Risk Management or Disaster Denial?Posted by Jim Satterfield on April 19, 2017
All businesses face risks and vulnerabilities, and not every risk can be eliminated. While some risks can be mitigated, disasters and crises will happen. Establishing a clear crisis management plan with identified leadership and authority will position an organization to manage a crisis effectively.
Ignoring potential risks, hoping they go away, or assuming “That will never happen here” is disaster denial, and it is dangerous to your business, your employees, your customers, vendors, partners and community.
In most organizations, crisis impacts emanate from facilities, the workforce, information technology, brand and reputation disaster and crisis events.
In a crisis, the initial actions taken and the words said greatly influence the overall impact on the organization. Regardless of whether the event was planned for or not, most crisis decisions follow a common approach.
Every organization then, needs to:
- Establish a formal crisis management program structure in advance to evaluate threats and impacts;
- Create an intelligence network – including the analysis of traditional and new media – to monitor developing events;
- Establish and test a critical decision structure;
- Develop the appropriate crisis response strategies and crisis communications for known likely events that be leveraged in an unplanned crisis.
In the majority of organizations analyzed, Firestorm has consistently found five common failures in a disaster or crisis.
The failure to:
- Control critical supply chains: It is important to identify the internal and external dependencies of critical services or products.
- Train employees for work and home: Firestorm has found that across most companies, 95% of employees do not have a plan at home. If employees do not have a clear strategy for their families, an emergency or disaster can force them to choose between family and work. Family will always trump work.
- Identify and monitor all threats and risks: Knowing the threats an organization will face enables it to manage the results and respond to those threats. Firestorm’s process identifies the potential threats, both natural and man-made.
- Conduct exercises and update plans: Training converts written plans into actionable ones. By test exercising plans and their procedures, the problems or weaknesses identified will stimulate appropriate changes.
- Develop a crisis communications plan: Effective communication is a crucial element in emergency/crisis management and should assume a central role in disaster preparedness. Proper communication establishes confidence in the ability of an organization to deal with a crisis and to bring about a satisfactory conclusion.
In a crisis, identify what you know, not what you think. Establish what you are concerned about. Create an actionable plan. Monitor events and media. Adjust strategy and plan continuously based upon fact
Communication in a crisis falls into three categories: coordination, crisis and compliance.
Where communication is needed, speak directly to stakeholders – not through the media. Your organization knows how to reach employees, customers, vendors and others directly.
Last, ask: “What will my management team do when confronted with a crisis?”
Traditionally, organizations focus on external risks and address them with business continuity plans. Many more business crises however, are due to management’s failure to act quickly to an internal crisis or risk, or too ignore it completely. Think Takata.
These risks are much more likely to negatively impact an organization’s people, profits and reputation, and leadership is far more likely to make unprepared statements and take unplanned action that creates greater crisis chaos.
As a best practice, it is important for anyone in a crisis to slow the flow of events down to a manageable level. The always present adrenaline in a crisis causes people to react far too quickly. Mistakes are always made. It is so important, in any crisis, to stop and take the time to truly appraise the situation.
That is the beginning of healthy risk management, not disaster denial.
About Jim Satterfield
Jim Satterfield is the CEO, President and a Co-founder of Firestorm®.
Jim is also a nationally recognized expert, keynote speaker and author on crisis management, threat assessment, disaster preparedness and business continuity planning. He is a dynamic, humorous and compelling public speaker and receives exceptionally high praise from his audiences.
Jim also has experience as President, CEO and COO of various public and private companies in business continuity, communications, crisis management, environmental, insurance, reinsurance, risk management and technology, and has led in the development of national standards for risk management, environmental risk and environmental due diligence. He has spoken to hundreds of groups on risk management, crisis management, governance, disaster planning and preparedness.
Firestorm® is America’s Crisis Coach® Since 2005, Firestorm has assisted clients in transforming crisis into value. The Firestorm Predict.Plan.Perform.® methodology combines best-practice consulting with proven crisis management expertise, empowering clients to manage risk and crisis.
Firestorm assesses, audits, develops, trains and tests strategies and programs encompassing emergency response, business continuity, crisis management, and crisis communications/PR. Firestorm demonstrates thought leadership in workplace violence prevention, cyber-breach response, communicable illness/pandemic planning, predictive intelligence, and every preparedness initiative.
Firestorm has worked with hundreds of businesses, organizations and schools to keep tens of thousands of employees, customers and students safer. Firestorm provided crisis management and crisis communications services to Virginia Tech after the shootings, and more recently to Littleton, CO, Roswell, NM and Jefferson County School District in Colorado (location of Columbine) among others.