Three-quarters of the 302 senior corporate executives surveyed in mid-2007 reported that their companies had emergency preparedness plans. The survey, which was sponsored by the Department of Homeland Security (DHS), polled executives responsible for security, business continuity, crisis management and emergency response efforts.
The survey was divided into three categories: small businesses ($5 million to $50 million in annual sales), mid-market ($50 million to $1 billion in sales) and enterprise ($1 billion or more in sales).
Size Matters
The Conference Board’s report indicates that larger companies are more likely to have implemented emergency preparedness procedures. For example, approximately 75 percent of enterprise-level companies conduct regular risk audits, mitigation and activation of their backup facilities, while two-thirds undergo regular tabletop exercises.
In comparison, survey results from mid-market companies reveal that 69 percent of these companies conduct annual risk audits; 53 percent conduct regular mitigation activities and backup site activation; and only 31 percent conduct tabletop exercises at least once a year. Fewer than half of small businesses report that they conduct any of these activities on an annual basis.
Companies at the enterprise level also are more likely to have implemented business continuity plans and written plans for crisis communication, among other procedures.
However, while a higher percentage of large companies have written emergency preparedness plans (92 percent, compared to 72 percent of mid-markets and 58 percent of small businesses), these companies are not more likely to have gained formal board approval for the plans. Only one-third of enterprise-level companies have plans that were formally approved by the board, compared to approximately half of mid-markets and 44 percent of small firms.
“It is quite surprising that so few large companies have board approval on their emergency preparedness plans,” said Thomas Cavanagh, senior research associate of global corporate citizenship at The Conference Board. “This could be because in larger companies, emergency preparedness is considered an operational rather than a strategic issue, so it may not be considered essential to send it to the board for review.”
Common Plan Procedures
The report also revealed which emergency preparedness elements or procedures companies most often incorporated into the plans. Crisis communications, for example, was the most commonly included item, as reported by 91 percent of survey respondents.
Evacuation procedures (89 percent), securing access to facilities (77 percent) locating employees (75 percent), first aid (65 percent) and liaison with first responders (64 percent) represented other items often included in emergency preparedness plans.
The survey also revealed how many companies:
- Regularly update emergency contact information (83 percent);
- Conduct fire/evacuation drills at least once a year (81 percent);
- Maintain off-site storage of data and documents (81 percent);
- Maintain a phone tree (62 percent);
- Have a travel management system (42 percent);
- Have plans for legal representation (42 percent);
- Have plans to cope with stress/trauma (39 percent); and
- Provide emergency survival kits to employees (21 percent).
Companies Not Using Proposed Standards
The report indicates that while many companies develop emergency plans, they are not using the standards that may one day be proposed for certification.
“Currently, the most significant finding is that none of the many standards proposed for certification has attained widespread usage in the private sector,” said Cavanagh.
The choice of standards that would permit certification currently is under review. It is expected that several different standards may qualify for certification, the report said.
The survey’s most commonly cited standard was the ISO information security standard, which was implemented by 23 percent of surveyed companies. NFPA 1600, the National Preparedness Standard, followed with 20 percent. Three other standards each were implemented by 12 percent of companies.