Friday, March 4, 2011

ERM-BC-COOP: Awareness

The first line of defense


Too many practitioners overlook an organization's most critical risk managers.

We worry about a variety of risks and ways to avoid or mediate them, often at great cost to the organizations.

We promote responder training.

Hopefully we also promote both in-place sheltering and evacuation exercises, not forgetting that some folks are less mobile than others.

But what we rarely seem to do it to train the folks on the ground to be First Alerters.

We need to take the admonishments we hear at the airports and other transportation hubs into the organization's operations and we need to greatly expand that admonishment.

The admonishment, in its most simple words, is "Be aware of your surroundings; if you notice anything suspicious, tell someone."

Employees know what sights, sounds, noises, and smells are "normal" for their environment.

They need to be encouraged to be aware of any changes to those sensory inputs.

Consider: You are walking around your neighborhood. Animals are scurrying about, birds are serenading you, all is right with the world.

Suddenly everything becomes still. The animals disappear; the birds are silent.

You notice that. If you're more than six-years-old, you know this change in your sensory perceptions probably means a change - perhaps a drastic change - in the weather.

Now go inside.

You are working at your desk and you start to smell melting plastic. The smell suggests that you look for the source. You find it - a starting to smoke electrical wire that was pinched by a desk. Left unattended, the wire would catch fire, a fire that could ignite other materials leading to a true conflagration - a disaster.

But, if you knew what to do, and did it in a timely manner, the disaster might be avoided.

Computers and telephones are a risk that, if personnel are alert and recognize a danger, can be avoided with minimal impact and at no cost to the organization.

Someone gets an email that the installed anti-virus program flags as carrying malware. Rather than simply DELete the offending email, the employee needs to know to inform InfoTech and fellow employees - "Watch out for emails from domain." Telephone calls can be a miscreant looking for personal, personnel, or sensitive organizational information.

A situation need not be life threatening to deserve someone's attention.

A leaking pipe needs to be reported before a "slip-and-fall" situation occurs or before the leak causes damage to the floor and the ceiling beneath it. It is a lot less expensive to put a bucket under a leak than to defend against a personal injury law suit or to replace flooring.

Failing to take advantage of the organization's most valuable asset's awareness seems to me nothing short of foolish.

It makes life safer for the staff and it reduces risk to the organization - and the cost is zero or minimal.

To me, employee safety awareness is a no brainer that ought to be part of every Enterprise Risk Management program.

No comments: