A report by UNISDR and PwC links cooperation of private sector businesses with public institutions for better disaster planning and responses.
Ensuring business continuity and anticipating and mitigating potential business disruptions have become key parts of large companies’ risk management strategies. Improving resilience to natural disasters through greater cooperation between the private and public sectors is the theme of a report released this week by PwC and the UN Office of Disaster Risk Reduction (UNISDR). The report is tied to a new initiative led by UNISDR and PwC that seeks to link private sector businesses with public institutions for better disaster planning and responses.
The Great East Japan Earthquake inflicted an estimated $220 billion in financial damage in 2011 with clear implications for the future: rising interdependence between systems portends a greater likelihood of systemic shocks that will disrupt ‘business as usual.’ A rash of profit warnings by companies in the wake of that earthquake and then historic floods in Thailand show the extent to which such risks impact not only infrastructure, property, water and agriculture but entire supply chains, according to the report, entitled ‘Working together to reduce disaster risk.’
The backdrop for these warnings is the projected increase of natural disasters occurring as a result of climate change in the decades ahead. The indirect impacts of natural disasters that companies are more apt to suffer magnify losses around the world stemming from commodity price hikes, supply chain interruptions, dislocation of workforces, damage to assets and lost or impaired infrastructure.
PwC and UNISDR chose 14 global companies, including Citigroup and General Electric, to participate in a pilot assessment of their risk management practices. The study revealed that companies’ understanding of and ability to manage risks in local supply chains was far behind the quality of the practices they had established for reducing disaster risk for corporate-owned assets.
Even companies with well-established risk management systems need to do more to fully protect themselves against natural disasters. Despite the fact that many large enterprises have amassed extensive know-how in dealing with recognized risks, ‘large businesses have such a large footprint that their value chain is increasingly exposed to natural hazards that go beyond the internal and external boundaries of their [enterprise risk management] sphere,’ according to the report.
The initiative is based on a three-pronged framework for managing disaster risk that encompasses companies understanding their risk exposure, knowing the ways they can respond using technologies, the skill sets of staff and processes they’ve put in place, and creating an enabling environment both inside and outside the company to facilitate cooperation with public institutions.
Since smaller, more vulnerable businesses in developing countries typically lack the capacity to strengthen their risk management and overall supply chain practices alone, global companies need to consider sharing the risk with them, the report said.
Companies can benefit from collaborating with public institutions at an early stage according to the DMR framework. By doing so, companies can more easily understand the complexity of the environment they operate in and plan appropriate responses to local risks and threats.
Some of the systems in use by participating companies suggest possible best practices that all multinationals with business operations in numerous countries might benefit from. For example, one company has created an application, accessible by iPad, that shows a heat map of each of its several hundred work sites around the world and allows the compliance level in each location to be charted against the company’s internal risk standards. Positive and negative incentives have been established to ensure that local business units make the required efforts to comply, and independent audits are done annually to confirm each site’s level of compliance. With this tool, the company is able to quickly grasp the 20 top threats it currently faces and identify their most exposed assets worldwide.
Other companies have developed processes and put the necessary technology in place to enable remote access to work, whether through home offices or advance reservation of hotel rooms outside the anticipated strike zone of hazards such as Hurricane Sandy. Some companies are going beyond just asking suppliers to provide business continuity plans: they are setting a minimum level of service if a disaster hits by doing regular audits on critical suppliers’ operations to increase pressure on them to ensure a minimum level of compliance.
Still other companies have begun to fill key roles in their crisis management or emergency response teams with people who have experience in managing public sector crises. The companies expect this initiative to enhance the way a crisis can be managed collaboratively with the public sector.
Participating companies said that top management often bought into DRM initiatives only after a disaster had occurred and when the company experienced first-hand impacts. The companies surveyed also said that the best calls on risk are made locally and it’s critical that local management be in communication with senior management on a regular basis and that their concerns be dealt with quickly. Incentives that increase motivation to weigh potential but low-probability threats are needed to create a culture of risk preparedness within companies. Having risk managers and business continuity staff define key performance indicators to measure whether efforts made are consistently implemented and regularly updated is also necessary.
During the second phase of the disaster risk management initiative over the next two years, the public and private sectors will determine how to collaborate on resilience measures, exchange views, define best practices, discuss policies and eventually establish roadmaps to implement systems globally, regionally and locally.