Conducting THIRAs



The Threat and Hazard Identification and Risk Assessment (THIRA) is a new process that, according to FEMA, allows a jurisdiction to understand its threats and hazards and how the impacts may vary according to various community factors. The idea behind a THIRA is that this knowledge will help a jurisdiction establish informed and defensible capability targets. Unlike the previous Target Capabilities List (TCL) which prescribed national levels of preparedness, the THIRA process uses the new Core Capabilities and a process which lets a local jurisdiction or state "right size" the capabilities to a level which they feel is prudent to prepare for.

In other words, how bad of a disaster do you want to prepare for, and how prepared do you need to be?

FEMA released its Comprehensive Preparedness Guide 201 (CGP 201) in April 2012; the guide, and related technical assistance, describe how to conduct a THIRA.  The THIRA must be submitted by December 31, 2012 using the FEMA PrepCAST (Compliance Assessment System Tool) system to enter THIRA data as part of the State Preparedness Report (SPR).

While the CPG 201 document is straightforward, it leaves some aspects of the process up to interpretation by the jurisdiction performing the THIRA.  Having just gone through the process twice, I thought that I would share some thoughts on the subject.

Not Rocket Science         


The prescribed process is not that complicated. While some have criticized the lack of any scientific process, FEMA did make it easy relatively for us.  I restated the process steps in a recent presentation as follows:

1.  Assesses your threats and hazards of concern.
2.  Describe you vulnerability to those hazards by giving them context.
3.  Estimate the consequences of those threats and hazards impacting the community.
4.  Establish capability targets based on these consequences .
5.  Use the THIRA and apply its results it to update your Homeland Security Strategy.


THIRAs Make Sense


Most states and large urban areas have been doing threat assessments, capability assessments, analyzing gaps, and updating their Homeland Security Strategies for almost 10 years now as part of FEMA's Preparedness Grants program.  While there may have been varying degrees of success and some room for improvement, grantees were or should have been doing this work as part of sound project management.  Now FEMA has given us a process to use in carrying out these important responsibilities.

Your THIRA should include the capability estimation and gap analysis that is part of the approach.  This will provide a sound basis for annual updates to grantee's Homeland Security Strategies which in turn guide grant expenditures.

Based on this, it makes sense for the THIRA to be part of the grant lifecycle.

Validating THIRAs


FEMA will be validating THIRAs and combining them into regional and national assessments.  As stated in a recent THIRA FAQ, FEMA Regions will review all THIRAs through a collaborative effort with the states, territories, and urban areas. The Regional Federal preparedness Coordinator (FPC) will review all grantee THIRA submissions in their area of responsibility. This review is intended to ensure that the submitted THIRAs were developed in alignment with CPG 201. The FAQ states that the FPC will be seeking to answer the following questions to test the alignment of the submissions to the guidance:
  1. Did the jurisdiction provide description statements of the threats and hazards of concern?
  2. Did the jurisdiction provide outcome statements for all 31 core capabilities from the National Preparedness Goal?
  3. Did the jurisdiction provide estimated impacts for all threats and hazards of concern in relation to the 31 core capabilities?
  4. Did the jurisdiction provide capability targets for all 31 core capabilities?
  5. Did the jurisdiction provide an affirmation that their submittal is in alignment with CPG 201?

While there is a toolbox available, the process leaves room for some interpretation and creative approaches as long as the key points above are addressed.

Breakdown


Let's break this down. The validation points, and a suggested approach for accomplishing each, are described below.

1. Provide description statements of the threats and hazards of concern. 

This is simple enough, you should look at your local Hazard Identification and Risk Assessment (HIRA) to gauge the natural hazards of concern, this should already be done for you for the most part.  

But what about terrorist threats?  The best approach is to meet with those "in the know" and discuss the current threats that you are aware of and gauge each threat to see which are areas of concern. This later step will be somewhat subjective as there is no historical record to base probability on but your experts will know what it is you should be preparing for.

There are additional data sources mentioned in the CGP 201 and its companion toolbox. You can also use the measures from the 2011 SPR as a basis to select a target level for each threat/hazard selected.



2. Provide outcome statements for all 31 core capabilities from the National Preparedness Goal.

You are asked in Step 2 to give each of these threats and hazards context. A table is provided in the toolkit for this purpose. Step 3 asks each jurisdiction to use the descriptions developed in Step 2 to assess how each threat and hazard may impact the community and what level of the core capabilities will be needed to meet those impacts (your desired outcomes).

