Tuesday, December 20, 2016

How to Lead in a Crisis

In this borderless world, crisis events escalate within minutes and threaten the most complex companies and organisations. Whether it be an exploding phone, fraud at one of the world’s largest banks, a disaster in an amusement park or an act of international terrorism - high level management preparation, through a Crisis Management Plan, is vital, particularly for CEOs, corporate boards or government administrations. 



If crisis management is to be taken seriously and installed efficiently, it must come from and be part of the people who run the business.  After all, in the end, it is those people who will have to manage the crisis when it reaches its most ferocious point.

The corporate crisis plan has to be part of company good governance and policy and those who are involved in its creation, instalment, and ongoing delivery, need to have their accountability listed in their job description.

A crisis plan must be simple and easy-to-use.  People have less time and less attention span to be confused by long-winded, long-worded, jargon written instructions.  The plan needs common language that simply and easily identifies the goals and objectives, the methods of delivery and implementation, and the ongoing evaluation and continuity.  

Accountability is essential.  Senior management personnel must be given the time and the authority to be accountable for the ownership of this plan.  Once a senior manager is given the responsibility of validating a crisis management plan, he or she should be supported and assisted in the review by a dedicated, professional outside crisis management consultancy.  This should not be a PR or emergency management consultancy but more a provider focused on delivering a strategic process.

A crisis management budget needs to be set and approved.   Some organisations may prefer to link the crisis management budget with the legal or risk management function.  Others may associate it with good corporate governance and build it into the corporate affairs and public policy area.  Some may prefer it to be associated with company secretary or corporate finance. Manufacturing companies may link their crisis management plan with their marketing and product recall function. 

The crisis management plan must be capable of application at every office, branch, site, and location.  Just as Head Office has a role to play in managing corporate and business crises, so do divisional offices, branches, plants, and major sites in managing the same responsibility on the spot.  When a crisis happens, it must be handled quickly where it happens.  If the location or site is not given the authority to act, valuable time will be lost and ultimately the control and the agenda may move to another negative party.

Every crisis plan needs to have a maintenance process.   It must be acceptable to internal auditors, outside auditors, senior management and endorsed by the Board of Directors. 

Education of team members and support groups needs to be an ongoing process.  Once the Team Leader and core team members have been familiarised with their roles and responsibilities, it is necessary to test and review these functions regularly.  Most teams are tested at least one or two times a year with either a desk-top exercise or full-scale simulation. 

Every crisis team at every location will rely enormously on resources.  Control room facilities such as whiteboards, IT connections and telephones, are all part of the resource kit.  

At RCA, our professionals are recognised experts at installing, developing, and maintaining corporate crisis management teams. We are routinely asked to provide counsel on escalating issues and crises. 

Sunday, October 9, 2016

Debriefing after Real Crises. The Best Learning

Financial disaster, major accident, cyber attack, massive recall. No simulation or crisis management exercise can ever replace the real thing.  When a real crisis occurs, most aspects of the crisis management plan would be applied, but there will be many more critical issues and intricacies which will appear. 



It goes without saying that the strategy behind a solid crisis management plan is to protect the company’s operations and reputation by providing a secure response.  But the identification of gaps in the response plan can be best discovered after a review of a real crisis situation.

A crisis simulation or exercise concludes with an evaluation and critique where responses are examined and roles and responsibilities reviewed.  The aim of these crisis exercises is to improve the effectiveness of the teams in managing a crisis, at the same time as reviewing the crisis manual and the various human and technical resources that assist the process.

A real event, aside from its serious consequences, can offer greater learnings, particularly related to the complex issues of communication, interactiveness and stress.

Any post-crisis evaluation must be done relatively quickly after the event.  The real value of what has happened, and how crisis teams responded, can be only be learnt while memories are alert to the central issues of the response. 

The purpose of the post-crisis evaluation is not to investigate the cause of the incident nor items such as emergency response, product recall action or security performance, but more how the crisis management team performed in its role.  Was the crisis identified effectively?  Was the team called out efficiently?  Could the team respond immediately and was the response effective?

Post-crisis evaluation is about managing and controlling the corporate issues related to the future of the business.  The following items need to be addressed in the audit:

1.      A narrative of the actual event.  What happened, why and how and what caused the event?

2.      How was the response managed by the crisis management team?  How did the response relate to incident and operational response procedures?  What was the decision making process based on?

3.     Were human and technical resources adequate?  Where did they fail and how could they have been improved?

4.      Is the organisation still at threat from the problem or similar problems?

5.      What were the unintended consequences that came out of the original incident?

6.      Were there any barriers to communication?

7.      Were all stakeholders advised effectively?  If not, what were the problems?

8.      Was there sufficient co-operation with outside agencies (emergency services, government, etc.)?

9.      Were the plan, manual and procedures useful?  Where could they be improved?

10.    Were human resource issues and employee communication handled efficiently?

11.    Were there any barriers to crisis response from senior management?

12.    Were legal issues dealt with efficiently? 

13.    Was the spokesperson’s role effective?  Were messages continual and consistent?

14.    How was business continuity and recovery managed?  What were the problems?

15.   What has been put in place in the short term and the long term to prevent this crisis from happening again?

This post-evaluation needs to be carried out by either outside consultants or a senior management team and preferably not by the crisis management team.  It is designed to improve operations, decision making, plans, skills and to ensure the crisis management team has done its job effectively.  

The post-evaluation team needs to interview the crisis management team, management executives, employees and external personnel/contractors involved in the crisis response.   

