How to Improve Your Emergency Preparedness With a Risk Management Plan
Effective communication during emergencies starts with being prepared. In this article, we cover how a risk management plan can help you stay ahead of disruptive events.
Unexpected events are the enemy of progress. The easiest way to derail any business or project plan is to have an unexpected emergency that requires everyone to drop what they are doing to deal with the crisis.
The best way to make sure this doesn’t happen is to plan ahead. In emergency management, the more prepared you are before an event occurs, the faster you can respond and the less likely it is to bring your business to a screeching halt. And a surprisingly great place to find inspiration and examples of excellent preparedness is in the field of project management.
Project managers are asked to develop plans that account for countless variables, dependencies, and risks every day. When they start a new project, they must first map out exactly how they will get that project done: who will be involved, when the deadlines are, what steps to take, etc. And a good project manager doesn’t only plan for “best-case scenarios.” They plan for every foreseeable situation.
Imagine this scenario a project manager might face:
You’ve been on track for a weeks-long project until your team member misses an email and doesn’t provide feedback on time. Now you can’t find a contractor who can meet the deadline coming up, and you are trying to juggle another project with a different team demanding much more of your time than expected. Since you didn’t plan for any of these problems, you are left working late into the night trying to figure out a solution.
This may not resonate as closely with you if you are an emergency manager or business continuity professional. But here is a more recognizable situation with the same core elements:
You have spent weeks getting ready for hurricane season, but you’ve had a delay in scheduling your evacuation drills. And with a storm beginning to form off the coast earlier than you expected, you worry about a shortage of some supplies you need.
Both of these situations could have been avoided by adding a risk management plan to their preparations. This document is a staple in project management, but it can help your business improve your emergency preparedness as well.
What Is a Risk Management Plan?
A risk management plan is a document that lays out all the potential risks and obstacles that could impact a given project or initiative. The document’s purpose is to list everything that could go wrong and explain how the team will track, manage, and/or eliminate those risks.
Project management professionals most often employ this kind of risk management plan, limiting the scope to a single project rather than to the business as a whole. Other documents like business continuity plans, disaster recovery plans, and risk assessments are similar but generally cover a much larger scope and account for a broader set of potential threats.
The kinds of risks you cover in a risk management plan will be more focused, with targeted reporting and response requirements. For example, one risk to a project could be a key team member taking unexpected time off due to illness or injury. The risk management plan should lay out how big of an impact that risk has, how to deal with that scenario, and who will be involved in addressing any skill/labor gaps.
Why Do You Need a Risk Management Plan?
Risk management plans are a great tool for project managers and emergency managers alike. They can be used for any sized project, by any kind of team. But the more complex and essential your project is, the more crucial it is that you prioritize risk identification and risk mitigation strategies.
By putting together this document, you will have thoughtful contingency plans at your fingertips for problems that may arise. And, you will have a detailed risk analysis that breaks down what are high risks and what are low risks, along with their potential impact. And you’ll be able to act quickly to respond to any risks—potentially even preventing them from happening in the first place.
In a non-emergency context, the risk management plan is typically owned by the project manager or project management team, who will then work with the rest of the project team to ensure that everything goes according to plan. If dealing with a project that can potentially impact employees’ safety, your plan may be owned by safety or security leaders.
Regardless, it’s important to have a fleshed-out document to refer back to, rather than an amorphous idea of what could happen. When you are using a risk management plan for emergency preparedness contexts, you’ll have a much more tactical view of how to mitigate and respond to specific risks for your business.
How to Build a Risk Management Plan
Building a risk management plan can seem incredibly intimidating, but it doesn’t have to be.
Here is what the process looks like:
1. Find key stakeholders
The first thing you want to do is figure out who needs to be involved in your risk management plan. This should include any project managers, the team members involved in the project, and the additional stakeholders involved in any risk management.
Decide who needs to be involved, and then create a communication plan for when and how you will bring them into the planning process. Some stakeholders will need to be involved in creating the plan, while others will only need to be informed once it is complete.
