Civil Contingencies Act and Risk Management

1
Civil Contingencies Act and Risk Management

• ALARM South East
• 11th MAY 2005
• Prepared by Carolyn Halpin Chairman
• ALARM, the National Forum for Risk Management in
  the Public Sector
• www.alarm-uk.com

2
The Context

• The Civil Contingencies Bill was enacted in
  November 2004 creates a statutory duty on
  Category one responders
• It is perceived as an onerous responsibility for
  organisations
• This presentation is intended to inform members
  of the process prescribed by central government
• To identify the potential role of the risk
  practitioner within their employing organisation
• To identify the potential additional benefits of
  the act

3
The Civil Contingency Act

• Enacted by the Government on 18th November 2004,
  the Civil Contingencies Act (CCA) is designed as
  an update to somewhat outdated civil defence
  legislation. The purpose of the CCA is to create
  a single framework for civil protection that will
  meet the new challenges of the 21st century
  through co-operation.

4
The Act Generally

• Defines an emergency as
• A situation or event that threatens human
  welfare, the environment, political,
  administrative or economic stability or the
  security of the United Kingdom

5
Local Response Capabilities

• The CCA sets out alocal response capability
  which outlines 2 categories of services who could
  respond in an emergency the first category are
  the core responders and include-
• Emergency Services incl NHS
• Local Authorities
• Environment Agency
• Each of these organisations has been given clear
  expectations and responsibilities in relation to
  civil protection.

6
What are the statutory requirements of the Act?

• Demonstrate strong risk management emergency
  response procedures for all critical services
• Demonstrate resilience in all service areas
  throughout the authority including contractors
  partners
• Promote business continuity management
  resilience to the wider community

7
Two tests as to whether a response to an
emergency is required

• A responder organisation must perform its duties
  under the Act in relation to an emergency
• Where the emergency would be likely to seriously
  obstruct its ability to perform its functions
• Where the responder would consider it necessary
  or desirable to act to prevent, reduce, control
  or mitigate the effects or would be unable to act
  without changing its deployment of resources or
  acquiring additional resources

8
The location of risk assessment in the emergency
planning process
9
Local responder risk assessment duty (1)

• All category one responders must
• Ensure all responders have an accurate and shared
  understanding of the risks, so planning has a
  sound foundation and is proportionate
• Provide a rationalisation for the prioritisation
  of objectives
• Enable other cat 1 responders to assess the
  adequacy of their plans and capabilities
• Facilitate joined up planning based on consistent
  planning assumptions
• Enable responders to provide an accessible
  overview for public and officials
• Inform and reflect regional and national risk
  assessments to inform capability development

10
Local responder risk assessment duty (2)

• All category one responders
• Must be represented at Local Resilience Forums
  (LRF)
• Must take part in a Multi Agency group of Cat 1
  responders
• Have a duty to co-operate

11
The LRF Community Risk Registers

• The LRF must be populated by top tier
  representatives from Cat 1 Responders
• Follow guidance provided by cabinet office on
  risk assessment process
• Measure Risk by likelihood and impact
• The output is a clear accountability framework
  for all responders - a community risk register

12
Likelihood data

• To be provided centrally from relevant government
  agency
• re flooding- Environment Agency
• Security and terrorism-Intelligence agencies
  (spooks)
• DEFRA
• Metrology re weather, 100 year storms etc
• And so on and so on..

13
Impact data

• Derived from the consensus of the multi agency
  group (LRF)
• Using local knowledge
• Past experience
• Regional/local factors

14
Six step approach to Risk Assessment - from the
guidance
15
The LRF Risk Assessment

• Provides a rationalisation for the prioritisation
  of objectives
• The output of the LRF should be a list of
  expected responses,with responsibilities assigned
• This should be taken back to the relevant
  organisations for them to complete against their
  own prioritisation needs
• Cont.

16

• Enable cat 1 responders to assess the adequacy of
  their plans and capabilities
• The relevant organisation should then be able to
  determine their tolerance levels to an identified
  response, considering also the need to continue
  their own essential services
• Use the analysis to identify and prioritise
  resources
• Ensure Business continuity plans exist to support
  the response and key services
• Cont.

17

• Facilitate joined up planning based on consistent
  planning assumptions
• A level playing field approach, ensures
  proportionality in expected emergencies and
  responses
• Should identify inter dependencies
• Should promote a better understanding of the
  organisations responsibilities, capabilities and
  capacity

18
So thats the theory! Now the Reality Check

• LRF Struggling to define their role and remit
  in many areas
• The Representatives - no communication framework
  or implementation plan back at their own
  organisations
• Not necessarily au fait with Risk methodology
• No real evidence of progress so far.
• Unless you know different!!!!!!

19
What should you be doing to support your
organisation

• Establish who is your representative on the LRF
• Meet with them to discuss the process, the
  progress and how that can be converted into
  relevant actions
• Identify the risks of getting it wrong-,
  political, economic, social , legislative,
  environmental and reputational!!!!!
• Stress the opportunities

20
The Opportunities???

• Clear outline of priorities re CCA
• BCP for responses and essential services
• Organic growth of BCP throughout the organisation
  
• Resourcing opportunities- internally externally?

21
The CCA
Is there to enable responders to provide an
accessible overview for public and officials

• It has Statutory requirements to publish risk
  assessments
• To publish all or part of the community risk
  register
• Must include the risk assessment on which
  assumptions and planning are based
• In deciding to publish Security Classification
  and disclosure of sensitive information can be
  taken into consideration

22
Inform and reflect regional and national risk
assessments to inform capability development

• Ultimate goal
• a robust and cohesive understanding of capacity
  and capability to respond to an emergency
• Consistent and comparable approach nationally
• Understanding of increased capacity resource
  demands
• Sustainable Communities

23
ALARM the National Forum for Risk Management
in the Public Sector

• At the cutting edge in the 21st Century
• www.alarm-uk.com