep me coming back).  What was particularly exciting, is the rate of advance of innovation in the use of social media in emergency management, spawned by the nexus of distributed thought leaders and practitioners on the very platforms that are advancing the field.  Nevertheless, some interesting ideas arose at the conference that I would like to explore in more detail:

• How to integrate crowdsouring and micro-tasking into online games (raised by Patrick Meier)
• Best practices to set up and govern a Virtual Operations Support Team (VOST)
• How do we adapt the process-driven approach to emergency management to the “beautiful chaos of the social web.” (raised by Wendy Harman)

——————————————————————————————————————————————————————————————————————

* – Recognizing the financial institutions are “using social media as a tool to generate new business and provide a dynamic environment to interact with consumers,” recently the Federal Financial Institutions Examination Council (FFIEC) solicited comments on proposed guidance entitled Social Media: Consumer Compliance Risk Management Guidance.  The proposed guidance identifies three sources of social media risk:

1. Compliance and Legal Risk;
2. Reputation Risk; and
3. Operational Risk; and

suggests high-level controls for each risk area.

Related articles

• Monitoring Social Media by Location – Do tools like GeoFeedia invade privacy? (idisaster.wordpress.com)
• Keynote: Next Generation Humanitarian Technology (irevolution.net)
• The social web and crisis communications – Be all that you can be (buridansblog.com)
• Social Network Analysis for Digital Humanitarian Response (irevolution.net)
• Social Network Analysis of Tweets During Australia Floods (irevolution.net)
• Behind the Scenes: The Digital Operations Center of the American Red Cross (irevolution.net)

The ‘Rogue Worker Theory’ can’t explain this

Source: http://www.freakonomics.com/2011/07/21/mouse-in-salad-photo-1/

The Mouse in the Salad

The Freakonomics Podcast, The Mouse in the Salad, Stephen Dubner explores crisis management, centering the discussion around an incident at the Pain Quotidien, on the Upper West Side of New York, in which a patron found a dead mouse in her salad.  In this case, Dubner who took the photo above, muses whether the mouse incident is just one of those things, a view rejected by Dubner’s friend, James Altucher, who was eating with him at the time:

“Too many things went wrong. So, each one thing has a low probability. So a mouse gets into an open salad bag that happens to be lying around. That’s inappropriate. The mouse dies there. So, I don’t know, was it there overnight? The guy takes his hand in and puts it in a bowl and didn’t see the mouse. The waitress or waiter brings the mouse over and didn’t notice it. So, four or five things went wrong. Maybe the salad was delivered with the mouse in it to the store to begin with? So, we don’t know where it went wrong.”

While in this case we don’t know with certainty what went wrong, two things are clear:

1. The mouse did not end up in the salad because of a rogue waiter; and
2. The mouse did end up in the salad as a result of a myriad of organizational causes – like, failures of quality assurance to food preparation processes.

The Swiss Cheese Safety Model

Under the Rogue Worker Theory, disasters are the result of the actions of a few or one.  The trouble with this explanation is that it ignores the way that organizations manage risk (well, good ones anyway).

All organizations face risks to the achievement of their objectives.  The army trained us to organize defence in depth, so there was not a single point of failure.  Organizations do the same thing, implementing a series of controls to manage risks.  As depicted in the graphic below – the Swiss Cheese Safety Model – each of these controls comprises a single slice of Swiss cheese.  Disasters occur when the holes in the slices ‘line up’.

You can’t always blame it on a rogue

Source: http://www.nature.com/nrurol/journal/v10/n3/images/nrurol.2013.13-f2.jpg

Under the Swiss Cheese Safety Model, losses result from failures or gaps in organizational controls, such as internal processes, supervision, executive tone, and policy.  Staff providing a service – whether a commodities trader or waiter in a Pain Quotidien – are just the last slice of cheese.

“There are no bad soldiers, only bad officers.”

The Rogue Worker Theory is seductive because the problem can be excised: staff can resign or be fired.  Acknowledging the need to address the root causes of failure is a challenging proposition because it means the failure is about ‘us’ not some rogue ‘them’, and that organizational change, at all levels, must come.

With the above quote, Napoleon captures the inconvenient reality that organizational causes offer more powerful explanations for organizational failures and scandals than the Rogue Worker Theory.  Disasters occur because of multiple organizational failure, not just because of the actions of a few (or one).  Remember that the next time you find something unfortunate in your salad.

