Author: Caroline Kingston

Managing Risks During Disruption

There are a broad range of risks that can disrupt business operations—natural disasters (bushfires, floods, cyclones), cyber-attacks, pandemics, supply chain interruptions, and geopolitical tensions. Effective business continuity and crisis management are crucial to mitigating the impacts of these risks.

Below is a comprehensive overview of how businesses can manage risks during disruption through business continuity and crisis management:

Understanding the Risk Landscape

Key Disruption Risks:

• Natural Disasters: Frequent bushfires (e.g. Black Summer 2019–20), floods (e.g. QLD and NSW), cyclones, and droughts.
• Cyber Threats: Rising cybercrime targeting businesses (e.g. Optus and Medibank data breaches).
• Supply Chain Risks: Global supply issues and vulnerabilities, particularly post-COVID.
• Pandemics and Health Crises: COVID-19 revealed major gaps in preparedness.
• Geopolitical and Trade Risks: e.g. tensions affecting export markets.

Business Continuity Planning

Business Continuity Planning is a proactive approach to ensure critical business functions can continue during and after a disruption.

Key Steps:

• Risk Assessment and Business Impact Analysis – Identify threats and analyse how disruptions affect operations, finances, compliance, and reputation.
• Business Continuity Plan Development – Create continuity strategies for essential services (e.g., remote work solutions, backup systems, alternate suppliers).
• Resource Allocation – Ensure key resources (staff, IT infrastructure, emergency funds) are available and accessible.
• Communication Plans – Develop internal and external communication strategies (media, customers, regulators, stakeholders).
• Training and Testing – Regularly test the plan through simulations and drills (e.g., fire drills, cyber incident tabletop exercises).
• Plan Maintenance – Business Continuity Plans should be reviewed and updated regularly or after significant changes (e.g., organisational restructuring).

Crisis Management

Crisis Management refers to the tactical response during a disruption or emergency event.

Crisis Management Team Structure:

• Crisis Leader (usually a senior executive or CEO)
• Operations Coordinator
• Communications Lead
• IT and Cybersecurity Advisor
• Legal and Compliance Officer
• HR and Employee Welfare Coordinator

Best Practices:

• Establish Clear Protocols: Define roles, responsibilities, and decision-making authority.
• Activate Crisis Management Plan: Swift mobilisation of resources, real-time communication, and issue containment.
• Transparent Communication: Keep staff, customers, and regulators informed with accurate, timely information.
• Liaise with Authorities: Work with emergency services, regulators, and government.
• After-Action Reviews: Conduct post-crisis reviews to identify lessons and improve plans.

Legal and Regulatory Framework

Businesses must comply with several regulatory requirements related to risk and continuity:

• Corporations Act 2001 (Cth) – Directors have a duty to act with due care and diligence.
• Privacy Act 1988 – Mandates response to data breaches.
• Work Health and Safety (WHS) Laws – Require businesses to protect staff during emergencies.
• Modern Slavery Act 2018 – Crisis (e.g., supply chain disruption) must still consider ethical sourcing obligations.

Technology and Tools for Continuity

Modern tech solutions help ensure rapid recovery and continuity:

• Cloud Services and Data Backups
• Incident Management Platforms
• Business Continuity Software
• Cybersecurity Solutions

Key Takeaways for Businesses

• Be Proactive, Not Reactive: Plan ahead for a range of plausible disruptions.
• Embed Resilience into Strategy: Not just compliance, but long-term value.
• Leverage Government Resources: Use guidance from Emergency Management Australia, CSIRO, and state disaster resilience agencies.
• Promote a Culture of Preparedness: Involve employees in drills, risk awareness, and communication.

Sherm Software is the resource your business needs to prepare for crisis management and business continuity planning. From communication and training throughout your entire organisation to incident management, Sherm has it all. Get in touch with us to find out more.

Risk assessments in high-risk industries are often under increased scrutiny due to the significant potential consequences of failing to identify, evaluate, or mitigate risks properly. While these industries rely heavily on risk assessments to guide decision-making and ensure safety, several factors have drawn more attention to their effectiveness, accuracy, and comprehensiveness.

