Your SlideShare is downloading. ×
SAMPLE NOTES © LSPR RISK AND CRISIS MANAGEMENT INTRODUCTION
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SAMPLE NOTES © LSPR RISK AND CRISIS MANAGEMENT INTRODUCTION

584
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
584
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SAMPLE NOTES © LSPR RISK AND CRISIS MANAGEMENT INTRODUCTION Our daily lives and business operations are filled with risk. On a personal level we take risks cross- ing the road, travelling by train and making investment decisions. From a business perspective, risk is managed at many levels - operational, marketing, legal and financial. Traditionally, much risk inherent in a business operation has been managed through insurance. However, managing risk in this way is not a strategic approach to protect your corporation from negative publicity or a damaged reputation. Insurance only insulates you against potential legal challenges or financial loss after an event, and does not take into full account the potential long-term reputation damage. Risk can no longer be managed on an ad hoc basis, but should be sewn into the fabric of corpo- rate management. Without a clear understanding of the risk it faces, a corporation cannot make the correct strategic choices to maximise performance. People make risk decisions at all levels in an organization, ranging from individual responsibilities to collective decisions made at Board level. Remember Nick Leeson, who lost Baring’s Bank $1.3 billion on trading derivatives, destroying Barings and its reputation within a short period of time. Al- lowing individuals too much autonomy within an organisation can have disastrous consequences. Consequently, compliance and adherence to regulations is important to all risk management pro- grammes, which in turn have focused organisations on corporate governance as a form of man- agement control. Risk analysis helps put in place checks and procedures that reduce the chance of negative outcomes. As corporations come under increasing legal challenges from a wide range of stakeholders, every opportunity should be taken to reduce the impact that legal cases can have and the potentially high profile media attention that they often can attract. Risk for many corporations has also been heightened by the consequences of globalisation. Mul- tinational enterprises (MNEs), such as those operating in second and third world countries are at risk from potential charges of exploitation of local communities and the natural resources that they consume. Moreover, MNEs must increasingly communicate to suppliers and distributors how they treat their employees and their record on human rights. Risk and reputation are linked; negative outcomes can quickly affect the bottom-line: profit. In order to protect reputations the scope of risk analysis has broadened way beyond just financial concerns and now encompasses individual misconduct, and overall corporate misconduct. In the wake of Enron, WorldCom, Tyco, Arthur Anderson, and other high profile corporate scandals, im- plementing risk management programmes has become a priority for reputation managers. Central to tackling corporate risk is the need to develop a strong risk culture and the recognition of the degree to which an organisation will tolerate certain risks. What is risk? Risk means different things to different people. At its simplest, risk can be considered as uncer- tainty of outcomes, based on probabilities. Any mathematician will inform you about probability, the concept that gives a mathematical measure of risk. The focus of risk management is on potential adverse outcomes, which can lead to a crisis. Risk = uncertainty (or probability) x impact
  • 2. Any analysis of most web sites that deal with risk management suggests that many aspects of risk are currently driven by qualitative rather than quantitative analysis, yet it is quantitative risk analy- sis that produces the most useful predictions. Globally, outside the insurance and banking sectors, risk management has not developed a common framework by which it can be evaluated. Two fundamental types of risk can be identified. • Pre-entry risk involves analysing the risk of entering new markets or areas and having the necessary contingency plans ready just in case things do not work out. • The second type of risk is ongoing risk or issues management, in which a corporation identifies and manages an issue. In this context, an issue is any potentially troublesome topic that is emerging within an industry, which may be an increasing focal point for the na- tional and trade media, but has not yet gained great attention from the public. It is when an issue gains significant momentum, especially via the popular press, that issues can quickly become crises for certain companies. The main categories of risk include: 1.Operational 2.Strategic 3.Marketing 4.Brand reputation 5.Financial 6.Intellectual Property 7.Technology and e-business 8.Human or personal 9.Price or market 10.Legislative 11.Supply-chain 12.Information-security 13.Mergers and acquisitions 14.Event-based: political, terrorism, weather What is risk management? Risk management is the systematic ongoing process by which an organisation identifies, priori- tizes and implements programmes to reduce the chance of negative outcomes on a business. The process can be divided into a series of actions: 1.The identification and cataloguing of risk 2.The quantification (assessment) and prioritization of the risks identified 3.The development of programmes and actions to tackle risks: this can involve contingen- cy plans and/or the outsourcing of risks to a third party. Risk tolerance boundaries should be established. 4.Continuous evaluation of risks and the monitoring of existing programmes for effective- ness. Also the analysis of new data in the assessment of risk.
