Sep 26, 2018 | Events
As we’ve seen with the recent Kilauea volcanic eruption and last year’s catastrophic hurricane season, natural disasters are becoming more frequent and dramatically more powerful. In fact, NOAA recently reported that weather and climate disasters reached an all-time high in damage costs within the United States, exceeding $300 billion in 2017.
In the face of these increases, companies have a social responsibility to maintain a strong disaster recovery strategy. How can your company prepare to combat the risks from these seemingly unpredictable events? Implementing a proactive risk management approach can help companies better prepare themselves, their employees and their communities to minimize damage and loss in the face of these destructive events. But these strategies cannot simply be created when a natural disaster strikes. As with anything, careful planning before a catastrophe happens is vital to the continued health and success of a business.
When developing these strategies, it is imperative that both pre- and post-disaster planning is included in the mix, as each plays a critical role in ensuring your ongoing operations.
Maintain a pre-event strategy
It’s important to remember that when a natural disaster strikes, there are both direct and indirect costs to a company. How you plan and address these costs can either save or destroy your business.
With today’s technology, we have the ability to monitor most natural disasters and maintain a better idea of when and how hard they will hit. This isn’t always the case, however. While hurricanes can take time to form before making landfall, oftentimes tornadoes and wildfires happen overnight, making it critical to have disaster plans in place before a disaster strikes.
There are three main areas companies should consider when creating a preemptive disaster strategy: 1) supply chain, 2) employees and 3) business infrastructure.
Maintaining a timely and accurate risk strategy for your company and your employees is incredibly important to protect all of these assets. First, it can help protect your supply chain by providing time to divert your supply chain operations from problem areas.
Additionally, it is imperative to be mindful of conditions affecting your various suppliers and how their potential risks can affect your operations. Armed with this knowledge, you can proactively develop supply chain diversion strategies to maintain efficiency and production. While you may not have the threat of a natural disaster, one of your largest suppliers might. So think ahead, make a backup plan and monitor both your own operations and those of your supply chain.
As we all know, employees are central to each and every business. An established risk mitigation strategy will include notifying employees so they have time to protect themselves and their family. It can also help management decide if and when to send employees home to help keep them safe.
Finally, a preemptive strategy needs to consider the effects of a disaster on business infrastructure. How will you prepare your building and operations for the threat of a flood or tornado? Do you have access to the proper reinforcements and equipment to accomplish these preparations? A well-established pre-event risk management strategy can help with these issues and also minimize damage so that you are not left picking up the pieces of what could have been a protected building or warehouse.
Implement a proactive post-event strategy
When developing a post-event disaster plan, the best strategy is to think long-term, as short fixes are just that—short fixes.
Consider the upstream impact of the disaster. Damage to raw materials and supplier areas can amount to huge indirect costs. So how can you avoid this? One way is by ensuring your pre-event plan is efficiently put into effect and is able to redirect any necessary supplies. It is also imperative to have a successful remediation strategy in place to recover from the effects of a disaster for both your operations and those of your supply chain. Be prepared to re-establish your supply chain and be sure it is completely intact post-disaster.
Many disasters also have long-lasting impacts that cause companies to have a lengthy rebuilding process. Have a plan for secondary supply chain options to ensure ongoing operations in case a supplier is out of service for a longer period of time. The problems don’t end when the disaster ends, so be sure to build out contingency plans for your operations through the potential recovery months.
Your post-event remediation strategies must also consider your physical office environment. Ensure there is a plan to check that equipment is operational and know how to repair or find replacement equipment to get operations up and running as soon as possible. Focus on rebuilding the business ecosystem from the supply chain, to operations, to your employees.
Finally, consider how you will get your employees back to work, and not just for the immediate future. Invest in your employees, and they will invest in you. After natural disasters, your employees could be facing damaged or destroyed homes, the loss of loved ones and even personal injuries. Look at what the company can do to help ensure their well-being so that they are willing and able to return to work.
