Are There Walruses in Your Risk Management Plan?

by | January 10, 2018

Gordon Graham here. As I promised in my last piece, I want to spend some time covering each of the 10 Families of Risk and get you thinking about what specific risks apply to you and your organization in each of these families, and what control measures you have (or should have) in place to address each of the identified risks.

Family One is the External Risks. This is the most difficult family of risk of the 10 that we face in public safety operations because we have little or no control over these risks. Weather is an external risk. Pandemics are an external risk. Immigration and emigration are external risks.

If you have refineries in your vicinity, that is an external risk. If your community is adjacent to an ocean, that is an external risk. If your community is in the flight path of an airport, that is an external risk. If you have an interstate highway or train tracks or pipelines going through your community, that is an external risk. And of course, terrorism is an external risk.

So the challenge becomes identifying the external risks you face, and then making sure that you have control measures to address those risks. Hopefully most of these risks are addressed in your community disaster management plan, in which you have laid out the nature and scope of the risk and what to do in the event that the “unthinkable” event occurs.

I think it was Mike Tyson who said, “Everyone has a plan until they get punched in the mouth.” While he was talking about the sport of boxing, his words are applicable to disaster preparation. In my 40-plus years reviewing responses to wildland fires, earthquakes, riots, plane crashes and similar tragedies, I have witnessed a lot of great plans that fell apart after the punch in the mouth.

To prevent this from occurring, you need to ensure today that your risk management plan is in fact viable. Are your plans properly designed? Are they up to date? And do your people know what their specific role is when the risk management plan needs to be implemented—in real-time and under a lot of pressure?

I commend to you a great book: Disastrous Decisions by Dr. Andrew Hopkins. Please take a close look at the mess that British Petroleum got involved in following the oil well blowout in the Gulf of Mexico. Read the chapter regarding the “well written” disaster management plan that BP had in place for such an event. Pay particular attention to the several pages in the book regarding the importance of protecting walruses in the Gulf of Mexico in the event of an oil spill.

For those of you who are not familiar with aquatic life and what type of species can be found in what bodies of water around the world, there are no walruses in the Gulf of Mexico. What we later learned was that BP took an existing disaster management plan from the North Sea and essentially did a “search/replace” exercise to create a separate “new” plan for their work in the Gulf. This combination of laziness and arrogance was appalling. Sadly, I have seen similar “search/replace” efforts in public safety agencies in our nation.

Let me wrap up this piece regarding external risks with some thoughts about terrorism. The truth is that if someone in your community wants to behave badly, they are going to do so. In a free society it is very difficult to prevent “external intentional misconduct”—and that is what terrorism is.

While it is difficult to prevent, we can thwart it by using two techniques: vigilance and random irregularity. We must be vigilant! Sadly, vigilance wanes over time and complacency becomes the norm, until the terrorist act occurs, at which point we once again become vigilant. Another great book, Predictable Surprises, details this cycle with disaster and complacency.

Next, we need to instill in all of our people the value of “random irregularity.” Within your standardized best practices, please do not become too predictable on where you eat and where you park and how you respond to calls. All bad people have done throughout history is to study their intended targets and look for patterns. Then they exploit those patterns to help achieve their nefarious goal, whatever it might be.

I look forward to sharing some thoughts on the second risk family—Legal and Regulatory Risks—in my next article. Until then, please remember that real risk management is an important part of your future success.

TIMELY TAKEAWAY If the first time your department personnel meet employees from other departments in your jurisdiction is after a tragedy occurs, that is too late. There are a lot of very well written papers on the value of “pre-incident” exposure to each other. The mere fact that someone knows your first name will help facilitate a better response to a tragedy in your community. Please organize some events in which your people will get to know each other prior to a tragedy.


GORDON GRAHAM is a 33-year veteran of law enforcement and the co-founder of Lexipol, where he serves on the current board of directors. Graham is a risk management expert and a practicing attorney who has presented a commonsense risk management approach to hundreds of thousands of public safety professionals around the world. Graham holds a master’s degree in Safety and Systems Management from University of Southern California and a Juris Doctorate from Western State University.

More Posts
Share this post:

The Briefing – Your source for the latest blog articles, leadership resources and more