  • 3. Risk Audits: Risk reputation management should start with some kind of risk audit. Such audits should be car- ried out every quarter (depending on the associated risks), but at least twice a year is reasonable. The process of identifying risk requires risk managers and officers to interview key personnel and use SWOT analysis on areas that present the most exposure. It is important that audits examine both internal and external risks and the implications of outsourcing the risk management function. Risk audits are made much easier if management encourage a culture of risk reporting and ac- countability. For example, is a system in place that encourages employees to report back any risk concerns they may have about the company? Also important in developing a risk culture is the de- gree of risk tolerance accepted for any given situation. Once a risk audit is completed, it is impor- tant to present a summary of results to key employees in order to seek their reaction and input. Sending executives and those in responsible positions on media training courses is a useful in- vestment that helps militate against further risks caused by employees making insensitive or unfor- tunate remarks on TV or radio. Psychology of risk assessment: protecting against irrational decision making Social influence and conformity cannot be ignored when considering risk evaluation. During corpo- rate meetings, individual executives can easily be influenced into complying with decisions that the rest of the board may agree upon, even if they have some reservations about the outcome. With- out proper data or analysis of risk, such diffusion of responsibility and conformity to the majority can result in “group think” within the organisation, with all its implications if the resultant decisions are incorrect. Such blind conformity and poor judgement based on innumeracy can be significantly reduced by the correct presentation of risk data. As a result, risk management insulates and protects corporations from irrational decision making, either by key individuals or by the board. Since the 1950s, psychologists have realised the power of peer influence and “group think” on decision making. Most people are of the opinion that they are independent minded and would not be influenced by the decision or opinions of others, but research suggests otherwise. Many studies have demonstrated the affect of majority influence. In majority influence, a group of individuals tend to have a convergence of judgement when present- ed with data, thereby yielding to group pressure or expectations. For example, a group of executives might meet to discuss which new software system should be purchased to sort out problems within the existing customer relationship management systems. One senior executive, with an extensive background in IT, is convinced that of the three options presented, B will be the most effective in solving the problems. The other executives have equally evaluated the options and most agree that A is both the most cost effective and has the best track record. However, given that the executive who prefers option B has a significant background in IT, they all keep quiet and agree with his recommendation. What issues have raised the importance of proper risk management? Failure by employees or their deliberate disregard for regulations can result in corporations getting into serious trouble. Indeed, most of the recent corporate scandals were caused by failure of key personnel and senior executives to comply with regulations and the law. With corporations under the microscope for continuing failure to comply with basic regulations, the issue of corporate gov- ernance has been much hyped in the media.
