A key feature of a business continuity plan is a risk assessment. This determines the external risks to your business and usually includes natural disasters, civil unrest, public health, and cyber threats.
When assessing the risks facing a client, I start by Googling “natural threats to (insert city/state)” and perusing through various results until I find some legitimate sources with historical information on common weather events.
After a couple of hours of research, combined with common knowledge (i.e. California gets earthquakes and Kansas gets tornados) I can develop a passable threat assessment. Now that FEMA has published the National Risk Index (NRI) I can complete that threat assessment in a fraction of the time and with reliable data to back it up.
The NRI was released in October 2020 and is an astonishingly versatile and easy-to-use tool which allows anyone to analyze the natural threats facing every county in the U.S. The one downside is learning how to use the NRI and sorting through the myriad of data to get to what is needed. In this article, I will share my tips on quickly getting to the information needed to craft a data-backed threat assessment for any company or location.
As the website explains, the NRI “leverages best available source data to provide a holistic view of community-level risk nationwide by combining multiple hazards with socioeconomic and built environment factors.” The NRI rates the likelihood and threat level of 18 natural hazards common in the U.S. The NRI then takes this information and – combined with social vulnerability and community resilience scores – determines an overall risk index rating. The NRI score represents the potential for negative impacts resulting from natural hazards for the community at large. Valuable information for sure, but the risk index score is only valuable to those involved in community planning. For a company or location to realize the full benefit of the NRI, we had to look beyond the overall county risk index score to the individual hazard details. To find out how, keep scrolling/reading.
How a company should use the NRI
Start by selecting the “counties” tab. Here, you can either zoom in on the map to navigate to the location you want to view or type in a specific address in the search bar in the upper right-hand corner. Click on your county on the map and the left-hand navigation will display county information, ratings summaries, and – what we are really after – individual hazard details. Here are 17 factors for each of the 18 natural hazards reported in the NRI. The most valuable ratings for an individual company are the historic loss ratio (HLR) and expected annual loss (EAL). Combined, these can give you a data-backed probability of a threatening natural event occurring in your locale. Let’s look at an example from New Castle County, Del. As you scroll through the individual hazard details, you will note that some hazards are blank. That means no data is available to calculate the risk index which either means it is no threat or not enough data is available. If no data is found for a particular hazard, fall back on your traditional research sources.
Another view which can be extremely valuable is the “census tracts” tab, which breaks down the county into sub-sections. This is especially valuable for large or densely populated areas. For example, below is a side-by-side comparison of San Francisco County. In the census tract view, you can see an almost neighborhood-by-neighborhood breakdown of the risk levels tracked in the NRI.
The downside of the census view is that there is less data available for census tracts so you may find more blank individual hazard detail sections. If the detail section is blank, use the county-level hazard details instead. When looking at the census tract level detail, a good practice is to analyze not just the tract in which your company resides, but surrounding locations as well for neighboring threats. For example, you will find that while your county overall may not have a high HLR or EAL score for flooding, census tracts along a major river will have elevated scores at the census tract level view.
Now you know why the NRI is valuable and how to use it, but it still does not answer one question. How does this help develop a more accurate risk assessment?
Many risk assessments use a table, like the one shown above, to determine the probability, business impact, and control scale for external threats. You can use the “expected annual loss” (EAL) NRI to determine the probability of each natural event threat. The EAL has five levels of risk as does the probability scale (shown below) and can be translated as follows:
While the NRI won’t help gauge the risk of civil unrest, public health, or cyber threats, it can certainly help determine the risk of natural threats for most physical locations.
For more detailed information, FEMA has published an NRI Primer available here which can tell you most everything you want to know about the NRI.
ABOUT THE AUTHOR
Andy Ziegler
Andy Ziegler is the founder of Tempest Risk Management in Wilmington, Del. Ziegler has 25 years of experience in corporate operations and 17 years as a first responder. Contact Ziegler at www.tempestrisk.com.
