The Importance of Emergency Management in Mitigating Risks in 2023

In recent years, the world has witnessed an increasing number of natural and man-made disasters that have resulted in significant loss of life and property. The emergence of new and complex threats, such as cyber-attacks, pandemics, and climate change, has made emergency management critical to ensuring public safety and security. In this context, this article explores the importance of emergency management in mitigating risks in 2023.

Emergency management involves coordinating and integrating all activities necessary to build, sustain, and improve the capability to prepare for, respond to, recover from, or mitigate against threats and hazards that pose a risk to the public, the environment, or the economy. It involves a range of stakeholders, including government agencies, non-governmental organizations, private sector entities, and communities.

Emergency management is critical in mitigating risks in 2023 for the following reasons:

  • Identifying and Assessing Risks: Emergency management provides a structured approach to identifying and assessing potential risks and threats, enabling stakeholders to anticipate, prepare for, and mitigate the impact of emergencies. These are examples of existing approaches in identifying and assessing risks include:

    • HIRA (Hazard Identification and Risk Assessment): This process helps organizations identify potential hazards and assess their associated risks. It involves identifying the hazards, analyzing their potential impact, and developing strategies to mitigate or eliminate the risks. To apply a HIRA effectively, key considerations include:

      • Identify the hazards: The first step in the HIRA process is to identify the hazards relevant to your organization. This can be done through a variety of methods, including site inspections, reviewing past incidents, consulting with experts, utilizing data to create dashboards, and conducting surveys.

      • Assess the risks: Once the hazards are identified, the next step is to assess the associated risks. This involves analyzing the likelihood of an incident occurring and the potential impact on the organization, its employees, and its assets.

      • Prioritize the risks: After assessing the risks, it's important to prioritize them based on their severity and the likelihood of occurrence. Such prioritization helps the organization focus its efforts on the risks that are most significant and have the greatest potential to impact. However, interdependencies must also be considered in all planning stages to identify risk exposures, whether they be key stakeholders, employees, clients, customers, third 3rd party vendors, technologies, and/or infrastructure requirements.

      • Develop strategies to mitigate or eliminate the risks: Based on the prioritized risks, the organization should develop strategies to mitigate or eliminate the risks. This may include implementing engineering controls, administrative controls (e.g. Governance, workflow reporting, policies, etc.), personal protective equipment, and/or developing emergency response plans.

      • Monitor and review the process: Once the strategies have been implemented, it's important to monitor their effectiveness and review processes periodically to ensure that the organization is adequately prepared to manage hazards and risks.

    • Crisis Resource Management & Planning (CRM): These are a set of principles and practices that help teams work together effectively during a crisis. It involves using teamwork, communication, and decision-making skills to manage resources and respond to emergencies. To apply a CRM effectively, key considerations include:

      • Training and education: In applying CRM principles, team members need to be trained and educated on the skills and practices involved. This can include training in communication, teamwork, decision-making, and problem-solving.

      • Crisis Management Planning (CMP): A CMP should be developed in annually maintained cycles of formal planning to act as a guide in response to a crisis. The plan should outline roles, responsibilities, communication protocols (internal and external communication), and procedures for managing resources.

      • Validate the CRM and plan: Conducting regular drills, simulation exercises, tabletops, or mock-live events can help teams improve their ability to respond to realized crisis events more effectively through practical application in a safe environment.

      • After Action reporting: In conducting a formal post-mortem assessment as to what can be improved either from the exercise or from an actual realized event - can identify gaps through process mapping responses, data mapping locations, response times, and other assessments, to help strengthen future results. 

    • Threat Risk Assessments (TRA): This process helps organizations identify and prioritize potential threats to their operations, assets, and people. Such assessments involve understanding the likelihood and potential impact of threats and supporting the development of strategies to mitigate or eliminate them. To apply a TRA, key considerations include:

      • Asset protection: During the preliminary steps of conducting a TRA - assets, people, and operations are identified for protective purposes. What needs to be protected can include physical assets, such as buildings and equipment, as well as information assets, such as intellectual property and sensitive data.