  • 4. What are the consequences of not managing risk? 1.Injuries or fatalities 2.Financial loss and damage to share price 3.Long-term reputation damage 4.Product or service boycott 5.Problems with activists or NGOs 6.Imposition of harsh regulation and laws 7.Legal payouts Ways of minimising the effects of uncertainty • Implementing risk audits • Encouraging all employees in understanding risk • Use of probability assessments • Understanding the difference between relative risk, propensities and frequency • Use of decision tress • Use of sensitivity analysis Problems with communicating risk Another major concern associated with risk management is its communication, or rather its mis- communication to key stakeholders. In part, this has been caused by corporate inability to ad- equately explain risk, but more importantly, the general public’s innumeracy. Depending on your perspective, public innumeracy is either a good or bad thing. For example, the notion of relative risk, (which is often used when communicating data from medical trials), is commonly misunder- stood. In order to understand the concept of relative risk, people must first understand absolute risk reduction. It is important to communicate risk as simply and as transparently as possible in order to avoid serious misunderstanding. However, as NGOs have been pointing out for years, corporations often mislead with their statistics regarding risk and potential outcomes. Equally, NGOs can also manipulate data for their own ends. Because the general public is fundamentally innumerate, com- municating risk via conditional probability, relative risk or propensities is easy to do in a manner that is correct, yet presented in such as way as to be potentially misleading. Even losses can be presented as gains, and pressure groups can enhance fears about certain drugs, or food additives by communicating data as relative risk. When attempting to communicate risk, some basic rules should be applied, starting with the source of risk. If the source of risk evaluation is not trusted, then all efforts can be compromised and rumours can damage the credibility of the communications effort. Sectors, such as pharma- ceutical, environmental, construction, transport, and medical can benefit from third party risk as- sessment evaluation, but this ironically carries its own risk. The Risk of Corporate Rumours Managing rumour is one of the toughest jobs facing reputation and PR managers. Rumours carry a considerable risk value. Three general types of rumour are recognised: commercial, contamina- tion, and conspiracy. Commercial rumours refer to unverified rumours about specific brands or corporations. For example, Procter and Gamble (P&G) and McDonald’s have both been victims of rumour campaigns. P&G was supposed to have satanic links because its man in-the-moon logo was thought to be a symbol of the devil! In addition, various other aspects of the logo showed the
  • 5. figures 666 when held up against a mirror. The rumours spread rapidly in the Midwest and South- ern parts of America, forcing P&G to alter its logo. Similarly, McDonald’s was accused of using red worms in their burgers in the late 1970s, and as a result, their sales fell by over 30% (Tybout et al, 1985). More recently, Coca-Cola sales have suf- fered in the Middle East as a rumour has been circulating since 2000 that claims that if you view the logo in the mirror (or upside down) it appears to read in Arabic as an anti-Islamic phrase. Coke was so concerned by this that they sought help from a senior Egyptian mufti, Sheikh Nasr Farid Wassel. He warned that such rumours could put thousands of Coca-Cola employees in Egypt out of work. Conspiracy rumours refer to undesirable corporate policy supposedly held by a corporation e.g. corporations or CEOs with leanings to extreme political parties or outlawed associations. Contamination rumours often affect fast-moving consumer goods, such as children’s products, drinks or food. Packaging has improved considerably since the 1980s and following on from nu- merous blackmail attempts by criminals trying to either discredit a corporation (often a disgruntled ex-employee) or someone trying to extract money. Other examples of rumours are those that propagate on the Internet. Harry Potter books had a false claim that underlying messages within the book caused children to become Satanists. Anoth- er claim was underarm deodorants that had anti-perspirants increased the risk of cancer. Other mad Internet rumours included toxic children’s crayons and yellow sponges made by Procter and Gamble contained Agent Orange, which would slowly kill you as you washed up! Even banana sales dropped by $30 million when rumours started to spread about a flesh eating bug all of which goes to prove the cost and damage false rumours can cause to a product, irre- spective of how its reputation has been in the past. Controlling rumours: the dynamics Ignoring rumours has its own associated risk, but equally tackling a rumour can draw more atten- tion to it! But what are the factors that influence a rumour, its impact, speed of travel and its reach within a population? The Internet and wireless technology now enable rumours to spread with incredible speed, across many different countries. The characteristics that make a rumour strong depend on a number of interrelated factors. The original research carried out on rumours and their transmission dates back to 1948 and the work of Allport and Postman who studied war time rumours. Their work produced a basic law of rumour: R = I x A, where R is reach, intensity and duration of a rumour; I is the importance of the rumour to the receiver, if true; and A refers to the level of ambiguity or uncertainty surrounding the rumour. If one recognises that importance and ambiguity are driving forces in the reach of a rumour, it al- lows you the opportunity to prioritise what needs to be done to reduce that importance and ambi- guity. Those corporations whose credibility is already weak will suffer more from rumours as stakehold- ers may have been partly conditioned to expect negative news about the company. Corporations with structured reputation management programmes should be able to squash a rumour quickly, especially if they correct false information and reduce ambiguity. Other factors that help in the transmission of a rumour include its believability, originality and associated fear.
