Sunday, February 18, 2018

RUN. HIDE. FIGHT. — Surviving an Active Shooter Event





“Planning to have a plan is not a plan. There’s a need for leadership. It’s important that we take the appropriate steps to ensure our people are prepared and put the plan in motion.”
Jeremiah Hart, lead instructor and senior analyst at the Force Training Institute

The incredibly tragic events of this week serve as a stark reminder that while most would like to believe this sort of thing can never happen to them; the new reality is, it can.  Attached is a short video that was published by the City of Houston called “RUN, HIDE, FIGHT: Surviving an Active Shooter Event.”  This is a widely recommended reaction to teach employees in the event of an active shooter 

This is not a long post because the video should be the focal point.  I do want to make a broader point about the importance of having an emergency plan and training your employees to that plan.   Nearly every business I have interacted with is committed to safeguarding the interests of their employees, visitors, and contractors in the event of an emergency, disaster, or crisis.    

Responses to emergencies, disasters, and crises can be categorized into three main phases:

  1. Preparation - development of a plan, training, gathering supplies, etc. This video could be a training tool for a defensive mode response to a crisis.
  2. Defensive mode - immediate response; usually someone is“caught off guard”. Such incidents could include fires, explosions, active shooters and lightning strikes.  The response is immediate in nature. 
  3. Offensive mode - can be taken before and/or after the incident; usually, someone is “braced” or have more time to calculate their responses. Such incidents can include hurricanes, northeasters, and floods. 

An emergency plan contains predetermined responses and guidelines to ensure the safety, health, and welfare of the employees. Ideally, the plan is developed in partnership with first responders, and in cooperation with community and local agencies.  A training program should be developed to educate employees on the plan.  The plan should be easily accessible and reviewed annually by team members and community partners.  There are a lot of resources available to help develop an emergency plan.  Local first responders and community organizations may have templates and may be willing to assist in the development of your plan.  Another good resource I go to often is Ready.gov "Make a Plan"  https://www.ready.gov/make-a-plan  This website has a lot of great resources, tools, and checklists you can use to build your plan.  

Planning to have a plan is not a plan.  You owe it to yourself and your employees to make the time to develop an emergency plan and train to that plan.

Until next time, stay safe and be kind to one another.

Friday, February 16, 2018

Risk Identification



This week we will revisit the conversation about the different components of a risk management plan. As a refresher, in a previous post What’s Risk and Why do I want to Manage it?, I referred to a definition of  Risk Management as “The identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy (or combination of strategies) in proper management of future events.”  http://www.businessdictionary.com/definition/risk-management.html.  Additionally, we looked at the six basic process components.

  1. Identify
  2. Analyze
  3. Prioritize
  4. Control
  5. Measure
  6. Adjust


After laying the foundation for a good risk management program through the discovery of your risk appetite and tolerance, and by memorializing these in writing. You are now ready to identify the risk that can impact your pursuit of value, or prevent you from achieving your goals.  Here, we’ll focus on two key points. First, what types of risk are you are looking to identify, and second, what are some methods you can use to identify these risks.


Risk identification is a process that can be used at different levels in the organization.  It can be used at a tactical level to determine the viability for the success of a specific project.  Similarly, risk identification can be used at a strategic level when shaping company goals. There is foreseeable risk and unforeseeable risk.  Unforeseeable risk is that which cannot be accurately predicted before it occurs.  On the other hand, foreseeable risk can be more accurately predicted given defined circumstances.  Here we want to discuss that which can be predicted and which you can plan for. We’ll discuss seven areas where foreseeable risk can exist and have a significant impact on your ability to achieve your goals.
  1. Economic – Market condition change, such as stock market fluctuations, interest rate changes, or non-availability of funding.  (These can have a positive impact on your business)
  2. Human – The human element to any business is a risk.  There could be the lack of skilled labor available, Illness, death, injury, or loss of key individuals, or labor disputes, organized or otherwise.
  3. Natural – Weather, natural disasters, or disease interrupting operations either directly or indirectly through vendors and suppliers.
  4. Operational – Breakdown in communications, failures of accountability, internal systems, or controls, or from fraud, and disruption to distribution chains.
  5. Political – Changes in tax rates, public opinion, government policy, or foreign influence. (These can also have a positive impact on your business)
  6. Reputational –A declining reputation as a result of practices or incidents that are perceived as dishonest, disrespectful or incompetent. 
  7. Technical – Advances in technology, a lack of required technology, or from technical failure.
While this list discusses seven areas, it is by no means an inclusive list.  The risk facing your business is broad, so we want to begin to provide a framework for the process. 


When I was working for my first real estate development and property management company after retiring from the military, I was a member of a risk management team comprised of internal and external stakeholders.  Annually, we would hold a two-day off-site summit where we would develop our goals for the upcoming year, identify the risk surrounding those goals, and put together an action plan to mitigate the risk and to achieve the goals.  These goals and the action plan were presented to the organization’s senior leadership and something the team was held accountable for.  Every month the team would schedule a call to review the action items and measure our progress.  Identifying the risk that could impact the achievement of our goals was primarily a brainstorming effort and proved to be a successful tool in our case.  While brainstorming is an effective tool, there are several other methods that can be equally if not more effective.  You can also use a combination of different methods.  The key is to select the single or combination of tools that work best for your group.  A few other examples of tools are:


  1.        SWOT Analysis - SWOT Analysis is a useful technique for understanding your strengths and weaknesses, and for identifying both the opportunities open to you and the threats you face. If you are not familiar with how to conduct a SWOT analysis, there is a great tutorial following this link at Mindtools.com.
  2.        Delphi technique – This is a multi-session data gathering technique where a team of experts is consulted anonymously. A list of questions are sent to experts, their responses are compiled, and results are sent back to the same group for further review until a consensus is reached.  Additional information on how to use the Delphi technique in risk identification can be found at this link on Montools.com.
  3.        Failure Mode and Effects Analysis (FMEA) – This is a method I am somewhat familiar with from military days spent identifying and analyzing risk in operations.  By looking at all the things that could possibly go wrong during the planning phase, you can avoid any potential problems that would otherwise take vast effort and expense to correct.
  4.     Brainstorming – I find this a great method to be creative, imaginative and engaged in problem-solving or generating ideas.  This method also provides an environment that supports collaboration and participation from the whole group where there is never a “bad idea” during brainstorming. The method brings people’s individual strengths and perspectives into play. Some additional information for brainstorming tips can be found at this link on Mindtools.com.


You have your foundation for a risk management plan with your risk appetite and tolerance statements.  Above we’ve discussed seven areas where you can look to identify risk and four different risk assessment methods you can use either solely or in combination, depending on what works best for your group.  In the next post, we will address the risk that you have identified by learning how to analyze and prioritize your risk.



Until next time, stay safe and be kind to one another.

Monday, February 5, 2018

Caveat Emptor - Let the Buyer Beware


When I was attending navy basic qualification courses for my specialty (logistics) a lot of the material was pretty heavy and frankly not very captivating.  To keep the class engaged and attentive, one instructor used to insert “action photos” (pictures of navy jets, warships, and submarines) into the presentation, as a mental break.  For this post, I am using that idea as inspiration and offering my version of an “action” item.  

Five things to look for or ask about when reviewing your insurance policies. 
An insurance policy is a legal agreement between you (the insured) and the insurance company (the insurer).  Understanding the contents of the agreement is the responsibility of you, the insured; caveat emptor.  But really, who has the time to read all of their insurance policies?  


To start here is a basic policy roadmap:
Declarations-Provides basic coverage and limit information
Insuring Agreements-Provides coverage details, such as the perils that are covered
Exclusions-Lists items that are not covered.
Endorsements-Lists changes to the policy
Policy Conditions-Provides the rules for the policy


The five pointers I am going to share will give you oversight without having to digest an entire policy.
  1. Who is the insured(s) on the policy?
  2. What are the coverage limits? Are they what you expected?
  3. Have you met the policy conditions?
  4. Are the endorsements you require or expect there?
  5. What are the exclusions and the exceptions to the exclusions?
1. Who is the insured(s) on the policy? This is easy if your organization is the only insured listed on the policy and if there are not any dba or subsidiary affiliations. You should make sure the business entity and address are correct on the policy.  If you have several insureds listed, or if there are any dba or subsidiary relationships, you’ll want to be sure they are all listed and the names are correct.  The named insured, if only one, will be on the declarations page (first pages of the policy).  If there are many named insureds, there will be a named insured endorsement.  This endorsement is usually located at the beginning of the document.
2. What are the coverage limits? Are they what you expected? The coverages, limits, sub-limits, and deductibles are also usually found on the declarations pages.  In some cases, you may have contractual obligations that require you to carry certain coverage, limits or maximum deductibles.  You should make sure your policy meets the obligations.
3. Have you met the policy conditions? An insurance company will bind a policy on the condition the insured will provide certain documentation and/or meet certain requirements during the course of the policy.  You should understand these requirements and ensure you can meet them.
4. Are the endorsements you require or expect there?  The policy consists of insurance coverage defined by the agreement and the endorsements.  Every policy includes a list of endorsements.  You can scan the list to see where you should focus.  You’ll first want to focus on any endorsement that includes the word “exclusion” in the title.  After that you’ll want to focus on other key endorsements, depending on your operation.  A couple of endorsement examples are as follows:


Additional insured. These are insureds added to your policy in addition to the named insureds.  As we said above, your contracts may obligate you to add certain coverage to your policies and naming one or more additional insureds is a common requirement. 
Schedule of covered locations. You’ll find these endorsements when there is more than one location.  If you have only one location, it will most likely be shown in the policy declarations.  If you have multiple locations, you’ll want to review the endorsement to make sure all locations are scheduled.  In the event of a loss, the insurance company will review the schedule of covered locations to verify coverage.  If the location is not listed, there is a good chance the insurance company will deny coverage.
5. What are the exclusions and the exceptions to the exclusions?  You will find exclusions in the insurance agreement and also in the endorsements, discussed above.  In my experience reviewing exclusions has been the most difficult task to master.  In this case, your broker can be your friend and help explain any confusing concepts.  Some of the exclusions also list exceptions to the exclusions.  Remember in school those math class word problems “If a train leaves the station headed east at…” Deciphering policy language can be similar to figuring out those math problems. I often find it helpful to write down what is included, what is excluded and any exceptions to the exclusions to help understand what coverage is actually provided.
Reading an insurance policy can be quite daunting, but with the help of your insurance broker and remembering these five key points, you can feel more informed and confident about the coverage and limitations in your insurance policies. Caveat Emptor - Let the Buyer Beware!
Until next time, stay safe and be kind to one another.