The impacts, along with core capabilities and desired outcomes, should be used to gain an understanding of what is needed to manage your jurisdiction's risk. Desired outcomes are required for each core capability.  The CPG 201 Guide and Toolkit offer example outcome statements.

3. Provide estimated impacts for all threats and hazards of concern in relation to the 31 core capabilities.

Being responsive to this requirement is simply a matter of charting out the impacts against the core capabilities and examining the capabilities using the Threats and Hazards. (In other word, assess capabilities based on threat.) The toolbox includes a chart that is pretty hard to work with. You can build a  matrix that includes all of the capabilities charted against the highest threats and hazards to be responsive to this requirement.

4. Provide capability targets for all 31 core capabilities.

The desired outcomes should explain what the jurisdiction wants to achieve for each core capability. This will need to include setting targets levels for each core capability. This is not a numerical rating, this is a narrative description of what your jurisdiction will need to be able to accomplish based on your estimation of threats and hazards.  Establish the level of capability that you believe that you need to achieve based on the threats and hazards identified.

5. Provide an affirmation that their submittal is in alignment with CPG 201.

The only thing missing at this point is that you need to "apply the results."  You should use the results to update your Homeland Security Strategy and to drive spending decisions. Look at your gaps based on your desired vs. your current capabilities.  Analyze how close you are to having the capabilities needed to address the threat and hazards that you have identified.

You should make this a part of your annual grant lifecycle as the THIRA must be used to support Investment Justifications. If an Investment Justification is not linked to THIRA results, projects may not be funded. And, you should use this process to measure improvements in capabilities over time, something that is a critical factor in grant programs.



Comments

Post a Comment

Popular posts from this blog

What is an EOC information management system?

Image
What is an Emergency Operations Center (EOC) information management system?  With all of the talk about the use of Social Media in Emergency Management  and the use of new technologies for "Situational Awareness" and a "Common Operating Picture" it is important to remember the basics.  After all, EOC management is all about information and resource management. So I thought I would share a summary of EOC information management issues that we recently prepared. The EOC needs an effective information management system to work. INFORMATION MANAGEMENT PROBLEMS DURING A DISASTER The following problems are often seen at all EOC levels: Activation takes place after the fact resulting in a “catch up” process. Lack of good and complete information at the beginning. Possible loss or degraded communications capability. Possible loss or late arrival of key, trained staff. Often a shortfall of resources available to meet demands. Lack of inter-agency coordinati
Read more

It's Baaack! Bill to limit number of UASIs (Updated)

Image
Updated 4-21-11 Once again, there are efforts afoot to limit the number of Urban Area Security Initiative (UASI) cities.  However, this legislative maneuvering may be moot.  A combination of less funding and a new risk formula may result in less UASIs without legislative action.  Read on for a full explanation. UASI program funds address the unique planning, organization,  equipment, training, and exercise needs of high-threat, high-density  Urban Areas, and assists them in building an enhanced and  sustainable capacity to prevent, protect against, respond to, and  recover from acts of terrorism. The  proposed legislation, H.R.1555 , was recently introduced by  Rep. Nita Lowey [D-NY18]  as an effort to limit the number of cities and funnel more funding to New York City.  The bill's stated purpose is: "T o amend the Homeland Security Act of 2002 to limit the number of Urban Area Security Initiative grants awarded and to clarify the risk assessment formula to be used when ma
Read more

What is an Emergency Management Consulting Firm?

Image
What is an Emergency Management Consulting Firm ? I am often asked what I do.  When I answer that I am an Emergency Management Consultant , I typically get an odd look (unless I am talking to an Emergency Manager).   I typically explain that we help governments, businesses, communities, and people prepare for disasters.  But emergency management is complex and should involve the whole community.  All Hands, an Emergency Management Consulting Firm Today’s blog is an attempt to answer the question: What is Emergency Management Consulting? Emergency management consulting firms , and emergency management consultants, help clients with their emergency management programs.  Emergency management is defined by the Federal Emergency Management Agency (FEMA) as “The managerial function charged with creating the framework within which communities reduce vulnerability to threats/hazards and cope with disasters.” We describe emergency management as a comprehensive progra
Read more