  • 6. A note of caution In 2001, a book by Bjorn Lomborg, The Skeptical Environmentalist, produced a storm of criticism from scientists and environmentalists, resulting in high profile exchanges between the author and scientists/environmentalists in both the Economist and Scientific American. The publication challenged widely held beliefs about the continuing destruction and decline of the global environment. Lomborg, an associate professor at the University of Aarhus, Denmark, was openly critical of how scientists and NGOs had selectively presented data to reinforce the notion that most aspects of the environment are getting worse. He accused the media of propagating many of these negative reports because the news system sells best on negative and controversial news. For example, Lomborg challenged the reports regarding genetically modified foods (GM). Lomborg referred to reports that implicated GM foods with the decline of Monarch butterflies, showing in various cases that GM was only the “hook” for an alarming story, but the reality was that it was unrelated to the main issue. Corporations, such as Monsanto have suffered consid- erable negative publicity as a result of such reports and their often misleading representation in journals and the popular press. Even the language (Frankenstein Foods) that surrounds GM foods is inflammatory, yet few people understand the implications, let alone the potential benefits. However, corporations such as Monsanto are somewhat culpable through their inability to com- municate risk effectively. Greenpeace ran a much more effective communications program during Monsanto’s 1998 UK advertising campaign, catalysing the growth of the organic food industry. Risk and Value-led Organisations Many corporations routinely conduct a sensitivity analysis (often referred to as what if analysis?) in which certain assumptions that underpin a defined strategy are challenged, thereby helping to analyse the potential risks. Other traditional methods of analysing risk outcomes include economic added value (EVA), net present value (NPV), internal rate of return (IRR) and total shareholder return (TSR). However, since the 1980s, traditional financial analyses have been much criticised owing to their limitations and their inability to evaluate market risk. Various corporations, such as Cadbury Schweppes, Reuters, Coca-Cola and Lufthansa all adopt- ed a consolidated approach to business, which is less scale driven and based more on managing for value (MFV). Managing for value required corporations to question what contribution a certain brand is making to the overall financial performance of the company. Performance could then be measured by total shareholder returns (TSRs). Managing for value has helped corporations such as Cadbury Schweppes develop projects such as Cadbury LAND, which have proved to be a suc- cess. Furthermore, MFV also helped focus on strategic needs, thereby helping to reduce risks for shareholders. Corporations must also take into account the feasibility of a project in the time allocated, the re- sources available, and whether the core competences to deliver the project are available. Interdependence Risk In order to make your corporations more resilient to the potential of business discontinuity it is importance to realize the interdependence of risk, especially within a complex business network environment. Too often risk management is done in isolation, with little risk analysis sharing or strategic planning between departments. In order to recognise interdependencies, corporations
  • 7. should map out their stakeholder relationships, paying particular attention to the vulnerability of the supply-chain, communications, technological and public infrastructure. A recent article in the business magazine Strategy+Business highlights a series of key questions that can be asked in order to help diagnose a corporation’s enterprise resilience and its crisis prep- aration. Some of the more important questions raised include: 1. Are interdependencies understood and interdependent risks identified? 2. How good is the corporation’s situational awareness? 3. Are the complexities of the extended enterprise and key earnings drivers across it transparent? The article goes on to explain that current risk management practices have not kept up with the gradual shift from centralized to networked organisations. It points out that many corporations’ risk management programmes fail to account for interdependencies across vertical and horizontal operations, which result in them underestimating both the spectrum and severity of risk. ISSUE MANAGEMENT Describe earlier as a form of ongoing risk, the term issue management was coined by Howard Chase in 1976. The concept is really a form of ongoing risk assessment. An issue arises when some form of gap exists or develops between a corporation’s policies/actions and stakeholder expectations. For example, genetically modified food was an emerging issue ten years ago as the technology and research gathered momentum. When the real potential for commercial exploitation became a reality, the issue started to develop rapidly. Then, in the early 1990s a GM cheese prod- uct became available alongside GM tomato puree and activists and the media started to alarm the public. What is an Issue? An issue is a potentially troublesome topic that is emerging within a business sector, which may become a future focal point for the media, but may not have caught the attention of the general public. Every issue has specific triggers, which if fired, can accelerate the pace of the issue, ma- turing it quickly in its lifecycle. Therefore, if accelerated, an issue can quickly become a full blown crisis. Issues can either be broad-based or very specific. A broad-based issue may affect an industry or sector, such as utilities, publishing, education, or farming. Many such issues are managed through alliances or trade bodies that lobby the government or other key groups in order to influ- ence change. Specific issues, such as security at a chemical plant or the supply-chain manage- ment for a manufacturer need as much detail to attention as more broad-based issues, but pose potentially the most risk. Irrespective or the depth or breadth of an issue, if it is not correctly managed and monitored, it can quickly develop into a crisis. The principle is analogous to preventative medicine. Those people that go to their doctors on a regular basis aged over 40 years of age, stand a much better chance of been screened for classic medical problems, such as heart disease, breast and colon cancer or hypertension. As most people are aware, many cancers detected at an early stage of development are treatable and curable. In exactly the same way, issues that are managed are crises hopefully prevented.