Here’s why risk assessments are often under scrutiny in these sectors:

High Stakes and Consequences

• Potential Impact: Poor risk assessments can lead to catastrophic outcomes, such as loss of life, environmental disasters, or major financial losses.
• Scrutiny: Given the stakes, even minor mistakes in the risk assessment process can have huge consequences. Regulatory bodies, investors, and the public expect the highest standards of risk evaluation to be applied, and any lapses are heavily scrutinised.

Evolving Nature of Risks

• New and Unforeseen Risks: As technologies, markets, and societal conditions change, new risks emerge that were not previously anticipated. For instance, cyber threats are increasingly important in industries like finance and healthcare.
• Scrutiny: Risk assessments that rely on outdated or static assumptions may fail to account for these emerging risks. Regulators and stakeholders are closely monitoring how industries adapt their risk assessments to address new threats and challenges.

Regulatory Pressure and Compliance

• Increased Regulation: Many high-risk industries are subject to stringent regulations. These regulations require regular, thorough, and transparent risk assessments.
• Scrutiny: Failure to conduct proper risk assessments or to document them accurately can result in non-compliance, leading to heavy fines, legal repercussions, or even loss of operational licenses. Regulators are under constant pressure to ensure that risk assessments are thorough and up to date.

Accountability and Transparency

• Corporate Responsibility: Stakeholders (including investors, customers, and the public) demand that companies in high-risk industries demonstrate their commitment to safety and responsibility. Transparency in risk assessments helps build trust.
• Scrutiny: When an incident occurs—whether it’s a data breach in banking or an oil spill in the energy sector—people want to know that the company did everything possible to identify and mitigate risks. If a company’s risk assessment practices are not thorough, this can lead to reputational damage and loss of trust.

Technological Complexity

• Advanced Technologies: High-risk industries often adopt cutting-edge technology (e.g., autonomous vehicles in transportation, AI in healthcare, renewable energy infrastructure) that introduces complex, unknown risks.
• Scrutiny: Traditional risk assessment models may not be equipped to deal with the complexity of these new technologies, leading to questions about their accuracy. If risk models do not account for the nuances of emerging tech, their reliability is questioned.

Human Error and Bias

• Subjectivity in Assessments: Risk assessments are typically conducted by teams or individuals, and human error or bias can creep into the process. Cognitive biases, groupthink, or pressure to minimise perceived risks can lead to inaccurate evaluations.
• Scrutiny: In high-risk industries, there’s a need for objective, data-driven risk assessments. If human factors affect risk evaluations, it can undermine the effectiveness of safety measures or regulatory compliance.

Historical Failures and Incidents

• Past Mistakes: Industries have faced high-profile failures in the past that were in part due to poor risk assessment or failure to act on identified risks.
• Scrutiny: After such incidents, there is intense scrutiny on how risk assessments are conducted, updated, and implemented. Investigations often reveal gaps in risk identification or mitigation, leading to increased calls for more robust and transparent risk management practices.

Interdependence and Systemic Risks

• Cascading Risks: High-risk industries often operate in complex, interconnected systems where risks in one area can trigger cascading failures elsewhere.
• Scrutiny: When risk assessments fail to account for these interdependencies, the result can be catastrophic. Stakeholders are increasingly scrutinising risk assessments to ensure that they consider the full scope of interconnected risks.

Cost vs. Benefit of Risk Mitigation

• Balancing Act: There’s often pressure to balance the cost of mitigating risks with the potential financial or operational impact of those risks. Companies might opt for less costly mitigation measures to save money, which can lead to overlooking high-probability risks.
• Scrutiny: Regulators, investors, and the public are becoming more critical of this trade-off, questioning whether companies are cutting corners in ways that put safety or long-term viability at risk.