      • Identification of potential threats: Once the assets have been identified, the next step is understanding the potential threats. Threats can be specific to your organization or categorized by the following list:

        • Natural events (e.g major snowstorms, floods, severe weather, etc.)

        • Technology failures (e.g., telecommunications, computer viruses, malicious software, cyber attacks, etc.)

        • Electrical failure (local or building-specific)

        • Fire affecting building or wide area

        • Data center failure or major application outage

        • Pandemics or epidemics

        • Human Actions (e.g., terrorism, active threats, purposeful destruction of properties, theft, etc.)

        • Essential supplier or service provider failures

        • Inefficient processes​

        • Undocumented procedures

        • Legacy mindset (i.e "we've always done it this way and it's always worked")

        • Lack of awareness into risk, incident or emergency management processes to recover your business

        • Unable to identify ways to change your business to adapt to threats.

      • Assessing the likelihood of threats: Once an organization has identified potential threats, they should assess the likelihood and potential impact of each threat. A variety of methods exist, however risk modelling, scenario analysis, perspective analysis, data capturing for proactive planning dashboards (e.g. dashboards that help assess internet service provider or hydro provider impacts to people in a geographic area), data capturing for in-crisis dashboard reporting (e.g. Virtual Emergency Operations Centre), and expert judgement contain processes to help reduce impacts to the organizations. 

      • Threat prioritization: In a simplified fashion, prioritizing the severity and likelihood of threat occurrence helps the organization focus efforts on threats that are most significant and have the greatest potential societal impact.

      • Developing strategies to mitigate or eliminate threats: Once an organization prioritizes its threats. They must develop strategies to mitigate or eliminate that through the implementation of physical security measures (e.g. Conducting a Crime Prevention Through Environmental Design Assessment (CPTED), access controls, surveillance, and cybersecurity measures such as firewalls and encryption. To specify the technological scope for emergency managers, it is imperative that emergency managers maintain relationships with appropriate technical staff to support planning, exercising, and responding to events based on priority.

      • Monitoring and reviewing: The TRA is a practical approach to identify and mitigate potential threats to their operations, assets, and people to reduce impacts to the organization when a realized event occurs. Developing methods of reporting workflows, data mining multiple TRA’s for the development of datasets to help with dashboard monitoring, or using third party tools to help continuously monitor threats (e.g. Using TweetDeck to support awareness of important hashtags, company mentions, news, etc). 

  • Enhancing Preparedness: Emergency management helps improve stakeholders’ preparedness by ensuring they have the necessary knowledge, skills, and resources to respond effectively to emergencies. Key considerations any organization should include are as follows:

    • Governance: Developing policies for program governance for the organization, which should be approved by the most senior individuals within the organization, such as an executive committee or board of directors.

    • Planning workflows: Ensuring the right deliverables (e.g. TRA, CRM, HIRA, CPTED, etc.) are completed on a set frequency periodically (e.g. annual basis) or when changes occur to the organization.

    • Crisis exercises, stress tests, drills, and training: In planning with a CMP, developing scenarios to simulate crisis or emergency events will strengthen the results and preparedness. Using a threat category list, as mentioned in the TRA section under threat identification, can help enhance the preparedness methods. One key component in exercises should also include role-playing using perspective analysis based on a specific stakeholder who relies on the organization and what processes need to be developed to continue operating so that the stakeholder still benefits.

    • After-action/post-incident/post-exercise reporting for continuous improvement: Ensuring a process exists to help support the implementation of methods to close gaps and outputs generated in after-action or after-exercise will help support a more prepared organization. Key elements include tracking key tasks that will drive change within the organization and behaviours in people to be better prepared for emergencies. 

  • Coordinating Response and Recovery: Emergency management provides a framework for coordinating response and recovery efforts across stakeholders. This ensures a timely, effective, and coordinated response, which minimizes the impact of an emergency. The following are key considerations any organization should include:

    • Education: Establishing clear roles & responsibilities with training practices that apply to all layers of employees within an organization. Examples can include:

      • Training videos for staff on emergency preparedness, escape routes, and active-shooter responses  that must be completed annually or during new employee onboarding.

      • Executive and board training for crisis management, response, and media relations.

