Beruflich Dokumente
Kultur Dokumente
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
https://about.jstor.org/terms
Palgrave Macmillan Journals is collaborating with JSTOR to digitize, preserve and extend
access to Risk Management
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
by Alan Hodges1
Introduction
The protection of life, property and the environment from the effects of disasters is a responsibility
of State governments in Australia. The Federal government has no constitutional role, but it has
an obvious interest in such matters. In addition, disasters are inevitably political and media events,
and are the focus of widespread attention.
Twenty-five years ago the Federal Government established Emergency Management Australia2
(EMA) to coordinate physical assistance to the States during disasters. While this coordination is
an important and continuing role, EMA is also heavily involved in working with the States to
raise emergency management capabilities across the nation. It does this through development
and delivery of education and training at middle-to upper-management levels, and by providing
leadership in promoting policies, practices and arrangements through cooperative Federal-State
committee arrangements. It is in this environment that EMA, over the last five years, has been
promoting emergency risk management as the fundamental basis for determining how to minimize
threats to life and property from both natural and technological disasters.
In this paper the approach taken in the Australian - New Zealand Risk Management Standard is
examined. Various catalysts of change for the integration of risk management into emergency
management are then identified. Finally, the implications for emergency risk management are
examined. For this paper, the following definitions apply:
* 'risk': the chance of something happening that will have an impact upon objectives. It is
measured in terms of consequences and likelihood;3
* 'risk management': the culture, processes and structures that are directed towards the
effective management of potential opportunities and adverse effects;4
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
In 1992, Standards Australia raised by circular letter the need for a standard on risk management.
The following year, Jean Cross, Professor of Safety Engineering at the University of New South
Wales, chaired a widely-representative Joint Technical Committee which worked during the next
two years to develop an Australian - New Zealand Standard on Risk Management (ANS/NZS
4360: 1995). Before publication of the standard, Professor Cross wrote that:
The implications are as yet uncertain since its impact will depend on the extent to which
government and major industry decide to take up the standard ...6
Although the standard might receive little attention, she considered that, in view of the significant
interest at the public comment stage of its development, this was unlikely.
Her confidence was well placed. The standard has had a significant impact in Australia and New
Zealand and has attracted worldwide attention. It was revised and republished in April 1999,7
and it is this later publication which will be used here in describing the approach to risk
management.
Figure 1 below provides an outline of the main steps in the process. In essence, risk management
is the systematic application of management policies, procedures and practices to the tasks of
establishing the context, and to those of identifying, analyzing, evaluating and treating risks.
Monitoring and review, and communication and consultation, are also key elements of the process.
A more detailed explanation of the risk management process is shown in Figure 2 below. The
standard provides quite detailed guidance for each aspect of that process.
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
i
T-
Identify risks
* What can happen?
4 t
Analyze risks
cj-~
Determine Determine
likelihood consequences
a0
0
ct
E:
E
C
l I .-
0
tt
0
;..
u 0
Evaluate risks
* Compare against criteria
* Set risk priorities
Treat risks
* Identify treatment options
* Evaluate treatment options
* Select treatment options
* Prepare treatment plans
* Implement plans
I
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
The first step is to examine the strategic, organizational and risk management context within
which the analysis will take place. In this step it is appropriate to examine the criteria against
which risks will be evaluated and to determine the structure, or set of elements, for subsequent
analysis. It is important that examination of the context is undertaken at the outset, to provide the
framework for the following risk analysis. This requires a thorough examination of the operating
environment and a full understanding of organizational policies and goals, so as to decide whether
a risk is acceptable or not.
The second step involves identification of all the risks which need to be managed, together with
possible causes and effects. If risks are not recognized in this step, it is unlikely that they will be
controlled. In an organizational setting, it is also necessary to consider risks which are outside
the entity's control.
Analysis of risk, the third step, has two key elements: likelihood and consequences. By combining
analyses of these elements, an estimate of the level of risk can be derived in the context of
existing control measures. During the analysis stage, minor, acceptable risks can be identified
and put to one side. Depending on the degree of risk and the availability of accurate data and
resources available, analysis may be qualitative, semi-quantitative or quantitative. When a
qualitative approach is used, the level of risk can be estimated as extreme, high, moderate or low.
A possible allocation of these estimates for different combinations of likelihood and consequences
is shown in Table 1 below.