  • 8. What are the implications for failing to identify and monitor an issue? Long-term damage to reputa- tion is a high risk outcome, plus rumours and the dissemination of false information, and ultimately, a crisis or disaster. BOX Some issues for the milk industry in the UK 1. Bovine Somatotrophin (BST) or growth hormone in milk 2. Mycobacterium Para tuberculosis - transmission of tuberculosis in milk 3. Poor heat treatment – potential for spoilage 4. Foreign objects in milk – filtration process 5. Contamination seals – prevent tampering 6. Chemical contamination of milk during processing 7. Correct labelling 8. Source of milk – the auditing of farms and cattle 9. Dealing with activists – PETA 10. Health issues – extent of fat in full cream milk 11. Distribution of milk – ensuring temperature in kept low 12. Storage of milk 13. Bacteria in milk and alleged link with certain diseases 14. Milk and antibodies What is Issue Management? Issue management is a management function that involves corporations committing to long-term, two-way dialogue with stakeholders in order to balance expectations and manage potential con- flict. In effect, it helps close perception and attitude gaps. The first issue management process model was produced by Chase in 1977 and consisted of five key steps: 1. Issue identification 2. Issue analysis 3. Issue change strategy options 4. Issue action programme 5. Evaluation of results Although all of the above steps are important, identification is the most critical, as without proper identification of what factors may impact and disrupt a business corporations cannot strategically alter their behaviour and policies. It requires a complex analysis of stakeholders and the recogni- tion that corporations need to look beyond those that are consumers or suppliers. Developing a dialogue with these groups and anticipating what might be their reactions can then be integrated in communications and corporate strategies. Furthermore, issue management also allows you to identify the resources that you need to muster in order to tackle the issue correctly.
  • 9. As part of strategy and planning, issue management involves: 1. Monitoring events and market research in order to identify potential triggers and public attitude changes 2. Monitoring the internet and discussion groups – intelligence gathering 3. Monitoring all relevant anti-corporate activists on a daily basis 4. Educating the market 5. Community relations 6. Media management – gaining media support and third-party advocacy 7. Monitoring change, especially technological change (such as CRM systems) 8. Monitoring the lifecycle of issues 9. Integrating on and offline communications Examples of badly managed issues BSE GM Food Some characteristics of badly managed issues are: 1. Poor leadership and management vision 2. Inability (or incompetence) to fully appreciate the potential for damage 3. Short-term thinking 4. Poor identification and understanding of stakeholders’ reactions 5. Issue is too complicated or multi-dimensional for management to handle 6. Poor organisational systems and knowledge management 7. Weak risk culture 8. Reactive and defensive responses to problems 9. Inflexible management policies that produce one-way communications 10. Unwillingness to engage media and stakeholders for dialogue 11. Spin and manipulation of data 12. Outsourcing the responsibility 13. Putting saving measures in place without analysis of outcome In the case of the BSE crisis, the UK government failed alongside the farming community to fore- see the problems associated with intensive farming techniques, which were the primary cause of the BSE outbreak. The government and its scientists were guilty of poor risk communication and according to the BSE Inquiry, Lord Phillips suggested that a false impression was conveyed that BSE posed no risk to humans. Since the BSE crisis, over 70 victims of the new variant CJD disease have been identified in the UK. Furthermore, the report also commented on the issue of how slaughterhouses often failed to remove key parts from the carcass of cattle, thereby allowing infected animals to enter the food chain.
