“Any business plan will not survive its first encounter with reality. The reality will always be different. It will never fit the plan.”
– Jeff Bezos, Amazon
That is why the key to planning lies in creating strategies that are resilient, particularly to deal with unlikely disruptions and events. The likelihood of a complex emergency or crisis situation is a very real consideration for senior managers and security professionals and such a situation can occur with little or no warning, affecting a broad range of people and resources. When such a situation occurs, people feel the need to take action – to respond. Therefore, the governance of emergencies or crisis situations has become part of everyday life.
Organisations are realising that traditional corporate strategies are not protecting them from an unexpected event. Resilience – the capacity to self-organise, to learn and to adapt to disruption – offers a useful mechanism of governing emergency and crisis situations. Resilience has been adopted into policy and response strategies because it provides a response to life-threatening situations and events that cannot be averted in time. Organisations need to be resilient to survive and thrive; they need to be able to absorb an event that necessitates change, to adapt and continue to maintain their competitive edge and profitability.
The viability and sustainability of organisations continues to be tested in a world that is constantly changing and with such change comes a range of new risks, threats and challenges – often unexpected or unanticipated. This has led to a shift in security management practices for emergency events and crisis situations. This new framework recognises that non-professionals are directly and indirectly involved in security practices. Such involvement can range from reporting suspicious behaviour to more active participation in specific resilience practices, including exercises that seek to educate and train potential or likely at-risk corporate populations.
The only way to know if a plan is effective is to use it. The next best thing is to test it through an exercise. Such exercises are critical for any organisation, whether it is a multi-national corporation or a smaller company, so that people learn to function under duress in a safe environment rather than be thrown in the deep end – with only an untested plan!
Conducting regular testing of existing corporate plans through exercises is part of an organisation’s duty of care to its staff and other stakeholders. However, the value of such exercises is often criticised by some senior managers and employees who argue that they are too busy to be away from ‘their real job’! They need to keep in mind they will not have a job to do if the organisation does not or cannot function properly.
Conducted effectively, exercise activities develop the capabilities of managers and employees; they offer opportunities to make mistakes and to learn from them and, in doing so, validate the organisation’s resilience process and build confidence. Exercises provide an ideal opportunity to gain real hands-on experience in a safe and secure learning environment, by using realistic and relevant scenarios. Importantly, conducting relevant and timely exercises helps to evaluate organisational plans to ensure resilience processes are fit for purpose. The other key value of conducting exercises is that the findings provide valuable evidence, particularly for the security professionals in charge of the exercises. In this 21st century of global risks and threats unheard of by previous generations of managers, the development of the human capacity of individual leaders and their enabling teams to handle unplanned eventualities is critical.
The use of well-thought-out exercises helps people in organisations better understand the risks and threats, as well as their own vulnerabilities. Importantly, it allows them to put in place useful, tested and relevant plans that will help them achieve a resilient organisation that has demonstrated its duty of care to its people and other stakeholders.