Programmatic Continuous Improvement for Organizational Emergency Management and Business Continuity – A sustainable approach to ensuring your organization is not a “Paper Tiger”

Emergency Solutions International is privileged to work with firms around the world who need to ensure that when the time comes, their Emergency Management and Business Continuity Program and Plans support leaders to protect the organization and often times, the community.

Paper Tigers and Red Flags
In 1828 Robert Morrison a missionary and lexicographer translated the Cantonese phrase “a Paper Tiger”.  Later in a 1946 interview with an American journalist, Mao Zedong introduced his idea of Paper Tigers in referring to reactionaries within the US who appeared to threaten and create power through nuclear capability, but were in reality “…not so powerful”. Ten years later, as Chair of the Communist Party, he revived his (Zhilaohu) Paper Tiger illustration referencing American imperialism saying, in appearance it is very powerful but in reality it is nothing to be afraid of. “Outwardly a tiger, it is made of paper, unable to withstand the wind and the rain. I believe that it is nothing but a paper tiger”. Bottelier, Pieter (April 9, 2018) Economic Policy Making in China.

On a regular basis you see it on local and national news, organizations who were doomed to fail when faced with a crisis.  Executives are ill prepared for their “CNN moment”, statements to the media are fragmented and not aligned with stakeholders. Stock prices are falling, interviewed “experts’ are commenting on what should have been done or said.  Regulators are throwing the firm under the bus and making bold statements on holding the organization to account or ensuring justice on behalf of citizens. Citizens are being interviewed by clotheslines or in front of the grocery store about not being told what was going on.  Pundits are not sure that the “Brand” will recover.  All of these unfortunate organizations have one thing in common: their emergency management Program and Plans were, before the incident “Paper Tigers”.  They held the illusion of preparedness, but when it was time for leaders to use them, they were not worth the paper they were written on.

A “Red Flag Warning” comes to us from the context of the US National Weather Service where Red Flag or Fire Weather Watch is issued when a combination of dry fuels and weather conditions support “extreme fire danger”.

Often a new client comes to us following an incident which has not gone well; perhaps the corporate brand has been affected or stakeholders were not happy with response.  At times staff may have been challenged as far as their confidence or competence in handling the situation.  In some instances, there is increased long term scrutiny or loss of confidence by a Regulator, who has the power to fine or at minimum occupy key members of the organization in compliance requirements often over a long duration.  Other times the corporate “Brand” is affected or there may have even been a loss in share value if the firm is publicly traded.

“May I read your Emergency Management and Business Continuity Program document?”  “You mean our Plan; the regulator or insurer requires us to have a Plan?”  This indeed, my friend, is a resiliency “Red Flag”.


The Path Forward for Organizational Resiliency

Committing to an annual cyclical regimen of Planning, Training, Exercise and Evaluation is the key to ensuring that there is a continuous improvement philosophy and the organizational leaders are prepared to lead through crisis, when risk becomes response.  The risk scenarios themselves don’t matter; whether you are managing an environmental release, tainted food product, cyber threat or corporate scandal; the fundamentals of programmatic preparation, response and recovery are constants.

Program Best Practice

Before planning documents can be created, firm underpinnings of a Program document, identification of a Program Leader and a Program Committee must be supported by the senior leadership team and organizational leader.  After reviewing the requirements of the regulator, insurers, board etc., with regard to best practice, leaders may identify whether the organization is referring to standards like CSA, NFPA, ISO and/or regulator specific requirements.  A current state assessment and gap analysis may be viewed through a consolidated “Resiliency Report Card”, which assists the Program Leader to analyze the comprehensiveness of the Emergency Management and Business Continuity Program:

  • Does your organization conduct a risk assessment which encompasses an all-hazard approach and include the identification of hazards, evaluation of risks, and the likelihood and severity of their occurrence?
  • Does your organization comply with applicable legislation, regulatory requirements, orders, directives, and policies up to your level of expectation?
  • Is there a defined Emergency Management Planning Committee?
  • Are Staff trained in your organization’s Emergency Management and Business Continuity Plan as part of the onboarding process and then annually?
  • Has your organization developed and implemented public awareness and education programs where the public is potentially impacted by a risk scenario or incident?
  • Does your organization conduct audits and reviews at planned intervals to determine conformance and effectiveness of the implementation and maintenance of the program and its component parts?
  • Does your organization conduct tests to confirm the functionality and interoperability of critical systems, equipment, and technology?
  • Is there a senior management review on the emergency and continuity management program at planned intervals to ensure its continuing suitability, adequacy, and effectiveness?

Emergency Solutions International provides a free organizational self-assessment tool for your team to start your resiliency analysis; the outcome is a Resiliency Report Card.


Crisis Management Organizational Structure

Regular Operations:

Each year most organizations put a tremendous amount of effort into ensuring that the operational organizational structure lines up with their mission, objectives and stakeholder expectations.  The retirement of a key leader oftentimes results in a cascading movement of key staff members to ensure the organization stays on course.  At the granular level, position descriptions are refined to ensure key functions and interdependencies between positions are recognized and result in team success.