A post-evaluation project is no easy task.  While it has to be done as soon as possible after the crisis has occurred, it needs time for investigation, review and context. The project team needs the support of the Chief Executive and senior management, and commitment has to be given to ensure that the learnings from across the business can be incorporated in the overall crisis managing planning process.  This process ensures continual improvement and further development of a best practice response.  

The learnings of the post-crisis evaluation of a real event should be made available for training and response reference to the crisis management team.                           


Wednesday, June 15, 2016

DEADLY SHOOTING VULNERABILITY

It is human nature to avoid the worst case scenario. so it comes as a painful shock when we are confronted by the real world that includes random elements of activity seemly devoid of social concern, motivated by fear, insecurity and often characterised by cruelty and violence. 



The tragic Orlando shooting with 49 deaths and many critically injured is the worst case scenario. And clearly asks us the question "Is our work place, favourite cinema, nightclub or sporting ground safe?".
The fact is it may not be but globally there is a higher than ever law enforcement and security watch in place than ever before. Importantly it is not just the tactical response to these events that is vital. behind every emergency and incident response there must be a strategic crisis response that provides an orderly and efficient transition from normal to emergency conditions and leaves those in charge free to manage the strategic specifics of an escalating incident.

Organisations that know what to do, who is going to do it and in what sequence are more effective when a crisis happens. This whole process begins with a clear identification of security, threats and vulnerabilities. Some of the possible threats identified in a recent counter-terrorist vulnerability analysis were:
  • Airport attack
  • Armed intrusion
  • Arson
  • Biological attack
  • Bomb explosion
  • Chemical weapons
  • Contamination
  • Extortion
  • Hijacking
  • Hostage taking
  • Industrial espionage
  • International terrorist attack
  • Kidnapping
  • Murder
  • Nuclear attack
  • Sabotage
  • Utilities attack
Identifying vulnerabilities involves analysing who will be affected, how they will be affected and what will be needed in response.  Once threats are anticipated, crisis, incident and emergency teams can rehearse appropriate scenarios for managing the situation. 
Such plans need to include procedures for alternative evacuation in the case of chemical spills or attacks, for communicating with both employees and the community, and for interfacing with external emergency services.

As with any crisis, the key elements in an organisation’s defence strategy against terrorism are prevention and control. While we don’t often hear about such tactics, there are numerous cases of law enforcement agencies pre-empting acts of terrorism. 
To control serious effects of terrorist attacks, training the general public, employees and communities to be alert to possible attacks is a fundamental requirement. In cities such as Jerusalem, where terrorist attacks are all too frequent, people go about their daily lives with a naturally heightened awareness. Many have learnt from experience, but most have been trained to be the eyes and ears of the security and law enforcement agencies, on the lookout for unusual circumstances.




Wednesday, March 2, 2016

Stakeholder Control in a Crisis

When a crisis team meets in the first 90 minutes of managing a critical incident, one of the essential priority actions has to be identifying key stakeholders. There is no doubt that a stakeholder checklist can be prepared by crisis managers before an event happens but many of these stakeholders can only be identified on the day.

This proactivity is about getting ahead of your key audience agendas.  It doesn’t take long to call and tell a politician, a senior police officer, a journalist, a regulator, a stockbroker, a banker or indeed your own executive and managers about your emerging problem and how you are dealing with it.  They become a credible source in understanding and communicating your response. It’s not a time to bury your head in the sand and say nothing.  The bunker mentality may feel good for a few hours but it’s the fastest way to lose the high ground and encourage the rumour mill.

The court of public opinion wants to know what happened from you and social media plays a large part in early news transmission. Very quickly they will form opinions as to whether you are guilty or not guilty.  If your stakeholders understand that you are on top of the situation making every effort to fix it, they will be an asset to your response.

Commercial Union, one of Britain’s largest insurance companies, had their offices blown apart in London in the 1990s as a result of a terrorist bombing.  Much of the incident and emergency management was handled by the London Metropolitan Police in a very efficient manner, however the company played its part in dealing with a large group of audiences of its stakeholders.  The CEO and crisis Team Leader showed strong leadership and split the business management team into two, one to deal with the day-to-day running of the business and the other to deal with the crisis.  


This explosion killed three people and injured 30.   Four hundred tons of glass and debris were spread across the street and the city of London was brought to a virtual standstill.   The Commercial Union premises were totally inoperable.  The management team went straight to their crisis plan which outlined management teams and established priorities. 

As part of their damage limitation, assessment and action planning, they were quickly able to audit their employees to identify injured personnel and make contact with families.  They had procedures for effective liaison with emergency services. 

Plans were in place to make their building safe and secure, particularly related to the company's information and communication capability. 

All meetings were documented as were all discussions.  They moved immediately into recovery mode to restore communication links and it wasn’t long before they had established alternative premises and replacement of their main switchboard and computer information facilities. They established a temporary communications centre while they were moving into their new building and they were able to follow a plan of where to go, what to do and who does it.

In terms of communication, they made themselves available and distributed information to their staff, the public, media, customers, shareholders, brokers and the insurance industry.  Commercial Union particularly honed in on immediate and longer term plans for staff to encourage morale, goodwill and enthusiasm.

Admittedly, Commercial Union were the victims of a terrorist bomb that blew up outside their 23-storey building.  They certainly had the support and understanding of the British population behind them.  However, regardless of this support, they had to ensure company, corporate and brand survival at the same time as showing that they were able to manage the situation.  They ensured continuity of operations and control of the situation.