Inevitability doesn’t have to mean susceptibility
Regardless of location, natural disasters are going to occur that affect you and your business to some extent. That is a fact of life. But it doesn’t necessarily mean that your company is susceptible to the significant damages and costs associated with these disasters.
Maintaining open lines of communication with your leadership and employees will help you develop and implement a strategic plan before and after nature takes its course. As we face the upcoming hurricane season and other inevitable disasters, it is better to mitigate the risks and susceptibility so that your “in case” plan doesn’t become “we should have.”
Source: Risk Management Monitor
Author: Quin Rodriguez
Sep 5, 2018 | Informative
As CIOs work out their spending and strategies for the year, the annual review of the disaster recovery and business continuity plan will inevitably form part of a lengthy to-do list.
Yet with the ever-increasing threats from both natural and man-made disasters – from the devastating fires and flooding in California last year through to the recent impact of Intel’s chip flaw that opened the door to potential hacking – is there anything more that IT departments can do to perfect how their organization both prevents and reacts to business disruptions?
Surprisingly, more than 1 in 3 businesses admit they don’t have a disaster recovery policy in place, a figure that is even higher amongst smaller businesses where an estimated 3 out of 4 are reported to have no contingency measures at all.
With our increasing reliance on technology and the reluctant acceptance that most technology is vulnerable to potential downtime, the CIO or IT manager is the obvious choice of leader to take responsibility for the whole disaster recovery plan, whether it’s due to a technical problem or other factors.
The ripple effect of abnormal events not only affects the IT department but can have serious repercussions on all daily operations including financial management, customer experience, HR, and workflow, etc.
Whilst CIOs regularly consult with other members of the C-suite on devising a risk management strategy, there are significant advantages to garnering the support of key employees across the whole organization, on a continual basis.
To ensure your disaster recovery plan anticipates every eventuality it’s essential to get ‘buy-in’ and input from all departments, so you can be confident that your plan is as informed, up to date and effective as possible.
Here are some recommendations on how to maximize the knowledge, creativity, and strength you can draw from key players across the organization.
Produce a clear mandate
During ‘business as usual’, a robust process management discipline and a strong process culture provides a firm foundation for teams to document and develop new and innovative ways of working and can help a company drive competitive advantage and innovation.
However, do employees know what processes to follow when the extraordinary occurs? Whether the Internet or phones go down, sensitive customer data is stolen, or severe weather stops them from getting into the office, clarity, and communication of disaster recovery processes is just as important as the plan itself. Every member of staff needs to know when and how to trigger a disaster recovery response, as well as be aware of who else is part of the team.
Part of the CIO’s remit should be to oversee the design and build of processes that are easy and clear for all personnel to find and follow, every day. In a disaster situation, it becomes imperative for staff to act with minimum delay, limiting the damage that could result from a disaster.
Build easy to follow checklists
One way of communicating unequivocally is to introduce simple checklists as advocated by US doctor, writer and speaker Atul Gawande in his book “The Checklist Manifesto”.
By getting the basics right, well-designed checklists have been proven to cut through unnecessary complexity and encourage transparency, leading to a 35% reduction in complications in hospital operations. These same fundamental principles can be applied to the corporate world where teams are responding to an emergency or extraordinary incident.
You also need to consider how and where to store this critical process information and make it easily accessible to all key staff.
Stage regular ‘fire drills’
Like most insurance policies you hope you’ll never need to claim on them, but you need to know that you’re fully covered. Regularly testing and modifying your disaster recovery processes will keep them up to date and make sure they work. Set up simulation exercises to rehearse what everyone’s roles are during a catastrophe.
With today’s accelerated pace of business change, a month-old plan may soon become obsolete. Organizations need to monitor changes in general circumstances like impending legislation. They also need to be sensitive to company or market-specific conditions such as when a key person leaves and joins a competitor, a laptop goes missing or perhaps a product needs to be recalled.
As soon as a new threat appears on the horizon it needs to be factored into the overall disaster recovery strategy immediately.
