Part four of Dennis Hamilton’s series on effective crisis management.
Let’s start this discussion by painting a crisis scenario. An event has occurred; your building is partially destroyed; there are several employees dead; many more seriously injured; countless unaccounted for and for those who escaped the carnage, they have scattered in a hundred different directions, getting as far away from the site as possible. The event itself is unimportant at this point in time; whether it be a terrorist attack, bombing by a disgruntled employee, an earthquake or a gas main explosion.
Unfortunately, this is also the moment in time when far too often organizations start on their road to crisis management ‘hell’. Let’s first explore some real life experiences and some of the more common mistakes organizations make:
Immediately a conference bridge is opened; 20, 30 and possibly 60 or more people are invited to join; and of course, several dozen more join-in uninvited. I don’t think I have to explain the upheaval and confusion that will immediately follow; very little will be accomplished and most will wonder ‘why?’.
The person that runs the initial meeting or conference call is the most senior person present, whether it is the president, SVP or a director. While well-intentioned, it is unlikely that he or she has any ‘current’ expertise in crisis management; their title simply gives them the authority. This is not the time to teach or learn a new discipline.
In conference calls or meetings inevitably the people representing the ‘business’ side of life will far outnumber everyone else; thereby influencing the discussion around the business and related business continuity issues; versus the crisis management priorities of life safety and protection of the brand image. Your risk manager should be fuming!
In the absence of coordination and anyone else making decisions, most well-intentioned executives will do so (even when they are not qualified). The real problem is that there will be multiple executives independently making decisions and public statements that will invariably be in conflict. Katrina ring a bell?
Rumours and speculation are quickly established as ‘facts’ in the minds of most and will inevitably result in panic, anxiety and stress; all of which will alter the organization’s focus, as well as drive over-reaction and political interference; all based on the organization’s internally perceived failures and problems.
Negative public and media response to the perceived inaction or questionable actions on the part of the organization actually create a crisis within a crisis; one that could generate as much anxiety and stress as the event itself. Unfortunately, far too much focus will be applied to the ‘CYA’ objective of some senior management; further complicating response and control of the crisis itself.
Clearly the things that could go wrong; including those listed above, can be avoided, but not through wishful thinking or a belief that your organization is unique. These pitfalls can only be avoided if your policies, standards and in-crisis processes prevent them from occurring.
Crisis management is not terribly complex. Perhaps the events and threats you must deal with create complexity, but the Crisis management program itself is based on a foundation of knowledge, skills and experience that you probably already have. Its success is solely based on a clear delineation of roles and responsibilities, as well as the unwavering authority to do what is necessary to mitigate the impact of a crisis.
The Enterprise Structure
Before we get into the specifics of crisis management, I want to present an ‘enterprise’ structure of what crisis preparedness could or should look like in the majority of organizations. I like to refer to this high-level structure as the ‘crisis preparedness program’ (CPP).
A CPP is comprised of four independent and, when required, operationally integrated emergency response functions. Each has a mandate, a role to play, decisions to make and have specific operational owners. These are:
1. Incident response – an incident response plan represents the actions that will be taken in response to specific events (incidents) and are developed, maintained and executed by the operational (utility) group most qualified to do so. These would include plans for; violence-in-the-workplace – the responsibility of human resources; technology virus detection and eradication - the responsibility of information technology; air / water contamination - the responsibility of facilities management; suspicious package - the responsibility of corporate security; bad press - the responsibility of public affairs and building evacuation – the responsibility of safety. This list is actually quite extensive, with the number of plans easily reaching many dozen within a mid-size organization. An ‘incident’ will not necessarily become a ‘crisis’; that decision is made by the crisis response team and dependent on the impact of the event. As an example; receiving a bomb threat is an ‘incident’ and only becomes a crisis if ignited.
2. Business continuity management – business continuity management (BCM) is just what the name implies; plans developed to minimize operational disruption to the business (with a focus on critical business functions). Business continuity management is typically comprised of two response-oriented sets of plans: i) contingency plans which provide an alternate / temporary means of providing key aspects of the service until the full service can be restored and, ii) recovery plans, that provide the methods and processes to return to a full operational status once the business environment has been restored. Responsibility for business continuity management must rest with those most qualified, business leadership and business continuity planners.
3. Technology continuity management – technology continuity management (TCM), often referred to (for some archaic reason) as disaster recovery, again is actually comprised of two response-oriented sets of plans: i) contingency plans which provide alternate technology and computing services and facilities and ii) recovery plans, representing the processes implemented to restore technology based services. Technology continuity management must always be in direct synchronization to business continuity management to ensure the organization’s business priorities are being satisfied. Responsibility for technology continuity management in the organization is information technology and those assigned to the role of technology continuity planners.
4. Crisis management – unlike the previous three crisis preparedness program components, crisis management has multiple roles in situations that are classified as ‘crises’ to an organization. The mandate of crisis management is primarily response and control of a situation that threatens life safety, brand image and other assets of the organization. This also represents the absolute priorities of crisis management and, by far, the number one priority is ‘life safety’, followed by protection of the brand image. Simply put, crisis management must never, not even for a moment, consider an event’s impact on the business until such time as the first two priorities are fully addressed. While general responsibility for direction and development of a crisis management program most often resides with corporate security, the process of response and control is shared amongst the organization’s utility groups.
