|
Robert Baksa, & Murray Turoff. (2010). The current state of continuous auditing and emergency management's valuable contribution. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Continuous Auditing systems require that human judgment be formalized and automated, which can be a complex, costly and computationally intensive endeavor. However, Continuous Auditing systems have similarities with Emergency Management and Response systems, which integrate Continuous Auditing's detection and alerting functions with the tracking of decisions and decision options for the situations that could be more effectively handled by human judgment. Emergency Management and Response systems could be an effective prototype to help overcome some of the implementation obstacles that are impeding Continuous Auditing systems' implementation rate. Continuous Auditing has the potential to transform the existing audit paradigm from periodic reviews of a few accounting transactions to a continuous review of all transactions, which thereby could vastly strengthen an organization's risk management and business processes. Although Continuous Auditing implementations are occurring, their adoption is slower than expected. With the goal of providing an empirical and methodological foundation for future Continuous Auditing systems and possibly inspiring additional investigation into merging the Continuous Auditing and Emergency Management streams of research, this paper provides several definitions of Continuous Auditing, suggests possible architectures for these systems, lists some common implementation challenges and highlights a few examples of how Emergency Management research could potentially overcome them.
|
|
|
Victor A. Bañuls, Murray Turoff, & Joaquin Lopez. (2010). Clustering scenarios using cross-impact analysis. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Scenarios are frequently used in Emergency Planning and Preparedness. These scenarios are developed based on the hypothesis of occurrence or not of significant events. This is a complex process because of the interrelations between events. This fact, along with the uncertainty about the occurrence or non-occurrence of the events, makes the scenario generation process a challenging issue for emergency managers. In this work a new step-by-step model for clustering scenarios via cross-impact is proposed. The authors. proposal adds tools for detecting critical events and graphical representation to the previous scenario-generation methods based on Cross-Impact Analysis. Moreover, it allows working with large sets of events without using great computational infrastructures. These contributions are expected to be useful for supporting the analysis of critical events and risk assessment tasks in Emergency Planning and Preparedness. Operational issues and practical implications of the model are discussed by means of an example.
|
|
|
Nitesh Bharosa, Sebastiaan Meijer, Marijn Janssen, & Fritjof Brave. (2010). Are we prepared? Experiences from developing dashboards for disaster preparation. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Relief agency managers show growing interest in dashboards for assessing multi-agency disaster preparedness. Yet, there is a dearth of research on the development and use of dashboards for disaster preparation. Consequently, information system architects in the disaster management domain have little guidance in developing dashboards. Here, dashboards refer to digitalized visualizations of performance indicators. In this paper, we discuss the experiences gained from an action research project on the development of dashboards for assessing disaster preparedness. The objective of this paper is to discuss experiences and tradeoffs extracted from the development of dashboards in practice. We organized a two-day gaming-simulation with relief agency managers for the evaluation of the dashboards. While the relief agency managers acknowledged the usefulness of dashboards in the disaster preparation process and expressed their intention to use these in practice, they suggested that the formulation and clustering of performance indicators requires further research.
|
|
|
Björn Bjurling. (2010). Contracts for resources in crisis management. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Today, crisis management relies to an extent on the provisioning of required resources from third-party providers. The crisis management capability is thus dependent on the adherence to, and the consistency of, a set of contracts for resource provisions. We aim at formalizing contingency plans as sets of contracts and developing a computational model for assessing whether the contracts for resource provisioning yield an adequate crisis management capability, with respect to resource provisioning. This paper outlines ongoing research on how to enable an analysis of contingency plans with respect to resource provisioning using the contractual formalism under development. We outline the important issues and illustrate with an example how contracts can be used for resource sharing.
|
|
|
Arthur H. Hendela, Murray Turoff, & Starr Roxanne Hiltz. (2010). Cross impact security analysis using the HACKING Game. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Security of network assets is a high priority with little traditional return on investment. Increasingly, cyber attacks are being used by both terrorist and unfriendly government organizations. The HACKING Game, a Cross Impact Analysis planning tool, can be used to plan security resource allocation in computer networks. Cross Impact Analysis provides a mathematical basis to determine the interrelationships of one event with a set of other events. Output from the HACKING Game's Cross Impact Analysis model can be used to help justify security expenditures, with an added benefit of being a training tool for employees learning to protect networks. This paper presents details of the Hacking Game's design and its capabilities. Cross impact modeling can be used to develop games for any situation characterized by a set of offense and defense events to produce an individual or collaborative model for such things as natural and man-made disasters.
