For decades, the burden of assessing potential
Risk and crisis
management in
facilities: emerging
paradigms in assessing
critical incidents
Laurence Barton
and Donald Hardigree
The authors
Laurence Barton is Director of Issues Management for
Motorola, Inc., a global technology leader based in
Schaumburg, Illinois, USA. He is the author of Crisis in
Organizations.
Donald Hardigree is Professor and Chair of the Institute
on Risk and Insurance at the University of Nevada, Las
Vegas, Nevada, USA, and a Consultant to several large
corporations.
Abstract
Provides an analysis of why facility managers need to have
risk management in the business world today. Details how
the risk manager’s duties differ from those of the crisis
manager – while the risk manager assesses potential
incidents, the crisis manager actually manages a crisis
environment. Discusses stockholder business and legal
environments, then analyses the chemical waste manage-
ment and crisis response requirements of different organi-
zations.
Facilities
Volume 13 · Number 9/10 · August 1995 · pp. 11–14
© MCB University Press · ISSN 0263-2772
11
organizational risks and exposures has been
shouldered by insurance specialists, either
internal or external to the company. Risk-
handling devices, notably insurance and self-
insurance, have provided some degree of
comfort that an organization could withstand
the financial impact of a disaster, although
such false confidence has caused multiple
problems for both multinational and small
facilities alike[1].
In recent years, the field of crisis manage-
ment has emerged in the corporate landscape;
companies such as British Petroleum, MCI,
First Interstate Bank, Perrier, and numerous
others, have created the function of director of
crisis management to perform the concurrent
tasks associated with both preincident risk
assessment and at-need operational crisis
direction. This synergy offers both challenges
and opportunities for facility managers, as
well as for the insurance community.
The amalgam of disasters in this analysis
includes workplace violence, product recall,
terrorism and environmental accidents as
listed below:
• fire;
• bomb, or bomb threat;
• flood;
• hurricane;
• hostage taking;
• robbery;
• chemical leak, or spill;
• sick building syndrome;
• construction accident;
• wall collapse;
• extended loss of utilities;
• contractor/worker fatality;
• authority suspension of construction
licence;
• earthquake;
• sabotage.
The article will also focus on several models
now underway and offer analysis on how
organizations are attempting to identify the
best model for administering these functions.
Specifically, a case review method will identify
organizational approaches towards facility risk
and crisis management.
Why risk management?
A frequently cited objective of risk manage-
ment is the effective planning of resources
The views expressed are solely those of the authors
and are not necessarily representative of the policy
of their employers.
 Risk and crisis management in facilities
Laurence Barton and Donald Hardigree
needed to recover financial balance and oper-
ating effectiveness after a facility loss[2].
Traditionally, risk managers implemented
sound, efficient fiscal management prior to
the occurrence of a loss, such as through the
use of property and casualty insurance, or
other loss-funding arrangements. An estimat-
ed 21 per cent of all multinational firms also
engage outside experts to conduct a detailed
risk assessment that evaluates and ranks
facility vulnerability to such issues as sick
building syndrome, roof or wall collapse,
contractor accident, toxic chemical spill, and
numerous other calamities.
However, the above does little to assist the
corporate risk manager in deciding what falls
within the scope and responsibility of his/her
department. Without a more specific focus,
general definitions result in considerable
variation in the breadth of the practice of
corporate risk management from company to
company and country to country. Practition-
ers, as well as scholars, frequently differ sub-
stantially in their concepts of the extent of the
risk management function. Many facility
managers in Asia, for instance, are also
responsible for the risk management function,
whereas in Europe and the USA, these func-
tions are traditionally distinct. Even the inter-
nal reporting hierarchy may be different.
As a result, the scope of the actual practice
of risk management ranges widely from a
reasonably narrow, or “traditional”, approach
of assessing exposures and securing suitable
insurance policies, to a broader and more
inclusive “modern” view that often focuses
more on the control, i.e. loss prevention and
loss minimization, of potential losses, as well
as on more creative loss financing alternatives.
This broadened view of risk management is
characterized by an appreciation of the need
for contingency and business resumption
plans, one of the principal attributes of crisis
management.
Traditional versus modern models
The “traditional” view of risk management
seems to be closely linked to the historical
evolution from that of an insurance manager,
dealing only with the administration of the
firm’s insurance programme, towards becom-
ing a risk manager, who considers non-insur-
able exposures as well as non-insurance
financing techniques. Because facility man-
agers are often less exposed to fiscal policy
issues, the integration of skills has been
12
Facilities
Volume 13 · Number 9/10 · August 1995 · 11–14
difficult for many. For example, a labour
relations manager under the traditional risk
model assessed the qualitative and quantita-
tive impact of an employee strike, which is
traditionally a non-insurable exposure. Today,
as some firms move towards synergy of the
risk and crisis functions, this role is assumed
by the “crisis manager” function we have
witnessed at a number of firms in both the
USA and Europe. In Asia, even with the rapid
growth of its insurance industry, risk and
crisis management is still an embryonic
concept, let alone a value-added business
strategy.
For the most part, the “traditional” risk