During the catastrophic flood in Calgary on 21 June 2013, and in its aftermath, the Calgary Police effectively used Twitter as a crisis communications and coordination tool.  By doing so they (again) demonstrated that social media must be part of crisis communications plans.

What was once a trend, is now an expectation: the public demands involvement in crisis response.   In emergency situations, the public uses social media and networks to exchange information, identify needs and, increasingly, to match supply and demand for support.  Some create mischief by posting hoaxes.  All this means that, during a crisis, organizations must continually monitor and respond to social media.

Social media has a tremendous ‘virality’ potential because content is easily shared across networks.  To leverage this characteristic, organizations must adopt a new communications approach.  As I have written elsewhere in this space, effective social media content must be:

Relevant, targeted, and reflect a tone that is appropriate to a specific audience.  To resonate, content must tap into emotions and passions of the audience, and be paired with an outlet for enthusiasm and anger.

In practice, social media engagement is most effective when it is authentic, transparent and disrupts the conversation.

Organization is need to take advantage of social media opportunities.  The Calgary Police did just that when responding to this question from a member of the public,

@CalgaryPolice what do we do about vagrants and questionable people roaming the streets in suburban communities because of the flood situation

with the following tweet,

This example highlights two fundamentals of using social media for emergency management:

• Organizations must establish their online brand in advance.  This tweet will certainly do that, at last look having been retweeted over 700 times.  Audience(s) must know where to go for crisis information, and be conditioned to do so during ‘peacetime’.

• To elicit an emotional response that drives engagement and action, social media content must conform to the principles reflected in the ‘Warby Parker 5′:

1. Is it unique?
2. Is it authentic?
3. Is it unexpected?
4. Does it do good?
5. Does it have a compelling narrative?

Applying these questions to the Calgary Police tweet above?  Check, check, check, check and check.  This explains why this tweet has stormed through the internet.

While recognizing the utility of social media for emergency management, the experience of the Calgary Police during the #yycflood – where their account was put into ‘Twitter Jail’ for exceeding the number of tweets allowed in a day – reinforces the need for organizations to adopt a portfolio approach to crisis communications.  Social media – Twitter and Facebook in particular – have emerged as essential information sources during a crisis, especially for hyper-local information, but they must be supported by traditional communication means.

Related articles

• Calgary Police’s Twitter account displays #SMEM best practices during #yycflood (inesmergel.wordpress.com)
• Lockdown of Calgary police makes Twitter a massive #fail in emergency communications (blogs.vancouversun.com)
• Twitter Jail (is social media reliable in an emergency) (tacmedia.wordpress.com)
• June 2013 Calgary, Alberta floods (#yycflood, #abflood) (vielmetti.typepad.com)
• Calgary flooding: Social media community unites to support Calgarians (beaconnews.ca)
• Strangers open homes to Calgary flood victims on Kijiji (cbc.ca)

The American Red Cross is taking advantage of the Sharknado premiere – a deliciously bad SyFy movie in which sharks, sucked up in Pacific tornadoes, drop on the unsuspecting public - to promote disaster preparedness.  The premise behind this initiative is that the measures one should take to prepare for sharks randomly dropping from the sky are the same as those of a hurricane or pandemic.

To change their behaviour, human beings must be placed in the context of a significant emotional event in which their current beliefs and practices are untenable.  This occurs during actual events – like Superstorm Sandy – but can also be generated through exercises and awareness campaigns.  Like the Center of Disease Control‘s Zombie Apocalypse campaign in 2012, pop culture offers opportunities to engage the public on disaster preparedness because, paradoxically, the public understands and are moved by the scenarios, however ridiculous.  The rub is that this type of effort can only be successfully implemented by the nimble, creative and organized.

As I have noted elsewhere, “To capture attention content must authentic and disrupt the conversation.”  To do this, and create material that elicits a visceral experience to drive engagement, social media content, indeed campaigns, must satisfy 5 criteria:

1. Is it unique?
2. Is it authentic?
3. Is it unexpected?
4. Does it do good?
5. Does it have a compelling narrative?

The American Red Cross Sharknado campaign does just that.

