The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Articles   /  Is there a right approach to deal with crisis management?

Is there a right approach to deal with crisis management?

Bear in mind the three Cs: contain, command and control.
Contain the situation to determine what has happened, and where.
• Set up or identify a chain of Command. Who needs to know about the situation? Who can help?
• Apply Control; confirm when the crisis happened, or started, or began escalating.

When these factors are clarified, a better indication of what the situation requires, will appear. As alarming, dangerous or unsettling as the incident may appear, the focus of the organisation should be on the impact of what has happened, rather than on the incident itself. Why? Because what has happened, has already happened; it cannot be undone. The organisation should be proactive, and gear up for mitigation or prevention. This is when crisis management preparation kicks in. With crisis management, you don’t wait for things to happen. You need to move quickly and concertedly – which is why management has to cultivate anticipation of what could happen.

Prevention and action are key, and must be supported by communication. It is imperative to keep people informed of what is happening. This is also to avoid speculation, which could damage the firm’s reputation even before the full facts of the incident are established. Besides, when you keep communication going, it reassures stakeholders that you are in control of the situation, and that despite difficulties, you are doing everything within your means to address it. You should be transparent about what you are doing at all times, and communicating clearly, concisely and in a timely manner is one of the best ways to do it. Transparency indicates good governance, and good governance is always a great brand builder.

Companies should also be aware of how their data is managed, and the laws which regulate its storage, transport and application, mainly because data breaches are one of the most common harbingers of crisis. It indicates that a company’s data is accessible to parties that have no right to it; loss of confidentiality makes stakeholders uncomfortable, and confidence in the organisation dwindles. Crisis management extends to physical equipment as well, as the physical location of these or their improper management can sometimes cause them damage, thereby impairing the ability of the firm to manage the situation. For example, if the diesel generators of a factory are not maintained and kept fuelled at all times, they will not be of much use in the event of a power outage.

Together with managing the company’s data and physical assets, the workforce needs to be managed in tandem. Companies, i.e. the HR department, must be conversant with the prevailing health and safety requirements, and keep abreast of the contractual terms of the expatriates they hire, at all times. Outbreaks of disease, rioting and natural disasters may be factors warranting evacuation of foreign staff as stipulated by their contracts. If the company fails to do so, it may be making itself vulnerable to lawsuits. Be prepared with alternative physical sites, in the same way that non-physical company assets, like data, are stored and can be accessed in the event the regular place of business cannot be operational for any length of time.

With so many factors to consider, how could managers come to grips with what needs to be managed in a crisis? The starting point is identifying risks confronting the organisation; then identify what the responses to these risks should be, and assess the organisation’s risk response readiness. Identifying and assessing these risks means measuring them – and what can be measured, can be managed. But measuring and managing are extensive jobs which take time and resources, which is why recognising the need for them and putting in the checks and balances which will enable the appropriate mitigation measures to operate in the event of a crisis, should begin from the outset. Recognising this need is the start of risk management.

It is also the starting point for the development of a risk culture and the realisation of the crucial role that risk management plays in the enterprise. While effective risk management is primarily people-based (because it takes humans to realise that things can go wrong, and identify what these are to begin with), companies need to be vigilant regarding their physical environments as well, including supporting and complying with robust regulatory requirements – and must be seen to be doing so. Before declaring themselves “best brand” winners, firms have to ensure that they have addressed their threats and that there are mitigation measures in place, should the unthinkable happen.

Crisis management is crucial to the sustainability of the firm, as is risk management. In best practice terms, there is a crying need to develop a risk management culture. Employees at all levels must be aware that threats exist to the business, and it is their responsibility – and within their power – to contain it. It is crucial to move from a culture of apathy to one of being aware of the challenges facing the firm at any point in its existence. People need to be aware of what to do at the moment of crisis because managing this risk is integral to the life of the firm, and their continued employment.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password