Business Bites: Risk in business
Figure 1. Types of crisis (source: Crisis management, www.wallstreetmojo.com)
In April’s ‘A risky business’ article, we learnt how risk can be identified, classified and managed. In this month’s Business Bites, we extend our understanding of the topic by looking at effective crisis management…
As a manager and/or leader, you must manage risk every day. But what happens when that risk becomes a crisis – and how do you manage it?
No matter how well you plan for risk and its management, there will sometimes be instances of an unforeseen crisis. The most obvious crisis in recent years was the Covid-19 pandemic, and you will no doubt have experienced its wide-ranging impacts. Many measures were taken to manage this crisis – some effectively, some less so.
What do we mean by ‘crisis’?
As seen in Figure 1, taken from Aswathi Jayachandran’s ‘Crisis management’ article for Wall Street Mojo, there are many forms of crisis:
• Natural crises like earthquakes, tsunamis, etc
• Technological, such as machine malfunctions and failures due to technology. Some common technological setbacks include internet issues, program malfunctions, and password mistakes
• They may be internal. Employee conflict arises when employees disagree with one another and start fighting. The crisis results from boycotts, long periods of strikes, disagreements, etc
• External crises such as violence, theft, and terrorism
• Illegal actions, including bribes, fraud, data or information tampering, etc, create organisational crises
• Financial crises
Why is crisis management important?
The goals of crisis management are to avoid damaging the business’s reputation while restoring stability and ‘business as usual’. And to reduce irreversible damage while quickly getting the business back to normal operation.
Recognising a crisis is the first step toward resolving it. The focus should be on the people and communication.
In his article, ‘Crisis communication as part of resilience planning’, David Stewart advises that communication as part of a response is a crucial element of organisational resilience – along with the other elements such as identification of risk, plans to mitigate risk, business continuity and recovery.
Stewart says crisis management is about structure, command, and control:
• Ask yourself these questions: who is in charge?; who is doing what?; what needs to happen?
• Develop a proactive mindset. Consider: what are the uncertainties affecting the individual or the business? What can be done to influence them?
• Create a crisis management plan
What is a crisis management plan?
Essentially it is a plan describing how the business will respond in a situation involving a crisis. The main crux of this strategic plan is about individuals and their responsibilities, who will do what, how and when. “A good crisis management plan ensures everyone is clear about their responsibilities and knows who to report to,” Stewart explains. “The plan should take organisations through the first few hours of a crisis, from meeting agendas to urgent tasks.”
Crisis management planning should aim to control and limit damage to the business and return it to normal activities as soon as possible. Every business should be prepared for any adverse situation all the time, even when there are no indications that one may be looming.
Your crisis management plan will look like a checklist. There is a useful article available on Asana that helps you to write your plan.
The Asana outline identifies the following areas for your plan:
1. A risk analysis will physically outline the potential risks your company may face and put them in order of probability. Including risk management in your emergency response plan is helpful because new leaders can refer to it if management shifts.
2. An activation protocol determines when action should be taken if a crisis occurs. For example, you may decide that your team members should hold off on taking action until a crisis reaches a certain level of business impact. Once that business impact occurs, it triggers the crisis management team to respond.
3. Include the main emergency contact information to speed up the response process for crises that require external help. Your emergency contact list may include local plumbing services, electricians, poison control, and any other services related to the risks you’ve identified in your analysis.
4. While an activation protocol defines exactly when your crisis response team should respond to a crisis, response procedures outline the action plans for each person when triggered. Use a roles and responsibilities matrix, also known as a RACI chart, to clarify the decision-making positions in your crisis response plan.
5. When a crisis occurs, your internal operations may not be the only things impacted. If a crisis is widespread enough, you may need to explain the situation to key external stakeholders and the public. Your external crisis communication strategy should include details about who will deliver the information as well as who’s in charge of handling feedback.
6. A post-crisis assessment reminds your team to follow up and assess what went well and what didn’t. You can then update your crisis plan with lessons learned to improve your response procedures and reduce business impact.