Have you considered?
- Do you always conduct a formal crisis management performance review?
- Do you include ‘Lessons Learnt’ into Improvement Action Plans and use them to inform your risk management programs?
- Would you crisis management program stand up to external scrutiny in the event of a significant crisis that triggers external review or investigation?
Has COVID Taught Us the Importance of Crisis Management?
The COVID 19 situation will undoubtedly trigger more Crisis Management Teams across the Globe than any other situation in a generation or more. The survival of many companies and organisations will largely depend on how they managed the crisis. Unfortunately, though nearly all corporations declare the importance of Crisis Management, few live up to the ‘billing’ they give it. Crisis Management is time-consuming, takes intellectual engagement, takes up resources and does not immediately drive the bottom line – time and resource spent on Crisis Management could be better spent on driving revenue.
Where corporations and organisations engage with Crisis Management, the function is often ‘stovepiped’ being delegated by senior management to say the Security Team. In this way, Crisis Management activities such as planning, training and testing are driven bottom-up with substantive challenges getting the business engaged and fulfilling their accountabilities. Crisis Management thus becomes a ‘break glass’ capability rather than an essential core business activity. Getting the Board and Executive Committee meaningful engagement can be one of the most difficult tasks for Security or Crisis Management function. Where senior management does engage, they can become fixated crisis scenario, data loss for instance.
The COVID 19 situation will hopefully trigger a sea change in attitudes towards meaningful Crisis Management endeavours. Even the best crisis management Teams will have lessons to learn and will seek improvements. Many companies will require a root and branch review and re-build. In either case, the start point will be the conduct of a Crisis Management Performance Review. The review will need to be conducted through a critical lens and natural inclinations to sugarcoat or paper over cracks should be avoided at all costs.
Questions for Crisis Management Performance Review
The four questions that stakeholders should ask is a good place to start:
- What did the company do to foresee the crisis?
- What did the company do to prevent or reduce the impact of the crisis?
- How did the company respond and manage the crisis?
- How quickly and effectively recover from the crisis?
A review could be split into 4 parts following a version of the Crisis Management Cycle:
- Potential Crisis Identification (Internal and External), Analysis & Assessment
- Crisis Intelligence & Horizon Scanning
- Information and Intelligence Sharing and Communication
- Vulnerability Identification
- Impact Assessment
- Risk Management Programs
- Crisis Management Policy
- Crisis Planning
- Crisis Communication Planning
- Assigned Accountabilities
- Ways of Working
- Crisis Management Improvement Action Plan
- Provision of Resources
- Crisis Leadership
- Crisis Management Activation
- Crisis Team Member Performance
- Immediate Response
- Decision Making
- Crisis Co-ordination
- Impact Monitoring & Measuring
- Decision/Action Effects Monitoring
- Crisis Communication (Internal/External)
- Record Keeping
- Recovery Goals
- Recovery Plans
- Recovery Resources
- Recovery Accountabilities
- Recovery Communications (Internal/External)
The review process should be initiated and led by the Crisis Owner, in the case of a strategic crisis such as COVID 19 this would normally be the company CEO or organisational head. A review panel should be established and consist of the Crisis Management Team. The panel should be moderated by an individual with requisite knowledge of crisis management who was not directly involved in the Crisis Management in question and who preferably sits outside of the chain of command to enable objectivity and impartiality.
The output of the review should be a formal report identifying ‘Strength, Weakness, Opportunities and Threats; further granularity can be achieved by including a scoring system to define the extent/degree of the Weakness, Strength, Opportunity and Threat which should lead to the production of a Crisis Management Improvement Plan.