Businesses are often so intent on operations that crisis management may never even enter the conversation at Board or senior management level. Yet, crisis management is exactly what is required in the event of disruptions. Even the least of this, if not appropriately managed, could rapidly escalate to disastrous proportions and jeopardise the whole organisation – which is why crisis management, together with business continuity and disaster recovery, has long been regarded as one of the pillars of Business Continuity Management. Crisis management is critical to the business, and its importance has increased in the light of the volatile, unpredictable, uncertain environments and market conditions that businesses must operate in today.
What constitutes a crisis, in today’s business environment? It can be anything, from natural disasters, acts of terrorism, civil war, strikes, changes in government, to a plane crash, a new disease, defective products that could cause injury, or just generally disgruntled employees who decide to leak confidential documents. Crisis management is essentially how the organisation responds to any crisis event and steps taken to prevent damage to the organisation’s brand. It is a complex process that requires extensive planning and the ability to anticipate the unimaginable.
Perhaps the irony of crisis management is that strategies, plans, processes, systems and frameworks need to be in place, in the hope that the crisis never happens, but crisis management is imperative to organisations because of the negative consequences that arise from events that are not appropriately handled. Poor handling of an event like a factory fire, or flash flooding that damages equipment and disrupts business can cast the organisation in a negative light, and erode shareholder confidence in its management. The quintessential purpose of crisis management is to limit the damage to the organisation’s brand. It does this by anticipating the kind of crises the business will face; determining how it will respond; and how post-crisis issues will be dealt with.
But what does crisis management actually entail? In the event of an incident that could possibly escalate into a crisis, the first concern should be for human life. If this does not apply (as, perhaps, in the hacking of the company’s systems and theft of its data) then the focus will shift towards managing the situation and the communications. Central to crisis management is being prepared, and that cannot happen if an organisation does not know where its own weaknesses lie. Any organisation intending to develop its own crisis management plans must understand its vulnerabilities and deploy the resources necessary to address the shortfall preferably before the incident hits, and not in its wake.
While many aspects of crisis management can be covered by box-ticking and complying with codes, rules and regulations, there are some which will always be peculiar to the organisation which is practising it – mainly because no two organisations are alike, even if they are operating in the same industry. Every company will have different assets and talents; and their employees will have different skill sets, regardless of their training. There will also be different organisational cultures to deal with, so there can be no one-size-fits-all solution when it comes to crisis management. But companies can start by realising the necessity of having a comprehensive crisis management strategy and plan.
There are essentially three parts to crisis management, the pre-crisis stage, the actual response to the crisis, and what needs to be done when the it has been managed. Firstly, the organisation needs to set a clear policy and the Board and senior management need to work out the strategy for the firm, taking into account as many aspects and scenarios as they possibly can, to develop a comprehensive one. The pre-crisis stage is where the checks and balances are inserted, the problem areas identified, and the resources allocated. This is where the entire crisis management plan is created, and should include the identification and allocation of responsibilities, and the appropriate staff training.
When the prevention and preparation of the pre-crisis stage has been developed, the firm should test these under simulated crisis-response conditions, to see if systems and response mechanisms are up to scratch. The post-crisis phase is just as important. Once the crisis has passed, everyone involved needs to know that the threat has been averted or the damage has been sufficiently mitigated, and that they can go back to their usual routines as the disruption has been dealt with. The post-crisis stage is important for another reason: feedback, monitoring and improvement of the systems and processes. What ties all stages of crisis management together is communication.
From the realisation of the need for appropriate crisis management, to the development of the crisis management plan and the subsequent raising of awareness throughout the organisation, the right message about crises and how to manage them has to be communicated. Crises affect everyone in an organisation; it is therefore everyone’s responsibility to know what to do when one occurs. Nobody knows how, where or when an incident will happen, or what form it will take. What they can do, is to anticipate its occurrence, and prepare themselves according to the resources and institutional knowledge of their organisation.