When you have a list put together, set up a meeting with everyone involved in the plan’s creation so that you can collect all the information at one time.
2. Identify and qualify project risks
Next, you want to figure out what risks this project faces and qualify them to help you better prepare. The level of detail you go into in this step will greatly depend on the project’s scale, deliverables, and importance to the business. The bigger and more critical the project is, the more detailed your risk assessment should be.
NOTE: If you can’t gather all key stakeholders together to identify the possible risks, make sure to request feedback from each of them on the list. Anticipating all the different factors on your own will be difficult, and you might miss an important risk that a stakeholder would readily recognize.
The best way to do this is to get all the key stakeholders together and make a list of all potential risks. These can be as simple as running out of a key resource or as complicated as an unexpected natural disaster, but they should all clearly pose a risk to the completion or deadline of the project.
Suppose you are integrating a risk management plan into your already existing emergency planning. In that case, you can use your risk assessments or business continuity plans as references for figuring out what risks your business usually faces.
Once you have your list of known risks, next you want to qualify the level of risk based on severity. The best way to do this is to create a risk assessment matrix.
A risk matrix maps each risk on two dimensions: how likely the event is to occur and the expected impact. If a risk has a low probability and a low impact, it will be much easier to manage and can likely be dealt with once it occurs. But if a risk has a high probability and a severe impact, mitigating negative impacts should be a relatively higher priority.
What is most important about identifying risks is that you know what to expect and can plan out your risk response plan and develop an appropriate course of action in conjunction with other stakeholders. While there will always be uncertain events you cannot predict in advance, the more risks you can identify upfront, the more likely you will react quickly instead of feeling overwhelmed or confused about how to respond.
3. Create risk response
Once you have your list of identified risks mapped out in a risk matrix, the next step is to plan your risk response for each scenario.
Here are several different types of responses you can employ:
Make a change in the project to neutralize this risk (eliminating potential points of failure, addressing identifiable gaps, etc.).
Shift responsibility of the risk to another party, like a contractor or a different team that is better equipped to handle the situation.
Attempt to reduce the possibility or impact of the risk by taking early action and monitoring the risk frequently.
Accept the risk and the consequences without intervening, and budget (time and money) accordingly into the project plan.
Depending on where the risk falls on the matrix, your response will be different. High-level risks typically should be discussed with project stakeholders and avoided whenever possible, while low-level risks might be accepted or mitigated. Identifying the best response to each threat before the project even starts will give you plenty of time to act.
Again, you can pull successful responses from your other emergency planning documents, but make sure to specify how your response will be tailored to the scope of this project.
Another critical factor in planning your risk response is assigning a specific person to each action or response step. This “risk owner” should be accountable for portions of your overall risk management strategy and training on any risk management processes relevant to their job function. Out of the key stakeholders (and anyone else involved in the project), pick one responsible party for each action and clearly explain what they might need to do.
4. Document and communicate your plan
Now that you have your list of risks and your responses planned out, it’s time to document.
Clearly lay out each risk and your response strategy. Make sure you include who is responsible for enacting the response plan. You’ll also want to document how you will gauge the success of your risk mitigation efforts and how you will communicate progress. Ensure that whoever is responsible for tracking the outlined risks knows who to go to for each possible response.
With your risk management plan put together, you’ll want to distribute it to each person involved in the project, even if they are not responsible for any of the risk responses. That way, everyone on the project knows who to go to if a risk does arise.
It’s also important to keep this document flexible. As the project moves forward, you may encounter new risks which need to be added to the plan. You may also be able to use what you learned in this project during your planning for the next one.
One of the most critical elements of emergency preparedness is communication. You need to keep clear lines of communication open with your team, especially in the case of an emergency.
Learning from other industries, like project management, can help you improve how you communicate across your organization when disruptive events threaten to delay projects, kill productivity, and impact the bottom line. And when you integrate these plans with a reliable emergency communication system, you ensure you can rapidly contact anyone on your team, anywhere in the world, at a moment’s notice.
After doing so, you might just find that a risk management plan is the perfect link between your large-scale risk assessment and small-scale project planning process.