Related articles

• We asked the writer of Sharknado some very serious questions (io9.com)
• Sharknado Takes Twitter by Storm (mashable.com)
• The Director of ‘Sharknado’ Explains the Joy of ‘Sharknado’ (theatlanticwire.com)
• The ‘Sharknado’ Trailer Is The Most Ridiculous Thing We’ve Ever Seen (businessinsider.com)

Notes for my presentation at the BCM World Conference and Exhibition in London, on 6 November 2013

Background

The evolution of emergency management in the United Nations has tracked to the risks faced by the Organization.  Before 2005, the emergency landscape was primarily comprised of security and humanitarian contingency planning.  The emergence of the pandemic influenza risk brought the establishment of business continuity as a discipline in the United Nations, with strong links to disaster recovery, but it was the tragic earthquake in Haiti in January 2010, that spawned a major change in the way in which the United Nations approached emergency management.

While considering establishing a dedicated unit to support staff and their families injured by malicious acts or natural hazard events as part of the internal response to the Haiti earthquake in 2010, the United Nations General Assembly requested the Secretariat to develop a framework that would describe the relationship between the various emergency management actors and how they work together.  At that time, the practice was to pursue a programme approach to preparedness, characterized by responsibility for emergency management functions spread among different units.

Although the Organization managed to set up significant capacity for crisis response this way, the programme approach has the potential to compromise the overall effectiveness and response and recovery through process duplication and incoherence. It may also lead to increased cost to implement and support different initiatives, and an increased burden on offices to develop and carry out different preparedness plans.

The General Assembly approved the Organizational Resilience Management System (ORMS) in June of 2013 under resolution A/RES/67/254.  This marks a transformational change in the way in which the United Nations Secretariat approaches emergency management – including prevention, preparedness, response and recovery – and manages operational risk.

Why does the United Nations need ORMS?

In addition to meeting the request of the General Assembly to do so, adopting a systems approach, inherent to ORMS, satisfied another need: to reduce the burden on offices to implement emergency management.  As one would expect, the United Nations has offices around the world, and these offices vary in size.  In contrast to major United Nations offices, like those in Geneva and Nairobi, with the exception of Security, United Nations satellite offices do not have dedicated emergency management experts.  A systems approach, with harmonized emergency management plans, structures, and exercises and testing are easier to implement in offices with limited resources and capacity.

Emergency management lends itself to harmonization and integration because its constituent parts are linked by a shared understanding of risk, and they share a common goal to enhance management of specific operational risks.

Finance and Hazard risks, which are measurable, are typically well-managed in organizations that have dedicated experts to identify and treat these risks.  Strategic risks – risks related to the relevance, alignment and quality of the programme – and Operational risks – those related to people, processes and systems – however, are difficult or impossible to quantify, and responsibility to control them sits in different departments, requiring collaboration across organizational lines to manage them effectively.  If this did not complicate things enough, Strategic and Operational Risks pose the greatest threat for significant disruption.

Figure 1 – A Taxonomy of Risk

ORMS makes a major contribution to managing Operational Risk by:

• Encouraging a shared assessment of risk;
• Providing a mechanism to jointly identify and control Operational Risk; and
• Harmonization and integration of plans and structures minimizes the unintentional transfer of risk within the organization.

What is ORMS?

ORMS is a risk-based emergency management framework, bringing together integral actors across prevention, preparedness, response and recovery.   The aim of ORMS is to enhance the Organization’s ability to deal with crises to protect staff and assets, and allow the United Nations to continue to deliver its critical mandates.  A description of the elements comprising the ORMS framework, and the ORMS Processes by Phase, are detailed at Figure 2 and Figure 3, respectively, below.

Figure 2 – ORMS Elements

Figure 3 – ORMS Processes by Phase

To be effective, ORMS must be applicable in all United Nations duty stations, regardless of size, organizational structure and culture, and risk exposure.  At its essence, ORMS involves:

• Harmonization of emergency management planning and plans
• Common governance and implementation structures for emergency management
• Jointly conducted emergency management awareness, training and exercises

This will be achieved by develop guidance that describes fundamental roles and responsibilities, and principles, which can then be applied to meet local conditions.

Implementation

Development of ORMS was done primarily at the United Nations Headquarters in New York City.  For this reason, the framework was piloted at Headquarters, beginning in 2011.  It was later decided to phase ORMS implementation, first to the other United Nations Secretariat offices – the United Nations Office at Geneva, the United Nations Office at Nairobi, the United Nations Office at Vienna, the Regional Commissions in Addis Ababa, Beirut, Santiago and Bangkok, and the field missions of the Departments of Peacekeeping Operation and Political Affairs – then to the agencies, funds and programmes, such as UNICEF and the World Food Programme.

