Risk Management or Disaster Denial?
April 19, 2017
All businesses face risks and vulnerabilities, and not every risk can be eliminated. While some risks can be mitigated, disasters and crises will happen. Establishing a clear crisis management plan with identified leadership and authority will position an organization to manage a crisis effectively.
Ignoring potential risks, hoping they go away, or assuming “That will never happen here” is disaster denial, and it is dangerous to your business, your employees, your customers, vendors, partners and community.
In most organizations, crisis impacts emanate from facilities, the workforce, information technology, brand and reputation disaster and crisis events.
In a crisis, the initial actions taken and the words said greatly influence the overall impact on the organization. Regardless of whether the event was planned for or not, most crisis decisions follow a common approach.
Every organization then, needs to:
- Establish a formal crisis management program structure in advance to evaluate threats and impacts;
- Create an intelligence network – including the analysis of traditional and new media – to monitor developing events;
- Establish and test a critical decision structure;
- Develop the appropriate crisis response strategies and crisis communications for known likely events that be leveraged in an unplanned crisis.
In the majority of organizations analyzed, Firestorm has consistently found five common failures in a disaster or crisis.
The failure to:
1. Control critical supply chains: It is important to identify the internal and external dependencies of critical services or products.
2. Train employees for work and home: Firestorm has found that across most companies, 95% of employees do not have a plan at home. If employees do not have a clear strategy for their families, an emergency or disaster can force them to choose between family and work. Family will always trump work.
3. Identify and monitor all threats and risks: Knowing the threats an organization will face enables it to manage the results and respond to those threats. Firestorm’s process identifies the potential threats, both natural and man-made.
4. Conduct exercises and update plans: Training converts written plans into actionable ones. By test exercising plans and their procedures, the problems or weaknesses identified will stimulate appropriate changes.
5. Develop a crisis communications plan: Effective communication is a crucial element in emergency/crisis management and should assume a central role in disaster preparedness. Proper communication establishes confidence in the ability of an organization to deal with a crisis and to bring about a satisfactory conclusion.
In a crisis, identify what you know, not what you think. Establish what you are concerned about. Create an actionable plan. Monitor events and media. Adjust strategy and plan continuously based upon fact
Communication in a crisis falls into three categories: coordination, crisis and compliance.
Where communication is needed, speak directly to stakeholders – not through the media. Your organization knows how to reach employees, customers, vendors and others directly.
Last, ask: “What will my management team do when confronted with a crisis?”
Traditionally, organizations focus on external risks and address them with business continuity plans. Many more business crises however, are due to management’s failure to act quickly to an internal crisis or risk, or too ignore it completely. Think Takata.
These risks are much more likely to negatively impact an organization’s people, profits and reputation, and leadership is far more likely to make unprepared statements and take unplanned action that creates greater crisis chaos.
As a best practice, it is important for anyone in a crisis to slow the flow of events down to a manageable level. The always present adrenaline in a crisis causes people to react far too quickly. Mistakes are always made. It is so important, in any crisis, to stop and take the time to truly appraise the situation.
That is the beginning of healthy risk management, not disaster denial.