This alignment of roles and responsibilities provides the framework for the most competent people in their respective area to do the job they are most qualified to do; to use the skills and expertise they possess to make decisions based on information they are provided. Put another way; would you want someone from corporate security deciding when business continuity plans should be activated or someone from human resources interacting with the local police on what actions are required or someone from health & safety driving your technology recovery efforts; of course not, it is simply ensuring the right people are assigned the most appropriate roles.
Back to the topic at hand…
Having provided a general framework for responding to any event or threat, let’s now refocus on crisis management and specifically the crisis management organization.
I believe there are two separate teams within a crisis management organization; each having a specific membership, mandate and in-crisis role. These are:
• A crisis management team (CMT) should be comprised of the most senior executive and all and only his / her direct reports. the crisis management team is the highest level in-crisis decision making authority; after-all making decisions are what they do best. Why should it change just because you are in a state of crisis? The only thing that is different is that, instead of their own direct reports collecting and assessing information and making recommendations for their approval, it will be a crisis response team that will be collecting the facts, performing the assessment and making recommendations for their approval.
• A crisis response team (CRT) should be comprised of a location’s ‘utility’ groups, with a single representative and at least one designated backup from the following; corporate security, safety, employee relations / human resources, corporate affairs and communications, facilities management / real estate, medical services, information technologies and business continuity management. The crisis response team is operationally responsible for all aspects of the organization’s response to a crisis situation and management of that event throughout its duration.
Alignment of role to qualifications
Every action and every decision requires knowledge, experience, skill and a great deal of discipline. Having the wrong persons making life-safety decisions is risk mitigation in reverse! Are you willing to gamble the lives or safety of your employees for the sake of an outdated approach to in-crisis decision making.
Previously I stated that for most organization’s the crisis response team should be comprised of up to eight people representing key ‘utility’ functions. The reasons are very simple;
i) These functional groups collectively are responsible on a day-to-day basis for all emergencies, problems and crises across the organization – they possess the knowledge, skills and experience to manage a crisis – they already know what to do, when and how, should a crisis occur.
ii) They represent every aspect of an organization’s crisis preparedness program. While it will be the crisis response team that determines what in-crisis actions should be taken, it is their individual departments that have what it takes to follow through on those decisions.
iii) Adopting this team structure and membership will ensure that absolutely every key internal and external stakeholder will be provided the in-crisis information they require in a consistent and timely manner.
The CRT is your SWAT Team; they are your first responders; they are the only ones that can do what needs to be done. If they need advice or additional help, let it be the CRT who determines who and when. At some point in a crisis, there may be business, financial or legal issues, but wait until there are before engaging those groups. Do not have anyone on your CRT that is not currently engaged in some aspect of your organization’s crisis preparedness program.
For clarity, I am not saying an organization that is in a state of crisis should ignore the ‘business’; it is most definitely critical, just not a priority of crisis management. It is and should be a priority of business leadership and the business continuity / technology continuity management teams. Your crisis response team, by way of the BCM and TCM members, will ensure business and technology leadership are kept current with the status and actions being taken by the organization.
When we talk about in-crisis decision making, it is equally important to discuss in-crisis roles and responsibilities; decision making and role are often entwined.
Crisis management team – in-crisis responsibilities:
- highest level decision making authority for recommendations and / or alternatives provided by the CRT,
- support the mandate, role and responsibilities of the CRT across the enterprise,
- news media spokesperson / media relations,
- represent organization to families of dead or injured,
- moral support and inspiration for employees,
- deflecting well intentioned political interference away from the CRT,
- interface to board of directors and shareholders,
- interface to collective bargaining units,
- interface to regulatory bodies and agencies,
- address all legal and financial issues and requirements,
- address any liability issues that may arise from an event,
- interface with ‘key’ customers in terms of status and actions being taken.
Crisis response team – in-crisis responsibilities
- take necessary actions at the onset of a crisis,
- collect facts while dispelling rumours and speculation,
- determine if it is an ‘incident’ to be responded to or a ‘crisis’ to be managed,
- continuous situational assessment as the crisis unfolds,
- determine a course of action for all response functions and groups,
- interface to all external authorities,
- coordination of all response actions and plans,
- disseminate accurate and consistent status information,
- only provider of status information to all key stakeholders,
- enterprise-wide response and control of the threat or event,
- communicate, communicate, communicate!
Managing a crisis in some respects is similar to managing any aspect of your business. An organization goes to great extents to ensure it is organized to deliver on its corporate mandate or purpose for being. You put experience, skills and knowledge together to ensure success. In a crisis, it is no different; you must put the right experience, skills and knowledge together in order to make the best in-crisis decision you can.
Your organization has the knowledge, skills and experience necessary to manage a crisis. Make certain that those individuals make-up your crisis response team and they are given the authority, responsibility and tools necessary to ensure crisis management will succeed.
Let them do their job – you will be amazed!
Author: Dennis C. Hamilton, Hon FBCI, is the president of Crisis Response Planning Corporation, an internationally recognized emergency management consulting services company. For over 20 years Dennis has been dedicated to the discipline of crisis management, earning the recognition and reputation as one of North America’s foremost practitioners and advisors to businesses in all primary industries. Dennis can be reached at 416-500-5517 or firstname.lastname@example.org
CRPC Copyright 2010
1) In-crisis decision making: resolving the dilemma
2) In-crisis decision making: the authority to act
3) In-crisis decision making: Communicate or expect the worse
•Date: 12th March 2010 • Region: US/World •Type: Article •Topic: Crisis management
Rate this article or make a comment - click here