Crowd-source ideas and share responsibilities
With a collaborative and collective approach that encourages everyone to work as a group, it’s simpler to both create and follow agreed checklists so you can minimize the impact of unforeseen circumstances.
Employees on the front-line are often best equipped to advise on what level of impact disruptions may have on themselves and other departments. For example, the service manager can give the most insight on the scale of a spike in customer enquiries after your IP network goes down.
By leading the charge for a proactive, constantly-evolving approach to disaster recovery, CIOs can be confident that the entire operation is fully prepared and protected for when the unexpected occurs. Rather than panic-stricken employees bombarding you with support calls, instead there is state of relative calm as everyone already knows what they should do and can focus on executing an agreed plan.
Putting in the advance groundwork during quieter times not only leads to cooler heads during more turbulent times, but will also make a tremendous difference to your customers, employees and future business performance.
Source: CIO
Author: Ivan Seselj
May 25, 2018 | Informative, RIsk Management News, Workers' Comp
1. Layoffs
A first question of course is who should be laid off. While this is largely a management decision based on which positions are the most important to future financial stability, an important HR component is making sure that the layoffs don’t put the organization at risk. Check the personnel handbook for policies that address layoff and/or severance pay, and check to see whether employees marked for layoff are on any kind of protected leave (such as family or medical leave, workers’ compensation leave, or pregnancy disability leave). If possible, speak with an HR or labor law attorney about employees on protected leave.
In most community nonprofits there aren’t, for example, 15 people holding the same position of Social Worker I, with an intention to lay off 3 of these employees. In such an instance, though, it will be important to clarify whether the layoffs are being made based on seniority, on merit, or on a combination of factors. Most organizations would prefer to lay off the least meritorious individuals with the least seniority. The nonprofit should check past evaluations and documentation of performance in order to avoid discrimination claims. For most community nonprofits, however, it will be clear that a position is being eliminated, rather than an individual being selected for poor performance. In all cases, document the whys of each decision you make, perhaps with business necessity as the main theme and with merit and seniority as considerations.
A few specific tips:
- Determine whether your organization is subject to either federal or state Worker Adjustment and Retraining Notification (WARN) regulations. Generally applicable if you have 100 or more employees, and for layoffs of 50 or more employees or 1/3 of your workforce, WARN requires 60-day layoff notices and other steps.
- It’s generally better to do a deeper layoff once than to lay off a few people at a time in dribs and drabs: the staff who remain need to feel confident that they will stay on their jobs.
- Most professionals recommend that individuals finish the day or the week after hearing about being laid off, but not longer than that. It’s usually difficult for the laid off employee to feel positive about work, and others may feel awkward around them. (See Layoff Stories from Blue Avocado Readers for examples.) But it will be key to discuss how the employee’s clients or projects will be managed after his or her departure.
- Letting people know on a Friday will give them the weekend to absorb the news.
- Have a FAQ (frequently asked questions) sheet for people who will be giving layoff news, such as what references can be given, how long the employee will have access to his organizational email account, how will her clients be notified of a change in organizational contact, and so forth.
- Give layoff information face-to-face. Don’t tell the employee how hard this is on you. Give the employee a chance to ask questions. Let them know how long their insurance benefits will continue, that they will be receiving the required COBRA (option to continue their health insurance), and unemployment insurance information. Tell them what other support the organization can provide them (such as employment references, severence pay and so on). Employees should also receive most of this information in a formal letter. (We’ve posted a sample layoff letter as a guide.)
- After layoffs have been announced, managers may be tempted to retreat to their offices and look buried in work, but encourage them to circulate with the staff, ask and answer questions, and demonstrate confidence.
Temporary layoffs, furloughs, and temporary shutdowns
Nonprofits tend to consider only permanent layoffs. Sometimes short-term layoffs can be effective ways to save jobs while protecting the organization’s financial status. For example, there may be an unexpected two-month gap between the completion of one government contract and its renewal. In the past, your organization may have been able to keep paying the individuals on that contract during the gap, but this time you may need to lay them off, letting them know that if the renewal comes through they may be called back within several weeks. However, check your state laws to see if you are required to pay out all accrued vacation if you close down for a week or more. We know of at least one nonprofit charged with violating such a requirement that had to pay substantial fines and penalties before it reopened its doors two weeks later.
