Transcript Document
Civil Contingencies Act and Risk Management
ALARM South East
11 th MAY 2005 Prepared by Carolyn Halpin Chairman ALARM, t he National Forum for Risk Management in the Public Sector www.alarm-uk.com
The Context
The Civil Contingencies Bill was enacted in November 2004 & creates a statutory duty on Category one responders It is perceived as an onerous responsibility for organisations This presentation is intended to inform members of the “process” prescribed by central government To identify the potential role of the risk practitioner within their employing organisation To identify the potential additional benefits of the act
The Civil Contingency Act
Enacted by the Government on 18 th November 2004, the Civil Contingencies Act (CCA) is designed as an update to somewhat outdated civil defence legislation. The purpose of the CCA is to create a
single framework for civil protection
that will meet the new challenges of the 21 st century through co-operation.
The Act Generally
Defines an emergency as; –
‘A situation or event that threatens human welfare, the environment, political, administrative or economic stability or the security of the United Kingdom’
Local Response Capabilities
The CCA sets out a
‘local response capability’
which outlines 2 categories of services who could respond in an emergency – the
first category
are the core responders and include Emergency Services incl NHS Local Authorities Environment Agency Each of these organisations has been given clear expectations and responsibilities in relation to civil protection.
What are the statutory requirements of the Act?
Demonstrate strong risk management & emergency response procedures for all critical services Demonstrate resilience in all service areas throughout the authority; including contractors & partners Promote business continuity management & resilience to the wider community
Two tests as to whether a response to an emergency is required A responder organisation must perform its duties under the Act in relation to an emergency – Where the emergency would be likely to seriously obstruct its ability to perform its functions – Where the responder would consider it necessary or desirable to act to prevent, reduce, control or mitigate the effects or would be unable to act without changing its deployment of resources or acquiring additional resources
The location of risk assessment in the emergency planning process
National Regional L ocal Risk Assessment Emergency Planning Business Continuity Management Validation of Plans
Local responder risk assessment duty (1)
All category one responders must – Ensure all responders have an accurate and shared understanding of the risks, so planning has a sound foundation and is proportionate – Provide a rationalisation for the prioritisation of objectives – Enable other cat 1 responders to assess the adequacy of their plans and capabilities – Facilitate joined up planning based on consistent planning assumptions – Enable responders to provide an accessible overview for public and officials – Inform and reflect regional and national risk assessments to inform capability development
Local responder risk assessment duty (2)
All category one responders – Must be represented at Local Resilience Forums (LRF) – Must take part in a Multi Agency group of Cat 1 responders – Have a duty to co-operate
The LRF & Community Risk Registers
– The LRF must be populated by top tier representatives from Cat 1 Responders – Follow guidance provided by cabinet office on risk assessment process – Measure Risk by likelihood and impact – The output is a clear accountability framework for all responders - a community risk register
Likelihood data
To be provided centrally from relevant government agency – re flooding- Environment Agency – Security and terrorism-Intelligence agencies (spooks) – DEFRA – Metrology re weather, 100 year storms etc – And so on and so on…..
Impact data
Derived from the consensus of the multi agency group (LRF) – Using local knowledge – Past experience – Regional/local factors
S ix step approach to Risk Assessment - from the guidance
1 Establish the context Identify hazards and threats 2 Analyse risks 3 Evaluate risks Accept risks?
No Treat risks Yes
The LRF Risk Assessment:
Provides a rationalisation for the prioritisation of objectives – The output of the LRF should be a list of expected responses,with responsibilities assigned – This should be taken back to the relevant organisations for them to complete against their own prioritisation needs – Cont.
Enable cat 1 responders to assess the adequacy of their plans and capabilities – The relevant organisation should then be able to determine their tolerance levels to an identified response, considering also the need to continue their own essential services – Use the analysis to identify and prioritise resources – Ensure Business continuity plans exist to support the response and key services – Cont.
Facilitate joined up planning based on consistent planning assumptions – A level playing field approach, ensures proportionality in expected emergencies and responses – Should identify inter dependencies – Should promote a better understanding of the organisations responsibilities, capabilities and capacity
So that’s the theory! Now the Reality Check
LRF – Struggling to define their role and remit in many areas The Representatives - no communication framework or implementation plan back at their own organisations Not necessarily au fait with Risk methodology No real evidence of progress so far…. Unless you know different!!!!!!
What should you be doing to support your organisation
Establish who is your representative on the LRF Meet with them to discuss the process, the progress and how that can be converted into relevant actions Identify the risks of getting it wrong-, political, economic, social , legislative, environmental and reputational!!!!!
Stress the opportunities
The Opportunities???
Clear outline of priorities re CCA BCP for responses and essential services Organic growth of BCP throughout the organisation Resourcing opportunities- internally …externally?
The CCA Is there to enable responders to provide an accessible overview for public and officials It has Statutory requirements to publish risk assessments To publish all or part of the community risk register Must include the risk assessment on which assumptions and planning are based In deciding to publish Security Classification and disclosure of sensitive information can be taken into consideration
Inform and reflect regional and national risk assessments to inform capability development Ultimate goal – a robust and cohesive understanding of capacity and capability to respond to an emergency – Consistent and comparable approach nationally – Understanding of increased capacity resource demands – Sustainable Communities
ALARM
–
the National Forum for Risk Management in the Public Sector At the cutting edge in the 21 st Century www.alarm-uk.com