ORMS will be implemented through a combination of a formal, project management approach and an informal, emergent strategy.  Under the formal approach:

• A Steering Committee, Project Owner, and Project Team have been assigned; and
• Key deliverables that scaffold the theoretical and practical elements required for implementation – such as the policy, implementation standards and self-assessment tools – have been programmed for presentation to the Steering Committee.

Although the emergent strategy is informal, this is a misnomer as its application requires a putting in place fundamentals that generates opportunities for collaboration, and the ability to exploit them.  This process is not accidental, but the result of careful strategic communications planning.  The key components of the emergent strategy are as follows:

1. Establish and nurture an ever-expanding network;
2. Provide a mechanism to give everyone affected by ORMS a voice and the ability to share and capture knowledge;
3. Partnerships with academia, the private sector, civil society and governments at all levels; and
4. Nimble decision-making.

In developing the ORMS governance model, we wanted to find the balance between being vapid and overly prescriptive.  A Responsive Regulation approach is being adopted, whereby policy, governance and implementation support is guided by the premise that staff and management want to do the right thing, and improve emergency management.  Under this dynamic approach, ORMS will be embedded in the Organization’s culture, and solutions to issues will be derived and communicated through the network.  The network is also a source to discuss deficits in capacity in a given place

Conclusion

ORMS is a resource multiplier as it facilitates leveraging and sharing existing capacity, knowledge, experience and skills of United Nations staff working in the emergency management field.  Experience to date indicates that the extension of ORMS across the Secretariat and the UN System is expected to yield significant economies, as follows:

1. Harmonization of deliverables will make them more effective and reduce the time and resources required to produce them;
2. Clear roles, responsibilities and integrated workflows will speed agreement between organizations when establishing operations in new environments;
3. Providing a common language and common definition of concepts will reduce the need for meetings, speed implementation and unleash innovation;
4. Working across departments encourages silo-busting, which inevitably leads to innovation and improved use of resources;
5. Increased awareness of ongoing activities and projects across organizations yields serendipitous effects from organic collaboration, supporting the implementation of linked projects and overall change management;
6. Overlaps between initiatives will be eliminated whenever possible;
7. Interoperability between organizations will be improved; and
   1. Integral after action and lessons learned provides a sound basis to continually adapt and improve risk prevention and emergency preparedness and response.

Want to know more?

Connect with me on Twitter (@brianinroma), or LinkedIn, and follow my blog.

Again this year, I made the pilgrimage to London to attend the BCM World Conference and Exhibition; a link to the background paper for my presentation is here.

As always, there were some nuggets.  Here is one:

Risk and Business Continuity (Mike Power – LSE)

Professor Power cogently described how Business Continuity Management can contribute to effective enterprise risk management.  He began by detailing the challenges to manage enterprise risks:

• The Illusion of Control, characterized by the assumption that we have more of an understanding of cause and effect than we really do.  As I have written elsewhere, in complex and anarchic events, cause and effect can only be understood after the fact
• Fragmentation of capability to manage specific risks
• Entity v System Focus, resulting in organizational stove pipes
• (Unrecognized) Interconnectedness, concomitant with today’s complex systems

Power then turned to the challenges for Business Continuity Management in the enterprise:

• BCM has historically been disempowered, considered overhead and not a value-generating part of the business
• The slow emergence of operational risk
• Weak institutionalization, stemming from the perception that BCM has only an operational or technology focus
• Weak accountability within the enterprise for low probability-high impact events, which are the bread and butter for BCM

To respond to these challenges, Professor Power proposed a number of solutions:

• Establish and formalize the Three Lines of Defence: Business, Corporate Risk Management, and Internal and External Audit.  These lines are graphically depicted at Figure 1.

Figure 1 – Three Lines of Defence

The ‘Action’ is in the fuzzy area between Levels 1 and 2

• Identify the scenarios under which your organization will fail . . . completely, and then decide what will be your strategies to recover from catastrophic loss
• Establish a risk culture – the ability to think of alternate futures and build action plans around them – where:
  • The authority for risk and control functions are clear
  • There is a respect for controls
  • There is close attention to incentives risk
  • Accept that you can do your best, but there is still a chance for failure
• Recruit charismatic BCM leaders
• Build the narrative of BCM’s value generating capacity:
  • Embed resilience as a core organizational value and ‘BAU’
  • Circulate stories of success
  • Create the discourse, incorporating the performance nature of language: if you talk in a certain way, it will happen
• Incentivize collaboration: when the world is moving against you, to succeed, collaboration must increase.