A furlough is specified unpaid leave, such as workweeks reduced by one day, or months reduced by two full days each. Typically employees request the days they would like to use for their furloughs. In effect, furloughs change full-time positions into slightly part-time positions for non-exempt staff. Some furlough tips:
- Exempt employees cannot be paid for less than a full week if they have worked any day that week (remember that obscure definition of the workweek in your personnel handbook?), so furloughs don’t reduce payroll costs for exempt staff. What you can do, however, if you are furloughing exempt staff for one day per week, is to reduce their full-time salaries by 20%.
- Be clear whether employees will continue accruing vacation and receiving benefits at their full-time levels (typically yes), and whether an employee taking a furlough on a holiday will still be paid for the holiday (typically no).
- Keep in mind that some international staff on H1-B visas may need to work a certain number of hours a week to be eligible to work in the United States.
- Remind employees whose wages are being garnished or who have deductions for child support that these amounts may be affected.
Some nonprofits pick a slow week (perhaps Fourth of July week, school spring vacation, etc.) to close down. Closing for a full week allows the organization to save on both exempt and non-exempt payroll (remind exempt employees that they cannot do any work that week — even checking their work email — lest they trigger a legal requirement to pay them for the full week). Some employees may find this a relatively easy cut to accept, but for others, even a one-week closure may result in a loss of pay that is untenable. Give employees the option of using their accrued vacation pay during the shutdown or taking the week off as unpaid leave, otherwise you may be required to pay out all accrued but unused vacation.
Finally, remember that many, many nonprofits (and for-profits) are feeling the pinch. Reach out to contacts in other nonprofits to see how they’re handling things, and to identify local resources for people losing their jobs. And post a Comment below to let Blue Avocado readers know your ideas and tips.
Source: Blue Avocado
Author: Pamela Fyfe
May 15, 2018 | Events, Informative, RIsk Management News
Recently, I had the chance to spend some time at Walt Disney World in Orlando, Florida, when I attended the NAMIC conference in February. One session included a presentation by Barry Dillard, director of claims for Walt Disney World, where he shared the company’s approach to handling a wide variety of claims.
I sat down with their vice president of risk management to learn about some of the strategies they employ, and I had the opportunity to tour Walt Disney World itself to peek behind the curtain and see how this massive theme park creates the magic for its guests and cast members, while keeping everyone safe.
Believe it or not, the Walt Disney World Resort covers 40 square miles and is twice the size of Manhattan. Within its confines, this world-class attraction employs 75,000 cast members, each of whom play a critical role in spreading the Disney magic. Their emphasis on safety is both taught and caught, which is especially important when serving the millions of guests who visit the Disney attractions around the world.
The Walt Disney Company is extremely proactive in their risk management strategies — it truly is everyone’s responsibility — not just the realm of those at the corporate level. As is often the case in life, the simplest things can make the biggest difference. Merely walking the parks, hotels, shops and restaurants can yield valuable information, allowing cast members to identify small issues before they become larger ones. Even in one of the most magical places on earth – reality tends to intrude.
Unexpected risks arise every day and training plays a key role in mitigating them. Hackers are constantly devising new ways to access company information or hold it for ransom. The use of ransomware is expected to increase 350% this year, so being vigilant and backing up data has never been more important.
The number of shooting incidents in businesses and other settings is increasing at an alarming rate. Knowing what to look for and how to respond in these situations can literally be the difference between life and death.
For better or worse, new risks are changing our behavior — how observant we are in open spaces of our surroundings, what we post on social media, where and how we protect our personal information, what we open online and how we train our staffs. It really is the smallest things that can make the biggest difference in keeping people safe.
Source: PropertyCasualty360
Author: Patricia L. Harman
