NYU's InterCEP: Leading The Discussion On Private Sector Preparedness And Business Continuity

Editor: Mr. Raisch, would you tell our readers about your professional experience.

Raisch: I have had the opportunity to see the corporation from a diversity of perspectives, and this has significantly aided my current work in business preparedness. I have found that a fundamental business sense is vital to effectively championing the value of preparedness across the organization.

After finishing an M.B.A. at Cornell in 1981, I initially focused on management consulting, which gave me an exposure to projects across a variety of disciplines. I moved on to Wall Street, where I finished up directing strategic planning for Smith Barney International.

In the early 90s, I returned to project consulting and began to develop a focus on corporate safety, security and risk management. During that time, I developed several programs and educational outreaches focused on this area. This work led to my serving as advisor for private sector preparedness to the 9/11 Commission. Part of that effort entailed working with the Commission to convene business and government roundtables to address private sector preparedness, and out of that the Working Group on Private Sector Preparedness was formed. As its chairman, I was able to draw upon a considerable pool of experience and develop a number of recommendations to the Commission on business preparedness that were later reflected in the final report of the Commission.

Editor: Please tell us about NYU's International Center for Enterprise Preparedness - InterCEP. Why was it founded?

Raisch: Our Center was founded to answer two questions: what and why. These two basic questions came out of the 9/11 roundtable sessions with business. Corporations wanted to know "what" is business preparedness and "why" should a business prepare? As I will discuss later, legal ramifications form a very important part of the "why."

Post 9/11, businesses were confused as to what the critical elements of preparedness were; they complained that there were as many strategies on preparedness as there were consultants. Businesses also were looking for a compelling business rationale for preparedness that went beyond "it's a good thing to do" and addressed the bottom-line, especially if staff time and other resources had to be invested to implement any preparedness efforts.

The final recommendations of the Commission laid out proposed responses to each of these central questions. A voluntary National Preparedness Standard was recommended by the Commission to address the question of "what" is preparedness. And a number of incentives were recommended to lay the foundation for the "why" of preparedness. These were only proposals for future action, however.

Recognizing that there was much to be done to make these recommendations a reality, the International Center for Enterprise Preparedness (InterCEP) was established in the fall of 2004 as the first academic center dedicated to private sector preparedness. I am honored to serve as its founding director.

Editor: Is there any validity to the proposition that this is all the problem of the government?

Raisch: Absolutely not. You cannot and should not rely on the government to protect your critical business functions. Fires, black-outs, hurricanes, workplace violence and the multitude of other crises regularly impact both the public and private sectors.

The government may send the fire trucks to put out the fire at your building, but if all your data has gone up in smoke without any kind of back-up or a contingency plan, you are out of business, and the government cannot do anything about it.

We are all in this together: businesses, government, not-for-profits and the average citizen. We all need to make intelligent decisions based upon the risks we face day-to-day.

Editor: How does InterCEP generate its funding?

Raisch: The seed funding to establish InterCEP came from the U.S. Department of Homeland Security as part of a larger initiative looking at disaster preparedness and response here at NYU. Homeland Security continues to fund special projects, but we also receive funding from both corporations and foundations interested in advancing key initiatives in business preparedness. The Alfred P. Sloan Foundation, for example, has provided a $1.3 million grant to advance our work in developing high impact incentives for businesses to address preparedness.

Editor: What kinds of programs does InterCEP undertake?

Raisch: "Active research" and education are our central activities. A key example of the "active research" approach is our initiative in developing high impact incentives for business preparedness. Our initial activity entails identifying existing economic and other benefits that accrue to businesses when they prepare for emergencies. To do so, we bring together stakeholders and industry and subject-matter experts in dedicated forums to identify not only economic drivers but also the context within which business looks at preparedness. Once we have defined current "existing" incentives for preparedness, we actively work with key stakeholders to create "new" incentives. We are initially focusing on the following areas in this regard:

1. Legal incentives: We are working with corporate counsel from major corporations, members of the American Corporate Counsel Association and other key stakeholders to identify the downside legal costs of poor corporate preparedness in terms of litigation costs, settlements, etc., with an emphasis on negligence tort exposure. Together we are also working to define a strategy for an affirmative defense that would lay out how a company could prepare in advance for crisis based upon the widely recognized National Preparedness Standard (NFPA 1600), and, by documenting its actions, mitigate its exposure to litigation after an emergency. We especially welcome involvement from your readership in this initiative.

2. Insurance incentives: We are working with leading insurance companies, brokers and the corporations that pay for insurance to make a closer connection between undertaking business preparedness and receiving benefits in insurance pricing and terms.

