Crisis Management Audit Plan
Author: Denys Martin,
MBA, CIA, FCPA
MBA, CIA, FCPA 08/30/99 5:53 AM
No systematic collection of planning information. This includes such aspects as risk analysis,organisational information, relevant laws, company policy procedures and location specificdata.2.
No systematic dissemination of planning information.3.
Failure to identify and establish an incident command structure. This is a common pitfall asmany planners try to fit their organisation into a standard incident command system notdesigned around their particular needs.4.
No, or minimal, coordination with affected entities. Poor communications with externaldependencies such as the community, neighboring industries, identified support entities (fire,police, hospitals, etc.) can lead to confusion and chaos during an emergency. A simple issuesuch as who is the primary contact for offsite agencies during an emergency can cause majordisruption during an incident.5.
Lack of, or poorly defined, Organisational Responsibilities. Failure to provide clear, conciseprocedures defining a person's functions, duties and tasks upon assuming their emergencyorganisation position.6.
Once developed the Plan is not or is, at best, poorly maintained. The Plan may have beendeveloped to meet a regulatory requirement.7.
There is no provision for testing and review or continued evaluation and periodic update of the material. For example, changed information, such as telephone numbers maybe buried invarious paragraphs throughout the plan.8.
The material that was developed is not user-friendly. The plan may contain too muchinformation. Unfortunately, the user has to be a brain surgeon to figure out his/her role in itsimplementation. There should be simple, easy-to-use supplemental materials that can be usedas a quick reference guide during an emergency.9.
Training relevant personnel on the plan and their role in its implementation.10.
The plan needs to be disseminated to the authorities. Failure to include appropriate parties onthe distribution list most often leads to failure on their part to respond in the manner hopedfor.
The risk assessment is the initial step, toward reducing vulnerability. All relevant levels of management should become part of the Crisis Management Plan.This can be achieved in several ways:1.
Senior manager directly responsible to top management and the board of directors. Theformal assignment of a senior manager to the position such as "Crisis Management Plans,Director," or some other appropriate title, can accomplish the initial portion of this item.Additionally, there should be within the individual's job description some measurementstandard to evaluate performance.