A practical approach to using risk management as part of post-incident review processes

Risk Management is often used as a tool to consider what could go wrong prior to a scenario occurring. But have you ever thought about using risk management as a tool for reviewing an incident after a disaster or risk event has occurred?

Learning involves inner reflection and analysis of ‘how could we have done this better?’ Approaches to risk management have evolved over time and whilst traditional risk management approaches may have seen an event occurring as a failure of risk management mitigation strategies, quite often there is a trade-off between the level of resources directed at the management of a risk and the likelihood of an event ever occurring. Decisions like these are formulated based on an organisation’s ‘risk appetite’ and with the knowledge and understanding that not all risks can be prevented and mitigated.

Whilst it is important for an organisation to discuss and think about the likelihood and impact of a risk occurring, the truth is it is usually a subjective call. Other questions that may be relevant are ‘how fast could the risk arise?’; ‘how fast could you respond and recover?’; and ‘how much downtime could you tolerate?’. Vulnerability and speed of onset are equally important for how you prepare for a risk event.

Our team recently worked with the City of Hobart in a session held to consider the most recent severe flood incident. This involved several stakeholders taking part in a flood de-brief and going through a series of questions to analyse what improvements could take place if similar risk events were to occur in the future.

A flood event of this magnitude had not been experienced in Hobart in recent history. It took approximately 15 minutes from the initial alert (the activation of the flood alarm located at Collins Street) until the flood over-topped the rivulet walls allowing the water to flow into Collins Street and Campbell Street.

At a high level the City of Hobart undertook to evaluate the event using the following method, with a focus on these themes and questions:

• Were our systems in place and working effectively to identify the possibility of a significant event occurring?
• Did we have adequate incident management plans and policies in place and were they able to be located and actioned?
• Infrastructure – is our infrastructure capable of minimising the impact of incidents of this nature?  Are there any short or long-term requirements for our infrastructure?
• Were the right people available, advised and deployed?
• Were proper procedures followed in notifying other stakeholders/ emergency response agencies?
• What sources of information were available on weather conditions and critical variables?
• What steps were taken to mobilise countermeasures to the emergency?
• Was mobilisation prompt? Could the response time improve? How?
• What resources were available and were they used adequately?
• How were recovery efforts prioritised?
• How did we activate recovery resources both from internal resources and external resources?
• Did we communicate effectively to stakeholders in relation to recovery?

“The workshop allowed us to share learnings and observations in a positive and ‘non-blaming’ environment” said Philip Holliday, Associate Director City Projects, City of Hobart.

“We were able to identify things that were done well and identify opportunities for improvement.”

The process of undertaking a risk management analysis after the event has enabled the City of Hobart to put together a comprehensive document for future use.

Philip continued “The observations, learnings and actions, supplemented by discussions with key City of Hobart staff and external stakeholders, are now being synthesized as part of a formal report on the extreme weather event.”

Maryellen Salter
Director

Images: City of Hobart