  • 10. Activists – a real threat to corporations Activists and NGOs have emerged since the 1980s in large numbers and pose a growing threat to the corporate perception and reputation of many at risk organisations. The scope and numbers of corporations at risk is vast, but the following are some of the most vulnerable: 1. Corporations that have an environmental impact 2. Those with a history of unfair treatment on their employees or with poor working conditions 3. Those organisations that overtly put profit before other social and environmental concerns 4. Corporations involved with animal research or any form of animal management 5. Multinational enterprises that invest their assets in funds that are deemed unethical Monitoring and understanding activists’ objectives requires a dedicated and sincere understanding of NGO mentality. Understanding the “mind-set” requires getting to know the enemy and engaging in long-term dialogue. In the UK, a worrying and extreme example of activist’s impact is Huntington Life Sciences (HLS). Huntington has been fire fighting activists for many years and in 2001 its share price nearly col- lapsed. Investment bank such as HSBC, Citibank have severed financial links with Huntington, in view of the negative associations. Employees at HLS have been attacked and intimidated, with some activists adopting a “zero-tolerance“toward board members. Huntington Life Sciences is significant not just because of the pressure and success of the activists, but also because of the precedence its sets for how activists engage corporations and their stakeholders. However, the overwhelming majority of NGOs are peaceful open organisations that simply seek to draw attention to either a single-issue cause or a wider range of issues. A key role for PR and reputation managers is to encourage more business-NGO partnerships, such as those developed by BP, Shell and Unilever, thereby helping to legitimize such organisations activities. Unilever (www.unilever.com) is an example of an organisation that has formed links with NGOs, such as the World Wildlife Fund (WWF) and the Marine Stewardship Council (MSC) to encourage suppli- ers to source fish from sustainable fisheries. CRISIS AND DISASTER MANAGEMENT What is a crisis? The Institute of Crisis Management in the USA defines a crisis as follows: “..a significant business disruption which stimulates extensive new media coverage. The result- ing public scrutiny will affect the organisation’s normal operations and also could have a political, legal, financial and governmental impact on the business.”
  • 11. Defining a crisis is also dependent on one’s perception of the situation and the degree to which it can impact your organisation. What might be viewed as a minor problem for one organisation could spell disaster for another. Five basic categories of crisis can be recognised: 1. Human error 2. Mechanical failure 3. Management decisions/indecision 4. Technology failure 5. Acts of God Crisis examples include: Distillers - Thalidomide Perrier - Benzene J&J - Tylenol British Midland - Kegworth Shell - Brent Spar Concord - July 2000 crash Most crisis situations are known to corporations and their managers before they become public knowledge, but occasionally, a crisis situation can emerge from out of the blue, caused by natural disaster or circumstances that could not be easily predicted by management, such as fires or the death of a key employee. Such crisis situations are much more stressful because the public often have as much knowledge as the corporations e.g. the loss of a passenger aircraft. Business Continuity Management Post September 11th, corporations must take the threat of international terrorism seriously, espe- cially those that involve large numbers of the public. Business continuity planning or management is now rapidly developing, especially in the US. Failure to demonstrate the ability to recover capa- bility is becoming a mandatory requirement for certain businesses. Failure to comply could result in serious fines or legal action. During the September 11th attack, companies such as Morgan Stanley were able to recovery control quickly over their operations and disperse work in order to keep operational. Increasingly, corporations following on from September 11th are realising that it is not a good idea to concentrate all their employees or activities in one central place and are now dispersing resources and operations to prevent a single point of failure. The terms crisis management and crisis communication are often used interchangeably. Strictly speaking crisis management is a process by which a crisis management team (CMT) actively deal with the reality of situation on an hourly basis, whereas crisis communication, which is a part of crisis management, tackles the media and communicates to key stakeholders, thereby managing the perception of the situation. However, it is also quite sensible to argue that to separate the two issues is illogical, as it is im- perative to integrate all corporate messages in a crisis and ensure that communications is the one cohesive part of any plan.