3. Rating agency acknowledgement: In our interaction with the leading rating agencies, we actively promote the acknowledgement of corporate preparedness in their underwriting of companies and assessment of creditworthiness. All other things being equal, companies that have undertaken preparedness programs are arguably more capable of repaying their debts than those that have not.

Our other research projects include public-private information sharing, best practices in business preparedness, measurement of preparedness, and bringing private sector resources to public disasters.

With respect to our educational outreach, we are evaluating a risk management program to complement our existing 21-city business preparedness training program. We also regularly hold special roundtable sessions between government and the private sector on topics of importance.

Editor: And the audience?

Raisch: A good example of the public and private stakeholder theme that we promote can be seen in the International Public-Private Preparedness Summit that we held at our campus in Florence. Representatives from 16 countries attended, and they included professionals from a variety of governmental agencies, civil defense and emergency management personnel - the Under-Secretary General for United Nations Safety & Security - NGOs such as the World Economic Forum and, of course, our core constituency, which includes many leading global corporations.

Editor: Do you differentiate between the risk of natural disasters and terrorist attacks?

Raisch: No, not at least in terms of developing the core preparedness program. While terrorism has received a great deal of attention of late, the reality is that we face a variety of other threats with higher probability and greater potential impact than a terrorist attack. The core elements of an effective business preparedness and continuity program reflect an all-hazard strategy . Rather than develop one set of plans for terrorism and another for hurricanes and another for a black-out, the strategy promotes the development of a common set of functional responses, irrespective of the source of the crisis. This avoids trying to prepare for every conceivable eventuality and promotes a focus on core capabilities . A core response program should be developed first and then tailored to the individual threats that are perceived as most threatening.

Editor: The American National Standards Institute - ANSI - has developed a National Preparedness Standard for private sector emergency preparedness and business continuity. Can you provide us with some background on the Standard?

Raisch: This Standard is essentially a consensus-based guideline that provides a list of key elements that should be present in any organizational preparedness program - whether your organization is in the private or public sector. Development of the Standard began in 1991 with significant input from both business and the government.

When the 9/11 Commission asked ANSI for the best existing guideline on "what" organizational preparedness is, ANSI hosted several months of meetings and then recommended this Standard on Disaster/Emergency Management and Business Continuity (NFPA 1600). A free copy is available at www.nfpa.org.

The 9/11 Commission recommended the Standard in its final report, as did then Homeland Security Secretary Tom Ridge, and it was reflected in the 2004 national legislation for intelligence reform.

There is a substantial amount of flexibility inherent in the Standard, so it can accommodate both a modest operation and a major multinational enterprise.

Editor: The Standard is voluntary. What can be done to encourage private sector enterprises to implement it?

Raisch: Our "incentives research," referenced earlier, outlines some of the existing and evolving benefits of implementation, including mitigating legal liability, insurance benefits, rating agency acknowledgement, and so on. The most compelling rationale, however, remains business survival. Research suggests that even brief periods of business outage can result in long-term loss of customers. Furthermore, the full cost of a business disaster can never be covered by even the best insurance coverage. Damage to reputation and the effect on employees, suppliers and investors can linger for prolonged periods.

Editor: What is its status today?

Raisch: Acknowledgement of the Standard is steadily growing. I mentioned the 21-city annual series of business preparedness workshops - these focus on the NFPA 1600 Standard. Hundreds of companies have attended to learn how to implement the Standard in their organization. Furthermore, the Standard is also being considered as an input to international efforts by ISO, the international standards organization.

Editor: What about the future? What kind of progress do you see on this initiative over the next couple of years?

Raisch: It is, of course, an evolving process, but I think we have made the point that preparedness and business continuity speak to the survival of the organization. I believe that the private sector now understands this, if it did not prior to 9/11. Over the next couple of years I believe we will see a clear connection between preparedness and insurance. Likewise, we will see the emergence of a clear legal rationale for preparedness. With these themes now in wide circulation, I think that organizations of all kinds are reflecting on the fact that emergencies occur with some regularity. And globalization is only heightening the vulnerability of the corporation to crisis. A company that once only worried about the local community or the region in which it functioned now must think about overseas operations in places undreamed of in an earlier day, places subject to both the vicissitudes of nature and man-made threats, including terrorism.

Editor: Is there anything you would like to add?

Raisch: I would like to invite your readers to consider participating in our initiative. In most corporate settings, general counsel and the members of corporate legal departments are often involved in addressing the risks that we at InterCEP are trying to address. Their experience and insights would be of great value to us, and I am certain that the expertise that we have gained in recent years would be of great value to them. We can be reached at (212) 998-2000, and we are online at www.nyu.edu/intercep.

Published .