My Take

Professor Power’s presentation resonated with me because the content was consistent with my experience.  First, there is a common bias toward a programme, or entity, approach over a system approach.  This in turn complicates the management of operational risk, which can only be done effectively by an enterprise approach.  Second, it is ironic that fragmentation features in a field – emergency management – in which consolidation is almost always a good idea.

The fewer baton passes, the fewer times the baton will be dropped

Third, there is a critical message implicit in the Three Lines of Defence: corporate BCM can support businesses prevent, prepare, respond and recover, but each business is responsible for their continuity and resilience.

Finally, BCM is a value generator.  The focus of BCM is to find and preserve value within the organization.  Executing this responsibility, connects BCM with all parts of the enterprise, inevitably generating serendipitous effects that are typically of significant value.  Any time you have a conversation around risk, good things happen.

Related articles

• Organizational resilience at the United Nations Secretariat (buridansblog.com)
• Reflections on BCM World 2013 (crisisthinking.co.uk)

Excerpt of the article Ready to respond, my discussion with Continuity, the magazine of the Business Continuity Institute

What would you say are the principles which underpin the UN’s approach to business continuity and organisational resilience?

The UN’s approach to business continuity and organisational resilience is centred on continuous learning and improvement, and is based on a series of principles. The first of these principles is risk-based planning and practice. The United Nations duty stations around the world can have different risk profiles, and plans must reflect local risks. There are common fundamentals, but our approach to organisational resilience is not a ‘one size fits all’ approach. Also, under the Organisational Resilience Management System (ORMS), emergency management plans, including business continuity, will be founded on a joint assessment of operational risks. A second principle is that of flexible standardisation. The fundamental roles, responsibilities and practice are tailored to reflect the local context, leveraging existing resources and processes. The third principle I would highlight is harmonised and integrated implementation. Emergency management plans and planning processes, governance and implementation structures – such as crisis management teams – and behavioural change will be implemented in coordination with United Nations Member States, host country authorities and other key partners. The final principle relates to maximised organisational learning. This means that the lessons learned during implementation will be identified, recorded and shared.

How do you ensure that your approach to organisational resilience is aligned with the overall objectives of the UN and that it keeps pace with the changing demands of the organisation?

The ORMS is closely governed by a group of department heads that ensure that the system meets the needs of clients. The Secretariat also reports on the progress of development and implementation to the General Assembly, which provides direction and guidance. You mentioned the Organisational Resilience Management System, which has recently been adopted by the UN. Can you provide me with an overview of this system? The UN Organisational Resilience Management System was approved by the General Assembly in June 2013, under A/RES/67/254, as the emergency management framework for the organisation. The ORMS is a comprehensive emergency management system, linking actors and activities across preparedness, prevention, response and recovery, to enhance the organisation’s resilience in order to improve its ability to ensure the safety and security of our staff and assets, and to deliver our mandates. The core elements of the ORMS are:

• Crisis management decision making and operations coordination architecture
• Security
• Crisis communications
• Mass casualty incident response
• IT disaster recovery
• Business continuity
• Support to staff, survivors and their families.

The system processes include:

• Policy and plan development
• Risk assessment and mitigation
• Situational awareness
• Crisis management decision making, operations execution and coordination
• Recovery of people and assets and reconstitution of business processes
• Reviewing actions and identifying lessons to improve processes
• Exercising and training
• Implementing lessons learned.

The ORMS comprises centralised, integrated decision-making and operations coordination bodies linking the core elements in a comprehensive framework and ensuring all processes are undertaken in a timely and coherent manner. Under ORMS, the UN response to any event will be flexible, reflecting prevailing circumstances and focus on a range of priorities. Firstly, the health, safety and security and well-being of United Nations personnel. The focus will also be on maintaining the continuity of United Nations critical functions and activities, and capacities for mandate and programme implementation. In addition, it encompasses protection of United Nations physical assets. Finally, I have provided here a graphical representation of the organisational resilience management system, by emergency management phase and process (see below).

The Component Phases and Process of the ORMS

Why was it decided to introduce the new system?

The global operations of the United Nations bring with them exposure to an extensive and varied range of threats. To prevent and manage these threats requires efforts beyond a harmonised and integrated approach to emergency management. The ORMS was introduced to meet these challenges, pursuant to a request of the General Assembly to develop a comprehensive emergency management framework.

How have you gone about implementing the ORMS and what challenges have you had to overcome to achieve this?