      • Third party vendor or agency collaborative training or exercises during simulated events. 

    • Communications: Internal and external communication protocols are predefined communication methods within the CMP. These protocols should include methods of rallying, task assignment during emergencies, sitrep updates to key decision makers, and communications to the public.

    • Adopting technologies for response: The deployment of digitizing an organization's emergency preparedness can be obtained from technologies that support coordination, communications, monitoring systems, planning, and threat mitigation. 

    • Relationship management (Internal and External): Establishing partnerships with other organizations, government agencies, and community groups can help organizations coordinate response and recovery efforts, and access additional resources or knowledge.

  • Ensuring Business Continuity: Emergency management is critical to ensuring business continuity during disaster events. By identifying critical business functions, developing backup plans, and testing them regularly, emergency management can help organizations maintain operations during disruptions. In a future article, we will explore how business continuity plays a role in Emergency management; in the meantime, key considerations organizations should include in their business continuity programs are as follows:

    • Establishing business continuity governance with policies,

    • Conducting a business impact analysis,

    • Developing business continuity plans,

    • Developing disaster recovery plans (for IT services and infrastructure),

    • Response procedures, exercises and testing on a set frequency (e.g. annually),

    • Support crisis management response, management, and recovery.

  • Building Resilience: Emergency management is essential for building resilient businesses, organizations and communities. It identifies vulnerabilities, assesses risks, and implements appropriate mitigation measures, emergency management helps to reduce the impact of disasters, and facilitates recovery operations. Key considerations in building resilience for organizations should include:

    • Building a culture of resilience: Building a culture of resilience requires a long-term commitment from an organization's leadership, employees, and stakeholders. By fostering a learning culture, building relationships, encouraging open communication, establishing ownership and responsibility, developing and practicing emergency response plans, and embracing innovation and creativity, organizations can build resilience to better prepare themselves to manage crises and disruptions.

    • Mental Health: Resilience is the ability to recover from adversity, therefore one’s mental well-being is an essential component of an individual’s ability to cope with difficulties, stress, and emotions, while maintaining a positive outlook in the face of challenges professionally or personally. While some organizations’ approach towards supporting employees’ mental health varies, all organizations must prioritize mental health for their people. Key considerations should include:

      • The deployment of third party professional agency support to provide trauma support during or after an incident,

      • Creating frameworks on coping skills based on certain scenarios either related to professional or personal situations,

      • Creating a positive workplace culture to help support the reduction of absenteeism and increase presenteeism, 

      • Improve decision-making with enhanced communication, teamwork, and promote overall well-being with physical wellness programs.

In conclusion, the emergence of new and complex threats, coupled with the increasing frequency and severity of natural and man-made disasters, highlights the importance of emergency management in ensuring public safety and security. By identifying risks, enhancing preparedness, coordinating response and recovery, ensuring business continuity, and building resilience, emergency management can help minimize the impact of disasters and promote a safe, secure, and sustainable future.

Authoring credits for the entire communications team at the Ontario Association of Emergency Managers:

  • Colin Mander Technical Consultant at LRI Engineering and OAEM editor,

  • Megan Storozuk Honours English Student at the University of Waterloo and OAEM editor,

  • Martin Gierczak, Professor of Operational Resilience at Seneca College and Director of Communications at OAEM.


Want to write a blog and be profiled in the Emergency Management community? While we are in the process of expanding several key points from this foundational article in future blog posts throughout this year, we would love to hear from you if this article sparked creativity. 

If you have an article idea, please submit your idea to and we will provide editorial guidance and oversight to have your article posted on OAEM’s blog page for our community to read. We will also share your article with an exposure of well over 2,000 followers across social media platforms and related agencies who may want to view and share your work. 

  • ​Article ideas can vary based on how creative you want to be. Some examples to get you started based on past blog contributions include:
    • Experiences/short stories,
    • Best practices or lessons learned post-an experience,

    • Emerging technologies,

    • Emerging strategies and/or tactics, 

    • Emerging risks,

    • Anything that will drive value for the community.

Thank you for reading our latest blog entry! 

Sources: (Metadata sources)