Since its development in the California wildfires in the 1970’s, the Incident Command System (ICS) has emerged as the default mechanism for managing crises. Mandated for use in the public sector under the National Incident Management System (NIMS), ICS has seen growing application in the private sector. However, while ICS has been relatively successful in the public sector where organizations tend to be hierarchical, is it really the best choice for the private sector?
To be sure, ICS has an impressive track record as an incident management system. It has been applied in small local incidents up to Presidentially Declared Disasters. It has been adapted to unusual situations such as organizing recovery efforts following Hurricane Katrina. But even in the public sector, we find problems. In a 2014 paper, The United States’ Experience with the Incident Command System: What We Think We Know and What We Need to Know More About, researchers Jessica Jensen and William L. Waugh Jr. suggested that, despite what we may believe, ICS is not applied consistently among jurisdictions. While ICS has often been used as designed, it has just as often been ignored, partially used, underused, misused, and used in organizations and jurisdictions in ways that are
necessarily compatible with the way the system is used in other organizations and jurisdictions.
If the organizations that are best suited to employ ICS have trouble maintaining consistency, what can we expect when ICS is applied to the private sector?
There are certainly good reasons for a private organization to adopt ICS. As I mentioned, the system has been proven to be effective and adopting it would simplify integration with public sector agencies. The problem is that many organizations, in both the public and private sector, adopt ICS in name only and don’t understand what it is they are committing to.
When my corporate clients suggest organizing under ICS, my first questions is always about their corporate culture. ICS was designed to work as a hierarchical structure, something that can be foreign to many organizations. I once reviewed a plan for a major high-tech organization written by a colleague. It was a beautiful plan, well-reasoned and logical, based on ICS. The problem was that the client was a chaotic organization with no organizational structure, policies, or processes. ICS was not something they could even understand.
This highlights the key problem with ICS for many private sector organizations: the imposition of a system for managing crisis that varies considerably from their day-to-day operating systems. This becomes critical when one understands that people under stress default to what they are used to doing. That is, they rely on their trusted leaders and try to use the systems they are used to. To overcome this barrier requires considerable training. Jensen and Waugh note that ICS training has three important dimensions: frequency, depth, and specificity, and that success is often a factor of the time between the crisis and the last training session. In my experience, private sector organizations do not fully grasp the training burden required to implement ICS and are rarely willing to commit to it.
The second major problem with ICS in the private sector is common to the public as well: equating the Incident Command System with the ICS operating structure. Research suggests that denying flexibility in response by slavishly following standard operating procedures or using a structure that cannot be modified to meet an evolving situation is counterproductive and that it is more useful to adapt resources and tactics to the situation.
I am not, however, suggesting discarding ICS completely. Instead, I advocate using the system rather than the structure. By this, I mean incorporating ICS principles, such as unity of command, management by objectives, and incident action planning into your crisis management planning and focusing on the five management functions of Command, Operations, Planning, Logistics, and Finance/Administration. Using this as a foundation, your crisis management team can be structured in a way that is most consistent with your corporate culture. The closer the crisis management team resembles day-to-day operational management with managers and teams performing accustomed roles, the more effective it will be.
For those that would argue that this is not “pure” ICS, I would respond, “So what?” There are very few occasions where private sector organizations and public agencies operate under a unified command, which is the only time similar operational structures become relevant. NFPA 1600 Standard on Continuity, Emergency and Crisis Management requires only the establishment of a crisis management capability that assigns responsibilities and establishes processes; it does not specify that the organization use ICS. If the organization bases this capability on sound ICS principles and can respond effectively to a crisis, I believe this is a better approach than trying to force an ICS structure on people who have limited training and experience when the organization is trying to respond to a major crisis.
So, the answer to the question, “Does the private sector need ICS?” is a qualified “Yes, but…” with the “but” being the need to integrate ICS principles with corporate culture. Don’t create a new structure that will solely be used for crisis; build on existing processes that have already demonstrated success in problem-solving. Disasters are qualitatively different from day-to-day problems, but your chance of success in a crisis increases the more you take advantage of existing processes and leadership rather than relying on a system for which your team is not adequately trained or prepared.