  • 12. Preparation and Crisis Planning The process of preparing for a potential crisis is absolutely critical for the sake of your reputation. Without any form of planning, a crisis, especially a sudden event, will have a much more damag- ing impact on a corporation’s credibility, particularly when inadequate contingency planning is demonstrated. The basic steps include: 1. Risk assessment – auditing – see section on risk management 2. What procedures are in place to manage the risk if it becomes a crisis? 3. Do you have the necessary resources to handle a crisis? 4. Have you conducted a stakeholder analysis and anticipated those groups who will be most impacted? 5. Is information available to employees and other key people (suppliers etc) in the event of a crisis? How can technology help? 6. Have you conducted crisis simulations? 7. Have you identified and tested your crisis management team? 8. Have you identified and media trained your spokespeople? 9. Are staff and other key stakeholders aware of the contingency plans? 10. Is communication protocol agreed? Bringing in outsiders Many companies bring in outsiders to test their vulnerability to a crisis situation. Investigative jour- nalists, specialist lawyers and PR specialists can be hired to help stage hypothetical situations and monitor how a crisis team performs. Such simulations expose weakness within systems and are a useful way to push staff to their limits. Other corporations employ hackers to probe into the weak- ness of their IT systems, exploiting a “criminal mindset” so as to maximise vulnerability exposure. Characteristics of good crisis management 1. Demonstration of decisive corrective action 2. Speedy and accurate communications 3. Ability to admit mistakes 4. Full appreciation of the needs of all stakeholders 5. Clear recovery strategy 6. Consistent corporate messages What are the key steps that should be taken when a crisis hits? Probably the most important single thing to do when a crisis hits is to marshal as many facts and details about the situation as quickly as possible. Separating fact from fantasy or rumour is critical to managing the rest of your campaign.
  • 13. Assemble Your Crisis Team All good crisis management planning and communicating is dependent on a crisis management team (CMT). The team should ideally be kept small and the members should be totally familiar with their respective responsibilities. Depending on the crisis, the industry sector and nature of the situations, CMTs will vary in their structure. However, in general CMTs could be made up of the following: 1. Team manager - in charge of coordinating the team 2. Media “gatekeeper” - all information flows in/out through this person 3. A spokesperson - acts as official media spokesperson 4. PR advisor - deals with and advises on how to handle media 5. Legal advisor - advises on all potential legal implications 6. Media monitor - monitors and tracks media opinion during crisis 7. Operations manager - key person for operational decision making 8. Finance and admin - helps in the deploying of resources and admin 9. Other key employees - product, technical, HR specialists The rationale behind the crisis management team is to help in decision-making during a crisis and assist with communications of required messages and operational response. Those selected should be psychologically able to function under great pressure and should be trained together on a regular basis. Under pressure, employees will fall back on their training and this is an essential part of crisis preparation. What resources should a CMT require? Once again, this depends on the size of the organisation and the severity of the crisis. However, the following list would be useful to all CMTs: 1. A CMT communications centre or crisis HQ equipped with TV, radio, internet, tele- phones, faxes etc 2. A mobile crisis box – complete with torches, first aid, mobiles, cameras, etc 3. A media list and resources (media directories etc) 4. Access to employee and executive details and contact numbers, plus biographies 5. Relevant administrative supplies 6. The ability to establish a helpline that can take the volume of potential calls and an Internet site that is regularly up-dated. Some companies create dormant crisis web sites that can be quickly activated in the event of a crisis. This saves valuable time which can be deployed elsewhere Handling the Crisis What key steps should be taken in order to mitigate a crisis situation? The following order of events will differ depending on circumstances, but they represent the principal logical sequence that crisis teams could follow.