manager has focused on the handling of pure
risks (those which may result in a loss only)
and on the protection of physical assets. Such
a “traditional” risk manager is concerned with
risks amenable to transfer to professional risk
takers, primarily property and casualty insur-
ance companies. Additionally, one occupying
this traditional risk management role may
have some responsibility for safety and loss
control, as well as for some non-transfer
methods of risk treatment such as planned no
insurance, self-insurance and related proce-
dures. To be effective, this traditional risk
must have practical insight into construction,
retrofitting, utility, telecommunications,
manufacturing and security activities in the
facility.
The “modern” view of risk management
now evolving is even more encompassing. It
assumes a preventive role in which potential
crises are considered. Thus, in addition to
having a fundamental knowledge of previous-
ly mentioned facility activities, the modern
risk manager must also be capable of address-
ing product recalls, industrial and environ-
mental accidents, acts of terrorism, product
tampering and numerous others – literally any
negative event that could tarnish the reputa-
tion, earnings potential or survivability of the
organization[3]. In addition to the duties of
the “traditional” risk manager, the “modern”
risk manager may even become involved with
the analysis of speculative business risks in
new or emerging markets, sometimes with
potential joint partners.
This view suggests that the risk manager’s
sphere of responsibility appropriately extends
to include the administration of quality
control (to prevent product tampering),
business forecasting (to prevent loss from an
act of war or terrorism), and myriad other
areas where unforeseen risk must be
 Risk and crisis management in facilities
Laurence Barton and Donald Hardigree
considered. Within such a modern approach,
the scope of the risk management department
is defined as including responsibility for all
circumstances which would cause loss to the
firm, affecting human and physical assets, that
can be clearly identified and treated by specif-
ic types of loss control and financial planning.
Facility managers in particular can make
profound contributions to their organization
when they assume these additional responsi-
bilities.
A new paradigm
Regardless of the nature of the specific risk
management function within the firm – tradi-
tional and limited in scope, or a modern
approach that embraces risk and crisis man-
agement – the risk manager must be con-
cerned with any circumstance which gener-
ates potential losses to the facility. An activity
that creates a facility exposure must be
addressed by the risk manager, even if the
activity itself is outside his/her authority.
The loss exposure identification function is
considered to be the fundamental duty of the
risk manager. Without the recognition of
exposures, or potential sources of loss, no
evaluation of exposure or provisions for han-
dling can follow.
The interrelationship of functions identi-
fied in Figure 1 amplifies this point.
Clearly, the risk-handling technique(s)
referred to in Figure 1 are selected from
among the following alternatives:
• Avoid the loss exposure(s).
• Assume or retain the financial
consequences of loss.
Figure 1 Risk and crisis management functions in major
facilities
Risk Facility
manager manager
Evaluates possibility Determines facility
and probability; vulnerabilities and
assesses exposures; launches proactive
assumes or transfers programme in risk
risk awareness, safety,
hazmat and
evacuation policies
among others
Assessment Awareness
Facilities
Volume 13 · Number 9/10 · August 1995 · 11–14
• Transfer the loss exposure(s).
• Utilize loss control techniques to minimize
the frequency of losses (loss prevention) or
to minimize the severity of losses (loss
reduction).
Risk management policy
To guide the risk manager, an internal risk
management policy statement is often formal-
ized. Risk management policy is formed by
the interaction of the corporate risk manager
and the senior management of the firm so as
to be consistent with the overall risk profile of
the management team. A statement of risk
management policy assists the risk manager in
making decisions regarding the methods of
treatment of loss exposures, levels of retention
in the use of insurance policies, etc. Equally
important as a management tool is a clear
itemization of responsibilities for the risk
manager, several of which are:
• property and general liability insurance;
• worker’s compensation;
• loss control activities;
• claims administration;
• employee benefits;
• risk cost accounting;
• risk function administration (contact
review, issuance of certificates, etc.).
It is interesting to note that risk managers
have a burden to assess not only potential
physical or product defects that could occur,
but also the emerging and complicated arena
of employee benefits. This role within risk
management is growing in enormity; studies
note that over half of all risk/insurance man-
agers now bear responsibility for employee
benefits administration. This poses a massive
new curve for managers, who traditionally
have had little formal training in this risk
aspect of operations.
The list of applicable areas within the risk
management function shrinks and broadens
Crisis
throughout the business world. Organization
manager size and structure, type of industry, manage-
ment style, level of centralization and many
other factors affect the scope of risk manage-
Leads management ment within the organization. By acting as an
team on incident
prevention and adviser to senior management in the drafting of
response, business corporate risk policy, the facility manager may
resumption and
communication to influence the scope of activity around his or her
strategic publics
skill base. We believe that, while understand-
able, this approach creates such widespread
Policy
inconsistency that facility managers must begin
13
 Risk and crisis management in facilities Facilities
Laurence Barton and Donald Hardigree Volume 13 · Number 9/10 · August 1995 · 11–14