Consequences
Likelihood
Insignificant Minor Moderate Major Catastrophic
Almost H H E E E
certain
Likely M H H E E
Moderate L M H E E
Unlikely L L M H E
Rare L L M H H
Legend: E = extrem
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
* Avoiding the risk. Very careful consideration needs to be given to such a course, as the
level of other risks might potentially be increased.
* Reducing the likelihood. Modifying the hazard can be undertaken by a range of measures,
depending on the circumstances. For instance, it might require revision of organizational
arrangements, implementation of preventative measures, application of technical controls,
or initiation of research and development.
* Reducing the consequences. The impact can be reduced by such means as contingency
planning, recovery plans, engineering and structural barriers, and design features.
Despite these actions, there may be residual risk which is retained. Planning will therefore be
required to manage the consequences of this.
Following the identification of options for risk treatment, there will be a need for an assessment
process. The process should take account of the extent of risk reduction and the likely benefits
which can be achieved. Obviously, high reduction in risk for low cost should be implemented.
As the costs rise and the benefits diminish, careful judgement will be required, and there
may come a point where it is clearly uneconomic to increase expenditure to lower the risk
further. Again, in such cases judgement is required so as to reduce the risk impact to as low
a level as is reasonably practicable.
Plans must then be prepared, for implementing the selected options, to enable management
to control the risks. Such plans should identify responsibilities, the actions required,
performance measures, and the expected outcomes of treatments, and should provide a basis
for assessing effectiveness. While responsibility for risk treatment is best placed with those
able to control the risk, a management system is also required which ensures that the plan is
effectively implemented. As shown in Figures 1 and 2 above, the need to monitor and review
is part of a closed loop sequence. There is a constant need to be alert to changing
circumstances, as risks will change over time, in respect of either the likelihood of occurrences,
or their consequences, or both. Identification of a regular review process would be a very
sensible inclusion in the plan.
A major difference between the 1995 and 1999 standards is inclusion in the latter of the need for
communication and consultation. Experience has shown that these actions, for both internal and
external stakeholders, are required for every stage of the process. Communication has to be two-
way to enable effective consultation to occur.
Each stage also requires documentation to be completed so as to satisfy an independent audit. The
inclusion of assumptions, methods, data sources and results will produce an audit trail which will
demonstrate the process. Such documentation will also make subsequent monitoring and review
much simpler.
While the standard has not introduced significantly new concepts to the analysis and management
of risk, its development and subsequent endorsement has definitely been of immense benefit.
The thorough process of consultation, implementation and eventual revision has resulted in a
risk-management approach which has gained wide acceptance in Australia and New Zealand.
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
There is an agreed methodology which is well understood and accepted and, as a result, use of
the standard's approach is now being increasingly demanded in risk analysis, by both government
and private enterprise.
A major benefit of the standard is the strong emphasis it gives to identifying risk as an integral
part of the management process, as well as to the need for a multi-disciplinary team to undertake
risk analysis. On the other hand, undertaking a thorough risk analysis should not be taken on
lightly. The step-by-step process in the standard can demand a major commitment of staff to
carry it out thoroughly, and certainly requires full support at management level.
There has been interest by other countries in the approach, but none has so far gone to the next
step of developing an agreed standard. This is surprising, given the international interest in
this topic and the benefits which would flow from the formal endorsement of a standard by
national or multi-national standards organizations. Such a development task need not appear
daunting; in fact, it is likely to result in wide interest and involvement. It requires, however, a
small group of 'champions' who are prepared to take charge of the project and drive it through
to fruition.
The Guidelines note that the alternative to risk management is risky management. They highlight
that managing risk requires rigorous, responsible, balanced and forward thinking. They promote
the standard's formal step-by-step process for significant decisions, such as:
* policy changes;
* project management;
Moreover, the Guidelines also encourage use of the approach, even if only in an informal manner,
in all decision-making, as risk is inherent in all we do.
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
The Guidelines were significant in raising awareness of the standard's approach within government
agencies, and certainly assisted in preparing the ground for change in the field of emergency management.
* 'all hazards' (a single set of management arrangements capable of encompassing all hazards);
* 'a comprehensive approach' (planning which involves all four elements of a 'PPRR' process,
ie prevention, preparedness, response and recovery); and
Although the PPRR areas are not mutually exclusive, there had been a tendency for each to be
seen to some extent as separate functions, thereby leading to differing levels of interest and
support, regardless of community benefits.
