WORLD TRADE CENTER LESSONS: RISK MANAGEMENT LESSONS FROM THE WORLD TRADE CENTER
Section snippets
Contingency planning lessons
There have already been several reports on the contingency planning mistakes made by affected organizations — not only those in the Trade Center (WTC), but also those in the immediate vicinity and those that lost business continuity as a result of the much wider infrastructure failures. The reports draw on interviews with the organizations concerned, feedback from user-group meetings and studies by consultants involved in the recovery process.1
THE PEOPLE DIMENSION
Prior to 11 September, one of the unspoken assumptions behind many recovery plans was that all that would be lost was access to critical business premises or functions, and that the employees would be both physically and mentally unharmed. The fallacies surrounding this assumption had already been exposed in countless disasters, but, possibly because of the seemingly impossible task of compensating for significant injury or trauma, most plans paid, at best, lip-service to the issue. The
REPUTATION RISK MANAGEMENT
Organizations that are in the centre of an incident of considerable public attention, such as the WTC attacks, may well find that their every move is carried out in the glare of media attention. This applies not only to the immediate aftermath of the incident, but also to the handling of moral issues such as compensation for employees or their dependents, or severance terms for employees made redundant because operations have to be terminated.
This issue has already emerged with WTC where, over
RISK IDENTIFICATION — MOVING OUT OF YOUR COMFORT ZONE
That which has not been identified cannot be managed. Therefore, the starting point of any risk management exercise is risk identification. Whether an attack of this nature, or the loss of both towers, could or should have been anticipated is an incident-specific argument that may well continue for years. However, the real risk management challenge is the extent to which the possibility of the unthinkable should force organizations outside the comfort zone of the risks with which they are most
MERELY IDENTIFYING RISKS IS NOT ENOUGH
Much evidence is emerging of the significant inaction at a state level to respond to known terrorist risks3. James Woolsey, a former director of Central Intelligence, has said that the 11 September attack, “was a systematic failure of the way this country protects itself”. He amplified this, saying, “It’s aviation security delegated to the airlines, who did a lousy job. It’s a fighter
References (0)
Cited by (1)
Designing information system risk management framework based on the past major failures in the Japanese financial industry
2008, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)