Implementing Incident Management in Emergency Management
All organizations must have an emergency plan in place that includes resources, roles and responsibilities, procedures, logistics and contractual arrangement for an EOC (NFPA® 1600 , 2013, p. 12). The Emergency Operations Center is a physical location near the incident where the incident response will be coordinated. From the FEMA goals, it is understood that emergency management programs prioritizes the overall coordination of an incident response. Although it is essential to minimize loss of life and impact to the environment or biodiversity, it may be more beneficial in the long term to prevent incidents from occurring. According to the NFPA® 1600 “[t]he entity shall develop an incident management system to direct, control, and coordinate response, continuity, and recovery operations”. Incident management is however more than coordinating the response, continuity, and recovery operations. The following three risk management processes are vital in implementing incident management in an organization:
Together these three risk management processes form a “line of sight” for emergency management personnel.
Hindsight: Root cause analysis
All incidents, regardless of severity must be investigated to ensure that maintenance of measures were conducted, that all risks were identified, and that the incident was not an indicator of a change in circumstances that may warrant a full risk assessment review. Root cause analysis is backward looking and aims to discover control inefficiencies and failures so that these can be corrected as appropriate. Successes and strengths must be considers as well so that these can be enforced.
There are many tools and standardized methods that can be used for root cause analysis. One such method is a fault tree analysis (FTA). An FTA is a process where all causal factors are identified and associated with the incident to determine a hierarchy of failures leading from the event backwards to find the root of the problem or failure. As with all assessment methodologies, FTA’s have a number of limitations and strengths to consider. Although it provides an easy method to visually determine causal factors and binary failures, it does not consider time-frames of each factor, and is challenging to compute combined factors leading to a significant amount of uncertainty in estimating probabilities.
Nevertheless, FTA’s present a diagram that may be used to prioritize research activities and control design corrections. The lessons learned from root cause analysis is documented and incorporated to improve or renew measures, best practices, and training programs to educate responders, the public, and government of emerging issues and incident trends. Root cause analysis is applied to failures and successes to learn everything that is relevant to both outcomes.
Insight: Control assurance.
All prevention measures should be maintained, monitored, and reviewed periodically as these measures prevent incidents from occurring, and are the first indicators that incident severity or frequencies are increasing. Examples of preventive measures may include equipment and machinery maintenance, periodic procedural reviews, policy implementation, management review, structural, automated, and managerial control testing, and independent auditing. Prevention measures should include compensating measures so that a secondary measure can partially prevent consequences when a primary measure fails.
The processes and procedures for hazard mitigation measures should also be tested and practiced to maintain skill levels. Specialized equipment and machinery must be maintained so that they are reliable in a time of crisis, to avoid deployment errors or a skills shortage. High frequency incidents may have a predefined emergency response plan that fits the type of incident. These plans must also be tested regularly, and stakeholder feedback should be reviewed to ensure effectiveness so that the plan remains adequate for the incident scenario.
Foresight: Risk assessment
Risk assessment must be future oriented and should consider all that is known, and all that is uncertain. Risk assessment explicitly addresses future uncertainty and all potential threats, sources of risk, events, causes, consequences and likelihood of occurrence must be identified so that incidents can be prevented, consequences mitigated, property and the public protected. Risk assessment is reviewed periodically, especially when an incident occurs to determine if there has been an unidentified risk or a change in circumstances that presents new, different, or additional risk.
A risk assessment should consider quantitative data and qualitative criteria, and an appropriate risk assessment methodology should be selected that fits the context of the incident. There are many methodologies for estimating the consequence and likelihood of impacts following an incident.
Event Tree Analysis (ETA) is a graphical representation of sequential and mutually exclusive events that may follow an incident. Criteria to calculate the severity, magnitude, and probability of events can be applied qualitatively or quantitatively depending on available data, resources and time. The ETA represent potential consequences that may impact public safety, the environment, and economy, and is used to develop an incident action plan.