Over 30 participants from emergency service organizations, local government, State government
agencies, the insurance industry and industrial organizations attended the workshop. Following
presentations, discussions and breakout sessions over three days, the participants agreed9 that the risk
management standard would be of value to Australian emergency management arrangements because:
* the risk management process provides a common language and process across all
organizations;
* emergency management can be promoted more effectively through risk management; and
* emergency management should dovetail into the broader risk management process.
Workshop participants also agreed that specific guidelines were necessary for the implementation
of the standard within the emergency management industry. It was also proposed that the term
'emergency risk management' be adopted to reflect the multi-agency aspect of the industry.
Two key recommendations from the workshop were that:
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
In September 1996 these recommendations were put to Australia's peak emergency management
policy body, the National Emergency Management Committee,l° which agreed:
* 'to commend risk management principles as a tool for use in the emergency management
community';
* 'that emergency risk management documentation based on the risk management standard
should be developed appropriate to the Australian emergency management industry's needs';
and
* 'to incorporate the risk management approach into relevant education and training and
into principles and practice publications."'
Subsequent action was by no means immediate. There was a lack of understanding of the
implications in many areas and a fear that existing concepts and principles, which have stood the
emergency management community in good stead, would be abandoned. What followed was an
extensive period of communication and consultation, an experience which was to be influential
in including these approaches in the 1999 revision of the standard.
Supporting publications
In mid-1996 Patrick Helm, of the Department of the Prime Minister and Cabinet in New Zealand,
published a paper12 in a Ministry of Civil Defence joural. This was important in raising awareness
of the application of the risk management process in the disaster context.
The general risk management approach was not new to New Zealand, which since 1987 had adopted
a policy of sharing risk management between central government and local authorities. The policy
required local authorities to identify hazards in their areas of responsibility and to introduce strategies
to reduce the consequences of disasters. This required a comprehensive approach to loss prevention
and risk management. A somewhat similar scheme has more recently been adopted in Australia,
whereby the Federal government's financial contribution to States to assist recovery from recurrent
disasters is contingent on appropriate mitigation measures being taken at State and local government
levels. The concept has not been universally welcomed by local governments, as they already have
many competing pressures for expenditures. Nor have the New Zealand principles been adopted
universally by local authorities in that country.'3 Nevertheless there is a clear message in both
countries that disaster mitigation is an important component in a total risk management approach to
protecting communities from the effects of disasters.
Helm also noted that risk management '... offers a structured, systematic and consistent approach
that forces the analyst into understanding the total risk picture'. Importantly, he saw that it forms
an overlay on the emergency/disaster process, and here he was challenging the status quo. While
Australia and New Zealand subscribe to the comprehensive approach to emergency management
via the PPRR process, it would be fair to say that the major emphasis in both countries has been
on the capability to respond to disasters. Risk management, however, requires a more thorough
analysis of solutions. For instance, the marginal benefit from the application of resources to both
prevention and response should be equal. Helm emphasized that each step in disaster management
required support '... commensurate with its importance or potential for improving the outcome'.'4
In concluding, he stated that:
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
intervention. But the methodologies used for assessing risk can contribute to understanding
where the most serious components lie. They can point to the more promising control options,
assist policy development, and inform the allocation of resources.15
In mid-1996 an article by Smith et a116 foresaw the possibility of the concept of risk management
providing both a foundation for a cultural shift and a stimulus for integrating services. The authors
saw the move towards the risk management approach as leading to a shift towards prevention
and increased service diversity, to community empowerment and responsibility, and to increased
inter-agency cooperation. They also considered that the major focus in Australia has been on
event management, and so significant capabilities have been developed, using both permanent
staff and trained volunteers, to combat hazardous events. This has inevitably led to further
investment of resources in response capabilities, rather than recognizing a more holistic approach.
This article raised important issues questioning the priorities given to the various PPRR elements,
and recognized the need both for close involvement of the community in risk management
processes and decisions, and for a much greater understanding of the vulnerability of communities
or elements of communities. Hence, in the emergency management context, risk management
can be very much concerned with people, with the impact of a hazard on them and with their
response to a situation.
Papers by Salter, Koob and Tarrant17 were also important in promoting emergency risk
management.
Notwithstanding the influence of the National Emergency Management Committee and its views
on the usefulness of the risk management approach, there was a need to have wide industry
involvement in building a consensus for adopting the risk management approach and in taking
the next step of producing guidelines for emergency risk management. A national steering
committee was formed to develop guidelines which blended traditional emergency management
approaches with emergency risk management.