We have pursued a dual strategy to implement the system. First, although ORMS is not a project, on one level we approach it like one. We have set clear lines of accountability for deliverables, established formal governance, development and quality control structures, and have a dedicated regime the aim of which is to change the behaviour of staff, consistent with the tenets of ORMS. Second, we are nurturing an ever-expanding global network of emergency managers from the private sector, academia, partner agencies and interested staff to generate serendipitous effects through information and capacity sharing.

How far along the process are you to the full implementation of the system?

The implementation of the ORMS within the United Nations is being led by the Secretariat. It was decided to pursue a phased implementation approach, beginning at the United Nations Headquarters in New York and then extending the framework to the Offices Away from Headquarters in Geneva, Vienna and Nairobi, the Regional Commissions in Addis Ababa, Bangkok, Santiago, Beirut, and Geneva, the United Nations peacekeeping and special political missions, and then finally to the United Nations agencies, funds and programmes. The ORMS has been fully implemented at the United Nations Headquarters, and implementation will now shift to other offices.

Central to the ORMS is the Responsive Regulation approach. Can you clarify what this approach is and why it is so important?

Responsive Regulation is a compliance model proposed by Ian Ayres and John Braithwaite in their book, Responsive Regulation: Transcending the deregulation debate. Based on the premise that a population subject to a regulation will vary from voluntary compliance to deliberate non-compliance, the model suggests a portfolio of escalating remedies to encourage voluntary compliance, related to address the source of non-compliance. The model also recognises that those who deliberately do not comply with a specific regulation are a small minority. The governance of the ORMS is based on the responsive regulation approach. The policies and guidance to which the system gives effect will focus on providing United Nations staff with the tools to implement the framework, and not reflect a strong ‘stick’ approach to non-compliance. To date, we have found that the ORMS resonates with staff and management because it solves the problem of how to ensure harmonised and integrated effort between emergency management disciplines. In this way, the system reflects the common need to establish a framework that describes the relationship between the elements that comprise the emergency management landscape. It also serves to enhance the management of operational risk; and furthermore, ORMS supports efforts at the field office level to implement emergency management programmes by adopting a common system that allows offices to leverage each other’s capacity, and to harmonise activities around a common good.

What benefits of the new system have you seen at this early stage?

While it is too early to describe benefits in detail, we have found that working across functional areas encourages working across silos, which has inevitably lead to innovation and improved use of resources. On a related subject, increased awareness of ongoing activities and projects generates serendipitous effects from organic collaboration, supporting the implementation of linked projects and overall change management. Interoperability between organisations has improved, and integral ‘after action’ and lessons learned processes provide a sound basis for continual improvement.

What would you say have been the main learning points from this process?

The implementation of ORMS has been a significant learning experience. The first lesson is the importance of effective change management, characterised by not just establishing the task element and deliverables such as plans; but ensuring that implementation is supported by effective governance structures and a network of practitioners, as well as behavioural change. Second, gaps between emergency management disciplines, such as business continuity and crisis management, are a major source of vulnerability. If there is a gap in overall programme planning and coordination, the effectiveness of preparedness and response will be affected, and not in a good way. Third, a former boss of mine in the army used to tell us that, “Those that can communicate can’t help but be successful.” Strategic communication has been essential to the successful implementation of ORMS, especially in support of change management. One of the main tools that we have used to nurture the network and to share knowledge is social media and internal collaboration platforms. Finally, ORMS is not an overhead, but rather is an effort that creates significant value. The system brings people from across the organisation together around a common objective, which is to effectively manage risk and protect what is the most valuable parts of a business. The process makes the organisation tighter and generates serendipitous effects that lead to new opportunities for collaboration.

At the International Crisis & Risk Communication Conference on 5 March 2013, I delivered a presentation on the use of social media for crisis communications, based on the following argument:

Changing technology, public expectations and the ways in which we interact are setting traditional patterns of communication on a trajectory toward obsolescence. Effectively responding to a complex event requires a continually evolving situational awareness, which is dependent upon the receipt and dissemination of timely and accurate information. In this regard, the ubiquitous availability of smart phones, and the rise of social media, poses challenges and opportunities that can only be managed by taking action in advance.*

The Too Late part came from the need to take action before an event to take advantage of social media to enhance crisis communications.

The release of the Continuity Insights survey Crisis Communications 2014: Social Media & Notification Systems is an opportunity to revisit this topic.