  • 14. STAGE 1: Assemble the crisis team 1. Brainstorm the situation and establish facts and details 2. Identify and agree exactly what is at stake 3. Agree communication objectives and a strategy to achieve them 4. Identify and prioritize stakeholder groups 5. Agree on messages and channels of communication 6. Access the legal situation 7. If required, develop a holding or media statement It is important to remember that with evolving crisis situations, management must be prepared to act quickly and adjust strategy if required. STAGE 2: Internal Communications 1. Ensure that all employees and other impacted stakeholders are aware of the situation before media get to them 2. Ensure that employees know roughly what to say if asked for comments STAGE 3: Release a media statement 1. Release holding or general media statement that explains the facts as you understand them, what is being done i.e. factory shut down, employee suspended, products being withdrawn etc 2. It is important that the source of information is authoritative 3. Ensure that any statement released is also available on a crisis or contingency site STAGE 4: Enter into crisis communications and monitor the situation 1. Engage in communications with stakeholders and the media 2. This stage could involved crisis release up-dates; press conferences etc 3. Stay on message 4. Monitor all information coming in and reassess the strategy 5. Monitor the media response and evaluate spokespeople STAGE 5: Consolidate and continue to monitor progress and response 1. Keep on-message and maintain links with media, informing them about changes and operational improvements etc 2. Continue personal communication with key stakeholders, providing up-to-date progress reports 3. Continue to monitor opinions and conduct attitude surveys as well as market research/ intelligence gathering. STAGE 6: Post crisis: recovery and opportunity 1. Evaluate the effectiveness and efficiency of the crisis team and outcomes 2. Understand lessons learned 3. Analyse media opinion and public perceptions and opinion 4. Prepare a final report for key stakeholders: both internal and external 5. Maintain contact with stakeholders, try to cement relationships e.g. site visit etc 6. Prepare case studies and educate all employees 7. Put into operation lessons learned and assimilate into contingency planning and simulations
  • 15. Disaster Management What is the difference between a crisis and a disaster? The simple answer to this question is prob- ably the extent of human tragedy involved i.e. the total loss of life and the level of disruption that has occurred. Disasters fall into three basic categories: 1. Human events 2. Technological events 3. Natural events For example, natural events can be further sub-divided as follows: 1. Avalanches 2. Flooding 3. Fire 4. Earthquakes 5. Cyclones 6. Hurricanes 7. Tornadoes 8. Diseases 9. Wind damage 10. Drought 11. Volcanic eruptions 12. Severe weather conditions With the threat from international terrorism highlighted since September 11th, many businesses have had to seriously examine their disaster planning and contingency management systems. When a serious loss of life is involved, the same principles as described for crisis management are involved, except the stakes and resources that need to be focused are much higher. When an airline suffers the loss of a commercial aircraft, hundreds of lives are lost and the emergency re- sponse team and their training become critical. Dealing with large scale emergencies and disaster management is beyond the scope of this chapter but useful resources include: www.continuityplanner.com www.globalcontinuity.com Business Continuity Magazine: www.kablenet.com/bc Conclusion Since the early 1980s, too much emphasis has been placed on crisis management training and far too little on addressing risk analysis and issue management. Although it is absolutely critical to have a crisis plan and employees trained in crisis and disaster management, prevention is always better than cure. As insurance premiums keep rising and the threats from external forces become ever greater, over the last decade, corporations have started to become more aware of the need to critically examine their risk exposure and determine tolerable limits. Catalysts for this change include rising premi- ums, regulations forcing organisations to access their risk (e.g. fire risk) and increased litigation against corporations. But the ultimate aim for risk analysis and issue management is that it provide a corporation with an excellent base for helping to steer and shape its own reputation.
  • 16. Training courses abound in crisis and business interruption management, but courses in risk analysis and issue management lag way behind, both in numbers and sophistication. But reputa- tion managers must understand risk and the potential implications of failing to tackle it. Because they are more abstract and complex risk and issues are sometimes brushed over by corporations or outsourced, which incurs a risk in its own right. Encouraging a more proactive focus by managing risk and issues, corporations stand a much bet- ter chance of entering into more meaningful relations with stakeholders, including those whom are impacted, dependent or intractable. Risk evaluation acts as a counterbalance against risk situations and therefore provides a powerful reputation management tool. Crisis management cannot be divorced from risk and issue management. It builds on the knowl- edge trapped within the system during risk assessment and any crisis, sudden or evolving , relies heavily on the training and simulations given to the crisis management team and their individual skills. Given the 24-hour and instance media response that is now so evident, key personnel should be media trained and appropriately picked for their media acceptability. EXERCISE AND DISCUSSION POINT On which issues should your organization be focused and how will you manage these? In addition, think up a crisis scenario and then simulate this as much as possible with your employees. Analyse how they react and identify strengths and weaknesses.