The Emergency Risk Management Guidelines which resulted follow the various steps in Figure
2, but with some variations. Whereas the standard is directed primarily towards the analysis of
organizational risk, its application to emergency management requires a strong emphasis on
community consultation and involvement. This is in distinct contrast to earlier emergency
management approaches, whose prime focus was on hazard analysis. Such analysis is now part
of a much more comprehensive approach.
Community consultation raises the complex issue of involving residents in identification of the
types of risks affecting them and the probabilities of those risks occurring. The outcome could, for
instance, reveal unperceived flooding risks, with a consequential downward effect on real estate
values, or highlight a small, but nevertheless real, risk of catastrophic dam failure. Such matters
have the potential to attract media attention and to escalate very rapidly to the political level.
The Guidelines are tailored to the emergency management environment in relation to:
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
A key to the acceptance of the emergency risk management approach has been to incorporate
PPRR as options in the treatment of risks - importantly, this is the last step in the sequential
process (see Figure 1). Prevention, preparation, response and recovery each need to be examined,
and the benefits assessed as options, in the light of the judgements made in the risk management
analysis up to that point. The analysis may well lead to the need for greater response capabilities,
but such a decision will be made after comparing the benefits of, for instance, enhanced preventative
measures.
The next step is to apply the approach in a practical way. EMA staff will work with State e
management staff to undertake comprehensive risk assessments at community leve
community areas selected for these studies are the outer Melbourne suburb of Cardinia in
the North-West Tasmania region, a rural town in South Australia and the Jarrahdale-S
Shire, south of Perth in Western Australia. Furthermore, the National Emergency Ma
Committee recently approved a strategic plan which includes an intention to under
studies in each of the eight Australian States and Territories.
If the enthusiasm of participants on the new courses is any guide, the development of an
risk management approach has been worthwhile. However, it is still at an early
implementation and it will be some time before enough people have been through courses
concept to be applied in a business-as-usual way. A major challenge still ahead of us w
ensure that the approach is accepted at the executive level.
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
Conclusion
The publication of the risk management standard in 1995 has provided an extremely use
systematic basis for examining risk. In its application to emergency management, the st
has resulted in widespread critical re-examination of the traditional Australian appro
protection of life, property and the environment. The development, through extensive consu
of emergency risk management guidelines is now providing a completely new basis for exam
risks to communities and for determining treatment options as part of the process. The
still require consideration of traditional concepts of prevention, preparation, response and re
and so the old and the new have been successfully blended together to create an approac
is now being introduced nationally though publications, training and case studies.
Notes
1 Alan Hodges was until recently Director General of Emergency Management Australia, which is
the Federal government agency responsible for reducing the impact of natural and man-made
disasters on the Australian community.
3 Standards Australia, Standards New Zealand (1999) Risk Management, AS/NZS 4360: 1999.
Strathfield, NSW: Standards Association of Australia, p 3.
4 Ibid, p 4.
6 Cross, J. (1995) The Risk Management Standard. The Australian Journal of Emergency Management.
Vol. 10, No. 4, pp 4-7.
9 Emergency Management Australia (1996) Emergency Risk Management Workshop. Mount Macedon
Paper No. 5. Canberra: Australian Government Publishing Service.
10 The National Emergency Management Committee comprises the Director General of Emergency
Management Australia, as chair, and the chairs and executive officers of each State and Territory
peak emergency management committee or other nominated officers
12 Helm, P. (1996) Integrated Risk Management for Natural and Technological Disasters. Tephra.
Vol. 15, No. 1,pp 5-13.
13 Ibid, p 5.
14 Ibid, p 11.
15 Ibid, p 13.
16 Smith, P., Nicholson, J. and Collett, L. (1996) Risk Management in the Fire and Emergency Services
In NDR 96. Proceedings of the National Disaster Reduction conference. Canberra: Institution o
Engineers Australia, pp 377- 87.
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms
Risk Management: An International Journal
19 A company established under Federal government arrangements for the furtherance of education
and training in the public safety industry. Its board comprises employer and employee representatives
from the fire, police, emergency services, defence and emergency management sectors.
This content downloaded from 14.139.189.34 on Sat, 01 Sep 2018 17:10:56 UTC
All use subject to https://about.jstor.org/terms