Examining

1
Examining the Business Case for the
New Voluntary Private Sector Preparedness
Certification Program
2
About InterCEP

• We are a catalyst focused on Private
  Sector Preparedness Corporate
  Resilience
• The Alfred P. Sloan Foundation Funds InterCEP
  Research on Incentives for Business Preparedness
• insurance, rating agency, mitigating legal
  liability, supply chain, corporate governance
• Research Focus on the Linkage of
• What Why of Corporate Resilience

3
Our Panelists

• Al Martinez-Fonts - Assistant Secretary, DHS
• Robert Dix, Jr. - V.P., Govt. Affairs, CIP,
  Juniper Networks
• Bob Connors - Director, Preparedness, Raytheon
• Pete Jespersen - Director, Bus. Cont. Mgmt.,
  Merrill Lynch
• Charles Wallen - Managing Executive, Bus Cont.
  Committee, FSTC
• Raymond B. Biagini - Partner, McKenna Long
  Aldridge LLP

4
Overview

• Introduction
• Supply Chain Management
• Legal
• Rating Agencies
• Business Reporting
• Insurance
• Reputation Other Considerations
• Absent a Why the What will not get done

5
Certification
Certification
Standard (criteria)
Assessment Process (audit)
6
The Private Sector must be directly involved in
the design and implementation of the program.

• Must assure basic business value!

7
Current Research

• 
  
• What to Do There are consensus-based standards
  that indicate what good preparedness is.
• Why to Do It
• Internal Incentives There are a diversity of
  internal corporate benefits to preparedness
  although these need to be better clarified
  communicated
• External Incentives Major stakeholders who may
  offer external incentives to acknowledge
  preparedness
• Supply Chain Management
• Rating Agencies
• Legal
• Insurance

8
Combining Multiple Benefits
Minimizing Impact of Business Disruptions
Insurance Benefits
Supply Chain Resiliency
Rating Agency Acknowledgement
Process Efficiencies, Agility
Mitigating Legal Liability Post-Event
Reputational, Corporate Governance and other
Benefits
9
Current Research

• A disconnect for incentives
  
• Major incentive stakeholders may be willing to
  acknowledge preparedness
• But they lack an appropriate indicator/assessment
• And are not necessarily interested in assessing
  preparedness themselves
• Critically there is no historical data on
  benefits
• Chain

What to Do (Preparedness Standards)
Why to Do It (Incentives Benefits)
lt No Strong Connection gt
No Common Indicator if Prepared
10
Linking What Why

• The New Program may serve as a link
• It may assist in making a more effective
  connection between good practice (What to Do)
  benefits from both internal and external sources
  (Why to Do It).

What to Do (Preparedness Standards)
Why to Do It (Incentives Benefits)
Assessment Certification
11
Key Considerations for Business Value

• Business Involvement in Program Design
  Implementation (Management and Practitioners)
• Incentive Stakeholder Involvement

12
InterCEPs Activities

• Hosting Working Groups
• Supply Chain Management
• Legal Liability Mitigation
• Insurance Acknowledgement
• Rating Agency Acknowledgement
• Developing a temporary online clearinghouse of
  information relevant to the voluntary business
  preparedness accreditation and certification
  program until appropriate body steps up.
• Participating in conferences other forums.

13
If cant measure it, you cant manage it

• and you cant understand its impacts and reward
  it!

14
Supply Chain Management

• Increasing need for supply chain resilience due
  to globalization, interdependencies, etc.
• Diversity of current efforts
• Challenge of customers attempting to build your
  own program, engage and assess multiple suppliers
• Challenge of suppliers diversity of customer
  assessment approaches, multiple audits
• Opportunity for mentoring

15
Legal Incentives

• Tort Negligence
• Port Authority 93 Bombing Case
• Affirmative Defense advance conformity with a
  consensus-based industry standard

16
Rating Agency Acknowledgement

• Enterprise Risk Management (ERM) will be added as
  an element of all corporate ratings by SP.
• Emergency management business continuity are
  important elements of effective ERM in addressing
  operational risk

17
Rating Agency Acknowledgement

• The extent to which companies are adopting
  standards, especially voluntary standards, would
  bolster the view that management has a proactive
  culture and attitude towards risk.  However its
  too early in our process to know what weight wed
  place on that evidence.

18
Business Reporting

• Diversity of reporting requirements currently in
  some vertical industries, little in others
• Need to assure that program is a rationalizing
  force not a complication
• Need to support first, second and third party
  verification

19
Insurance

• Diversity of companies, product lines, etc.
• Unwillingness to define preparedness and measure
  it
• Lack of historical data correlating preparedness
  with outcomes
• Likely incremental with focus on key areas such
  as business disruption insurance initially

20
Reputational Other?

• Reputation differentiator?
• Process efficiencies
• Corporate agility
• May facilitate exchange of best practices
• More consistent benchmarking
• May forward corporate governance goals
• What else?
• ARC example

21
If we can be of help . . .

• Bill Raisch
• Director
• InterCEP- New York University
• 212-998-2000
• william.raisch_at_nyu.edu
• www.nyu.edu/intercep

22
Generic Template for Accreditation/Certification
Scheme
23
What is a Preparedness Certification?

• Uses an accepted assessment process to
  acknowledge that the current state of
  organizations emergency preparedness meets an
  identified standard(s).
• Assessment may be conducted by
• The organization itself (first party)
• A related organization (second party)
• A qualified and independent third party

24
Typical Certification Steps

• Internal review of current state of emergency
  preparedness (gap analysis) against selected
  standard
• Supplement and/or improve existing preparedness
  processes, plans activities to meet intent of
  desired standard(s)
• Decide on first, second or third party
  verification if appropriate contract with
  accredited certification body
• On-going surveillance and continual improvement
  processes

25
Key Players

• Accreditation bodies assess the competence of and
  accredit (i.e., approve) certification bodies
  against a set of accreditation requirements to
  carry out certain certification activities
• Accredited certification bodies assess the
  conformity of and certify an organization to
  certain standards or specifications
• The organization seeking certification