Civil Contingencies Act and Risk Management ALARM South East 11 th MAY 2005 Prepared by Carolyn Halpin Chairman ALARM, t he National Forum for Risk Management in the Public Sector

The Context  The Civil Contingencies Bill was enacted in November 2004 & creates a statutory duty on Category one responders  It is perceived as an onerous responsibility for organisations  This presentation is intended to inform members of the “process” prescribed by central government  To identify the potential role of the risk practitioner within their employing organisation  To identify the potential additional benefits of the act

The Civil Contingency Act Enacted by the Government on 18 th November 2004, the Civil Contingencies Act (CCA) is designed as an update to somewhat outdated civil defence legislation. The purpose of the CCA is to create a single framework for civil protection that will meet the new challenges of the 21 st century through co-operation.

The Act Generally  Defines an emergency as; –‘A situation or event that threatens human welfare, the environment, political, administrative or economic stability or the security of the United Kingdom’

Local Response Capabilities  The CCA sets out a‘local response capability’ which outlines 2 categories of services who could respond in an emergency – the first category are the core responders and include-  Emergency Services incl NHS  Local Authorities  Environment Agency  Each of these organisations has been given clear expectations and responsibilities in relation to civil protection.

What are the statutory requirements of the Act?  Demonstrate strong risk management & emergency response procedures for all critical services  Demonstrate resilience in all service areas throughout the authority; including contractors & partners  Promote business continuity management & resilience to the wider community

Two tests as to whether a response to an emergency is required  A responder organisation must perform its duties under the Act in relation to an emergency –Where the emergency would be likely to seriously obstruct its ability to perform its functions –Where the responder would consider it necessary or desirable to act to prevent, reduce, control or mitigate the effects or would be unable to act without changing its deployment of resources or acquiring additional resources

The location of risk assessment in the emergency planning process Risk Assessment Emergency Planning Business Continuity Management Validation of Plans Regional L ocal National

Local responder risk assessment duty (1)  All category one responders must –Ensure all responders have an accurate and shared understanding of the risks, so planning has a sound foundation and is proportionate –Provide a rationalisation for the prioritisation of objectives –Enable other cat 1 responders to assess the adequacy of their plans and capabilities –Facilitate joined up planning based on consistent planning assumptions –Enable responders to provide an accessible overview for public and officials –Inform and reflect regional and national risk assessments to inform capability development

Local responder risk assessment duty (2)  All category one responders –Must be represented at Local Resilience Forums (LRF) –Must take part in a Multi Agency group of Cat 1 responders –Have a duty to co-operate

The LRF & Community Risk Registers –The LRF must be populated by top tier representatives from Cat 1 Responders –Follow guidance provided by cabinet office on risk assessment process –Measure Risk by likelihood and impact –The output is a clear accountability framework for all responders - a community risk register

Likelihood data  To be provided centrally from relevant government agency – re flooding- Environment Agency –Security and terrorism-Intelligence agencies (spooks) –DEFRA –Metrology re weather, 100 year storms etc –And so on and so on…..

Impact data  Derived from the consensus of the multi agency group (LRF) –Using local knowledge –Past experience –Regional/local factors

S ix step approach to Risk Assessment - from the guidance Establish the context Identify hazards and threats Analyse risks Accept risks? Communicate and consult Treat risks No Monitor and review Yes Evaluate risks 1 2 3

The LRF Risk Assessment:  Provides a rationalisation for the prioritisation of objectives –The output of the LRF should be a list of expected responses,with responsibilities assigned –This should be taken back to the relevant organisations for them to complete against their own prioritisation needs –Cont.

 Enable cat 1 responders to assess the adequacy of their plans and capabilities –The relevant organisation should then be able to determine their tolerance levels to an identified response, considering also the need to continue their own essential services –Use the analysis to identify and prioritise resources –Ensure Business continuity plans exist to support the response and key services –Cont.

 Facilitate joined up planning based on consistent planning assumptions –A level playing field approach, ensures proportionality in expected emergencies and responses –Should identify inter dependencies –Should promote a better understanding of the organisations responsibilities, capabilities and capacity

 LRF – Struggling to define their role and remit in many areas  The Representatives - no communication framework or implementation plan back at their own organisations  Not necessarily au fait with Risk methodology  No real evidence of progress so far…. Unless you know different!!!!!! So that’s the theory! Now the Reality Check

What should you be doing to support your organisation  Establish who is your representative on the LRF  Meet with them to discuss the process, the progress and how that can be converted into relevant actions  Identify the risks of getting it wrong-, political, economic, social, legislative, environmental and reputational!!!!!  Stress the opportunities

The Opportunities???  Clear outline of priorities re CCA  BCP for responses and essential services  Organic growth of BCP throughout the organisation  Resourcing opportunities- internally …externally?

The CCA  It has Statutory requirements to publish risk assessments  To publish all or part of the community risk register  Must include the risk assessment on which assumptions and planning are based  In deciding to publish Security Classification and disclosure of sensitive information can be taken into consideration Is there to enable responders to provide an accessible overview for public and officials

Inform and reflect regional and national risk assessments to inform capability development  Ultimate goal – a robust and cohesive understanding of capacity and capability to respond to an emergency –Consistent and comparable approach nationally –Understanding of increased capacity resource demands –Sustainable Communities

ALARM – the National Forum for Risk Management in the Public Sector  At the cutting edge in the 21 st Century 