Crisis Operations:

During an organizational crisis or emerging threat, it is critical that leaders identify the risk, rate the level of severity based upon pre-determined criteria and shift the regular operational organization into the crisis management organization.  Through the shift defined within the organizational Program and Planning documents, leaders and key technical specialists leave behind their daily routine, come together into a team and don the pre-identified crisis management roles. The integration of the Incident Command System (ICS) or Incident Support Model (ISM) at the Executive Level is key to understanding the delineation of roles and responsibilities now that the organization has activated its emergency or business continuity plan.  The system adopted defines the leader who will have the ultimate authority to approve the incident action plan and ensures objectives are achieved in a timely fashion while remaining within the policies set for the team by the Board or “Agency Executive” or often times the Corporate President or CEO.  Reporting to the Leader, staff may be formed into 5 functions, individuals or teams of individuals set up within the Program and Plans including:

  • Public Information/Crisis Communications
  • Situational Awareness
  • Planning Support
  • Resources Support
  • Centre (Emergency Operations/Coordination) Support

(Credit NIMS/FEMA)

For those organizations choosing to use an ICS like model the positions/functions may include: Liaison, Safety, Information, Operations, Planning, Logistics and Finance/Administration.  The point is that it is important to know in advance and have leaders trained to step away from their regular operational role and now become say a “Planning Chief”.

If you are not familiar with the principles and lexicon of language around the Incident Command System, the 2.5 hour certified Incident Command System for Executives course may be important for you and your organization.  It may be accessed at

Crisis Documentation:

Whether your team is managing a crisis in person at an Emergency Operations/Coordination Centre or virtually through perhaps MS Teams (Virtual EOC), it is key that there be a number of different layers of record keeping and situational awareness systems to ensure sound tracked decisions, actions and communication to stakeholders or “Parties of Interest”.  It is highly recommended that your organization consider the use of trained “Scribes” to ensure that there is a structured approach to record keeping and that it is not up to the leaders and decision makers to track their own records which inevitably will not happen should the crisis become fast paced and challenging.  Training is critical for both Scribes and the positions within the crisis management organization to whom they would be assigned.

If you are not familiar with the principles and lexicon of language around the position of Emergency Management Scribe, the 1.5 hour introductory course may be important for you and your organization.  It may be accessed at

Training and Validation:

An annual programmatic, sustainable cyclical regimen which includes defined training for leaders ensures they are comfortable and competent within the roles they are given during a crisis.  Having clear delineation of crisis organization roles, assumed by operational personnel based upon their everyday position in the organization, is the start.  For example, ESI assists firms to write language into Position (Job) Descriptions, to represent the role that position will switch into when a crisis starts to unfold.  This is a fundamental piece of the preparedness model which sets up for program elements like training based upon role and annual performance discussions where the employee and their supervisor will formally discuss the employee’s confidence and trained competence within not just their operational but crisis management role.

Here’s the fun part, let’s make sure we do not have a Paper Tiger through simulating our risk scenarios identified in our organizational risk assessment.  Broadly over a five-year period staff who would be expected to manage a crisis, should have the opportunity to practice together the management of realistic simulations to build confidence and competence.  At first, simulations may be basic and discussion based, then as confidence builds ½ day table-top exercises.  In the fullness of time, longer duration exercises and if there is a “field” component to the risk the organization faces, a functional or full-scale exercise.  Objectives are set for the simulation in advance.  Strategic objectives are linked to validating areas of the Program.  Tactical objectives allow participants to take action, practice and validate the Plan and any Job Aids, or as we at ESI like to call them, Quick Response Guides created to help the humans cope at four in the morning.  The simulations are

  • For practice
  • Validate the Program and Plans
  • Do not present trap doors or “test” the participants
  • Are set at a level of complexity based upon the current state of the existing Program and capabilities of the participants (challenging but achievable).

Following the exercise there will be a structured debrief and resultant after action review which charts findings, areas of refinement and recommendations.  Typically, these capture training needs, required revisions to Program and Planning documents and strategic next steps for the upcoming period or year.


Organizational leadership is key to ensuring that there is a sustained and continuously improving Emergency Management and Business Continuity Program.  The adoption of common principles and a crisis management organizational structure like the Incident Command System is critical to making sure that everyone stays in their lane and works efficiently during a crisis.  Finally, validation of the Program (Gap Analysis and Resiliency Report Card) and enabling staff to practice their roles is essential to ensure that your organization has not created a “Paper Tiger”.


About the author:

Mark leads the ESI team in conducting risk assessments, training, program, and plan review, exercise scenario development, exercise facilitation, and evaluation as well as compiling final After Action Review documentation and recommendations. Under Mark’s leadership, there have been six (6) Federal research and development projects conceived and executed by the ESI team. Service has been provided for various critical infrastructures, such as Port Saint John, Point Lepreau Generating Station, Canaport Liquefied Natural Gas, Saint John Energy, as well as corporations like Atlantic Potash, Mead Johnson Nutrition, and the Mosaic Company.