Table I A corporate training model in US chemical waste management and crisis response

US Physical and Personal Safe use of

regulatory Hazard health Safe work protective emergency controls Emergency
programme recognition hazards practices equipment and equipment procedures

OSHA Hazard
Communication Standard X X X X X
OSHA Hazardous Waste
Operations and Emergency
Response Standard X X X X
OSHA Process Safety
Management of Highly
Hazardous Chemicals X X X X X
EPA Resource Conservation
and Recovery Act X X X X X
EPA Spill Prevention and
Countermeasures Plan X X X X
DOT Hazardous Materials
Transportation Act X X X X
Key :
OSHA = Occupational Safety and Health Administration
EPA = Environmental Protection Agency
DOT = Department of Transportation
Note: Several jurisdictions in Japan, the UK and several of the American states are currently debating the need for security,
notably bomb/weapons/metal detector requirements, in manufacturing and office environments. This movement has been
fuelled by recent poison gas incidents in Japanese subways, five bombings by suspected IRA perpetrators at London targets,
and terrorist attacks at the New York World Trade Center and Oklahoma City Federal Buildings, to name but a few.
Source: Oscar Lutz

to seek consensus on what risk dimensions they References

can and should claim ownership for and which
ones are best delegated to others.
At a minimum, the objective of satisfying
externally imposed obligations has been
thrust into the risk management arena more
so than in the past. This means that risk man-
agers must engage in an analysis of the busi-
ness and legal environments to determine new
requirements for the firm.
In this regard, the facility manager is now
often required, at many international organi-
zations, to intersect with hazardous material
and safety colleagues to design and imple-
ment training awareness in crisis response. To
demonstrate how complex this additional
dimension of facility risk management has
become in the USA, Table I, designed with
the assistance of consultant Oscar Lutz, offers
some insight on this issue. Most large manu-
facturing facilities in the USA and Canada
(with differing sponsoring agencies) are
required to follow this agenda.
1 Barton, L. and Hardigree, D., “Crisis and risk manage-
ment: a new paradigm”, paper presented at 3rd
Annual New Avenues in Risk and Crisis Management
Conference, University of Nevada at Las Vegas, Las
Vegas, NV, August 1994.
2 Greene, M.R. and Serbein, O.N., Risk Management:
Text and Cases, 2nd ed., Reston Publishing, Reston,
VA, 1983.
3 Barton, L., Crisis in Organizations: Managing and
Communicating in the Heat of Chaos, South-Western
Publishing, Cincinnati, OH, 1993.
Further reading
Head, G.L. and Horn, S. II, Essentials of Risk Management,
2nd ed., Insurance Institute of America, Malvern,
PA, 1991.
Leverett, E.J., Risk Management, Bulldog Publishing,
Atlanta, GA, 1988.
Mehr, R.I. and Hedges, B.A., Risk Management Concepts
and Applications, Irwin, Homewood, IL, 1974.
Williams, C.A. Jr , Head, G.L., Horn, R.C. and Glendenning,
G.W., Principles of Risk Management and Insurance,
Vol. 1, 2nd ed., American Institute for Property and
Liability Underwriters, Malvern, PA, 1981.

Application question
(1) Many organizations are strong on the risk assessment side of management, but weaker in
planning for how to manage an incident. How can your management team synthesize these
two avenues?
14