|
|
|
Josune Hernantes, Jose M. Torres, Ana Laugé, Jose Mari Sarriegi, Iztok Starc, Eva Zupancic, et al. (2010). Using GMB methodology on a large crisis model. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Mitigating, detecting, evaluating, responding and recovering from crises are highly complex tasks that involve many decision makers (agents). As a consequence using collaborative methods that allow the cooperation among these agents during the crisis management strategy and procedures design is of significant importance. Group Model Building (GMB) is a robust collaborative methodology that has been successfully used for modelling several complex socio-technical problems, where different agents may have diverse perspectives or interests in the problem under analysis. Through the development of a series of exercises, GMB allows the integration of these initially fragmented perspectives. Modellers translate the knowledge elicited from experts during GMB workshops into simulation models that reproduce the behaviour of the problem. This paper presents the use and adaptation of the GMB methodology in a research project about large pan European crises due to outages in the electricity sector.
|
|
|
Geoffrey Hoare, Mary Beth Russell, Aaron Kite-Powell, & Rick France. (2010). Developing H1N1 hospital surge dashboard indicators: A demonstration. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Developing key state-wide indicators of Florida's health care system's public health capacity during the H1N1 Pandemic has been challenging. This demonstration outlines work to develop a key indicator of patient surge caused by the H1N1 outbreak. Further work to calibrate this measure and relate it to surge in other health care organizations is outlined.
|
|
|
Susanne Jul. (2010). You get what you plan for. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: This paper seeks to illustrate a few simple but common mistakes in exercise planning through a case study, in the hopes that readers may improve their use of exercises as a research and development tool.
|
|
|
Jennifer Mathieu, Mark Pfaff, Gary L. Klein, Jill L. Drury, Michael Geodecke, John James, et al. (2010). Tactical robust decision-making methodology: Effect of disease spread model fidelity on option awareness. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: We demonstrate a method of validating the utility of simpler, more agile models for supporting tactical robust decision making. The key is a focus on the decision space rather than the situation space in decision making under deep uncertainty. Whereas the situation space is characterized by facts about the operational environment, the decision space is characterized by a comparison of the options for action. To visualize the range of options available, we can use computer models to generate the distribution of plausible consequences for each decision option. If we can avoid needless detail in these models, we can save computational time and enable more tactical decision-making, which will in turn contribute to more efficient Information Technology systems. We show how simpler low fidelity, low precision models can be proved to be sufficient to support the decision maker. This is a pioneering application of exploratory modeling to address the human-computer integration requirements of tactical robust decision making.
|
|
|
Robin E. Mays. (2010). A planning approach to humanitarian logistics. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: In humanitarian events, logistics is traditionally considered at time of crisis, and at the tail-end of a project design with little to no strategical, logistical forethought applied. Introducing risk assessment and integrating logistics planning with program plans and training to these plans prior to disaster striking offers a more impactful response at time of disaster. This can be introduced in high risk countries through one on one training, simple templates, spreadsheets and standardized processes.a low to no technological, and highly relational method of building capacity and increasing the impact of an organization.s response to beneficiaries.
|
|
|
Annie Searle. (2010). A seat at the table for operational risk. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: What role should operational risk leaders have in the executive suite? This paper argues that, when nervous CEOs ask “What can go wrong? How can we get ahead of the curve?”, they should look to their operational risk leaders. Those leaders oversee corporate and information security as well as business continuity, crisis management and disaster recovery programs inside companies. That makes them ideally qualified to take the process of crisis management, including analysis of aggregate risk across all silos – To the CEO and then into the boardroom when the need arises, before the corporate crisis is full-blown.
|
|
|
Beth Veinott, Gary L. Klein, & Sterling Wiggins. (2010). Evaluating the effectiveness of the PreMortem technique on plan confidence. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: One problem affecting crisis management planning teams is overconfidence- An inflated belief that a plan will be successful. In this paper we compared the effect of several different methods for reducing individual team member confidence levels and compared each to a baseline control condition. One hundred and seventy-eight people participated in one of five conditions to evaluate an H1N1 flu epidemic plan in a university context. Over the course of evaluating the plan, participants provided several ratings of confidence in the plan's success and their understanding. We compared several techniques commonly used, such as critique, Pro/Cons generation, Cons only generation and a newer technique, PreMortem, to a baseline condition. The Pro/Cons generation, Cons only generation and the PreMortem technique all reliably reduced confidence levels more than baseline condition. Furthermore, the Premortem method, imagining that a plan has failed and then generating reasons to explain why, reliably reduced confidence more than each of the other conditions, and therefore can be a useful tool for combating overconfidence in crisis management planning. We discuss the results in the context of sensemaking and decision making theory.
|
|