Crisis Leadership Tasks

In an earlier post I argued that we need to replace the traditional, passive notion of crisis management as something that follows something clear and present that has occurred, with a dynamic approach where we actively scan for risks about which we have to do something. In summary,

• Sense Making: constantly scanning the environment to identify risks that could impact operations
• Decision Making: matching the emerging risk with appropriate prevention or preparedness action
• Meaning Making: communicating and gaining support for the action taken
• Terminating: transition from the crisis state to business-as-usual
• Learning: formal after action review process to identify and internalize lessons learned

Crisis Leadership Tasks

Key lessons to use social media for emergency management

1. Define your goals: the more complex the goal, the harder it will be to do. To wit, trying to predict an event by mining social networks will clearly be more challenging than providing employees with a platform to share what is going on in their neighbourhoods during a storm
2. Establish your brand in advance: to the uninitiated, social networks can seem like a free-for-all. Instead, they are silently governed by spontaneous social organization, one of the norms of which is that people prefer to engage with those that they find credible. This credibility scaffolds social network relationships and must be earned. In a crisis, people turn to those that they trust, which means that sites must build a following before an event.
3. Find your influencers: to maximize impact, your messages need to be amplified. To do this you need to find the key influencers within your network so that you can tailor content for them to share. Kim Stephens of the idisaster 2.0 blog has a great line, “Follow the spokes and you will find the hubs.”
4. Provide your influencers with content to share: as noted in the last bullet, providing the key influencers within your network with content to share, maximizes the virality potential of your communications. All social media content is not created equal. Warby Parker applies these five criteria to create social media content that drives engagement: unique, authentic, unexpected, does good and has a compelling narrative. Remember, social media engagement is most effective when it is authentic, transparent and disrupts the conversation.
5. Adopt a Pull system: people want to be engaged, not communicated at; they also expect to be a source of information during a crisis. Social networks provide the means to do both. In practice, this means that the historical approach of the organization being the primary source of information – the Push system – should give way to a Pull system, under which staff are encouraged to not only amplify crisis information they get from credible sources, but to share first person, eye-witness accounts of what is going on in their neighbourhoods. Not only does this contribute to organizational situational awareness, but contributes to the psycho-social well-being of employees.

From within your network, both inside and outside the organization

Summary

The key lessons for effective use of social media for crisis communications are:

• Identify your goals
• Build your brand in advance
• Find your influencers
• Provide the influencers and trusted agents with unique, authentic content to share
• Pull, don’t push

In addition to these key lessons, make sure you talk like a human being and engage your audience as equals.

Adopt a ‘Push’ system for crisis communications

* One of the many lessons I learned through this experience, is the need to Google presentation titles.  After publishing the presentation title, Now is Too Late: Utlizing Social Media for Situational Awareness, we learned that it was a variation on the a book title on a similar subject, Now is Too Late: Survival in an Era of Instant News, by Gerald R. Baron.  While Mr. Baron graciously cleared the use of the title, we should have checked before publishing it.

Related articles

• We now live in a world where more people have mobile phones than clean toilets
• Welcome to Crisis Comms in the Social Media Era #yycflood
• Social Media Summit 2013 – My Notes
• #SMEM Crisis Response – The #bostonmarathon Bombing

Earlier this week, Continuity Insights published the Crisis Communications: Social Media & Notifications Systems survey. Continuity Insights began reporting on the use of social media for emergency management in 2012, expanding the survey in 2013 to include social media strategy, risk and views on effectiveness. Both of these reports give the baseline for the 2014 survey.

Key Findings

• Use of social media as a crisis communications tool is on the rise
• But, perhaps paradoxically, there was a significant drop in the use of social media to communicate with employees. In that space, Emergency Notification Systems reign
• Increased expression of intent to use social media to enhance situational awareness in a crisis, also reflected in the expanded use of the geospatial mapping features of Emergency Notifications Systems
• Respondents voiced their belief that mobile technology is vital for effective crisis communications