Complex Stakeholder Expectations

• Multiple Stakeholders: High-risk industries have a variety of stakeholders (e.g., government agencies, customers, employees, investors, and communities) each with different expectations about risk management.
• Scrutiny: As expectations diverge, there’s a growing demand for risk assessments to be more comprehensive, inclusive, and adaptable to the needs of different stakeholders. The failure to satisfy diverse risk perspectives can lead to public backlash or loss of investor confidence.

Pressure to Meet Deadlines and Budgets

• Project Deadlines: In industries like construction or energy, the pressure to complete projects on time and within budget can sometimes lead to cutting corners in risk assessments.
• Scrutiny: When risks are underestimated or poorly assessed to meet project timelines or cost constraints, it can lead to safety incidents, regulatory violations, or massive delays, inviting closer scrutiny of how risks are evaluated in future projects.

Key Takeaways

• Accuracy and Objectivity: There’s an increased expectation for risk assessments to be both accurate and objective, especially in industries where the consequences of mistakes can be severe.
• Adaptability: Risk assessments must be flexible and adaptable to new risks and changes in technology, regulation, and societal expectations.
• Comprehensive Stakeholder Involvement: Engaging a wide range of stakeholders in the risk assessment process can help ensure that all perspectives are considered, making the process more robust and transparent.

In short, risk assessments in high-risk industries face intense scrutiny because they serve as the foundation for ensuring safety, regulatory compliance, and the protection of assets and people. Any misstep can have significant repercussions, so stakeholders are keenly focused on how these assessments are conducted and how effectively they are implemented.

If you are unsure as to what potential risk exposures your business may be facing, get in touch with us today. At Safety for Life we provide practical assistance in the development of an effective Risk Management Program and strategies to assist you to minimise your risk exposures.

If you are considering a safety software application for the management of risk, tracking the status of corrective actions and having access to data about your risk, then please consider Sherm, our web-based safety and risk management compliance application. Sherm Software’s Hazard and Risk Management module offers a comprehensive framework for identifying, documenting, and mitigating workplace hazards. From automated workflows to data-driven insights, Sherm Software empowers businesses to prioritise safety, achieve compliance, and build a resilient workplace culture.

The Ethical Crossroads for HSEQ Systems

We live in a hyper-connected age—smart cities, 5G, IoT, AI, biometrics, and predictive analytics are reshaping how we live, work, and manage risk. These advances bring genuine safety and efficiency benefits. But they also raise a critical question:

When does ‘smart’ become too smart for comfort?

The “E-Tag Rats” Effect

Here’s a curious thought: spell Stargate backwards and you get Etargats—or with a stretch, “E-Tag Rats.” Funny coincidence, or a digital omen? It paints a vivid picture: are we becoming tagged and tracked like lab rats in a surveillance maze?

From facial recognition at airports to GPS-tracked workers in high-risk zones, the mesh of smart technology is growing tighter—and so is the ethical debate.

Where Does Sherm Stand?

At Sherm, we believe technology should amplify human insight—not replace it.

While our platform doesn’t currently integrate facial recognition, biometrics, geofencing, or wearable inputs, we acknowledge these technologies are already knocking at the door of the HSEQ industry.

So the question isn’t just can we use smart tech—but should we? And how?

The Ethical Dilemma

Smart tech offers clear benefits:

• Predictive analytics to prevent incidents
• Real-time alerts for safety breaches
• Better oversight of personnel and contractors

But these gains must be weighed against:

• Privacy concerns
• Psychological safety and trust
• Cultural impacts in the workplace
• The right to give informed consent

In short: technology must serve people—not monitor them into submission.

Our Commitment to Ethical Integration

As we explore future smart integrations, Sherm’s approach is clear and principled:

• Transparency: Users must know what’s collected, how it’s used, and why.
• Control: Clients choose what’s enabled, not us.
• Purpose-first design: Tech should solve problems—not create new ones.
• Privacy compliance: Every feature must align with data laws like the GDPR and WHS Act.

What’s Next?

We’re not rushing in. We’re researching, listening, and building with intent.

If and when Sherm introduces smart features, they’ll be designed to support safer, more empowered workplaces—not just more digitised ones.