My Observations

1. While there has been an increase in the use of social media, it seems that it is being used to push messages out to audiences, with still limited use to support situational awareness.Social media form part of the portfolio of communications channels; however, there is unexploited value in providing key influencers within the network with innovative content to share, and a safe space for staff to share their experience.
2. Video is a compelling storytelling medium, yet it is not widely used for crisis communications. Almost 90% of respondents viewed YouTube as ‘Not Useful’ or ‘Somewhat Useful’ as a medium to get the message out during a crisis event. This is understandable as most organizations do not have dedicated resources to watch and actively engage on social media, let alone produce video content.
3. On a related topic, the survey revealed the use of peer-to-peer apps, such as What’sApp and Waze. The emergence of these so-called ‘Dark Social’ platforms (because the content that it typically shared from them has no identifiable source) is a growing trend in the wider social media world.
4. It was interesting to note what questions the response rate dropped significantly: those dealing with social media strategy. This reflects (I think) the superficial nature of integration of social media into crisis communications plans. Further evidence of this is the incarceration of social media in corporate communications and marketing departments. There is value in taking advantage of free social media platforms, and the knowledge of staff in how to use them, but it is a common challenge that organizations are not staffed and organized to fully capitalize on the potential of social media for situational awareness and crisis communications, especially as it applies to mobile.
5. Finally, the survey makes it clear that respondents view social media is the source of limitless reputational risk, resulting from the spread of inaccurate or embarrassing information. The only thing you need to remember is, “Don’t do anything stupid.”

Related articles

• 5 Key Lessons to Use Social Media for Emergency Management #SMEM
• #SMEM Crisis Response – The #bostonmarathon Bombing
• Social Networking Trends of 2013 and Implications for #SMEM
• More Research on Boston Marathon Official Twitter Activity #SMEM

These are my background notes for the presentation I made at the IERP Global Conference in Kuala Lumpur, Malaysia on 4 June 2014.

I have written elsewhere in this space that emergency managers face four different types of problems:

1. Simple
2. Complicated
3. Complex
4. Anarchy

and that, “the solutions to Simple and Complicated problems should be the focus of planning and plans.”

Traditionally approaches to emergency management have been processed-based: a set number of sequential steps that generate the action necessary to prepare for and respond to crisis events, in (hopefully) a virtuous cycle. These approaches are suitable in situations where we have a comprehensive understanding of the factors that underlie the crisis and the way it impacts organizational systems. The question then is what do we do when we do not?

This is a story about complexity and how to deal with it in the context of emergency management.

Complexity

Complexity permeates our lives – like the air around us, we cannot avoid it – and has unique characteristics:

• The output of component systems cannot be anticipated nor controlled
• Component systems interact to produce new equilibria

Under complexity circumstances literally emerge. This means that cause and effect can only be understood retrospectively. Without the ability to expect how systems will interact and how this will impact operations, plans can quickly lose their relevance, like a weather forecast the accuracy of which erodes by the second. We can predict the primary impacts of an event, but doing the same for the secondary and tertiary impacts is difficult. In these circumstances a traditional, process-based approach to emergency management alone is inadequate.

Superheroes can’t do complexity

Towards a Network Approach

In a previous post I described and advocated that a dynamic approach to crisis management be adopted, in which constant situational awareness identifies risks and triggers an appropriate organizational response to them. The key crisis leadership tasks the underlie this model are detailed below.

Adapted from Boin, Arjen, et al. (2005). The Politics of Crisis Management [Kindle version] (pp. 217-285). Retrieved from Amazon.com

This dynamic model scaffolds the network approach to emergency management, which recognizes how networks are central to how an organization functions.

Output is produced not just following steps in a business process, but through the interaction and collaboration between networks, formal and informal, within and without the organization. As argued by Dave Gray, a ‘line of interaction’ has supplanted the ‘line of production’ model.

Crises disrupt these networks, or at worst, they collapse, so the aim of the network approach is to develop and nurture them, creating multiple redundancies across organizational and thematic lines.

In practice this means alignment and harmonization in four areas:

1. Common understanding of risks that can lead to crises
2. Plans and planning processes
3. Governance and implementation structures
4. Behavioural change.

Under this approach:

• Decentralize risk management, but govern it centrally
• Risk management dynamic, focused on identifying vulnerability in operational risk areas (people, processes and systems)
• Integration, integration, integration

A network approach to emergency management is not only effective in circumstances of complexity, but it generates value for an organization by:

• Creating serendipitous effects
• Improved risk management
• Increased efficiency from process re-engineering

Conclusion

A process-based approach to emergency management has intuitive appeal because it has a defined, limited scope with discrete, measurable deliverables. Conversely, a network approach is messy and its components, especially the informal collaboration networks, are unknowable, meaning that measurement is almost impossible (I qualify ‘impossible’ because you can hold out examples of serendipitous effects as evidence of value). And yet it is clear that an emergency management programme is vulnerable it does not include an emergent strategy to nurture and strengthen collaboration networks.

Related stuff that I am working on

• How do you govern a network?
• How do you value the output of a network?
• How do you cost a network?